1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FR114P
    5. /
  5. 14
Page 66 / 149 Scroll up to view Page 61 - 65
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
5-12
Security
Order of Precedence for Rules
As you define new rules, they are added to the tables in the Rules menu, as shown in
Figure 5-7
:
Figure 5-7.
Rules table with examples
For any traffic attempting to pass through the firewall, the packet information is subjected to the
rules in the order shown in the Rules Table, beginning at the top and proceeding to the default rules
at the bottom. In some cases, the order of precedence of two or more rules may be important in
determining the disposition of a packet. The Move button allows you to relocate a defined rule to a
new position in the table.
Default DMZ Server
Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a
response to one of your local computers or a service for which you have configured an inbound
rule. Instead of discarding this traffic, you can have it forwarded to one computer on your network.
This computer is called the Default DMZ Server.
Page 67 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
Security
5-13
The Default DMZ Server feature is helpful when using some online games and videoconferencing
applications that are incompatible with NAT. The firewall is programmed to recognize some of
these applications and to work properly with them, but there are other applications that may not
function well. In some cases, one local PC can run the application properly if that PC’s IP address
is entered as the Default DMZ Server..
To assign a computer or server to be a Default DMZ server:
1.
Click Default DMZ Server.
2.
Type the IP address for that server.
3.
Click Apply.
Respond to Ping on Internet WAN Port
If you want the firewall to respond to a 'ping' from the Internet, click the ‘Respond to Ping on
Internet WAN Port’ check box. This should only be used as a diagnostic tool, since it allows your
firewall to be discovered. Don't check this box unless you have a specific reason to do so.
Note:
For security, NETGEAR strongly recommends that you avoid using the Default
DMZ Server feature. When a computer is designated as the Default DMZ Server, it loses
much of the protection of the firewall, and is exposed to many exploits from the Internet.
If compromised, the computer can be used to attack your network.
Note:
In this application, the use of the term ‘DMZ’ has become common, although it is
a misnomer. In traditional firewalls, a DMZ is actually a separate physical network port.
A true DMZ port is for connecting servers that require greater access from the outside,
and will therefore be provided with a different level of security by the firewall. A better
term for our application is Exposed Host.
Page 68 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
5-14
Security
Services
Services are functions performed by server computers at the request of client computers. For
example, Web servers serve web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on the Internet sends a request for
service to a server computer, the requested service is identified by a service or port number. This
number appears as the destination port number in the transmitted IP packets. For example, a packet
that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Although the NETGEAR ProSafe Firewall already holds a list of many service port numbers, you
are not limited to these choices. Use the Services menu to add additional services and applications
to the list for use in defining firewall rules. The Services menu shows a list of services that you
have defined, as shown in
Figure 5-8
:
Figure 5-8.
Services menu
Page 69 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
Security
5-15
To define a new service, first you must determine which port number or range of numbers is used
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups of newsgroups. When you have the port number information, go
the the Services menu and click on the Add Custom Service button. The Add Services menu will
appear, as shown in
Figure 5-9
:
Figure 5-9.
Add Custom Service menu
To add a service,
1.
Enter a descriptive name for the service so that you will remember what it is.
2.
Select whether the service uses TCP or UDP as its transport protocol.
If you can’t determine which is used, select both.
3.
Enter the lowest port number used by the service.
4.
Enter the highest port number used by the service.
If the service only uses a single port number, enter the same number in both fields.
5.
Click Apply.
The new service will now appear in the Services menu, and in the Service name selection box in
the Rules menu.
Page 70 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
5-16
Security
Schedule
If you enabled content filtering in the Block Sites menu, or if you defined an outbound rule to use
a schedule, you can set up a schedule for when blocking occurs or when access is restricted. The
firewall allows you to specify when blocking will be enforced by configuring the Schedule tab
shown below:
To block keywords or Internet domains based on a schedule:
1.
Select Every Day or select one or more days.
2.
If you want to limit access completely for the selected days, select All Day.
Otherwise, If you want to limit access during certain times for the selected days, type a Start
Blocking time and an End Blocking time.
Note:
Note: Enter the values as 24-hour time. For example, 10:30 am would be 10 hours and
30 minutes and 10:30 pm would be 22 hours and 30 minutes.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top