Firewall Protection and Content Filtering

4-1

v1.0, September 2007

Chapter 4

Firewall Protection and Content Filtering

This chapter describes how to use the content filtering features of the ProSafe 802.11g Wireless

VPN Firewall to protect your network. These features can be found by clicking on the

Security

heading in the main menu of the browser interface.

Firewall Protection and Content Filtering Overview

The ProSafe 802.11g Wireless VPN Firewall FVG318 provides you with Web content filtering

options, plus browsing activity reporting and instant alerts via e-mail. Parents and network

administrators can establish restricted access policies based on time-of-day, Web addresses and

Web address keywords. You can also block Internet access by applications and services, such as

chat or games.

A firewall is a special category of router that protects one network (the trusted network, such as

your LAN) from another (the untrusted network, such as the Internet), while allowing

communication between the two. A firewall incorporates the functions of a NAT (Network

Address Translation) router, while adding features for dealing with a hacker intrusion or attack,

and for controlling the types of traffic that can flow between the two networks. Unlike simple

Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect

your network from attacks and intrusions. NAT performs a very limited stateful inspection in that

it considers whether the incoming packet is in response to an outgoing request, but true stateful

packet inspection goes far beyond NAT.

To configure these features of your firewall, click on the

Security > Block Sites

heading in the

main menu of the browser interface. The Content Filtering features are described below:

Block Sites

The FVG318 supports content filtering which allows you to block access to certain Internet sites.

Up to 32 words in an Internet sites name (for example, a website URL) can be specified causing

the site to be blocked.

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

4-2

Firewall Protection and Content Filtering

v1.0, September 2007

Certain commonly used web components can also be blocked for increased security. Some of these

components can be used by malicious websites to infect computers that access them. For example:

•

Proxy.

A proxy server allows computers to route connections to other computers through the

proxy, thus circumventing certain firewall rules. For example, if connections to a specific IP

address are blocked by a firewall rule, the requests can be routed through a proxy that is not

blocked by the rule, rendering the restriction ineffective. Enabling this feature blocks proxy

servers.

•

Java.

Enabling this feature blocks java applets from being downloaded from pages that

contain them. Java applets are small programs embedded in web pages that enable dynamic

functionality of the page. A malicious applet can be used to compromise or infect computers.

Enabling this setting blocks Java applets from being downloaded.

•

Active X.

Similar to Java applets, ActiveX controls are installed on Windows computers

running Internet Explorer. A malicious ActiveX control can be used to compromise or infect

computers. Enabling this setting blocks ActiveX applets from being downloaded.

•

Cookies.

Cookies are used to store session information by websites that usually require login.

However, several websites use cookies to store tracking information and browsing habits.

•

Enabling this option filters out cookies from being created by a website.

To enable Content Filtering:

1.

Select Security > Block Sites from the menu. The Block Sites screen will display.

Note:

Many websites require that cookies be accepted in order for the site to be

accessed properly. Blocking cookies may cause many websites to not function

properly.

Figure 4-1

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Firewall Protection and Content Filtering

4-3

v1.0, September 2007

2.

Check the

Yes

radio box in the Content Filtering section and click

Apply.

This will enable

content filtering and allow you to specify Web Components to be blocked.

3.

Check the radio box for each Web Component you want to enable; then click

Apply.

The

selected Web Component options will be blocked.

Once Content Filtering has been enabled you can add Trusted IP Addresses, Blocked Keywords

and Trusted Domains.

Trusted Internet Addresses and Trusted Domains are Internet addresses and sites for which content

filtering maybe bypassed. The Trusted IP Addresses table and the Trusted Domain table list the

currently defined trusted IP addresses and domains.

The domain will appear in the Trusted Domain list. Any number of domain names can be added to

the list. Those names entered in the Trusted Domain list will be bypassed by Keyword filtering.

For example: If yahoo is added to the Blocked Keywords list and www.yahoo.com is added to the

Trusted Domain list, then www.yahoo.com will be allowed but mail.yahoo.com will not allowed.

To add a Trusted IP Address or Trusted Domain:

Figure 4-2

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

4-4

Firewall Protection and Content Filtering

v1.0, September 2007

1.

In the appropriate field add the IP Address or Domain Name.

2.

Click

Add.

The IP Address or Domain Name will appear in the appropriate table.

3.

Click Edit adjacent to the entry to modify or change the selected IP Address or Domain Name.

An Edit screen will display. When you have completed your changes, click

Apply.

The change

will appear in the appropriate table.

To delete Trusted IP Addresses or Trusted Domain Names:

•

Click

Select All

to select all the items in the list, and then click

Delete.

•

Select the checkbox adjacent to an item to delete only that entry, and then click

Delete.

To add or modify a keyword:

1.

Enter a new keyword in the

Blocked Keyword

field in the Add Blocked Keyword section and

click

Add.

The Blocked Keyword will appear in the Blocked Keyword table.

2.

Click

Add

adjacent to the keyword you want to modify. An Edit Keyword screen will display.

When you have completed your changes, click

Apply.

The change will appear in the Blocked

Keyword table.

To delete a keyword:

•

Click

Select All

to select all the items in the list, and then click

Delete.

•

Select the checkboxes adjacent to the keywords you want to delete, and then click

Delete.

The following are examples of Blocked Keyword application s:

•

If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is blocked,

as is the newsgroup alt.pictures.XXX.

•

If the keyword “.com” is specified, only websites with other domain suffixes (such as .edu or

.gov) can be viewed.

•

If you wish to block all Internet browsing access, enter the keyword “.”.

Using Rules to Block or Allow Specific Kinds of Traffic

Firewall rules are used to block or allow specific traffic passing through from one side to the other.

Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing

only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine

what outside resources local users can have access to.

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Firewall Protection and Content Filtering

4-5

v1.0, September 2007

A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of

the FVG318 are:

•

Inbound

: Block all access from outside except responses to requests from the LAN side.

•

Outbound:

Allow all access from the LAN side to the outside.

These default rules are shown in the Rules table of the Rules menu in

Figure 4-3

:

You may define additional rules that specify exceptions to the default rules. By adding custom

rules, you can block or allow access based on the service or application, source or destination IP

addresses, and time of day. You can also choose to log traffic that matches or does not match the

rule you have defined.

To create, edit or change the order of a rule:

•

Click

Add

under the Outbound Services table to add an Outbound rule or click

Add

under the

Inbound Services table to add an Inbound rule.

•

Click

Edit

adjacent to an existing rule. An Edit Rule screen will display. After you have

completed your modifications, click

Apply.

The modified rule will appear in the appropriate

table.

•

In the

Action

column, change the order of a rule in the hierarchy of how rules are implemented

by clicking the

Up

or

Down

icons.

To delete or disable/enable rules:

•

Click

select all

to delete all the rules for a given service.

•

Check the box adjacent to the rules you want to delete, and then click

Delete.

•

Check the box adjacent to the rule you want to enable or disable and then click the appropriate

action:

Enable

or

Disable

.

Figure 4-3