ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Firewall Protection and Content Filtering

4-11

v1.0, September 2007

.

Attack Checks

The Attack Check screen allows you to specify if the router should be protected against common

attacks from the LAN and WAN networks. The various types of attack checks are defined below.

To access the Attack Check screen:

1.

Select Security > Firewall Rules and click the

Attack Checks

tab. The Attack Checks screen

will display.

2.

Select the Attack Check types you want to enable. Descriptions of the various Attack Check

types are described in the following table.

3.

Click

Apply

to save your settings.

Note:

For security, NETGEAR strongly recommends that you avoid using the Default

DMZ Server feature. When a computer is designated as the Default DMZ Server, it

loses much of the protection of the firewall, and is exposed to many exploits from

the Internet. If compromised, the computer can be used to attack your network.

Attack Check Type

Description

WAN Security Checks

Respond to Ping On

Internet Port

To configure the router to respond to an ICMP Echo (ping) packet coming

in from the WAN side, check this box. This setting is usually used as a

diagnostic tool for connectivity problems. It is recommended that the

option be disabled at other times to prevent hackers from easily

discovering the router via a ping.

Enable Stealth Mode

If Stealth Mode is enabled, the router will not respond to port scans from

the WAN, which makes it less susceptible to discovery and attacks.

Block TCP Flood

If this option is enabled, the router will drop all invalid TCP packets and be

protected protect from a SYN flood attack.

LAN Security Checks

Block UDP Flood

If this option is enabled, the router will not accept more than 20

simultaneous, active UDP connections from a single computer on the

LAN.

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

4-12

Firewall Protection and Content Filtering

v1.0, September 2007

Services

Services are functions performed by server computers at the request of client computers. For

example, Web servers serve Web pages, time servers serve time and date information, and game

hosts serve data about other players’ moves. When a computer on the Internet sends a request for

service to a server computer, the requested service is identified by a service or port number. This

number appears as the destination port number in the transmitted IP packets. For example, a packet

that is sent with destination port number 80 is an HTTP (Web server) request.

The service numbers for many common protocols are defined by the Internet Engineering Task

Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other

applications are typically chosen from the range 1024 to 65535 by the authors of the application.

Although the FVG318 already holds a list of many service port numbers, you are not limited to

these choices. Use the Services menu to add additional services and applications to the list for use

in defining firewall rules. The Services menu shows a list of services that you have defined.

To define a new service, first you must determine which port number or range of numbers is used

by the application. This information can usually be determined by contacting the publisher of the

application or from user groups of news groups.

To add a service:

1.

When you have the port number information, go the Security > Services. The Services screen

will display.

2.

In the Add Custom Services section:

a.

Enter a descriptive name for the service in the

Name

field (so that you will remember

what it is).

VPN Pass through

IPSec/PPTP/L2TP

a

Typically, the router is used as a VPN Client or Gateway that connects to

other VPN Gateways. When the router is in NAT mode, all packets going

to the Remote VPN Gateway are first filtered through NAT and then

encrypted, per the VPN policy.

a. In situations where a VPN Client or Gateway on the LAN side of this router is connected to another VPN

endpoint on the WAN (placing this router in between two VPN end points), all encrypted packets will be sent to

this router. Since this router filters the encrypted packets through NAT, the packets become invalid.

IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through this router. To allow the VPN

traffic to pass through without filtering, the type of tunnel that will be used as a pass through must be enabled.

Attack Check Type

Description

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Firewall Protection and Content Filtering

4-13

v1.0, September 2007

b.

From the

Type

pull-down menu, select whether the service uses TCP, UDP or ICMP as its

transport protocol.

c.

Enter the lowest port number used by the service in the

Start Port

field.

a.

Enter the highest port number used by the service in the

Finish Port

field.

If the service only uses a single port number, enter the same number in both fields.

3.

Click

Add

. The new service will appear in the Custom Services Table, and in the

Service

pull-

down menu on the Firewall Rules Add/Edit screens.

Using a Schedule to Block or Allow Specific Traffic

If you enabled content filtering in the Block Sites menu, or if you defined an outbound rule to use

a schedule, you can set up a schedule for when blocking occurs or when access is restricted. The

firewall allows you to specify when blocking will be enforced by configuring the Schedule screen

Figure 4-8

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

4-14

Firewall Protection and Content Filtering

v1.0, September 2007

.

To block keywords or Internet domains based on a schedule:

1.

Select Security > Schedule from the menu. The Schedule 1 screen will display.

2.

In the Scheduled Days section, select the All Days or Specific Days radio box. If you want to

limit access completely for the selected days, select All Day. Otherwise, select the specific

days that you want to limit access.

3.

If you want to limit access during certain times for the selected days, select the All Day or

Specific Times radio box in the

Schedule TIme of Day

section. If you selected Specific

Times, then enter a Start Time and an End Time.

4.

Click

Apply

to save your changes.

5.

Configure Schedule 2 and Schedule 3, if required, following the previous steps.

Getting E-Mail Notifications of Firewall Logs

The VPN firewall can be configured to log and e-mail denial of service attacks, general attack

information, login attempts, dropped packets, and so forth, to a specified e-mail address or a

SysLog server.

In order to receive logs by e-mail, you must provide your e-mail information in the

Enable E-Mail

Logs

section of the Firewall Logs & E-mail screen.

To receive firewall logs via email:

1.

Select Monitoring > Firewall Logs & E-Mail. The FIrewall Logs & E-mail screen will display.

Figure 4-9

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Firewall Protection and Content Filtering

4-15

v1.0, September 2007

2.

Enter the Log Identifier in the Log Options sections.

Every logged message will contain a prefix for easier identification of the source of the

message. The Log Identifier will be prefixed to both e-mail and Syslog messages.

3.

Select which Routing Log packets you want to log.

•

Accepted Packets. Logs packets that were successfully transferred through the segment.

•

Dropped Packets. Logs packets that were blocked from being transferred through this

segment.

4.

Select the type of system events to be logged. The following system events can be recorded:

•

Change of Time by NTP. Logs a message when the system time changes after a request

from a Network Time server.

•

Login Attempts. Logs a message when a login is attempted from the LAN network. Both,

successful and failed login attempts will be logged.

•

Secure Login Attempt. Logs a message when a login is attempted using the Secure

Remote Management URL (see

“Enabling Remote Management Access” on page 8-8

).

Both, successful and failed login attempts will be logged.

•

Reboots. Record a message when the device has been rebooted through the Web interface.

•

All Unicast Traffic. All unicast packets directed to the router are logged.

•

All Broadcast/Multicast Traffic. All broadcast or multicast packets directed to the router

are logged.

•

WAN Status: WAN link status related logs are enabled

Note:

If monitoring packets from a firewall rule, make sure that the firewall rule Log

option is set to “Always.”