Page 71 / 176 Scroll up to view Page 66 - 70
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
Firewall Protection and Content Filtering
4-11
v1.0, September 2007
.
Attack Checks
The Attack Check screen allows you to specify if the router should be protected against common
attacks from the LAN and WAN networks. The various types of attack checks are defined below.
To access the Attack Check screen:
1.
Select Security > Firewall Rules and click the
Attack Checks
tab. The Attack Checks screen
will display.
2.
Select the Attack Check types you want to enable. Descriptions of the various Attack Check
types are described in the following table.
3.
Click
Apply
to save your settings.
Note:
For security, NETGEAR strongly recommends that you avoid using the Default
DMZ Server feature. When a computer is designated as the Default DMZ Server, it
loses much of the protection of the firewall, and is exposed to many exploits from
the Internet. If compromised, the computer can be used to attack your network.
Attack Check Type
Description
WAN Security Checks
Respond to Ping On
Internet Port
To configure the router to respond to an ICMP Echo (ping) packet coming
in from the WAN side, check this box. This setting is usually used as a
diagnostic tool for connectivity problems. It is recommended that the
option be disabled at other times to prevent hackers from easily
discovering the router via a ping.
Enable Stealth Mode
If Stealth Mode is enabled, the router will not respond to port scans from
the WAN, which makes it less susceptible to discovery and attacks.
Block TCP Flood
If this option is enabled, the router will drop all invalid TCP packets and be
protected protect from a SYN flood attack.
LAN Security Checks
Block UDP Flood
If this option is enabled, the router will not accept more than 20
simultaneous, active UDP connections from a single computer on the
LAN.
Page 72 / 176
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
4-12
Firewall Protection and Content Filtering
v1.0, September 2007
Services
Services are functions performed by server computers at the request of client computers. For
example, Web servers serve Web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on the Internet sends a request for
service to a server computer, the requested service is identified by a service or port number. This
number appears as the destination port number in the transmitted IP packets. For example, a packet
that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Although the FVG318 already holds a list of many service port numbers, you are not limited to
these choices. Use the Services menu to add additional services and applications to the list for use
in defining firewall rules. The Services menu shows a list of services that you have defined.
To define a new service, first you must determine which port number or range of numbers is used
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups of news groups.
To add a service:
1.
When you have the port number information, go the Security > Services. The Services screen
will display.
2.
In the Add Custom Services section:
a.
Enter a descriptive name for the service in the
Name
field (so that you will remember
what it is).
VPN Pass through
IPSec/PPTP/L2TP
a
Typically, the router is used as a VPN Client or Gateway that connects to
other VPN Gateways. When the router is in NAT mode, all packets going
to the Remote VPN Gateway are first filtered through NAT and then
encrypted, per the VPN policy.
a. In situations where a VPN Client or Gateway on the LAN side of this router is connected to another VPN
endpoint on the WAN (placing this router in between two VPN end points), all encrypted packets will be sent to
this router. Since this router filters the encrypted packets through NAT, the packets become invalid.
IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through this router. To allow the VPN
traffic to pass through without filtering, the type of tunnel that will be used as a pass through must be enabled.
Attack Check Type
Description
Page 73 / 176
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
Firewall Protection and Content Filtering
4-13
v1.0, September 2007
b.
From the
Type
pull-down menu, select whether the service uses TCP, UDP or ICMP as its
transport protocol.
c.
Enter the lowest port number used by the service in the
Start Port
field.
a.
Enter the highest port number used by the service in the
Finish Port
field.
If the service only uses a single port number, enter the same number in both fields.
3.
Click
Add
. The new service will appear in the Custom Services Table, and in the
Service
pull-
down menu on the Firewall Rules Add/Edit screens.
Using a Schedule to Block or Allow Specific Traffic
If you enabled content filtering in the Block Sites menu, or if you defined an outbound rule to use
a schedule, you can set up a schedule for when blocking occurs or when access is restricted. The
firewall allows you to specify when blocking will be enforced by configuring the Schedule screen
Figure 4-8
Page 74 / 176
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
4-14
Firewall Protection and Content Filtering
v1.0, September 2007
.
To block keywords or Internet domains based on a schedule:
1.
Select Security > Schedule from the menu. The Schedule 1 screen will display.
2.
In the Scheduled Days section, select the All Days or Specific Days radio box. If you want to
limit access completely for the selected days, select All Day. Otherwise, select the specific
days that you want to limit access.
3.
If you want to limit access during certain times for the selected days, select the All Day or
Specific Times radio box in the
Schedule TIme of Day
section. If you selected Specific
Times, then enter a Start Time and an End Time.
4.
Click
Apply
to save your changes.
5.
Configure Schedule 2 and Schedule 3, if required, following the previous steps.
Getting E-Mail Notifications of Firewall Logs
The VPN firewall can be configured to log and e-mail denial of service attacks, general attack
information, login attempts, dropped packets, and so forth, to a specified e-mail address or a
SysLog server.
In order to receive logs by e-mail, you must provide your e-mail information in the
Enable E-Mail
Logs
section of the Firewall Logs & E-mail screen.
To receive firewall logs via email:
1.
Select Monitoring > Firewall Logs & E-Mail. The FIrewall Logs & E-mail screen will display.
Figure 4-9
Page 75 / 176
ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
Firewall Protection and Content Filtering
4-15
v1.0, September 2007
2.
Enter the Log Identifier in the Log Options sections.
Every logged message will contain a prefix for easier identification of the source of the
message. The Log Identifier will be prefixed to both e-mail and Syslog messages.
3.
Select which Routing Log packets you want to log.
Accepted Packets. Logs packets that were successfully transferred through the segment.
Dropped Packets. Logs packets that were blocked from being transferred through this
segment.
4.
Select the type of system events to be logged. The following system events can be recorded:
Change of Time by NTP. Logs a message when the system time changes after a request
from a Network Time server.
Login Attempts. Logs a message when a login is attempted from the LAN network. Both,
successful and failed login attempts will be logged.
Secure Login Attempt. Logs a message when a login is attempted using the Secure
Remote Management URL (see
“Enabling Remote Management Access” on page 8-8
).
Both, successful and failed login attempts will be logged.
Reboots. Record a message when the device has been rebooted through the Web interface.
All Unicast Traffic. All unicast packets directed to the router are logged.
All Broadcast/Multicast Traffic. All broadcast or multicast packets directed to the router
are logged.
WAN Status: WAN link status related logs are enabled
Note:
If monitoring packets from a firewall rule, make sure that the firewall rule Log
option is set to “Always.”

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top