1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVL328
    5. /
  5. 11
Page 51 / 234 Scroll up to view Page 46 - 50
Protecting Your Network
5-1
May 2004, 202-10030-02
Chapter 5
Protecting Your Network
This chapter describes how to use the firewall features of the FVL328 Prosafe High Speed VPN
Firewall to protect your network.
Firewall Protection and Content Filtering Overview
The FVL328 Prosafe High Speed VPN Firewall provides you with Web content filtering options,
plus browsing activity reporting and instant alerts via e-mail. Parents and network administrators
can establish restricted access policies based on time-of-day, Web addresses, and Web address
keywords. You can also block Internet access by applications and services, such as chat or games.
A firewall is a special category of router that protects one network (the “trusted” network, such as
your LAN) from another (the “untrusted” network, such as the Internet), while allowing
communication between the two. A firewall incorporates the functions of a NAT (Network
Address Translation) router, while adding features for dealing with a hacker intrusion or attack,
and for controlling the types of traffic that can flow between the two networks. Unlike simple
Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect
your network from attacks and intrusions. NAT performs a very limited stateful inspection in that
it considers whether the incoming packet is in response to an outgoing request, but true Stateful
Packet Inspection goes far beyond NAT.
To configure these features of your router, click on the subheadings under the Content Filtering
heading in the Main Menu of the browser interface. The subheadings are described below:
Using the Block Sites Menu to Screen Content
The FVL328 allows you to restrict access based on the following categories:
Use of a proxy server
Type of file (Java, ActiveX, Cookie)
Web addresses
Web address keywords
Page 52 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
5-2
Protecting Your Network
May 2004, 202-10030-02
Many Web sites will not function correctly if these components are blocked.
These options are discussed below.
The Keyword Blocking menu is shown here.
Figure 5-1:
Block Sites menu
To enable filtering, click the checkbox next to the type of filtering you want to enable. The filtering
choices are:
Proxy: blocks use of a proxy server
Java: blocks use of Java applets
ActiveX: blocks use of ActiveX components (OCX files) used by IE on Windows
Page 53 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Protecting Your Network
5-3
May 2004, 202-10030-02
Cookies: blocks all cookies
To enable keyword blocking, check “Turn keyword blocking on”, then click Apply.
To add a keyword or domain, type it in the Keyword box, click Add Keyword, then click Apply.
To delete a keyword or domain, select it from the list, click Delete Keyword, then click Apply.
Keyword application examples:
If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is blocked,
as is the newsgroup alt.pictures.XXX.
If the keyword “.com” is specified, only Web sites with other domain suffixes (such as .edu or
.gov) can be viewed.
If you want to block all Internet browsing access, enter the keyword “.”.
Up to 255 entries are supported in the Keyword list.
Apply Keyword Blocking to Groups
Select the Groups you wish to apply the Keyword Blocking to.
To manage these groups, use the Network Database screen on the Maintenance menu.
The Web Components settings always apply to all PCs.
Services and Rules Regulate Inbound and Outbound Traffic
The FVL328 Prosafe High Speed VPN Firewall firewall lets you regulate what ports are available
to the various TCP/IP protocols. Follow these two steps to configure inbound or outbound traffic:
1.
Define a Service
2.
Set up an Inbound or Outbound Rule that uses the Service
These steps are discussed below.
Page 54 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
5-4
Protecting Your Network
May 2004, 202-10030-02
Defining a Service
Services are functions performed by server computers at the request of client computers. For
example, Web servers serve Web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on the Internet sends a request for
service to a server computer, the requested service is identified by a service or port number. This
number appears as the destination port number in the transmitted IP packets. For example, a packet
that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Although the FVL328 already holds a list of many service port numbers, you are not limited to
these choices. Use the Services menu to add additional services and applications to the list for use
in defining firewall rules. The Services menu shows a list of services that you have defined.
To define a new service, first you must determine which port number or range of numbers is used
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups of newsgroups. When you have the port number information, go
the Services menu and click on the Add Custom Service button. The Add Services menu will
appear.
To add a service:
1.
Enter a descriptive name for the service so that you will remember what it is.
2.
Select whether the service uses TCP or UDP as its transport protocol.
If you can’t determine which is used, select both.
3.
Enter the lowest port number used by the service.
4.
Enter the highest port number used by the service.
If the service only uses a single port number, enter the same number in both fields.
5.
Click Apply.
The new service will now appear in the Services menu, and in the Service name selection box in
the Rules menu.
Page 55 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Protecting Your Network
5-5
May 2004, 202-10030-02
Using Inbound/Outbound Rules to Block or Allow Services
Firewall rules are used to block or allow specific traffic passing through from one side of the
firewall to the other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources,
selectively allowing only specific outside users to access specific resources. Outbound rules (LAN
to WAN) determine what outside resources local users can have access to.
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the FVL328 are:
Inbound: Block all access from outside except responses to requests from the LAN side.
Outbound: Allow all access from the LAN side to the outside.
These default rules are shown here:
Figure 5-2:
Rules menu

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top