1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS124G
    5. /
  5. 16
Page 76 / 238 Scroll up to view Page 71 - 75
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
5-8
LAN Configuration
202-10085-01, March 2005
8.
Type a number between 1 and 15 as the Metric value.
This represents the number of firewalls between your network and the destination. Usually, a
setting of 2 or 3 works, but if this is a direct connection, set it to 1.
9.
Click Apply to have the static route entered into the table.
As an example of when a static route is needed, consider the following case:
Your primary Internet access is through a cable modem to an ISP.
You have an ISDN firewall on your home network for connecting to the company where you
are employed. This firewall’s address on your LAN is 192.168.1.100.
Your company’s network is 134.177.0.0.
When you first configured your firewall, two implicit static routes were created. A default route
was created with your ISP as the gateway, and a second static route was created to your local
network for all 192.168.1.x addresses. With this configuration, if you attempt to access a device on
the 134.177.0.0 network, your firewall will forward your request to the ISP. The ISP forwards your
request to the company where you are employed, and the request will likely be denied by the
company’s firewall.
In this case you must define a static route, telling your firewall that 134.177.0.0 should be accessed
through the ISDN firewall at 192.168.1.100.
In this example:
The Destination IP Address and IP Subnet Mask fields specify that this static route applies to
all 134.177.x.x addresses.
The Gateway IP Address fields specifies that all traffic for these addresses should be
forwarded to the ISDN firewall at 192.168.1.100.
A Metric value of 1 will work since the ISDN firewall is on the LAN.
Private is selected only as a precautionary security measure in case RIP is activated.
Page 77 / 238
Firewall Protection and Content Filtering
6-1
202-10085-01, March 2005
Chapter 6
Firewall Protection and Content Filtering
This chapter describes how to use the content filtering features of the FVS124G ProSafe VPN
Firewall 25 with 4 Gigabit LAN and Dual WAN Ports to protect your network. These features can
be found by clicking on the Content Filtering heading in the Main Menu of the browser interface.
Firewall Protection and Content Filtering Overview
The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports provides you
with Web content filtering options, plus browsing activity reporting and instant alerts via e-mail.
Parents and network administrators can establish restricted access policies based on time-of-day,
web addresses and web address keywords. You can also block Internet access by applications and
services, such as chat or games.
A firewall is a special category of router that protects one network (the “trusted” network, such as
your LAN) from another (the “untrusted” network, such as the Internet), while allowing
communication between the two.
A firewall incorporates the functions of a NAT (Network Address Translation) router, while
adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic
that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall
uses a process called stateful packet inspection to protect your network from attacks and
intrusions. NAT performs a very limited stateful inspection in that it considers whether the
incoming packet is in response to an outgoing request, but true Stateful Packet Inspection goes far
beyond NAT.
Using Rules to Block or Allow Specific Kinds of Traffic
Firewall rules are used to block or allow specific traffic passing through from one side to the other.
Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing
only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine
what outside resources local users can have access to.
Page 78 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-2
Firewall Protection and Content Filtering
202-10085-01, March 2005
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the FVS124G are:
Inbound: Block all access from outside except responses to requests from the LAN side.
Outbound: Allow all access from the LAN side to the outside.
These default rules are shown in the Rules table of the Rules menu (under Security on the main
menu) in
Figure 6-1
:
Figure 6-1:
Rules menu
You may define additional rules that will specify exceptions to the default rules. By adding custom
rules, you can block or allow access based on the service or application, source or destination IP
addresses, and time of day.
You can also tailor these rules to your specific needs (see
“Administrator Information” on
page 6-35
).
Page 79 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-3
202-10085-01, March 2005
Note:
This feature is for Advanced Administrators only! Incorrect configuration will cause serious
problems.
Outbound Services—This lists all existing rules for outbound traffic. If you have not defined any
rules, only the default rule will be listed. The default rule allows all outgoing traffic.
To create a new outbound service rule:
a.
Click the Add button. It does not matter which radio button is selected.
The Outbound Service screen will be displayed (see
“Outbound Rules (Service Blocking)”
on page 6-12
). This screen has its own help file.
b.
Complete the Outbound Service screen, and save the data. The new rule will be listed in
the table when you return to this screen.
To make changes to an existing outbound service rule:
a.
Click the check box at the beginning of the row and click Apply to disable or Enable the
policy.
b.
Click the radio button next to an row in the table.
c.
Click the button for the desired actions:
Edit - to make any changes to the rule definition. The Outbound Service screen will be
displayed (see
“Outbound Rules (Service Blocking)” on page 6-12
) with the data for
the selected rule.
Move - to move the selected rule to a new position in the table. You will be prompted
for the new position.
Delete - to delete the selected rule.
Inbound Services—This lists all existing rules for inbound traffic. If you have not defined any
rules, only the default rule will be listed. The default rule blocks all inbound traffic.
To create a new inbound service rule:
a.
Click the Add button. It does not matter which radio button is selected.
The Inbound Service screen will be displayed (see
“Inbound Rules (Port Forwarding)” on
page 6-5
). This screen has its own help file.
b.
Complete the Inbound Service screen and save the data. The new rule will be listed in the
table when you return to this screen.
To make changes to an existing inbound service rule:
a.
Click the radio button next to an row in the table.
Page 80 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-4
Firewall Protection and Content Filtering
202-10085-01, March 2005
b.
Click the button for the desired actions:
Edit - to make any changes to the rule definition. The Inbound Service screen will be
displayed (see
“Inbound Rules (Port Forwarding)” on page 6-5
) with the data for the
selected rule.
Move - to move the selected rule to a new position in the table. You will be prompted
for the new position.
Delete - to delete the selected rule.
Attack Checks—These check boxes allows you to enable check on various attacks. Select the
appropriate checkbox to enable them.
VPN Passthrough: Enable this to pass the VPN traffic without any filtering, specially used
when this box is between two VPN tunnel end points.
Drop fragmented IP packets: Enable this to drop the fragmented IP packets.
UDP Flooding: Enable this to limit the number of UDP sessions created from one LAN
machine.
TCP Flooding: Enable this to protect the router from Syn flood attack.
Enable DNS Proxy: Enable this to allow the incoming DNS queries.
Enable Stealth Mode: Enable this to set the firewall to operate in stealth mode.
Respond To Ping On Internet Ports—If you want the router to respond to a 'Ping' from the
Internet, click this check box. This can be used as a diagnostic tool. You shouldn't check this
box unless you have a specific reason to do so.
Services-Based Rules
The rules to block traffic are based on the traffic’s category of service.
Inbound rules (port forwarding)—Inbound traffic is normally blocked by the firewall unless
the traffic is in response to a request from the LAN side. The firewall can be configured to
allow this otherwise blocked traffic.
Outbound rules (service blocking)—Outbound traffic is normally allowed unless the firewall
is configured to disallow it.
Customized services—Additional services can be added to the list of services in the factory
default list. These added services can then have rules defined for them to either allow or block
that traffic.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top