1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS124G
    5. /
  5. 19
Page 91 / 238 Scroll up to view Page 86 - 90
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-15
202-10085-01, March 2005
Outbound Rule Example: Blocking Instant Messenger
If you want to block Instant Messenger usage by employees during working hours, you can create
an outbound rule to block that application from any internal IP address to any external address
according to the schedule that you have created in the Schedule menu. You can also have the
firewall log any attempt to use Instant Messenger during that blocked period.
Figure 6-9:
Rule example: Blocking Instant Messenger
Page 92 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-16
Firewall Protection and Content Filtering
202-10085-01, March 2005
Order of Precedence for Rules
As you define new rules, they are added to the tables in the Rules menu, as shown in
Figure 6-10
:
Figure 6-10:
Rules table with examples
For any traffic attempting to pass through the firewall, the packet information is subjected to the
rules in the order shown in the Rules Table, beginning at the top and proceeding to the default rules
at the bottom. In some cases, the order of precedence of two or more rules may be important in
determining the disposition of a packet. The Move button allows you to relocate a defined rule to a
new position in the table.
Customized Services
Services are functions performed by server computers at the request of client computers. For
example, Web servers serve web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on the Internet sends a request for
service to a server computer, the requested service is identified by a service or port number. This
number appears as the destination port number in the transmitted IP packets. For example, a packet
that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Page 93 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-17
202-10085-01, March 2005
Although the FVS124G already holds a list of many service port numbers, you are not limited to
these choices. Use the Services menu to add additional services and applications to the list for use
in defining firewall rules. The Services menu shows a list of services that you have defined, as
shown in
Figure 6-11
:
Figure 6-11:
Services and Add Custom Service screens
To define a new service, first you must determine which port number or range of numbers is used
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups of newsgroups. When you have the port number information, go
the Services menu and click on the Add Custom Service button. The Add Services menu will
appear, as shown in
Figure 6-11
.
To add a service:
1.
Enter a descriptive name for the service so that you will remember what it is.
2.
Select whether the service uses TCP or UDP as its transport protocol.
If you can’t determine which is used, select both.
3.
Enter the lowest port number used by the service.
4.
Enter the highest port number used by the service.
If the service only uses a single port number, enter the same number in both fields.
Page 94 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-18
Firewall Protection and Content Filtering
202-10085-01, March 2005
5.
Click Apply.
The new service will now appear in the Services menu, and in the Service name selection box in
the Rules menu.
Quality of Service (QoS) Priorities
This setting determines the priority of a service, which in turn, determines the quality of that
service for the traffic passing through the firewall. The user can change this priority:
At the services definition screen for customized services
On the inbound rules screen
On the outbound rules screen
Figure 6-12:
Setting and Overriding QoS priorities
Inbound Rules Add Screen
Outbound Rules Add Screen
Services Add Screen
Page 95 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-19
202-10085-01, March 2005
The QoS priority definition for a service determines the queue that is used for its traffic passing
through the FVS124G VPN Firewall as follows:
Example 1 (priority unchanged)
: If the native ToS setting for a service is 3 and the Netgear QoS
setting for this service is None, then the traffic for this service is placed in the queue that handles
priority 3 traffic. The priority of this service through the FVS124G VPN Firewall has not changed.
Example 2 (priority increased)
: If the native ToS setting for a service is 3 and the Netgear QoS
setting for this service is 4, then the traffic for this service is placed in the queue that handles
priority 4 traffic rather than the queue that handles priority 3 traffic. The priority of this service
through the FVS124G VPN Firewall has been increased.
Example 3 (priority decreased)
: If the native ToS setting for a service is 3 and the Netgear QoS
setting for this service is 2, then the traffic for this service is placed in the queue that handles
priority 2 traffic rather than the queue that handles priority 3 traffic. The priority of this service
through the FVS124G VPN Firewall has been decreased.
Table 6-2.
Traffic queue to be used for a service
Native ToS Setting
*
*
IEEE 802.1D-1998 (formerly 802.1p) standard.
Netgear QoS Setting
Specifies which output queue in the FVS124G to use for that service’s traffic. The three type-of-service bits in the traffic
frame remain unchanged.
None
6
5
4
3
2
7 (highest)
7
6
5
4
3
2
6
6
6
5
4
3
2
5
5
6
5
4
3
2
4
4
6
5
4
3
2
3
3
6
5
4
3
2
2
2
6
5
4
3
2
1 (default)
1
6
5
4
3
2
0 (lowest)
0
6
5
4
3
2

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top