1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS124G
    5. /
  5. 20
Page 96 / 238 Scroll up to view Page 91 - 95
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-20
Firewall Protection and Content Filtering
202-10085-01, March 2005
Managing Groups and Hosts
The Network Database is an automatically-maintained list of all known PCs and network devices.
PCs and devices become known by the following methods:
DHCP Client Requests—By default, the DHCP server in this Router is enabled, and will
accept and respond to DHCP client requests from PCs and other network devices. These
requests also generate an entry in the Network Database. Because of this, leaving the DHCP
Server feature (on the LAN screen) enabled is strongly recommended.
Scanning the Network—The local network is scanned using standard methods such as arp.
This will detect active devices which are not DHCP clients. However, sometimes the name of
the PC or device cannot be accurately determined, and will be shown as Unknown.
Advantages of the Network Database are as follows:
Generally, you do not need to enter either IP address or MAC addresses. Instead, you can just
select the desired PC or device.
No need to reserve an IP address for a PC in the DHCP Server. All IP address assignments
made by the DHCP Server will be maintained until the PC or device is removed from the
database, either by expiry (inactive for a long time) or by you.
No need to use a Fixed IP on PCs. Because the address allocated by the DHCP Server will
never change, you don't need to assign a fixed IP to a PC to ensure it always has the same IP
address.
MAC-level Control over PCs. The Network Database uses the MAC address to identify each
PC or device. So changing a PC's IP address does not affect any restrictions on that PC.
Group and Individual Control over PCs
You can assign PCs to Groups and apply restrictions to each Group using the Firewall
Rules screen (see
“Services-Based Rules” on page 6-4
).
You can also select the Groups to be covered by the Block Sites feature (see
“Block Sites”
on page 6-24
).
If necessary, you can also create Firewall Rules to apply to a single PC (see
“Source MAC
Filtering” on page 6-27
). Because the MAC address is used to identify each PC, users
cannot avoid these restrictions by changing their IP address.
Page 97 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-21
202-10085-01, March 2005
Figure 6-13:
Groups and Hosts screens
Page 98 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-22
Firewall Protection and Content Filtering
202-10085-01, March 2005
Using a Schedule to Block or Allow Specific Traffic
If you enabled content filtering in the Block Sites menu, or if you defined an outbound rule to use
a schedule, you can set up a schedule for when blocking occurs or when access is restricted. The
firewall allows you to specify when blocking will be enforced by configuring the Schedule tab
shown below:
Table 6-3.
Groups and hosts
Item
Description
Known PCs and
Devices
This table lists all current entries in the Network Database. For each PC or device,
the following data is displayed.
Radio button—Use this to select a PC for editing or deletion.
Name—The name of the PC or device. Sometimes, this can not be determined,
and will be listed as Unknown. In this case, you can edit the entry to add a
meaningful name.
IP Address—The current IP address. For DHCP clients, where the IP address is
allocated by the DHCP Server in this device, this IP address will not change. Where
the IP address is set on the PC (as a fixed IP address), you may need to update
this entry manually if the IP address on the PC is changed.
MAC Address—The MAC address of the PC. The MAC address is a low-level
network identifier which is fixed at manufacture.
Group—Each PC or device must be in a single group. The Group column indicates
which group each entry is in. By default, all entries are in the Default group (the D
column.)
Operations
Group Assignment —You can select a group for any entry by selecting the desired
group from the drop down menu in the Group column. Click Apply
Adding a new Entry—If a PC is not connected, using a fixed IP, or a different LAN
segment, it may not be listed. In this case, you can add it by clicking the Add
button.
Editing an Entry—You can edit an entry by selecting its radio button, and clicking
the Edit button.
Deleting an Entry—If a PC or device has been removed from your network, you can
delete it from the database by selecting its radio button, and clicking the Delete
button.
Edit Group Names—The Group names can be edited by clicking Edit Group
Names button. By default the group names are Default, Marketing, Sales,
Warehouse, Support, Lab1, Lab2, and Others.
Page 99 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-23
202-10085-01, March 2005
Figure 6-14:
Schedule menu
To invoke rules and block keywords or Internet domains based on a schedule, select Every Day or
select one or more days. If you want to limit access completely for the selected days, select All
Day. Otherwise, if you want to limit access during certain times for the selected days, type a Start
Blocking time and an End Blocking time.
Note:
Note: Enter the values as 24-hour time. For example, 10:30 am would be 10 hours and 30
minutes and 10:30 pm would be 22 hours and 30 minutes.
Be sure to click Apply when you have finished configuring this menu.
Page 100 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-24
Firewall Protection and Content Filtering
202-10085-01, March 2005
Time Zone
The FVS124G VPN Firewall uses the Network Time Protocol (NTP) to obtain the current time
and date from one of several Network Time Servers on the Internet. In order to localize the time
for your log entries, you must specify your Time Zone:
Time Zone. Select your local time zone. This setting will be used for the blocking schedule
and for time-stamping log entries.
Daylight Savings Time. Check this box for daylight savings time.
Note:
If your region uses Daylight Savings Time, you must manually select Adjust for
Daylight Savings Time on the first day of Daylight Savings Time, and unselect it at the
end. Enabling Daylight Savings Time will add one hour to the standard time.
Be sure to click Apply when you have finished configuring this menu.
Block Sites
If you want to reduce incoming traffic by preventing access to certain sites on the Internet, you can
use the VPN firewall's content and Web component filtering feature. By default, this feature is
disabled; all requested traffic from any Web site is allowed. When users try to access a blocked
site, they will get a message: Blocked by NETGEAR.
Keyword (and domain name) blocking—You can specify up to 32 words that, should they
appear in the website name (i.e., URL) or in a newsgroup name, will cause that site or
newsgroup to be blocked by the VPN firewall.
You can apply the keywords to one or more groups. Requests from the PCs in the groups for
which keyword blocking has been enabled will be blocked. Blocking does not occur for the
PCs that are in the groups for which keyword blocking has not been enabled.
You can bypass keyword blocking for trusted domains by adding the exact matching domain
to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for
which keyword blocking has been enabled will still be allowed without any blocking.
Web component blocking—You can block the following Web component types: Proxy, Java,
ActiveX, and Cookies. Sites on the Trusted Domains list are still subject to Web component
blocking when the blocking of a particular Web component has been enabled.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top