1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 27
Page 131 / 414 Scroll up to view Page 126 - 130
Firewall Protection
131
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
LAN Groups screen to keep the computer’s IP address constant (see
Set Up DHCP
Address Reservation
on page 69).
Local computers need to access the local server using the computers’ local LAN address.
Attempts by local computers to access the server using the external WAN IP address will
fail.
Note:
See
Configure Port Triggering
on page 185 for yet another way to
allow certain types of inbound traffic that would otherwise be
blocked by the firewall.
Note:
The wireless VPN firewall always blocks denial of service (DoS)
attacks. A DoS attack does not attempt to steal data or damage your
computers, but overloads your Internet connection so you cannot
use it (that is, the service becomes unavailable).
Note:
When the Block TCP Flood and Block UDP Flood check boxes are
selected on the Attack Checks screen (which they are by default;
see
Attack Checks
on page 162), multiple concurrent connections of
the same application from one host or IP address (such as multiple
DNS queries from one computer) trigger the wireless VPN firewall’s
DoS protection.
The following table describes the fields that define the rules for inbound traffic and that are
common to most Inbound Service screens (see
Figure 65
on page 140,
Figure 71
on
page 148, and
Figure 77
on page 154).
The steps to configure inbound rules are described in the following sections:
Configure LAN WAN Rules
Configure DMZ WAN Rules
Configure LAN DMZ Rules
Page 132 / 414
Firewall Protection
132
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Table 33.
Inbound rules overview
Setting
Description
Inbound Rules
Service
The service or application to be covered by this rule. If the
service or application does not display in the list, you need to
define it using the Services screen (see
Add Customized
Services
on page 168).
All rules
Action
The action for outgoing connections covered by this rule:
• BLOCK always
• BLOCK by schedule, otherwise allow
• ALLOW always
• ALLOW by schedule, otherwise block
Note:
Any inbound traffic that is not blocked by rules you create
is allowed by the default rule.
All rules
Select Schedule
The time schedule (that is, Schedule1, Schedule2, or
Schedule3) that is used by this rule.
• This drop-down list is activated only when BLOCK by
schedule, otherwise allow or ALLOW by schedule, otherwise
block is selected as the action.
• Use the Schedule screen to configure the time schedules (see
Set a Schedule to Block or Allow Specific Traffic
on page 178).
All rules when BLOCK
by schedule,
otherwise allow or
ALLOW by schedule,
otherwise block is
selected as the action.
Send to LAN Server
The LAN server address determines which computer on your
network is hosting this service rule. (You can also translate this
address to a port number.) The options are:
Single address
. Enter the required address in the Start field to
apply the rule to a single device on your LAN.
Address range
. Enter the required addresses in the Start and
Finish fields to apply the rule to a range of devices.
IPv4 LAN WAN rules
Send to DMZ Server
The DMZ server address determines which computer on your
network is hosting this service rule. (You can also translate this
address to a port number.)
IPv4 DMZ WAN rules
Translate to Port
Number
If the LAN server or DMZ server that is hosting the service is
using a port other than the default port for the service, you can
enable this setting and specify a port number. If the service is
using the default port, you do not need to enable this setting.
IPv4 LAN WAN rules
IPv4 DMZ WAN rules
WAN Destination IP
Address
The setting that determines the destination IP address applicable
to incoming traffic. This is the public IP address that maps to the
internal LAN server.
This can be either the address of the WAN interface or another
public IP address.
You also have the option to enter an address range. Enter the
required addresses in the Start and Finish fields to apply the rule
to a range of devices.
IPv4 LAN WAN rules
IPv4 DMZ WAN rules
Page 133 / 414
Firewall Protection
133
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
LAN Users
These settings apply to a LAN WAN inbound rule when the WAN
mode is classical routing, and determine which computers on
your network are affected by this rule. The options are:
Any
. All computers and devices on your LAN.
Single address
. Enter the required address in the Start field to
apply the rule to a single device on your LAN.
Address range
. Enter the required addresses in the Start and
Finish fields to apply the rule to a range of devices.
Group
. Select the LAN group to which the rule applies. Use
the LAN Groups screen to assign computers to groups (see
Manage the Network Database
on page 65). Groups are
applicable only to IPv4 rules.
Note:
For IPv4 LAN WAN inbound rules, this field is not
applicable when the WAN mode is NAT because your network
presents only
one
IP address to the Internet.
LAN WAN rules
LAN DMZ rules
WAN Users
The settings that determine which Internet locations are covered
by the rule, based on their IP address. The options are:
Any
. All Internet IP address are covered by this rule.
Single address
. Enter the required address in the Start field.
Address range
. Enter the required addresses in the Start and
Finish fields.
LAN WAN rules
DMZ WAN rules
DMZ Users
The settings that determine which DMZ computers on the DMZ
network are affected by this rule. The options are:
Any
. All computers and devices on your DMZ network.
Single address
. Enter the required address in the Start field to
apply the rule to a single computer on the DMZ network.
Address range
. Enter the required addresses in the Start and
Finish fields to apply the rule to a range of DMZ computers.
Note:
For IPv4 DMZ WAN inbound rules, this field is not
applicable when the WAN mode is NAT because your network
presents only
one
IP address to the Internet.
DMZ WAN rules
LAN DMZ rules
Log
The setting that determines whether packets covered by this rule
are logged. The options are:
Always
. Always log traffic that matches this rule. This is useful
when you are debugging your rules.
Never
. Never log traffic that matches this rule.
All rules
Bandwidth Profile
Bandwidth limiting determines the way in which the data is sent
to and from your host. The purpose of bandwidth limiting is to
provide a solution for limiting the outgoing and incoming traffic,
thus preventing the LAN users from consuming all the bandwidth
of the Internet link. For more information, see
Create Bandwidth
Profiles
on page 171. For inbound traffic, you can configure
bandwidth limiting only on the LAN interface for a LAN WAN rule.
Bandwidth limiting does not apply to the DMZ interface.
IPv4 LAN WAN rules
Table 33.
Inbound rules overview (continued)
Setting
Description
Inbound Rules
Page 134 / 414
Firewall Protection
134
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Note:
Some residential broadband ISP accounts do not allow you to run
any server processes (such as a web or FTP server) from your
location. Your ISP might periodically check for servers and might
suspend your account if it discovers any active servers at your
location. If you are unsure, see the acceptable use policy of your
ISP.
Order of Precedence for Rules
As you define a new rule, it is added to a table in a Rules screen as the last item in the list, as
shown in the following figure, which shows the LAN WAN Rules screen for IPv4 as an
example:
Figure 60.
For any traffic attempting to pass through the firewall, the packet information is subjected to
the rules in the order shown in the Rules table, beginning at the top and proceeding to the
bottom. In some cases, the order of precedence of two or more rules might be important in
determining the disposition of a packet. For example, you should place the most strict rules at
the top (those with the most specific services or addresses). The Up and Down table buttons
in the Action column allow you to relocate a defined rule to a new position in the table.
Page 135 / 414
Firewall Protection
135
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Configure LAN WAN Rules
The default outbound policy is to allow all traffic to the Internet to pass through. Firewall rules
can then be applied to block specific types of traffic from going out from the LAN to the
Internet (outbound). This feature is also referred to as service blocking. You can change the
default policy of Allow Always to Block Always to block all outbound traffic, which then allows
you to enable only specific services to pass through the wireless VPN firewall.
To change the default outbound policy for IPv4 traffic or to make changes to existing
IPv4 rules:
1.
Select
Security > Firewall
. The Firewall submenu tabs display with the LAN WAN
Rules screen in view. In the upper right of the screen, the IPv4 radio button is selected
by default. The LAN WAN Rules screen displays the IPv4 settings. (The following figure
contains examples.)
Figure 61.
2.
From the Default Outbound Policy drop-down list, select
Block Always
. (By default, Allow
Always is selected.)
3.
Next to the drop-down list, click the
Apply
table button.
To make changes to an existing outbound or inbound service rule, in the Action column to the
right of to the rule, click one of the following table buttons:
Up
. Moves the rule up one position in the table rank.
Down
. Moves the rule down one position in the table rank.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top