1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 34
Page 166 / 414 Scroll up to view Page 161 - 165
Firewall Protection
166
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Set Limits for IPv4 Sessions
The session limits feature allows you to specify the total number of sessions that are allowed,
per user, over an IPv4 connection across the wireless VPN firewall. The session limits feature
is disabled by default.
To enable and configure session limits:
1.
Select
Security > Firewall > Session Limit
.
The Session Limit screen displays:
Figure 88.
2.
Select the
Yes
radio button under Do you want to enable Session Limit?
3.
Enter the settings as explained in the following table:
Table 35.
Session Limit screen settings
Setting
Description
Session Limit
User Limit Parameter
From the User Limit Parameter drop-down list, select one of the following options:
Percentage of Max Sessions
. A percentage of the total session connection
capacity of the wireless VPN firewall.
Number of Sessions
. An absolute number of maximum sessions.
User Limit
Enter a number to indicate the user limit. Note the following:
• If the User Limit Parameter is set to Percentage of Max Sessions, the number
specifies the maximum number of sessions that are allowed from a single-source
device as a percentage of the total session connection capacity of the wireless
VPN firewall. (The session limit is per-device based.)
• If the User Limit Parameter is set to Number of Sessions, the number specifies
an absolute value.
Note:
Some protocols such as FTP and RSTP create two sessions per connection,
which should be considered when configuring a session limit.
Page 167 / 414
Firewall Protection
167
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
4.
Click
Apply
to save your settings.
Manage the Application Level Gateway for SIP Sessions
The application level gateway (ALG) facilitates multimedia sessions such as voice over IP
(VoIP) sessions that use the Session Initiation Protocol (SIP) across the firewall and provides
support for multiple SIP clients. SIP support for the ALG, which is an IPv4 feature, is disabled
by default.
To enable ALG for SIP:
1.
Select
Security > Firewall > Advanced
.
The Advanced screen displays:
Figure 89.
2.
Select the
Enable SIP ALG
check box.
3.
Click
Apply
to save your settings.
Total Number of
Packets Dropped due
to Session Limit
This is a nonconfigurable counter that displays the total number of dropped packets
when the session limit is reached.
Session Timeout
TCP Timeout
For each protocol, specify a time-out in seconds. A session expires if no data for
the session is received for the duration of the time-out period. The default time-out
periods are 1800 seconds for TCP sessions, 120 seconds for UDP sessions, and
60 seconds for ICMP sessions.
UDP Timeout
ICMP Timeout
Table 35.
Session Limit screen settings (continued)
Setting
Description
Page 168 / 414
Firewall Protection
168
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Services, Bandwidth Profiles, and QoS Profiles
When you create inbound and outbound firewall rules, you use firewall objects such as
services, QoS profiles, bandwidth profiles, and schedules to narrow down the firewall rules:
Services
. A service narrows down the firewall rule to an application and a port number.
For information about adding services, see
Add Customized Services
on page 168.
Bandwidth profiles
. A bandwidth profile allocates and limits traffic bandwidth for the LAN
users to which an IPv4 firewall rule is applied. For information about creating bandwidth
profiles, see
Create Bandwidth Profiles
on page 171.
QoS profiles
. A Quality of Service (QoS) profile defines the relative priority of an IP
packet for traffic that matches the firewall rule. For information about QoS profiles, see
Preconfigured Quality of Service Profiles
on page 173.
Note:
A schedule narrows down the period during which a firewall rule is
applied. For information about specifying schedules, see
Set a
Schedule to Block or Allow Specific Traffic
on page 178.
Add Customized Services
Services are functions performed by server computers at the request of client computers. You
can configure up to 124 custom services.
For example, web servers serve web pages, time servers serve time and date information,
and game hosts serve data about other players’ moves. When a computer on the Internet
sends a request for service to a server computer, the requested service is identified by a
service or port number. This number appears as the destination port number in the
transmitted IP packets. For example, a packet that is sent with destination port number 80 is
an HTTP (web server) request.
The service numbers for many common protocols are defined by the Internet Engineering
Task Force (IETF) and published in RFC 1700,
Assigned Numbers
. Service numbers for
other applications are typically chosen from the range 1024 to 65535 by the authors of the
application. However, on the wireless VPN firewall you can select service numbers in the
range from 1 to 65535.
Although the wireless VPN firewall already holds a list of many service port numbers, you are
not limited to these choices. Use the Services screen to add additional services and
applications to the list for use in defining firewall rules. The Services screen shows a list of
services that you have defined, as shown in the following figure.
To define a new service, you need to determine first which port number or range of numbers
is used by the application. You can usually determine this information by contacting the
publisher of the application, user groups, or newsgroups. When you have the port number
information, you can enter it on the Services screen.
Page 169 / 414
Firewall Protection
169
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
To add a customized service:
1.
Select
Security > Services
. The Services screen displays. The Custom Services table
shows the user-defined services. (The following figure shows some examples.)
Figure 90.
2.
In the Add Customer Service section of the screen, enter the settings as explained in the
following table:
Table 36.
Services screen settings
Setting
Description
Name
A descriptive name of the service for identification and management purposes.
Type
From the Type drop-down list, select the Layer 3 protocol that the service uses as its
transport protocol:
• TCP
• UDP
• ICMP
• ICMPv6
ICMP Type
A numeric value that can range between 0 and 40. For a list of ICMP types, see
.
Note:
This field is enabled only when you select ICMP or ICMPv6 from the Type
drop-down list.
Start Port
The first TCP or UDP port of a range that the service uses.
Note:
This field is enabled only when you select TCP or UDP from the Type drop-down list.
Page 170 / 414
Firewall Protection
170
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
3.
Click
Apply
to save your settings. The new custom service is added to the Custom Services
table.
To edit a service:
1.
In the Custom Services table, click the
Edit
table button to the right of the service that
you want to edit. The Edit Service screen displays:
Figure 91.
2.
Modify the settings that you wish to change (see the previous table).
3.
Click
Apply
to save your changes. The modified service is displayed in the Custom Services
table.
To delete one or more services:
1.
In the Custom Services table, select the check box to the left of each service that you
want to delete, or click the
Select All
table button to select all services.
2.
Click the
Delete
table button.
Finish Port
The last TCP or UDP port of a range that the service uses. If the service uses only a single
port number, enter the same number in the Start Port and Finish Port fields.
Note:
This field is enabled only when you select TCP or UDP from the Type drop-down list.
Default QoS
Priority
From the Default QoS Priority drop-down list, select the QoS profile that you want to assign
to the service. For more information about QoS profiles, see
Preconfigured Quality of
Service Profiles
on page 173.
Table 36.
Services screen settings (continued)
Setting
Description

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top