NETGEAR FVS318N Router Manual PDF (Setup & Configuration Guide)

Page 181 / 414 Scroll up to view Page 176 - 180

Firewall Protection

181

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

•

Host 3. MAC address (00:01:02:03:04:07) and IP address (192.168.10.12)

There are three possible scenarios in relation to the addresses in the IP/MAC Bindings table:

•

Host 1 has not changed its IP and MAC addresses. A packet coming from Host 1 has IP

and MAC addresses that match those in the IP/MAC Bindings table.

•

Host 2 has changed its MAC address to 00:01:02:03:04:09. The packet has an IP

address that matches the IP address in the IP/MAC Bindings table but a MAC address

that does not match the MAC address in the IP/MAC Bindings table.

•

Host 3 has changed its IP address to 192.168.10.15. The packet has a MAC address that

matches the MAC address in the IP/MAC Bindings table but an IP address that does not

match the IP address in the IP/MAC Bindings table.

In this example, the wireless VPN firewall blocks the traffic coming from Host 2 and Host 3,

but allows the traffic coming from Host 1 to any external network. The total count of dropped

packets is displayed.

IPv4/MAC Bindings



To set up a binding between a MAC address and an IPv4 address:

1.

Select

Security > Address Filter > IP/MAC Binding

.

In the upper right of the screen,

the IPv4 radio button is selected by default. The IP/MAC Binding screen displays the

IPv4 settings. (The following figure shows a binding in the IP/MAC Binding table as an

example.)

Figure 97.

Page 182 / 414

Firewall Protection

182

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

2.

In the Email IP/MAC Violations section of the screen, specify if you want to enable email

logs for IP/MAC binding violations. (You have to do this only once.) Select one of the

following radio buttons:

•

Yes

. IP/MAC binding violations are emailed. Click the

Firewall Logs & E-mail page

link to ensure that emailing of logs is enabled on the Firewall Logs & E-mail screen

(see

Configure Logging, Alerts, and Event Notifications

on page 338).

•

No

. IP/MAC binding violations are not emailed.

3.

Click

Apply

to save your changes.

4.

In the IP/MAC Bindings sections of the screen, enter the settings as explained in the

following table:

5.

Click the

Add

table button. The new IP/MAC rule is added to the IP/MAC Bindings table.



To edit an IP/MAC binding:

1.

In the IP/MAC Bindings table, click the

Edit

table button to the right of the IP/MAC

binding that you want to edit. The Edit IP/MAC Binding screen displays.

2.

Modify the settings that you wish to change (see the previous table; you can change the

MAC address, IPv4 address, and logging status).

3.

Click

Apply

to save your changes. The modified IP/MAC binding displays in the IP/MAC

Bindings table.



To remove one or more IP/MAC bindings from the table:

1.

Select the check box to the left of each IP/MAC binding that you want to delete, or click

the

Select All

table button to select all bindings.

2.

Click the

Delete

table button.



To change the IPv4 MAC polling interval from its default setting of 10 seconds:

1.

On the IP/MAC Bindings screen for IPv4, to the right of the IP/MAC Binding tab, click the

Set Poll Interval

option arrow. The IP MAC Binding Poll Interval pop-up screen

displays:

Table 38.

IP/MAC Binding screen settings for IPv4

Setting

Description

Name

A descriptive name of the binding for identification and management purposes.

MAC Address

The MAC address of the computer or device that is bound to the IP address.

IP Address

The IPv4 address of the computer or device that is bound to the MAC address.

Log Dropped

Packets

To log the dropped packets, select

Enable

from the drop-down list. The default setting

is Disable.

Page 183 / 414

Firewall Protection

183

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Figure 98.

2.

Click the

Stop

button. Wait until the Poll Interval field becomes available.

3.

Enter new poll interval in seconds.

4.

Click the

Set Interval

button. Wait for the confirmation that the operation has succeeded

before you close the window.

IPv6/MAC Bindings



To set up a binding between a MAC address and an IPv6 address:

1.

Select

Security > Address Filter > IP/MAC Binding

.

2.

In the upper right of the screen, select the

IPv6

radio button. The IP/MAC Binding screen

displays the IPv6 settings. (The following figure shows a binding in the IP/MAC Binding table

as an example.)

Figure 99.

Page 184 / 414

Firewall Protection

184

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

3.

In the Email IP/MAC Violations section of the screen, specify if you want to enable email

logs for IP/MAC binding violations. (You have to do this only once.) Select one of the

following radio buttons:

•

Yes

. IP/MAC binding violations are emailed. Click the

Firewall Logs & E-mail page

link to ensure that emailing of logs is enabled on the Firewall Logs & E-mail screen

(see

Configure Logging, Alerts, and Event Notifications

on page 338).

•

No

. IP/MAC binding violations are not emailed.

4.

Click

Apply

to save your changes.

5.

In the IP/MAC Bindings sections of the screen, enter the settings as explained in the

following table:

6.

Click the

Add

table button. The new IP/MAC rule is added to the IP/MAC Bindings table.



To edit an IP/MAC binding:

1.

In the IP/MAC Bindings table, click the

Edit

table button to the right of the IP/MAC

binding that you want to edit. The Edit IP/MAC Binding screen displays.

2.

Modify the settings that you wish to change (see the previous table; you can change the

MAC address, IPv6 address, and logging status).

3.

Click

Apply

to save your changes. The modified IP/MAC binding displays in the IP/MAC

Bindings table.



To remove one or more IP/MAC bindings from the table:

1.

Select the check box to the left of each IP/MAC binding that you want to delete, or click

the

Select All

table button to select all bindings.

2.

Click the

Delete

table button.



To change the IPv6 MAC polling interval from its default setting of 10 seconds:

1.

On the IP/MAC Bindings screen for IPv6, to the right of the IP/MAC Binding tab, click the

Set Poll Interval

option arrow. The IP MAC Binding Poll Interval (IPv6) pop-up screen

displays:

Table 39.

IP/MAC Binding screen settings for IPv6

Setting

Description

Name

A descriptive name of the binding for identification and management purposes.

MAC Address

The MAC address of the computer or device that is bound to the IP address.

IP Address

The IPv6 address of the computer or device that is bound to the MAC address.

Log Dropped

Packets

To log the dropped packets, select

Enable

from the drop-down list. The default setting

is Disable.

Page 185 / 414

Firewall Protection

185

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Figure 100.

2.

Click the

Stop

button. Wait until the Poll Interval field becomes available.

3.

Enter new poll interval in seconds.

4.

Click the

Set Interval

button. Wait for the confirmation that the operation has succeeded

before you close the window.

Configure Port Triggering

Port triggering allows some applications running on a LAN network to be available to external

applications that would otherwise be partially blocked by the firewall. Using the port-triggering

feature requires that you know the port numbers used by the application.

Note:

Port triggering is supported for IPv4 devices only.

Once configured, port triggering operates as follows:

1.

A computer makes an outgoing connection using a port number that is defined in the

Port Triggering Rules table.

2.

The wireless VPN firewall records this connection, opens the additional incoming port or

ports that are associated with the rule in the port triggering table, and associates them with

the computer.

3.

The remote system receives the computer’s request and responds using the incoming port

or ports that are associated with the rule in the port triggering table on the wireless VPN

firewall.

4.

The wireless VPN firewall matches the response to the previous request and forwards the

response to the computer.

Without port triggering, the response from the external application would be treated as a new

connection request rather than a response to a request from the LAN network. As such, it

would be handled in accordance with the inbound port-forwarding rules, and most likely

would be blocked.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share