1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 64
Page 316 / 414 Scroll up to view Page 311 - 315
Network and System Management
316
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
WAN users
.
You can specify which Internet locations are covered by an outbound rule,
based on their IP address:
-
Any
. The rule applies to all Internet IP address.
-
Single address
. The rule applies to a single Internet IP address.
-
Address range
. The rule applies to a range of Internet IP addresses.
Schedule
. You can configure three different schedules to specify when a rule is applied.
Once a schedule is configured, it affects all rules that use this schedule. You specify the
days of the week and time of day for each schedule. For more information, see
Set a
Schedule to Block or Allow Specific Traffic
on page 178.
QoS profile
. You can apply QoS profiles to outbound rules to regulate the priority of
traffic. For information about QoS profiles, see
Preconfigured Quality of Service Profiles
on page 173.
Bandwidth profile
. You can define bandwidth profiles and then apply them outbound
LAN WAN rules to limit traffic. (You cannot apply bandwidth profiles to DMZ WAN rules.)
For information about how to define bandwidth profiles, see
Create Bandwidth Profiles
on
page 171.
Content Filtering
If you want to reduce traffic by preventing access to certain sites on the Internet, you can use
the wireless VPN firewall’s content-filtering feature. By default, this feature is disabled; all
requested traffic from any website is allowed with the exception of web content categories
that are mentioned in
Configure Content Filtering
on page 174.
The wireless VPN firewall provides the following methods to filter web content in order to
reduce traffic:
Keyword blocking
.
You can specify words that, should they appear in the website name
(URL) or newsgroup name, cause that site or newsgroup to be blocked by the wireless
VPN firewall.
Web object blocking
. You can block the following web component types: embedded
objects (ActiveX and Java), proxies, and cookies.
To further narrow down the content filtering, you can configure groups to which the
content-filtering rules apply and trusted domains for which the content-filtering rules do not
apply.
Source MAC Filtering
If you want to reduce outgoing traffic by preventing Internet access by certain computers on
the LAN, you can use the source MAC filtering feature to drop the traffic received from the
computers with the specified MAC addresses. By default, this feature is disabled; all traffic
received from computers with any MAC address is allowed. See
Enable Source MAC
Filtering
on page 179 for the procedure on how to use this feature.
Page 317 / 414
Network and System Management
317
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Features That Increase Traffic
The following features of the wireless VPN firewall tend to increase the traffic load on the
WAN side:
LAN WAN inbound rules (also referred to as port forwarding)
DMZ WAN inbound rules (also referred to as port forwarding)
Port triggering
Enabling the DMZ port
Configuring exposed hosts
Configuring VPN tunnels
LAN WAN Inbound Rules and DMZ WAN Inbound Rules (Port Forwarding)
The LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for
inbound traffic (from WAN to LAN and from WAN to the DMZ). If you have not defined any
rules, only the default rule is listed. The default rule blocks all access from outside except
responses to requests from the LAN side. Any inbound rule that you create allows additional
incoming traffic and therefore increases the traffic load on the WAN side.
WARNING:
This feature is for advanced administrators. Incorrect
configuration might cause serious problems.
Each rule lets you specify the desired action for the connections covered by the rule:
BLOCK always
BLOCK by schedule, otherwise allow
ALLOW always
ALLOW by schedule, otherwise block
The following section summarizes the various criteria that you can apply to inbound rules and
that might increase traffic. For more information about inbound rules, see
Inbound Rules
(Port Forwarding)
on page 130. For detailed procedures on how to configure inbound rules,
see
Configure LAN WAN Rules
on page 135 and
Configure DMZ WAN Rules
on page 142.
When you define inbound firewall rules, you can further refine their application according to
the following criteria:
Services
. You can specify the services or applications to be covered by an inbound rule.
If the desired service or application does not display in the list, you need to define it using
the Services screen (see
Inbound Rules (Port Forwarding)
on page 130 and
Add
Customized Services
on page 168).
WAN destination IP address
. You can specify the destination IP address for incoming
traffic. Traffic is directed to the specified address only when the destination IP address of
the incoming packet matches the IP address of the selected WAN interface.
Page 318 / 414
Network and System Management
318
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
LAN users
.
You can specify which computers on your network are affected by an
inbound rule. There are several options:
-
Any
.
The rule applies to all computers and devices on your LAN.
-
Single address
.
The rule applies to the address of a particular computer.
-
Address range
. The rule applies to a range of addresses.
-
Groups
.
The rule is applied to a group of computers. (You can configure groups for
LAN WAN outbound rules but not for DMZ WAN outbound rules.) The Known PCs
and Devices table is an automatically maintained list of all known computers and
network devices and is generally referred to as the network database, which is
described in
Manage the Network Database
on page 65. Computers and network
devices are entered into the network database by various methods, which are
described in
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
on page 64.
WAN users
.
You can specify which Internet locations are covered by an inbound rule,
based on their IP address:
-
Any
. The rule applies to all Internet IP address.
-
Single address
. The rule applies to a single Internet IP address.
-
Address range
. The rule applies to a range of Internet IP addresses.
Schedule
. You can configure three different schedules to specify when a rule is applied.
Once a schedule is configured, it affects all rules that use this schedule. You specify the
days of the week and time of day for each schedule. For more information, see
Set a
Schedule to Block or Allow Specific Traffic
on page 178.
Bandwidth profile
. You can define bandwidth profiles and then apply them to inbound
LAN WAN rules to limit traffic. (You cannot apply bandwidth profiles to DMZ WAN rules.)
For information about how to define bandwidth profiles, see
Create Bandwidth Profiles
on
page 171.
Port Triggering
Port triggering allows some applications running on a LAN network to be available to external
applications that would otherwise be partially blocked by the firewall. Using the port-triggering
feature requires that you know the port numbers used by the application. Without port
triggering, the response from the external application would be treated as a new connection
request rather than a response to a request from the LAN network. As such, it would be
handled in accordance with the inbound port-forwarding rules, and most likely would be
blocked.
For the procedure on how to configure port triggering, see
Configure Port Triggering
on
page 185.
DMZ Port
The demilitarized zone (DMZ) is a network that, by default, has fewer firewall restrictions
when compared to the LAN. The DMZ can be used to host servers (such as a web server,
FTP server, or email server) and provide public access to them. The eighth LAN port on the
wireless VPN firewall (the rightmost LAN port) can be dedicated as a hardware DMZ port to
Page 319 / 414
Network and System Management
319
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
safely provide services to the Internet without compromising security on your LAN. By
default, the DMZ port and both inbound and outbound DMZ traffic are disabled. Enabling the
DMZ port and allowing traffic to and from the DMZ increases the traffic through the WAN
ports.
For information about how to enable the DMZ port, see
Enable and Configure the DMZ Port
for IPv4 and IPv6 Traffic
on page 82. For the procedures about how to configure DMZ traffic
rules, see
Configure DMZ WAN Rules
on page 142.
Exposed Hosts
Specifying an exposed host allows you to set up a computer or server that is available to
anyone on the Internet for services that you have not yet defined. For an example of how to
set up an exposed host, see
IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Specifying an
Exposed Host
on page 159.
VPN and L2TP Tunnels
The wireless VPN firewall supports site-to-site IPSec VPN tunnels, dedicated SSL VPN
tunnels, and L2TP tunnels. Each tunnel requires extensive processing for encryption and
authentication, thereby increasing traffic through the WAN ports.
For information about IPSec VPN tunnels, see
Chapter 6, Virtual Private Networking
Using IPSec and L2TP Connections
. For information about SSL VPN tunnels, see
Chapter 7,
Virtual Private Networking Using SSL Connections
.
Use QoS and Bandwidth Assignment to Shift the Traffic Mix
By setting the QoS priority and assigning bandwidth profiles to firewall rules, you can shift the
traffic mix to aim for optimum performance of the wireless VPN firewall.
Set QoS Priorities
The QoS priority settings determine the quality of service for the traffic passing through the
wireless VPN firewall. You can assign a QoS priority to LAN WAN and DMZ WAN outbound
firewall rules. The QoS is set individually for each firewall rule. You can change the mix of
traffic through the WAN ports by granting some services a higher priority than others:
You can accept the default priority defined by the service itself by not changing its QoS
priority.
You can change the priority to a higher or lower value than its default setting to give the
service higher or lower priority than it otherwise would have.
For more information about QoS profiles, see
Preconfigured Quality of Service Profiles
on
page 173.
Page 320 / 414
Network and System Management
320
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Assign Bandwidth Profiles
When you set the QoS priority, the WAN bandwidth does not change. You change the WAN
bandwidth that is assigned to a service or application by applying a bandwidth profile to a
LAN WAN inbound or outbound rule. The purpose of bandwidth profiles is to provide a
method for allocating and limiting traffic, thus allocating LAN users sufficient bandwidth while
preventing them from consuming all the bandwidth on your WAN links.
For more information about bandwidth profiles, see
Create Bandwidth Profiles
on page 171.
Monitoring Tools for Traffic Management
The wireless VPN firewall includes several tools that can be used to monitor the traffic
conditions of the firewall and content-filtering engine and to monitor the users’ access to the
Internet and the types of traffic that they are allowed to have. See
Chapter 10, Monitor
System Access and Performance
, for a description of these tools.
System Management
System management tasks are described in the following sections:
Change Passwords and Administrator and Guest Settings
Configure Remote Management Access
Use a Simple Network Management Protocol Manager
Manage the Configuration File
Update the Firmware
Configure Date and Time Service
Change Passwords and Administrator and Guest Settings
The default administrator and default guest passwords for the web management interface are
both password. NETGEAR recommends that you change the password for the administrator
account to a more secure password, and that you configure a separate secure password for
the guest account.
Note:
For general information about user accounts, passwords, and login
settings, see
Configure User Accounts
on page 296 and
Set User
Login Policies
on page 299.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top