Page 61 / 203 Scroll up to view Page 56 - 60
Chapter 4:
Firewall Protection and Content Filtering
|
61
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
To edit a bandwidth profile:
1.
Click the
Edit
link adjacent to the profile you want to edit. The Edit Bandwidth Profile
screen is displayed. (This screen shows the same fields as the Add New Bandwidth
Profile screen.)
2.
Modify the settings that you wish to change.
3.
Click
Apply
. Your modified profile is displayed in the
Bandwidth Profile
table.
To remove an entry from the table, select the profile and click
delete
.
To remove all the profiles, click
select All
and then click
delete
.
Setting a Schedule to Block or Allow Specific Traffic
Schedules define the timeframes under which firewall rules may be applied. Select Security >
Schedules to display the following screen:
Three schedules, Schedule 1, Schedule 2 and Schedule3 can be defined, and any one of
these can be selected when defining firewall rules.
To invoke rules based on a schedule, follow these steps:
1.
Select Security > Schedule to display the Schedule 1 screen.
2.
Check the radio button for
All Days
or
Specific Days
. If you chose
Specific Days
,
check the radio button for each day you want the schedule to be in effect.
3.
Check the radio button to schedule the time of day:
All Day
, or
Specific Times
. If you
chose
Specific Times
, enter the
Start Time
and
End Time
fields (Hour, Minute,
AM/PM), which will limit access during certain times for the selected days.
4.
Click
Apply
to save your settings to Schedule 1.
5.
Repeat these steps to set to a schedule for Schedule 2 and Schedule 3.
Page 62 / 203
62
|
Chapter 4:
Firewall Protection and Content Filtering
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Blocking Internet Sites (Content Filtering)
To restrict internal LAN users from access to certain sites on the Internet, you can use the
VPN firewall’s Content Filtering and Web Components filtering. By default, these features are
disabled; all requested traffic from any website is allowed. If you enable one or more of these
features and users try to access a blocked site, they will see a “Blocked by NETGEAR”
message.
Several types of blocking are available:
Web Components blocking
. You can filter the following Web Component types: Proxy,
Java, ActiveX, and Cookies. For example, by enabling Java filtering, “Java” files will be
blocked. Certain commonly used web components can be blocked for increased security.
Some of these components are can be used by malicious Websites to infect computers
that access them.
-
Proxy
. A proxy server (or simply, proxy) allows computers to route connections to
other computers through the proxy, thus circumventing certain firewall rules. For
example, if connections to a specific IP address are blocked by a firewall rule, the
requests can be routed through a proxy that is not blocked by the rule, rendering the
restriction ineffective. Enabling this feature blocks proxy servers.
-
Java
. Blocks java applets from being downloaded from pages that contain them. Java
applets are small programs embedded in web pages that enable dynamic
functionality of the page. A malicious applet can be used to compromise or infect
computers. Enabling this setting blocks Java applets from being downloaded.
-
ActiveX
. Similar to Java applets, ActiveX controls install on a Windows computer
running Internet Explorer. A malicious ActiveX control can be used to compromise or
infect computers. Enabling this setting blocks ActiveX applets from being
downloaded.
-
Cookies
. Cookies are used to store session information by websites that usually
require login. However, several websites use cookies to store tracking information
and browsing habits. Enabling this option filters out cookies from being created by a
website.
Note:
Many websites require that cookies be accepted in order for the site
to be accessed properly. Blocking cookies may interfere with useful
functions provided by these websites.
Keyword Blocking
(Domain Name Blocking)
. You can specify up to 32 words that,
should they appear in the website name (URL) or in a newsgroup name, will cause that
site or newsgroup to be blocked by the VPN firewall.
You can apply the keywords to one or more groups. Requests from the PCs in the groups
for which keyword blocking has been enabled will be blocked. Blocking does not occur for
the PCs that are in the groups for which keyword blocking has not been enabled.
Page 63 / 203
Chapter 4:
Firewall Protection and Content Filtering
|
63
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
You can bypass Keyword blocking for trusted domains by adding the exact matching
domain to the
Trusted Domains
table. Access to the domains or keywords in the
Trusted Domains
table by PCs, even those in the groups for which keyword blocking
has been enabled, will still be allowed without any blocking.
Keyword application examples:
If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is
blocked, as is the newsgroup alt.pictures.XXX.
If the keyword “.com” is specified, only websites with other domain suffixes (such as .edu
or .gov) can be viewed.
To block all Internet browsing access, enter the keyword “.”.
To enable Content Filtering:
1.
Select Security > Block Sites to display the Block Sites screen.
Page 64 / 203
64
|
Chapter 4:
Firewall Protection and Content Filtering
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
2.
Select
Yes
to enable content filtering.
3.
Click
Apply
to activate the screen controls.
4.
Select any
Web Components
you wish to block and click
Apply.
5.
Select the groups to which keyword blocking will apply, then click
Enable
to activate
keyword blocking (or disable to deactivate keyword blocking).
6.
Enter your list of blocked keywords or domain names in the
Blocked Keyword
fields.
After each entry, click
Add.
The keyword or domain name will be added to the
Blocked
Keywords
table. (You can also edit an entry by clicking
Edit
in the Action column
adjacent to the entry.)
7.
In the
Add Trusted Domain
section of the screen, enter the name(s) of any domain for
which the keyword filtering will be bypassed and click
Add
. The trusted domain will
appear in the
Trusted Domains
table and will be exempt from filtering.
Configuring Source MAC Filtering
Source MAC filtering will drop or allow the Internet-bound traffic received from PCs with
specified MAC addresses.
By default, the source MAC address filter is disabled. Traffic received from any MAC
address is allowed.
When the source MAC address filter is enabled, outbound Internet traffic will be filtered
using the
MAC Addresses
table on this screen. You can choose to block MAC addresses
in the table or to allow only those addresses in the table.
Note:
For additional ways of restricting outbound traffic, see
“Outbound
Rules (Service Blocking)”
on page 44
To enable MAC filtering and add MAC addresses to be blocked:
1.
Select Security > Address Filter from the menu.
Page 65 / 203
Chapter 4:
Firewall Protection and Content Filtering
|
65
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
2.
Select the
Source MAC Filter
tab.
3.
Click
Yes
to enable Source MAC Filtering.
4.
Select the action to be taken on outbound traffic from the listed MAC addresses:
-
Block this list and permit all other MAC addresses.
-
Permit this list and block all other MAC addresses.
5.
Enter a MAC Address in the
Add Source MAC Address
checkbox and click
Add
. The
MAC address will appear in the
MAC Addresses
table. Repeat this process to add
additional MAC addresses.
A valid MAC address is six colon-separated pairs of hexadecimal digits (0 to 9 and a to f).
For example: 01:23:45:ab:cd:ef.
6.
Click
Apply
to save your settings.
You can edit the MAC address by clicking
Edit
in the Action column adjacent to the MAC
address.
To remove an entry from the table, select the MAC address entry and click
Delete
.
To select all the list of MAC addresses, click
Select All
.
A checkmark will appear in the box to
the left of each MAC address in the
MAC Addresses
table
.
Configuring IP/MAC Address Binding
You can configure the VPN firewall to drop packets and generate an alert when a device
appears to have hijacked or spoofed another device’s IP address. An IP address can be
bound to a specific MAC address either by using a DHCP reserved address (see
“Configuring DHCP Address Reservation”
on page 37) or by manually binding on the IP/MAC
Binding screen.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top