1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS338
    5. /
  5. 14
Page 66 / 178 Scroll up to view Page 61 - 65
FVS338 ProSafe VPN Firewall 50 Reference Manual
4-8
Firewall Protection and Content Filtering
v1.0, September 2006
Down
– to move the rule down one position in the table rank.
2.
Check the radio box adjacent to the rule and click:
Click
Disable
to disable the rule. The “!” Status icon will change from green to grey,
indicating that the rule is disabled. (By default, when a rule is added to the table it is
automatically enabled.)
Click
Delete
to delete the rule.
3.
Click
Select All
to select all rules. A check will appear in the radio box for each rule.
LAN WAN Outbound Services Rules
You may define additional rules that will specify exceptions to the default rules. By adding custom
rules, you can block or allow access based on the service or application, source or destination IP
addresses, and time of day.
You can also tailor these rules to your specific needs (see
“Administrator Information” on page 4-
31
).
To create a new outbound service rule:
1.
Click
Add
under the Outbound Services Table. The
Add LAN WAN Outbound Service
screen will display.
2.
Complete the Outbound Service screen, and save the data (see
Table 4-1 on page 4-3
).
3.
Click
Reset
to cancel your settings and return to the previous settings.
4.
Click
Apply
to save your changes and reset the fields on this screen. The new rule will be
listed on the
Outbound Services
table.
Note:
This feature is for Advanced Administrators only! Incorrect configuration will
cause serious problems.
Page 67 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
Firewall Protection and Content Filtering
4-9
v1.0, September 2006
.
LAN WAN Inbound Services Rules
This Inbound Services Rules table lists all existing rules for inbound traffic. If you have not
defined any rules, no rules will be listed. By default, all inbound traffic is blocked.
WAN Users
:
Whether all WAN addresses or specific IP addresses are included in the rule.
To create a new inbound service rule:
1.
Click
Add
under the Inbound Services Table. The
Add LAN WAN Inbound Service
screen
will display.
2.
Complete the Add WAN LAN Inbound Services screen (see
Table 4-2 on page 4-5
).
3.
Click
Reset
to cancel your settings and return to the previous settings.
4.
Click
Apply
to save your changes and reset the fields on this screen. The new rule will be
listed on the
Inbound Services
table.
5.
Click
Apply
to save your settings. The new rule will be added to the
Inbound Services table.
Figure 4-3
Page 68 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
4-10
Firewall Protection and Content Filtering
v1.0, September 2006
Attack Checks
This screen allows you to specify whether or not the router should be protected against common
attacks in the LAN and WAN networks. The various types of attack checks are listed on the
Attack Checks
screen and defined below:
WAN Security Checks
Respond To Ping On Internet Ports
. When enabled, the router will respond to a “Ping”
from the Internet. This can be used as a diagnostic tool and shouldn’t be used unless you
have a specific diagnostic reason to do so.
Enable Stealth Mode
. If enabled, the router will not respond to port scans from the WAN,
thus making it less susceptible to discovery and attacks.
Block TCP Flood.
A SYN flood is a form of denial of service attack in which an attacker
sends a succession of SYN requests to a target system. When the system responds, the
attacker doesn’t complete the connections, thus leaving the connection half-open and
flooding the server with SYN messages. No legitimate connections can then be made.
When enabled, the router will drop all invalid TCP packets and will be protected from a
SYN flood attack.
Figure 4-4
Page 69 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
Firewall Protection and Content Filtering
4-11
v1.0, September 2006
LAN Security Checks.
A UDP flood is a form of denial of service attack that can be initiated
when one machine sends a large number of UDP packets to random ports on a remote host. As
a result, the distant host will (1) check for the application listening at that port, (2) verify that
no application is listening at that port, and then (3) reply with an ICMP Destination
Unreachable packet.
When the victimized system is flooded, it is forced to send many ICMP packets, eventually
making it unreachable by other clients. The attacker may also spoof the IP address of the UDP
packets, ensuring that the excessive ICMP return packets do not reach him, thus making the
attacker’s network location anonymous.
If enabled, the router will not accept more than 20 simultaneous, active UDP connections from
a single computer on the LAN.
VPN Pass through
. When the router is in NAT mode, all packets going to the Remote VPN
Gateway are first filtered through NAT and then encrypted per the VPN policy.
For example, if a VPN Client or Gateway on the LAN side of this router wants to connect to
another VPN endpoint on the WAN (placing this router between two VPN end points),
encrypted packets will be sent to this router. Since this router filters the encrypted packets
through NAT, the packets will become invalid unless VPN Pass through is enabled.
When enabled, the VPN tunnel will pass the VPN traffic without any filtering. Tunnels can be
IPSec
PPTP
L2TP
To select the appropriate checkbox for your requirement:
1.
Select
Security
from the main menu,
Firewall Rules
from the submenu and then the
Attack
Checks
tab. The
Attack Checks
screen will display.
2.
Check the radio boxes of the Attack Checks you wish to initiate.
3.
Click
Apply
to save your settings
Page 70 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
4-12
Firewall Protection and Content Filtering
v1.0, September 2006
.
Inbound Rules Examples
Hosting A Local Public Web Server
If you host a public Web server on your local network, you can define a rule to allow inbound Web
(HTTP) requests from any outside IP address to the IP address of your Web server at any time of
day. This rule is shown in
Figure 4-6
:
Figure 4-5
Figure 4-6

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top