1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVX538
    5. /
  5. 14
Page 66 / 240 Scroll up to view Page 61 - 65
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-6
Firewall Protection and Content Filtering
v1.0, March 2009
Inbound Rules (Port Forwarding)
Because the FVX538 uses Network Address Translation (NAT), your network presents only one
IP address to the Internet and outside users cannot directly address any of your local computers.
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule tells the firewall to direct inbound
traffic for a particular service to one local server based on the destination port number. This is also
known as port forwarding.
Whether or not DHCP is enabled, how the PCs will access the server’s LAN address impacts the
Inbound Rules. For example:
If your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP
address may change periodically as the DHCP lease expires. Consider using
Dyamic DNS
(under Network Configuration) so that external users can always find your network (see
“Configuring Dynamic DNS (If Needed)” on page 2-14
.
If the IP address of the local server PC is assigned by DHCP, it may change when the PC is
rebooted. To avoid this, use the Reserved IP address feature in the
LAN Groups
menu (under
Network Configuration) to keep the PC’s IP address constant (see
“Setting Up Address
Reservation” on page 3-9
.
Bandwidth Profile
Bandwidth Limiting determines the way in which the data is sent to/from your host.
The purpose of bandwidth limiting is to provide a solution for limiting the outgoing/
incoming traffic, thus preventing the LAN users for consuming all the bandwidth of
our internet link. Bandwidth Limiting for outbound traffic will be done on the available
WAN interface in the single port and Auto-Failover modes. The limiting will be done
on the user-specified interface in Load Balancing mode. The bandwidth limiting for
inbound traffic will be done on the LAN interface for all WAN modes. Bandwidth
Limiting will not apply to the DMZ interface.
Log
This determines whether packets covered by this rule are logged. Select the desired
action:
Always – always log traffic considered by this rule, whether it matches or not. This
is useful when debugging your rules.
Never – never log traffic considered by this rule, whether it matches or not.
Table 4-2.
Outbound Rules (continued)
Item
Description
Page 67 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-7
v1.0, March 2009
Local PCs must access the local server using the PCs’ local LAN address. Attempts by local
PCs to access the server using the external WAN IP address will fail.
Note:
See
“Port Triggering” on page 4-35
for yet another way to allow certain types
of inbound traffic that would otherwise be blocked by the firewall.
Table 4-3.
Inbound Rules
Item
Description
Services
Select the desired Service or application to be covered by this rule. If the desired
service or application does not appear in the list, you must define it using the
Services menu (see
“Adding Customized Services” on page 4-25
).
Action (Filter)
Select the desired action for packets covered by this rule:
BLOCK always
BLOCK by schedule, otherwise Allow
ALLOW always
ALLOW by schedule, otherwise Block
Note
: Any inbound traffic which is not allowed by rules you create will be blocked by
the Default rule.
Action (Select
Schedule)
Select the desired time schedule (i.e., Schedule1, Schedule2, or Schedule3) that will
be used by this rule (see
“Setting a Schedule to Block or Allow Specific Traffic” on
page 4-28
).
This drop down menu gets activated only when “BLOCK by schedule, otherwise
Allow” or “ALLOW by schedule, otherwise Block” is selected as Action.
Use schedule page to configure the time schedules.
LAN Server or DMZ
Server
This LAN address or DMZ Server address determines which computer on your
network is hosting this service rule. (You can also translate this address to a port
number.)
Translate to Port
Number
Check the “Translate to Port Number” and enter a port number if you want to assign
the LAN Server to a specific port.
WAN Users
These settings determine which Internet locations are covered by the rule, based on
their IP addresses. Select the desired option:
Any – All Internet IP address are covered by this rule.
Single address – Enter the required address in the start field.
Address range – If this option is selected, you must enter the start and end fields.
WAN Destination IP
Address
This setting determines the destination IP address applicable to incoming traffic.
This is the public IP address that will map to the internal LAN server; it can either be
the address of the WAN1 or WAN2 ports or another public IP address
.
Page 68 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-8
Firewall Protection and Content Filtering
v1.0, March 2009
Remember that allowing inbound services opens holes in your VPN firewall. Only enable those
ports that are necessary for your network. It is also advisable to turn on the server application
security and invoke the user password or privilege levels, if provided.
Bandwidth Profile
Bandwidth Limiting determines the way in which the data is sent to/from your host.
The purpose of bandwidth limiting is to provide a solution for limiting the outgoing/
incoming traffic, thus preventing the LAN users for consuming all the bandwidth of
our internet link. Bandwidth Limiting for outbound traffic will be done on the available
WAN interface in the single port and Auto-Failover modes. The limiting will be done
on the user-specified interface in Load Balancing mode. The bandwidth limiting for
inbound traffic will be done on the LAN interface for all WAN modes. Bandwidth
Limiting will not apply to the DMZ interface.
Log
This determines whether packets covered by this rule are logged. Select the desired
action:
Always – Always log traffic considered by this rule, whether it matches or not. This
is useful when debugging your rules.
Never – Never log traffic considered by this rule, whether it matches or not.
Note:
Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to the Acceptable Use
Policy of your ISP.
Table 4-3.
Inbound Rules (continued)
Item
Description
Page 69 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-9
v1.0, March 2009
Order of Precedence for Rules
As you define new rules, they are added to the tables in the Rules menu as the last item in the list,
as shown in
Figure 4-1
:
For any traffic attempting to pass through the firewall, the packet information is subjected to the
rules in the order shown in the Rules Table, beginning at the top and proceeding to the bottom. In
some cases, the order of precedence of two or more rules may be important in determining the
disposition of a packet. For example, you should place the most strict rules at the top (those with
the most specific services or addresses). The
Up
and
Down
button allows you to relocate a defined
rule to a new position in the table.
Setting LAN WAN Rules
The Default Outbound Policy is to allow all traffic to the Internet to pass through. Firewall rules
can then be applied to block specific types of traffic from going out from the LAN to the Internet
(Outbound). The default policy of Allow Always can be changed to block all outbound traffic
which then allows you to enable only specific services to pass through the router.
To change the Default Outbound Policy:
1.
Select
Security
from the main menu and
Firewall Rules
from the submenu. The
LAN WAN
Rules
screen will display.
Figure 4-1
Page 70 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-10
Firewall Protection and Content Filtering
v1.0, March 2009
2.
Change the
Default Outbound Policy
by selecting Block Always from the drop-down menu
and click
Apply
.
To make changes to an existing outbound or inbound service rule:
1.
In the
Action
column adjacent to the rule click:
Edit
– to make any changes to the rule definition of an existing rule. The Outbound
Service screen will display containing the data for the selected rule (see
Figure 4-3 on
page 4-11
).
Up
– to move the rule up one position in the table rank.
Down
– to move the rule down one position in the table rank.
2.
Check the radio box adjacent to the rule and click:
Click
Disable
to disable the rule. The “!” Status icon will change from green to grey,
indicating that the rule is disabled. (By default, when a rule is added to the table it is
automatically enabled.)
Click
Delete
to delete the rule.
3.
Click
Select All
to select all rules. A check will appear in the radio box for each rule.
Figure 4-2

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top