1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVX538
    5. /
  5. 18
Page 86 / 240 Scroll up to view Page 81 - 85
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-26
Firewall Protection and Content Filtering
v1.0, March 2009
To define a new service, first you must determine which port number or range of numbers is used
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups of newsgroups. When you have the port number information, you
can enter it on the
Services
screen.
To add a customized service:
1.
Select
Security
from the main menu and
Services
from the submenu. The
Services
screen will
display.
2.
In the
Add Custom Service
table, enter a descriptive name for the service (this is for your
convenience).
Figure 4-16
Page 87 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-27
v1.0, March 2009
3.
Select the Layer 3 Protocol that the service uses as its transport protocol. It can be TCP, UDP
or ICMP.
4.
Enter the first TCP or UDP port of the range that the service uses. If the service uses only one
port, then the Start Port and the Finish Port will be the same.
5.
Enter the last port of the range that the service uses. If the service only uses a single port
number, enter the same number in both fields.
6.
Click
Add
. The new custom service will be added to the Custom Services Table.
To edit the parameters of a service:
1.
In the Custom Services Table, click the
Edit
icon adjacent to the service you want to edit. The
Edit Service
screen will display.
2.
Modify the parameters you wish to change.
3.
Click
Reset
to cancel the changes and restore the previous settings.
4.
Click
Apply
to confirm your changes. The modified service will display in the Custom
Services Table.
Setting Quality of Service (QoS) Priorities
The Quality of Service (QoS) Priorities setting determines the priority of a service, which in turn,
determines the quality of that service for the traffic passing through the firewall. The user can
change this priority
On the
Services
screen in the Custom Services Table for customized services (see
Figure 4-
16
).
On the
Add LAN WAN Outbound Services
screen (see
Figure 4-3
.)
On the
Add DMZ WAN Outbound Services
screen (see
Figure 4-5
)
The QoS priority definition for a service determines the queue that is used for the traffic passing
through the VPN firewall. A priority is assigned to IP packets using this service. Priorities are
defined by the “Type of Service (ToS) in the Internet Protocol Suite” standards, RFC 1349. A ToS
priority for traffic passing through the VPN firewall is one of the following:
Normal-Service:
No special priority given to the traffic. The IP packets for services with this
priority are marked with a ToS value of 0.
Minimize-Cost:
Used when data has to be transferred over a link that has a lower “cost”. The
IP packets for services with this priority are marked with a ToS value of 1.
Page 88 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-28
Firewall Protection and Content Filtering
v1.0, March 2009
Maximize-Reliability:
Used when data needs to travel to the destination over a reliable link
and with little or no retransmission. The IP packets for services with this priority are marked
with a ToS value of 2.
Maximize-Throughput
: Used when the volume of data transferred during an interval is
important even if the latency over the link is high. The IP packets for services with this priority
are marked with a ToS value of 4.
Minimize-Delay:
Used when the time required (latency) for the packet to reach the
destination must be low. The IP packets for services with this priority are marked with a ToS
value of 8.
Setting a Schedule to Block or Allow Specific Traffic
Schedules define the timeframes under which firewall rules may be applied.
Three schedules, Schedule 1, Schedule 2 and Schedule3 can be defined, and any one of these can
be selected when defining firewall rules.
To invoke rules based on a schedule, follow these steps:
1.
Select
Security
from the main menu and
Schedule
from the sub-menu. The
Schedule 1
screen
will display.
Figure 4-17
Page 89 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-29
v1.0, March 2009
2.
Check the radio button for All Days or Specific Days. If you chose Specific Days, check the
radio button for each day you want the schedule to be in effect.
3.
Check the radio button to schedule the time of day: All Day, or Specific Times. If you chose
Specific Times, enter the Start Time and End Time fields (Hour, Minute, AM/PM), which will
limit access during certain times for the selected days.
4.
Click
Apply
to save your settings to
Schedule 1.
Repeat these steps to set to a schedule for
Schedule 2
and
Schedule 3.
Setting Block Sites (Content Filtering)
If you want to restrict internal LAN users from access to certain sites on the Internet, you can use
the VPN firewall’s Content Filtering and Web Components filtering. By default, these features are
disabled; all requested traffic from any Web site is allowed. If you enable one or more of these
features and users try to access a blocked site, they will see a “Blocked by NETGEAR” message.
Several types of blocking are available:
Web Components
blocking. You can block the following Web component types: Proxy, Java,
ActiveX, and Cookies. Even sites on the Trusted Domains list will be subject to Web
Components blocking when the blocking of a particular Web component is enabled.
Keyword Blocking
(Domain Name Blocking). You can specify up to 32 words that, should
they appear in the Web site name (URL) or in a newsgroup name, will cause that site or
newsgroup to be blocked by the VPN firewall.
You can apply the keywords to one or more groups. Requests from the PCs in the groups for
which keyword blocking has been enabled will be blocked. Blocking does not occur for the
PCs that are in the groups for which keyword blocking has not been enabled.
You can bypass Keyword blocking for trusted domains by adding the exact matching domain
to the list of Trusted Domains. Access to the domains or keywords on this list by PCs, even
those in the groups for which keyword blocking has been enabled, will still be allowed without
any blocking.
Keyword application examples:
If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is blocked,
as is the newsgroup alt.pictures.XXX.
If the keyword “.com” is specified, only Web sites with other domain suffixes (such as .edu or
.gov) can be viewed.
Page 90 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-30
Firewall Protection and Content Filtering
v1.0, March 2009
If you wish to block all Internet browsing access, enter the keyword “.”.
To enable Content Filtering:
1.
Select
Security
from the main menu and
Block Sites
from the sub-menu. The
Block Sites
screen will display.
2.
Check the
Yes
radio button to enable Content Filtering.
3.
Check the radio boxes of any Web Components you wish to block.
4.
Check the radio buttons of the groups to which you wish to apply Keyword Blocking. Click
Enable
to activate Keyword blocking (or disable to deactivate Keyword Blocking).
5.
Build your list of blocked Keywords or Domain Names in the
Blocked Keyword
fields. After
each entry, click
Add.
The Keyword or Domain name will be added to the
Blocked Keywords
table. (You can also edit an entry by clicking
Edit
in the Action column adjacent to the entry.)
6.
Build a list of Trusted Domains in the
Trusted Domains
fields. After each entry, click
Add.
The Trusted Domain will appear in the
Trusted Domains
table. (You can also edit any entry
by clicking
Edit
in the Action column adjacent to the entry.)
7.
Click
Apply
to save your settings.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top