1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVX538
    5. /
  5. 19
Page 91 / 240 Scroll up to view Page 86 - 90
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-31
v1.0, March 2009
Enabling Source MAC Filtering
Source MAC Filter allows you to filter out traffic coming from certain known machines or
devices.
By default, the source MAC address filter is disabled. All the traffic received from PCs with
any MAC address is allowed.
Figure 4-18
Page 92 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-32
Firewall Protection and Content Filtering
v1.0, March 2009
When enabled, traffic will be dropped coming from any computers or devices whose MAC
addresses are listed in
Available MAC Addresses to be Blocked
table.
To enable MAC filtering and add MAC addresses to be blocked:
1.
Select
Security
from the main menu and
Source MAC Filter
from the sub-menu. The
Source
MAC Filter
screen will display.
2.
Check the Yes radio box in the
MAC Filtering Enable
section.
3.
Build your list of Source MAC Addresses to be block by entering the first MAC address in the
MAC Address
field in the form xx:xx:xx:xx:xx:xx where x is a numeric (0 to 9) or an
alphabet between and a and f (inclusive), for example: 00:e0:4c:69:0a:
4.
Click
Add.
The Mac Address will be added to the
Available MAC Addresses to be Blocked
table. (You can edit the MAC address by clicking
Edit
in the Action column adjacent to the
MAC Address.)
5.
Click
Reset
to cancel a MAC address entry before adding it to the table.
Figure 4-19
Note:
For additional ways of restricting outbound traffic, see
“Outbound Rules
(Service Blocking)” on page 4-3
Page 93 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-33
v1.0, March 2009
6.
Click
Apply
to save your settings.
To remove an entry from the table, select the MAC address entry and click
Delete
.
To select all the list of MAC addresses, click
Select All.
A checkmark will appear in the box to the
left of each MAC address in the
Available MAC Addresses to be Blocked
table
.
IP/MAC Binding
IP/MAC Binding allows you to bind an IP address to a MAC address and vice-versa. Some
machines are configured with static addresses. To prevent users from changing their static IP
addresses, IP/MAC Binding must be enabled on the router. If the router sees packets with a
matching IP address, but with the inconsistent MAC address (or vice-versa), it will drop these
packets. If users have enabled the logging option for IP/MAC Binding, these packets will be
logged before they are dropped. The router will then display the total number of dropped packets
that violated either the IP-to-MAC Binding or the MAC-to-IP Binding.
Example
: If three computers on the LAN are set up as follows:
Host1: MAC address (00:01:02:03:04:05) and IP address (192.168.10.10)
Host2: MAC address (00:01:02:03:04:06) and IP address (192.168.10.11)
Host3: MAC address (00:01:02:03:04:07) and IP address (192.168.10.12)
If all the above host entries are added to the IP/MAC Binding table, the following scenarios
indicate the possible outcome.
Host1: Matching IP & MAC address in IP/MAC Table.
Host2: Matching IP but inconsistent MAC address in IP/MAC Table.
Host3: Matching MAC but inconsistent IP address in IP/MAC Table.
The router will block the traffic coming from Host2 and Host3, but allow the traffic coming from
Host1 to any external network. The total count of dropped packets will be displayed.
To invoke the IP/MAC Binding Table screen:
1.
Select
Security
from the main menu and
IP/MAC Binding
from the sub-menu. The
IP/MAC
Binding
screen will display.
2.
Select the
Yes
radio box and click
Apply.
Make sure that you have enabled
Firewall Logs and
email
.
Page 94 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-34
Firewall Protection and Content Filtering
v1.0, March 2009
3.
Add an IP/MAC Bind rule by entering:
a.
Name
: Specify an easily identifiable name for this rule.
b.
MAC Address
: Specify the MAC Address for this rule.
c.
IP Addresses
: Specify the IP Address for this rule.
d.
Log Dropped Packets
: Select the logging option for this rule from the pull-down menu.
4.
Click
Add.
The new IP/MAC rule will be appear the IP/MAC Binding Table. The IP/MAC
Binding Table lists the currently defined IP/MAC Bind rules:
Name
: Displays the user-defined name for this rule.
MAC Addresses
: Displays the MAC Addresses for this rule.
IP Addresses
: Displays the IP Addresses for this rule.
Log Dropped Packets
: Displays the logging option for this rule.
To edit an IP/MAC Bind rule, click
Edit
adjacent to the entry. The following fields of an existing
IP/MAC Bind rule can be modified:
MAC Address
: Specify the MAC Address for this rule.
IP Addresses
: Specify the IP Address for this rule.
Log Dropped Packets
: Specify the logging option for this rule.
Figure 4-20
Page 95 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-35
v1.0, March 2009
To remove an entry from the table, select the IP/MAC Bind entry and click
Delete
.
Port Triggering
Port triggering allows some applications running on a LAN network to be available to external
applications that would otherwise be partially blocked by the firewall. Using this feature requires
that you know the port numbers used by the Application.
Once configured, Port Triggering operates as follows:
1.
A PC makes an outgoing connection using a port number defined in the Port Triggering table.
2.
The VPN firewall records this connection, opens the additional INCOMING port or ports
associated with this entry in the Port Triggering table, and associates them with the PC.
3.
The remote system receives the PCs request and responds using the different port numbers that
you have now opened.
4.
The VPN firewall matches the response to the previous request, and forwards the response to
the PC.
Without Port Triggering, this response would be treated as a new connection request rather than a
response. As such, it would be handled in accordance with the Port Forwarding rules:
Only one PC can use a Port Triggering application at any time.
After a PC has finished using a Port Triggering application, there is a Time-out period before
the application can be used by another PC. This is required because this Router cannot be sure
when the application has terminated.
To add a Port Triggering Rule:
1.
Select
Security
from the main menu and
Port Triggering
from the submenu. The
Port
Triggering
screen will display.
1.
Enter a user-defined name for this rule in the
Name
field.
2.
From the
Enable
pull-down menu, indicate if the rule is enabled or disabled.
Note:
For additional ways of allowing inbound traffic, see
“Inbound Rules (Port
Forwarding)” on page 4-6
.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top