1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVX538
    5. /
  5. 30
Page 146 / 240 Scroll up to view Page 141 - 145
ProSafe VPN Firewall 200 FVX538 Reference Manual
6-4
Router and Network Management
v1.0, March 2009
Schedule.
If you have set firewall rules on the Rules screen, you can configure three different
schedules (i.e., schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a
schedule is configured, it affects all Rules that use this schedule. You specify the days of the week
and time of day for each schedule.
See
“Setting a Schedule to Block or Allow Specific Traffic” on page 4-28
for the procedure on
how to use this feature.
Block Sites
If you want to reduce traffic by preventing access to certain sites on the Internet, you can use the
VPN firewall's filtering feature. By default, this feature is disabled; all requested traffic from any
Web site is allowed.
Keyword (and Domain Name) Blocking
– You can specify up to 32 words that, should they
appear in the Web site name (i.e., URL) or in a newsgroup name, will cause that site or
newsgroup to be blocked by the VPN firewall.
You can apply the keywords to one or more groups. Requests from the PCs in the groups for
which keyword blocking has been enabled will be blocked. Blocking does not occur for the
PCs that are in the groups for which keyword blocking has not been enabled.
You can bypass keyword blocking for trusted domains by adding the exact matching domain
to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for
which keyword blocking has been enabled will still be allowed without any blocking.
Web Component blocking
– You can block the following Web component types: Proxy, Java,
ActiveX, and Cookies. Sites on the Trusted Domains list are still subject to Web component
blocking when the blocking of a particular Web component has been enabled.
See
“Setting Block Sites (Content Filtering)” on page 4-29
for the procedure on how to use this
feature.
Source MAC Filtering
If you want to reduce outgoing traffic by preventing Internet access by certain PCs on the LAN,
you can use the source MAC filtering feature to drop the traffic received from the PCs with the
specified MAC addresses. By default, this feature is disabled; all traffic received from PCs with
any MAC address is allowed.
See
“Enabling Source MAC Filtering” on page 4-31
for the procedure on how to use this feature.
Page 147 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Router and Network Management
6-5
v1.0, March 2009
VPN Firewall Features That Increase Traffic
Features that tend to increase WAN-side loading are as follows:
Port forwarding
Port triggering
DMZ port
Exposed hosts
VPN tunnels
Port Forwarding
The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal
data or damage your PCs, but overloads your Internet connection so you can not use it (i.e., the
service is unavailable). You can also create additional firewall rules that are customized to block or
allow specific traffic.
You can control specific inbound traffic (i.e., from WAN to LAN and from WAN to DMZ).
Inbound Services lists all existing rules for inbound traffic. If you have not defined any rules, only
the default rule will be listed. The default rule blocks all inbound traffic.
Each rule lets you specify the desired action for the connections covered by the rule:
BLOCK always
BLOCK by schedule, otherwise Allow
ALLOW always
ALLOW by schedule, otherwise Block
You can also enable a check on special rules:
VPN Passthrough
– Enable this to pass the VPN traffic without any filtering, specially used
when this firewall is between two VPN tunnel end points.
Drop fragmented IP packets
– Enable this to drop the fragmented IP packets.
UDP Flooding
– Enable this to limit the number of UDP sessions created from one LAN
machine.
TCP Flooding
– Enable this to protect the router from Syn flood attack.
Warning:
This feature is for Advanced Administrators only! Incorrect configuration
will cause serious problems.
Page 148 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
6-6
Router and Network Management
v1.0, March 2009
Enable DNS Proxy
– Enable this to allow incoming DNS queries.
Enable Stealth Mode
– Enable this to set the firewall to operate in stealth mode.
As you define your firewall rules, you can further refine their application according to the
following criteria:
LAN Users
– These settings determine which computers on your network are affected by this
rule. Select the desired IP Address in this field.
WAN Users
– These settings determine which Internet locations are covered by the rule, based
on their IP address.
Any: The rule applies to all Internet IP address.
Single address: The rule applies to a single Internet IP address.
Address range: The rule is applied to a range of Internet IP addresses.
Destination Address
– These settings determine the destination IP address for this rule which
will be applicable to incoming traffic This rule will be applied only when the destination IP
address of the incoming packet matches the IP address of the selected WAN interface
Selecting ANY enables the rule for any LAN IP destination. WAN1 and WAN2 corresponds to
the respective WAN interface governed by this rule.
Services
– You can specify the desired Services or applications to be covered by this rule. If
the desired service or application does not appear in the list, you must define it using the
Services menu (see
“Adding Customized Services” on page 4-25
).
Schedule
– You can specify whether the rule is to be applied on the Schedule 1, Schedule 2, or
Schedule 3 time schedule (see
“Setting a Schedule to Block or Allow Specific Traffic” on
page 4-28
).
See
“Using Rules to Block or Allow Specific Kinds of Traffic” on page 4-2
for the procedure on
how to use this feature.
Port Triggering
Port triggering allows some applications to function correctly that would otherwise be partially
blocked by the firewall. Using this feature requires that you know the port numbers used by the
Application.
Once configured, Port Triggering operates as follows:
A PC makes an outgoing connection using a port number defined in the Port Triggering table.
This Router records this connection, opens the additional INCOMING port or ports associated
with this entry in the Port Triggering table, and associates them with the PC.
Page 149 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Router and Network Management
6-7
v1.0, March 2009
The remote system receives the PCs request and responds using the different port numbers that
you have now opened.
This Router matches the response to the previous request and forwards the response to the PC.
Without Port Triggering, this response would be treated as a new connection request rather
than a response. As such, it would be handled in accordance with the Port Forwarding rules.
Only one PC can use a Port Triggering application at any time.
After a PC has finished using a Port Triggering application, there is a time-out period
before the application can be used by another PC. This is required because the firewall
cannot be sure when the application has terminated.
See
“Port Triggering” on page 4-35
for the procedure on how to use this feature.
DMZ Port
The DMZ Port allows you to set up the DMZ port. Specifying a Default DMZ Server allows you to
set up a computer or server that is available to anyone on the Internet for services that you haven't
defined.
The default setting of the rules is that the DMZ port and both inbound and outbound traffic is
disabled. Enabling the DMZ port increases the traffic through the WAN ports.
The VPN firewall makes LAN port 8 a dedicated hardware DMZ port when DMZ is enabled (see
“Router Front and Rear Panels” on page 1-6
).
See
“Configuring and Enabling the DMZ Port” on page 3-10
and
“Setting DMZ WAN Rules” on
page 4-12
for the procedure on how to use this feature.
VPN Tunnels
The VPN firewall permits up to 200 VPN tunnels at a time. Each tunnel requires extensive
processing for encryption and authentication.
See
Chapter 5, “Virtual Private Networking
” for the procedure on how to use this feature.
Using QoS to Shift the Traffic Mix
The QoS priority settings determine the priority and, in turn, the quality of service for the traffic
passing through the firewall. The QoS is set individually for each service.
You can accept the default priority defined by the service itself by not changing its QoS
setting.
You can change the priority to a higher or lower value than its default setting to give the
service higher or lower priority than it otherwise would have.
Page 150 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
6-8
Router and Network Management
v1.0, March 2009
The QoS priority settings conform to the IEEE 802.1D-1998 (formerly 802.1p) standard for class
of service tag.
You will not change the WAN bandwidth used by changing any QoS priority settings. But you will
change the mix of traffic through the WAN ports by granting some services a higher priority than
others. The quality of a service is impacted by its QoS setting, however.
See
“Setting Quality of Service (QoS) Priorities” on page 4-27
for the procedure on how to use
this feature.
Tools for Traffic Management
The ProSafe VPN Firewall 200 includes several tools that can be used to monitor the traffic
conditions of the firewall and control who has access to the Internet and the types of traffic they
are allowed to have. See
“Monitoring the Router” on page 6-20
for a discussion of the tools.
Administration
You can change the administrator and guest passwords and settings, configure an SNMP manager,
backup settings and upgrade firmware, and enable remote management. Administrator access is
read/write and guest access is read-only.
Changing Passwords and Settings
The default passwords for the firewall’s Web Configuration Manager is
password
. Netgear
recommends that you change this password to a more secure password. You can also configure a
separate password for guests.
To modify User or Admin settings:

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top