1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FWG114P
    5. /
  5. 18
Page 86 / 296 Scroll up to view Page 81 - 85
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
6-8
Firewall Protection and Content Filtering
201-10301-02, May 2005
This rule is shown in
Figure 6-3
.
Example: Port Forwarding for Videoconferencing
If you want to allow incoming videoconferencing to be initiated from a restricted range of outside
IP addresses, such as from a branch office, you can create an inbound rule. In the example shown
in
Figure 6-4
, CU-SeeMe is a predefined service and its connections are allowed only from a
specified range of external IP addresses. In this case, we have also specified logging of any
incoming CU-SeeMe requests that do not match the allowed parameters.
Figure 6-4:
Rule example: Videoconference from Restricted Addresses
Example: Port Forwarding for VPN Tunnels when NAT is Off
If you want to allow incoming VPN IPSec tunnels to be initiated from outside IP addresses
anywhere on the Internet when NAT is off, first create a service and then an inbound rule.
Page 87 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Firewall Protection and Content Filtering
6-9
201-10301-02, May 2005
Figure 6-5:
Service example: port forwarding for VPN when NAT is Off
In the example shown in
Figure 6-5
, UDP port 500 connections are defined as the IPSec service.
Figure 6-6:
Inbound rule example:
VPN IPSec when NAT is off
In the example shown in
Figure 6-6
, VPN IPSec connections are allowed for any internal LAN IP
address.
Outbound Rules (Service Blocking or Port Filtering)
The FWG114P v2 allows you to block the use of certain Internet services by computers on your
network. This is called service blocking or port filtering. You can define an outbound rule to block
Internet access from a local computer based on:
IP address of the local computer (source address)
Page 88 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
6-10
Firewall Protection and Content Filtering
201-10301-02, May 2005
IP address of the Internet site being contacted (destination address)
Time of day
Type of service being requested (service port number)
Outbound Rule Example: Blocking Instant Messaging
If you want to block Instant Messenger usage by employees during working hours, you can create
an outbound rule to block that application from any internal IP address to any external address
according to the schedule that you have created in the Schedule menu. You can also have the router
log any attempt to use Instant Messenger during that blocked period.
Figure 6-7:
Rule example: Blocking Instant Messenger
Other Rules Considerations
The order of precedence of rules is determined by the position of the rule on a list of many rules.
Also, there are optional Rules settings you can configure. These topics are presented here.
Page 89 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Firewall Protection and Content Filtering
6-11
201-10301-02, May 2005
Order of Precedence for Rules
As you define new rules, they are added to the tables in the Rules menu. For any traffic attempting
to pass through the firewall, the packet information is subjected to the rules in the order of the
entries in the Rules Table, beginning at the top and proceeding to the default rules at the bottom. In
some cases, the order of precedence of two or more rules may be important in determining the
disposition of a packet. The Move button allows you to relocate a defined rule to a new position in
the table.
Rules Menu Options
Use the Options checkboxes to enable the following:
Enable VPN Passthrough (IPSec, PPTP, L2TP)
If LAN users need to use VPN (Virtual Private Networking) software on their computer, and
connect to remote sites or servers, enable this checkbox. This will allow the VPN protocols
(IPSec, PPTP, L2TP) to be used. If this checkbox is not checked, these protocols are blocked.
Drop fragmented IP packets
If checked, all fragmented IP packets will be dropped (discarded). Normally, this should NOT
be checked.
Block TCP flood
If checked, when a TCP flood attack is detected, the port used will be closed, and no traffic
will be able to use that port.
Block UDP flood
If checked, when a UDP flood attack is detected, all traffic from that IP address will be
blocked.
Block non-standard packets
If checked, only known packet types will be accepted; other packets will be blocked. The
known packet types are TCP, UDP, ICMP, ESP, and GRE. Note that these are packet types, not
protocols.
Page 90 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
6-12
Firewall Protection and Content Filtering
201-10301-02, May 2005
Using a Schedule to Block or Allow Content or Traffic
If you enabled content filtering in the Block Sites menu, or if you defined an outbound rule to use
a schedule, you can set up a schedule for when blocking occurs or when access is restricted. The
router allows you to specify when blocking will be enforced by configuring the Schedule tab
shown below.
Figure 6-8:
Schedule menu
To block keywords or Internet domains based on a schedule, select Every Day or select one or
more days. If you want to limit access completely for the selected days, select All Day. Otherwise,
If you want to limit access during certain times for the selected days, type a Start Time and an End
Time.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top