1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 38
Page 186 / 469 Scroll up to view Page 181 - 185
Firewall Protection
186
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To edit a QoS profile:
1.
In the List of QoS Profiles table, click the
Edit
table button to the right of the QoS profile
that you want to edit. The Edit QoS Profile screen displays.
2.
Modify the settings that you wish to change (see the previous table).
3.
Click
Apply
to save your changes. The modified QoS profile is displayed in the List of QoS
Profiles table.
To delete a QoS profile:
1.
In the List of QoS Profiles table, select the check box to the left of the QoS profile that
you want to delete, or click the
Select All
table button to select all profiles.
2.
Click the
Delete
table button.
Quality of Service Priorities for IPv6 Firewall Rules
For IPv6 firewall rules and services, you cannot configure QoS profiles, but there are default
QoS priorities that you can assign on the following screens:
Add LAN WAN Outbound Services screen for IPv6 (see
Figure
78
on page
149)
Add DMZ WAN Outbound Services screen for IPv6 (see
Figure
84
on page
155)
QoS priorities are preconfigured and cannot be edited:
Normal-Service
. Used when no special priority is given to the traffic. IP packets are
marked with a ToS value of 0.
Minimize-Cost
. Used when data needs to be transferred over a link that has a lower cost.
IP packets are marked with a ToS value of 2.
Maximize-Reliability
. Used when data needs to travel to the destination over a reliable
link and with little or no retransmission. IP packets are marked with a ToS value of 4.
Maximize-Throughput
. Used when the volume of data transferred during an interval is
important even if the latency over the link is high. IP packets are marked with a ToS value
of 8.
Minimize-Delay
. Used when the time required (latency) for the packet to reach the
destination needs to be low. IP packets are marked with a ToS value of 16.
Configure Content Filtering
To restrict internal LAN users from access to certain sites on the Internet, you can use the
content filtering and web component blocking features of the VPN firewall. By default, these
features are disabled; all requested traffic from any website is allowed. If you enable one or
more of these features and users try to access a blocked site, they see a “Blocked by
NETGEAR” message.
Note:
Content filtering is supported for IPv4 users and groups only.
Page 187 / 469
Firewall Protection
187
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Several types of blocking are available:
Web component blocking
. You can block the following web component types: proxy,
Java, ActiveX, and cookies. Even sites that are listed in the Trusted Domains table are
subject to web component blocking when the blocking of a particular web component is
enabled.
-
Proxy
. A proxy server (or simply, proxy) allows computers to route connections to
other computers through the proxy, thus circumventing certain firewall rules. For
example, if connections to a specific IP address are blocked by a firewall rule, the
requests can be routed through a proxy that is not blocked by the rule, rendering the
restriction ineffective. Enabling this feature blocks proxy servers.
-
Java
. Blocks Java applets from being downloaded from pages that contain them.
Java applets are small programs embedded in web pages that enable dynamic
functionality of the page. A malicious applet can be used to compromise or infect
computers. Enabling this setting blocks Java applets from being downloaded.
-
ActiveX
. Similar to Java applets, ActiveX controls are installed on a Windows
computer running Internet Explorer. A malicious ActiveX control can be used to
compromise or infect computers. Enabling this setting blocks ActiveX applets from
being downloaded.
-
Cookies
. Cookies are used to store session information by websites that usually
require login. However, several websites use cookies to store tracking information
and browsing habits. Enabling this option blocks cookies from being created by a
website.
Note:
Many websites require that cookies be accepted for the site to be
accessed correctly. Blocking cookies might interfere with useful
functions provided by these websites.
Keyword blocking
(domain name blocking)
. You can specify up to 32 words to block. If
any of these words appear in the website name (URL) or in a newsgroup name, the
website or newsgroup is blocked by the VPN firewall.
You can apply the keywords to one or more LAN groups. Requests from the computers in
the groups are blocked where keyword blocking has been enabled. Blocking does not
occur for the computers in the groups where keyword blocking has been disabled.
You can bypass keyword blocking for trusted domains by adding the exact matching
domain to the Trusted Domains table. Access to the domains or keywords on this list by
computers in the groups for which keyword blocking has been enabled is allowed without
any blocking.
Keyword application examples:
If the keyword “xxx” is specified, the URL http://www.companycom/xxx.html is
blocked, as is the newsgroup alt.pictures.xxx.
Page 188 / 469
Firewall Protection
188
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
If the keyword “.com” is specified, only websites with other domain suffixes (such as
.edu, .org, or .gov) can be viewed.
If you wish to block all Internet browsing access, enter
.
(period) as the keyword.
To enable and configure content filtering:
1.
Select
Security > Content Filtering
. The Block Sites screen displays. (The following
figure shows some examples.)
Figure 113.
2.
In the Content Filtering section of the screen, select the
Yes
radio button.
Page 189 / 469
Firewall Protection
189
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
3.
In the Web Components section of the screen, select the components that you want to block
(by default, none of these components are blocked, that is, none of these check boxes are
selected):
Proxy
. Blocks proxy servers.
Java
. Blocks Java applets from being downloaded.
ActiveX
. Blocks ActiveX applets from being downloaded.
Cookies
. Blocks cookies from being created by a website.
These components are described in the introduction of this section on page 186.
4.
Click
Apply
to enable content filtering and blocking of the selected web components. The
screen controls are activated.
To apply keyword blocking to LAN groups:
1.
In the Apply Keyword Blocking to section of the screen, select the check boxes for the
groups to which you want to apply keyword blocking, or click the
Select All
button to
select all groups.
2.
To activate keyword blocking for these groups, click the
Enable
button. To deactivate
keyword blocking for the selected groups, click the
Disable
button.
Note:
If you changed the LAN group names on the Edit Group Names
screen (see
Change Group Names in the Network Database
on
page
100), the new names are displayed on the Block Sites screen.
To build your list of blocked keywords or blocked domain names:
1.
In the Add Blocked Keyword section of the screen, in the Blocked Keyword field, enter a
keyword or domain name.
2.
After each entry, click the
Add
table button. The keyword or domain name is added to the
Blocked Keywords table.
To edit an entry, click the
Edit
table button in the Action column to the right of the entry.
To build your list of trusted domains:
1.
In the Add Trusted Domain section of the screen, in the Trusted Domains field, enter a
domain name.
2.
After each entry, click the
Add
table button. The domain name is added to the Trusted
Domains table.
To edit an entry, click the
Edit
table button in the Action column to the right of the entry.
Set a Schedule to Block or Allow Specific Traffic
Schedules define the time frames under which firewall rules can be applied. Three
schedules, Schedule 1, Schedule 2, and Schedule 3, can be defined, and you can select any
one of these when defining firewall rules.
Page 190 / 469
Firewall Protection
190
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To set a schedule:
1.
Select
Security > Services > Schedule 1
.
The Schedule 1 screen displays:
Figure 114.
2.
In the Scheduled Days section, select one of the following radio buttons:
All Days
. The schedule is in effect all days of the week.
Specific Days
. The schedule is in effect only on specific days. To the right of the radio
buttons, select the check box for each day that you want the schedule to be in effect.
3.
In the Scheduled Time of Day section, select one of the following radio buttons:
All Day
. The schedule is in effect all hours of the selected day or days.
Specific Times
. The schedule is in effect only during specific hours of the selected
day or days. To the right of the radio buttons, fill in the Start Time and End Time fields
(Hour, Minute, AM/PM) during which the schedule is in effect.
4.
Click
Apply
to save your settings to Schedule 1.
Repeat these steps to set to a schedule for Schedule 2 and Schedule 3.
Enable Source MAC Filtering
The Source MAC Filter screen enables you to permit or block traffic coming from certain
known computers or devices.
By default, the source MAC address filter is disabled. All the traffic received from computers
with any MAC address is allowed. When the source MAC address filter is enabled,
depending on the selected policy, traffic is either permitted or blocked if it comes from any
computers or devices whose MAC addresses are listed in MAC Addresses table.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top