1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 39
Page 191 / 469 Scroll up to view Page 186 - 190
Firewall Protection
191
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Note:
For additional ways of restricting outbound traffic, see
Outbound
Rules (Service Blocking)
on page
137.
To enable MAC filtering and add MAC addresses to be permitted or blocked:
1.
Select
Security > Address Filter
. The Address Filter submenu tabs display, with the
Source MAC Filter screen in view. (The following figure shows one address in the MAC
Addresses table as an example.)
Figure 115.
2.
In the MAC Filtering Enable section, select the
Yes
radio button.
3.
In the same section, from the Policy for MAC Addresses listed below drop-down list, select
one of the following options:
Block and Permit the rest
. Traffic coming from all addresses in the MAC Addresses
table is blocked. Traffic from all other MAC addresses is permitted.
Permit and Block the rest
. Traffic coming from all addresses in the MAC Addresses
table is permitted. Traffic from all other MAC addresses is blocked.
4.
Click
Apply
to save your settings. The MAC Address field in the Add Source MAC Address
section of the screen now becomes available.
5.
Build your list of source MAC addresses to be permitted or blocked by entering the first MAC
address in the MAC Address field. A MAC address needs to be entered in the format
xx:xx:xx:xx:xx:xx, in which x is a numeric (0 to 9) or a letter between a
and f (inclusive), for
example: aa:11:bb:22:cc:33.
Page 192 / 469
Firewall Protection
192
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
WARNING:
If you select Permit and Block the rest from the drop-down list but
do not add the MAC address of the computer from which you are
accessing the web management interface, you are locked out of
the web management interface.
6.
Click the
Add
table button. The MAC address is added to the MAC Addresses table.
7.
Repeat the previous two steps to add more MAC addresses to the MAC Addresses table.
To remove one or more MAC addresses from the table:
1.
Select the check box to the left of each MAC address that you want to delete, or click
the
Select All
table button to select all addresses.
2.
Click the
Delete
table button.
Set Up IP/MAC Bindings
IP/MAC binding allows you to bind an IPv4 or IPv6 address to a MAC address and the other
way around. Some computers or devices are configured with static addresses. To prevent
users from changing their static IP addresses, the IP/MAC binding feature needs to be
enabled on the VPN firewall. If the VPN firewall detects packets with an IP address that
matches the IP address in the IP/MAC Bindings table but does not match the related MAC
address in the IP/MAC Bindings table (or the other way around), the packets are dropped. If
you have enabled the logging option for the IP/MAC binding feature, these packets are
logged before they are dropped. The VPN firewall displays the total number of dropped
packets that violate either the IP-to-MAC binding or the MAC-to-IP binding.
Note:
You can bind IP addresses to MAC addresses for DHCP assignment
on the LAN Groups submenu. See
Manage the Network Database
on page
97.
As an example, assume that three computers on the LAN are set up as follows, and that their
IPv4 and MAC addresses are added to the IP/MAC Bindings table:
Host 1. MAC address (00:01:02:03:04:05) and IP address (192.168.10.10)
Host 2. MAC address (00:01:02:03:04:06) and IP address (192.168.10.11)
Host 3. MAC address (00:01:02:03:04:07) and IP address (192.168.10.12)
There are three possible scenarios in relation to the addresses in the IP/MAC Bindings table:
Host 1 has not changed its IP and MAC addresses. A packet coming from Host 1 has IP
and MAC addresses that match those in the IP/MAC Bindings table.
Page 193 / 469
Firewall Protection
193
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Host 2 has changed its MAC address to 00:01:02:03:04:09. The packet has an IP
address that matches the IP address in the IP/MAC Bindings table but a MAC address
that does not match the MAC address in the IP/MAC Bindings table.
Host 3 has changed its IP address to 192.168.10.15. The packet has a MAC address that
matches the MAC address in the IP/MAC Bindings table but an IP address that does not
match the IP address in the IP/MAC Bindings table.
In this example, the VPN firewall blocks the traffic coming from Host 2 and Host 3, but allows
the traffic coming from Host 1 to any external network. The total count of dropped packets is
displayed.
IPv4/MAC Bindings
To set up a binding between a MAC address and an IPv4 address:
1.
Select
Security > Address Filter > IP/MAC Binding
.
In the upper right of the screen,
the IPv4 radio button is selected by default. The IP/MAC Binding screen displays the
IPv4 settings. (The following figure shows a binding in the IP/MAC Binding table as an
example.)
Figure 116.
2.
In the Email IP/MAC Violations section of the screen, specify if you want to enable email
logs for IP/MAC binding violations. (You have to do this only once.) Select one of the
following radio buttons:
Yes
. IP/MAC binding violations are emailed. Click the
Firewall Logs & E-mail page
link to ensure that emailing of logs is enabled on the Firewall Logs & E-mail screen
(see
Configure Logging, Alerts, and Event Notifications
on page
362).
No
. IP/MAC binding violations are not emailed.
3.
Click
Apply
to save your changes.
Page 194 / 469
Firewall Protection
194
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
In the IP/MAC Bindings sections of the screen, enter the settings as described in the
following table:
5.
Click the
Add
table button. The new IP/MAC rule is added to the IP/MAC Bindings table.
To edit an IP/MAC binding:
1.
In the IP/MAC Bindings table, click the
Edit
table button to the right of the IP/MAC
binding that you want to edit. The Edit IP/MAC Binding screen displays.
2.
Modify the settings that you wish to change (see the previous table; you can change the
MAC address, IPv4 address, and logging status).
3.
Click
Apply
to save your changes. The modified IP/MAC binding displays in the IP/MAC
Bindings table.
To remove one or more IP/MAC bindings from the table:
1.
Select the check box to the left of each IP/MAC binding that you want to delete, or click
the
Select All
table button to select all bindings.
2.
Click the
Delete
table button.
To change the IPv4 MAC polling interval from its default setting of 10 seconds:
1.
On the IP/MAC Bindings screen for IPv4, to the right of the IP/MAC Binding tab, click the
Set Poll Interval
option arrow. The IP MAC Binding Poll Interval pop-up screen
displays:
Figure 117.
2.
Click the
Stop
button. Wait until the Poll Interval field becomes available.
3.
Enter new poll interval in seconds.
Table 40.
IP/MAC Binding screen settings for IPv4
Setting
Description
Name
A descriptive name of the binding for identification and management purposes.
MAC Address
The MAC address of the computer or device that is bound to the IP address.
IP Address
The IPv4 address of the computer or device that is bound to the MAC address.
Log Dropped
Packets
To log the dropped packets, select
Enable
from the drop-down list. The default setting
is Disable.
Page 195 / 469
Firewall Protection
195
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
Click the
Set Interval
button. Wait for the confirmation that the operation has succeeded
before you close the window.
IPv6/MAC Bindings
To set up a binding between a MAC address and an IPv6 address:
1.
Select
Security > Address Filter > IP/MAC Binding
.
2.
In the upper right of the screen, select the
IPv6
radio button. The IP/MAC Binding screen
displays the IPv6 settings. (The following figure shows a binding in the IP/MAC Binding table
as an example.)
Figure 118.
3.
In the Email IP/MAC Violations section of the screen, specify if you want to enable email
logs for IP/MAC binding violations. (You have to do this only once.) Select one of the
following radio buttons:
Yes
. IP/MAC binding violations are emailed. Click the
Firewall Logs & E-mail page
link to ensure that emailing of logs is enabled on the Firewall Logs & E-mail screen
(see
Configure Logging, Alerts, and Event Notifications
on page
362).
No
. IP/MAC binding violations are not emailed.
4.
Click
Apply
to save your changes.
5.
In the IP/MAC Bindings sections of the screen, enter the settings as described in the
following table:
Table 41.
IP/MAC Binding screen settings for IPv6
Setting
Description
Name
A descriptive name of the binding for identification and management purposes.
MAC Address
The MAC address of the computer or device that is bound to the IP address.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top