1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRXN3205
    5. /
  5. 19
Page 91 / 218 Scroll up to view Page 86 - 90
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Firewall Security and Content Filtering
5-17
v1.0, October 2008
Setting Schedules to Block or Allow Traffic
If you enabled Content Filtering in the Block Sites menu, or if you defined an outbound or inbound
rule to use a schedule, you can set up a schedule for when blocking occurs or when access is
restricted. The firewall allows you to specify when blocking will be enforced by configuring one
of the Schedules—Schedule 1, Schedule 2 or Schedule 3.
To invoke rules and block keywords or Internet domains based on a schedule:
1.
Select
Security > Schedule
from the main/submenu.
The Schedule 1 screen displays as the default selection, along with tabs for Schedules 2 and 3.
.
2.
Select either All Days or Specific Days.
If you chose Specific Days, select each day the schedule will be in effect.
3.
For the time of day, select either All Day or Specific Times.
If you chose Specific Times, enter the Start Time and End Time (Hour, Minute, AM/PM) to
gate access during the selected days.
4.
Click
Apply
to save your settings to
Schedule 1.
Repeat this procedure to set schedules for
Schedule 2
and
Schedule 3.
Figure 5-9
Page 92 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
5-18
Firewall Security and Content Filtering
v1.0, October 2008
Setting Block Sites (Content Filtering)
To restrict internal LAN users from access to certain sites on the Internet, you can use the VPN
firewall’s Content Filtering and Web Components filtering. By default, these features are disabled;
all requested traffic from any Web site is allowed. If you enable one or more of these features and
users try to access a blocked site, they will see a “Blocked by NETGEAR” message.
Several types of blocking are available:
Web Components blocking
. You can block the following Web component types: Proxy, Java,
ActiveX, and Cookies. Even sites on the Trusted Domains list will be subject to Web
Components blocking when the blocking of a particular Web component is enabled.
Keyword Blocking
(Domain Name Blocking)
. You can specify up to 32 words to block. If
any of these words appear in the Web site name (URL) or in a newsgroup name, the web site
or newsgroup will be blocked by the VPN firewall.
You can apply the keywords to one or more groups. Requests from the PCs in the groups will
be blocked where keyword blocking has been enabled. Blocking does not occur for the PCs in
the groups where keyword blocking has been disabled.
You can bypass Keyword blocking for trusted domains by adding the exact matching domain
to the list of Trusted Domains. Access to the domains or keywords on this list by PCs in the
groups where keyword blocking has been enabled, will be allowed to pass without any
blocking.
Keyword application examples:
If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is blocked,
as is the newsgroup alt.pictures.XXX.
If the keyword “.com” is specified, only Web sites with other domain suffixes (such as .edu or
.gov) can be viewed.
If you wish to block all Internet browsing access, enter the keyword “.”.
To enable Content Filtering:
1.
Select
Security >
Block Sites
from the main/submenu and the
Block Sites
screen is displayed.
Page 93 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Firewall Security and Content Filtering
5-19
v1.0, October 2008
.
2.
Select
Yes
to enable Content Filtering.
3.
Click
Apply
to activate the menu controls.
4.
Select any Web Components you wish to block.
Proxy, Java, ActiveX, or Cookies
5.
Select the groups to which Keyword Blocking will apply, then click
Enable
to activate
Keyword blocking (or disable to deactivate Keyword Blocking).
6.
Enter your list of blocked Keywords or Domain Names in the
Blocked Keyword
fields and
click
Add
after each entry
.
The Keyword or Domain name will be added to the
Blocked Keywords
table. You can also
edit an entry by clicking
Edit
in the Action column adjacent to the entry.
7.
Enter a list of Trusted Domains in the
Trusted Domains
fields, and click
Add
after each entry
.
Figure 5-10
Page 94 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
5-20
Firewall Security and Content Filtering
v1.0, October 2008
The Trusted Domain will appear in the
Trusted Domains
table. You can also edit any entry by
clicking
Edit
in the Action column adjacent to the entry.
8.
Click
Apply
to save your settings.
Enabling Source MAC Filtering (Address Filter)
In the Address Filter submenu, the Source MAC Filter tab allows you to block traffic coming from
certain known machines or devices.
By default, the source MAC address filter is disabled. Traffic received from any MAC address
is allowed.
When source MAC address filtering is enabled, traffic will be dropped from any computers or
devices whose MAC addresses are listed in the
Blocked MAC Addresses
table.
To enable MAC filtering and add MAC addresses for blocking:
1.
Select
Security > Address Filter
from the main/submenu.
The Source MAC Filter screen displays.
2.
Click the
Yes
radio button to enable Source MAC Filtering.
3.
Select the desired Policy for MAC Addresses listed below.
Block and Permit the rest, or Permit and Block the rest.
Note:
For additional ways of restricting outbound traffic, see
“Outbound Rules
(Service Blocking)” on page 5-3
Figure 5-11
Page 95 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Firewall Security and Content Filtering
5-21
v1.0, October 2008
4.
Enter your list of source MAC addresses to be blocked in the
MAC Address
field in the form
01:23:45:67:89:AB, using colon-separated hexadecimal characters (0-9, A-F).
5.
Click the
Add
icon
.
The MAC address is added to the
MAC Addresses
table where it will be blocked.
6.
Click
Apply
to save your settings.
To remove an entry from the table, select the MAC address entry and click
Delete
.
IP/MAC Binding Tab
The IP/MAC Binding feature allows the VPN firewall to bind IP to MAC address and vice-versa.
Some PCs or devices are configured with static (fixed) addresses. To prevent users from changing
static IP addresses, the VPN firewall needs to enable IP/MAC Binding.
If VPN firewall detects packets with matching IP addresses but inconsistent MAC addresses or
vice-versa, it will drop such packets. If users have enabled the logging option for IP/MAC Binding
on their PCs or devices, these packets will be logged before being dropped. The VPN firewall
displays the total count of dropped packets, which violated either IP to MAC Binding, or MAC to
IP Binding.
To enable IP/MAC Binding and add IP and MAC address for binding:
1.
Select
Security > Address Filter
from the main/submenu.
The Source MAC Filter screen displays as the default with the IP/MAC Binding tab shown.
2.
Click the
IP/MAC Binding
tab to view the options available.
Figure 5-12

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top