1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRXN3205
    5. /
  5. 20
Page 96 / 218 Scroll up to view Page 91 - 95
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
5-22
Firewall Security and Content Filtering
v1.0, October 2008
3.
Click the
Yes
radio button to enable Source MAC Filtering.
IP/MAC Bind Table lists the currently defined IP/MAC Bind rules:
Name: Displays the user-defined name for this rule.
MAC Addresses: Displays the MAC Addresses for this rule.
IP Addresses: Displays the IP Addresses for this rule.
Log Dropped Packets: Displays logging option for this rule.
To remove an entry from the table, select the IP/MAC Bind entry and click Delete. To edit an
entry, click Edit adjacent to the entry.
Add IP/MAC Bind Rule
Name: Specify easily identifiable name for this rule.
MAC Address: Specify the MAC Address for this rule.
IP Addresses: Specify the IP Address for this rule.
Log Dropped Packets: Specify Logging option for this rule.
Edit IP/MAC Bind Rule: the following fields of an existing IP/MAC Bind rule can be
modified:
MAC Address: Specify the MAC Address for this rule.
IP Addresses: Specify the IP Address for this rule.
Log Dropped Packets: Specify Logging option for this rule.
Example: If three computers are on the LAN with the following setup:
Host1 -- MAC address(00:01:02:03:04:05) & IP address(192.168.10.10)
Host2 -- MAC address(00:01:02:03:04:06) & IP address(192.168.10.11)
Host3 -- MAC address(00:01:02:03:04:07) & IP address(192.168.10.12)
All the above host entries are added in IP/MAC Binding table. The scenario for the above hosts are
as such:
Host1 -- Matching IP & MAC address in IP/MAC Table.
Host2 -- Matching IP but inconsistent MAC address in IP/MAC Table.
Host3 -- Matching MAC but inconsistent IP address in IP/MAC Table.
The router will block the traffic coming from Host2 & Host3 but allow the traffic coming from
Host1 to any external network. Total count of dropped packets will be displayed.
Page 97 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Firewall Security and Content Filtering
5-23
v1.0, October 2008
Enabling Port Triggering
Port triggering allows some applications running on a LAN network to be available to external
applications that would otherwise be partially blocked by the firewall. Using this feature requires
the port numbers used by the application.
Once configured, port triggering operates as follows:
1.
A PC makes an outgoing connection using a port number defined in the Port Triggering table.
2.
The firewall records this connection, opens the additional INCOMING port or ports associated
with this entry in the Port Triggering table, and associates them with the PC.
3.
The remote system receives the PC’s request and responds using the different port numbers
that you have now opened.
4.
The VPN firewall matches the response to the previous request, and forwards the response to
the PC.
Without Port Triggering, this response would be treated as a new connection request rather than a
response. As such, it would be handled in accordance with the inbound service rules.
Note these restrictions with Port Triggering:
Only one PC can use a port triggering application at any time.
After a PC has finished using a port triggering application, there is a time-out period before the
application can be used by another PC. This is required because the VPN firewall cannot be
sure when the application has terminated.
To add a port triggering rule:
Note:
For additional ways of allowing inbound traffic, see
“Inbound Rules (Port
Forwarding)” on page 5-4
.
Page 98 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
5-24
Firewall Security and Content Filtering
v1.0, October 2008
1.
Select
Security
from the main menu and Port Triggering from the submenu.
The
Port Triggering
screen is displayed.
2.
Enter a user-defined name for this rule in the
Name
field.
3.
From the
Enable
pull-down menu, indicate if the rule is enabled or disabled.
4.
From the
Protocol
pull-down menu, choose either TCP or UDP transport protocol.
5.
In the
Outgoing (Trigger) Port Range
fields:
a.
Enter the
Start Port
range (1 - 65534).
b.
Enter the
End Port
range (1 - 65534).
6.
In the
Incoming (Response) Port Range
fields:
a.
Enter the
Start Port
range (1 - 65534).
b.
Enter the
End Port
range (1 - 65534).
7.
Click
Add.
The port triggering rule is added to the
Port Triggering Rules
table.
To check the status of the port triggering rules, click the
Status
option arrow to the right of the tab
on the
Port Triggering
screen.
Bandwidth Profile
The Bandwidth profile sets the limits on the bandwidth of internet link and determines the limits
on the data traffic sent to or received from your host. Bandwidth Limiting, by providing limits on
the outgoing/incoming traffic, prevents the LAN users for consuming all the bandwidth of internet
link. Bandwidth Limiting for outbound traffic is set up on WAN interface, while limits for inbound
traffic are set up on the LAN interface for all WAN modes.
Figure 5-13
Page 99 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Firewall Security and Content Filtering
5-25
v1.0, October 2008
Example: When a new connection is established on the VPN firewall, the firewall rules are search
for a corresponding rule limit to the connection. If the rule has a bandwidth profile setting, then the
firewall will create a bandwidth class in the kernel. If multiple connections correspond to the same
firewall rule, these will share the same class.
An exception occurs when an individual type bandwidth profile has classes set per source IP. The
“source IP” is the source IP of the first packet of the connection. For the outbound rules, the source
IP will be on the LAN side IP and for inbound rules the source IP will be on the WAN-side IP. This
class will be deleted when all the connections using the class expire.
1.
To access the Bandwidth Profile tab, click
Security > Bandwidth Profile
in the main menu.
The Bandwidth Profile tab appears on screen with a table titled, List of Bandwidth Profiles.
List of Bandwidth Profile Table - This table lists the currently defined bandwidth profiles.
Name: Displays the user-defined name for this bandwidth profile.
Bandwidth Range: Displays the range for bandwidth profile.
Type: Displays the type for bandwidth profile.
Direction: Displays direction of inbound or outbound traffic.
2.
To add a Bandwidth Profile to the table, click the
Add
button.
The Add Bandwidth Profile screen displays.
3.
Type a value for each parameter text box to create a new bandwidth profile.
Profile Name: Specify an easily identifiable name for the profile.
Minimum Bandwidth: Specify the minimum bandwidth value in Kbps for the profile.
Maximum Bandwidth: Specify the maximum bandwidth value in Kbps for the profile.
Type: Select profile type, Group or Individual.
Direction: Select Inbound Traffic or Outbound Traffic.
Figure 5-14
Page 100 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
5-26
Firewall Security and Content Filtering
v1.0, October 2008
4.
If you decide not to enter a new profile once you started a new profile, click
Bandwidth
Profile
in the submenu to return to the List of Bandwidth Profiles table.
5.
Click
Apply
to save your settings and accept the new bandwidth profile.
6.
You can edit any existing profile by clicking
Edit
in the Action column.
7.
If you change your mind while creating a new bandwidth profile, click
Reset
to discard any
changes and revert to the previous settings.
UPnP (Universal Plug and Play)
The UPnP (Universal Plug and Play) feature allows the VPN Firewall to automatically discover
and configure the devices when it searches over LAN and WAN.
1.
To access the UPnP tab, click
Security > UPnP
in the main/submenu.
The UPnP tab appears on screen with various options to select.
2.
To enable the UPnP feature, click the
Yes
radio button or
No
to disable it.
No is the default and the VPN firewall will not automatically configure devices.
If Yes is selected it activates the two text boxes to the right.
3.
Fill in the two text boxes to the right.
Advertisement Period: Type in the text box (in minutes), how often you want the firewall
to broadcast its UPnP information to all devices within range.
Advertisement Time to Live: Type in the text box (in hops), how many steps (hops) each
UPnP packet is allowed to propagate before being discarded.
Small values will limit the UPnP broadcast range.
4.
Click
Reset
to revert to the previous settings.
5.
Click
Apply
to save changes.
6.
To view the contents of the UPnP Portmap Table, click
Refresh
to refresh the table and search
for any new UPnP devices.
The UPnP Portmap Table shows the IP addresses and other settings of UPnP devices that have
accessed this wireless VPN firewall.
Active: A Yes or No indicates if the UPnP device port that established a connection is
currently active.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top