1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRXN3205
    5. /
  5. 33
Page 161 / 218 Scroll up to view Page 156 - 160
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Firewall and Network Management
9-1
v1.0, October 2008
Chapter 9
Firewall and Network Management
This chapter describes how to use the network management features of your ProSafe Wireless-N
VPN Firewall. These features can be found by clicking on the appropriate heading in the Main
Menu of the browser interface.
The ProSafe Wireless-N VPN Firewall offers many tools for managing the network traffic to
optimize its performance. You can also control administrator access, be alerted to important events
requiring prompt action, monitor the firewall status, perform diagnostics, and manage the firewall
configuration file.
This chapter contains the following sections:
“Performance Management”
“Changing Passwords and Administrator Settings”
“Enabling Remote Management Access”
“Using an SNMP Manager”
“Settings Backup and Firmware Upgrade”
“Configuring Time Zone Settings”
Performance Management
Performance management consists of controlling the traffic through the firewall so that the
necessary traffic gets through when there is a bottleneck and either reducing unnecessary traffic or
rescheduling some traffic to low-peak times to prevent bottlenecks from occurring in the first
place. The firewall has the necessary features and tools to help the network manager accomplish
these goals.
Bandwidth Capacity
The maximum bandwidth capacity of the firewall in each direction is as follows:
LAN side: 5000 Mbps (five LAN ports at 1000 Mbps each)
Page 162 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
9-2
Firewall and Network Management
v1.0, October 2008
WAN side: 1000 Mbps (one WAN port at 1000 Mbps)
In practice, the WAN side bandwidth capacity will be much lower when DSL or cable modems are
used to connect to the Internet. As a result and depending on the traffic being carried, the WAN
side of the firewall will be the limiting factor to throughput for most installations.
Features that Reduce Traffic
Features of the VPN firewall that can be called upon to decrease WAN-side loading are as follows:
Service blocking
Block sites
Source MAC filtering
Service Blocking
You can control specific outbound traffic (from LAN to WAN). Outbound Services lists all
existing rules for outbound traffic. If you have not defined any rules, only the default rule will be
listed. The default rule allows all outgoing traffic.
Each rule lets you specify the desired action for the connections covered by the rule:
BLOCK always
BLOCK by schedule, otherwise Allow
ALLOW always
ALLOW by schedule, otherwise Block
As you define your firewall rules, you can further refine the application according to the following
criteria:
LAN Users.
These settings determine which computers on your network are affected by this
rule. Select the desired options:
Any
.
All PCs and devices on your LAN.
Single address
.
The rule will be applied to the address of a particular PC.
Address range
.
The rule is applied to a range of addresses.
Warning:
This feature is for Advanced Administrators only! Incorrect configuration
will cause serious problems.
Page 163 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Firewall and Network Management
9-3
v1.0, October 2008
Groups
.
The rule is applied to a Group (see
“Managing Groups and Hosts (LAN Groups)”
on page 3-4
to assign PCs to a Group using the LAN Groups Database).
WAN Users.
These settings determine which Internet locations are covered by the rule, based
on the IP address.
Any
.
The rule applies to all Internet IP address.
Single address
.
The rule applies to a single Internet IP address.
Address range
.
The rule is applied to a range of Internet IP addresses.
Services.
You can specify the desired Services or applications to be covered by this rule. If the
desired service or application does not appear in the list, you must define it using the Services
menu (see
“Services-Based Rules” on page 5-2
and
“Adding Customized Services” on page 5-
15
).
Schedule.
You can specify whether the rule is to be applied on the Schedule 1, Schedule 2, or
Schedule 3 time schedule (see
“Setting Schedules to Block or Allow Traffic” on page 5-17
).
See
“Using Rules & Services to Block or Allow Traffic” on page 5-2
for the procedure on how to
use this feature.
Services
The Rules menu contains a list of predefined Services for creating firewall rules. If a service does
not appear in the predefined Services list, you can define the service. The new service will then
appear in the Rules menu's Services list.
See
“Services-Based Rules” on page 5-2
for the procedure on how to use this feature.
Groups and Hosts
You can apply these rules selectively to groups of PCs to reduce the outbound or inbound traffic.
The LAN Groups Database is an automatically-maintained list of all known PCs and network
devices. PCs and devices become known by the following methods:
DHCP Client Request.
By default, the DHCP server in this firewall is enabled, and will
accept and respond to DHCP client requests from PCs and other network devices. These
requests also generate an entry in the LAN Groups Database. Because of this, leaving the
DHCP server feature (on the LAN screen) enabled is strongly recommended.
Scanning the Network.
The local network is scanned using ARP. requests. The ARP scan will
detect active devices that are not DHCP clients. However, sometimes the name of the PC or
device cannot be accurately determined, and will appear in the database as Unknown.
Manual Entry
. You can manually enter information about a device.
Page 164 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
9-4
Firewall and Network Management
v1.0, October 2008
See
“Managing Groups and Hosts (LAN Groups)” on page 3-4
for the procedure on how to use
this feature.
Schedule
If you have set firewall rules on the Rules screen, you can configure three different schedules (for
example, schedule 1, schedule 2, and schedule 3) for when a rule is to be applied. Once a schedule
is configured, it affects all Rules that use this schedule. You specify the days of the week and time
of day for each schedule.
See
“Setting Schedules to Block or Allow Traffic” on page 5-17
for the procedure on how to use
this feature.
Block Sites
If you want to reduce traffic by preventing access to certain sites on the Internet, you can use the
VPN firewall’s filtering feature. By default, this feature is disabled; all requested traffic from any
Web site is allowed.
Keyword (and Domain Name) Blocking.
You can specify up to 32 words that, should they
appear in the Web site name (i.e., URL) or in a newsgroup name, will cause that site or
newsgroup to be blocked by the VPN firewall.
You can apply the keywords to one or more groups. Requests from the PCs in the groups for
which keyword blocking has been enabled will be blocked. Blocking does not occur for the
PCs that are in the groups for which keyword blocking has not been enabled.
You can bypass keyword blocking for trusted domains by adding the exact matching domain
to the list of Trusted Domains. Access to the domains on this list by PCs even in the groups for
which keyword blocking has been enabled will still be allowed without any blocking.
Web Component blocking.
You can block the following Web component types: Proxy, Java,
ActiveX, and Cookies. Sites on the Trusted Domains list are still subject to Web component
blocking when the blocking of a particular Web component has been enabled.
See
“Setting Block Sites (Content Filtering)” on page 5-18
for the procedure on how to use this
feature.
Source MAC Filtering
If you want to reduce outgoing traffic to prevent Internet access by certain PCs on the LAN, you
can use the source MAC filtering feature to drop the traffic received from the PCs with the
specified MAC addresses. By default, this feature is disabled; all traffic received from PCs with
any MAC address is allowed.
Page 165 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Firewall and Network Management
9-5
v1.0, October 2008
See
“Enabling Source MAC Filtering (Address Filter)” on page 5-20
for the procedure on how to
use this feature.
Features that Increase Traffic
Features that tend to increase WAN-side loading are as follows:
Port forwarding
Port triggering
Exposed hosts
VPN tunnels
Port Forwarding
The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal
data or damage your PCs, but overloads your Internet connection so you can not use it (i.e., the
service is unavailable). You can also create additional firewall rules that are customized to block or
allow specific traffic.
You can control specific inbound traffic (from WAN to LAN). Inbound Services lists all existing
rules for inbound traffic. If you have not defined any rules, only the default rule will be listed. The
default rule blocks all inbound traffic.
Each rule lets you specify the desired action for the connections covered by the rule:
BLOCK always
ALLOW always
BLOCK by schedule, otherwise allow
ALLOW by schedule, otherwise block
You can also enable a check on special rules:
VPN Passthrough.
Passes the VPN traffic without any filtering, specially used when this
firewall is between two VPN tunnel end points.
Drop fragmented IP packets.
Drops any fragmented IP packets.
UDP Flooding.
Limits the number of UDP sessions created from one LAN machine.
TCP Flooding.
Protects the firewall from SYN flood attack.
Warning:
This feature is for Advanced Administrators only! Incorrect configuration
will cause serious problems.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top