1. Home
    2. /
  2. Manuals
    3. /
  3. Option
    4. /
  4. GlobeSurfer-II
    5. /
  5. 12
Page 56 / 126 Scroll up to view Page 51 - 55
56
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
Figure 5.87 New Port Triggering Rule
You can disable a port triggering rule without having to remove it from the ‘Port Triggering’ screen.
To temporarily disable a rule, clear the check box next to the service name.
To reinstate it at a later time, simply reselect the check box.
To remove a rule, click the Remove action icon for the service. The service will be permanently removed. There may be a
few default port triggering rules listed when you first access the port triggering screen. Please note that disabling these
rules may result in impaired gateway functionality.
5.3.6
Website restrictions
You may configure GlobeSurfer
®
II to block specific Internet websites so that they cannot be accessed from computers in the
home network. Moreover, restrictions can be applied to a comprehensive and automaticallyupdated table of sites to which
access is not recommended.
To block access to a website:
1.
Click the ‘Website Restrictions’ tab in the ‘Security’ management screen (see Figure 5.88).
Figure 5.88 Website restrictions
2.
Click the ‘New Entry’ link. The ‘Restricted Website’ screen will appear (see Figure 5.89).
Page 57 / 126
57
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
Figure 5.89 restricted Website
3.
Enter the website address (IP address or URL) that you would like to make inaccessible from your home network (all Web
pages within the site will also be blocked). If the website address has multiple IP addresses, GlobeSurfer
®
II will resolve all
additional addresses and automatically add them to the restrictions table.
4.
The Local Host combo box provides you the ability to specify the computer or group of computers for which you would like
to apply the website restriction.
You can select between any or a specific computer address in your LAN. If you choose the User Defined’ option, the screen
will refresh, and you will be redirected to the ‘Edit network object’ page. To learn more about network objects, see chapter
6.6.8.
5.
The Schedule combo-box allows you to define the time period during which this rule will take effect. By default, the rule
will always be active. However, you can configure scheduler rules by selecting ‘User Defined’. To learn how to configure
scheduler rules please refer to section 6.6.4.
6.
Click ‘OK’ to save the settings.You will be returned to the previous screen while GlobeSurfer
®
II attempts to find the site.
‘Resolving. . . ‘ will appear in the Status column while the site is being located (the URL is ‘resolved’ into one or more IP
addresses).
7.
Click the ‘Refresh’ button to update the status if necessary. If the site is successfully located then ‘Resolved’ will appear
in the status bar, otherwise ‘Hostname Resolution Failed’ will appear. In case GlobeSurfer
®
II fails to locate the website, do
the following:
a.
Use a Web browser to verify that the website is available. If it is, then you probably entered the website address
incorrectly.
b.
If the website is not available, return to the ‘Website Restrictions’ screen at a later time and click the ‘Resolve Now’
button to verify that the website can be found and blocked by GlobeSurfer
®
II.
You may edit the website restriction by modifying its entry under the ‘Local Host’ column in the ‘Website Restrictions’ screen.
To modify an entry:
1.
Click the Edit action icon for the restriction. The ‘Restricted Website’ screen will appear (see Figure 5.89). Modify the
website address, group or schedule as necessary.
2.
Click the ‘OK’ button to save your changes and return to the ‘Website Restrictions’ screen.
To ensure that all current IP addresses corresponding to the restricted websites are blocked:
1.
Click the ‘Resolve Now’ button. GlobeSurfer
®
II will check each of the restricted website addresses and ensure that all IP
addresses at which this website can be found are included in the IP addresses column.
You can disable a restriction in order to make a website available again without having to remove it from the ‘Website
Restrictions’ screen. This may be useful if you wish to make the website available only temporarily and expect that you will
want to block it again in the future.
To temporarily disable a rule, clear the check box next to the service name.
Page 58 / 126
58
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
To reinstate it at a later time, simply reselect the check box.
To remove a rule, click the Remove action icon for the service. The service will be permanently removed.
5.3.7
Advanced filtering
Advanced filtering is designed to allow comprehensive control over the firewall’s behavior. You can define specific input and
output rules, control the order of logically similar sets of rules and make a distinction between rules that apply to WAN and
LAN devices.
To view GlobeSurfer
®
II’s advanced filtering options, click the ‘Advanced Filtering’ tab in the ‘Security’ management screen.
The ‘Advanced Filtering’ screen will appear (see Figure 5.90).
Figure 5.90 Advanced Filtering
This screen is divided into two identical sections, one for ‘Input Rule Sets’ and the other for ‘Output Rule Sets’, which are for
configuring inbound and outbound traffic, respectively. Each section is comprised of subsets, which can be grouped into three
main subjects:
Initial rules - rules defined here will be applied first, on all gateway devices.
Network devices rules - rules can be defined per each gateway device.
Final rules - rules defined here will be applied last, on all gateway devices.
Note:
The order of the firewall rules’ appearance in the ‘Advanced Filtering’ screen represents the sequence by which they will
be applied.
There are numerous rules automatically inserted by the firewall in order to provide improved security and block harmful
attacks.
To configure an advanced filtering rule:
1.
After choosing the traffic direction and the device on which to set the rule, click the appropriate New Entry link. The ‘Add
Advanced Filter’ screen will appear (see Figure 5.91).
Page 59 / 126
59
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
Figure 5.91 Add Advanced Filtering
Matching
To apply a rule, a matching must be made between IP addresses, and a traffic protocol must be defined:
‘Source Address’
The source address of the packets sent to or received from the network object (computer A in the
above example). To add an address:
a.
Select the ‘User Defined’ option in the combo box. The screen will refresh and you will be directed to the ‘Edit
Network Object’ page.
b.
Use the ‘Edit Network Object’ page to define your address. Please refer to section 6.6.8 in order to learn how to do so.
‘Destination Address’
The destination address of the packets sent to or received from the network object. This address
can be configured in the same manner as the source address.
‘Protocol’
You may choose a specific traffic protocol from the combo box, or add a new one. To add a new traffic protocol:
a.
Select the ‘User Defined’ option in the combo box. The screen will refresh and you will be directed to the ‘Edit
Service’ page.
b.
Use the ‘Edit Service’ page to define your protocol. Please refer to section 6.6.15 in order to learn how to do so.
‘Operation’
Define what action the rule will take, by selecting one of the following radio buttons:
‘DROP’
Deny access to packets that match the source and destination IP addresses and service ports defined in
‘Matching’.
‘REJECT’
Deny access to packets that match the source and destination IP addresses and service ports defined in
‘Matching’ and sends and sends an ICMP error or a TCP reset to the origination peer.
‘ACCEPT’
Allow access to packets that match the source and destination IP addresses and service ports defined in
‘Matching’. The data transfer session will be handled using Stateful Packet Inspection (SPI).
‘ACCEPT PACKET’
Allow access to packets that match the source and destination IP addresses and service ports defined
in ‘Matching’. The data transfer session will not be handled using Stateful Packet Inspection (SPI), meaning that other
packets that match this rule will not be automatically allowed access. For example, this can useful when creating rules that
allow broadcasting.
Page 60 / 126
60
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
‘Logging’
Monitor the rule:
‘Log Packets Matched by This Rule’
Check this check box to log the first packet from a connection that was matched by
this rule.
‘Schedule’ By default, the rule will always be active. However, you can configure scheduler rules in order to define time
segments during which the rule may be active. To learn how to configure scheduler rules please refer to section 6.6.4.
2.
Click ‘OK’ to save the settings.
5.3.8
Security log
The Security Log displays a list of firewall-related events, including attempts to establish inbound and outbound connections,
attempts to authenticate through an administrative interface (Web-based management or Telnet terminal), firewall
configuration and system start-up.
To view the security log, click the ‘Security Log’ tab in the ‘Security’ management screen. The ‘Security Log’ screen will appear
(see Figure 5.92).
Figure 5.92 Security Log
‘Time’
The time the event occurred.
‘Event’
There are five kinds of events:
Inbound Traffic: The event is a result of an incoming packet.
Outbound Traffic: The event is a result of outgoing packet.
Firewall Setup: Configuration message.
WBM Login: Indicates that a user has logged in to WBM.
CLI Login: Indicates that a user has logged in to CLI (via Telnet).

Rate

4 / 5 based on 2 votes.

Popular Option Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top