Page 46 / 85 Scroll up to view Page 41 - 45
Router User’s Guide
Monitoring Network Health
Level
The firewall contained within the Router may be configured to operate in one of several modes, referred
to as levels. For ease of use, three generic levels are preconfigured – Low, Medium and High. A separate
level, ICSA 3.0a Compliant, is provided for those users who require compliance with the criteria set forth
by ICSA Labs for firewall behavior. (Please refer to Appendix D, “Firewall Security Levels,” in the User
Guide on CD-ROM for a detailed description of these preconfigured levels.)
In addition to the preconfigured levels, a Custom level is provided for advanced users who require the
capability to define a unique custom set of firewall rules. To specify the firewall security level:
1. Select
Setup>Firewall>Level
from the left navigation pane of the Web interface. This displays the
“Firewall Level Configuration” window.
2.
Select one of the following from the
Select Firewall Level
drop-down menu.
Off
No restrictions are applied to either inbound or outbound traffic. In addition, Network Address Port
Translation (NAPT) functionality is disabled. Because there is no address/port translation when
the firewall is placed in this mode, all LAN-side connected hosts must be assigned a valid public
IP address.
Low
Minimal restrictions with respect to outbound traffic. Outbound traffic is allowed for all supported
IP-based applications and Application Level Routers (ALGs). The only inbound traffic allowed is
traffic received within the context of an outbound session initiated on the local host.
Medium
Moderate restrictions with respect to outbound traffic. Outbound traffic is allowed for most
supported IP-based applications and Application Level Routers (ALGs). The only inbound traffic
allowed is traffic received within the context of an outbound session initiated on the local host.
High
High restrictions with respect to outbound traffic. Outbound traffic is allowed only for a very
restricted set of supported IP-based applications and ALGs. The only inbound traffic allowed is
traffic received within the context of an outbound session initiated on the local host and permitted
by this firewall mode.
ICSA 3.0a-compliant
Supports the ICSA Labs criteria for firewall behavior. (For more information, visit the ICSA site at
).
Custom
Allows advanced users to add, modify, and delete their own firewall rules. If you select this option,
you must set customized rules for both inbound and outbound traffic using the IP Filtering option.
3. Click
Apply
.
43
Page 47 / 85
Router User’s Guide
Monitoring Network Health
Snooze
The snooze feature allows you to temporarily disable the firewall for a set amount of time so outside
support personnel can access your Router or network or so you can run an application that conflicts with
the firewall.
Note
:
Important!
This function is recommended for use only when you require this special
level of unrestricted access as it leaves your Router and network exposed to the Internet with no firewall
protection.
To enable and configure snooze control:
1. Select
Setup>Firewall>Snooze
from the left navigation pane of the Web interface. This displays the
“Firewall Snooze Control” window.
2.
Select one of the following:
Disable Snooze
Disables all snooze control. In this mode, the firewall is not disabled.
Enable Snooze, and set the Snooze time interval to
Enables snooze for a specified time period. Be sure to enter the number of minutes to define how
long the firewall should be disabled.
Reset the Snooze time interval to
Reset the snooze control time period. Use this option if you need a time extension for an open
snooze session. Be sure to specify the additional amount of time (minutes) the firewall should be
disabled.
3. Click
Apply
.
44
Page 48 / 85
Router User’s Guide
Monitoring Network Health
DMZ
The firewall supports virtual DMZ in single (LAN) port router models. Virtual DMZ redirects traffic to a
specified IP address rather than a physical port. Because this redirection is a logical application rather
than physical, it is called “virtual DMZ.”
Using virtual DMZ, a single node on the LAN can be made “visible” to the WAN IP network. Any incoming
network traffic not handled by port forwarding rules is automatically forwarded to an enabled DMZ node.
Outbound traffic from the virtual DMZ node circumvents all firewall rules. The DMZ feature allows a
computer on your home network to circumvent the firewall and have direct access to the internet. This
feature is primarily used for gaming. Under this mode of operation all network traffic received from the
WAN that is not destined for a host specifically exposed through NAT or for a server exposed through
Port Forwarding will be redirected to the designated DMZ host. If the DMZ feature is enabled, you must
select the computer to be used as the DMZ computer/host.
This function is recommended for use only when you require this special level of unrestricted access as it
leaves your Router and network exposed to the Internet with no firewall protection. To enable and
configure the DMZ:
1. Select
Setup>Firewall>DMZ
from the left navigation pane of the Web interface. This displays the
“Firewall DMZ Configuration” window.
2.
Select one of the following DMZ enable options:
Disable DMZ
The firewall is not bypassed.
Enable DMZ with this Host IP address
The firewall is bypassed through an IP address typed in the box next to this field.
Enable DMZ with this Host IP address
The firewall is bypassed through an IP address that is selected from the
Select Host
drop-down
menu next to this field. Select the desired host from the drop-down menu.
3.
Select one of the following time element options:
Make Settings Permanent
DMZ settings are permanent unless changed by the administrator.
Make Settings Last for
DMZ settings last for only the time (in minutes) entered in the box next to this option.
4. Click
Apply
.
45
Page 49 / 85
Router User’s Guide
Monitoring Network Health
Filter Rules
If the firewall security level is set to Custom, this features allows you to specify a unique set of firewall
rules for handling inbound and outbound traffic customized to the user’s specific requirements. In this
mode of operation the firewall provides an extensive amount of configurability. As such, only advanced
users should employ this feature.
Rules can be filter-based on any of the following:
Source and destination router interfaces
IP protocols
Direction of traffic flow
Source and destination network/host IP address
Protocol-specific attributes such as ICMP message types
Source and destination port ranges (for protocols that support them), and support for port comparison
operators such as less than, greater than, and equal to.
Rules can specifically allow or deny packets to flow through the router. Default actions taken when no
specific rule applies can also be configured.
To define inbound and outbound IP filter rules:
1. Select
Setup>Firewall>Filter Rules
from the left navigation pane of the Web interface. This displays
the “Firewall IP Filter Configuration Wizard” window.
2.
Do one of the following:
To add new IP filter rules as you define them, click
Add New IP Filter Rule
. This displays the
Basic Rule Definition
” window.
To clone IP filter rules already defined, click
Clone IP Filter Level
. This displays the “
Clone Rule
Definition
” window. Once cloned, you can modify the existing rules.
46
Page 50 / 85
Router User’s Guide
Monitoring Network Health
Creating Custom IP Filter Rules
To add a new rule:
1.
Type up to a five digit numeric value in the
Rule No
box to uniquely identify the rule.
2. Select either
Permit
or
Deny
from the
Access
drop-down menu. Select
Permit
to allow the rule and
Deny
to prohibit the rule.
3. Select either
Inbound
or
Outbound
from the
Direction
drop-down menu.
Inbound
refers to data
coming into the Router, while
Outbound
refers to data transmitted from the Router.
4. Optionally, select the
Disable stateful inspection for packets matching this rule
to prevent the
firewall from creating a stateful inspection session for packets matched on this rule.
5. Optionally, select the
Create a log entry for packets matching this rule
. When selected, an entry is
placed in the log file when packets match this rule.
6. Click
Next
. This displays the “Source & Destination Definition” window.
7. Under the
Source
heading, select a network connection from the
Network Interface
drop-down
menu.
8.
Select one of the following options:
Any IP Address
Select this option if this rule applies to any IP address from the source.
This IP Address
Select this option if a rule applies to a specific IP address from the source.
47

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top