1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. NBG334W
    5. /
  5. 29
Page 141 / 296 Scroll up to view Page 136 - 140
141
P
ART
III
Security
Firewall
(143)
Content Filtering
(149)
Page 142 / 296
142
Page 143 / 296
NBG334W User’s Guide
143
C
HAPTER
13
Firewall
This chapter gives some background information on firewalls and explains how to get started
with the NBG334W’s firewall.
13.1
Introduction to ZyXEL’s Firewall
13.1.1
What is a Firewall?
Originally, the term “firewall” referred to a construction technique designed to prevent the
spread of fire from one room to another. The networking term "firewall" is a system or group
of systems that enforces an access-control policy between two networks. It may also be
defined as a mechanism used to protect a trusted network from a network that is not trusted. Of
course, firewalls cannot solve every security problem. A firewall is one of the mechanisms
used to establish a network security perimeter in support of a network security policy. It should
never be the only mechanism or method employed. For a firewall to guard effectively, you
must design and deploy it appropriately. This requires integrating the firewall into a broad
information-security policy. In addition, specific policies must be implemented within the
firewall itself.
13.1.2
Stateful Inspection Firewall
Stateful inspection firewalls restrict access by screening data packets against defined access
rules. They make access control decisions based on IP address and protocol. They also
"inspect" the session data to assure the integrity of the connection and to adapt to dynamic
protocols. These firewalls generally provide the best speed and transparency; however, they
may lack the granular application level access control or caching that some proxies support.
Firewalls, of one type or another, have become an integral part of standard security solutions
for enterprises.
13.1.3
About the NBG334W Firewall
The NBG334W firewall is a stateful inspection firewall and is designed to protect against
Denial of Service attacks when activated (click
the
General
tab under
Firewall
and then click
the
Enable
Firewall
check box). The NBG334W's purpose is to allow a private Local Area
Network (LAN) to be securely connected to the Internet. The NBG334W can be used to
prevent theft, destruction and modification of data, as well as log events, which may be
important to the security of your network.
Page 144 / 296
Chapter 13 Firewall
NBG334W User’s Guide
144
The NBG334W is installed between the LAN and a broadband modem connecting to the
Internet. This allows it to act as a secure gateway for all data passing between the Internet and
the LAN.
The NBG334W has one Ethernet WAN port and four Ethernet LAN ports, which are used to
physically separate the network into two areas.The WAN (Wide Area Network) port attaches
to the broadband (cable or DSL) modem to the Internet.
The LAN (Local Area Network) port attaches to a network of computers, which needs security
from the outside world. These computers will have access to Internet services such as e-mail,
FTP and the World Wide Web. However, "inbound access" is not allowed (by default) unless
the remote host is authorized to use a specific service.
13.1.4
Guidelines For Enhancing Security With Your Firewall
1
Change the default password via web configurator.
2
Think about access control before you connect to the network in any way, including
attaching a modem to the port.
3
Limit who can access your router.
4
Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled
service could present a potential security risk. A determined hacker might be able to find
creative ways to misuse the enabled services to access the firewall or the network.
5
For local services that are enabled, protect against misuse. Protect by configuring the
services to communicate only with specific peers, and protect by configuring rules to
block packets for the services at specific interfaces.
6
Protect against IP spoofing by making sure the firewall is active.
7
Keep the firewall in a secured (locked) room.
13.2
Triangle Routes
If an alternate gateway on the LAN has an IP address in the same subnet as the NBG334W’s
LAN IP address, return traffic may not go through the NBG334W. This is called an
asymmetrical or “triangle” route. This causes the NBG334W to reset the connection, as the
connection has not been acknowledged.
You can have the NBG334W permit the use of asymmetrical route topology on the network
(not reset the connection).
Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without
passing through the NBG334W. A better solution is to use IP alias to put the NBG334W and
the backup gateway on separate subnets.
13.2.1
Triangle Routes and IP Alias
You can use IP alias instead of allowing triangle routes. IP Alias allow you to partition your
network into logical sections over the same interface.
By putting your LAN and Gateway
A
in different subnets, all returning network traffic must
pass through the NBG334W to your LAN. The following steps describe such a scenario.
Page 145 / 296
Chapter 13 Firewall
NBG334W User’s Guide
145
1
A computer on the LAN initiates a connection by sending a SYN packet to a receiving
server on the WAN.
2
The NBG334W
reroutes the packet to Gateway
A
, which is in
Subnet 2
.
3
The reply from the WAN goes to the NBG334W.
4
The NBG334W then sends it to the computer on the LAN in
Subnet 1
.
Figure 79
Using IP Alias to Solve the Triangle Route Problem
13.3
General Firewall Screen
Click
Security
>
Firewall
to open the
General
screen. Use this screen to enable or disable the
NBG334W’s firewall, and set up firewall logs.
Figure 80
Security > Firewall > General l

Rate

4 / 5 based on 1 vote.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top