1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. NBG4604
    5. /
  5. 27
Page 131 / 268 Scroll up to view Page 126 - 130
Chapter 12 Firewall
NBG4604 User’s Guide
131
12.4
General Firewall Screen
Use this screen to enable or disable the NBG4604’s firewall, and set up firewall
logs. Click
Security
>
Firewall
to open the
General
screen.
Figure 78
Security > Firewall > General
The following table describes the labels in this screen.
12.5
The Access Control Rule Screen
Click
Firewall > Access Control Rule
to display the following screen. This
screen displays a list of the configured access control rules.
Figure 79
Firewall > Access Control Rule
Table 51
Security > Firewall > General
LABEL
DESCRIPTION
Enable Firewall
Select this check box to activate the firewall. The NBG4604 performs
access control and protects against Denial of Service (DoS) attacks
when the firewall is activated.
Apply
Click
Apply
to save the settings.
Reset
Click
Reset
to start configuring this screen again.
Page 132 / 268
Chapter 12 Firewall
NBG4604 User’s Guide
132
The following table describes the labels in this screen.
Table 52
Firewall > Access Control Rule
LABEL
DESCRIPTION
Application Rules Summary
Packet
Direction
This displays the direction of traffic (WAN to WAN) to which this rule
applies.
The NBG4604 stops computers on the WAN from managing the
NBG4604 or using the NBG4604 as a gateway to communicate with
other computers on the WAN.
#
This is your firewall rule number. The ordering of your rules is important
as rules are applied in turn.
Active
This field displays whether a rule is turned on or not. A green bulb
signifies that this rule is active. A gray bulb signifies that this rule is not
active.
Name
This displays the name of the rule.
Source IP
Address
This displays the source addresses or ranges of addresses to which this
rule applies.
Service List
Select the service to which this rule applies from the drop-down list box.
Select Protocol
Select the transport layer protocol that defines your customized port
from the drop-down list box.
If you want to configure a customized protocol, select
Specific
Protocol
.
Protocol Type
This displays the IP port that defines your customized port.
Port Range
This displays the port number or the range of port numbers of the
destination.
Action
This field displays whether the rule silently discards packets (
Drop
),
discards packets and sends a TCP reset packet or an ICMP destination-
unreachable message to the sender (
Reject
) or allows the passage of
packets (
Permit
).
Modify
Click the
Edit
icon to edit the rule.
Click the
Delete
icon to delete an existing rule. Note that subsequent
rules move up by one when you take this action.
Page 133 / 268
Chapter 12 Firewall
NBG4604 User’s Guide
133
12.5.1
Add/Edit an ACL Rule
Click
Add
New ACL Rule
or the
Edit
icon next to an existing ACL rule in the
Access Control
screen. The following screen displays.
Figure 80
Access Control Rule: Add/Edit
The following table describes the labels in this screen.
Table 53
Access Control Rule: Add/Edit
LABEL
DESCRIPTION
Access Control Rule setup
Active
Select the check box to enable the rule. Clear the check box to disable
the rule.
Rule Name
Enter a descriptive name for the rule.
Source IP
Address
Enter the source addresses or ranges of addresses to which this rule
applies. Please note that a blank source or destination address is
equivalent to
Any
.
Service List
Select the service to which this rule applies from the drop-down list
box.
Select Protocol
Select the transport layer protocol that defines your customized port
from the drop-down list box.
If you want to configure a customized protocol, select
Specific
Protocol
.
Protocol Type
Choose the IP port (
Both
,
TCP
, or
UDP
) that defines your customized
port from the drop-down list box.
Port Range
Enter a single port number or the range of port numbers of the
destination.
Apply
Click
Apply
to save the settings.
Reset
Click
Reset
to start configuring this screen again.
Page 134 / 268
Chapter 12 Firewall
NBG4604 User’s Guide
134
12.6
Services Screen
If an outside user attempts to probe an unsupported port on your NBG4604, an
ICMP response packet is automatically returned. This allows the outside user to
know the NBG4604 exists. Use this screen to prevent the ICMP response packet
from being sent. This keeps outsiders from discovering your NBG4604 when
unsupported ports are probed.
You can also use this screen to enable service blocking, enter/delete/modify the
services you want to block and the date/time you want to block them.
Click
Security
>
Firewall
>
Services
. The screen appears as shown next.
Figure 81
Security > Firewall > Services
The following table describes the labels in this screen.
Table 54
Security > Firewall > Services
LABEL
DESCRIPTION
ICMP
Internet Control Message Protocol is a message control and error-
reporting protocol between a host server and a gateway to the Internet.
ICMP uses Internet Protocol (IP) datagrams, but the messages are
processed by the TCP/IP software and directly apparent to the
application user.
Respond to Ping
on
The NBG4604 will not respond to any incoming Ping requests when
Disable
is selected. Select
LAN
to reply to incoming LAN Ping requests.
Select
WAN
to reply to incoming WAN Ping requests. Otherwise select
LAN & WAN
to reply to all incoming LAN and WAN Ping requests.
Do not respond
to requests for
unauthorized
services
Select this option to prevent hackers from finding the NBG4604 by
probing for unused ports. If you select this option, the NBG4604 will not
respond to port request(s) for unused ports, thus leaving the unused
ports and the NBG4604 unseen. By default this option is not selected
and the NBG4604 will reply with an ICMP Port Unreachable packet for a
port probe on its unused UDP ports, and a TCP Reset packet for a port
probe on its unused TCP ports.
Note that the probing packets must first traverse the NBG4604's firewall
mechanism before reaching this anti-probing mechanism. Therefore if
the firewall mechanism blocks a probing packet, the NBG4604 reacts
based on the firewall policy, which by default, is to send a TCP reset
packet for a blocked TCP packet. You can use the command "sys firewall
tcprst rst [on|off]" to change this policy. When the firewall mechanism
blocks a UDP packet, it drops the packet without sending a response
packet.
Page 135 / 268
Chapter 12 Firewall
NBG4604 User’s Guide
135
Apply
Click
Apply
to save the settings.
Reset
Click
Reset
to start configuring this screen again.
Table 54
Security > Firewall > Services
LABEL
DESCRIPTION

Rate

4 / 5 based on 1 vote.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top