Page 131 / 229 Scroll up to view Page 126 - 130
Chapter 17 Firewall
NBG6716 User’s Guide
131
Figure 91
Security > Firewall > Services l
The following table describes the labels in this screen.
Table 58
Security > Firewall > Services
LABEL
DESCRIPTION
LABEL
DESCRIPTION
ICMP
Internet Control Message Protocol is a message control and error-reporting protocol
between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP)
datagrams, but the messages are processed by the TCP/IP software and directly apparent
to the application user.
Respond to Ping
on
The NBG6716 will not respond to any incoming Ping requests when
Disable
is selected.
Select
LAN
to reply to incoming LAN Ping requests. Select
WAN
to reply to incoming WAN
Ping requests. Otherwise select
LAN&WAN
to reply to all incoming LAN and WAN Ping
requests.
Apply
Click
Apply
to save the settings.
Enable Firewall Rule
Enable Firewall
Rule
Select this check box to activate the firewall rules that you define (see
Add Firewall Rule
below).
Apply
Click
Apply
to save the settings.
Add Firewall Rule
Service Name
Enter a name that identifies or describes the firewall rule.
MAC Address
Enter the MAC address of the computer for which the firewall rule applies.
Dest IP Address
Enter the IP address of the computer to which traffic for the application or service is
entering.
The NBG6716 applies the firewall rule to traffic initiating from this computer.
Page 132 / 229
Chapter 17 Firewall
NBG6716 User’s Guide
132
See
Appendix C on page 218
for commonly used services and port numbers.
Source IP Address
Enter the IP address of the computer that initializes traffic for the application or service.
The NBG6716 applies the firewall rule to traffic initiating from this computer.
Protocol
Select the protocol (
TCP
,
UDP
or
ICMP
) used to transport the packets for which you want
to apply the firewall rule.
Dest Port Range
Enter the port number/range of the destination that define the traffic type, for example
TCP port 80 defines web traffic.
Source Port
Range
Enter the port number/range of the source that define the traffic type, for example TCP
port 80 defines web traffic.
Add Rule
Click
Add
to save the firewall rule.
Firewall Rule
#
This is your firewall rule number. The ordering of your rules is important as rules are
applied in turn.
Service Name
This is a name that identifies or describes the firewall rule.
MAC address
This is the MAC address of the computer for which the firewall rule applies.
Dest IP
This is the IP address of the computer to which traffic for the application or service is
entering.
Source IP
This is the IP address of the computer from which traffic for the application or service is
initialized.
Protocol
This is the protocol (
TCP
,
UDP
or
ICMP
) used to transport the packets for which you want
to apply the firewall rule.
Dest Port Range
This is the port number/range of the destination that define the traffic type, for example
TCP port 80 defines web traffic.
Source Port
Range
This is the port number/range of the source that define the traffic type, for example TCP
port 80 defines web traffic.
Action
DROP
- Traffic matching the conditions of the firewall rule is stopped.
Delete
Click
Delete
to remove the firewall rule.
Cancel
Click
Cancel
to start configuring this screen again.
Table 58
Security > Firewall > Services (continued)
LABEL
DESCRIPTION
Page 133 / 229
NBG6716 User’s Guide
133
C
HAPTER
18
Content Filtering
18.1
Overview
This chapter provides a brief overview of content filtering using the embedded web GUI.
Internet content filtering allows you to create and enforce Internet access policies tailored to your
needs. Content filtering is the ability to block certain web features or specific URL keywords.
18.1.1
What You Need To Know
The following terms and concepts may help as you read through this chapter.
Content Filtering Profiles
Content filtering allows you to block certain web features, such as cookies, and/or block access to
specific web sites. For example, you can configure one policy that blocks John Doe’s access to arts
and entertainment web pages.
A content filtering profile conveniently stores your custom settings for the following features.
Keyword Blocking URL Checking
The NBG6716 checks the URL’s domain name (or IP address) and file path separately when
performing keyword blocking.
The URL’s domain name or IP address is the characters that come before the first slash in the URL.
For example, with the URL
www.zyxel.com.tw/news/pressroom.php
, the domain name is
www.zyxel.com.tw
.
The file path is the characters that come after the first slash in the URL. For example, with the URL
www.zyxel.com.tw/news/pressroom.php
, the file path is
news/pressroom.php
.
Since the NBG6716 checks the URL’s domain name (or IP address) and file path separately, it will
not find items that go across the two. For example, with the URL
www.zyxel.com.tw/news/
pressroom.php
, the NBG6716 would find “tw” in the domain name (
www.zyxel.com.tw)
. It would
also find “news” in the file path (
news/pressroom.php
) but it would not find “tw/news”.
18.2
Content Filter
Use this screen to restrict web features, add keywords for blocking and designate a trusted
computer. Click
Security
>
Content Filter
to open the
Content Filter
screen.
Page 134 / 229
Chapter 18 Content Filtering
NBG6716 User’s Guide
134
Figure 92
Security > Content Filter
The following table describes the labels in this screen.
Table 59
Security > Content Filter
LABEL
DESCRIPTION
Trusted IP Setup
To enable this feature, type an IP address of any one of the computers in your network
that you want to have as a trusted computer. This allows the trusted computer to have
full access to all features that are configured to be blocked by content filtering.
Leave this field blank to have no trusted computers.
Restrict Web
Features
Select the box(es) to restrict a feature. When you download a page containing a
restricted feature, that part of the web page will appear blank or grayed out.
ActiveX
A tool for building dynamic and active Web pages and distributed object applications.
When you visit an ActiveX Web site, ActiveX controls are downloaded to your browser,
where they remain in case you visit the site again.
Java
A programming language and development environment for building downloadable Web
components or Internet and intranet business applications of all kinds.
Cookies
Used by Web servers to track usage and provide service based on ID.
Web Proxy
A server that acts as an intermediary between a user and the Internet to provide
security, administrative control, and caching service. When a proxy server is located on
the WAN it is possible for LAN users to circumvent content filtering by pointing to this
proxy server.
Enable URL
Keyword Blocking
The NBG6716 can block Web sites with URLs that contain certain keywords in the domain
name or IP address. For example, if the keyword "bad" was enabled, all sites containing
this keyword in the domain name or IP address will be blocked, e.g., URL http://
www.website.com/bad.html would be blocked.
Select this check box to enable this feature.
Keyword
Type a keyword in this field. You may use any character (up to 64 characters). Wildcards
are not allowed. You can also enter a numerical IP address.
Add
Click
Add
after you have typed a keyword.
Repeat this procedure to add other keywords. Up to 64 keywords are allowed.
When you try to access a web page containing a keyword, you will get a message telling
you that the content filter is blocking this request.
Page 135 / 229
Chapter 18 Content Filtering
NBG6716 User’s Guide
135
18.3
Technical Reference
The following section contains additional technical information about the NBG6716 features
described in this chapter.
18.3.1
Customizing Keyword Blocking URL Checking
You can use commands to set how much of a website’s URL the content filter is to check for
keyword blocking. See the appendices for information on how to access and use the command
interpreter.
Domain Name or IP Address URL Checking
By default, the NBG6716 checks the URL’s domain name or IP address when performing keyword
blocking.
This means that the NBG6716 checks the characters that come before the first slash in the URL.
For example, with the URL
www.zyxel.com.tw/news/pressroom.php
, content filtering only searches
for keywords within
www.zyxel.com.tw
.
Full Path URL Checking
Full path URL checking has the NBG6716 check the characters that come before the last slash in the
URL.
For example, with the URL
www.zyxel.com.tw/news/pressroom.php
, full path URL checking
searches for keywords within
www.zyxel.com.tw/news/
.
Use the
ip urlfilter customize actionFlags 6 [disable | enable]
command to extend (or
not extend) the keyword blocking search to include the URL's full path.
File Name URL Checking
Filename URL checking has the NBG6716 check all of the characters in the URL.
For example, filename URL checking searches for keywords within the URL
www.zyxel.com.tw/
news/pressroom.php
.
Keyword List
This list displays the keywords already added.
Delete
Highlight a keyword in the lower box and click
Delete
to remove it. The keyword
disappears from the text box after you click
Apply
.
Clear All
Click this button to remove all of the listed keywords.
Apply
Click
Apply
to save your changes.
Cancel
Click
Cancel
to begin configuring this screen afresh
Table 59
Security > Content Filter
(continued)
LABEL
DESCRIPTION

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top