1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. NBG6817
    5. /
  5. 29
Page 141 / 209 Scroll up to view Page 136 - 140
NBG6817 User’s Guide
141
C
HAPTER
14
Security
14.1
Overview
Use these screens to enable and configure the firewall that protects your NBG6817 and your LAN
from unwanted or malicious traffic.
Enable the firewall to protect your LAN computers from attacks by hackers on the Internet and
control access between the LAN and WAN. By default the firewall:
allows traffic that originates from your LAN computers to go to all of the networks.
blocks traffic that originates on the other networks from going to the LAN.
The following figure illustrates the default firewall action. User
A
can initiate an IM (Instant
Messaging) session from the LAN to the WAN (1). Return traffic for this session is also allowed (2).
However other traffic initiated from the WAN is blocked (3 and 4).
Figure 95
Default Firewall Action
14.1.1
What You Can Do
Use the
IPv4 Firewall
screen to enable or disable the NBG6817’s IPv4 firewall (
Section 14.2 on
page 142
).
Use the
IPv6 Firewall
screen to enable or disable the NBG6817’s IPv6 firewall (
Section 14.3 on
page 144
).
14.1.2
What You Need To Know
The following terms and concepts may help as you read through this chapter.
WAN
LAN
3
4
1
2
A
Page 142 / 209
Chapter 14 Security
NBG6817 User’s Guide
142
About the NBG6817 Firewall
The NBG6817’s firewall feature physically separates the LAN and the WAN and acts as a secure
gateway for all data passing between the networks.
It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when
activated (click
the
IPv4 Firewall
or
IPv6 Firewall
tab under
Security
and then click the
Enable
Firewall
check box). The NBG6817's purpose is to allow a private Local Area Network (LAN) to be
securely connected to the Internet. The NBG6817 can be used to prevent theft, destruction and
modification of data, as well as log events, which may be important to the security of your network.
The NBG6817 is installed between the LAN and a broadband modem connecting to the Internet.
This allows it to act as a secure gateway for all data passing between the Internet and the LAN.
The NBG6817 has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically
separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband
(cable or DSL) modem to the Internet.
The LAN (Local Area Network) port attaches to a network of computers, which needs security from
the outside world. These computers will have access to Internet services such as e-mail, FTP and
the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host
is authorized to use a specific service.
Guidelines For Enhancing Security With Your Firewall
1
Change the default password via Web Configurator.
2
Think about access control before you connect to the network in any way, including attaching a
modem to the port.
3
Limit who can access your router.
4
Don't enable any local service (such as NTP) that you don't use. Any enabled service could present
a potential security risk. A determined hacker might be able to find creative ways to misuse the
enabled services to access the firewall or the network.
5
For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the
services at specific interfaces.
6
Protect against IP spoofing by making sure the firewall is active.
7
Keep the firewall in a secured (locked) room.
14.2
IPv4 Firewall Screen
Use this screen to enable or disable the NBG6817’s IPv4 firewall. Click
Expert Mode
>
Security
>
IPv4
Firewall
to open the firewall setup screen.
Page 143 / 209
Chapter 14 Security
NBG6817 User’s Guide
143
Figure 96
Expert Mode > Security > IPv4 Firewall
The following table describes the labels in this screen.
Table 51
Expert Mode > Security > IPv4 Firewall
LABEL
DESCRIPTION
ICMP
Internet Control Message Protocol is a message control and error-reporting protocol
between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP)
datagrams, but the messages are processed by the TCP/IP software and directly apparent
to the application user.
Respond to Ping
on
The NBG6817 will not respond to any incoming Ping requests when
Disable
is selected.
Select
LAN
to reply to incoming LAN Ping requests. Select
WAN
to reply to incoming
WAN Ping requests. Otherwise select
LAN&WAN
to reply to all incoming LAN and WAN
Ping requests.
Firewall Setup
Enable Firewall
Select this check box to activate the firewall. The NBG6817 performs access control and
protects against Denial of Service (DoS) attacks when the firewall is activated.
Enable Firewall Rule
Enable Firewall
Rule
Select this check box to activate the firewall rules that you define (see Add Firewall Rule
below).
Filter table type
Select
DROP
to silently discard the packets which meet the firewall rules. The others are
accepted.
Select
ACCEPT
to allow the passage of the packets which meet the firewall rules. The
others are blocked.
Page 144 / 209
Chapter 14 Security
NBG6817 User’s Guide
144
14.3
IPv6 Firewall Screen
This chapter shows you how to enable and create IPv6 firewall rules to filter IPv6 traffic.
Add Firewall Rule
Service Name
Enter a name that identifies or describes the firewall rule.
MAC Address
Enter the MAC address of the computer for which the firewall rule applies.
Dest IP Address
Enter the IP address of the computer to which traffic for the application or service is
entering.
The NBG6817 applies the firewall rule to traffic initiating from this computer.
Source IP Address
Enter the IP address of the computer that initializes traffic for the application or service.
The NBG6817 applies the firewall rule to traffic initiating from this computer.
Protocol
Select the protocol (
TCP
,
UDP
or
ICMP
) used to transport the packets for which you want
to apply the firewall rule.
Dest Port Range
This is the port number/range of the destination that define the traffic type, for example
TCP port 80 defines web traffic.
Source Port
Range
This is the port number/range of the source that define the traffic type, for example TCP
port 80 defines web traffic.
Add Rule
Click
Add
Rule
to save the firewall rule.
Firewall Rule
#
This is your firewall rule number. The ordering of your rules is important as rules are
applied in turn.
Service Name
This is a name that identifies or describes the firewall rule.
MAC addresse
This is the MAC address of the computer for which the firewall rule applies.
Dest IP
This is the IP address of the computer to which traffic for the application or service is
entering.
Source IP
This is the IP address of the computer from which traffic for the application or service is
initialized.
Protocol
This is the protocol (
TCP
,
UDP
or
ICMP
) used to transport the packets for which you
want to apply the firewall rule.
Dest Port Range
This is the port number/range of the destination that define the traffic type, for example
TCP port 80 defines web traffic.
Source Port
Range
This is the port number/range of the source that define the traffic type, for example TCP
port 80 defines web traffic.
Delete
Click
to remove the firewall rule.
Apply
Click
Apply
to save the settings.
Cancel
Click
Cancel
to start configuring this screen again.
Table 51
Expert Mode > Security > IPv4 Firewall
(continued)
LABEL
DESCRIPTION
Page 145 / 209
Chapter 14 Security
NBG6817 User’s Guide
145
Click
Expert Mode
>
Security
>
IPv6
Firewall
. The
IPv6
Firewall
screen appears as shown.
Figure 97
Expert Mode > Security > IPv6 Firewall
The following table describes the labels in this screen.
Table 52
Expert Mode > Security > IPv6 Firewall
LABEL
DESCRIPTION
Enable Firewall Rule
Enable Firewall Rule
Select this check box to activate the firewall rules that you define (see
Add Firewall
Rule
below).
Action
Select
DROP
to silently discard the packets which meet the firewall rules. The others
are accepted.
Select
ACCEPT
to allow the passage of the packets which meet the firewall rules. The
others are blocked.
Add Firewall Rule
Service Name
Enter a name that identifies or describes the firewall rule.
MAC Address
Enter the MAC address of the computer for which the firewall rule applies.
Dest IP Address
Enter the IPv6 address of the computer to which traffic for the application or service is
entering.
The NBG6817 applies the firewall rule to traffic destined for this computer.
Source IP Address
Enter the IPv6 address of the computer that initializes traffic for the application or
service.
The NBG6817 applies the firewall rule to traffic initiating from this computer.
Protocol
Select the protocol (
TCP
,
UDP
or
ICMPv6
) used to transport the packets for which you
want to apply the firewall rule.
Dest Port Range
Enter the port number/range of the destination that defines the traffic type, for
example TCP port 80 defines web traffic.
Source Port Range
Enter the port number/range of the source that defines the traffic type, for example
TCP port 80 defines web traffic.

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top