Page 201 / 404 Scroll up to view Page 196 - 200
Chapter 13 Firewall
P-661HNU-Fx User’s Guide
201
13.2
The General Screen
Use this screen to enable or disable the ZyXEL Device’s firewall. Click
Security
>
Firewall
to open the
General
screen.
Figure 83
Security > Firewall > General
The following table describes the labels in this screen.
13.3
The Services Screen
Use this screen to enable service blocking and to maintain the list of services you
want to block. To access this screen, click
Security > Firewall > Services
.
Table 48
Security > Firewall > General
LABEL
DESCRIPTION
Firewall
Select
Enable
to activate the firewall. The ZyXEL Device performs
access control and protects against Denial of Service (DoS) attacks
when the firewall is activated.
Apply
Click
Apply
to save your changes.
Cancel
Click
Cancel
to restore your previously saved settings.
Page 202 / 404
Chapter 13 Firewall
P-661HNU-Fx User’s Guide
202
Note: These rules specify which computers on the LAN can access which computers
or services on the WAN.
Figure 84
Security > Firewall > Services
Each field is described in the following table.
Table 49
Security > Firewall > Services
LABEL
DESCRIPTION
LAN-to-WAN
Services
Blocking
Select
Enable
to activate service blocking.
Available
Services
This is a list of pre-defined services (destination ports) you may prohibit
your LAN computers from using. Select the port you want to block, and
click
Add
to add the port to the
Blocked Services
field.
A custom port is a service that is not available in the pre-defined
Available Services
list. You must define it using the
Type
and
Port
Number
fields. See
Appendix E on page 359
for some examples of
services.
Blocked
Services
This is a list of services (ports) that are inaccessible to computers on
your LAN when service blocking is effective. To remove a service from
this list, select the service, and click
Delete
.
Type
Select
TCP
,
UDP
or
TCP and UDP
, based on which one the custom port
uses.
Port Number
Enter the range of port numbers that defines the service. For example,
suppose you want to define the Gnutella service. Select
TCP
type and
enter a port range of
6345-6349
.
Add
Click this to add the selected service in
Available Services
to the
Blocked Services
list. Note that the service is blocked immediately
after clicking this.
Page 203 / 404
Chapter 13 Firewall
P-661HNU-Fx User’s Guide
203
13.4
Firewall Technical Reference
This section provides some technical background information about the topics
covered in this chapter.
13.4.1
Guidelines For Enhancing Security With Your Firewall
1
Change the default password via web configurator.
2
Think about access control before you connect to the network in any way.
3
Limit who can access your ZyXEL Device.
4
Don't enable any local service (such as Telnet or FTP) that you don't use. Any
enabled service could present a potential security risk. A determined hacker might
be able to find creative ways to misuse the enabled services to access the firewall
or the network.
5
For local services that are enabled, protect against misuse. Protect by configuring
the services to communicate only with specific peers, and protect by configuring
rules to block packets for the services at specific interfaces.
6
Keep the firewall in a secured (locked) room.
13.4.2
Security Considerations
Note: Incorrectly configuring the firewall may block valid access or introduce security
risks to the ZyXEL Device and your protected network. Use caution when
creating or deleting firewall rules and test your rules after you configure them.
Consider these security ramifications before creating a rule:
1
Does this rule stop LAN users from accessing critical resources on the Internet?
For example, if IRC is blocked, are there users that require this service?
Delete
Select a service in the
Blocked Services
, and click this to remove the
service from the list.
Clear All
Click this to remove all the services in the
Blocked Services
list.
Apply
Click
Apply
to save your changes.
Cancel
Click
Cancel
to restore your previously saved settings.
Table 49
Security > Firewall > Services (continued)
LABEL
DESCRIPTION
Page 204 / 404
Chapter 13 Firewall
P-661HNU-Fx User’s Guide
204
2
Is it possible to modify the rule to be more specific? For example, if IRC is blocked
for all users, will a rule that blocks just certain users be more effective?
3
Does a rule that allows Internet users access to resources on the LAN create a
security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the
Internet to the LAN, Internet users may be able to connect to computers with
running FTP servers.
4
Does this rule conflict with any existing rules?
Once these questions have been answered, adding rules is simply a matter of
entering the information into the correct fields in the web configurator screens.
Page 205 / 404
P-661HNU-Fx User’s Guide
205
C
HAPTER
14
MAC Filter
14.1
Overview
This chapter discusses MAC address filtering.
You can configure the ZyXEL Device to permit access to clients based on their MAC
addresses in the
MAC Filter
screen. This applies to wired and wireless
connections.
14.1.1
What You Need to Know
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC
address is assigned at the factory and consists of six pairs of hexadecimal
characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address
of the devices to configure this screen.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top