Cisco Systems RVL200 manual Firewall Access Rules, Restrict WEB Features

Page 39

Chapter 4

Advanced Configuration

NOTE: SSL VPN has higher priority than Port Forwarding when HTTPS is enabled.

HTTP  ToallowHTTPconnectionsforremotemanagement, select Enable. Otherwise, select Disable. Then enter the port number you want to use for remote management (port 80 or 8080 is usually used).

MulticastPassThrough  Thisoptionisdisabledbydefault. IP multicasting occurs when a single data transmission is sent to multiple recipients at the same time. Using this feature, the Router allows IP multicast packets to be forwarded to the appropriate LAN devices. Multicast Pass Through is used for Internet games, videoconferencing, and multimedia applications.

SIP Application Layer Gateway  This option is enabled by default. It enables use of Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for Internet phone calls, multimedia conferences, and instant messaging.

Restrict WEB Features

Block  Select the filters you want to use.

Java  Java is a programming language for websites. If you deny Java applets, you run the risk of losing access to Internet sites created using this programming language. To block Java applets, select Java.

Cookies  A cookie is data stored on your PC and used by Internet sites when you interact with them. To block cookies, select Cookies.

ActiveX  ActiveX is a programming language for websites. If you deny ActiveX, you run the risk of losing access to Internet sites created using this programming language. To block ActiveX, select ActiveX.

Access to HTTP Proxy Servers  Use of WAN proxy servers may compromise the Router’s security. If you block access to HTTP proxy servers, then you block access to WAN proxy servers. To block access, select Access to HTTP Proxy Servers.

Don’t block Java/ActiveX/Cookies/Proxy to Trusted Domains  To keep trusted sites unblocked, select this option.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Firewall > Access Rules

Access rules evaluate network traffic to decide whether or not it is allowed to pass through the Router’s firewall. Access Rules look specifically at a data transmission’s source IP address, destination IP address, and IP protocol

type, and you can apply each access rule according to a different schedule.

With the use of custom rules, it is possible to disable all firewall protection or block all access to the Internet, so use extreme caution when creating or deleting access rules.

The Router has the following default rules:

All traffic from the LAN to the WAN is allowed.

All traffic from the WAN to the LAN is denied.

Custom rules can be created to override the above default rules, but there are four additional default rules that will be always active and cannot be overridden by any custom rules.

HTTP service from the LAN to the Router is always allowed.

DHCP service from the LAN is always allowed.

DNS service from the LAN is always allowed.

Ping service from the LAN to the Router is always allowed.

Firewall > Access Rules

Access Rules

Except for the default rules, all configured access rules are listed in the Access Rules table, and you can set the priority for each custom rule. The Access Rules table lists the following information for each access rule:

Priority  The Priority is displayed.

Policy Name  The name of the access rule is displayed. Enable  The status of the access rule is displayed. Action  The Action, Allow or Deny, is displayed. Service  The Service is displayed.

Source Interface  The Source Interface, LAN or WAN, is displayed.

Source  The specific Source is displayed. Destination  The specific Destination is displayed.

4-Port SSL/IPSec VPN Router

31

Page 38 Page 40
Image 39
Page 38 Page 40
Contents Port SSL/IPSec VPN Router About This Guide About This GuideTable of Contents Ddns IPSec VPN Gateway to Gateway Appendix C Bandwidth Management Appendix D Active Directory ServerAppendix E User for the Active Directory Server Appendix I Gateway-to-Gateway VPN Tunnel Appendix J IPSec NAT TraversalAppendix L Multiple VLANs with Computers Appendix M Multiple VLANs and Subnets Appendix O Firmware UpgradeAppendix P Battery Replacement Appendix Q SpecificationsIntroduction to the Router ChapterChapter Introduction IntroductionComputer using SSL VPN client software to VPN Router Back Panel Chapter Product OverviewProduct Overview Front PanelChapter Installation InstallationPhysical Installation Cable Connection Before You Begin Chapter Advanced ConfigurationAdvanced Configuration OverviewClick Security Select Use SSL 2.0 and Use SSL How to Access the Web-Based UtilitySystem Information System SummarySSL VPN Setting Status Network Setting StatusFirewall Setting Status IPSec VPN Setting StatusWAN Connection Type Setup Tab NetworkLAN Setting NetworkPPPoE Point-to-Point Protocol over Ethernet Static IPPptp Point-to-Point Tunneling Protocol Setup PasswordTime Setup TimeSetup DMZ Host PasswordPort Triggering Setup Tab ForwardingForwarding Port Range ForwardingUPnP Setup UPnPSetup One-to-One NAT Setup MAC CloneOne-to-One NAT Advanced Routing Setup DdnsSetup Advanced Routing MAC CloneStatic Routing Dhcp SetupSetup Dynamic IPStatic IP Multiple VLANs Dhcp StatusStatus Dhcp Multiple VLANsInter-VLAN Routing System Management DiagnosticDiagnostic Dhcp Inter-VLAN RoutingFirmware Download Factory DefaultFirmware Upgrade System Management RestartRestart Import Configuration FileExport Configuration File System Management Port MirroringPort Status Port Management Port SetupBasic Per Port Config Port Management Port StatusCreate Vlan Port Management Port SettingPort Setting Port Management Create VlanQoS Bandwidth Management Vlan MembershipBandwidth Management Priority Rate ControlTrust Mode Default CoS QoS QoS SetupQoS Setup QoS ModeCoS Settings QoS Queue SettingsQoS Dscp Settings Queue SettingsDscp to Queue Dscp SettingsFirewall General GeneralFirewall Access Rules Access RulesRestrict WEB Features Services Add a New Access RuleIP/MAC Group Firewall Content FilterContent Filter SchedulingIP Address IPSec VPN SummaryForbidden Domains Website Blocking by KeywordsAdd a New Tunnel Local Group SetupIPSec VPN Gateway to Gateway SummaryRemote Group Setup Local Security Group TypeRemote Security Gateway Type Remote Security Group Type IKE with Preshared Key IPSec SetupAdvanced VPN Pass Through IPSec VPN VPN Pass ThroughSSL VPN Summary SSL VPN Certificate ManagementEdit Group Authentication TypeSSL VPN User Management User ManagementEdit User SSL VPN Virtual PassageSnmp Global Parameters Virtual PassageGlobal Parameters Group Profile Snmp ViewsSnmp Group Profile ViewsCommunities Snmp Group MembershipSnmp Communities Group MembershipNotification Recipient Snmp Notification RecipientSystem Log Log System LogGeneral Log Log SettingLog System Statistics Alert LogWizard Basic SetupPPPoE Obtain an IP automaticallyAccess Rule Setup Select the Service Linksys Web Site SupportLogout ManualLogout Appendix a Troubleshooting TroubleshootingAppendix a Appendix B Appendix B Virtual Passage SSL VPN ClientBefore You Begin Windows OS Click Trusted sites Make the SSL VPN Portal a Trusted Site Windows OSLogin for the SSL VPN Portal Windows OS Installation of the Virtual Passage Client Windows OSClick Continue Anyway When you right-click the icon, you have three optionsInstallation of the Virtual Passage Client Mac OS Login for the SSL VPN Portal Mac OSWindows Vista Usage Click Continue Removal of the Virtual Passage Client Mac OSInstallation of the Virtual Passage Client Linux OS Login for the SSL VPN Portal Linux OSBefore You Begin Linux OS Removal of the Virtual Passage Client Linux OS Bandwidth Management Creation of New ServicesAppendix C Appendix C Bandwidth ManagementCreation of New Bandwidth Management Rules Click Save SettingsAppendix D Appendix D Active Directory ServerActive Directory Server Select Domain in a new forest, and then click Next Enter a domain name, and then click Next Active Directory Server Troubleshooting Appendix E User for the Active Directory Server Appendix EUser for the Active Directory Server Appendix F Appendix F Internet Authentication Service IAS ServerInternet Authentication Service IAS Server Select Unencrypted authentication. Click Apply Click Finish Welcome to the New Connection Request Policy Wizard Click Edit Profile Click the User Management tab Appendix GLAN-to-LAN Connection Select HTTPSTCP/443~443 from the Service drop- down menuAppendix H Appendix H Deployment in an Existing NetworkWAN-to-LAN Connection Click the Gateway to Gateway tab Configuration of the RVL200Appendix Appendix Gateway-to-Gateway VPN TunnelConfiguration of PC 1 and PC Configuration of the RV082RV082 RVL200 Dynamic IP B.B.B.B with Configuration when Both Gateways Use Dynamic IP Addresses Appendix Appendix J IPSec NAT Traversal Configuration of ScenarioConfiguration of Router a Appendix JIPSec NAT Traversal Configuration of Router BOne-to-One NAT Rule on NAT 1 RV042 One-to-One NAT Rule on NAT 2 RV042Configuration of Router a Appendix K Configuration of MultipleRVL200-to-RV042 Configuration Appendix KRV042 #1 Configuration Click Save SettingClick the Advanced Routing tab RV042 #2 Configuration Click the Port Management tab RVL200-to-SRW2048 ConfigurationAppendix L Appendix L Multiple VLANs with ComputersSRW2048 Configuration Select Enable VlanClick Save Settings Click the Vlan Membership tab Multiple VLANs RVL200 ConfigurationAppendix M Appendix MClick the Inter-VLAN Routing tab Inter-VLAN Routing OptionOver a SSL VPN Tunnel Access of Multiple VLANsAppendix N Appendix NAppendix O Firmware Upgrade Firmware UpgradeAppendix O Click the Firmware Upgrade tab Upgrade the FirmwareAppendix P Appendix P Battery ReplacementBattery Replacement Replace the Lithium BatteryAppendix Q Specifications SpecificationsAppendix Q Warranty Information Limited WarrantyAppendix R Regulatory Information Appendix SDansk Danish Miljøinformation for kunder i EU Port SSL/IPSec VPN Router 106 Norsk Norwegian Miljøinformasjon for kunder i EU Port SSL/IPSec VPN Router 108 Contact Information Appendix T
Top Page Image Contents