D-Link DRO-210i manual Firewall

Page 73

Frequently Asked Questions

11.5 Firewall

Q11. I want to block access to download of songs, movies etc. How can I do that?

Ans: Use the router’s File Extension Filter feature to block HTTP access to extensions like .avi, .mp3 etc. To configure File Extension Filter, enable Firewall on all the relevant LAN, DMZ and WAN interfaces. Go to Firewall Policy, and click on Out. Enable “File Extension Filter” feature and configure the list of File Extensions to be blocked.

Q12. I want to block access to specific sites such as pornographic sites, job sites etc. How can I do this?

Ans: Use the Keyword Filter feature to block HTTP access to specific keywords like sex, job etc. To configure Keyword Filter, enable Firewall on all the relevant LAN, DMZ and WAN interfaces. Go to Firewall Policy, and click on Out. Enable “Keyword Filter” feature and configure the list of Keywords to be blocked.

Q13. I have setup Web Proxy Server and FTP Server on the DMZ Port. I want to ensure that all traffic to the internet is via my DMZ Servers only. i.e my LAN systems can access Web and FTP Traffic only via DMZ Servers and not Internet directly. And Web and FTP traffic can flow unrestricted between my DMZ Servers and internet. How do I configure this?

Ans: To configure this, you can set all interfaces as UnTrusted and allow only desired traffic between the interfaces. The below steps will guide you through the configuration:

￿Go to Firewall Interface Configuration; disable firewall until the configuration is complete.

￿In Firewall Policy, click In and Permitted Service, and add Service Permitted Rules for Web traffic (HTTP and HTTPS) and FTP Traffic. Add the following IP Permitted Rules for each of the Service Permitted Rules:

o Add IP Permitted Rule with Source IP as IP Range (DMZ Server’s Range of IP Addresses), and Destination IP as Any. This will ensure that Web and FTP Traffic can flow from the DMZ Server to the Internet without any restriction.

o Add IP Permitted Rule with Source IP as Any, and Destination IP as IP Range (DMZ Server’s Range of IP Addresses). This will ensure that Web and FTP Traffic can flow from the LAN to DMZ, and from the Internet to DMZ only.

￿In the HTTP/HTTPS Service Permitted Rule, add the below IP Permitted Rule to allow administrator to configure the router:

o Add IP Permitted Rule with Source IP as IP Range (The LAN System IP Addresses from which router should be configurable), and Destination IP as IP Range (The router’s LAN Interface IP Address). This will ensure that router’s Web Page is configurable by the administrator.

￿Now go to Firewall Interface Configuration, enable Firewall and set LAN, DMZ and WAN as UnTrusted.

Dlink DRO-210i User Guide

73

Page 72 Page 74
Image 73
Page 72 Page 74
Contents DRO-210i Table Of Contents Virtual Private Network Bold About This ManualProduct Overview Product OverviewDlink DRO-210i User Guide Hardware Details DRO-210i Package ContentsFront Panel Rear Panel Routing Software FeaturesVPN Tools Optional Port Configuration Port ConfigurationDisabled WAN2/DMZ InterfacesLAN Interface LAN SettingsDMZ Interface Forgot LAN IP ?WAN Interface DMZ SettingsMaximum Transmission Unit Dynamic Mode Static ModeIP Settings for WAN1 Interface Dhcp Settings for WAN1 InterfaceUnnumbered Interfaces PPPoE ModePPPoE Settings for WAN1 Interface Dhcp DHCP, DNS and TimeDhcp Server DHCP, DNS and TimeDhcp Static Mapping Dhcp Static MappingDhcp Relay Dhcp RelayDNS Proxy DNS Proxy SettingsTime System Time SettingsRouting RoutingDynamic Routing Static RoutingStatic Routing RIP Settings Policy Based Routing Routing TableRouting Table Policy Based RoutingTo the same destination Backup Configuration Auto BackupHigh Availability High AvailabilityLoad Balancing Load Balancing ConfigurationEthernet Link Detection Ethernet WAN Link Detection NAT Interface Configuration NAT Interface ConfigurationNetwork Address Translation NATNAT Configuration NAT ConfigurationNAT Exception NAT Exception Virtual ServerVirtual Server/NAPT SIP-ALG SIP ALG ConfigurationNAT Session Table NAT TableFirewall Interface Configuration Interface ConfigurationFirewall Firewall PoliciesPolicy Rules Policy RulesInbound Policies Permitted Services Permitted ServicesInbound Policies Inbound PoliciesIP Permitted Rules Outbound PoliciesAdd Permitted IP Rule Outbound Policies Outbound PoliciesOutbound Policies Service Blocked Rule Blocked ServicesIP Blocked Rules Add Blocked IP RuleUntrusted Domain Domain FilterOutbound Policies Untrusted Domain Trusted DomainJava Filter Web FilterCookie Filter ActiveX FilterKeyword Exception Keyword FilterFile Extension Filter Blocking Log MAC FilterAdd Blocked MAC Address Blocking Log TableIntrusion Detection IDS ConfigurationIDS Configuration Black List Intrusion LogIntrusion Log Table Black List TableVirtual Private Network Virtual Private NetworkPeer-To-Peer IPSec Tunnel or PassthroughIPSec Passthrough IPSec TunnelVirtual Private Network Same IKE Encryption algorithm on both ends of a VPN tunnel IPSec Server IPSec Server ConfigurationsMaximum life duration is 86400 seconds Tunnel Table Tunnel Remote ID ConfigurationLimitation IPSec Status IPSec StatusIPSec Log Table IPSec LogClass Configuration Quality of ServiceQuality of Service HTB QoS ConfigurationsQuality of Service QoS Filter Configurations Filter ConfigurationTOS/DiffServ Type Of Service/DiffServQuality of Service Administration AdministrationDevice Information Device InfoSession Log Traffic StatisticsTraffic Statistics SysLog Password ChangeSession Log System LogPassword Recovery Change PasswordSystem SystemUpload/Download Update Firmware/ConfigurationRemote Access Remote AccessPing Test Ping TestAdministration Dlink DRO-210i User Guide Frequently Asked Questions Frequently Asked Questions General DHCP, DNS Q6. What is the purpose of Dhcp Server Auto Configuration?High Availability RoutingFirewall Frequently Asked Questions 11.6 NAT 11.7 VPN Q21. What are the call features supported by SIP-ALG?11.8 QoS Frequently Asked Questions
Top Page Image Contents