Cisco Systems RV042RF manual Firewall Access Rules, Restrict WEB Features

Page 37

Chapter 4

Advanced Configuration

as SYN Flooding, Smurf, LAND, Ping of Death, IP Spoofing, and reassembly attacks.

Block WAN Request  This option is enabled by default. Using this feature, the Router drops both unaccepted TCP request and ICMP packets from the WAN side. Hackers will not find the Router by pinging the WAN IP address.

Remote Management  This option is disabled by default. If you want to manage the Router through a WAN connection, first change the password on the Setup > Password screen (this prevents any user from accessing the Router with the default password). Then select Enable for the Remote Management setting, and enter the port number (port 80, the default, or 8080 is usually used).

NOTE: If the Remote Management feature on the Firewall > General screen has been enabled, then users with administrative privileges can remotely access the web-based utility. Use http://<WAN IP address of the Router>, or use https://<WAN IP address of the Router> if you have enabled the HTTPS feature.

HTTPS  HTTPS is a secured HTTP session. If Remote Management is enabled, HTTPS is enabled by default.

NOTE: If you disable the HTTPS feature, then you also disable the Linksys QuickVPN service on the Router.

MulticastPassThrough  Thisoptionisdisabledbydefault. IP multicasting occurs when a single data transmission is sent to multiple recipients at the same time. Using this feature, the Router allows IP multicast packets to be forwarded to the appropriate LAN devices. Multicast Pass Through is used for Internet games, videoconferencing, and multimedia applications.

MTU (Maximum Transmission Unit)  This setting specifies the largest packet size permitted for network transmission. In most cases, keep the default, Auto. To specify the MTU, select Manual, and then enter the maximum MTU size.

Restrict WEB Features

Block  Select the filters you want to use.

•• Java  Java is a programming language for websites. If you deny Java applets, you run the risk of losing access to Internet sites created using this programming language. To block Java applets, select Java.

•• Cookies  A cookie is data stored on your PC and used by Internet sites when you interact with them. To block cookies, select Cookies.

•• ActiveX  ActiveX is a programming language for websites. If you deny ActiveX, you run the risk of losing access to Internet sites created using this programming language. To block ActiveX, select ActiveX.

•• Access to HTTP Proxy Servers  Use of WAN proxy servers may compromise the Router’s security. If you block access to HTTP proxy servers, then you block access to WAN proxy servers. To block access, select Access to HTTP Proxy Servers.

Don’t block Java/ActiveX/Cookies/Proxy to Trusted Domains  To keep trusted sites unblocked, select this option. You will be able to specify a list of trusted domains.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Firewall > Access Rules

Access rules evaluate network traffic to decide whether or not it is allowed to pass through the Router’s firewall. Access Rules look specifically at a data transmission’s source IP address, destination IP address, and IP protocol type, and you can apply each access rule according to a different schedule.

With the use of custom rules, it is possible to disable all firewall protection or block all access to the Internet, so use extreme caution when creating or deleting access rules.

The Router has the following default rules:

•• All traffic from the LAN to the WAN is allowed.

•• All traffic from the WAN to the LAN is denied.

•• All traffic from the LAN to the DMZ is allowed.

•• All traffic from the DMZ to the LAN is denied.

•• All traffic from the WAN to the DMZ is allowed.

•• All traffic from the DMZ to the WAN is allowed.

Custom rules can be created to override the above default rules, but there are four additional default rules that will be always active and cannot be overridden by any custom rules.

•• HTTP service from the LAN to the Router is always allowed.

•• DHCP service from the LAN is always allowed.

•• DNS service from the LAN is always allowed.

•• Ping service from the LAN to the Router is always allowed.

10/100 4-Port VPN Router

30

Image 37
Contents 10/100 4-Port VPN Router About This Guide About This GuideIcon Descriptions Online ResourcesTable of Contents Ddns Appendix B Linksys QuickVPN for Windows 2000, XP, or Vista Appendix a TroubleshootingAppendix H Specifications Appendix F Firmware UpgradeAppendix G Trend Micro ProtectLink Gateway Service Appendix D IPSec NAT TraversalAppendix K Regulatory Information Appendix I Warranty InformationAppendix L Contact Information Chapter Introduction ChapterIntroduction Computer using VPN client software to VPN Router Product Overview Chapter Product OverviewInstallation Chapter InstallationPhysical Installation Cable ConnectionsInstallation Advanced Configuration Chapter Advanced ConfigurationHow to Access the Web-Based Utility OverviewSystem Information ConfigurationPort Statistics Trend Micro ProtectLink GatewayFirewall Setting Status Network Setting StatusVPN Setting Status Log Setting StatusLAN Setting Setup Tab NetworkNetwork WAN Connection Type Dual-WAN/DMZ SettingPptp Point-to-Point Tunneling Protocol PPPoE Point-to-Point Protocol over EthernetHeart Beat Signal Setup PasswordSetup DMZ Host Setup TimePassword TimeForwarding Setup Tab ForwardingPort Range Forwarding Port TriggeringUPnP Setup UPnPSetup MAC Clone Setup One-to-One NATOne-to-One NAT Add RangeMAC Clone Setup DdnsWAN1/2 DynDNS.orgAdvanced Routing Setup Advanced RoutingDynamic Routing Oray.net PeanutHull DdnsStatic Routing Dhcp SetupDynamic IP SetupStatic IP Dhcp Status Smart Link BackupStatus Dual-WANLoad Balance Network Service DetectionBandwidth WAN1/2 System Management Bandwidth ManagementProtocol Binding Maximum Bandwidth provided by ISP Bandwidth ManagementBandwidth Management Type Rate ControlPriority System Management SnmpDiagnostic System Management DiagnosticDNS Name Lookup PingFirmware Upgrade Factory DefaultSystem Management Restart Firmware DownloadImport Configuration File Port Management Port SetupExport Configuration File Basic Per Port ConfigFirewall General Port Management Port StatusPort Status GeneralRestrict WEB Features Firewall Access RulesAdd a New Access Rule Access RulesServices Scheduling Firewall Content FilterProtectLink Content FilterVPN Summary SummaryGateway to Gateway GroupVPN StatusClient to Gateway VPN Gateway to Gateway Local Group SetupAdd a New Tunnel VPN Clients StatusLocal Security Group Type Remote Security Gateway Type Remote Group SetupIKE with Preshared Key IPSec SetupRemote Security Group Type Keying Mode Manual Advanced VPN Client to GatewayTunnel No The tunnel number is automatically generated TunnelRemote Client Remote Client SetupGroup VPN Default is Domain NameFQDN Keying Mode Manual Tunnel Only VPN VPN Client Access VPN VPN Pass Through VPN Client AccessVPN Client Users Certificate ManagementLog System Log VPN Pptp ServerVPN Pass Through Pptp ServerSystem Log Log SettingSyslog MailLog System Statistics Wizard Basic SetupObtain an IP automatically Minutes PPPoEAccess Rule Setup Select the Log Rule Logout SupportManual Linksys Web SiteTroubleshooting Appendix a TroubleshootingAppendix a Appendix B Appendix BLinksys QuickVPN for Windows 2000, XP, or VistaInstall from the CD-ROM Linksys QuickVPN Client Installation and ConfigurationClick the VPN Client Access tab Click Add to list Click Save SettingsClick Business Click Router/VPN Solutions Install the Client CertificateDownload from the Internet Linksys QuickVPN ConnectionVersion Number of Linksys QuickVPN Confirm New Password Re-enter your new passwordAppendix C Configuration of the RVL200Appendix C Gateway-to-Gateway VPN Tunnel Before You BeginConfiguration of PC 1 and PC Configuration of the RV042RV042 RVL200 Dynamic IP B.B.B.B with Configuration when Both Gateways Use Dynamic IP Addresses Appendix C Configuration of Router a Configuration of ScenarioAppendix D Appendix D IPSec NAT TraversalIPSec NAT Traversal Configuration of Router BOne-to-One NAT Rule on NAT 1 RV042 One-to-One NAT Rule on NAT 2 RV042Click the One-to-One NAT tab Configuration of Router a Appendix D Appendix E Creation of New ServicesAppendix E Bandwidth Management Bandwidth ManagementCreation of New Bandwidth Management Rules Firmware Upgrade Appendix F Firmware UpgradeUpgrade the Firmware Alternative Firmware Upgrade OptionFirmware Upgrade How to Purchase, Register, or Activate the Service Appendix G Trend Micro ProtectLink Gateway ServiceAppendix G System SummaryProtectLink How to Use the ServiceWeb Protection ProtectLink Web ProtectionProtectLink License ProtectLink Email ProtectionEmail Protection LicenseAppendix G Specifications Appendix H SpecificationsAppendix H Obtaining Warranty Service Warranty InformationAppendix Exclusions and LimitationsTechnical Support Warranty InformationAppendix J Software License Agreement Appendix JSoftware in Linksys Products Software LicensesSoftware License Agreement SchedulePreamble Appendix J END of Terms and Conditions Original SSLeay License OpenSSL LicenseAppendix J Regulatory Information Appendix KDansk Danish Miljøinformation for kunder i EU Appendix K Norsk Norwegian Miljøinformasjon for kunder i EU Appendix K Contact Information Appendix L