Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems RV042G, RV016 manual Firewall

Models: RV016 RV042G

1 199

Download 199 pages 48.22 Kb

Page 102

Firewall	7
Firewall
Configuring the General Firewall Settings

sites (see Don’t block Java/Java/ActiveX/Cookies/Proxy to Trusted Domains below). By default, ActiveX is not blocked.

•Access to HTTP Proxy Servers: Check this box if you want to block access to HTTP proxy servers. Use of WAN proxy servers may compromise the router’s security. If you enable this feature, you block access to proxy servers using port 80 or 8080. As a compromise, you can check this box to block access to untrusted or unknown servers, while allowing access to trusted servers (see Don’t block Java/Java/ActiveX/ Cookies/Proxy to Trusted Domains below). By default, access to HTTP proxy servers is not blocked.

•Don’t block Java/ActiveX/Cookies/Proxy to Trusted Domains: If you blocked any of the web features, you can check this box to allow these features for the domains that you enter on the trusted list. (This area of the page is available only if you checked one of the other boxes to disable a web feature.) If you leave the box unchecked, then the selected web features are blocked for all websites.

-To add a domain to the trusted list: Enter the domain that you want to add to the trusted list. Then click Add to list.

-To add another domain to the trusted list: Enter the domain, and then click Add to list.

-To modify a domain in the trusted list: Click the domain. The information appears in the text field. Make changes, and then click Update.

-To remove a domain from the trusted list: Click the domain, and then click Delete.

Cisco Small Business RV0xx Series Routers Administration Guide

102

Image 102

Cisco Systems RV042G, RV016 manual Firewall

Contents

RV0xx Series Routers ADMINISTRATION GUIDECisco Small Business RV042 Dual WAN VPN Router RV042G Gigabit Dual WAN VPN Router2011-2012 Cisco Systems, Inc. All rights reserved 78-19576-01 B0Chapter 1 Introduction Chapter 3 SetupContents Chapter 2 Viewing System Summary InformationChapter 5 System Management ContentsChapter 4 DHCP Chapter 6 Port ManagementChapter 9 VPN Contents RV0xx Series Router Features, page Mounting Options, page RV0xx Series Router FeaturesIntroduction Connecting the Equipment, page15Introduction RV0xx Series Router FeaturesCisco Small Business RV0xx Series Routers Administration Guide RV042 and RV042G PortsPort PortsIntroduction DescriptionLight Status LightsIntroduction DescriptionReset Other Hardware FeaturesFeature To restart the router or restorePlacement Tips Mounting OptionsDefault Settings Desktop PlacementSuggested Hardware for RV042 and RV042G Wall MountingIntroduction Suggested Hardware for RV082 and RV016Mounting Options Cisco Small Business RV0xx Series Routers Administration GuideIntroduction Rack Mounting RV082 or RV016RV042 and RV042G Internet Port Connecting the EquipmentIntroduction RV082 Internet PortGetting Started with the Configuration IntroductionTroubleshooting Tips IntroductionSaving the Settings, page19 Help, page19 Logout, page19 Features of the User InterfaceNavigation, page18 Pop-Up Windows, page19 Setup Wizards, page NavigationPop-Up Windows Setup WizardsSaving the Settings HelpFirewall Setting Status, page VPN Setting Status, page Viewing System Summary InformationConfiguration, page Port Statistics, page WAN Status, page Log Setting Status, pageSystem Information Cisco ProtectLink WebViewing System Summary Information Viewing System Summary Information ConfigurationPort Statistics Port Information WindowViewing System Summary Information This window displays the following informationWAN Status Viewing System Summary InformationWAN information Log Setting Status Firewall Setting StatusVPN Setting Status Viewing System Summary InformationChanging the Administrator Username and Password, page SetupSetting Up the Network, page DMZ Setting, page Setting the System Time, page Setting Up a DMZ Host, pageLAN Setting device IP address and subnets, page Setting Up the NetworkSetup WAN Setting Internet connection, page DMZ Setting, pageIP Mode LAN Setting device IP address and subnetsSetup Changing the device IP address, pageSetup Enabling multiple subnets IPv4 onlySetup STEP 3 In the pop-up window, add or edit entries as neededWAN Setting Internet connection SetupDMZ Setting SetupSetup Setting Up the NetworkCisco Small Business RV0xx Series Routers Administration Guide Editing a WAN Connection Editing a WAN Connection with IPv4 AddressingEditing a WAN Connection with IPv6 Addressing Subnet Mask IPv4 The subnet mask specified by your ISP Page Page Editing a DMZ Connection IPv4 IPv6If you are using IPv6 addressing, enter the following information Prefix Length Enter the prefix length. The default value isCisco Small Business RV0xx Series Routers Administration Guide Changing the Administrator Username and Password SetupTo open this page Click Setup Password in the navigation tree Setup Includes at least 8 characters Is not the same as the usernameSetting the System Time SetupTo open this page Click Setup Time in the navigation tree Setting Up a DMZ Host SetupTo open this page Click Setup DMZ Host in the navigation tree Port Range Forwarding Setting Up Port Forwarding and Port TriggeringSetup Port Range Forwarding, page Port Triggering, pageSetup Enable Check the box to enable this port range forwarding entrySetup Adding a serviceSetup Port TriggeringSetting Up Universal Plug and Play UPnP SetupTo open this page Click Setup UPnP in the navigation tree Setup Setup Adding a serviceSetting Up One-to-One NAT SetupTo open this page Click Setup One-to-One NAT in the navigation pane Setup Setting Up One-to-One NATCloning a MAC Address for the Router SetupCloning a MAC Address for the Router Editing the MAC Address Clone Settings Assigning a Dynamic DNS Host Name to a WAN Interface To open this page Click Setup Dynamic DNS in the navigation treeEditing the Dynamic DNS Setup Setting Up Advanced Routing Configuring Dynamic Routing, page Configuring Static Routing, pageConfiguring Dynamic Routing Dynamic Routing for IPv4data None, RIPv1, RIPv2 - Broadcast, or RIPv2 - Multicast Configuring Static Routing Dynamic Routing for IPv6Prefix Length Pv6 only Enter the prefix length Setting Up Advanced Routing Cisco Small Business RV0xx Series Routers Administration GuideIPv6 Transition To open this page Click Setup IPv6 Transition in the navigation treeto Go From Here.” Setting Up the DHCP Server or DHCP Relay, page Setting Up the DHCP Server or DHCP RelayDHCP Viewing the DHCP Status Information, pageTo open this page Click DHCP DHCP Setup in the navigation tree DHCPEnabling DHCP Server and DHCP Relay DNS used for DHCP Server only DHCPDynamic IP used for DHCP Server only WINS used for DHCP Server, IPv4 OnlyAbout Static IP Addresses for IPv4 Only Using the Static IP List to Block Devices, pageDHCP Assigning static IP addresses by adding devices from a list, pageDHCP Assigning static IP addresses by entering devices manuallyUsing the Static IP List to Block Devices DHCPDHCP DNS Local DatabaseClient Table Viewing the DHCP Status InformationDHCP Server DHCPRouter Advertisement IPv6 DHCPRouter Advertisement IPv6 DHCP RA Flags Choose whether or not hosts can use DHCPv6 to obtain addresses and other information. The options are described belowSetting Up Dual WAN and Multi-WAN Connections, page Setting Up Dual WAN and Multi-WAN ConnectionsSystem Management Managing the Bandwidth Settings, page Setting Up SNMP, pageMode - Cisco RV042, RV042G, and RV082 System ManagementMode - Cisco RV016 System ManagementInterface Setting System ManagementEditing the Dual WAN and Multi-WAN Settings Network Service DetectionMax Bandwidth Provided by ISP Protocol Binding for Cisco RV016 only, when Load Balancer is selected Adding a service Cisco Small Business RV0xx Series Routers Administration Guide Bandwidth Management Type Managing the Bandwidth SettingsMax Bandwidth Provided by ISP Appendix F, “Bandwidth Management.”Priority for Priority management only Choose the priority for this Adding a service Setting Up SNMP Setting Up SNMPEnabling Device Discovery with Bonjour Cisco Small Business RV0xx Series Routers Administration Guide Enabling Device Discovery with BonjourUsing Built-In Diagnostic Tools DNS Name LookupPing Restoring the Factory Default Settings Restoring the Factory Default SettingsUpgrading the Firmware Restarting the Router Restoring the Settings from a Configuration File, page Backing Up and Restoring the SettingsRestoring the Settings from a Configuration File Backing Up Configuration Files and Mirror Files, pageBacking Up Configuration Files and Mirror Files Copying a Startup File or Mirror FileSTEP 3 Close the Download Complete window To copy a file, click the button Configuring the Port Settings, page Configuring the Port SettingsPort Management Viewing the Status Information for a Port, pagePort Management Viewing the Status Information for a Port SummaryPort Management Statistics Port ManagementConfiguring the General Firewall Settings, page Configuring the General Firewall SettingsFirewall Managing Access Rules, page Configuring Firewall Access Rules, pageConfiguring the General Firewall Settings FirewallRestrict Web Features FirewallDon’t block Java/ActiveX/Cookies/Proxy to Trusted Domains If you blocked any of the web features, you can check this box to allow these features for the domains that you enter on the trusted list. This area of the page is available only if you checked one of the other boxes to disable a web feature. If you leave the box unchecked, then the selected web features are blocked for all websites FirewallAbout Access Rules, page103 Managing Access Rules, page Configuring Firewall Access RulesAbout Access Rules Configuring Access Rules, pageManaging Access Rules FirewallTo delete all custom rules Click Restore to Default Rules FirewallConfiguring Access Rules Services IPv4 and IPv6Schedule IPv4 Only Adding a service Cisco Small Business RV0xx Series Routers Administration Guide Schedule, page Using Content Filters to Control Internet AccessForbidden Domains, page Website Blocking by Keywords, page Web.”Using Content Filters to Control Internet Access Forbidden DomainsWebsite Blocking by Keywords Schedule Specifying the Global Settings for Approved URLs and Clients, page Cisco ProtectLink WebGetting Started with Cisco ProtectLink Web Getting Started with Cisco ProtectLink Web, pageCisco ProtectLink Web Choose the appropriate optionSpecifying the Global Settings for Approved URLs and Clients Specifying the Global Settings for Approved URLs and ClientsCisco ProtectLink Web Approved URLs and Approved Clients Approved URL ConfigurationApproved Clients Configuration Cisco ProtectLink WebEnabling Web Protection for URL Filtering Web ProtectionCisco ProtectLink Web URL Filtering Cisco ProtectLink WebBusiness Hour Setting Web ReputationCisco ProtectLink Web Updating the ProtectLink License URL Overflow ControlCisco ProtectLink Web License License InformationCisco ProtectLink Web Setting Up VPN Passthrough, page Setting Up PPTP Server, page Introduction to VPNsSetting Up a Gateway to Gateway Site to Site VPN, page Remote Access Client To Gateway, pageSite to Site VPN Gateway To Gateway Remote Access Client To GatewayConfiguration tasks Gateway-to-Gateway VPN Tunnel Between RV0xx Series Routers.”NOTE Consider two other remote access options Remote Access with Cisco QuickVPN, page125 and Remote Access with PPTP, page125Remote Access with Cisco QuickVPN Remote Access with PPTPViewing the Summary Information for VPN SummaryTo open this page Click VPN Summary in the navigation tree Tunnel Status Up a Remote Access Tunnel for VPN Clients Client To Gateway, page GroupVPN StatusVPN Clients Status Setting Up a Gateway to Gateway Site to Site VPN Setting Up a Gateway to Gateway Site to Site VPNLocal Group Setup and Remote Group Setup Add a New TunnelIP + Domain Name FQDN Authentication Choose this option if this router has a static IP address and a registered domain name, such as MyServer.MyDomain.com. Also enter the Domain Name to use for authentication. The domain name can be used only for one tunnel connection IPSec Setup Preshared Key, page 135 and Advanced settings for IKE with Preshared Key, pageRequired fields for Manual mode Phase 1 / Phase 2 Authentication Select a method of authentication Required fields for IKE with Preshared KeyAdvanced settings for IKE with Preshared Key AH Hash Algorithm The AH Authentication Header protocol describes the packet format and default standards for packet structure. With the use of AH as the security protocol, protection is extended forward into the IP header to verify the integrity of the entire packet. Check the box to use this feature. Then select an authentication method MD5 or SHA1. MD5 produces a 128-bit digest to authenticate packet data. SHA1 produces a 160-bit digest to authenticate packet data. Both sides of the tunnel should use the same algorithm Page Cisco Small Business RV0xx Series Routers Administration Guide Setting Up a Remote Access Tunnel for VPN Clients Client To GatewaySetting Up a Remote Access Tunnel for VPN Clients Client To Gateway RV0xxAdd a New Tunnel DNS hostname available from providers such as DynDNS.com. Enter a Domain Name to use for authentication. The domain name can be used only for one tunnel connection Remote Client Setup for a Group “Group VPN” Type IPSec Setup Required fields for Manual mode Enter the settings for manual modePhase 1 / Phase 2 Authentication Select a method of authentication Required fields for IKE with Preshared KeyAggressive Mode available for Tunnel, not Group VPN Two modes of Page Managing VPN Users and Certificates To open this page Click VPN VPN Client Access in the navigation treeUsers, page Certificate Management, page148 Users Certificate ManagementSetting Up VPN Passthrough To open this page Click VPN VPN Passthrough in the navigation treeSetting Up PPTP Server Setting Up PPTP ServerIP Address Range PPTP ServerTo open this page Click VPN PPTP Server in the navigation tree Connection List Setting Up the System Log and Alerts, page Setting Up the System Log and AlertsLogging System Statistics Viewing the System Log, pageE-mail section Log Setting, page Buttons, pageSyslog section Logging System StatisticsLog Setting Logging System StatisticsButtons Logging System StatisticsViewing the System Log Logging System StatisticsTo open this page click Log System Statistics in the navigation tree Logging System Statistics Received Bytes The number of bytes received through this interfaceWizard Basic Setup, page Access Rule Setup, page160Wizard on the System Summary page Basic Setup Access Rule SetupWizard Glossary TermDefinition Definition GlossaryTerm Fragmentation ThresholdDefinition GlossaryTerm RADVD RouterDefinition GlossaryTerm RIPng RIP next generationTroubleshooting Troubleshooting The DSL telephone line does not fit into the router’s Internet portThe router does not have a coaxial port for the cable connection Cisco QuickVPN Client Installation and Configuration, page Cisco QuickVPN for WindowsIntroduction Using the Cisco QuickVPN Software, pageCisco QuickVPN Client Installation and Configuration Using the Cisco QuickVPN SoftwareCisco QuickVPN for Windows Cisco QuickVPN for Windows STEP 3 To save this profile, click SaveOverview, page Topology Options, page Topology OptionsConfiguring a VPN Tunnel on a Cisco RV0xx Series Router, page Other Design Considerations, pageVPN Hub and Spoke Topology Figure 1 Hub and SpokeVPN Mesh Topology Figure 2 MeshOther Design Considerations Figure 3 Gateway To Gateway Tunnel with Static IP AddressesLAN Setup Figure 4 Gateway To Gateway Tunnel with a Dynamic IP AddressConfiguring a VPN Tunnel on a Cisco RV0xx Series Router Example Sites with Static WAN IP Addresses FieldValue Field ValueField FieldValue ValuesValues Example Site with a Dynamic WAN IP AddressField FieldField ValueField FieldValue ValuesField ValuesIPSec NAT Traversal OverviewConfiguration of Router A IPSec NAT TraversalConfiguration of Router B IPSec NAT TraversalCreation of New Services, page Creation of New ServicesBandwidth Management STEP 4 On the Bandwidth Management page, click Service ManagementCreation of New Bandwidth Management Rules Bandwidth ManagementBandwidth Management STEP 5 Click SaveSpecifications RV042Specifications NetworkRV042G Specifications5.12 x 1.52 x 7.87 in. W x H x D 130 x 38.5 x 200 mm Security SpecificationsPerformance NetworkSpecifications ManagementEnvironmental Cisco RV082 SpecificationsCisco RV082 Specifications ManagementCisco RV016 SpecificationsCisco RV016 Specifications SecurityNetwork Specifications ManagementEnvironmental Product Documentation Where to Go From HereSupport Cisco Small Business