Chapter 4

Advanced Configuration

as SYN Flooding, Smurf, LAND, Ping of Death, IP Spoofing, and reassembly attacks.

Block WAN Request  This option is enabled by default. Using this feature, the Router drops both unaccepted TCP request and ICMP packets from the WAN side. Hackers will not find the Router by pinging the WAN IP address.

Remote Management  This option is disabled by default. If you want to manage the Router through a WAN connection, first change the password on the Setup > Password screen (this prevents any user from accessing the Router with the default password). Then select Enable for the Remote Management setting, and enter the port number (port 80, the default, or 8080 is usually used).

NOTE: If the Remote Management feature on the Firewall > General screen has been enabled, then users with administrative privileges can remotely access the web-based utility. Use http://<WAN IP address of the Router>, or use https://<WAN IP address of the Router> if you have enabled the HTTPS feature.

HTTPS  HTTPS is a secured HTTP session. If Remote Management is enabled, HTTPS is enabled by default.

NOTE: If you disable the HTTPS feature, then you also disable the Linksys QuickVPN service on the Router.

MulticastPassThrough  Thisoptionisdisabledbydefault. IP multicasting occurs when a single data transmission is sent to multiple recipients at the same time. Using this feature, the Router allows IP multicast packets to be forwarded to the appropriate LAN devices. Multicast Pass Through is used for Internet games, videoconferencing, and multimedia applications.

MTU (Maximum Transmission Unit)  This setting specifies the largest packet size permitted for network transmission. In most cases, keep the default, Auto. To specify the MTU, select Manual, and then enter the maximum MTU size.

Restrict WEB Features

Block  Select the filters you want to use.

•• Java  Java is a programming language for websites. If you deny Java applets, you run the risk of losing access to Internet sites created using this programming language. To block Java applets, select Java.

•• Cookies  A cookie is data stored on your PC and used by Internet sites when you interact with them. To block cookies, select Cookies.

•• ActiveX  ActiveX is a programming language for websites. If you deny ActiveX, you run the risk of losing access to Internet sites created using this programming language. To block ActiveX, select ActiveX.

•• Access to HTTP Proxy Servers  Use of WAN proxy servers may compromise the Router’s security. If you block access to HTTP proxy servers, then you block access to WAN proxy servers. To block access, select Access to HTTP Proxy Servers.

Don’t block Java/ActiveX/Cookies/Proxy to Trusted Domains  To keep trusted sites unblocked, select this option. You will be able to specify a list of trusted domains.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Firewall > Access Rules

Access rules evaluate network traffic to decide whether or not it is allowed to pass through the Router’s firewall. Access Rules look specifically at a data transmission’s source IP address, destination IP address, and IP protocol type, and you can apply each access rule according to a different schedule.

With the use of custom rules, it is possible to disable all firewall protection or block all access to the Internet, so use extreme caution when creating or deleting access rules.

The Router has the following default rules:

•• All traffic from the LAN to the WAN is allowed.

•• All traffic from the WAN to the LAN is denied.

•• All traffic from the LAN to the DMZ is allowed.

•• All traffic from the DMZ to the LAN is denied.

•• All traffic from the WAN to the DMZ is allowed.

•• All traffic from the DMZ to the WAN is allowed.

Custom rules can be created to override the above default rules, but there are four additional default rules that will be always active and cannot be overridden by any custom rules.

•• HTTP service from the LAN to the Router is always allowed.

•• DHCP service from the LAN is always allowed.

•• DNS service from the LAN is always allowed.

•• Ping service from the LAN to the Router is always allowed.

10/100 4-Port VPN Router

30

Page 37
Image 37
Cisco Systems RV042RF manual Firewall Access Rules, Restrict WEB Features