General, Enabling Firewall Features | Cisco Systems RV325K9NA

7

Firewall

The primary objective of a firewall is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network firewall builds a bridge between an internal network that is assumed to be secure and trusted and another network, usually an external (inter)network such as the Internet that is assumed not to be secure and untrusted.

General

General firewall controls manage the features typically used by Internet browsers and applications.

To open this page, select Firewall > General in the navigation tree.

Enabling Firewall Features

To enable the Firewall, check Enable. The following firewall features can be enabled or disabled as needed:

•SPI (Stateful Packet Inspection)—Monitors the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall distinguishes legitimate packets for different types of connections. Only packets matching a known active connection are allowed by the firewall; others are rejected.

•DoS (Denial-of-service)—Detects attempts to cause a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

•Block WAN Request—Drops TCP requests and ICMP packets.

Cisco Small Business RV320/RV325 Administration Guide

75

Image 75

Cisco Systems RV325K9NA, RV320K9NA manual General, Enabling Firewall Features

Contents

Administration Guide 78-20928-02 Setup Getting StartedSystem Summary Port Management ContentsDhcp System Management Firewall VPNCertificate Management 101 User Management 119 Contents Log 107SSL VPN 111 Wizard 117 Getting Started Using the Getting Started Window Pop-Up Windows Features of the User InterfaceTroubleshooting Tips Navigation Logout Help Getting Started System Information System Summary Configuration Wizard Port ActivityPort Information detail IPv4 and IPv6 WAN InformationDMZ Information Security Status VPN Setting Status Log Setting Status SSL VPN StatusPptp Tunnels Available-PPTP tunnels available Log Setting Status IP Mode Setup Network WAN1 or WAN2 Port Settings Adding or Editing an IPv4 NetworkEditing the IPv6 Address Prefix WAN Connection Settings appears Obtain an IP AutomaticallyLAN Prefix Assignment Subnet Mask IPv4-Subnetwork mask Static IP PPPoE Setup Transparent Bridge IPv4 Stateless Address Autoconfiguration IPv6 IPv6 in IPv4 Tunnel IPv6 6to4 Tunnel IPv6 IPv6 Rapid Deployment 6rd Tunnel IPv6 6rd Configuration Mode 3G/4G Connection USB1 or USB2 Port Settings Setting Failover and Recovery Setup Password DMZ Enable To change the username or password Choose SetupPassword Time Configuring Port Forwarding DMZ HostPort Forwarding Adding or Editing a Service Name Configuring Port Triggering Click Setup ForwardingDeleting a Table Entry Port Address Translation To open this page, select Setup Port Address Translation Adding or Editing a Service Name Setting Up One-to-One NAT MAC Address Cloning Assigning Dynamic DNS to a WAN Interface Configuring Dynamic Routing Configuring IPv4 Dynamic RoutingAdvanced Routing Configuring Static Routing Configuring IPv6 Dynamic RoutingPrefix Length IPv6 only-IPv6 prefix length Inbound Load Balance Click Enable Inbound Load Balance USB Device Update Dhcp Dhcp Setup Configuring Dhcp for IPv4Choose Vlan or Option Enter the IPv6 Address Enter the Prefix Length Configuring Dhcp for IPv6 Viewing the Dhcp Status MAC Address IPv4 only-MAC address of a client Option IP and MAC Binding Bind IP Addresses by DiscoveryBind IP Addresses Manually Using the Static IP List to Block Devices DNS Local DatabaseEdit or Delete Bound Entries Add, Edit, or Delete Local DNS Entries Router Advertisement IPv6 Lifetime Dhcp Max Bandwidth Provided by ISP Dual WAN Connections System Management Network Service Detection Bandwidth Management Adding or Editing a Service Bandwidth Management Type Configure PriorityInterface-Interface that supports the service Maximum Bandwidth Provided by ISP Snmp Configuring Snmp Configuring SNMPv3 Discovery-Bonjour Lldp Properties Factory Default Using Diagnostics Firmware Upgrade Language Selection or Language SetupNavigate to System Management Language Selection Navigate to System Management Language Setup RestartEnter the New Language Name System Management Restart Backup and RestoreRestoring the Settings from a Configuration File Backing Up Configuration Files and Mirror Files Sanitizing the Configuration Configuration Backing Up the Firmware to a USB Flash DriveCopying the Mirror File to the Startup File System Management Port Management Configuring the Ports Port Management Port Status Vlan Membership Traffic Statistics Dscp Marking QoSCoS/DSCP Setting Enter the Radius Secret 802.1X Configuration Port Management General Enabling Firewall Features Configuring Trusted Domain Names Access Rules Adding an Access Rule to the IPv4 Access Rule Table Adding an Access Rule to the IPv6 Access Rule TableSelect Log packets matching this rule or No Log Blocking Website Keywords Content FilterBlocking Forbidden Domains Select Block Forbidden Domains Accepting Allowed Domains Select Accept Allowed DomainsScheduling Firewall Summary VPN Group VPN Status Connection Table VPN Add a New Tunnel Gateway to Gateway Keying Mode = Manual or IKE with Preshared Key Local Group Setup Keying Mode = IKE with Certificate Remote Group Setup IPSec Setup VPN VPN VPN Client to Gateway Interface-WAN port Configure Tunnel or Group VPN Configuring Easy VPN Local Group Setup Remote Client Setup for Single User VPN IPSec Setup VPN VPN Pptp Server VPN Passthrough My Certificate Certificate Management Importing a 3rd-party or Self-signed Certificate Exporting or Displaying a Certificate or Private Key Trusted IPsec Certificate Trusted SSL Certificate Certificate Generator Key Encryption Length-Length of the key CSR Authorization 106 Configuring the System Log Send SMS Configuring the System Log ServersSystem Log Log Configure email Notification Configure the Logs System Statistics ProcessesAdditional Information Log Buttons SSL VPN Group Management Status Add or Edit a Group Delete a Group Microsoft Terminal Internet Services Remote Desktop Resource Management Advanced Setting Access Rule Setup Basic Setup Wizard User Management User Management Where to Go From Here Revised June 24 78-20928-02