ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Attack Check Type

Description

VPN Pass through

IPSec/PPTP/L2TPa

Typically, the router is used as a VPN Client or Gateway that connects to other VPN Gateways. When the router is in NAT mode, all packets going to the Remote VPN Gateway are first filtered through NAT and then encrypted, per the VPN policy.

a. In situations where a VPN Client or Gateway on the LAN side of this router is connected to another VPN endpoint on the WAN (placing this router in between two VPN end points), all encrypted packets will be sent to this router. Since this router filters the encrypted packets through NAT, the packets become invalid.

IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through this router. To allow the VPN traffic to pass through without filtering, the type of tunnel that will be used as a pass through must be enabled.

Services

Services are functions performed by server computers at the request of client computers. For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other players’ moves. When a computer on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number. This number appears as the destination port number in the transmitted IP packets. For example, a packet that is sent with destination port number 80 is an HTTP (Web server) request.

The service numbers for many common protocols are defined by the Internet Engineering Task Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other applications are typically chosen from the range 1024 to 65535 by the authors of the application.

Although the FVG318 already holds a list of many service port numbers, you are not limited to these choices. Use the Services menu to add additional services and applications to the list for use in defining firewall rules. The Services menu shows a list of services that you have defined.

To define a new service, first you must determine which port number or range of numbers is used by the application. This information can usually be determined by contacting the publisher of the application or from user groups of news groups.

To add a service:

1.When you have the port number information, go the Security > Services. The Services screen will display.

2.In the Add Custom Services section:

a.Enter a descriptive name for the service in the Name field (so that you will remember what it is).

4-12

Firewall Protection and Content Filtering

v1.0, September 2007

Page 71 Page 73
Page 72
Image 72
NETGEAR FVG318NA manual Services
Page 71 Page 73
Top Page Image Contents