Reference Manual for the ProSafe VPN Firewall FVS114

Block non-standard packets — Abnormal packets are often used by hackers and in DoS attacks, but may also be generated by other network devices. This setting should normally be enabled.

Enable DNS proxy — DNS proxy will forward DNS queries to the DNS. If the DNS proxy is disabled, the Router will ignore DNS queries it receives. PCs will then need to contact the DNS directly. This setting should normally be enabled.

Inbound Rules (Port Forwarding)

Because the FVS114 uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers. However, by defining an inbound rule you can make a local server (for example, a Web server or game server) visible and available to the Internet. The rule tells the firewall to direct inbound traffic for a particular service to one local server based on the destination port number. This is also known as port forwarding.

Note: Some residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.

Remember that allowing inbound services opens holes in your FVS114 VPN Firewall. Only enable those ports that are necessary for your network. Following are two application examples of inbound rules:

Inbound Rule Example: A Local Public Web Server

If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day. This rule is shown in Figure 4-3:

4-6

Firewall Protection and Content Filtering

202-10098-01, April 2005

Page 44
Image 44
NETGEAR fvs114 manual Inbound Rules Port Forwarding, Inbound Rule Example a Local Public Web Server