NETGEAR FVS338 Inbound Rules Examples

FVS338 ProSafe VPN Firewall 50 Reference Manual

Firewall Protection and Content Filtering 4-13

v1.0, March 2008

To enable Session Limit:

1. Click the Yes radio button under Do you want to enable Session Limit?

2. From the User Limit Paramete r drop-down list, define the maximum number of sessions per

IP either as a percentage of maximum sessions or as an absolute value.

The percentage is computed on the total connection capacity of the device.

3. Enter the User Limit. If the User Limit Parameter is set to Percentage of Max Sessions, the

limit is the maximum number of sessions allowed from a single source machine as a

percentage of the total connection capacity. (Session Limit is a machine-based value.)

Otherwise, when the User Limit Parameter is set to Number of Sessions, the limit is an

absolute value.

Total Number of Packets Dropped due to Session Limit: Shows total number of packets

dropped when session limit is reached.

4. In the Session Timeout section, modify TCP, UDP, and ICMP timeouts as required. A session

will time out if it does not receive any data for the duration of the specified timeout. The

default values are 1200 seconds for TCP, 180 seconds for UDP, and 8 seconds for ICMP.

5. Click Apply to save your settings.

Inbound Rules Examples

Hosting A Local Public Web Server

If you host a public Web server on your local network, you can define a rule to allow inbound Web

(HTTP) requests from any outside IP address to the IP address of your Web server at any time of

day. This rule is shown in Figure 4-7:

Note: Some protocols (such as FTP or RSTP) create two sessions per connection

which should be considered when configuring Session Limiting.

Contents

Main Page iii Voluntary Control Council for Interference (VCCI) Statement Additional Copyrights v1.0, March 20 08 iv v Product and Publication Details Contents Page Page Page Page Page About This Manual Conventions, Formats and Scope How to Use This Manual How to Print this Manual Revision History Page Chapter 1 Introduction Key Features Full Routing on Both the Broadband and Serial WAN Ports A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents Router Hardware Components Router Front Panel FVS338 ProSafe VPN Firewall 50 Re ference Manual 1-6 Introduction Router Rear Panel Figure 1-2 Table 1-1. Object Descriptions Rack Mounting Hardware Factory Default Login Page Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network Logging in to the VPN Firewall Configuring your Internet Connection Page Page Page Page Setting the Routers MAC Address (Advanced Options) Page Manually Configuring Your Internet Connection Page Page Programming the Traffic Meter (if Desired) Page FVS338 ProSafe VPN Firewall 50 Re ference Manual 2-14 Connecting the FVS338 to the Internet Table 2-2. Traffic Meter Settings Configuring the WAN Mode Configuring Dynamic DNS (If Needed) Page Page Chapter 3 LAN Configuration Configuring Your LAN (Local Area Network) Using the VPN Firewall as a DHCP Server Page Page Configuring Multi-Home LAN IPs Page Managing Groups and Hosts Creating the Network Database Page Page Page Setting Up Address Reservation Configuring Static Routes Static Route Example RIP Configuration Page Page Chapter 4 Firewall Protection and Content Filtering About Firewall Security Using Rules to Block or Allow Specific Kinds of Traffic Services-Based Rules FVS338 ProSafe VPN Firewall 50 Reference Manual Firewall Protection and Content Filtering 4-3 Table 4-1. Outbound Rules Fields Page FVS338 ProSafe VPN Firewall 50 Reference Manual Firewall Protection and Content Filtering 4-5 Table 4-2. Inbound Rules Fields Order of Precedence for Firewall Rules Setting LAN WAN Rules LAN WAN Outbound Services Rules LAN WAN Inbound Services Rules Attack Checks Page Session Limit Inbound Rules Examples Page Page Page Page Outbound Rules Example Blocking Instant Messenger Adding Customized Services Page Specifying Quality of Service (QoS) Priorities Setting a Schedule to Block or Allow Traffic Setting Block Sites (Content Filtering) Page Page Page IP/MAC Binding Page Setting Up Port Triggering Page Bandwidth Limiting Page E-Mail Notifications of Event Logs and Alerts Page Page Page Administrator Information Page Page Chapter 5 Virtual Private Networking Dual WAN Port Systems Setting up a VPN Connection using the VPN Wizard Creating a VPN Tunnel to a Gateway Creating a VPN Tunnel Connection to a VPN Client IKE Policies IKE Policy Operation IKE Policy Table VPN Policies VPN Policy Operation VPN Policy Table VPN Tunnel Connection Status Creating a VPN Gateway Connection: Between FVS338 and FVX538 Configuring the FVS338 Page Page Configuring the FVX538 Testing the Connectio n Creating a VPN Client Connection: VPN Client to FVS338 Configuring the FVS338 Configuring the VPN Client Page Page Page Page Testing the Connectio n Extended Authentication (XAUTH) Configuration Configuring XAUTH for VPN Clients User Database Configuration RADIUS Client Configuration Page Manually Assigning IP Addresses to Remote Users (ModeConfig) ModeConfig Operation Setting Up ModeConfig Page Page Page Configuring the ProSafe VPN Client for ModeConfig Page Page Certificates Trusted Certificates (CA Certificates) Self Certificates Page Page Managing your Certificate Revocation List (CRL) Page Chapter 6 Router and Network Management Performance Management VPN Firewall Features That Reduce Traffic Page Page VPN Firewall Features That Increase Traffic Page Page Using QoS to Shift the Traffic Mix Tools for Traffic Management Administration Changing Passwords and Settings Page Enabling Remote Management Access Page Page Using a SNMP Manager Page Settings Backup and Firmware Upgrade Page Setting the Time Zone Monitoring the Router Enabling the Traffic Meter Setting Login Failures and Attacks Notification Page Viewing Port Triggering Status Viewing Router Configuration and System Status Monitoring WAN Ports Status Monitoring VPN Tunnel Connection Status VPN Logs DHCP Log Page Page Page Chapter 7 Troubleshooting Basic Functions Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the Web Configuration Interface Page Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Firewall Testing the Path from Your PC to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Default Settings and Technical Specifications FVS338 ProSafe VPN Firewall 50 Re ference Manual Technical Specifications for the ProSafe VPN Firewall 50 are listed in the following table. A-2 Default Settings and Technical Specifications Table A-2. VPN firewall Default Technical Specifications Table A-1. FVS338 Default Settings (continued) Page Page Appendix B System Logs and Error Messages System Log Messages System Startup Reboot NTP FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-3 Login/Logout This section describes logs generated by the administrative interfaces of the device. This logging is always done. Firewall Restart Table B-4. System Logs: NTP IPSec Restart WAN Status Page FVS338 ProSafe VPN Firewall 50 Re ference Manual B-6 System Logs and Error Messages System Logs: WAN Status, Auto Rollover FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-7 PPPoE Idle-Timeout Logs. Table B-9. System Logs: WAN Status, PPE, PPPoE Idle-Timeout FVS338 ProSafe VPN Firewall 50 Re ference Manual B-8 System Logs and Error Messages PPTP Idle-Timeout Logs. Web Filtering and Content Filtering Logs Table B-10. System Logs: WAN Status, PPE, PPTP Idle-Timeout Table B-11. System Logs: WAN Status, PPE, PPP Authentication FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-9 Table B-12. System Logs: Web Filtering and Content Filtering Traffic Metering Logs Unicast Logs ICMP Redirect Logs FTP Logging Invalid Packet Logging FVS338 ProSafe VPN Firewall 50 Re ference Manual B-12 System Logs and Error Messages FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-13 FVS338 ProSafe VPN Firewall 50 Re ference Manual B-14 System Logs and Error Messages Routing Logs LAN to WAN Logs LAN to DMZ Logs WAN to LAN Logs DMZ to WAN Logs DMZ to LAN Logs WAN to DMZ Logs Appendix C Related Documents Page Index-1 Index A B C FVS338 ProSafe VPN Firewall 50 Re ference Manual D E F FVS338 ProSafe VPN Firewall 50 Reference Manual Index-3 G I K FVS338 ProSafe VPN Firewall 50 Re ference Manual Index-4 L M N O FVS338 ProSafe VPN Firewall 50 Reference Manual P Q R FVS338 ProSafe VPN Firewall 50 Re ference Manual Index-6 S T FVS338 ProSafe VPN Firewall 50 Reference Manual Index-7 U V W X