NETGEAR FVS338 Adding Customized Services

FVS338 ProSafe VPN Firewall 50 Re ference Manual

4-18 Firewall Protection and Content Filtering

v1.0, March 2008

Outbound Rules Example – Blocking Instant Messenger

Outbound rules let you prevent users from using applications such as AOL Instant Messenger,

Real Audio or other non-essential sites.

If you want to block AOL Instant Messenger usage by employees during working hours, you can

create an outbound rule to block that application from any internal IP address to any external

address according to the schedule that you have created in the Schedule menu. You can also have

the firewall log any attempt to use Instant Messenger during that blocked period.

.

Adding Customized Services

Services are functions performed by server computers at the request of clie nt computers. You can

configure up to 125 custom services.

For example, Web servers serve Web pages, time servers serve time and date information, and

game hosts serve data about other players’ moves. When a computer on the Internet sends a

request for service to a server computer, the requested service is identified by a service or port

number. This number appears as the destination port number in the transmitted IP packets. For

example, a packet that is sent with destination port number 80 is an HTTP (Web server) request.

The service numbers for man y common protocols are defined by the Internet Engineering Task

Force (IETF) and published in RFC1 700, “Assigned Internet Protocol Numbers.” Service numbers

for other applications are typically chosen from the range 1024 to 65535 by the authors of the

application.

Figure 4-12

Contents

Main Page iii Voluntary Control Council for Interference (VCCI) Statement Additional Copyrights v1.0, March 20 08 iv v Product and Publication Details Contents Page Page Page Page Page About This Manual Conventions, Formats and Scope How to Use This Manual How to Print this Manual Revision History Page Chapter 1 Introduction Key Features Full Routing on Both the Broadband and Serial WAN Ports A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents Router Hardware Components Router Front Panel FVS338 ProSafe VPN Firewall 50 Re ference Manual 1-6 Introduction Router Rear Panel Figure 1-2 Table 1-1. Object Descriptions Rack Mounting Hardware Factory Default Login Page Chapter 2 Connecting the FVS338 to the Internet Connecting the VPN Firewall to Your Network Logging in to the VPN Firewall Configuring your Internet Connection Page Page Page Page Setting the Routers MAC Address (Advanced Options) Page Manually Configuring Your Internet Connection Page Page Programming the Traffic Meter (if Desired) Page FVS338 ProSafe VPN Firewall 50 Re ference Manual 2-14 Connecting the FVS338 to the Internet Table 2-2. Traffic Meter Settings Configuring the WAN Mode Configuring Dynamic DNS (If Needed) Page Page Chapter 3 LAN Configuration Configuring Your LAN (Local Area Network) Using the VPN Firewall as a DHCP Server Page Page Configuring Multi-Home LAN IPs Page Managing Groups and Hosts Creating the Network Database Page Page Page Setting Up Address Reservation Configuring Static Routes Static Route Example RIP Configuration Page Page Chapter 4 Firewall Protection and Content Filtering About Firewall Security Using Rules to Block or Allow Specific Kinds of Traffic Services-Based Rules FVS338 ProSafe VPN Firewall 50 Reference Manual Firewall Protection and Content Filtering 4-3 Table 4-1. Outbound Rules Fields Page FVS338 ProSafe VPN Firewall 50 Reference Manual Firewall Protection and Content Filtering 4-5 Table 4-2. Inbound Rules Fields Order of Precedence for Firewall Rules Setting LAN WAN Rules LAN WAN Outbound Services Rules LAN WAN Inbound Services Rules Attack Checks Page Session Limit Inbound Rules Examples Page Page Page Page Outbound Rules Example Blocking Instant Messenger Adding Customized Services Page Specifying Quality of Service (QoS) Priorities Setting a Schedule to Block or Allow Traffic Setting Block Sites (Content Filtering) Page Page Page IP/MAC Binding Page Setting Up Port Triggering Page Bandwidth Limiting Page E-Mail Notifications of Event Logs and Alerts Page Page Page Administrator Information Page Page Chapter 5 Virtual Private Networking Dual WAN Port Systems Setting up a VPN Connection using the VPN Wizard Creating a VPN Tunnel to a Gateway Creating a VPN Tunnel Connection to a VPN Client IKE Policies IKE Policy Operation IKE Policy Table VPN Policies VPN Policy Operation VPN Policy Table VPN Tunnel Connection Status Creating a VPN Gateway Connection: Between FVS338 and FVX538 Configuring the FVS338 Page Page Configuring the FVX538 Testing the Connectio n Creating a VPN Client Connection: VPN Client to FVS338 Configuring the FVS338 Configuring the VPN Client Page Page Page Page Testing the Connectio n Extended Authentication (XAUTH) Configuration Configuring XAUTH for VPN Clients User Database Configuration RADIUS Client Configuration Page Manually Assigning IP Addresses to Remote Users (ModeConfig) ModeConfig Operation Setting Up ModeConfig Page Page Page Configuring the ProSafe VPN Client for ModeConfig Page Page Certificates Trusted Certificates (CA Certificates) Self Certificates Page Page Managing your Certificate Revocation List (CRL) Page Chapter 6 Router and Network Management Performance Management VPN Firewall Features That Reduce Traffic Page Page VPN Firewall Features That Increase Traffic Page Page Using QoS to Shift the Traffic Mix Tools for Traffic Management Administration Changing Passwords and Settings Page Enabling Remote Management Access Page Page Using a SNMP Manager Page Settings Backup and Firmware Upgrade Page Setting the Time Zone Monitoring the Router Enabling the Traffic Meter Setting Login Failures and Attacks Notification Page Viewing Port Triggering Status Viewing Router Configuration and System Status Monitoring WAN Ports Status Monitoring VPN Tunnel Connection Status VPN Logs DHCP Log Page Page Page Chapter 7 Troubleshooting Basic Functions Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the Web Configuration Interface Page Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Firewall Testing the Path from Your PC to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Default Settings and Technical Specifications FVS338 ProSafe VPN Firewall 50 Re ference Manual Technical Specifications for the ProSafe VPN Firewall 50 are listed in the following table. A-2 Default Settings and Technical Specifications Table A-2. VPN firewall Default Technical Specifications Table A-1. FVS338 Default Settings (continued) Page Page Appendix B System Logs and Error Messages System Log Messages System Startup Reboot NTP FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-3 Login/Logout This section describes logs generated by the administrative interfaces of the device. This logging is always done. Firewall Restart Table B-4. System Logs: NTP IPSec Restart WAN Status Page FVS338 ProSafe VPN Firewall 50 Re ference Manual B-6 System Logs and Error Messages System Logs: WAN Status, Auto Rollover FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-7 PPPoE Idle-Timeout Logs. Table B-9. System Logs: WAN Status, PPE, PPPoE Idle-Timeout FVS338 ProSafe VPN Firewall 50 Re ference Manual B-8 System Logs and Error Messages PPTP Idle-Timeout Logs. Web Filtering and Content Filtering Logs Table B-10. System Logs: WAN Status, PPE, PPTP Idle-Timeout Table B-11. System Logs: WAN Status, PPE, PPP Authentication FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-9 Table B-12. System Logs: Web Filtering and Content Filtering Traffic Metering Logs Unicast Logs ICMP Redirect Logs FTP Logging Invalid Packet Logging FVS338 ProSafe VPN Firewall 50 Re ference Manual B-12 System Logs and Error Messages FVS338 ProSafe VPN Firewall 50 Reference Manual System Logs and Error Messages B-13 FVS338 ProSafe VPN Firewall 50 Re ference Manual B-14 System Logs and Error Messages Routing Logs LAN to WAN Logs LAN to DMZ Logs WAN to LAN Logs DMZ to WAN Logs DMZ to LAN Logs WAN to DMZ Logs Appendix C Related Documents Page Index-1 Index A B C FVS338 ProSafe VPN Firewall 50 Re ference Manual D E F FVS338 ProSafe VPN Firewall 50 Reference Manual Index-3 G I K FVS338 ProSafe VPN Firewall 50 Re ference Manual Index-4 L M N O FVS338 ProSafe VPN Firewall 50 Reference Manual P Q R FVS338 ProSafe VPN Firewall 50 Re ference Manual Index-6 S T FVS338 ProSafe VPN Firewall 50 Reference Manual Index-7 U V W X