Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

Order of Precedence for Rules

As you define new rules, they are added to the tables in the Rules menu. For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order of the entries in the Rules Table, beginning at the top and proceeding to the default rules at the bottom. In some cases, the order of precedence of two or more rules may be important in determining the disposition of a packet. The Move button allows you to relocate a defined rule to a new position in the table.

Rules Menu Options

Use the Options checkboxes to enable the following:

Enable VPN Passthrough (IPSec, PPTP, L2TP)

If LAN users need to use VPN (Virtual Private Networking) software on their computer, and connect to remote sites or servers, enable this checkbox. This will allow the VPN protocols (IPSec, PPTP, L2TP) to be used. If this checkbox is not checked, these protocols are blocked.

Drop fragmented IP packets

If checked, all fragmented IP packets will be dropped (discarded). Normally, this should NOT be checked.

Block TCP flood

If checked, when a TCP flood attack is detected, the port used will be closed, and no traffic will be able to use that port.

Block UDP flood

If checked, when a UDP flood attack is detected, all traffic from that IP address will be blocked.

Block non-standard packets

If checked, only known packet types will be accepted; other packets will be blocked. The known packet types are TCP, UDP, ICMP, ESP, and GRE. Note that these are packet types, not protocols.

Firewall Protection and Content Filtering

6-11

201-10301-02, May 2005

Page 89
Image 89
NETGEAR FWG114P v2 manual Order of Precedence for Rules, Rules Menu Options