|
| |
| Table 46 Firewall Services | |
|
|
|
| LABEL | DESCRIPTION |
|
|
|
| Do not respond to | Select this option to prevent hackers from finding the ZyXEL Device by probing for |
| requests for | unused ports. If you select this option, the ZyXEL Device will not respond to port |
| unauthorized | request(s) for unused ports, thus leaving the unused ports and the ZyXEL Device |
| services | unseen. By default this option is not selected and the ZyXEL Device will reply with |
|
| an ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a |
|
| TCP Reset packet for a port probe on its unused TCP ports. |
|
| Note that the probing packets must first traverse the ZyXEL Device's firewall |
|
| mechanism before reaching this |
|
| mechanism blocks a probing packet, the ZyXEL Device reacts based on the |
|
| firewall policy, which by default, is to send a TCP reset packet for a blocked TCP |
|
| packet. You can use the command "sys firewall tcprst rst [onoff]" to change this |
|
| policy. When the firewall mechanism blocks a UDP packet, it drops the packet |
|
| without sending a response packet. |
| Enable Services | Select this check box to enable this feature. |
| Blocking |
|
| Available Services | This is a list of |
|
| from using. Select the port you want to block using the |
|
| Add to add the port to the Blocked Services field. |
| Blocked Services | This is a list of services (ports) that will be inaccessible to computers on your LAN |
|
| once you enable service blocking. |
| Custom Port | A custom port is a service that is not available in the |
|
| Services list and you must define using the next two fields. |
| Type | Choose the IP port (TCP or UDP) that defines your customized port from the drop |
|
| down list box. |
| Port Number | Enter the port number range that defines the service. For example, if you want to |
|
| define the Gnutella service, then select TCP type and enter a port range from 6345 |
|
| to 6349. |
| Add | Select a service from the Available Services |
|
| add a service to the Blocked Services |
| Delete | Select a service from the Blocked Services list and then click Delete to remove |
|
| this service from the list. |
| Clear All | Click Clear All to empty the Blocked Services. |
|
|
|
| Day to Block: | Select a check box to configure which days of the week (or everyday) you want the |
|
| content filtering to be active. |
| Time of Day to | Select the time of day you want service blocking to take effect. Configure blocking |
| Block | to take effect all day by selecting All Day. You can also configure specific times by |
| Format) | selecting From and entering the start time in the Start (hour) and Start (min) |
|
| fields and the end time in the End (hour) and End (min) fields. Enter times in 24- |
|
| hour format, for example, "3:00pm" should be entered as "15:00". |
| Bypass Triangle | Select this check box to have the ZyXEL Device firewall ignore the use of triangle |
| Route | route topology on the network. See the appendix for more on triangle route |
|
| topology. |
| Max NAT/Firewall | Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions |
| Session Per User | that a host can create. |
| Apply | Click Apply to save the settings. |
|
|
|
| Reset | Click Reset to start configuring this screen again. |
|
|
|
Chapter 11 Firewall | 131 |