Chapter 13 Firewall

Table 63 Security > Firewall > Services

LABEL

DESCRIPTION

Do not respond

Select this option to prevent hackers from finding the NBG-460N by

to requests for

probing for unused ports. If you select this option, the NBG-460N will

unauthorized

not respond to port request(s) for unused ports, thus leaving the

services

unused ports and the NBG-460N unseen. By default this option is not

 

selected and the NBG-460N will reply with an ICMP Port Unreachable

 

packet for a port probe on its unused UDP ports, and a TCP Reset

 

packet for a port probe on its unused TCP ports.

 

Note that the probing packets must first traverse the NBG-460N's

 

firewall mechanism before reaching this anti-probing mechanism.

 

Therefore if the firewall mechanism blocks a probing packet, the NBG-

 

460N reacts based on the firewall policy, which by default, is to send a

 

TCP reset packet for a blocked TCP packet. You can use the command

 

"sys firewall tcprst rst [onoff]" to change this policy. When the firewall

 

mechanism blocks a UDP packet, it drops the packet without sending a

 

response packet.

 

 

Firewall Rule

 

 

 

#

This is your firewall rule number. The ordering of your rules is important

 

as rules are applied in turn. Use the Move button to rearrange the

 

order of the rules.

 

 

Active

This icon is green when the rule is turned on. The icon is grey when the

 

rule is turned off.

 

 

Service Name

This field displays the services and port numbers to which this firewall

 

rule applies.

 

 

IP

This field displays the IP address(es) the rule applies to.

 

 

Schedule

This field displays the days the firewall rule is active.

 

 

Log

This field shows you whether a log will be created when packets match

 

the rule (Match) or not (No).

 

 

Modify

Click the Edit icon to modify an existing rule setting in the fields under

 

the Add Firewall Rule screen.

 

Click the Remove icon to delete a rule. Note that subsequent firewall

 

rules move up by one when you take this action.

 

 

Add

Click the Add button to display the screen where you can configure a

 

new firewall rule. Modify the number in the textbox to add the rule

 

before a specific rule number.

 

 

Move

The Move button moves a rule to a different position. In the first text

 

box enter the number of the rule you wish to move. In the second text

 

box enter the number of the rule you wish to move the first rule to and

 

click the Move button.

 

 

Misc setting

 

 

 

Bypass Triangle

Select this check box to have the NBG-460N firewall ignore the use of

Route

triangle route topology on the network.

 

 

Max NAT/

Type a number ranging from 1 to 16000 to limit the number of NAT/

Firewall Session

firewall sessions that a host can create.

Per User

 

 

 

Apply

Click Apply to save the settings.

 

 

Reset

Click Reset to start configuring this screen again.

 

 

184

NBG-460N User’s Guide

Page 184
Image 184
ZyXEL Communications wireless n gigbit router zyxel manual 184, Add Firewall Rule screen