Cisco RV042 User Guide - Page 37

Firewall > Access Rules, Restrict WEB Features - site site vpn setup

Get Cisco RV042 - Small Business Dual WAN VPN Router PDF manuals and user guides
UPC - 745883560530
View all Cisco RV042 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 37 highlights

Chapter 4 Advanced Configuration as SYN Flooding, Smurf, LAND, Ping of Death, IP Spoofing, and reassembly attacks. Block WAN Request This option is enabled by default. Using this feature, the Router drops both unaccepted TCP request and ICMP packets from the WAN side. Hackers will not find the Router by pinging the WAN IP address. Remote Management This option is disabled by default. If you want to manage the Router through a WAN connection, first change the password on the Setup > Password screen (this prevents any user from accessing the Router with the default password). Then select Enable for the Remote Management setting, and enter the port number (port 80, the default, or 8080 is usually used). NOTE: If the Remote Management feature on the Firewall > General screen has been enabled, then users with administrative privileges can remotely access the web-based utility. Use http://, or use https:// if you have enabled the HTTPS feature. HTTPS HTTPS is a secured HTTP session. If Remote Management is enabled, HTTPS is enabled by default. NOTE: If you disable the HTTPS feature, then you also disable the Linksys QuickVPN service on the Router. MulticastPassThrough Thisoptionisdisabledbydefault. IP multicasting occurs when a single data transmission is sent to multiple recipients at the same time. Using this feature, the Router allows IP multicast packets to be forwarded to the appropriate LAN devices. Multicast Pass Through is used for Internet games, videoconferencing, and multimedia applications. MTU (Maximum Transmission Unit) This setting specifies the largest packet size permitted for network transmission. In most cases, keep the default, Auto. To specify the MTU, select Manual, and then enter the maximum MTU size. Restrict WEB Features Block Select the filters you want to use. •• Java Java is a programming language for websites. If you deny Java applets, you run the risk of losing access to Internet sites created using this programming language. To block Java applets, select Java. •• Cookies A cookie is data stored on your PC and used by Internet sites when you interact with them. To block cookies, select Cookies. 10/100 4-Port VPN Router •• ActiveX ActiveX is a programming language for websites. If you deny ActiveX, you run the risk of losing access to Internet sites created using this programming language. To block ActiveX, select ActiveX. •• Access to HTTP Proxy Servers Use of WAN proxy servers may compromise the Router's security. If you block access to HTTP proxy servers, then you block access to WAN proxy servers. To block access, select Access to HTTP Proxy Servers. Don't block Java/ActiveX/Cookies/Proxy to Trusted Domains To keep trusted sites unblocked, select this option. You will be able to specify a list of trusted domains. Click Save Settings to save your changes, or click Cancel Changes to undo them. Firewall > Access Rules Access rules evaluate network traffic to decide whether or not it is allowed to pass through the Router's firewall. Access Rules look specifically at a data transmission's source IP address, destination IP address, and IP protocol type, and you can apply each access rule according to a different schedule. With the use of custom rules, it is possible to disable all firewall protection or block all access to the Internet, so use extreme caution when creating or deleting access rules. The Router has the following default rules: •• All traffic from the LAN to the WAN is allowed. •• All traffic from the WAN to the LAN is denied. •• All traffic from the LAN to the DMZ is allowed. •• All traffic from the DMZ to the LAN is denied. •• All traffic from the WAN to the DMZ is allowed. •• All traffic from the DMZ to the WAN is allowed. Custom rules can be created to override the above default rules, but there are four additional default rules that will be always active and cannot be overridden by any custom rules. •• HTTP service from the LAN to the Router is always allowed. •• DHCP service from the LAN is always allowed. •• DNS service from the LAN is always allowed. •• Ping service from the LAN to the Router is always allowed. 30

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
Chapter 4
Advanced Configuration
30
10/100 4-Port VPN Router
as SYN Flooding, Smurf, LAND, Ping of Death, IP Spoofing,
and reassembly attacks.
Block WAN Request
This option is enabled by default.
Using this feature, the Router drops both unaccepted TCP
request and ICMP packets from the WAN side. Hackers will
not find the Router by pinging the WAN IP address.
Remote
Management
This
option
is
disabled
by
default. If you want to manage the Router through a WAN
connection, first change the password on the
Setup >
Password
screen (this prevents any user from accessing
the Router with the default password). Then select
Enable
for the Remote Management setting, and enter the port
number (port
80
, the default, or 8080 is usually used).
NOTE:
If the Remote Management feature on
the
Firewall > General
screen has been enabled,
then users with administrative privileges can
remotely access the web-based utility. Use
http://<WAN IP address of the Router>
, or
use
https://<WAN IP address of the Router>
if
you have enabled the HTTPS feature.
HTTPS
HTTPS is a secured HTTP session. If Remote
Management is enabled, HTTPS is enabled by default.
NOTE:
If you disable the HTTPS feature, then
you also disable the Linksys QuickVPN service
on the Router.
Multicast Pass Through
This option is disabled by default.
IP multicasting occurs when a single data transmission
is sent to multiple recipients at the same time. Using
this feature, the Router allows IP multicast packets to be
forwarded to the appropriate LAN devices. Multicast Pass
Through is used for Internet games, videoconferencing,
and multimedia applications.
MTU
(Maximum
Transmission
Unit)
This
setting
specifies the largest packet size permitted for network
transmission. In most cases, keep the default,
Auto
.
To specify the MTU, select
Manual
, and then enter the
maximum MTU size.
Restrict WEB Features
Block
Select the filters you want to use.
Java
Java is a programming language for websites. If
you deny Java applets, you run the risk of losing access
to Internet sites created using this programming
language. To block Java applets, select
Java
.
Cookies
A cookie is data stored on your PC and used
by Internet sites when you interact with them. To block
cookies, select
Cookies
.
ActiveX
ActiveX is a programming language for
websites. If you deny ActiveX, you run the risk of losing
access to Internet sites created using this programming
language. To block ActiveX, select
ActiveX
.
Access to HTTP Proxy Servers
Use of WAN proxy
servers may compromise the Router’s security. If you
block access to HTTP proxy servers, then you block
access to WAN proxy servers. To block access, select
Access to HTTP Proxy Servers
.
Don’t block Java/ActiveX/Cookies/Proxy to Trusted
Domains
To
keep
trusted
sites
unblocked,
select
this option. You will be able to specify a list of trusted
domains.
Click
Save Settings
to save your changes, or click
Cancel
Changes
to undo them.
Firewall > Access Rules
Access rules evaluate network traffic to decide whether
or not it is allowed to pass through the Router’s firewall.
Access Rules look specifically at a data transmission’s
source IP address, destination IP address, and IP protocol
type, and you can apply each access rule according to a
different schedule.
With the use of custom rules, it is possible to disable all
firewall protection or block all access to the Internet, so
use extreme caution when creating or deleting access
rules.
The Router has the following default rules:
All traffic from the LAN to the WAN is allowed.
All traffic from the WAN to the LAN is denied.
All traffic from the LAN to the DMZ is allowed.
All traffic from the DMZ to the LAN is denied.
All traffic from the WAN to the DMZ is allowed.
All traffic from the DMZ to the WAN is allowed.
Custom rules can be created to override the above default
rules, but there are four additional default rules that will
be always active and cannot be overridden by any custom
rules.
HTTP service from the LAN to the Router is always
allowed.
DHCP service from the LAN is always allowed.
DNS service from the LAN is always allowed.
Ping service from the LAN to the Router is always
allowed.