Home » Netgear Manuals » Network Security & Firewall Devices » Netgear DGFV338 » Manual Viewer

Netgear DGFV338 DGFV338 Reference Manual - Page 80

LAN Server IP Address, Destination LAN Users

Add to My Manuals
Save this manual to your list of manuals

Page 80 highlights

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual However, by defining an inbound rule you can make a local server (for example, a Web server or game server) visible and available to the Internet. The rule tells the firewall to direct inbound traffic for a particular service to one local server. If you enable Translate to a Port Number, the traffic will be forwarded to a specific port based on the destination port number. This is also known as port forwarding. This following lists all the existing rules for incoming traffic. Remember that allowing inbound services opens holes in your firewall. Only enable those ports that are necessary for your network. A rule is defined by the following fields: • ! (Status): A rule can be disabled if not in use and enabled as needed. A rule is disabled if the status light is grey and it is enabled if the status light is green. Disabling a rule does not delete the configuration, but merely de-activates the rule. • Service Name: This is a unique name assigned to the service. The name usually indicates the type of traffic the rule covers such as ftp, ssh, telnet, ping, etc. Services not already in the list can be are added on the Services page. • Filter: Defines an action to be taken on the enabled rule. It can be: - Block Always: Block selected service at all times. - Enable Always: Allow selected service to pass through at all times. - Block by schedule, otherwise allow: Works in conjunction with a schedule defined in the Schedule 1/2/3 pages. Selected service will be blocked during the scheduled interval and will be allowed to pass through at other times. - Allow by schedule, otherwise block: Works in conjunction with a schedule defined in the Schedule 1/2/3 pages. Selected service will be allowed to pass through during the scheduled interval and will be blocked at other times. • LAN Server IP Address: An IP address and port number of a machine on the LAN which is hosting the server. It is displayed in the form: . For example, if a machine with an IP address of 192.168.1.100 on the LAN side is running a telnet server on port 2000, then the table will display 192.168.10.100:2000. If the telnet server is running on the default port (port 23), then the table will display only the IP address. • Destination LAN Users: Specifies whether one or more IP addresses on the LAN will be affected by the rule. This field is only enabled when in routing mode since the LAN is accessible only in this mode. - Any: All computers on the LAN will be affected by the rule. - Single Address: A single IP address on the LAN will be affected by the rule. 4-8 Security and Firewall Protection v1.0, April 2007

Section	Page
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual	1
Contents	11
About This Manual	17
Conventions, Format and Scope	17
How to Use This Manual	18
How to Print this Manual	18
Chapter 1 Introduction	21
Key Features of the NETGEAR ProSafe DGFV338	21
Full Routing on Both the ADSL and 10/100 WAN Port	22
A Powerful, True Firewall with Content Filtering	22
Security	23
Virtual Private Networking (VPN)	23
Autosensing Ethernet Connections with Auto Uplink	23
Extensive Protocol Support	24
Easy Installation and Management	24
Maintenance and Support	25
System Requirements	25
Package Contents	26
Hardware Description	26
Router Front Panel	26
Router Rear Panel	28
Router Login Factory Defaults	29
Placement of your NETGEAR ProSafe DGFV338	30
Chapter 2 Basic Installation and Configuration	31
Using ADSL Microfilters (optional)	32
Logging in and Configuring your Internet Connection	33
Configuring Your Internet Connection using Auto Detect	34
Manually Configuring your ADSL Connection	36
Manually Configuring your Ethernet Connection	38
Selecting Advanced Options for your Ethernet or ADSL Connection	40
Configuring the WAN Mode	44
Configuring Dynamic DNS (If Needed)	47
Programming the Traffic Meter	50
Chapter 3 Wireless Configuration	53
Implementing Wireless Security	53
Understanding Wireless Settings	55
Wireless LANs	56
Access Control List	58
Wireless Advanced Options	59
Advanced Wireless Router Settings	59
WEP and WPA/WPA2 Wireless Security Check List Form	60
Configuring Your Wireless Settings	61
Configuring WEP	62
Configuring WPA-PSK	64
Configuring WPA2-PSK	65
Configuring WPA-PSK and WPA2-PSK	66
Configuring WPA with RADIUS	67
Configuring WPA2 with RADIUS	68
Configuring WPA and WPA2 with RADIUS	69
Restricting Wireless Access by MAC Address	70
Chapter 4 Security and Firewall Protection	73
Firewall Protection and Content Filtering Overview	73
Using Rules to Block or Allow Specific Kinds of Traffic	73
About Service Based Rules	74
Outbound Rules (Service Blocking)	75
The DGFV338 allows you to block the use of certain Internet services by PCs on your network. This is called service blocking or port filtering.	75
Outbound Rule Example: Blocking Instant Messenger	79
Inbound Rules (Port Forwarding)	79
Because the DGFV338 uses Network Address Translation (NAT), your network presents only one IP address to the Internet and outsid...	79
Inbound Rule Example: A Local Public Web Server	84
Inbound Rule Example: Allowing Videoconference from Restricted Addresses	84
Inbound Rule Example: One-to-One NAT Mapping	85
Inbound Rule Example: Exposed Host	87
Considerations for Inbound Rules	88
Order of Precedence for Rules	89
Customized Services	89
Quality of Service (QoS) Priorities	91
Attack Checks	92
Managing Groups and Hosts	93
Blocking Internet Sites	96
Enabling Source MAC Filtering	99
Setting up Port Triggering	100
Setting a Schedule to Block or Allow Specific Traffic	103
Event Logs and Alerts	104
Security and Administrator Management	107
Chapter 5 Virtual Private Networking	109
Dual WAN Port Systems	109
Setting up a VPN Connection using the VPN Wizard	110
VPN Tunnel Policies	113
IKE Policy	113
Managing IKE Policies	114
IKE Policy Table	114
VPN Policy	115
Managing VPN Policies	115
VPN Policy Table	116
VPN Tunnel Connection Status	116
Creating a VPN Connection: Between FVX538 and DGFV338	117
Configuring the ProSafe DGFV338	117
Configuring the FVX538	122
Testing the Connection	123
Creating a VPN Client Connection: VPN Client to DGFV338	123
Configuring the DGFV338	123
Configuring the VPN Client	125
Testing the Connection	129
Certificate Authorities	130
Generating a Self Certificate Request	131
Uploading a Trusted Certificate	133
Managing your Certificate Revocation List (CRL)	133
Extended Authentication (XAUTH) Configuration	134
Configuring XAUTH for VPN Clients	135
User Database Configuration	137
RADIUS Client Configuration	138
Manually Assigning IP Addresses to Remote Users (ModeConfig)	140
Mode Config Operation	140
Configuring the ProSafe DGFV338	141
Configuring the ProSafe VPN Client for ModeConfig	144
Chapter 6 Router and Network Management	149
Performance Management	149
Wireless Firewall Features That Reduce Traffic	149
Service Blocking	150
Block Sites	151
Source MAC Filtering	152
Wireless Firewall Features That Increase Traffic	152
Port Forwarding	152
Port Triggering	154
VPN Tunnels	154
Using QoS to Shift the Traffic Mix	154
Tools for Traffic Management	155
Administrator and Guest Access Authorization	155
Changing the Passwords and Login Time-out	155
Enabling Remote Management Access	156
Command Line Interface	158
Event Alerts	159
Traffic Limits Reached	159
Monitoring	160
Router Status	160
WAN Ports	162
Internet Traffic	163
LAN Ports and Attached Devices	165
Known PCs and Devices	165
DHCP Log	166
Port Triggering Status	167
Firewall Security	167
VPN Tunnels	169
Using a SNMP Manager	170
Diagnostics	172
Configuration File Management	174
Settings Backup and Firmware Upgrade	174
Backup and Restore Settings	174
Router Upgrade	176
Setting the Time Zone	177
Chapter 7 LAN Configuration	179
Using the Firewall as a DHCP server	179
Configuring the LAN Setup Options	180
Using Address Reservation	181
Configuring Multi Home LAN IPs	182
Configuring Static Routes	185
Adding or Editing a Static Route	185
Routing Information Protocol (RIP)	186
Static Route Example	188
Enabling Universal Plug and Play (UPnP)	188
Chapter 8 Troubleshooting	191
Basic Functions	191
Power LED Not On	191
LEDs Never Turn Off	192
LAN or Internet Port LEDs Not On	192
Troubleshooting the Web Configuration Interface	192
Troubleshooting the ISP Connection	193
Troubleshooting a TCP/IP Network Using a Ping Utility	195
Testing the LAN Path to Your Firewall	195
Testing the Path from Your PC to a Remote Device	196
Restoring the Default Configuration and Password	197
Problems with Date and Time	197
Appendix A Default Settings and Technical Specifications	199
Default Factory Settings	199
Technical Specifications	201
Appendix B Related Documents	203

Match case Limit results 1 per page

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

4-8

Security and Firewall Protection

v1.0, April 2007

However, by defining an inbound rule you can make a local server (for example, a Web server or

game server) visible and available to the Internet. The rule tells the firewall to direct inbound

traffic for a particular service to one local server. If you enable Translate to a Port Number, the

traffic will be forwarded to a specific port based on the destination port number. This is also

known as port forwarding.

This following lists all the existing rules for incoming traffic. Remember that allowing inbound

services opens holes in your firewall. Only enable those ports that are necessary for your network.

A rule is defined by the following fields:

•

! (Status)

: A rule can be disabled if not in use and enabled as needed. A rule is disabled if the

status light is grey and it is enabled if the status light is green. Disabling a rule does not delete

the configuration, but merely de-activates the rule.

•

Service Name

: This is a unique name assigned to the service. The name usually indicates the

type of traffic the rule covers such as ftp, ssh, telnet, ping, etc. Services not already in the list

can be are added on the Services page.

•

Filter

: Defines an action to be taken on the enabled rule. It can be:

–

Block Always

: Block selected service at all times.

–

Enable Always

: Allow selected service to pass through at all times.

–

Block by schedule, otherwise allow

: Works in conjunction with a schedule defined in the

Schedule 1/2/3 pages. Selected service will be blocked during the scheduled interval and

will be allowed to pass through at other times.

–

Allow by schedule, otherwise block

: Works in conjunction with a schedule defined in the

Schedule 1/2/3 pages. Selected service will be allowed to pass through during the

scheduled interval and will be blocked at other times.

•

LAN Server IP Address

: An IP address and port number of a machine on the LAN which is

hosting the server. It is displayed in the form: <

IP address:port number

For example, if a machine with an IP address of 192.168.1.100 on the LAN side is running a

telnet server on port 2000, then the table will display 192.168.10.100:2000. If the telnet server

is running on the default port (port 23), then the table will display only the IP address.

•

Destination LAN Users

: Specifies whether one or more IP addresses on the LAN will be

affected by the rule. This field is only enabled when in routing mode since the LAN is

accessible only in this mode.

–

Any

: All computers on the LAN will be affected by the rule.

–

Single Address

: A single IP address on the LAN will be affected by the rule.