ZyXEL NBG-460N User Guide - Page 174
Security > Firewall > Services
View all ZyXEL NBG-460N manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 174 highlights
Chapter 13 Firewall Table 60 Security > Firewall > Services LABEL DESCRIPTION Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the NBG-460N by probing for unused ports. If you select this option, the NBG-460N will not respond to port request(s) for unused ports, thus leaving the unused ports and the NBG-460N unseen. By default this option is not selected and the NBG-460N will reply with an ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a TCP Reset packet for a port probe on its unused TCP ports. Firewall Rule # Active Service Name IP Schedule Log Modify Note that the probing packets must first traverse the NBG-460N's firewall mechanism before reaching this anti-probing mechanism. Therefore if the firewall mechanism blocks a probing packet, the NBG460N reacts based on the firewall policy, which by default, is to send a TCP reset packet for a blocked TCP packet. You can use the command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall mechanism blocks a UDP packet, it drops the packet without sending a response packet. This is your firewall rule number. The ordering of your rules is important as rules are applied in turn. Use the Move button to rearrange the order of the rules. This icon is green when the rule is turned on. The icon is grey when the rule is turned off. This field displays the services and port numbers to which this firewall rule applies. This field displays the IP address(es) the rule applies to. This field displays the days the firewall rule is active. This field shows you whether a log will be created when packets match the rule (Match) or not (No). Click the Edit icon to modify an existing rule setting in the fields under the Add Firewall Rule screen. Click the Remove icon to delete a rule. Note that subsequent firewall rules move up by one when you take this action. Add Click the Add button to display the screen where you can configure a new firewall rule. Modify the number in the textbox to add the rule before a specific rule number. Move The Move button moves a rule to a different position. In the first text box enter the number of the rule you wish to move. In the second text box enter the number of the rule you wish to move the first rule to and click the Move button. Misc setting Bypass Triangle Select this check box to have the NBG-460N firewall ignore the use of Route triangle route topology on the network. Max NAT/ Type a number ranging from 1 to 16000 to limit the number of NAT/ Firewall Session firewall sessions that a host can create. Per User Apply Click Apply to save the settings. Reset Click Reset to start configuring this screen again. 174 NBG-460N User's Guide