Home » Netgear Manuals » Bridges & Routers » Netgear FVS336G » Manual Viewer

Netgear FVS336G FVS336G Reference Manual - Page 83

Web Components blocking, Proxy, ActiveX, Cookies, Keyword Blocking, Domain Name Blocking

UPC - 606449052015

Add to My Manuals
Save this manual to your list of manuals

Page 83 highlights

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual • Web Components blocking. You can filter the following Web Component types: Proxy, Java, ActiveX, and Cookies. For example, by enabling Java filtering, "Java" files will be blocked. Certain commonly used web components can be blocked for increased security. Some of these components are can be used by malicious websites to infect computers that access them. - Proxy. A proxy server (or simply, proxy) allows computers to route connections to other computers through the proxy, thus circumventing certain firewall rules. For example, if connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective. Enabling this feature blocks proxy servers. - Java. Blocks java applets from being downloaded from pages that contain them. Java applets are small programs embedded in web pages that enable dynamic functionality of the page. A malicious applet can be used to compromise or infect computers. Enabling this setting blocks Java applets from being downloaded. - ActiveX. Similar to Java applets, ActiveX controls install on a Windows computer running Internet Explorer. A malicious ActiveX control can be used to compromise or infect computers. Enabling this setting blocks ActiveX applets from being downloaded. - Cookies. Cookies are used to store session information by websites that usually require login. However, several websites use cookies to store tracking information and browsing habits. Enabling this option filters out cookies from being created by a website.. Note: Many websites require that cookies be accepted in order for the site to be accessed properly. Blocking cookies may interfere with useful functions provided by these websites. • Keyword Blocking (Domain Name Blocking). You can specify up to 32 words that, should they appear in the Web site name (URL) or in a newsgroup name, will cause that site or newsgroup to be blocked by the VPN firewall. You can apply the keywords to one or more groups. Requests from the PCs in the groups for which keyword blocking has been enabled will be blocked. Blocking does not occur for the PCs that are in the groups for which keyword blocking has not been enabled. You can bypass Keyword blocking for trusted domains by adding the exact matching domain to the list of Trusted Domains. Access to the domains or keywords on this list by PCs, even those in the groups for which keyword blocking has been enabled, will still be allowed without any blocking. Firewall Protection and Content Filtering v1.2, June 2008 4-21

Section	Page
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats, and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Introduction	17
Key Features	17
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	18
Advanced VPN Support for Both IPsec and SSL	18
A Powerful, True Firewall with Content Filtering	19
Autosensing Ethernet Connections with Auto Uplink	19
Extensive Protocol Support	20
Easy Installation and Management	20
Maintenance and Support	21
Package Contents	21
Front Panel Features	22
Rear Panel Features	23
Default IP Address, Login Name, and Password Location	24
Qualified Web Browsers	24
Chapter 2 Connecting the FVS336G to the Internet	27
Understanding the Connection Steps	27
Logging into the VPN Firewall Router	28
Navigating the Menus	30
Configuring the Internet Connections	30
Automatically Detecting and Connecting	30
Manually Configuring the Internet Connection	34
Configuring the WAN Mode (Required for Dual WAN)	37
Network Address Translation	38
Classical Routing	38
Configuring Auto-Rollover Mode	39
Configuring Load Balancing	41
Configuring Dynamic DNS (Optional)	43
Configuring the Advanced WAN Options (Optional)	45
Additional WAN Related Configuration	47
Chapter 3 LAN Configuration	49
Using the VPN Firewall as a DHCP server	49
Configuring the LAN Setup Options	50
Managing Groups and Hosts (LAN Groups)	53
Viewing the LAN Groups Database	54
Changing Group Names in the LAN Groups Database	55
Configuring DHCP Address Reservation	56
Configuring Multi Home LAN IP Addresses	57
Configuring Static Routes	58
Configuring Static Routes	58
Configuring Routing Information Protocol (RIP)	60
Chapter 4 Firewall Protection and Content Filtering	63
About Firewall Protection and Content Filtering	63
Using Rules to Block or Allow Specific Kinds of Traffic	64
About Services-Based Rules	65
Viewing the Rules	69
Order of Precedence for Rules	70
Setting the Default Outbound Policy	70
Creating a LAN WAN Outbound Services Rule	71
Creating a LAN WAN Inbound Services Rule	72
Inbound Rules Examples	74
Outbound Rules Example	77
Adding Customized Services	77
Setting Quality of Service (QoS) Priorities	79
Attack Checks	80
Blocking Internet Sites (Content Filtering)	82
Configuring Source MAC Filtering	86
Configuring IP/MAC Address Binding Alerts	88
Configuring Port Triggering	89
Setting a Schedule to Block or Allow Specific Traffic	91
Configuring a Bandwidth Profile	92
Configuring Session Limits	94
E-Mail Notifications of Event Logs and Alerts	95
Administrator Tips	95
Chapter 5 Virtual Private Networking Using IPsec	97
Considerations for Dual WAN Port Systems	97
Configuring an IPsec VPN Connection using the VPN Wizard	100
Creating a VPN Tunnel to a Gateway	100
Creating a VPN Tunnel Connection to a VPN Client	104
Managing VPN Tunnel Policies	109
About IKE	109
Managing IKE Policies	109
About the IKE Policy Table	110
VPN Policy	110
VPN Tunnel Connection Status	112
Creating a VPN Client Connection: VPN Client to FVS336G	112
Configuring the FVS336G	113
Configuring the VPN Client	113
Testing the Connection	115
Configuring Extended Authentication (XAUTH)	115
Configuring XAUTH for VPN Clients	116
User Database Configuration	117
RADIUS Client Configuration	117
Manually Assigning IP Addresses to Remote Users (ModeConfig)	119
Mode Config Operation	119
Configuring the VPN Firewall	120
Configuring the ProSafe VPN Client for ModeConfig	123
Configuring Keepalives and Dead Peer Detection	125
Configuring Keepalive	125
Configuring NetBIOS Bridging with VPN	127
Chapter 6 Virtual Private Networking Using SSL Connections	129
Understanding the Portal Options	129
Planning for SSL VPN	130
Creating the Portal Layout	131
Configuring Domains, Groups, and Users	135
Configuring Applications for Port Forwarding	135
Adding Servers	136
Adding A New Host Name	137
Configuring the SSL VPN Client	138
Configuring the Client IP Address Range	139
Adding Routes for VPN Tunnel Clients	140
Replacing and Deleting Client Routes	140
Using Network Resource Objects to Simplify Policies	141
Adding New Network Resources	141
Configuring User, Group, and Global Policies	143
Viewing Policies	144
Adding a Policy	145
Chapter 7 Managing Users, Authentication, and Certificates	149
Adding Authentication Domains, Groups, and Users	149
Creating a Domain	149
Creating a Group	151
Creating a New User Account	152
Setting User Login Policies	154
Managing Certificates	156
Viewing and Loading CA Certificates	157
Viewing Active Self Certificates	158
Obtaining a Self Certificate from a Certificate Authority	159
Managing your Certificate Revocation List (CRL)	162
Chapter 8 Router and Network Management	165
Performance Management	165
Bandwidth Capacity	165
Features That Reduce Traffic	166
Features That Increase Traffic	169
Using QoS to Shift the Traffic Mix	172
Tools for Traffic Management	172
Changing Passwords and Administrator Settings	172
Enabling Remote Management Access	174
Using the Command Line Interface	176
Using an SNMP Manager	177
Configuration File Management	179
Upgrading the Firmware	181
Configuring Date and Time Service	182
Chapter 9 Monitoring System Performance	185
Enabling the Traffic Meter	185
Activating Notification of Events and Alerts	188
Viewing Firewall Logs	190
Viewing Router Configuration and System Status	191
Monitoring the Status of WAN Ports	193
Monitoring Attached Devices	194
Reviewing the DHCP Log	196
Monitoring Active Users	196
Viewing Port Triggering Status	197
Monitoring VPN Tunnel Connection Status	198
Reviewing the VPN Logs	199
Chapter 10 Troubleshooting	201
Basic Functions	201
Power LED Not On	202
LEDs Never Turn Off	202
LAN or WAN Port LEDs Not On	202
Troubleshooting the Web Configuration Interface	203
Troubleshooting the ISP Connection	204
Troubleshooting a TCP/IP Network Using a Ping Utility	205
Testing the LAN Path to Your VPN Firewall	205
Testing the Path from Your PC to a Remote Device	206
Restoring the Default Configuration and Password	207
Problems with Date and Time	207
Using the Diagnostics Utilities	208
Appendix A Default Settings and Technical Specifications	211
Appendix B Related Documents	215
Appendix C Network Planning for Dual WAN Ports	217
What You Will Need to Do Before You Begin	217
Cabling and Computer Hardware Requirements	219
Computer Network Configuration Requirements	219
Internet Configuration Requirements	220
Where Do I Get the Internet Configuration Parameters?	220
Internet Connection Information Form	221
Overview of the Planning Process	222
Inbound Traffic	222
Virtual Private Networks (VPNs)	222
The Roll-over Case for Firewalls With Dual WAN Ports	223
The Load Balancing Case for Firewalls With Dual WAN Ports	223
Inbound Traffic	224
Inbound Traffic to Single WAN Port (Reference Case)	224
Inbound Traffic to Dual WAN Port Systems	224
Virtual Private Networks (VPNs)	226
VPN Road Warrior (Client-to-Gateway)	227
VPN Gateway-to-Gateway	230
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	233

Match case Limit results 1 per page

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual

Firewall Protection and Content Filtering

4-21

v1.2, June 2008

•

Web Components blocking

. You can filter the following Web Component types: Proxy, Java,

ActiveX, and Cookies. For example, by enabling Java filtering, “Java” files will be blocked.

Certain commonly used web components can be blocked for increased security. Some of these

components are can be used by malicious websites to infect computers that access them.

–

Proxy

. A proxy server (or simply, proxy) allows computers to route connections to other

computers through the proxy, thus circumventing certain firewall rules. For example, if

connections to a specific IP address are blocked by a firewall rule, the requests can be

routed through a proxy that is not blocked by the rule, rendering the restriction ineffective.

Enabling this feature blocks proxy servers.

–

Java

. Blocks java applets from being downloaded from pages that contain them. Java

applets are small programs embedded in web pages that enable dynamic functionality of

the page. A malicious applet can be used to compromise or infect computers. Enabling this

setting blocks Java applets from being downloaded.

–

ActiveX

. Similar to Java applets, ActiveX controls install on a Windows computer

running Internet Explorer. A malicious ActiveX control can be used to compromise or

infect computers. Enabling this setting blocks ActiveX applets from being downloaded.

–

. Cookies are used to store session information by websites that usually require

habits. Enabling this option filters out cookies from being created by a website..

•

Keyword Blocking

(Domain Name Blocking)

. You can specify up to 32 words that, should

they appear in the Web site name (URL) or in a newsgroup name, will cause that site or

newsgroup to be blocked by the VPN firewall.

You can apply the keywords to one or more groups. Requests from the PCs in the groups for

which keyword blocking has been enabled will be blocked. Blocking does not occur for the

PCs that are in the groups for which keyword blocking has not been enabled.

You can bypass Keyword blocking for trusted domains by adding the exact matching domain

to the list of Trusted Domains. Access to the domains or keywords on this list by PCs, even

those in the groups for which keyword blocking has been enabled, will still be allowed without

any blocking.

Note:

Many websites require that cookies be accepted in order for the site to be

accessed properly. Blocking cookies may interfere with useful functions

provided by these websites.