Home » Netgear Manuals » Network Security & Firewall Devices » Netgear FVS336Gv1 » Manual Viewer

Netgear FVS336Gv1 FVS336G Reference Manual - Page 85

Blocking Internet Sites (Content Filtering), Security, Schedule, All Days, Specific Days, Start Time

Add to My Manuals
Save this manual to your list of manuals

Page 85 highlights

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual To invoke rules based on a schedule, follow these steps: 1. Select Security > Schedule to display the Schedule 1 screen. 2. Check the radio button for All Days or Specific Days. If you chose Specific Days, check the radio button for each day you want the schedule to be in effect. 3. Check the radio button to schedule the time of day: All Day, or Specific Times. If you chose Specific Times, enter the Start Time and End Time fields (Hour, Minute, AM/PM), which will limit access during certain times for the selected days. 4. Click Apply to save your settings to Schedule 1. 5. Repeat these steps to set to a schedule for Schedule 2 and Schedule 3. Blocking Internet Sites (Content Filtering) To restrict internal LAN users from access to certain sites on the Internet, you can use the VPN firewall's Content Filtering and Web Components filtering. By default, these features are disabled; all requested traffic from any website is allowed. If you enable one or more of these features and users try to access a blocked site, they will see a "Blocked by NETGEAR" message. Several types of blocking are available: • Web Components blocking. You can filter the following Web Component types: Proxy, Java, ActiveX, and Cookies. For example, by enabling Java filtering, "Java" files will be blocked. Certain commonly used web components can be blocked for increased security. Some of these components are can be used by malicious Websites to infect computers that access them. - Proxy. A proxy server (or simply, proxy) allows computers to route connections to other computers through the proxy, thus circumventing certain firewall rules. For example, if connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective. Enabling this feature blocks proxy servers. - Java. Blocks java applets from being downloaded from pages that contain them. Java applets are small programs embedded in web pages that enable dynamic functionality of the page. A malicious applet can be used to compromise or infect computers. Enabling this setting blocks Java applets from being downloaded. - ActiveX. Similar to Java applets, ActiveX controls install on a Windows computer running Internet Explorer. A malicious ActiveX control can be used to compromise or infect computers. Enabling this setting blocks ActiveX applets from being downloaded. Firewall Protection and Content Filtering v1.0, January 2010 4-25

Section	Page
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual	1
Contents	7
About This Manual	15
Conventions, Formats, and Scope	15
How to Print This Manual	16
Revision History	16
Chapter 1 Introduction	19
Key Features	19
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	20
Advanced VPN Support for Both IPsec and SSL	20
A Powerful, True Firewall with Content Filtering	21
Autosensing Ethernet Connections with Auto Uplink	21
Extensive Protocol Support	22
Easy Installation and Management	22
Maintenance and Support	23
Package Contents	23
Front Panel Features	24
Rear Panel Features	25
Default IP Address, Login Name, and Password Location	26
Qualified Web Browsers	26
Chapter 2 Connecting the FVS336G to the Internet	27
Understanding the Connection Steps	27
Logging into the VPN Firewall	28
Navigating the Menus	30
Configuring the Internet Connections	30
Automatically Detecting and Connecting	31
Manually Configuring the Internet Connection	33
Configuring the WAN Mode (Required for Dual WAN)	37
Network Address Translation	38
Classical Routing	38
Configuring Auto-Rollover Mode	39
Configuring Load Balancing	40
Protocol binding	41
Configuring Dynamic DNS (Optional)	42
Configuring the Advanced WAN Options (Optional)	44
Additional WAN Related Configuration	46
Chapter 3 LAN Configuration	47
Choosing the VPN Firewall DHCP Options	47
Configuring the LAN Setup Options	48
Managing Groups and Hosts (LAN Groups)	52
Viewing the LAN Groups Database	53
Adding Devices to the LAN Groups Database	54
Changing Group Names in the LAN Groups Database	54
Configuring DHCP Address Reservation	55
Configuring Multi Home LAN IP Addresses	56
Configuring Static Routes	57
Configuring Routing Information Protocol (RIP)	59
Chapter 4 Firewall Protection and Content Filtering	61
About Firewall Protection and Content Filtering	61
Using Rules to Block or Allow Specific Kinds of Traffic	62
About Services-Based Rules	63
Outbound Rules (Service Blocking)	63
Inbound Rules (Port Forwarding)	65
Viewing the Rules	68
Order of Precedence for Rules	68
Setting the Default Outbound Policy	68
Creating a LAN WAN Outbound Services Rule	69
Creating a LAN WAN Inbound Services Rule	70
Modifying Rules	71
Inbound Rules Examples	71
LAN WAN Inbound Rule: Hosting a Local Public Web Server	71
LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses	72
LAN WAN Inbound Rule: Setting Up One-to-One NAT Mapping	73
LAN WAN Inbound Rule: Specifying an Exposed Host	74
Outbound Rules Example	74
LAN WAN Outbound Rule: Blocking Instant Messenger	74
Configuring Other Firewall Features	75
Attack Checks	75
Configuring Session Limits	77
Managing the Application Level Gateway for SIP Sessions	78
Creating Services, QoS Profiles, and Bandwidth Profiles	79
Adding Customized Services	79
Modifying a Service	81
Setting Quality of Service (QoS) Priorities	81
Creating Bandwidth Profiles	82
Setting a Schedule to Block or Allow Specific Traffic	84
Blocking Internet Sites (Content Filtering)	85
Configuring Source MAC Filtering	88
Configuring IP/MAC Address Binding	90
Configuring Port Triggering	91
E-Mail Notifications of Event Logs and Alerts	93
Administrator Tips	93
Chapter 5 Virtual Private Networking Using IPsec	95
Considerations for Dual WAN Port Systems	95
Using the VPN Wizard for Client and Gateway Configurations	97
Creating Gateway to Gateway VPN Tunnels with the Wizard	97
Creating a Client to Gateway VPN Tunnel	100
Use the VPN Wizard Configure the Gateway for a Client Tunnel	101
Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection	102
Testing the Connections and Viewing Status Information	106
NETGEAR VPN Client Status and Log Information	106
VPN Firewall VPN Connection Status and Logs	108
Managing VPN Policies	109
Configuring IKE Policies	110
The IKE Policies Screen	110
Configuring VPN Policies	112
The VPN Policies Screen	112
Configuring Extended Authentication (XAUTH)	113
Configuring XAUTH for VPN Clients	114
User Database Configuration	116
RADIUS Client Configuration	116
Assigning IP Addresses to Remote Users (ModeConfig)	118
Mode Config Operation	118
Configuring Mode Config Operation on the VPN Firewall	119
Configuring the Mode Config Screen	119
Configuring an IKE Policy for Mode Config Operation	121
Configuring the ProSafe VPN Client for ModeConfig	124
Testing the Mode Config Connection	125
Configuring Keepalives and Dead Peer Detection	126
Configuring Keepalives	126
Configuring Dead Peer Detection	127
Configuring NetBIOS Bridging with VPN	128
Chapter 6 Virtual Private Networking Using SSL	129
Understanding the Portal Options	129
Planning for SSL VPN	130
Creating the Portal Layout	131
Configuring Domains, Groups, and Users	135
Configuring Applications for Port Forwarding	135
Adding Servers	136
Adding A New Host Name	137
Configuring the SSL VPN Client	138
Configuring the Client IP Address Range	139
Adding Routes for VPN Tunnel Clients	140
Replacing and Deleting Client Routes	140
Using Network Resource Objects to Simplify Policies	141
Adding New Network Resources	141
Configuring User, Group, and Global Policies	143
Viewing SSL VPN Policies	144
Adding an SSL VPN Policy	145
Chapter 7 Managing Users, Authentication, and Certificates	149
Adding Authentication Domains, Groups, and Users	149
Creating a Domain	149
Creating a Group	153
Creating a New User Account	154
Setting User Login Policies	155
Changing Passwords and Other User Settings	157
Managing Certificates	159
Viewing and Loading CA Certificates	160
Viewing Active Self Certificates	161
Obtaining a Self Certificate from a Certificate Authority	162
Managing your Certificate Revocation List (CRL)	165
Chapter 8 VPN Firewall and Network Management	167
Performance Management	167
Bandwidth Capacity	167
Features That Reduce Traffic	168
Service Blocking	168
Blocking Sites	170
Source MAC Filtering	170
Features That Increase Traffic	171
Port Forwarding	171
Port Triggering	172
VPN Tunnels	173
Using QoS to Shift the Traffic Mix	173
Tools for Traffic Management	174
Changing Passwords and Administrator Settings	174
Enabling Remote Management Access	176
Using the Command Line Interface	178
Using an SNMP Manager	179
Managing the Configuration File	180
Backing Up Settings	181
Restoring Settings	182
Reverting to Factory Default Settings	182
Upgrading the Firmware	182
Configuring Date and Time Service	183
Chapter 9 Monitoring System Performance	185
Enabling the Traffic Meter	185
Activating Notification of Events and Alerts	188
Viewing the Logs	190
Viewing VPN Firewall Configuration and System Status	192
Monitoring VPN Firewall Statistics	193
Monitoring the Status of WAN Ports	194
Monitoring Attached Devices	195
Viewing the DHCP Log	196
Monitoring Active Users	197
Viewing Port Triggering Status	198
Monitoring VPN Tunnel Connection Status	199
Viewing the VPN Logs	200
Chapter 10 Troubleshooting	201
Basic Functions	201
Power LED Not On	202
LEDs Never Turn Off	202
LAN or WAN Port LEDs Not On	202
Troubleshooting the Web Configuration Interface	203
Troubleshooting the ISP Connection	204
Troubleshooting a TCP/IP Network Using a Ping Utility	205
Testing the LAN Path to Your VPN Firewall	205
Testing the Path from Your PC to a Remote Device	206
Restoring the Default Configuration and Password	207
Problems with Date and Time	207
Using the Diagnostics Utilities	208
Appendix A Default Settings and Technical Specifications	211
Appendix B Network Planning for Dual WAN Ports	215
What You Will Need to Do Before You Begin	215
Cabling and Computer Hardware Requirements	217
Computer Network Configuration Requirements	217
Internet Configuration Requirements	217
Where Do I Get the Internet Configuration Parameters?	218
Internet Connection Information Form	218
Overview of the Planning Process	219
Inbound Traffic	219
Virtual Private Networks (VPNs)	220
The Roll-over Case for Firewalls With Dual WAN Ports	220
The Load Balancing Case for Firewalls With Dual WAN Ports	221
Inbound Traffic	221
Inbound Traffic to Single WAN Port (Reference Case)	221
Inbound Traffic to Dual WAN Port Systems	222
Inbound Traffic: Dual WAN Ports for Improved Reliability	222
Inbound Traffic: Dual WAN Ports for Load Balancing	222
Virtual Private Networks (VPNs)	223
VPN Road Warrior (Client-to-Gateway)	225
VPN Road Warrior: Single Gateway WAN Port (Reference Case)	225
VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability	226
VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing	227
VPN Gateway-to-Gateway	227
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)	227
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability	228
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing	229
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	230
VPN Telecommuter: Single Gateway WAN Port (Reference Case)	230
VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability	231
VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing	232
Appendix C Two Factor Authentication	233
Why do I need Two-Factor Authentication?	233
What are the benefits of Two-Factor Authentication?	233
What is Two-Factor Authentication	234
NETGEAR Two-Factor Authentication Solutions	234
Appendix D Related Documents	237

Match case Limit results 1 per page

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual

Firewall Protection and Content Filtering

4-25

v1.0, January 2010

To invoke rules based on a schedule, follow these steps:

Select

Security

Schedule

to display the Schedule 1 screen.

Check the radio button for

All Days

Specific Days

. If you chose

Specific Days

, check the

radio button for each day you want the schedule to be in effect.

Check the radio button to schedule the time of day:

All Day

, or

Specific Times

. If you chose

Specific Times

, enter the

Start Time

and

End Time

fields (Hour, Minute, AM/PM), which

will limit access during certain times for the selected days.

Click

Apply

to save your settings to Schedule 1.

Repeat these steps to set to a schedule for Schedule 2 and Schedule 3.

Blocking Internet Sites (Content Filtering)

To restrict internal LAN users from access to certain sites on the Internet, you can use the VPN

firewall’s Content Filtering and Web Components filtering. By default, these features are disabled;

all requested traffic from any website is allowed. If you enable one or more of these features and

users try to access a blocked site, they will see a “Blocked by NETGEAR” message.

Several types of blocking are available:

•

Web Components blocking

. You can filter the following Web Component types: Proxy, Java,

ActiveX, and Cookies. For example, by enabling Java filtering, “Java” files will be blocked.

Certain commonly used web components can be blocked for increased security. Some of these

components are can be used by malicious Websites to infect computers that access them.

–

Proxy

. A proxy server (or simply, proxy) allows computers to route connections to other

computers through the proxy, thus circumventing certain firewall rules. For example, if

connections to a specific IP address are blocked by a firewall rule, the requests can be

routed through a proxy that is not blocked by the rule, rendering the restriction ineffective.

Enabling this feature blocks proxy servers.

–

Java

. Blocks java applets from being downloaded from pages that contain them. Java

applets are small programs embedded in web pages that enable dynamic functionality of

the page. A malicious applet can be used to compromise or infect computers. Enabling this

setting blocks Java applets from being downloaded.

–

ActiveX

. Similar to Java applets, ActiveX controls install on a Windows computer

running Internet Explorer. A malicious ActiveX control can be used to compromise or

infect computers. Enabling this setting blocks ActiveX applets from being downloaded.