Home > Netgear > Router > Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual. The Netgear manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 211

    Page 211 Customize Firewall Protection 210 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Overview of Rules to Block or Allow Specific Kinds of Traffic The following sections provide overviews of rules to block and allow specific kinds of traffic: •Firewall Rules •Outbound Rules — Service Blocking •Settings for Outbound Rules •Inbound Rules — Port Forwarding •Settings for Inbound Rules Firewall Rules The following sections provide information about firewall rule concepts: •Firewall Rules Overview... 
    Customize Firewall Protection 
210 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
Overview of Rules to Block or Allow Specific Kinds of 
Traffic
The following sections provide overviews of rules to block and allow specific kinds of traffic:
•Firewall Rules
•Outbound Rules — Service Blocking
•Settings for Outbound Rules
•Inbound Rules — Port Forwarding
•Settings for Inbound Rules
Firewall Rules
The following sections provide information about firewall rule concepts:
•Firewall Rules Overview...

    Page 212

    Page 212 Customize Firewall Protection 211 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Default DMZ WAN Rules For DMZ WAN traffic, the default policy is to block all traffic from and to the Internet. You can change the default policy by adding DMZ WAN firewall rules that allow specific types of traffic to go out from the DMZ to the Internet (outbound) or to come in from the Internet to the DMZ (inbound). Alternately, for outbound traffic, you can allow all outbound traffic and then block only... 
    Customize Firewall Protection 
211  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
Default DMZ WAN Rules
For DMZ WAN traffic, the default policy is to block all traffic from and to the Internet. 
You can change the default policy by adding DMZ WAN firewall rules that allow specific types 
of traffic to go out from the DMZ to the Internet (outbound) or to come in from the Internet to 
the DMZ (inbound). Alternately, for outbound traffic, you can allow all outbound traffic and 
then block only...

    Page 213

    Page 213 Customize Firewall Protection 212 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Profiles for IPv4 Firewall Rules on page 293 and Default Quality of Service Priorities for IPv6 Firewall Rules on page 298). •Bandwidth profiles. After you configure a bandwidth profile (see Manage Bandwidth Profiles for IPv4 Traffic on page 299), you can assign it to a rule. Order of Precedence When you define a new rule, the rule is added to the VPN firewall’s configuration and displayed in a table. For any... 
    Customize Firewall Protection 
212 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
Profiles for IPv4 Firewall Rules on page 293 and Default Quality of Service Priorities for 
IPv6 Firewall Rules on page 298).
•Bandwidth profiles. After you configure a bandwidth profile (see Manage Bandwidth 
Profiles for IPv4 Traffic on page 299), you can assign it to a rule. 
Order of Precedence
When you define a new rule, the rule is added to the VPN firewall’s configuration and 
displayed in a table. For any...

    Page 214

    Page 214 Customize Firewall Protection 213 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Table 5. Outbound rules overview SettingDescriptionOutbound Rules Service The service or application to be covered by this rule. If the service or application does not display in the list, you must define it (see Manage Customized Services on page 280). All rules Action The action for outgoing connections covered by this rule. The options are as follows: • BLOCK always • BLOCK by schedule, otherwise allow •... 
    Customize Firewall Protection 
213  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
Table 5.  Outbound rules overview 
SettingDescriptionOutbound Rules
Service The service or application to be covered by this rule. If the service 
or application does not display in the list, you must define it (see 
Manage Customized Services on page
 280). All rules
Action The action for outgoing connections covered by this rule. The 
options are as follows: 
• BLOCK always
• BLOCK by schedule, otherwise allow
•...

    Page 215

    Page 215 Customize Firewall Protection 214 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 WAN Users The settings that determine which Internet locations are covered by the rule, based on their IP address. The options are as follows: • Any. All Internet IP addresses are covered by this rule. • Single address. Enter the required address in the Start field. • Address range. Enter the required addresses the Start and Finish fields. • IP Group. Select the IP group to which the rule applies. For... 
    Customize Firewall Protection 
214 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
WAN Users The settings that determine which Internet locations are covered 
by the rule, based on their IP address. The options are as follows: 
• Any. All  Internet  IP  addresses  are  covered  by  this  rule. 
• Single address. Enter the required address in the Start field. 
• Address range. Enter the required addresses the Start and 
Finish fields.
• IP Group. Select the IP group to which the rule applies. For...

    Page 216

    Page 216 Customize Firewall Protection 215 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Inbound Rules — Port Forwarding The VPN firewall has a default inbound LAN WAN rule, which blocks all access from outside except responses to requests from the LAN side. If you have enabled Network Address Translation (NAT), your network presents one IP address only to the Internet, and outside users cannot directly access any of your local computers (LAN users). For information about configuring NAT, see... 
    Customize Firewall Protection 
215  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
Inbound Rules — Port Forwarding 
The VPN firewall has a default inbound LAN WAN rule, which blocks all access from outside 
except responses to requests from the LAN side. 
If you have enabled Network Address Translation (NAT), your network presents one IP 
address only to the Internet, and outside users cannot directly access any of your local 
computers (LAN users). For information about configuring NAT, see...

    Page 217

    Page 217 Customize Firewall Protection 216 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The rule informs the firewall to direct inbound traffic for a particular service to one local server based on the destination port number. This process is known as port forwarding. WARNING: Allowing inbound services opens security holes in your network. Enable only those ports that are necessary for your network. The VPN firewall always blocks denial of service (DoS) attacks. A DoS attack does not attempt to... 
    Customize Firewall Protection 
216 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
The rule informs the firewall to direct inbound traffic for a particular service to one local server 
based on the destination port number. This process is known as port forwarding.
WARNING:
Allowing inbound services opens security holes in your network. 
Enable only those ports that are necessary for your network.
The VPN firewall always blocks denial of service (DoS) attacks. A DoS attack does not 
attempt to...

    Page 218

    Page 218 Customize Firewall Protection 217 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Settings for Inbound Rules The following table describes the components that let you configure rules for inbound traffic. For information about the actual procedures to configure inbound rules, see the following sections: •Add LAN WAN Inbound Service Rules on page 228 •Add DMZ WAN Inbound Service Rules on page 237 •Add LAN DMZ Inbound Service Rules on page 246 Table 6. Inbound rules overview... 
    Customize Firewall Protection 
217  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
Settings for Inbound Rules
The following table describes the components that let you configure rules for inbound traffic. 
For information about the actual procedures to configure inbound rules, see the following 
sections:
•Add LAN WAN Inbound Service Rules on page
 228
•Add DMZ WAN Inbound Service Rules on page
 237
•Add LAN DMZ Inbound Service Rules on page 246
Table 6.  Inbound rules overview...

    Page 219

    Page 219 Customize Firewall Protection 218 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 WAN Destination IP AddressThe setting that determines the destination IP address applicable to incoming traffic. This is the public IP address that maps to the internal LAN server. This can be either the address of the WAN interface or another public IP address. You can also enter an address range. Enter the required addresses in the Start and Finish fields to apply the rule to a range of devices.IPv4 LAN... 
    Customize Firewall Protection 
218 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
WAN Destination IP 
AddressThe setting that determines the destination IP address applicable 
to incoming traffic. This is the public IP address that maps to the 
internal LAN server.
This can be either the address of the WAN interface or another 
public IP address.
You can also enter an address range. Enter the required 
addresses in the Start and Finish fields to apply the rule to a 
range of devices.IPv4 LAN...

    Page 220

    Page 220 Customize Firewall Protection 219 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 DMZ Users The settings that determine which DMZ computers on the DMZ network are covered by this rule. The options are as follows: • Any. All computers and devices on your DMZ network are covered by this rule. • Single address. Enter the required address in the Start field to apply the rule to a single computer on the DMZ network. • Address range. Enter the required addresses in the Start and Finish... 
    Customize Firewall Protection 
219  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
DMZ Users The settings that determine which DMZ computers on the DMZ 
network are covered by this rule. The options are as follows:
• Any. All  computers  and  devices  on  your  DMZ  network  are 
covered by this rule. 
• Single address. Enter the required address in the Start field 
to apply the rule to a single computer on the DMZ network. 
• Address range. Enter the required addresses in the Start 
and Finish...
    Start reading Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

    Related Manuals for Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

    All Netgear manuals