Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Customize Firewall Protection 300 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Add and Enable a Bandwidth Profile The following procedure describes how to add and enable a bandwidth profile that you then can use as an object for a firewall rule. Note:When you enable a bandwidth profile, the performance of the VPN firewall might be affected slightly. To add and enable a bandwidth profile: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Bandwidth Profiles. The Bandwidth Profiles screen displays. The following figure shows some examples.
Customize Firewall Protection 301 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. Under the List of Bandwidth Profiles table, click the Add button. The Add Bandwidth Profile screen displays. 8. Enter the settings as described in the following table. SettingDescription Profile Name A descriptive name of the bandwidth profile for identification and management purposes. Direction From the Direction menu, select the traffic direction for the bandwidth profile: • Inbound Traffic. The bandwidth profile applies only to inbound traffic. Specify the inbound minimum and maximum bandwidths. • Outbound Traffic. The bandwidth profile applies only to outbound traffic. Specify the outbound minimum and maximum bandwidths. • Both. The bandwidth profile applies to both outbound and inbound traffic. Specify both the outbound and inbound minimum and maximum bandwidths. Inbound Minimum BandwidthThe inbound minimum allocated bandwidth in Kbps. The VPN firewall does not provide a default setting.
Customize Firewall Protection 302 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Click the Apply button. Your settings are saved. The new bandwidth profile is added to the List of Bandwidth Profiles table. 10. In the Bandwidth Profiles section, select the Ye s radio button under Enable Bandwidth Profiles? By default, the No radio button is selected. 11. Click the Apply button. Your settings are saved. Change a Bandwidth Profile The following procedure describes how to change an existing bandwidth profile. To change a bandwidth profile: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. Inbound Maximum BandwidthThe inbound maximum allowed bandwidth in Kbps. The maximum allowable bandwidth is 100,000 Kbps and you cannot configure less than 100 Kbps. The VPN firewall does not provide a default setting. Outbound Minimum BandwidthThe outbound minimum allocated bandwidth in Kbps. The VPN firewall does not provide a default setting. Outbound Maximum BandwidthThe outbound maximum allowed bandwidth in Kbps. The maximum allowable bandwidth is 100,000 Kbps and you cannot configure less than 100 Kbps. The VPN firewall does not provide a default setting. Type From the Type menu, select the type for the bandwidth profile: • Group. The profile applies to all users, that is, all users share the available bandwidth. • Individual. The profile applies to an individual user, that is, each user can use the available bandwidth. In the Maximum Number of Instances field, specify the maximum number of class instances. Maximum Number of InstancesIf you select Individual from the Type menu, you must specify the maximum number of class instances that can be created by the individual bandwidth profile. Note:If the number of users exceeds the configured number of instances, the same bandwidth is shared among all the users of that bandwidth profile. SettingDescription
Customize Firewall Protection 303 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Bandwidth Profiles. The Bandwidth Profiles screen displays. 7. In the List of Bandwidth Profiles table, click the Edit button for the bandwidth profile that you want to change. The Edit Bandwidth Profile screen displays. 8. Change the settings. For information about the settings, see Add and Enable a Bandwidth Profile on page 300. 9. Click the Apply button. Your settings are saved. The modified bandwidth profile displays in the List of Bandwidth Profiles table on the Bandwidth Profiles screen. Remove One or More Bandwidth Profiles The following procedure describes how to remove one or more bandwidth profiles that you no longer need as objects for firewall rules. To remove one or more bandwidth profiles: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain.
Customize Firewall Protection 304 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 5. Click the Login button. The Router Status screen displays. 6. Select Security > Bandwidth Profiles. The Bandwidth Profiles screen displays. 7. In the List of Bandwidth Profiles table, select the check box to the left of each bandwidth profile that you want to remove or click the Select All button to select all profiles. 8. Click the Delete button. The selected bandwidth profiles are removed from the List of Bandwidth Profiles table.
305 7 7. Protect Your Network This chapter describes how to protect your network through features other than the firewall. The chapter contains the following sections: •Manage Content Filtering •Enable Source MAC Filtering •Manage IP/MAC Bindings •Manage Port Triggering •Enable Universal Plug and Play
Protect Your Network 306 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Manage Content Filtering To restrict internal LAN users from access to certain sites on the Internet, you can use the content filtering and web component blocking features of the VPN firewall. The following sections provide information about how to manage content filtering: •Content Filtering Overview •Enable Content Filtering and Select Web Components •Manage Keywords and Domain Names That Must Be Blocked •Manage Domain Names That You Trust •Manage Keyword Blocking for LAN Groups Content Filtering Overview By default, content filtering and web component blocking are disabled; all requested traffic from any website is allowed. If you enable one or more of these features and users try to access a blocked site, they see a “Blocked by NETGEAR” message. Note:Content filtering is supported for IPv4 users and groups only. The VPN firewall provides several types of blocking: •Web component blocking. Even trusted sites are subject to web component blocking when the blocking of a particular web component is enabled. You can block the following web component types: -Proxy. A proxy server (or simply, proxy) allows computers to route connections to other computers through the proxy, thus circumventing certain firewall rules. For example, if connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective. Enabling this feature blocks proxy servers. -Java. Blocks Java applets from being downloaded from pages that contain them. Java applets are small programs embedded in web pages that enable dynamic functionality of the page. A malicious applet can be used to compromise or infect computers. Enabling this feature blocks Java applets from being downloaded. -ActiveX. Similar to Java applets, ActiveX controls are installed on a Windows computer running Internet Explorer. A malicious ActiveX control can be used to compromise or infect computers. Enabling this feature blocks ActiveX applets from being downloaded. -Cookies. Cookies are used to store session information by websites that usually require login. However, several websites use cookies to store tracking information and browsing habits. Enabling this feature blocks cookies from being created by a website.
Protect Your Network 307 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Note:Many websites require that cookies be accepted for the site to be accessed correctly. Blocking cookies might interfere with useful functions provided by these websites. •Keyword blocking (domain name blocking). You can specify up to 32 words to block. If any of these words appear in the website name (URL) or in a newsgroup name, the website or newsgroup is blocked by the VPN firewall. You can apply keyword blocking to one or more LAN groups. Requests from computers in groups for which keyword blocking is enabled are blocked. Blocking does not occur for computers in groups for which keyword blocking is disabled. If you bypass keyword blocking for trusted domains, computers in groups for which keyword blocking is enabled can access trusted domains even if the domain includes a blocked keyword. Keyword application examples: -If the keyword “xxx” is specified, the URL http://www.companycom/xxx.html is blocked, as is the newsgroup alt.pictures.xxx. -If the keyword “.com” is specified, only websites with other domain suffixes (such as .edu, .org, or .gov) can be viewed. -If you wish to block all Internet browsing access, enter . (period) as the keyword. Enable Content Filtering and Select Web Components The following procedure describes how to enable content filtering and select web components that must be blocked, such as proxy servers, Java applets, ActiveX applets, and cookies. To enable content filtering and select web components that must be blocked: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain.
Protect Your Network 308 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Content Filtering. The Block Sites screen displays. The following figure shows some examples. 7. In the Content Filtering section, select the Ye s radio button.
Protect Your Network 309 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. In the Web Components section, select the check boxes for the components that you want to block: •Proxy. Blocks proxy servers. •Java. Blocks Java applets from being downloaded. •ActiveX. Blocks ActiveX applets from being downloaded. •Cookies. Blocks cookies from being created by a website. By default, none of these components are blocked, that is, none of these check boxes are selected. For more information about these components, see Content Filtering Overview on page 306. 9. Click the Apply button. Your settings are saved. Content filtering and blocking of the selected web components is enabled. The screen controls are activated. Manage Keywords and Domain Names That Must Be Blocked You cannot manage keywords and domain names for blocking if content filtering is not enabled. Make sure that content filtering is enabled (see Enable Content Filtering and Select Web Components on page 307). To manage keywords and domain names that must be blocked: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select Security > Content Filtering. The Blocked Sites screen displays.