Security close
Edit LAN DMZ Service
Outbound Service
This page is used for modifying the previously configured firewall rule for traffic going from the LAN to the DMZ network. The following fields of an outbound rule can be changed:
Service Name: A unique name assigned to the service. The name usually indicates This is a unique name assigned to the service. The name usually indicates the type of traffic the rule covers such as telnet, ftp, ssh, ping, etc. Services not already in the list can be added on the Services page under the Security menu.
Filter: Defines an action to be taken on the enabled rule. It can be:
v Block Always: Block selected service at all times.
v Enable Always: Allow selected service to pass through at all times.
v Block by schedule, otherwise allow: Works in conjunction with a schedule defined in the Schedule 1/2/3 pages. Selected service will be blocked during the scheduled interval and will be allowed to pass through at other times.
v Allow by schedule, otherwise block: Works in conjunction with a schedule defined in the Schedule 1/2/3 pages. Selected service will be allowed to pass through during the scheduled interval and will be blocked at other times.
LAN Users: Specifies whether one or more IP Addresses on the LAN will be affected by the rule. This rule will affect packets for the selected service from the defined IP address or range of IP addresses on the LAN side.
v Any: All computers on the LAN will be affected by the rule.
v Single Address: A single LAN IP address will be affected by the rule.
v Address Range: A range of LAN IP addresses will be affected by the rule.
v Group: Computers that are part of the Group defined in the Network Database will be affected by the rule (groups are defined under the Network Configuration menu, LAN Groups page on the Edit Group Names link).
DMZ Users: Specifies whether one or more computers on the DMZ network will be affected by the rule. This rule will affect packets that are transferred for the selected service to the IP address or range of IP addresses on the DMZ network.
v Any: All IP addresses on the DMZ will be affected by the rule.
v Single Address: A single DMZ IP address will be affected by the rule.
v Address Range: A range of IP addresses on the DMZ network will be affected by the rule.
Priority: The priority assigned to IP packets of this service. The priorities are defined by “Type of Service (TOS) in the Internet Protocol Suite” standards, RFC 1349. The router marks the Type Of Service (TOS) field as defined below:
v Normal-Service: No special priority given to the traffic. The IP packets for services with this priority are marked with a TOS value of 0x00.
v Minimize-Cost: Used when data must be transferred over a link that has a lower "cost". The IP packets for services with this priority are marked with a TOS value of 0x02.
v Maximize-Reliability: Used when data needs to travel to the destination over a reliable link and with little or no retransmission. The IP packets for services with this priority are marked with a TOS value of 0x04.
v Maximize-Throughput: Used when the volume of data transferred during an interval is important even if the latency over the link is high. The IP packets for services with this priority are marked with a TOS value of 0x08.
v Minimize-Delay: Used when the time required (latency) for the packet to reach the destination must be low. The IP packets for services with this priority are marked with a TOS value of 0x10.
Log: Specifies whether the packets for this rule should be logged or not. To log details for all packets that match this rule, select Always. Select Never to disable logging.
For example, if an outbound rule for a schedule is selected as Block Always, then for every packet that tries to make an outbound connection for that service, a message with the packet’s source address and destination address (and other information) will be recorded in the log. Enabling logging may generate a significant volume of log messages and is recommended for debugging purposes only.
Click Apply to save the settings.
Click Reset to revert to the previous settings.
Edit LAN DMZ Service
Inbound Service
This page is used for modifying the previously configured firewall rule for traffic coming from the LAN to the DMZ network. The following fields of an inbound rule can be changed:
Service Name: This is a unique name assigned to the service. The name usually indicates the type of traffic the rule covers such as telnet, ftp, ssh, ping, etc. Services not already in the list can be are added on the Services page under the Security menu.
Filter: Defines an action to be taken on the enabled rule. It can be:
v Block Always: Block selected service at all times.
v Enable Always: Allow selected service to pass through at all times.
v Block by schedule, otherwise allow: Works in conjunction with a schedule defined in the Schedule 1/2/3 pages. Selected service will be blocked during the scheduled interval and will be allowed to pass through at other times.
v Allow by schedule, otherwise block: Works in conjunction with a schedule defined in the Schedule 1/2/3 pages. Selected service will be allowed to pass through during the scheduled interval and will be blocked at other times.
LAN Users: Specifies whether one of more IP addresses on the LAN will be affected by the rule. The rule will affect packets for the selected service and from the defined IP address or range of IP addresses on the LAN side.
v Any: All computers on the LAN will be affected by the rule.
v Single Address: A single LAN IP address will be affected by the rule.
v Address Range: A range of LAN IP addresses will be affected by the rule.
v Group: Computers that are part of the Group defined in the Network Database will be affected by the rule (groups are defined under the Network Configuration menu, LAN Groups page on the Edit Group Names link).
DMZ Users: Specifies whether one or more IP addresses on the DMZ network will be affected by the rule. This rule will affect packets for the selected service to the defined IP address or range of IP addresses on the DMZ network.
v Any: All IP addresses on the DMZ network will be affected by the rule.
v Single Address: A single DMZ IP address will be affected by the rule.
v Address Range: A range of IP addresses will be affected by the rule.
Priority: The priority assigned to IP packets of this service. The priorities are defined by “Type of Service (TOS) in the Internet Protocol Suite” standards, RFC 1349. The router marks the Type Of Service (TOS) field as defined below:
v Normal-Service: No special priority given to the traffic. The IP packets for services with this priority are marked with a TOS value of 0x00.
v Minimize-Cost: Used when data must be transferred over a link that has a lower "cost". The IP packets for services with this priority are marked with a TOS value of 0x02.
v Maximize-Reliability: Used when data needs to travel to the destination over a reliable link and with little or no retransmission. The IP packets for services with this priority are marked with a TOS value of 0x04.
v Maximize-Throughput: Used when the volume of data transferred during an interval is important even if the latency over the link is high. The IP packets for services with this priority are marked with a TOS value of 0x08.
v Minimize-Delay: Used when the time required (latency) for the packet to reach the destination must be low. The IP packets for services with this priority are marked with a TOS value of 0x10.
Log: Specifies whether the packets for this rule should be logged or not. To log details for all packets that match this rule, select Always. Select Never to disable logging.
For example, if an outbound rule for a schedule is selected as Block Always, then for every packet that tries to make an outbound connection for that service, a message with the packet’s source address and destination address (and other information) will be recorded in the log. Enabling logging may generate a significant volume of log messages and is recommended for debugging purposes only.
Click Apply to save the settings.
Click Reset to revert to the previous settings.
 

2010 © Copyright NETGEAR®

close