Security |
 |
|
Add LAN DMZ Service |
Outbound Service |
This page is used for setting up a firewall rule for traffic going from the LAN
to the DMZ network. Outbound traffic for a service can be configured to be
blocked or allowed at all times, as per a schedule (defined on the
Schedule page under the
Security
menu).
To add an outbound rule, input the following fields: |
Service Name: A unique name assigned to the
service. The name usually indicates the type of traffic the rule covers such as
telnet, ftp, ssh, ping, etc. Services not already in the list can be added on
the
Services page under Security menu. |
Filter: Defines an action to be taken on the
enabled rule. It can be: |
v |
Block Always: Block selected service at all times. |
v |
Enable Always: Allow selected service to pass
through at all times. |
v |
Block by schedule, otherwise allow: Works in
conjunction with a schedule defined in the
Schedule 1/2/3 pages. Selected
service will be blocked during the scheduled interval and will be allowed to
pass through at other times. |
v |
Allow by schedule, otherwise block: Works in
conjunction with a schedule defined in the
Schedule 1/2/3 pages. Selected
service will be allowed to pass through during the scheduled interval and will
be blocked at other times. |
|
LAN Users: Specifies whether one or more IP
Addresses on the LAN will be affected by the rule. This rule will affect packets
for the selected service from the defined IP address or range of IP addresses on
the LAN side. |
v |
Any: All computers on the LAN will be affected by
the rule. |
v |
Single Address: A single LAN IP address will be
affected by the rule. |
v |
Address Range: A range of LAN IP addresses will be
affected by the rule. |
v |
Group: Computers that are part of the Group defined
in the Network Database will be affected by the rule (groups are defined
on the LAN Groups page under the
Network Configuration menu on the
Edit Group Names link). |
|
DMZ Users: Specifies whether one or more computers
on the DMZ network will be affected by the rule. This rule will affect packets
that are transferred for the selected service to the IP address or range of IP
addresses on the DMZ network. |
v |
Any: All IP addresses on the DMZ will be affected
by the rule. |
v |
Single Address: A single DMZ IP address will be
affected by the rule. |
v |
Address Range: A range of IP addresses on the DMZ
network will be affected by the rule. |
|
Priority: The priority assigned to IP packets of
this service. The priorities are defined by "Type of Service (TOS) in the
Internet Protocol Suite" standards, RFC 1349. The router marks the Type Of
Service (TOS) field as defined below: |
v |
Normal-Service: No special priority given to the
traffic. The IP packets for services with this priority are marked with a TOS
value of 0x00. |
v |
Minimize-Cost: Used when data must be transferred
over a link that has a lower "cost". The IP packets for services with this
priority are marked with a TOS value of 0x02.
|
v |
Maximize-Reliability: Used when data needs to
travel to the destination over a reliable link and with little or no
retransmission. The IP packets for services with this priority are marked with a
TOS value of 0x04.
|
v |
Maximize-Throughput: Used when the volume of data
transferred during an interval is important even if the latency over the link is
high. The IP packets for services with this priority are marked with a TOS value
of 0x08. |
v |
Minimize-Delay: Used when the time required
(latency) for the packet to reach the destination must be low. The IP packets
for services with this priority are marked with a TOS value of 0x10. |
|
Log: Specifies whether the packets for this rule
should be logged or not. To log details for all packets that match this rule,
select
Always. Select
Never to disable logging.
For example, if an outbound rule for a schedule is selected as
Block Always, then for every packet that tries to
make an outbound connection for that service, a message with the packet’s source
address and destination address (and other information) will be recorded in the
log. Enabling logging may generate a significant volume of log messages and is
recommended for debugging purposes only. |
Click
Apply to save the settings. |
Click
Reset to revert to the previous settings. |
Add LAN DMZ Service |
Inbound Service |
This page is used for setting up a firewall rule for traffic coming from the LAN
to the DMZ network. Inbound traffic for a service can be configured to be
blocked or allowed, by default, as per a schedule (defined in the
Security menu,
Schedule page.
To add an inbound rule, input the following fields: |
Service
Name: A unique name assigned to the service. The
name usually indicates the type of traffic the rule covers such as ftp, ssh,
telnet, ping, etc. Services not already in the list can be are added on the
Services page,
Security menu. |
Filter: Defines an action to be taken on the
enabled rule. It can be: |
v |
Block
Always: Block selected service at all times. |
v |
Enable
Always: Allow selected service to pass through at
all times. |
v |
Block by schedule, otherwise allow: Works in
conjunction with a schedule defined in the
Schedule 1/2/3 pages. Selected service will be
blocked during the scheduled interval and will be allowed to pass through at
other times. |
v |
Allow by schedule, otherwise block: Works in
conjunction with a schedule defined in the
Schedule 1/2/3 pages. Selected service will be
allowed to pass through during the scheduled interval and will be blocked at
other times. |
|
LAN Users: Specifies whether one of more IP
addresses on the LAN will be affected by the rule. The rule will affect packets
for the selected service and from the defined IP address or range of IP
addresses on the LAN side. |
v |
Any: All computers on the LAN will be affected by
the rule. |
v |
Single Address: A single LAN IP address will be
affected by the rule. |
v |
Address
Range: A range of LAN IP addresses will be affected
by the rule. |
v |
Group: Computers that are part of the Group defined
in the Network Database will be affected by the rule (groups are defined under
the
Network Configuration menu,
LAN Groups page on the
Edit Group Names link). |
|
DMZ
Users: Specifies whether one or more IP addresses
on the DMZ network will be affected by the rule. This rule will affect packets
for the selected service to the defined IP address or range of IP addresses on
the DMZ network. |
v |
Any: All IP addresses on the DMZ network will be
affected by the rule. |
v |
Single
Address: A single DMZ IP address will be affected
by the rule. |
v |
Address
Range: A range of IP addresses will be affected by
the rule. |
|
Priority: The priority assigned to IP packets of
this service. The priorities are defined by "Type of Service (TOS) in the
Internet Protocol Suite" standards, RFC 1349. The router marks the Type Of
Service (TOS) field as defined below: |
v |
Normal-Service: No special priority given to the
traffic. The IP packets for services with this priority are marked with a TOS
value of 0x00. |
v |
Minimize-Cost: Used when data must be transferred
over a link that has a lower "cost". The IP packets for services with this
priority are marked with a TOS value of 0x02.
|
v |
Maximize-Reliability: Used when data needs to
travel to the destination over a reliable link and with little or no
retransmission. The IP packets for services with this priority are marked with a
TOS value of 0x04.
|
v |
Maximize-Throughput: Used when the volume of data
transferred during an interval is important even if the latency over the link is
high. The IP packets for services with this priority are marked with a TOS value
of 0x08. |
v |
Minimize-Delay: Used when the time required
(latency) for the packet to reach the destination must be low. The IP packets
for services with this priority are marked with a TOS value of 0x10. |
|
Log: Specifies whether the packets for this rule
should be logged or not. To log details for all packets that match this rule,
select
Always. Select
Never to disable logging.
For example, if an outbound rule for a schedule is selected as
Block Always, then for every packet that tries to
make an outbound connection for that service, a message with the packet’s source
address and destination address (and other information) will be recorded in the
log. Enabling logging may generate a significant volume of log messages and is
recommended for debugging purposes only. |
Click
Apply to save the settings. |
Click
Reset to revert to the previous settings. |
|