To enable Firewall

When Firewall feature is enabled, all IP traffic on existing security interfaces that are NOT featured in the Firewall policy will be blocked. 

1    At the Security Interface Configuration page, click 'Enabled' at the 'Firewall' option and click 'Change State'. (You will see the 'Security' state reflects 'Enabled').

2    Select the 'Security Level' desired and click 'Change Level'.
3    To configure the NAT feature, at the Security Interfaces, click 'Advanced NAT Configuration...' . (see To configure NAT for details).
4    To configure Firewall Policy / Trigger Configuration:

[top]


To Configure Firewall Policy Configuration

A policy is the collective term for the rules that apply to incoming and outgoing traffic between two interface types. By default, the policy is already defined.

If you disable the Firewall during a session, any configuration changes made when the Firewall was enabled will still remain in the Firewall. You can re-enable them later in the session. If you need to reboot your Router but want to save the Firewall configuration between sessions, use the Save config option.

1    To add/remove Port filters to/from the policy, at the Policies, Triggers and Intrusion Detection section, click 'Firewall Policy Configuration...' .

Interface Type 1/2
dmz

Interface that connects to the de-militarized zone (DMZ).

internal Interface that connects to the internal network.
external Interface that connects to the external network.

2    Click 'Port Filters...' that corresponds to the dmz-internal interface. The following shows the list of Port filters defined at default.

NOTE!  Whatever Port Filters and Host Validators that you have made to one of the interface type have also to be made to the other two interfaces.


3    To add TCP/UDP/Raw Port Filter:

a)  To add TCP/UDP Port Filter:

- Enter the required information.
- Click 'Apply'.

(The following example uses TCP Port Filter as an example)

Transport type TCP: for TCP Port Filter
UDP: for UDP Port Filter
Port Range Start The start of the port range for a TCP or UDP protocol.
Port Range End The end of the port range for a TCP or UDP protocol.
Inbound Allow: Incoming traffic for the specified port range is allowed.
Block: Incoming traffic for the specified port range is not allowed.
Outbound Allow: Outgoing traffic for the specified port range is allowed.
Block: Outgoing traffic for the specified port range is not allowed.

b)  To add Raw Port Filter:

- Enter the required information.
- Click 'Apply'.

Transport type Transport type used by the protocol (e.g., 6 for SMTP)
Inbound Allow: Incoming traffic for the specified port range is allowed.
Block: Incoming traffic for the specified port range is not allowed.
Outbound Allow: Outgoing traffic for the specified port range is allowed.
Block: Outgoing traffic for the specified port range is not allowed.

4    To delete TCP/UDP/Raw Port Filter, click the 'Delete' button corresponding to the filter you want to remove. The Port filter will be removed immediately.
5    Apply all changes that you have made to 'dmz-internal' interface to both 'external-dmz' and 'external-internal' interfaces.
6    To save the changes permanently, click Save Config (Configuration option). Changes that are not saved will be lost the next time you power off or restart your Router.

[top]


To Configure Trigger Configuration

A trigger allows an application to open a secondary port in order to transport packets. The trigger opens a secondary port dynamically, and allows you to specify the length of time that it can remain inactive before it is closed. By default, a list of triggers has been defined.

This page allows you to add trigger to the Security module. 

1    At the Policies, Triggers and Intrusion Detection section, click 'Firewall Trigger Configuration...' .
2    The following show the list of triggers that has been defined by default.

Transport type tcp
Select this option to add a trigger for a TCP application.
udp

Select this option to add a trigger for a UDP application
Port number start Select the start of the trigger port range.
Port number end Select the end of the trigger port range.
Allow Multiple Hosts Select this option to determine whether a secondary session can be initiated to/from different remote hosts or the same remote host on an existing trigger.
true
: A secondary session can be initiated to/from different remote hosts.
false: A secondary session can only be initiated to/from the same remote host.
Max. Activity Interval Set the maximum interval time (in milliseconds) between the use of secondary port sessions. If a secondary port opened by a trigger has not been used for the specified time, it will be closed.
By default, the time is 3000msecs.
Enable Session Chaining Select this option to determine whether a triggering protocol can be chained. If session chaining is enabled, TCP dynamic sessions also become triggering sessions, which allows multi-level session triggering.
true: Enables TCP sessionchaining on an existing trigger.
false: Disables all session chaining (TCP and UDP) on an existing trigger.
Enable UDP Session Chaining You must allow the Enable Session Chaining before you can use this feature.

If UDP session chaining is enabled, both UDP and TCP dynamic sessions also become triggering sessions, which allows multi-level session triggering.
true: Enables UDP sessionchaining on an existing trigger.
false: Disables UDP session chaining on an existing trigger.

Binary Address Replacement Select this option to enable/disable binary address replacement on an existing trigger.
true: Enables the use of binary address replacement on an existing trigger.
false: Disables the use of binary address replacement on an existing trigger.
Address Translation Type This option allows you to specify the type of address replacement is set on an trigger. Incoming packets are searched in order to find their embedded IP address. The address is then replaced by the correct inside host IP address, and NAT translates the packets to the correct destination. You can specify whether you want to carry out address replacement on TCP packets, on UDP packets or on both TCP and UDP packets.

3    To add a new trigger, click 'New Trigger'.

4    Enter or select the required entries and click 'Apply'.
5
 
   To delete an existing trigger, click 'Delete' button corresponding to the trigger that you want to delete. The trigger will be removed immediately.
6    To save the changes permanently, click Save Config (Configuration option). Changes that are not saved will be lost the next time you power off or restart your Router.

[top]