Table 56 Security > Firewall > Services - ZyXEL Communications ZyXEL NBG334W User Manual

The following table describes the labels in this screen.
Table 56 Security > Firewall > Services
LABEL
ICMP
Respond to Ping
on
Do not respond to
requests for
unauthorized
services
Service Setup
Enable Services
Blocking
Available Services This is a list of pre-defined services (ports) you may prohibit your LAN computers
Blocked Services
Custom Port
Type
Port Number
Add
Delete
Clear All
Schedule to Block
Day to Block:
Time of Day to
Block (24-Hour
Format)
NBG334W User's Guide
DESCRIPTION
Internet Control Message Protocol is a message control and error-reporting
protocol between a host server and a gateway to the Internet. ICMP uses Internet
Protocol (IP) datagrams, but the messages are processed by the TCP/IP software
and directly apparent to the application user.
The NBG334W will not respond to any incoming Ping requests when Disable is
selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply
to incoming WAN Ping requests. Select Guest WLAN to reply to incoming Guest
WLAN Ping requests. Otherwise select LAN & WAN & Guest WLAN to reply to all
incoming LAN, WAN and Guest WLAN Ping requests.
Select this option to prevent hackers from finding the NBG334W by probing for
unused ports. If you select this option, the NBG334W will not respond to port
request(s) for unused ports, thus leaving the unused ports and the NBG334W
unseen. By default this option is not selected and the NBG334W will reply with an
ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a
TCP Reset packet for a port probe on its unused TCP ports.
Note that the probing packets must first traverse the NBG334W's firewall
mechanism before reaching this anti-probing mechanism. Therefore if the firewall
mechanism blocks a probing packet, the NBG334W reacts based on the firewall
policy, which by default, is to send a TCP reset packet for a blocked TCP packet.
You can use the command "sys firewall tcprst rst [on|off]" to change this policy.
When the firewall mechanism blocks a UDP packet, it drops the packet without
sending a response packet.
Select this check box to enable this feature.
from using. Select the port you want to block using the drop-down list and click
Add to add the port to the Blocked Services field.
This is a list of services (ports) that will be inaccessible to computers on your LAN
once you enable service blocking.
A custom port is a service that is not available in the pre-defined Available
Services list and you must define using the next two fields.
Choose the IP port (TCP or UDP) that defines your customized port from the drop
down list box.
Enter the port number range that defines the service. For example, if you want to
define the Gnutella service, then select TCP type and enter a port range from
6345 to 6349.
Select a service from the Available Services drop-down list and then click Add to
add a service to the Blocked Services
Select a service from the Blocked Services list and then click Delete to remove
this service from the list.
Click Clear All to empty the Blocked Services.
Select a check box to configure which days of the week (or everyday) you want
service blocking to be active.
Select the time of day you want service blocking to take effect. Configure blocking
to take effect all day by selecting All Day. You can also configure specific times by
selecting From and entering the start time in the Start (hour) and Start (min)
fields and the end time in the End (hour) and End (min) fields. Enter times in 24-
hour format, for example, "3:00pm" should be entered as "15:00".
Chapter 13 Firewall
147