Blocking Internet Sites (Content Filtering) - NETGEAR ProSafe FVS336G Reference Manual

Dual wan gigabit firewall with ssl & ipsec vpn

Hide thumbs Also See for ProSafe FVS336G:

Reference manual (11 pages)

Datasheet (3 pages)

Installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

Table of Contents

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual

–

Block UDP flood—A UDP flood is a form of denial of service attack in which the

attacking machine sends a large number of UDP packets to random ports to the victim

host. As a result, the victim host will check for the application listening at that port, see

that no application is listening at that port, and reply with an ICMP Destination

Unreachable packet.

When the victimized system is flooded, it is forced to send many ICMP packets,

eventually making it unreachable by other clients. The attacker may also spoof the IP

address of the UDP packets, ensuring that the excessive ICMP return packets do not reach

him, making the attacker's network location anonymous.

If flood checking is enabled, the VPN firewall will not accept more than 20 simultaneous,

active UDP connections from a single computer on the LAN.

–

Disable Ping Reply on LAN Ports. To prevent the VPN firewall from responding to Ping

requests from the LAN, click this checkbox.

–

Disable DNS Proxy. Whether DNS Proxy is enabled or disabled in the DHCP server

configuration (see

will service DNS requests sent to its own LAN IP address. To disable this service, check

this checkbox.

•

VPN Pass through—When the FVS336G is in NAT mode, all packets going to the Remote

VPN Gateway are first filtered through NAT and then encrypted per the VPN policy.

If a VPN client or gateway on the LAN side of the VPN firewall wants to connect to another

VPN endpoint on the WAN, with the FVS336G between the two VPN end points, all

encrypted packets will be sent to the FVS336G. Since the FVS336G filters the encrypted

packets through NAT, the packets become invalid.

IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through the

FVS336G. To allow the VPN traffic to pass through without filtering, enable those options for

the type of tunnel(s) that will pass through the FVS336G.