Table of Contents
Advertisement
11.5 Firewall
Q11. I want to block access to download of songs, movies etc. How can I do that?
Ans: Use the router's File Extension Filter feature to block HTTP access to extensions
like .avi, .mp3 etc. To configure File Extension Filter, enable Firewall on all the relevant
LAN, DMZ and WAN interfaces. Go to Firewall → Policy, and click on Out. Enable
"File Extension Filter" feature and configure the list of File Extensions to be blocked.
Q12. I want to block access to specific sites such as pornographic sites, job sites etc.
How can I do this?
Ans: Use the Keyword Filter feature to block HTTP access to specific keywords like
sex, job etc. To configure Keyword Filter, enable Firewall on all the relevant LAN, DMZ
and WAN interfaces. Go to Firewall → Policy, and click on Out. Enable "Keyword
Filter" feature and configure the list of Keywords to be blocked.
Q13. I have setup Web Proxy Server and FTP Server on the DMZ Port. I want to
ensure that all traffic to the internet is via my DMZ Servers only. i.e my LAN
systems can access Web and FTP Traffic only via DMZ Servers and not Internet
directly. And Web and FTP traffic can flow unrestricted between my DMZ Servers
and internet. How do I configure this?
Ans: To configure this, you can set all interfaces as UnTrusted and allow only desired
traffic between the interfaces. The below steps will guide you through the configuration:
Go to Firewall → Interface Configuration; disable firewall until the configuration
is complete.
In Firewall → Policy, click In and Permitted Service, and add Service Permitted
Rules for Web traffic (HTTP and HTTPS) and FTP Traffic. Add the following IP
Permitted Rules for each of the Service Permitted Rules:
o Add IP Permitted Rule with Source IP as IP Range (DMZ Server's Range of
IP Addresses), and Destination IP as Any. This will ensure that Web and FTP
Traffic can flow from the DMZ Server to the Internet without any restriction.
o Add IP Permitted Rule with Source IP as Any, and Destination IP as IP Range
(DMZ Server's Range of IP Addresses). This will ensure that Web and FTP
Traffic can flow from the LAN to DMZ, and from the Internet to DMZ only.
In the HTTP/HTTPS Service Permitted Rule, add the below IP Permitted Rule to
allow administrator to configure the router:
o Add IP Permitted Rule with Source IP as IP Range (The LAN System IP
Addresses from which router should be configurable), and Destination IP as
IP Range (The router's LAN Interface IP Address). This will ensure that
router's Web Page is configurable by the administrator.
Now go to Firewall → Interface Configuration, enable Firewall and set LAN,
DMZ and WAN as UnTrusted.
Advertisement
Table of Contents
