Firewall > Access Rules - Cisco RV042 - Small Business Dual WAN VPN Router User Manual

Chapter 4
as SYN Flooding, Smurf, LAND, Ping of Death, IP Spoofing,
and reassembly attacks.
Block WAN Request
This option is enabled by default.
Using this feature, the Router drops both unaccepted TCP
request and ICMP packets from the WAN side. Hackers will
not find the Router by pinging the WAN IP address.
Remote Management
This option is disabled by
default. If you want to manage the Router through a WAN
connection, first change the password on the Setup >
Password screen (this prevents any user from accessing
the Router with the default password). Then select Enable
for the Remote Management setting, and enter the port
number (port 80, the default, or 8080 is usually used).
NOTE: If the Remote Management feature on
the Firewall > General screen has been enabled,
then users with administrative privileges can
remotely access the web-based utility. Use
http://<WAN IP address of the Router>, or
use https://<WAN IP address of the Router> if
you have enabled the HTTPS feature.
HTTPS HTTPS is a secured HTTP session. If Remote
Management is enabled, HTTPS is enabled by default.
NOTE:
If you disable the HTTPS feature, then
you also disable the Linksys QuickVPN service
on the Router.
Multicast Pass Through
This option is disabled by default.
IP multicasting occurs when a single data transmission
is sent to multiple recipients at the same time. Using
this feature, the Router allows IP multicast packets to be
forwarded to the appropriate LAN devices. Multicast Pass
Through is used for Internet games, videoconferencing,
and multimedia applications.
MTU (Maximum Transmission Unit)
specifies the largest packet size permitted for network
transmission. In most cases, keep the default, Auto.
To specify the MTU, select Manual, and then enter the
maximum MTU size.
Restrict WEB Features
Block
Select the filters you want to use.
Java
Java is a programming language for websites. If
•
you deny Java applets, you run the risk of losing access
to Internet sites created using this programming
language. To block Java applets, select Java.
Cookies
A cookie is data stored on your PC and used
•
by Internet sites when you interact with them. To block
cookies, select Cookies.
10/100 4-Port VPN Router
ActiveX
•
websites. If you deny ActiveX, you run the risk of losing
access to Internet sites created using this programming
language. To block ActiveX, select ActiveX.
Access to HTTP Proxy Servers
•
servers may compromise the Router's security. If you
block access to HTTP proxy servers, then you block
access to WAN proxy servers. To block access, select
Access to HTTP Proxy Servers.
Don't block Java/ActiveX/Cookies/Proxy to Trusted
Domains
this option. You will be able to specify a list of trusted
domains.
Click Save Settings to save your changes, or click Cancel
Changes to undo them.
Firewall > Access Rules
Access rules evaluate network traffic to decide whether
or not it is allowed to pass through the Router's firewall.
Access Rules look specifically at a data transmission's
source IP address, destination IP address, and IP protocol
type, and you can apply each access rule according to a
different schedule.
With the use of custom rules, it is possible to disable all
firewall protection or block all access to the Internet, so
use extreme caution when creating or deleting access
rules.
The Router has the following default rules:
All traffic from the LAN to the WAN is allowed.
•
All traffic from the WAN to the LAN is denied.
•
All traffic from the LAN to the DMZ is allowed.
•
All traffic from the DMZ to the LAN is denied.
•
All traffic from the WAN to the DMZ is allowed.
•
This setting
All traffic from the DMZ to the WAN is allowed.
•
Custom rules can be created to override the above default
rules, but there are four additional default rules that will
be always active and cannot be overridden by any custom
rules.
HTTP service from the LAN to the Router is always
•
allowed.
DHCP service from the LAN is always allowed.
•
DNS service from the LAN is always allowed.
•
Ping service from the LAN to the Router is always
•
allowed.
Advanced Configuration
ActiveX is a programming language for
Use of WAN proxy
To keep trusted sites unblocked, select
30