Netgear FVS336G 参照ガイド
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
4-16
Firewall Protection and Content Filtering
v1.0, October 2007
2. Place the new rule below all other inbound rules.
Outbound Rules Example
Outbound rules let you prevent users from using applications such as Instant Messenger, Real
Audio, or other non-essential services.
Audio, or other non-essential services.
LAN WAN Outbound Rule: Blocking Instant Messenger
To block Instant Messenger usage by employees during working hours, you can create an
outbound rule to block that application from any internal IP address to any external address
according to the schedule that you have created in the Schedule menu. You can also have the
firewall log any attempt to use Instant Messenger during that blocked period.
outbound rule to block that application from any internal IP address to any external address
according to the schedule that you have created in the Schedule menu. You can also have the
firewall log any attempt to use Instant Messenger during that blocked period.
Adding Customized Services
Services are functions performed by server computers at the request of client computers. For
example, Web servers serve Web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on the Internet sends a request for
service to a server computer, the requested service is identified by a service or port number. This
number appears as the destination port number in the transmitted IP packets. For example, a packet
that is sent with destination port number 80 is an HTTP (Web server) request.
example, Web servers serve Web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on the Internet sends a request for
service to a server computer, the requested service is identified by a service or port number. This
number appears as the destination port number in the transmitted IP packets. For example, a packet
that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Although the FVS336G already holds a list of many service port numbers, you are not limited to
these choices. Use the Services screen to add additional services and applications to the list for use
in defining firewall rules. The Services menu shows a list of services that you have defined, as
shown in
these choices. Use the Services screen to add additional services and applications to the list for use
in defining firewall rules. The Services menu shows a list of services that you have defined, as
shown in
To define a new service, first you must determine which port number or range of numbers is used
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups or newsgroups. When you have the port number information, you
can enter it on the Services screen.
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups or newsgroups. When you have the port number information, you
can enter it on the Services screen.
Note: For security, NETGEAR strongly recommends that you avoid creating an exposed
host. When a computer on your LAN is designated as the exposed host, it loses
much of the protection of the firewall and is exposed to many exploits from the
Internet. If compromised, the computer can be used to attack your network.
much of the protection of the firewall and is exposed to many exploits from the
Internet. If compromised, the computer can be used to attack your network.