Configuration of Access Rules on the CVR100W VPN Router
Available Languages
Objective
Access Control Lists (ACLs) are lists that control whether packets are allowed or denied at the router interface. ACLs are configured to be in effect all the times, or based on defined schedules. The CVR100W VPN Router allows for the configuration of access rules in order to increase security.
The purpose of this document is to show how to configure access rules on the CVR100W VPN Router.
Applicable Device
• CVR100W VPN Router
Software Version
• 1.0.1.19
Access Rules
Step 1. Log in to the web configuration utility and choose Firewall > Access Control > Access Rules. The Access Rules page opens:
Step 2. Click Add Row to add a new access rule. The Add Access Rule page opens:
Step 3. From the Connection Type drop-down list, choose the type of rule to create.
• Outbound (LAN > WAN) — This option affects packets from the secure LAN to the insecure WAN.
• Inbound (WAN > LAN) — This option affects packets from the insecure WAN to the secure LAN.
• Inbound (WAN > DMZ) — This option affects packets from the insecure WAN to the DMZ. A DMZ is a segment of the network that separates the LAN from the WAN to provide a layer of security.
Step 4. From the Action drop-down list, choose the action that applies to the rule.
• Always Block — Always block packets.
• Always Allow — Always allow packets.
• Block by schedule — Packets are blocked based on a specified schedule.
• Allow by schedule — Packets are allowed based on a specified schedule.
Step 5. From the Schedule drop-down list, choose a schedule to apply to the rule.
Note: The drop-down list is dimmed when the Always Block or Always Allow option is chosen in Step 4.
Step 6. (Optional) To configure firewall schedules, click Configure Schedules. To configure schedules, refer to the article Firewall Schedule Management on the CVR100W VPN Router.
Step 7. From the Services drop-down list, choose a service to allow or block. The drop-down list contains the default services available on the CVR100W VPN Router. Services determine the type of protocol in use and on which port it applies.
Step 8. (Optional) To configure services, click Configure Services. To configure services, refer to the article Service Management on the CVR100W VPN Router.
Step 9. From the Source IP drop-down list, choose the source IP addresses to which the rule applies.
• Any — This option applies the rule to all source IP addresses.
• Single Address — This option applies the rule to a single IP address. Enter the source IP address in the Start IP field.
• Address Range — This option applies the rule to a range of IP addresses. Enter the starting IP address of the address range in the Start IP field and enter the end IP address of the address range in the Finish IP field.
Note: The Start IP field is dimmed when the Any option is chosen. Also, the Finish field is dimmed when the Any or Single Address option is chosen.
Step 10. From the Destination IP drop-down list, choose the destination IP addresses to which the rule apples.
• Any — This option applies the rule to all source IP addresses.
• Single Address — This option applies the rule to a single IP address. Enter the destination IP address in the Start IP field.
• Address Range — This option applies the rule to a range of IP addresses. Enter the the starting IP address of the address range in the Start IP field and enter the end IP address of the address range in the Finish IP field.
Note: The Start IP field is dimmed when the Any option is chosen. Also, the Finish field is dimmed when the Any or Single Address option is chosen.
Step 11. From the Log drop-down list, choose a log option. Logs are generated system records used for audit and security management.
• Never — Disables Logs.
• Always — A log is always created whenever a packet matches the rule.
Step 12. From the QoS Priority drop-down list choose a priority for the outbound IP packets of the rule. Priority one is the lowest, while priority four is the highest. Packets in higher priority queues are forwarded before those in lower priority queues.
Step 13. Check the Enable check box in the Rule Status field to enable the rule.
Step 14. Click Save.
Step 15. (Optional) To edit an access rule in the Access Rules Table, check the check box of the entry, click Edit, edit the required fields, and click Save.
Step 16. (Optional) To delete an access rule entry in the Access Rules Table, check the check box of the entry, click Delete, and click Save.
Note: A prompt is displayed to indicate you must save before you can edit or delete.
Step 17. (Optional) To enable an access rule entry in the Access Rules Table, check the check box of the entry, click Enable, and click Save.
Step 18. (Optional) To disable an access rule entry in the Access Rules Table, check the check box of the entry, click Disable, and click Save.
Reorder Access Rules
Access rules are displayed in the Access Rules Table in a particular order. The order indicates how the rules are applied. The first rule in the table is the first rule to be applied. After which, the second rule of the list is applied. The reorder feature is an important option on the CVR100W VPN Router.
Step 1. Click Reorder to reorder the access rules.
Step 2. Check the check box of the access rule you want to reorder.
Step 3. From the drop-down list, choose a position you want to move the specified rule to.
Step 4. Click Move to to reorder the rule. The rule moves to the specified position in the table.
Note: The up and down arrow buttons can be used to reorder the access rules.
Step 5. Click Save.
Feedback