Firewall Basic Configuration

Configure firewall security profiles.

Parameters

Parameter	Description
Security Profiles	Security profile is a set of rules that determines the policy that the firewall follows. There are 2 types of profiles: fixed and custom. If a fixed profile (without the word 'Custom' in the name) is selected, the Wizards and Advanced Configuration web pages are read-only and no configuration change is allowed. If a custom profile (with the word 'Custom' in the name) is selected, configuration change is allowed on the Wizards and Advanced Configuration web pages. Note: Please be patient as profile change takes seconds to execute. The following are descriptions of the fixed profiles: Off Off setting is the most permissive. It allows all incoming and outgoing traffic. Low Allows "safe" incoming connections and denies those that are known to be dangerous. By default it allows TCP or UDP connections for which a rule has not been specified. Low allows most all ICMP traffic, except for outgoing router-oriented (for example, router advertisement) or deprecated (for example, source quench) type/code pairs. Allows bidirectional dynamic ports to be opened (default in: allow, default out: allow). This includes NetMeeting in either direction, and VPNs based on both IPsec and on PPTP. Restricts traffic by prohibiting IP and/or TCP options that might be misused, as well as by preventing the spoofing of IP source addresses (for both IPv4 and IPv6). Medium (recommended) Default setting when the firewall is first activated. Allows most (but not all) ICMP error messages to be sent and received (does not have the "stealth" features associated with High). Blocks most incoming connections, with the default action for unspecified TCP and UDP connections being "deny". In order to allow file transfers via MSN Messenger and Yahoo! Messenger, incoming connections to port 80 must be allowed (these applications will not work if the HIGH setting is chosen). Allows dynamic ports to be opened up from the inside only (default in: deny, default out: allow). Thus, Medium only supports outgoing NetMeeting calls. Allows VPNs based on both IPsec and on PPTP. Restricts traffic by prohibiting IP and/or TCP options that might be misused, as well as by preventing the spoofing of IP source addresses (for both IPv4 and IPv6). High Allows the least traffic through. Only outbound connections may be established. Inbound connections are not allowed, unless in response to an outbound packet that was seen previously on a valid connection. Encompasses what is commonly known as "stealth mode", in which the station is not ping-able and is not permitted to generate any ICMP error messages (except where necessary to permit normal operation). Allows VPNs, including those based on IPsec (requiring AH, ESP, L2TP, IKE, i.e., UDP port 500), as well as those that rely on PPTP (which uses GRE). Restricts traffic by prohibiting IP and/or TCP options that might be misused, as well as by preventing the spoofing of IP source addresses (for both IPv4 and IPv6). Lockdown Lockdown blocks all incoming and outgoing traffic.
Rename custom profile	User can change the name of a custom profile.
Re-generate custom profile	User can re-generate a custom profile based on a fixed profile. The original custom profile setting will be replaced. The factory default is that all custom profiles are based on the fixed medium profile.

Parameter

Description

Security Profiles

Security profile is a set of rules that determines the policy that the firewall follows.

There are 2 types of profiles: fixed and custom. If a fixed profile (without the word 'Custom' in the name) is selected, the Wizards and Advanced Configuration web pages are read-only and no configuration change is allowed. If a custom profile (with the word 'Custom' in the name) is selected, configuration change is allowed on the Wizards and Advanced Configuration web pages.

Note: Please be patient as profile change takes seconds to execute.

The following are descriptions of the fixed profiles:

Off

Off setting is the most permissive. It allows all incoming and outgoing traffic.

Low

Allows "safe" incoming connections and denies those that are known to be dangerous. By default it allows TCP or UDP connections for which a rule has not been specified. Low allows most all ICMP traffic, except for outgoing router-oriented (for example, router advertisement) or deprecated (for example, source quench) type/code pairs.
Allows bidirectional dynamic ports to be opened (default in: allow, default out: allow). This includes NetMeeting in either direction, and VPNs based on both IPsec and on PPTP.
Restricts traffic by prohibiting IP and/or TCP options that might be misused, as well as by preventing the spoofing of IP source addresses (for both IPv4 and IPv6).

Medium (recommended)

Default setting when the firewall is first activated.
Allows most (but not all) ICMP error messages to be sent and received (does not have the "stealth" features associated with High).
Blocks most incoming connections, with the default action for unspecified TCP and UDP connections being "deny". In order to allow file transfers via MSN Messenger and Yahoo! Messenger, incoming connections to port 80 must be allowed (these applications will not work if the HIGH setting is chosen).
Allows dynamic ports to be opened up from the inside only (default in: deny, default out: allow). Thus, Medium only supports outgoing NetMeeting calls.
Allows VPNs based on both IPsec and on PPTP.
Restricts traffic by prohibiting IP and/or TCP options that might be misused, as well as by preventing the spoofing of IP source addresses (for both IPv4 and IPv6).

High

Allows the least traffic through. Only outbound connections may be established. Inbound connections are not allowed, unless in response to an outbound packet that was seen previously on a valid connection.
Encompasses what is commonly known as "stealth mode", in which the station is not ping-able and is not permitted to generate any ICMP error messages (except where necessary to permit normal operation).
Allows VPNs, including those based on IPsec (requiring AH, ESP, L2TP, IKE, i.e., UDP port 500), as well as those that rely on PPTP (which uses GRE).
Restricts traffic by prohibiting IP and/or TCP options that might be misused, as well as by preventing the spoofing of IP source addresses (for both IPv4 and IPv6).

Lockdown

Lockdown blocks all incoming and outgoing traffic.

Rename custom profile

User can change the name of a custom profile.

Re-generate custom profile

User can re-generate a custom profile based on a fixed profile. The original custom profile setting will be replaced. The factory default is that all custom profiles are based on the fixed medium profile.

Buttons

Button	Description
Apply	Apply changes.