If you enabled content filtering in the Block Sites menu, or if you defined an outbound rule to use a schedule, you can set up a schedule for when blocking occurs or when access is restricted. The firewall allows you to specify when blocking will be enforced by configuring the Schedule tab shown below:
FVS124G ProSafe VPN Firewall 25 Reference Manual
3-33 To invoke rules and block keywords or Internet domains based on a schedule, select Every Day or select one or more days. If you want to limit access completely for the selected days, select All Day. Otherwise, if you want to limit access during certain times for the selected days, type a Start Blocking time and an End Blocking time.
Be sure to click Apply when you have finished configuring this menu.
The VPN Firewall uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet. In order to localize the time for your log entries, you must specify your Time Zone:
• Time Zone. Select your local time zone. This setting will be used for the blocking schedule and for time-stamping log entries.
• Daylight Savings Time. Check this box for daylight savings time.
• Be sure to click Apply when you have finished configuring this menu.
Event Logs Alerts and E-Mail Notification
Your router will log security-related events such as denied incoming service requests, hacker probes, and administrator logins, according to your settings on the Log screen (Figure 3-18). If you have set up content filtering on the Block Sites page (see “Block Sites” on page 3-6), you can also log when someone on your network tries to access a blocked site.
In order to receive logs and alerts by E-mail, you must enable E-Mail Logs and then provide your E-mail address in the E-Mail Logs subheading as shown in Figure 3-18 and described in
Table 3-7.
If you have a PC running a syslog logging program, you can enable Syslog and configure the firewall to send system logs to that logging PC (Table 3-7). Logging programs are available for Windows, Macintosh, and Linux computers.
Note: Note: Enter the values as 24-hour time. For example, 10:30 am would be 10 hours and 30 minutes and 10:30 pm would be 22 hours and 30 minutes.
Note: If your region uses Daylight Savings Time, you must manually select Adjust for Daylight Savings Time on the first day of Daylight Savings Time, and unselect it at the end. Enabling Daylight Savings Time will add one hour to the standard time.
FVS124G ProSafe VPN Firewall 25 Reference Manual
3-35 L
Once you have made your changes to the Log and E-Mail screen, click Apply to have your changes take effect.
Table 3-7. Logs and E-Mail fields
Field Description
Log Identifier A mandatory field that identifies the log messages. This ID is appended to log messages.
Include in log • Use these checkboxes to determine which events are included in the log. Selecting all events will increase the size of the log, so it is good practice to disable any events which are not really required.
• Selecting an event under Include In Log will enable logging of messages pertaining to that event. (e.g., selecting Admin Login, will enable generation of log messages whenever Admin logs in).
Include in Alerts Will enable logging of messages pertaining to that event. This category typically contains Internet Attack events (e.g., selecting SYN Flood, will enable generation of Alert messages whenever SYN Flood occurs).
E-Mail logs If enabled, enter the information in the following fields in order to receive logs in an E-mail message:
• In the Respond to Ident from SMTP Server check this box to respond to IDENT protocol.
• In the E-mail Server address box, enter the outgoing E-mail SMTP mail server of your ISP (for example, 172.16.1.10). If you leave this box blank, no alerts or logs will be sent to you.
• In the Return E-mail Address box, enter the user's e-mail address. • In the Sent To Mail Address box, enter the e-mail address where the logs
and alerts will be sent. Use a full e-mail address (e.g., [email protected]).
• In Authenticate with SMTP server, check this box to enable authentication for alerts and logs.
• In the User Name box, enter the user name for SMTP authentication. • In the Password box, enter the password for SMTP authentication. Syslog If Syslog is enabled, enter the information in the following fields:
• Syslog server IP address – If your Syslog server has a fixed IP address, select this option, and enter the IP address of your Syslog server. • Select the appropriate syslog facility of your Syslog server. Log Queue Length Set the length of the logs queue.
Log Threshold Time Set the logs Threshold time. Alert Queue Length Set the alerts queue length
The firewall will log security-related events such as denied incoming and outgoing service requests, hacker probes, and administrator logins. If you enabled content filtering in the Block Sites menu, the Log page will also show you when someone on your network tried to access a blocked site.
If you enabled e-mail notification, you'll receive these logs in an e-mail message. If you don't have e-mail notification enabled, you can view the various log messages generated by the Router when you click the View Log button as shown in Figure 3-19. The types of log entries generated are described in Table 3-8 and log action buttons are described in Table 3-9.
FVS124G ProSafe VPN Firewall 25 Reference Manual
3-37 Table 3-8. Log entry descriptions
Field Description
Date and Time The date and time the log entry was recorded. Description or Action The type of event and what action was taken if any. Source IP The IP address of the initiating device for this log entry. Source port and
interface
The service port number of the initiating device, and whether it originated from the LAN or WAN
Destination The name or IP address of the destination device or website. Destination port and
interface
The service port number of the destination device, and whether it’s on the LAN or WAN.
Table 3-9. Log action buttons
Field Description
Refresh Click this button to refresh the log screen. Clear Log Click this button to clear the log entries. Send Log Click this button to E-mail the log immediately.
4-1
Chapter 4
Virtual Private Networking
This chapter describes how to use the virtual private networking (VPN) features of the VPN Firewall. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer.