Three schedules, Schedule 1, Schedule 2 and Schedule3 can be defined, and any one of these can be selected when defining firewall rules.
To invoke rules based on a schedule, follow these steps:
1. Select Security from the main menu and Schedule from the submenu. The Schedule 1 screen displays (see Figure 4-20 on page 4-30).
2. Check the radio button for All Days or Specific Days. If you chose Specific Days, check the radio button for each day you want the schedule to be in effect.
3. Check the radio button to schedule the time of day: All Day, or Specific Times. If you chose Specific Times, enter the Start Time and End Time fields (Hour, Minute, AM/PM), which will limit access during certain times for the selected days.
4. Click Apply to save your settings to Schedule 1.
Repeat these steps to set to a schedule for Schedule 2 and Schedule 3.
Blocking Internet Sites (Content Filtering)
If you want to restrict internal LAN users from access to certain sites on the Internet, you can use the VPN firewall’s Content Filtering and Web Components filtering. By default, these features are disabled; all requested traffic from any website is allowed. If you enable one or more of these features and users try to access a blocked site, they will see a “Blocked by NETGEAR” message. Several types of blocking are available:
• Web Components blocking. You can block the following Web component types: Proxy, Java, ActiveX, and Cookies. Some of these components are can be used by malicious Websites to infect computers that access them. Even sites on the Trusted Domains list will be subject to Web Components blocking when the blocking of a particular Web component is enabled. Figure 4-20
– Proxy. A proxy server (or simply, proxy) allows computers to route connections to other computers through the proxy, thus circumventing certain firewall rules. For example, if connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective. Enabling this feature blocks proxy servers.
– Java. Blocks java applets from being downloaded from pages that contain them. Java applets are small programs embedded in Web pages that enable dynamic functionality of the page. A malicious applet can be used to compromise or infect computers. Enabling this setting blocks Java applets from being downloaded.
– ActiveX. Similar to Java applets, ActiveX controls install on a Windows computer running Internet Explorer. A malicious ActiveX control can be used to compromise or infect computers. Enabling this setting blocks ActiveX applets from being downloaded. – Cookies. Cookies are used to store session information by websites that usually require login. However, several websites use cookies to store tracking information and browsing habits. Enabling this option filters out cookies from being created by a website..
• Keyword Blocking (Domain Name Blocking). You can specify up to 32 words that, should they appear in the website name (URL) or in a newsgroup name, will cause that site or newsgroup to be blocked by the VPN firewall.
You can apply the keywords to one or more groups. Requests from the PCs in the groups for which keyword blocking has been enabled will be blocked. Blocking does not occur for the PCs that are in the groups for which keyword blocking has not been enabled.
You can bypass keyword blocking for trusted domains by adding the exact matching domain to the list of Trusted Domains. Access to the domains or keywords on this list by PCs, even those in the groups for which keyword blocking has been enabled, will still be allowed without any blocking.
Keyword application examples:
• If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is blocked, as is the newsgroup alt.pictures.XXX.
• If the keyword “.com” is specified, only Web sites with other domain suffixes (such as .edu or .gov) can be viewed.
• If you wish to block all Internet browsing access, enter the keyword “.”.
Note: Many websites require that cookies be accepted in order for the site to be accessed properly. Blocking cookies may interfere with useful functions provided by these websites.
To enable Content Filtering:
1. Select Security from the main menu and Block Sites from the submenu. The Block Sites screen displays.
2. Check the Yes radio button to enable content filtering. 3. Click Apply to activate the screen controls.
4. Check the radio boxes of any Web components you wish to block.
5. Check the radio buttons of the groups to which you wish to apply keyword blocking. Click Enable to activate keyword blocking (or disable to deactivate keyword blocking).
6. Build your list of blocked keywords or domain names in the Blocked Keyword fields. After each entry, click Add. The keyword or domain name will be added to the Blocked Keywords table. (You can also edit an entry by clicking Edit in the Action column adjacent to the entry.) 7. Build a list of trusted domains in the Trusted Domains fields. After each entry, click Add.
The trusted domain will appear in the Trusted Domains table. (You can also edit any entry by clicking Edit in the Action column adjacent to the entry.)