To access the service on the internet, we will need to connect to the server IP address and the specific port, so the packets will be sent to the correct server, and the packets will be listened by the correct program. In some scenario, network administrator may not want to let the clients access some service; or, wants to enhance the security of the internal network, to prevent some malwares from access the resource, stole the information, and abuse the internet. Network administrator can set the firewall rule on Vigor Router to block the connection by certain port. The client will not be able to access such resource if the port is blocked, and the malware will not be able to access their own server.
This document will describe how to restrict the service that client or program are using by blocking the certain port, so they will not able to access the resource on the internet. Imagine that a company wants to prevent the confidential information leakage, the network administrator wants to block all the FTP transmission between the local network and the internet. Usually, the FTP service uses TCP port 21 as the major command port. The steps and details will be described in the following paragraphs.
Note: Except the ports you have set to be open and redirection to the internal IP addresses, Vigor Router will block all the transmissions which initiate from the internet to the local network by default. Therefore, we will focus on blocking the transmission from LAN to WAN in the following paragraphs.
(This setup applies to most of the models. For Vigor3900, Vigor2960 and Vigor300B, please refer to the article here.)
1. Go to Object Setting >> Services Type Object:
a. Create service objectb. Type the profile namec. Set the destination TCP port 21 for FTP
2. Go to Firewall >> Filter Setup, click an available Filter Set:
a. Click an available Filter Ruleb. Tick Check to enable the Filter Rulec. Input Commentsd. Select the source IP (Please set the source IP address here if you want to regulate the specific IP address only.)e. Select the "FTP" as Service Typef. Select Block Immediately as Filter, we could also enable the syslog to check the filter statusg. Save the profile
3. From the Diagnostics >> Syslog Explorer, we may see the attempt to connect TCP port 21 has been blocked.
If you want to apply the firewall rule to certain computer, you will need to set Bind IP to MAC for this computer, so the router will always assign the identical IP to it. Please refer to What is Bind IP to MAC? for further information.
You may also refer to How to use APP Enforcement? to use APP filter to block specific protocol.
The scope of application of privacy protection policy
Personal data collection, processing and use
When you visit this website or use the functional services provided on this website, we will ask your necessary personal information and use it within that specific purpose; without your agreement in writing this website will not use your personal data for any other purpose.
When you use interactive features such as mailboxes and surveys, this site will retain your name, e-mail address, contact information and usage time.
In normal browsing, the server will record the relevant actions, including the IP address of the device you are using, the time of use, the browser you are using, the browsing and data logging, etc., as a reference for our website services. This record for internal applications will not be announced.
Statistics and analysis of collected questionnaires, statistics or descriptive text of the results will be provided for accurate service. In addition to internal research, statistical data and descriptive text will be published if it is necessary. The information published excludes information on specific individuals.
The protection of information
The website hosts are equipped with firewall, anti-virus system and other related information security equipment and the necessary security measures to protect the site and your personal information with strict protection measures. Only authorized personnel can access your Personal data. The relevant processing personnel are signed confidentiality contract, if there is breach of confidentiality obligations, will be subject to the relevant legal punishment.
In the event that it is necessary to entrust other units to provide services for business purposes, the Site will strictly require compliance with the confidentiality obligations and take the necessary inspection procedures to ensure that it will comply.
External links to the site
The policy of sharing personal information with the third party
This website will not provide, exchange, rent or sell any of your personal information to other individuals, groups, private enterprises or public agencies. However the legal basis or contractual obligations are excluded.
The foregoing proviso includes, but not limited to:
The use of Cookie