Henry Lo Field Application Engineer Session 2 Controlling IP Connectivity These are NOT confidential sessions – please DO consider to streaming, blogging, or taking pictures
Jul 04, 2015
Henry&Lo&&
Field&Application&Engineer
Session 2 Controlling IP Connectivity
These&are&NOT&confidential&sessions&–&please&DO&consider&to&streaming,&blogging,&or&taking&pictures&
Firewall Rules Web Content Filter User Management
Schedule
Firewall Rules Web Content Filter User Management
Schedule
Outline• General&Setup&• Filter&Setup&
- Call&Filter&- Data&Filter&
• DoS&Defense&• Application&Notes
General Setup
• Apply to ALL!• Prevent unwanted IPv6 WAN incoming traffics
General Setup• APPE / URL / WCF Filter!• Apply to ALL!
Outline• General&Setup&• Filter&Setup&
- Call&Filter&- Data&Filter&
• DoS&Defense&• Application&Notes
Filter Setup
More&Data&Filter
Filter SetupDrayTek• Edit&Criteria&
F Source&IP&F Dest&IP&F Service&Type
Filter SetupDrayTek• Edit&Criteria&
F Source&IP&F Dest&IP&F Service&Type
• Filter&AcJon&F User&Management&
F APP&Enforce&F URL&Filter&F WCF
Outline• General&Setup&• Filter&Setup&
- Call&Filter&- Data&Filter&
• DoS&Defense&• Application&Notes
DoS Defense
• Mind the Rate
DoS Defense• DoS Alert Logs
ApplicaJon¬e
•DoS&Defense&Filter hNp://www.draytek.com.tw/index.php?opJon=com_k2&view=item&id=5315&Itemid=293&lang=en
Firewall Rules Web Content Filter User Management
Schedule
Web Content Filter• Web&UI&Overview&
• How&does&it&Work&
• What&does&it&Do&
• UpFtoFDate&Web&Categories&
• Monitor&Activities&with&Syslog&
• Configuration&• Application&Notes
Web UI Overview• License&
InformaJon
• Profile&Table
• Cache&
F L1&IP&Cache1&second&
F L2&URL&Cache500/1000&entries
• Administrator&Message
www.google.com
www.google.com
CYREN Server
Search Engines & PortalsPass
www.facebook.comwww.facebook.com
Social Networkingblock
How does it Work
How does it Work
•Home&–&Parental&Controls&to&children&
• Enterprise&–&Access&Control&to&employees&
• Schedule&the&blocking&
• UpFtoFdate&Web&categories&
• Monitor&acJviJes&with&Syslog
What does it Do
ChildrenParents
Parental Controls
Access Controls
• Schedule&to&block&social&networks&for&homework&Jme
Parents Children
Schedule the Blocking
• Check&URL&categories
www.facebook.comSocial Networking•Manually&suggest&
categories
• ReacJon&Jme&guaranteed
http://www.commtouch.com/url-miscat/
Up-to-Date Web Categories
Monitor Activities with Syslog
•Set&LAN2/SSID2&for&kids&
•Edit&WCF&Profile&
• Include&WCF&Profile&into&DNS&Filter&
•Set&Firewall&Rule&for&kids&
•Confirm&the&FuncJonality&
•Check&Syslog
Parental Controls
• Set&LAN&2&for&SSID2
Parental Controls
•Give&access&of&SSID2&to&kids
Parental Controls
• Edit&WCF&Profile
Parental Controls
• Edit&DNS&Filter
Parental Controls
F Specially&designed&to&block&hNps&websites
• Set&Firewall&Rule&for&Children
Parental Controls
F Profile&Name
F LAN2&to&WAN
F Pass&Immediately
F Apply&WCF
•Trouble&shooJng&–&confirm&the&funcJonality
Parental Controls
•Trouble&shooJng&–&read&the&Syslog
Parental Controls
ApplicaJon¬e
•How&to&Use&WCF hNp://www.draytek.com.tw/index.php?opJon=com_k2&view=item&id=5369&Itemid=293&lang=en
Firewall Rules Web Content Filter User Management
Schedule
Outline• How&does&User&Management&Work&
– Rule&Base&
– User&Base&
• What&does&User&Management&Do&– For&Home,&limit&children&Internet&surfing&time&with&Parental&Control&&
– For&Business,&set&Landing&page&for&customers&
– For&Enterprise,&set&authorities&for&services&access&
• Configuration&
• Application&Notes
Outline• How&does&User&Management&Work&
– Rule&Base&
– User&Base&
• What&does&User&Management&Do&– For&Home,&limit&children&Internet&surfing&time&with&Parental&Control&&
– For&Business,&set&Landing&page&for&customers&
– For&Enterprise,&set&authorities&for&services&access&
• Configuration&
• Application&Notes
How does Rule-Based Work
• RuleFBased&is&a&management&method&based&on&firewall&rules,&that&Administrator&may&bind&a&user&profile&into&a&firewall&rule.
How does User-Based Work
• UserFBased&is&a&management&method&based&on&user&profiles,&that&Administrator&may&bind&a&firewall&rule&into&a&user&profile.
• Children&have&1&hour&time"a&to&access&the&Internet&everyday&from&08:00~22:00.&
– Set&schedule&and&SSID2&for&kids.&
– Set&SSDI2&as&LAN2&member.&
• Web&Content&Filter&protects&children&from&inappropriate&contents.&
– Apply&WCF&to&LAN2&in&Firewall.&
• Auto&refill&time"a&daily.
Parental Controls
Parental Control Configuration• Edit&time&schedule&profile.
- Starts&from&08:00- Duration&is&14&hours&until&22:00- Force&On- Choose&days
• Choose&RuleFBased. • Create&a&User&Profile&for&Son
- Name/Password
- Allow&at&most&1&user&to&log&in
- Apply&Schedule
- Initial/Refill&Time&Quota
• Create&another&User&Profile&for&Daughter
Parental Control Configuration
• Create&a&user&group&for&Son&and&Daughter.&- Select&kids- Put&to&the&right&side&as&member
Parental Control Configuration
• Create&WCF&profile&for&children.
Parental Control Configuration
• Set&SSID2&as&LAN2&member&for&kids&– Give&kids&WiFi&password&for&SSID2&only.&
• Enable&SSID2.
• Enable&LAN&2.
Parental Control Configuration
• Set&firewall&rule&for&kids&– LAN2&as&source&IP.&
– Choose&Pass&if&No&Further&Match.&
– Apply&children&group.&
– Apply&WCF&profile.
Parental Control Configuration
Landing Page
Landing Page Configuration
• Type&URL&as&Landing&Page.&• Redirect&to&specified&URL&after&login&with&user&account.
Landing Page Configuration
• Tick&Landing&Page.
Landing Page Configuration
• Redirected&to&Draytek&Homepage&after&login.
Set Authorities for Services Access
• Different&authentications&for&different&groups.
group Authentication
Server x
Employee v
Guest v
• Choose&UserFBased.
Set Authorities for Services Access Configuration
• Filter&rules&process&– Block&all&outgoing&access&if&from&unauthorized&LAN&IP&range.&
– Allow&Server&to&pass.&
– Allow&Employee&to&pass&after&authentication.&
– Allow&Guests&to&pass&after&authentication.
Set Authorities for Services Access Configuration
• Block&all&outgoing&access&if&from&unauthorized&IP&range&– Direction&is&LAN&to&WAN&
– !(IP&range):&if&outside&this&IP&range.& Click&Invert&Selection&
– Choose&Block&Immediately.
Set Authorities for Services Access Configuration
• Allow&server&pass.&– LAN&to&WAN.&
– Type&Server&IP.&
– Pass&Immediately.
Set Authorities for Services Access Configuration
• Allow&Employee&to&pass&after&authentication.&– Disable&this&rule,&and&will&be&applied&to&employee&user&profile.&
– LAN&to&WAN.&
– Set&IP&range&for&employee.&
– Pass&Immediately.
Set Authorities for Services Access Configuration
Set Authorities for Services Access Configuration
• Allow&Guests&to&pass&after&authentication.&– Disable&this&rule,&and&will&be&applied&to&guests&user&profile.&
– LAN&to&WAN.&
– Set&IP&range&for&guests.&
– Pass&Immediately.
• Create&Employee&user&profile.&– Username/Password.&
– Apply&firewall&rule&into&Policy.
Set Authorities for Services Access Configuration
Set Authorities for Services Access Configuration
• Create&Guests&user&profile.&– Username/Password.&
– Apply&firewall&rule&into&Policy.
Application Note
• How to Use User Management with User-Based Policyhttp://www.draytek.com.tw/index.php?option=com_k2&view=item&id=1842&Itemid=293&lang=en&
• How to use User Management with Rule-Based Policy&http://www.draytek.com.tw/index.php?
option=com_k2&view=item&id=1841&Itemid=293&lang=en
• How to use Landing Page Feature?http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=1808:faq-
article-1808&lang=en
Firewall Rules Web Content Filter User Management
Schedule
Outline
• What does Schedule Do • Applications
– Schedule firewall rules to block Facebook on working hours
– Turn off WiFi at sleep time
What does Schedule Do
• We&can&Schedule&Vigor&routers&to&– Enable&WAN&(PPPoE/PPTP/L2TP)&
– Execute&Firewall&rules&
– Apply&User&Profile&in&User&Management&
– Execute&Session/Bandwidth&Limit&
– Execute&LANFtoFLAN&VPN&profiles&
– Turn&off&WiFi&
– Reboot&automatically
• Block&facebook&from&08:00~18:00&on&weekdays.
Schedule Firewall Rules
• Set Schedule profile – Starts at 08:00 – Duration is 10 hours until 18:00
Schedule Firewall Rules Configuration
• Create&a&WCF&profile.&– Choose&Social&Networking&to&block&Facebook.
Schedule Firewall Rules Configuration
Schedule Firewall Rules Configuration
• Create&a&firewall&to&block&facebook.&– Apply&schedule.&
– Block&Immediately.&
– Apply&WCF&profile.
• WiFi is OFF from 22:00~08:00 everyday. • Schedule is based on Per day.
– 2 separate schedules for overnight purpose. • WiFi is ON by default.
– Set action to force DOWN.
Turn Off WiFi at Sleep Time
Time 22:00~23:59 00:00~08:00
Action Force&Down Force&Down
Duration 2&hours 8&hours
Turn Off WiFi at Sleep Time Configuration
• Create&a&schedule&profile.&– Starts&at&22:00&
– Duration&is&2&hours&until&23:59&
– Choose&Force&Down&
– Choose&Weekdays
c
c
Schedule Internet Surfing Time Configuration
• Create&another&schedule&profile.&– Starts&at&00:00&
– Duration&is&8&hours&until&08:00&
– Choose&Force&Down&
– Choose&Weekdays
c
c
Schedule Internet Surfing Time Configuration
• Apply Schedule profiles to Wireless LAN.
Application Note
• How to Turn off Wi-Fi with Schedulehttp://www.draytek.com.tw/index.php?option=com_k2&view=item&id=5347:howFtoFturnFoffFwiFfiFwithFschedule&lang=en&
• How to Reboot Vigor Router with Schedule&http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=1242:faqFarticleF1242&lang=en&
• How to use Call Schedule?&http://www.draytek.com.tw/index.php?
option=com_k2&view=item&id=1799:faqFarticleF1799&lang=en
Q & A Thank You!