Configure access rules to control traffic to and from your network. To configure access rules, choose Firewall > Access Rules. All configured firewall rules on the Cisco RV180/RV180W are displayed in the Access Rule Table. Configuring the Default Outbound Policy You can configure the default outbound policy for the traffic
that is directed from your secure network (LAN) to the Internet. The default inbound policy for traffic flowing from the Internet to your LAN is always blocked and cannot be changed. The default outbound policy applies to traffic that is not covered by the specific firewall rules that you have configured. For example, you may have specific firewall rules restricting outbound instant messaging and video traffic, but all other traffic would be permitted if you choose
allow as the default outbound policy. To configure the default outbound policy: - Choose Firewall > Access Rules.
- Under Default Outbound Policy, choose Allow or Block. Allow permits traffic from your LAN to the Internet. Block does not permit traffic from your LAN to the Internet.
- Click Save.
Using the Access Rules Table In the Access Rules table, you can add, edit, enable, disable, and delete access rules. Check the box next to the rule on which you want to perform the action, then select the action from the buttons below the table. Reordering Access Rules You may want to reorder the
access rules you have created to change the priority of a rule. To reorder access rules: - Click Reorder.
- In the Access Rule Table, check the rule that you want to move, and click the Up or Down arrow to move it up or down the list.
- Click Save.
Creating an Access Rule
Access rules specify the type of traffic that is allowed into and out of your network. To create access rules: - Choose Firewall > Access Rules.
- Click Add Rule.
- Under Connection Type, choose the destination of traffic covered by this rule:
- Inbound—Traffic
from the Internet (WAN) to your network (LAN)
- Outbound—Traffic from your network (LAN) to the Internet (WAN)
- Choose the action:
- Always Block—Always block the selected type of traffic.
- Always Allow—Never block the selected type of traffic.
- Block by schedule, otherwise
allow—Blocks the selected type of traffic according to a schedule. Choose the schedule from the drop-down list. See Creating Schedules.
- Allow by schedule, otherwise block—Allows the selected type of traffic according to a schedule. Choose the schedule from the drop-down list. See
Creating Schedules.
- Choose the service to allow or block for this rule. Choose Any Traffic to allow the rule to apply to all applications and services, or you can choose a single application to block:
- AIM (AOL Instant Messenger)
- BGP
(Border Gateway Control)
- BOOTP_CLIENT (Bootstrap Protocol client)
- BOOTP_SERVER (Bootstrap Protocol server)
- CU-SEEME (videoconferencing) UDP or TCP
- DNS (Domain Name System), UDP or TCP
- FINGER
- FTP (File Transfer Protocol)
- HTTP (Hyptertext Transfer Protocol)
- HTTPS (Secure Hypertext Transfer Protocol)
- ICMP (Internet Control Message Protocol) type 3 through 11 or 13
- ICQ (chat)
- IMAP (Internet Message Access Protocol) 2 or 3
- IRC (Internet Relay Chat)
- NEWS
- NFS (Network File System)
- NNTP (Network News
Transfer Protocol)
- PING
- POP3 (Post Office Protocol)
- PPTP (Point-to-Point Tunneling Protocol)
- RCMD (command)
- REAL-AUDIO
- REXEC (Remote execution command)
- RLOGIN (Remote login)
- RTELNET (Remote telnet)
- RTSP
(Real-Time Streaming Protocol) TCP or UDP
- SFTP (Secure Shell File Transfer Protocol)
- SMTP (Simple Mail Transfer Protocol)
- SNMP (Simple Network Management Protocol) TCP or UDP
- SNMP-TRAPS (TCP or UDP)
- SQL-NET (Structured Query Language)
- SSH (TCP or UDP)
- STRMWORKS
- TACACS (Terminal Access Controller Access-Control System)
- TELNET (command)
- TFTP (Trivial File Transfer Protocol)
- RIP (Routing Information Protocol)
- IKE
- SHTTPD (Simple HTTPD web server)
- IPSEC-UDP-ENCAP (UDP Encapsulation of IPsec packets)
- IDENT
protocol
- VDOLIVE (live web video delivery)
- SSH (secure shell)
- SIP-TCP or SIP-UDP
- In the Source IP field, configure the IP address to which the firewall rule applies:
- Any—The rule applies to traffic originating from any IP address in the local network.
- Single
Address—The rule applies to traffic originating from a single IP address in the local network. Enter the address in the Start field.
- Address Range—The rule applies to traffic originating from an IP address located in a range of addresses. Enter the starting IP address in the Start field, and the ending IP address in the Finish field.
- If you are configuring an
inbound firewall access rule:
- Destination Network Address Translation (DNAT) maps a public IP address (your dedicated WAN address) to an IP address on your private network. In the Send to Local Server (DNAT IP) field, specify an IP address of a machine on the Local Network which is hosting the server.
- The router supports multi-NAT, so your Internet Destination IP address does not have
to be the address of your WAN. On a single WAN interface, multiple public IP addresses are supported. If your ISP assigns you more than one public IP address, one of these can be used as your primary IP address on the WAN port, and the others can be assigned to servers on the LAN. In this way, the LAN can be accessed from the internet by its aliased public IP address. Check the Enable box and enter the IP address you want to use.
- Under Rule
Status, choose Enabled or Disabled. You may want to configure a rule and choose Disabled if you want to enable it at a later time.
- If you are configuring an outbound firewall access rule:
- In the Destination IP field, configure the IP address to which the firewall rule applies:
- Any—The
rule applies to traffic going to any IP address.
- Single Address—The rule applies to traffic going to a single IP address. Enter the address in the Start field.
- Address Range—The rule applies to traffic going to an IP address located in a range of addresses. Enter the starting IP address in the Start field, and the ending IP address in the Finish field.
- You can configure Secure Network Address Translation (SNAT) to map a public IP address (your Dedicated WAN address, Optional WAN address, or another address) to an IP address on your private network. Under Use This SNAT IP Address, check Enable and enter the SNAT IP Address.
- Under Rule Status, choose Enabled or Disabled. You may want to configure a rule and choose Disabled if you want
to enable it at a later time.
Should I enable firewall on my router?
Routers and software firewalls overlap in some ways, but each provides unique benefits. If you already have a router, leaving the Windows firewall enabled provides you with security benefits with no real performance cost. Therefore, it's a good idea to run both.
Do routers have a firewall?
Is a router a firewall? Yes, the rumors are true: wireless routers automatically do the job of a basic hardware firewall. Firewalls are designed to repel any external internet traffic that tries to gain access to your internal network (a.k.a. the network of devices connected to your router).
How do I set my firewall settings?
Setting Up a Firewall: Windows 7 - Basic. Set up system and security settings. From the Start menu, click Control Panel, then click System and Security. ... . Select program features. Click Turn Windows Firewall on or off from the left side menu. ... . Choose firewall settings for different network location types.. | 
