URL Blocking

Use the Firewall > URL Blocking page to block  access to websites that  contain specified keywords in the URL.

To open this page: In the navigation tree, choose Firewall > URL Blocking.

STEP   1  In the Blocked Keywords Table, perform these tasks:

•    To add a new entry, click Add Row. Check or uncheck the Status box to enable or disable the blocked keyword. Enter the keyword in the URL box.

•    To edit an entry, check the box and then click Edit. To select all entries, check the box in the heading row. Check or uncheck the Status box to enable or disable the blocked keyword. Enter the keyword in the URL box.

•    To delete an entry, check the box and  then  click Delete. To select all entries, check the box in the heading row.

Content Filtering

Use the Firewall > Content Filtering page to enable and configure content filtering. For example, you can  block  potentially risky web components such as ActiveX or Java. You can  prevent web access by blocking all URLs, or you can  set up trusted domains by specifying websites and  identifying allowed URL keywords.

To open this page: In the navigation tree, choose Firewall > Content Filtering.

STEP   1  In the Content Filtering section, enter these settings:

•    Content Filtering—To enable Content Filtering, check the Enable box. To disable this feature, uncheck the box.

•    Enable Check Referer: Check the box to enable checking the HTTP referer header for allowed URLs. When enabled, this feature allows a user to access a link on an allowed web page even if the link goes to a different domain.

•    HTTP Ports—Enter the HTTP ports to which  content filtering applies. The default port is 80. If your networking using  an external HTTP proxy server which  listens on other ports, they can  be added here. Multiple ports can  be specified in a comma separated list.

•    After changing these settings, click Save to save your changes and  update the other fields  on the page. For example, the Approved URLs Table becomes available only after you enable Content Filtering.

STEP   2  In the Web Components section, check the box for each web component that you want to block. Although many reputable web sites use these components for legitimate purposes, these components can  be used by malicious websites to infect computers.

•    Proxy—A proxy server (or simply, proxy)  allows computers to route connections to other computers through the proxy, thus  circumventing certain firewall rules. For example, if connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective. Enabling this feature blocks proxy servers.

•    Java—Blocks java applets from being downloaded from pages that contain them. Java applets are small programs embedded in web pages that enable dynamic functionality of the page. A malicious applet can  be used to compromise or infect computers. Enabling this setting blocks Java applets from being downloaded.

•    ActiveX—Similar to Java applets, ActiveX controls are installed on a Windows computer while running  Internet Explorer. A malicious ActiveX control can be used to compromise or infect computers. Enabling this setting blocks ActiveX applets from being downloaded.

•    Cookies—Cookies are used to store session information by websites that usually  require login. However, several websites use cookies to store tracking information and  browsing habits. Enabling this option filters out cookies from being created by a website.

Note: Many websites require that  cookies be accepted in order for the site to be accessed properly. Blocking cookies can cause many websites to not function properly.

STEP   3  In the Approved URLs List Enable section, enable the following options:

•    Approved URLs List—Check the box to allow access to all URLs in the Approved URLs Table. Uncheck the box to disable this feature. Users will be allowed to access these web sites even if access would be blocked by other rules such as URL Blocking.

Attack Prevention

Attacks are malicious security breaches or unintentional network issues that render the Cisco RV220W  unusable. Attack prevention allows you to manage WAN security threats such as continual ping requests and  discovery via ARP scans. TCP and  UDP flood attack prevention can  be enabled to manage extreme usage of WAN resources.

As well, certain Denial-of-Service (DoS) attacks can  be blocked. These attacks, if uninhibited, can  use up processing power and  bandwidth and  prevent regular network services from running  normally. ICMP packet flooding, SYN traffic flooding,  and  Echo storm thresholds can  be configured to temporarily suspend traffic from the offending source.

To open this page: In the navigation tree, choose Firewall > Attack Prevention.

STEP   1  In the WAN (Internet) Security Checks section, check or uncheck the  Enable box to enable or disable the following security checks:

•    Respond to Ping on WAN (Internet)—To configure the Cisco RV220W  to allow a response to an Internet Control Message Protocol (ICMP) Echo (ping) request on the WAN interface, check this box. This setting is used as a diagnostic tool for connectivity problems. Not enabled by default.

•    Stealth Mode—If Stealth Mode is enabled, the router will not respond to port scans from the WAN. This feature makes the network less susceptible to discovery and  attacks. Enabled by default.

•    Flood—If this option is enabled, the router will drop all invalid TCP packets.

This feature protects the network from a SYN flood attack. Enabled by default.

Security Settings for Wireless Networks

Use the Wireless > Basic Settings > Security Settings page to configure security for the selected wireless network. All devices on this network (SSID) must  use the same security mode and  settings to work correctly. Cisco recommends using  the highest level of security that  is supported by the devices in your network.

To open this page: From the Wireless > Basic Settings page, select a network and  then  click Edit Security Mode.

NOTE   To configure a network with WPA Enterprise, WPA2 Enterprise, or WPA2 Enterprise Mixed security mode, you must first add a RADIUS Server configuration. See Using the Cisco RV220W With a RADIUS Server, page 146.

STEP   1  If needed, select a different network in the Select SSID  list.

STEP   2  Enter these settings for the selected network:

•    Wireless Isolation within SSID—Check Enable to prevent clients on this wireless network from accessing devices on other wireless networks. To allow access, click Disable.

•    Security—Choose a security mode:

-     Disabled—Any device can  connect to the network. Not recommended.

-     Wired Equivalent Privacy (WEP)—  Weak security with a basic encryption method that is not as secure as WPA. WEP may be required if your network devices do not support WPA; however, it is not recommended.

-     Wi-Fi Protected Access (WPA) Personal—WPA is part of the wireless security standard (802.11i) standardized by the Wi-Fi Alliance  and  was intended as an intermediate measure to take the place of WEP while the

802.11i standard was being prepared. It supports TKIP/AES encryption. The personal authentication is the Preshared Key (PSK) that  is an alphanumeric passphrase shared with the wireless peer.

-     WPA Enterprise—Allows you to use WPA with RADIUS server authentication.

-     WPA2 Personal—WPA2 is the implementation of security standard specified in the final 802.11i standard. It supports AES encryption and this option uses PSK based authentication.

-     WPA2 Personal Mixed—Allows both WPA and WPA2 clients to connect simultaneously using  PSK authentication.

-     WPA2 Enterprise—Allows you to use WPA2 with RADIUS server authentication.

-     WPA2 Enterprise Mixed—Allows both WPA and  WPA2 clients to connect simultaneously using  RADIUS authentication.

•    Encryption Type—An option is chosen automatically, based on the selected security mode.

-     TKIP+AES is used for WPA Personal, WPA Enterprise, WPA2 Personal

Mixed, and  WPA2 Enterprise Mixed.

-     AES is used for WPA2 Personal and  WPA2 Enterprise.

If you chose WPA Enterprise or WPA2 Enterprise Mixed, no further settings are required. You can  save the settings.

STEP   3  If you chose WPA Personal, WPA2 Personal, or WPA2 Personal Mixed, enter these settings:

•    WPA Key—Enter the pre-shared key for WPA/WPA2 PSK authentication.

The clients also need to be configured with the same password. As you type the password, a message indicates the strength. For a stronger password, enter at least eight  characters including a variety of character types (numbers, upper- and  lowercase letters, and  symbols).

•    Unmask Password—Check the box if you want to see the key as typed.

Otherwise, the password is masked.

•    Key Renewal—Enter the number of seconds after which the Cisco RV120W will generate a new key. These keys are internal keys exchanged between the Cisco RV120W  and  connected devices. The default value  (3600 seconds) is usually  adequate unless you are experiencing network problems.

STEP   4  If you chose WEP, enter these settings:

•    Authentication—Choose the option that  is supported by your network devices: Open System or Shared Key. In either case, the client must provide the correct shared key (password) in order to connect to the wireless network.

•    Encryption—Choose 64-bit or 128-bit. 64-bit WEP has  a 40-bit key, and

128-bit WEP has  a 104-bit key. A larger key provides stronger encryption, because the key is more difficult to crack.

Dynamic DNS (DDNS) is an Internet service that  allows routers with dynamic public IP addresses to be located by using Internet domain names. To use DDNS, set up an account with a DDNS provider such as DynDNS.com or TZO.com.

When this feature is enabled, and  you have an active account with a DDNS provider, the Cisco RV220W  notifies DDNS servers of changes in the WAN IP address, so that any public services on your network can  be accessed by using the domain name.

To open this page: In the navigation tree, choose Networking > Dynamic DNS.

STEP   1  Select the Dynamic DNS Service you are using. Selecting None disables this service.

STEP   2   Enter the settings for the selected service.

•    If you selected DynDNS.com, enter these settings:

-     Specify the complete Host Name and  Domain Name for the DDNS

service.

-     Enter the DynDNS account Username.

-     Enter the DynDNS account Password. Re-enter it in the Confirm

Password box.

-     Check the Use Wildcards box to enable the wildcards feature, which allows all subdomains of your DynDNS Host Name to share the same public IP as the Host Name. You can enable this option here if not done on the DynDNS website.

-     Enter the Update Period in hours. This value  is the interval at which  the router sends updates to the Dynamic DNS Service. The default value  is

360  hours.

•    If you selected TZO.com, enter these settings:

-     Specify the complete Host Name and  Domain Name for the DDNS

service.

-     Enter the User E-mail Address for the TZO account.

-     Enter the User Key for the TZO account.

Logging In

STEP   1   Connect a PC to a LAN port of the Cisco RV220W. If DHCP is enabled (the default setting), your PC becomes a DHCP client  of the RV220W  and  receives an IP address in the 192.168.1.xxx range.

Note: You may  need to configure your PC to obtain its IP address from a DHCP

server.

STEP   2  Start a web browser on your PC.

STEP   3  In the Address bar, enter the LAN IP address of the RV220W. (default 192.168.1.1).

Note: If Bonjour is enabled (the default setting), the RV220W  advertise its record information to any browsing device attached to its network. As a result, you run Bonjour or FindIT on your PC to automatically discover the RV220W.

The browser may  display a message about the site’s security certificate. The RV220W  uses a self security certificate and  this message appears because the RV220W  is not known to your PC. You can  safely click Continue (or the option shown on your particular web browser) to go to the web site.

STEP   4  When the login page appears, enter the user name and  password. The default user name is cisco. The default password is cisco. Passwords are case sensitive.