▷ How to configure netgear br500 firewall step by step

In this article we are going to learn how to configure the NETGEAR BR500 firewall, we will see and explain what all its options are for, to clarify their usefulness and how to use them. The security in networks of something essential, and much more if they are equipment intended for professional use as it is in this case. This router has, in addition to the instantaneous configuration of a VPN network, the strengths of its firewall.

Index of contents

We will see in detail all the options that this firewall offers us, explaining them so that the user has a more or less exact idea of ​​the functionality they offer. A correct configuration of the firewall will avoid future problems such as restricted access to applications or unexpected attacks.

Configure NETGEAR BR500 firewall

We begin by accessing our router from a computer connected by LAN network. The easiest way to do this is to go to the "network" section of Windows Explorer to locate the router icon in your directory. If we click on it we will have direct access to the firmware.

Once the credentials have been placed, we are located in the upper tab of Advanced Settings, we display the side section " Firewalls ".

Basic setup

In the basic configuration section, we have quite important options, especially if within our network we have, for example, a web server that we need to access externally.

If this is our case, to access it remotely, we will have to activate the DMZ or DMZ option and enter the IP address of the server. The firewall allows to take a specific equipment to the outside for access, the rest of the network will be well protected in any case. Of course, if this were our case, we recommend placing another firewall between the server and the rest of the network to isolate it from possible attacks.

The next important option is to disable protection against DoS attacks. By keeping this option active, we are avoiding typical denial of service attacks. This way we avoid possible security holes in typical services such as telnet, for example.

Similarly, we can also activate the option for the team to respond if we ping it. This option is related to DMZ, to check if there is a router response facing the outside.

If, through this router, we are going to play or use similar P2P applications, we may encounter problems when using these, if we do not deactivate the option of "NAT Filtering". We must keep in mind that by deactivating this option our equipment or network will be much more exposed to attacks. In normal use we must leave it in "Safe".

The " IGMP proxy " and " MTU size " options basically allow us to configure the router to accept multiple broadcast traffic to our network. Most Ethernet networks are 1500 bytes, 1, 492 bytes for PPPoE connections, 1, 436 for PPTP connections, or 1, 428 for L2TP connections. If we experience a network malfunction, we will have to pay attention to these two options.

Finally, the SIP ALG option has to do with connections calls or video calls made from our network. If we cannot carry out this type of actions from our network, we will have to activate this box.

Traffic rules

NETGEAR BR500 Firewall Step05

NETGEAR BR500 Firewall Step06

This function is quite similar to that of the operating systems in your native firewall, as in the case of Windows, although more advanced than those of this one.

The basic function is to create traffic rules is to be able to reject incoming connections to our network from abroad, or to reject outgoing connections from our network. This is precisely the first thing we must define in the list of parameters when we click on "Add".

In addition, we can establish a range of certain IP addresses to filter only certain computers on our network or abroad. The same we can do with the ports, configuring a range of ports the firewall will block incoming or outgoing traffic that uses these ports.

Access control

The following section is much more intuitive. This is the possibility of configuring which external equipment or devices we want to be able to connect to our network. As we can imagine, this could be especially useful for routers that have a wireless connection.

NETGEAR BR500 Firewall Step05

NETGEAR BR500 Firewall Step06

But another of the functionalities that we have in this case, is that with NETGEAR BR500 we will be able to allow or block access to new devices that we try to connect to the router. If we leave this option active, we will need to put the MAC address of the new computer in the list of admitted. It is a very interesting option to avoid internal attacks on the network, although we must always be aware of whether or not to allow access to devices.

From the connected computers we will be able to see both its NetBIOS name and the assigned IP address and its MAC address.

Port forwarding and activation

This option will already be known by many, it is basically about being able to open the ports of our router for certain services that need to receive packets from abroad. This is useful if for example we have a web server within our network, in which case, to accept incoming traffic and requests on port 80, or 433 if we have

The operation is quite intuitive, when our router detects data traffic on the indicated output port (outgoing connection), it stores the IP address of the equipment that sent the data. This activates the inbound port, and at that time, inbound traffic from the activated port is forwarded to the computer that has activated it.

This option of activation and port forwarding is widely used to make remote connections with SSH, FTP, WEB or certain Online games. We must know if the connection is made using TCP or UDP. In the “ Start port ” and “ Destination port ” boxes, in principle we will have to put the same port, unless we have manually configured the port of the internal server, in which case in destination port we will put the one that we have customized, so that the resending is carried out.

An action that we must bear in mind is that, if we want the ports to remain open for a considerable amount of time of inactivity, we will place the value 9999 in the “ Port activation inactivity time ” box. When a port remains inactive, this counter counts down to deactivate it if it reaches 0.

Security section

This section, because it is related to the security of the device, and the NETGEAR BR500 Firewall, is also worth taking a good look to see its different options.

Block sites

From this section, we can establish a filter for keywords or directly domains that, when placed in the list, the router will restrict access to them. It is as simple as placing the word and clicking on " Add keyword ".

We can also establish an IP address that this list will not affect, ideal in the case of an administrator team and the establishment of a parental filter.

Block services

By blocking services, we can capture certain users using the IP address of their workstations, so that they cannot access certain Internet services.

We will have a large list of typical services in the activation form, as well as the possibility of doing it, either with a specific IP or a whole range. If we choose a default service, the port corresponding to the service will be automatically assigned.

We will also have three options in the upper area to configure the lock, never, according to programming or indefinite duration. Precisely this second option has a section dedicated to this effect that we will now quickly see.

Programming

It is in this section where we can configure the days and hours that the services and sites filter will be activated. It is as simple as entering the days we want and the hours. The settings will be applied to both the section "Block sites" and "Block services".

Well, this is all the configuration that we can do regarding security in the firmware of the NETGEAR BR500 router

We must bear in mind that from our Insight application and from the Insight Cloud portal, we will not have firewall configuration options, so it must be done from a computer physically connected to the internal network.

If you want to know more about this router and how to configure the VPN server from Insight, we invite you to visit these articles:

• Complete review on NETGEAR BR500How to configure NETGEAR BR500 VPN network

What do you think about these options available to this router? If you think they are insufficient, please leave us a comment below.