NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Does Access Control block OUTGOING or INCOMING connections?
Hi, I was wondering about the settings in Access Controls, when it "blocks" connections, is it referring to blocking incoming connections (i.e., connections FROM "outside")? Or is it referrin...
Hello ohaya1001 ,
Welcome to the NETGEAR Community!
I understand that you would like to use access control as a whitelist to block all new devices from accessing your network.
In regards to the scenario you mentioned above, with access control enabled the Samsung device whose IP is 10.0.0.3 and whose MAC is 80:47:86:51:BE:40 will NOT be allowed to connect the Orbi wireless network.
Please be sure to connect to your Orbi network with all the devices you would like to permit on the network before enabling the access control.
Best,
Kevin
Community Team
Kevin and Crimp Guru,
Sorry I didn't notice your responses and posted another thread, but maybe we can continue here....
I will try to explain what I am looking for, and why...
So we have Orbi through our house (1 router and 4 satellites), and I mostly work from home.
I have one situation, where I had to set up a small dev environment (4 machines, one running multiple Vbox guests), and once in a while I need to provide some access to the "outside", e.g., so some colleagues can test from outside.
Usually, I try to limit how long I leave those open to the outside, but there was a situation where I had to leave one machine accessible to the outside for several hours and, from the Orbi logging I found a TON of connections.
So, if possible, I would like to basically configure an "inbound whitelist" that would prevent ANY inbound communications from outside the Orbi, other than from the devices on the whitelist.
I've been looking into how I can accomplish that, but if the Orbi could do that, that would be great!
Thanks,
Jim
You need Port Forwarding to allow connections through the router to specific devices on the LAN.
It would be up to the device to decide which connections to accept (and which to deny).
Windows Firewall, for example, seems to have this ability. (I see articles about "Permitting Teams access...")
Hi,
I think one of the things I am kind of unclear about is the "direction" (inbound vs. outbound) of the different "blocking" functionality. The language in the Orbi is sometimes kind of unprecise about that.
It sounds like to me that the "Block Service" and "Block Sites" functionality blocks OUTGOING (from the Orbi to the "outside). Is that correct? Or not?
The Access Control functionality is the thing I think has best possibility of doing what I am looking for.
From reading the Orbi Help, THAT (Access Control) functionality has the ability to block INBOUND communications (from the open Internet to the the LAN Side of the Orbi.
Is that correct? Or not?
If it is correct, I'll definitely try setting it up and testing it, but before I that, I had a question: In your all experience, with the Access Control, is there any possibility of getting in a situation that I can completely mess it up such that even I can't get into the Orbi? What kinds of things should I avoid doing?
Thanks,
Jim
P.S. CrimpOn - FYI, yes, I am already using port forwarding on the Orbi, for several port numbers.
P.P.S. KevinLiT - For the Access Control - I noted what you said above, but I am wondering, in order to setup a whitelist situation, should I delete all of the Device lines that are already there, and just add/include the device lines for the devices that I want to provide access to?
Also, after I have added the ones that I want, what do I do with the "Turn on Access Control" checkbox? Do I leave it checked? Or...something else?
All of the security features apply to devices on the LAN.
- Access Control (when enabled) determines whether a device is allowed to connect to the Orbi and send traffic through the Orbi network. This is a bit complicated because 'wired' devices exist on a Layer 2 Ethernet network. for example, if two devices are connected to an Ethernet switch (including the Ethernet switch built into the router and into satellites) then they can communicate with each other because that traffic stays entirely within the Layer 2 network.
Aside from that wrinkle for 'wired' devices, when a device is "Blocked", then it can do nothing. - Block Sites is left over from features common to routers years ago. (essentially worthless today). It applies only to attempts to use unencrypted connections. Users who have attempted to use Block Sites as a form of Parental Control have been frustrated and given up.
- Block Services is a method to control what protocols specific devices are allowed to use on the internet. You could say that device A cannot do FTP on the internet. device B cannot do HTTP. This is also essentially worthless because there is one schedule that applies to the entire process. It is cumbersome and frustrating.
Unless specific ports are forwarded through the router, absolutely no connections can be originated from the internet to the LAN. However, there is no method to prevent internet connections from responding to connections made from the LAN to the internet.
The closest feature Orbi has to whitelisting may be found in Parental Controls (about which I know nothing. My parents do not need to be controlled! - pun)
Have you investigated using the Firewalls on the project servers to manage which external address ranges can connect?
- Access Control (when enabled) determines whether a device is allowed to connect to the Orbi and send traffic through the Orbi network. This is a bit complicated because 'wired' devices exist on a Layer 2 Ethernet network. for example, if two devices are connected to an Ethernet switch (including the Ethernet switch built into the router and into satellites) then they can communicate with each other because that traffic stays entirely within the Layer 2 network.
