DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-20
Security and Firewall Protection
v1.0, May 2008
If flood checking is enabled, the DGFV338 will not accept more than 20 simultaneous,
active UDP connections from a single computer on the LAN.
–
Disable Ping Reply on LAN Ports
—To prevent the DGFV338 from responding to Ping
requests from the LAN, click this checkbox.
•
VPN Pass through
: IPSec, PPTP or L2TP: Typically, the DGFV338 is used as a VPN
gateway that connects to other VPN gateways. When the DGFV338 is in NAT mode, all
packets going to the remote VPN gateway are first filtered through NAT and then encrypted,
per the VPN policy.
If a VPN client or gateway on the LAN side of the DGFV338 wants to connect to another
VPN endpoint on the WAN, with the DGFV338 between the two VPN end points, all
encrypted packets will be sent to the DGFV338. Since the DGFV338 filters the encrypted
packets through NAT, the packets become invalid.
IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through the
DGFV338. To allow the VPN traffic to pass through without filtering, enable those options for
the type of tunnel(s) that will pass through the DGFV338.
To enable the appropriate Attack Checks for your environment:
1.
Select
Security
from the main menu and
Firewall
from the submenu. Then click the
Attack
Checks
tab.
2.
Check the boxes to enable the desired security measures. (See the preceding explanation of the
various WAN and LAN Security Checks.)
3.
Click
Apply
to activate the selected security checks.
Figure 4-15