137
Appendix A - Firewall
STATEFUL PACKET INSPECTION
Refers to an architecture, where the firewall keeps track of packets on each
connection traversing all its interfaces and makes sure they are valid. This is in
contrast to static packet filtering which only examines a packet based on the
information in the packet header.
DENIAL OF SERVICE ATTACK
Is an incident in which a user or organization is deprived of the services of a
resource they would normally expect to have. Various DoS attacks the device can
withstand are ARP Attack, Ping Attack, Ping of Death, Land, SYN Attack, Smurf
Attack, and Tear Drop.
TCP/IP/PORT/INTERFACE FILTER
These rules help in the filtering of traffic at the Network layer (i.e. Layer 3).
When a Routing interface is created, Enable Firewall must be checked.
Navigate to Advanced Setup
Security
IP Filtering.
OUTGOING IP FILTER
Helps in setting rules to DROP packets from the LAN interface. By default, if the
Firewall is Enabled, all IP traffic from the LAN is allowed. By setting up one or more
filters, specific packet types coming from the LAN can be dropped.
Example 1: Filter Name
: Out_Filter1
Protocol
: TCP
Source IP address
: 192.168.1.45
Source Subnet Mask
: 255.255.255.0
Source Port
: 80
Dest. IP Address
: NA
Dest. Subnet Mask
: NA
Dest. Port
: NA
This filter will Drop all TCP packets coming from the LAN with IP
Address/Subnet Mask of 192.168.1.45/24 having a source port of 80
irrespective of the destination. All other packets will be Accepted.
Example 2: Filter Name
: Out_Filter2
Protocol
: UDP
Source IP Address
: 192.168.1.45
Source Subnet Mask
: 255.255.255.0
Source Port
: 5060:6060
Dest. IP Address
: 172.16.13.4
Dest. Subnet Mask
: 255.255.255.0
Dest. Port
: 6060:7070
This filter will drop all UDP packets coming from the LAN with IP Address /
Subnet Mask of 192.168.1.45/24 and a source port range of 5060 to 6060,
destined to 172.16.13.4/24 and a destination port range of 6060 to 7070.
INCOMING IP FILTER
Helps in setting rules to Allow or Deny packets from the WAN interface. By default,
all incoming IP traffic from the WAN is Blocked, if the Firewall is Enabled. By setting
up one or more filters, specific packet types coming from the WAN can be Accepted.
Содержание AR-5389
Страница 1: ...74ok AR 5389 ADSL2 WLAN Router User Manual Version A1 0 February 5 2014...
Страница 16: ...15 STEP 3 After successfully logging in for the first time you will reach this screen...
Страница 31: ...30 4 7 IGMP Proxy Displays a list of IGMP Proxy entries...
Страница 57: ...56 5 5 6 SIP ALG This page allows you to enable disable SIP ALG...
Страница 100: ...99 Enter a certificate name and click Apply to import the CA certificate...
Страница 117: ...116 6 6 Site Survey The graph displays wireless APs found in your neighborhood by channel...
Страница 119: ...118 6 8 WiFi Button This page allows you to enable or disable the WiFi Button...
Страница 132: ...131 NOTE Passwords can be up to 16 characters in length...
Страница 157: ...156 The settings shown above are described below...