Watson SHDSL Router
Operating Manual
Watson-SHDSL-Router-Manual.doc
Version 1.1-07
3-4
Revision: 2012-02-15
3.2 Security
The firewall supports advanced filtering, designed to allow comprehensive control
over the firewall's behavior. Additional features, including surfing restrictions and
access control, can also be easily configured locally by the user through a user-
friendly Web-based interface, or remotely by a service provider.
3.2.1 Access Control
The access control features allow blocking specific computers within the local
network from accessing certain services on the Internet. For example, you may
want to prohibit one computer from surfing the Web, another computer from
transferring files using FTP, and the whole network from receiving incoming e-
mail.
Access control defines restrictions on the types of requests that may pass from
the local network out to the Internet, and thus may block traffic flowing in both di-
rections. It can also be used for allowing specific services when maximum securi-
ty is configured. In the e-mail example given above, you may prevent computers
in the local network from receiving e-mail by blocking their outgoing requests to
POP3 servers on the Internet.
There are numerous services that should be considered blocking, such as online
games and file sharing servers. For example, the firewall can be configured to
block certain P2P and file sharing applications not to put business at risk from il-
legally traded copyright files.
3.2.2 Port Forwarding
In its default state, Watson SHDSL router blocks all external users from connect-
ing to or communicating with the local network. Therefore the system is safe
from hackers who may try to intrude on the network and damage it. However,
you may want to expose your local network to the Internet in certain limited and
controlled ways in order to enable some applications to work from the LAN and
to enable Internet-access to servers in the LAN. The Port Forwarding feature
supports both of these functionalities.
For example, if you want to use a File Transfer Protocol (FTP) application on one
of your PCs, you would simply select 'FTP' from the list and enter the local IP
address or host name of the designated computer. All FTP-related data arriving
at Watson SHDSL router from the Internet will henceforth be forwarded to the
specified computer.
Similarly, you can grant Internet users access to servers inside your local net-
work, by identifying each service and the PC that will provide it. This is useful, for
example, if you want to host a Web server inside your local network. When an In-
ternet user points his/her browser to Watson SHDSL router external IP address,
the router will forward the incoming HTTP request to your Web server.
With one external IP address (Watson SHDSL router main IP address), different
applications can be assigned to the LAN computers, however each type of appli-
cation is limited to use one computer. For example, you can define that FTP will
use address X to reach computer A and Telnet will also use address X to reach
computer A, but attempting to define FTP to use address X to reach both com-
puter A and B will fail. Watson SHDSL router therefore provides the ability to add
