36

packets prior to TCP receiving an acknowledgement. The

default is 0 (no limit).

•

TCP MSS Limit

–The largest amount of data that can be

transmitted in one TCP packet. The default is 0 (no change).

NAT Port Option

•

Non-Port-Translation

–To keep the source port number

unchanged for TCP/UDP sessions on the specified Port

Range. Some special applications do not allow the source

port number to be translated.

•

Port Range

– The Source Port Number Range for TCP and

UDP protocol.

•

Specific TCP / UDP Timeout

–To define specific Timeout

for TCP/UDP sessions on the specified Port Range.

NAT Alias

For each alias entry the WAN IP acts as an alias of the host with

Local

LAN IP accessing the Internet via the specified WAN port

for the specified protocol

packets, i.e. 1-1 NAT.

•

Enable

– To activate or deactivate current entry.

•

Local LAN IP

–The IP address of the host in LAN that wants

to use the specific WAN IP as its source IP.

•

WAN IP

– The IP address used as the source IP of the

packets sent out from the specified host.

•

Protocol

–The protocol that the current rule is applied to.

•

WAN

– The WAN port that the current rule is applied to.

NAT Alias List

The List shows NAT Alias that is currently defined.

5.9

Advanced Features

y

External Filters Configuration

–To limit the packets passing through the device from

WAN side to LAN side

y

DNS Loopback

– If there is any domain in your private network you can setup the

Domain Name & Private IP mapping table for DNS query.

y

Protocol & Port Binding

– It is similar to SMTP binding but you must setup additional

data such as Protocol & Port Range. If meets all the checked items, the packet will be

bound on the specified WAN port.

37

Figure: Advanced Features

Settings – Advanced Features

External Filters

Configuration

y

Block Selected ICMP Types

–This acts as "master" switch. If

checked, the selected packet types will be blocked. Otherwise,

they will be accepted.

DNS Loopback

When you have some servers on LAN and their domain names

have already registered on public DNS. To avoid DNS loopback

problem, please enter the following fields.

y

Domain Name

– Enter the domain name specified by you for

local host/server.

y

Private IP

– Enter the private IP address of your local

host/server.

Application

y

IDENT Port

– Port 113 is associated with the Internet's

(Identification / Authentication) service. This port (port 113)

38

provides a means of determining the identity of a user on a

particular TCP connection. By default the device is stealth for

this port. Enable will close the port, not stealth.

y

SMTP Binding

–To determine if the SMTP packets are bound

on the WAN port.

y

IPSec Passthrough

– To determine if the VPN client can

established a tunnel with remote side VPN host.

y

PPTP Passthrough

– To determine if PPTP client can connect

to remote side PPTP server via the device.

Protocol & Port

Binding

y

Enable

– To activate or deactivate the current rule.

y

Source IP

–The IP address that the packet's source IP will be

checked against.

y

Destination IP / IP Address

– The specific IP range that the

packet's destination IP will be checked against.

There are two forms of Destination IP: If Subnet is selected,

the IP Address and Subnet Mask

fields need to be filled. If IP

Range is selected, the From and To

fields need to be filled.

y

Protocol

– The protocol that the packet's protocol will be

checked against.

y

Port Range

– The specific port number range that the packet's

destination port number will be checked against.

y

WAN

– The specific WAN port that the packet will be bound on

if all the checked items are met.

Protocol & Port

Binding List

The List shows all protocols and port binding

that are currently

defined.

39

6. Security Management

Overview

y

URL Filter

- It can block specific website by configuring IP address, URL or Key words

y

Access filter

- You can block all Internet access or select block well-known port or

block user defined ports by groups.

y

Session Limit

- It can limit users access to Internet, and send email alert to the

administrator if the device detect new sessions that exceeds the maximum sampling

time.

y

SysFilter Exception

- It can limit users access to Internet, and send email alert to the

administrator. If the device detect new sessions that exceeds the maximum sampling

time.

6.1

URL Filter

This feature allows you to block or allow access to specific Web sites. You can block /

allow Internet access by URL, IP address, or Keyword. You can also have different

blocking/access settings for different groups of PCs.

y

In operation, every URL is searched to see if it matches or contains any of the URL or

keywords entered here. Then, after a DNS lookup determines the IP address of the

requested site, the site's IP address is checked against IP address entries on this

screen.

y

Note that a single IP address may host many Web sites. Entering the IP address on

this screen will block all Web sites hosted on that IP address.

Figure: URL Filter

Settings – URL Filter

40

Access Group

•

Select Group

– A group that current rule is applied for

•

URL Filter Type

–The Filter type (Block/Allow) that current group

is set to use.

Block Internet Access:

All the web page accesses

will be blocked if the target is found in the packets.

Allow Interne

Access:

All the web page accesses will be permitted if the target

is found in the packets.

Access Item

This text field is to enable/disable the URL Filter function, and input

URL keyword phrase.

Internet Access

List

List of current input items.

6.2

Access Filter

The network Administrator can use the Access Filter to gain fine control over the Internet

access and applications available to LAN users.

y

Five (5) user groups are available, and each group can have different access rights.

y

All PCs (users) are in the Default group, unless assigned to another group on the

Host IP

screen.