Ping-Communication RGW208EN Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Ping-Communication

RGW208EN

Page 36 / 92 Scroll up to view Page 31 - 35

3.7.4

Add/Edit Web Site

This is where you can add Web sites to the

Allowed Web List

. The

Allowed Web

List

is used for systems that have the

Web filter

option enabled in

Access Control

Enable:

Entries in the Allowed Web Site List can be activated or deactivated with

this checkbox. New entries are activated by default.

Web Site:

Enter the URL (address) of the web site that you want to allow (such as

google.com

). Enter the most inclusive domain name. For instance, entering

dlink.com will give you access to www.dlink.com and support.dlink.com.

Do not enter

the

http://

preceding the URL.

Note: Many web sites construct pages with images and content from other web sites.

Access will be forbidden if you do not enable all of the web sites used to construct a

page. For example, to access my.yahoo.com, you must enable access to yahoo.com,

yimg.com, and doubleclick.net.

Save:

Saves the new or modified

Allowed Web Site

in the

Allowed Web Site List

When you are done editing the settings, you must click the

Save Settings

button at

the top of the page to make the changes effective and permanent.

Page 36 of 92

Page 37 / 92

3.7.5

Allowed Web Site List

The section lists the

currently allowed web sites

. An

allowed web site

can be changed

by clicking the

Edit

icon, or deleted by clicking the

Delete

icon. When you click the

Edit

icon, the item is highlighted, and the "

Edit Web Site

" section is activated for

editing. After you’ve completed all modifications or deletions, you must click the

Save Settings

button at the top of the page to save your changes. The router must

reboot before new settings will take effect. You will be prompted to

Reboot the

Device

Continue

. If you need to make additional settings changes, click

Continue

If you are finished with your configuration settings, click the

Reboot the Device

button.

3.8

MAC Address Filter

The MAC (Media Access Controller) Address filter option is used to control network

access based on the MAC Address of the network adapter. A MAC address is a unique

ID assigned by the manufacturer of the network adapter. This feature can be

configured to ALLOW or DENY network/Internet access for devices based on their

MAC address.

3.8.1

MAC Filtering Setup

Enable MAC Address Filter:

When this is enabled, depending on the mode

selected, computers are granted or denied network access based on their MAC

address.

Page 37 of 92

Page 38 / 92

Note: Misconfiguration of this feature can prevent any device from accessing the

network. In such a situation, you can regain access by activating the factory defaults

button on the router itself.

Mode:

When "

only allow listed machines

" is selected, only computers with

MAC

addresses

listed in the

MAC Address List

are granted network access. When "

only

deny listed machines

" is selected, any computer with a

MAC address

listed in the

MAC Address List

is refused access to the network.

3.8.2

Add/ Edit MAC Address

In this section, you can add entries to the

MAC Address List

below, or edit existing

entries.

MAC Address:

Enter the MAC address of the desired computer or connect to the

router from the desired computer and click Copy Your PC’s MAC Address button.

Save:

Saves the new or modified MAC address in the MAC Address List. When you

are done editing the settings, you must click the Save Settings button at the top of

the page to make the changes effective and permanent.

3.8.3

MAC Address List

This section lists the current

MAC Address filters

. A

MAC Address entry

can be

changed by clicking the

Edit

icon, or deleted by clicking the

Delete

icon. When you

click the

Edit

icon, the item is highlighted, and the "

Edit MAC Address

" section is

activated for editing. After you’ve completed all modifications or deletions, you must

click the

Save Settings

button at the top of the page to save your changes. The

router must reboot before new settings will take effect. You will be prompted to

Reboot the Device

Continue

. If you need to make additional settings changes,

click

Continue

. If you are finished with your configuration settings, click the

Reboot

the Device

button.

3.9

Firewall

A firewall protects your network from the outside world. The RGW208EN provides a

tight firewall by virtue of the way NAT works. Unless you configure the router to the

contrary, the NAT does not respond to unsolicited incoming requests on any port,

thereby making your LAN invisible to Internet cyber attackers. However, some

network applications cannot run with a tight firewall. Those applications need to

selectively open ports in the firewall to function correctly. The options on this page

control several ways of opening the firewall to address the needs of specific types of

applications.

Page 38 of 92

Page 39 / 92

3.9.1

Firewall Settings

Enable SPI:

SPI (Stateful Packet Inspection, also known as dynamic packet

filtering) helps to prevent cyber attacks by tracking more state per session. It

validates that the traffic passing through the session conforms to the protocol. When

SPI is enabled, the extra state information will be reported on the Status > Active

sessions page.

Whether

SPI

is enabled or not, the router always tracks TCP connection states and

ensures that each TCP packet's flags are valid for the current state.

3.9.2

NAT Endpoint Filtering

The NAT Endpoint Filtering options controls how the router's NAT manages incoming

connection requests to ports that are already being used.

Endpoint Independent:

Once a LAN-side application has created a connection

through a specific port, the NAT will forward any incoming connection requests with

the same port to the LAN-side application regardless of their origin. This is the least

restrictive option, giving the best connectivity and allowing some applications (P2P

applications in particular) to behave almost as if they are directly connected to the

Internet.

Address Restricted:

The NAT forwards incoming connection requests to a LAN-side

host only when they come from the same IP address with which a connection was

established. This allows the remote application to send data back through a port

different from the one used when the outgoing session was created.

Page 39 of 92

Page 40 / 92

Port and Address Restricted:

The NAT does not forward any incoming connection

requests with the same port address as an already establish connection.

Note that some of these options can interact with other port restrictions. Endpoint

Independent Filtering takes priority over inbound filters or schedules, so it is possible

for an incoming session request related to an outgoing session to enter through a

port in spite of an active inbound filter on that port. However, packets will be

rejected as expected when sent to blocked ports (whether blocked by schedule or by

inbound filter) for which there are no active sessions. Port and Address Restricted

Filtering ensures that inbound filters and schedules work precisely, but prevents

some level of connectivity, and therefore might require the use of port triggers,

virtual servers, or port forwarding to open the ports needed by the application.

Address Restricted Filtering gives a compromise position, which avoids problems

when communicating with certain other types of NAT router (symmetric NATs in

particular) but leaves inbound filters and scheduled access working as expected.

UDP Endpoint Filtering:

Controls endpoint filtering for packets of the UDP protocol.

TCP Endpoint Filtering:

Controls endpoint filtering for packets of the TCP protocol.

3.9.3

Various

NAT Port Preservation:

NAT Port preservation (on by default) tries to ensure that,

when a LAN host makes an Internet connection, the same LAN port is also used as

the Internet visible port. This ensures best compatibility for internet communications.

Under some circumstances it may be desirable to turn off this feature.

Anti-Spoof checking:

Enabling this option can provide protection from certain kinds

of "spoofing" attacks. However, enable this option with care. With some modems,

the WAN connection may be lost when this option is enabled. In that case, it may be

necessary to change the LAN subnet to something other than 192.168.0.x

(192.168.2.x, for example), to re-establish the WAN connection.

3.9.4

DMZ Host

The

DMZ (Demilitarized Zone)

option lets you set a single computer on your network

outside of the router. If you have a computer that cannot run Internet applications

successfully from behind the router, then you can place the computer into the

DMZ

for unrestricted Internet access.

Page 40 of 92

Rate

Popular Ping-Communication Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share