VoIP/(802.11g) ADSL2+ (VPN) Firewall Router

Chapter 4: Configuration

60

When using Virtual Servers your PCs will be exposed to the degree

specified in your Virtual Server settings provided the ports specified are

opened in your firewall packet filter settings.

Firewall and Access Control

Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from

your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT, the

router acts as a “natural” Internet firewall, as all PCs on your LAN will use private IP addresses that

cannot be directly accessed from the Internet.

Firewall

: Prevents access from outside your network. The router provides three levels of security

support:

NAT natural firewall

: This masks LAN users’ IP addresses which is invisible to outside users on the

Internet, making it much more difficult for a hacker to target a machine on your network. This natural

firewall is on when NAT function is enabled.

Firewall Security and Policy (General Settings)

: Inbound direction of Packet Filter rules to prevent

unauthorized computers or applications accessing your local network from the Internet.

Intrusion Detection

: Enable Intrusion Detection to detect, prevent and log malicious attacks.

Access Control

: Prevents access from PCs on your local network:

Firewall Security and Policy (General Settings)

: Outbound direction of Packet Filter rules to prevent

unauthorized computers or applications accessing the Internet.

URL Filter

: To block PCs on your local network from unwanted websites.

Here are the items within the

Firewall

section:

General Settings, Packet Filter, Intrusion Detection,

URL Filter, IM/P2P Blocking

and

Firewall Log.

VoIP/(802.11g) ADSL2+ (VPN) Firewall Router

Chapter 4: Configuration

61

General Settings

You can choose not to enable Firewall and still able to access to URL Filter and IM/P2P Blocking or

enable the Firewall using preset filter rules and modify the port filter rules as required. The Packet Filter is

used to filter packets based-on Applications (Port) or IP addresses.

There are four options when you enable the Firewall, they are:

~

All blocked/User-defined

: no pre-defined port or address filter rules by default, meaning that

all inbound (Internet to LAN) and outbound (LAN to Internet) packets will be blocked. Users have to

add their own filter rules for further access to the Internet.

~

High/Medium/Low security level:

the predefined port filter rules for High, Medium and Low

security are displayed in Port Filters of Packet Filter.

Select either

High, Medium

or

Low

security level

to enable the Firewall. The only difference between

these three security levels is the preset port filter rules in the Packet Filter. Firewall functionality is the

same for all levels; it is only the list of preset port filters that changes between each setting. For more

detailed on level of preset port filter information, refer to

Table 1: Predefined Port Filter

.

If you choose of the preset security levels and add custom filters, this level of filter rules will be saved

even and do not need to re-configure the rules again if you disable or switch to other firewall level.

The “

Block WAN Request

” is a stand-alone function and not relate to whether security enable or disable.

Mostly it is for preventing any scan tools from WAN site by hacker.

Any remote user who is attempting to perform this action may result in

blocking all the accesses to configure and manage of the device from the

Internet.

VoIP/(802.11g) ADSL2+ (VPN) Firewall Router

Chapter 4: Configuration

62

Packet Filter

This function is only available when the Firewall is enabled and one of these four security levels is chosen

(All blocked, High, Medium and Low).

The preset port filter rules in the Packet Filter must modify

accordingly to the level of Firewall, which is selected.

See

Table1: Predefined Port Filter

for more

detail information.

VoIP/(802.11g) ADSL2+ (VPN) Firewall Router

Chapter 4: Configuration

63

Example:

Predefined Port Filters Rules

The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1.

Note:

Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself.

No

predefined rule is being preconfigured.

Table 1: Predefined Port Filter

Port Number

Firewall - Medium

Protocol

Inbound

Outbound

TCP(6)

NO

YES

UDP(17)

NO

YES

TCP(6)

NO

YES

TCP(6)

NO

YES

TCP(6)

NO

YES

TCP(6)

NO

YES

TCP(6)

NO

YES

NEWS(NNTP)

TCP(6)

NO

YES

UDP(17)

YES

YES

ICMP(1)

NO

YES

TCP(6)

NO

YES

TCP(6)

NO

YES

TCP(6)

NO

YES

UDP(17)

NO

YES

TCP(6)

NO

NO

TCP(6)

NO

YES

TCP(6)

N/A

N/A

TCP(6)

N/A

N/A

VoIP/(802.11g) ADSL2+ (VPN) Firewall Router

Chapter 4: Configuration

64

UDP(17)

N/A

N/A

VEDIO

TCP(6)

N/A

N/A

Inbound:

Internet to LAN ;

Outbound:

LAN to Internet.

YES:

Allowed ;

NO:

Blocked ;

N/A:

Not Applicable