D-Link DGL-4100 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

D-Link

DGL-4100

Page 31 / 62 Scroll up to view Page 26 - 30

Using the Configuration Interface

D-Link Systems, Inc.

Firewall

A firewall protects your network from the outside world. The D-Link Gaming Router offers a firewall

type functionality. The SPI feature helps prevent cyber attacks. Sometimes you may want a computer

exposed to the outside world for certain types of applications. If you choose to expose a computer,

you cam enable DMZ. DMZ is short for Demilitarized Zone. This option will expose the chosen computer

completely to the outside world.

Firewall Settings

SPI (Stateful Packet Inspection, also known as dynamic packet filtering)

helps to prevent cyber attacks by tracking more state per session. It validates

that the traffic passing through the session conforms to the protocol. When

SPI is enabled, the extra state information will be reported on the Status >

Active sessions page.

If an application has trouble working from behind the router, you can expose

one computer to the Internet and run the application on that computer.

Note: Placing a computer in the DMZ may expose that computer to a variety

of security risks. Use of this option is only recommended as a last resort.

Specify the IP address of the computer on the LAN that you want to have

unrestricted Internet communication. If this computer obtains it’s IP address

automatically using DHCP, be sure to make a static reservation on the Basic

> DHCP page so that the IP address of the DMZ machine does not change.

After you’ve completed all modifications or deletions, you must click the

Save Settings

button at the

top of the page to save your changes. The router must reboot before new settings will take effect. You

will be prompted to

Reboot the Device

Continue

. If you need to make additional settings changes,

click

Continue

. If you are finished with your configuration settings, click the

Reboot the Device

button.

Enable SPI:

Enable DMZ:

DMZ IP Address:

Advanced > Firewall

Downloaded from

www.Manualslib.com

manuals search engine

Page 32 / 62

Using the Configuration Interface

D-Link Systems, Inc.

Inbound Filters

The Inbound Filters option is an advanced method of controlling data received from the Internet. With

this feature you can configure inbound data filtering rules that control data based on IP Address,

Protocol, and/or Port.

The Inbound Filter option is best suited for custom applications. For most applications you should use

Virtual Server, Special Applications, or the Gaming section to create rules that will allow applications

to communicate through the router.

Add/Edit Inbound Filter Rule

Enables inbound filtering.

Enter a name for the rule that is meaningful to you.

The rule can be set to either allow or deny applicable messages.

Defines the range of Internet addresses this rule applies to.

Select the protocol used for this rule.

Enter the range of ports that this rule applies to.

Enter the range of WAN side ports associated with the servers on the LAN

that this rule applies to.

Select a schedule for the times when this rule should be in effect. If you do

not see the schedule you need in the list of schedules, go to the Tools >

Schedules screen and create a new schedule.

Check this option if you want the router to add an entry to the log whenever

a rule is enforced.

Saves the new rule or modified existing rule to the Rules list. When you are

done editing the settings, you must click the Save Settings button at the top

of the page to make the changes effective and permanent.

Inbound Filter Rules List

This section lists the current Inbound Filter rules. Entries can be modified by clicking on the paper

and pencil icon. To delete an entry, click on the trash can icon. After you’ve completed all modifications

or deletions, you must click the

Save Settings

button at the top of the page to save your changes.

The router must reboot before new settings will take effect. You will be prompted to

Reboot the

Device

Continue

. If you need to make additional settings changes, click

Continue

. If you are

finished with your configuration settings, click the

Reboot the Device

button.

Enable:

Name:

Action:

Source IP Range:

Protocol:

Source Port Range:

Public Port Range:

Schedule:

Log:

Save:

Advanced > Inbound Filters

Downloaded from

www.Manualslib.com

manuals search engine

Page 33 / 62

Using the Configuration Interface

D-Link Systems, Inc.

Configuring an Inbound Filter Rule

When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a

connection that originated from inside the router or which corresponds to a Virtual Server, Gaming,

or Special Application Rule is ALLOWED by default.

When rules are configured, the router compares incoming data packets against the rules in the list. It

is very important to understand that the router examines each rule one by one in the order that they

are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped) or ALLOWED.

Once a match has been made, no further rules will be examined for that packet. If no rules match the

data packet, it is ALLOWED. This means that to allow only a specific subset of traffic usually requires

more than one rule to be entered.

Example:

You have configured a game server, using the Advanced > Gaming page, to play HALO: Combat

Evolved with some friends. You would like to limit the access to your network and server to specific

times of the day and only to your friends.

Next you would define a schedule on the Tools > Schedule page, called Gametime, which specifies

a schedule of Friday and Saturday between 7PM and 11PM.

All of your friends use the same service provider and have IP addresses 67.150.220.117,

67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each one of

these addresses individually or you may just decide that using an IP range that covers all of them is

sufficient for your needs.

The first rule is to configure a DENY rule that will catch all of the traffic that arrives on these ports but

does not match data from the sources you want to have access to your network. It is important to

enter the DENY rule first since all subsequent rules will be added higher in the list and will be checked

first. It should look similar to the figure on the right.

Notice that it covers all Source IP Address, Source Ports, and Times (Always), but is specifically tied

to the Public Ports defined in the Game Rule List. This is because you do not want to accidentally

block traffic for other applications. It is a good idea to turn on the log for this rule so that you can check

in the log for anything that is filtered inappropriately.

Next configure the ALLOW rules. In the example on the right, two rules are used to cover the three IP

addresses.

Downloaded from

www.Manualslib.com

manuals search engine

Page 34 / 62

Using the Configuration Interface

D-Link Systems, Inc.

Tools

Admin

The Admin option is used to set a password for access to the Web-based management. By default

there is no password configured. It is highly recommended that you create a password to keep your

new router secure.

Password

Enter a password the will grant access to the Web-based management

interface.

Administration

The name of the router can be changed here.

Enabling this allows you to manage the router from anywhere with an Internet

connection.

The port that will be accessed from the Internet.

The amount of time before the administration session is closed when there

is no activity.

Note: This applies to local or remote administration.

Save and Restore Configuration

This option allows you to save the router configuration to a file on your

computer. Be sure to save the configuration before performing a firmware

upgrade.

Use this option to load previously saved router configuration settings.

Password:

Gateway Name:

Remote Management:

Remote Management

Server Port:

Admin Idle Timeout:

Save Settings:

Restore Settings:

Tools > Admin

Downloaded from

www.Manualslib.com

manuals search engine

Page 35 / 62

Using the Configuration Interface

D-Link Systems, Inc.

Time

The Time Configuration option allows you to configure, update, and maintain the correct time on the

internal system clock.

From this section you can set the time zone that you are in and set the Time

Server. Daylight Saving can also be configured to automatically adjust the time when needed.

Time Configuration

Select your local time zone from pull down menu.

Check this option if your location observes daylight saving time.

Select the time offset if your location observes daylight saving time.

Select this option if you want the router’s clock synchronized to a Time

Server over the Internet. If you are using schedules or logs, this is the best

way to ensure that the schedules and logs are kept accurate

Select a Time Server for synchronization. You can type in the address of a

time server or select one from the list. If you have trouble using one server,

select another.

Set the Date and Time

If you do not have the NTP Server option in effect, you can either manually set the time for your

router here or you can click the Copy Your Computer’s Time Settings button to copy the time from the

computer you are using (Note: Be sure the computer’s time is set correctly).

Note: If the router loses power for any reason, it cannot keeps its clock running and will not have the

correct time when it is started again. To maintain the correct time for schedules and logs, either you

must enter the correct time after you restart the router or you must enable the NTP Server option.

Time Zone:

Daylight Saving Enable:

Daylight Saving Offset:

Synchronize time with

NTP server:

NTP Server:

Tools > Time

Downloaded from

www.Manualslib.com

manuals search engine

Rate

Popular D-Link Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share