´1

D-Link DIR-6±8 User Manual

Section ² - Configuration

Firewall Settings

A firewall protects your network from the outside world. The D-Link DIR-628 offers a firewall type functionality. The SPI

feature helps prevent cyber attacks. Sometimes you may want a computer exposed to the outside world for certain

types of applications. If you choose to expose a computer, you cam enable DMZ. DMZ is short for Demilitarized Zone.

This option will expose the chosen computer completely to the outside world.

SPI (Stateful Packet Inspection, also known as dynamic packet

filtering) helps to prevent cyber attacks by tracking more state per

session. It validates that the traffic passing through the session

conforms to the protocol.

Select one of the following for TCP and UDP ports:

Endpoint.Independent.

- Any incoming traffic sent to an open

port will be forwarded to the application that opened the port. The

port will close if idle for 5 minutes.

Address.Restricted

- Incoming traffic must match the IP address

of the outgoing connection.

Address.+.Port.Restriction

- Incoming traffic must match the IP

address and port of the outgoing connection.

Enable this feature to protect your network from certain kinds of

“spoofing” attacks.

If an application has trouble working from behind the router, you

can expose one computer to the Internet and run the application

on that computer.

Note:

Placing a computer in the DMZ may expose that computer to

a variety of security risks. Use of this option is only recommended

as a last resort.

Specify the IP address of the computer on the LAN that you want to have unrestricted Internet communication. If this computer

obtains it’s IP address automatically using DHCP, be sure to make a static reservation on the

Basic

>

DHCP

page so that

the IP address of the DMZ machine does not change.

Enable SPI:

NAT Endpoint

Filtering:

Anti-Spoof Check:

Enable DMZ:

DMZ IP Address:

´±

D-Link DIR-6±8 User Manual

Section ² - Configuration

Application Level Gateway Configuration

Here you can enable or disable ALG’s. Some protocols and applications require special handling of the IP payload to

make them work with network address translation (NAT). Each ALG provides special handling for a specific protocol

or application. A number of ALGs for common applications are enabled by default.

Allows multiple machines on the LAN to connect to their corporate network using PPTP protocol.

Allows multiple VPN clients to connect to their corporate network using IPSec. Some VPN clients support traversal of IPSec

through NAT. This ALG may interfere with the operation of such VPN clients. If you are having trouble connecting with your

corporate network, try turning this ALG off. Please check with the system adminstrator of your corporate network whether

your VPN client supports NAT traversal.

Allows applications that use Real Time Streaming Protocol to receive streaming media from the internet. QuickTime and

Real Player are some of the common applications using this protocol.

Allows devices and applications using VoIP (Voice over IP) to communicate across NAT. Some VoIP applications and devices

have the ability to discover NAT devices and work around them. This ALG may interfere with the operation of such devices.

If you are having trouble making VoIP calls, try turning this ALG off.

PPTP:

IPSEC (VPN):

RTSP:

SIP:

´²

D-Link DIR-6±8 User Manual

Section ² - Configuration

Enter the IP address of packets that will take

this route.

Enter the netmask of the route, please note

that the octets must match your destination

IP address.

Enter your next hop gateway to be taken if this

route is used.

The route metric is a value from 1 to 16 that

indicates the cost of using this route. A value 1

is the lowest cost and 15 is the highest cost.

Select the interface that the IP packet must

use to transit out of the router when this route

is used.

Destination IP:

Netmask:

Gateway:

Metric:

Interface:

Routing

The Routing option is an advanced method of customizing specific routes of data through your network.

´³

D-Link DIR-6±8 User Manual

Section ² - Configuration

Set the transmit power of the antennas.

Beacons are packets sent by an Access Point

to synchronize a wireless network. Specify

a value. 100 is the default setting and is

recommended.

This value should remain at its default setting

of 2432. If inconsistent data flow is a problem,

only a minor modification should be made.

The fragmentation threshold, which is specified

in bytes, determines whether packets will be

fragmented. Packets exceeding the 2346 byte

setting will be fragmented before transmission.

2346 is the default setting.

(Delivery Traffic Indication Message) 3 is

the default setting. A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast

messages.

Enabling WLAN Partition prevents associated wireles clients from communicating with each other.

WMM is QoS for your wireless network. This will improve the quality of video and voice applications for your wireless

clients.

Check this box to reduce the guard interval time therefore increasing the data capacity. However, it’s less reliable and may

create higher data loss.

Transmit Power:

Beacon Period:

RTS Threshold:

Fragmentation

Threshold:

DTIM Interval:

WLAN Partition:

WMM Function:

Short GI:

Advanced Wireless Settings

´´

D-Link DIR-6±8 User Manual

Section ² - Configuration

Enable the Wi-Fi Protected Setup feature.

Locking the wireless security settings prevents the

settings from being changed by the Wi-Fi Protected

Setup feature of the router. Devices can still be

added to the network using Wi-Fi Protected Setup.

However, the settings of the network will not change

once this option is checked.

A PIN is a unique number that can be used to add

the router to an existing network or to create a new

network. The default PIN may be printed on the

bottom of the router. For extra security, a new PIN

can be generated. You can restore the default PIN at

any time. Only the Administrator (“admin” account)

can change or reset the PIN.

Shows the current value of the router’s PIN.

Restore the default PIN of the router.

Create a random number that is a valid PIN. This becomes the router’s PIN. You can then copy this PIN to the user interface

of the registrar.

Enable:

Lock Wireless

Security Settings:

PIN Settings:

Current PIN:

Reset PIN to

Default:

Generate New PIN:

Wi-Fi Protected Setup

Wi-Fi Protected Setup (WPS) System is a simplified method for securing your wireless network during the “Initial setup”

as well as the “Add New Device” processes. The Wi-Fi Alliance (WFA) has certified it across different products as well

as manufactures. The process is just as easy, as depressing a button for the Push-Button Method or correctly entering

the 8-digit code for the Pin-Code Method. The time reduction in setup and ease of use are quite beneficial, while the

highest wireless Security setting of WPA2 is automatically used.