Page 66 / 181
Scroll up to view Page 61 - 65
61
D-Link DIR-890L User Manual
Section 3 - Configuration
Firewall Settings
Enable or disable Demilitarized Zone (DMZ). Enabling this feature
creates a subnetwork that can be used to expose a single computer
to the Internet for applications that do not run well behind the router.
This may expose the computer to
a variety of security risks and is
not recommended.
If you enabled DMZ, enter the
IP Address
of the client you wish to
expose, or select a
Computer Name
from the drop-down menu.
Click to enable Stateful Packet Inspection (SPI) to help prevent cyber
attacks. This technique validates that the traffic passing through the
session conforms to the protocol.
Click to enable
Anti-Spoof Checking
, which will protect your
network from certain kinds of “spoofing” attacks.
Click to enable
IPv6 Simple Security
, which will provide simple
security capabilities for a local-area IPv6 network.
Click to enable
IPv6 Ingress Filtering
, which is a technique used to
make sure incoming packets originate from the networks they claim
to be from. (Prevents source address spoofing.)
Enable DMZ:
DMZ IP
Address:
Enable SPI IPv4:
Enable
Anti-Spoof
Checking:
IPv6 Simple
Security:
IPv6 Ingress
Filtering:
A firewall protects your network from malicious attacks over the Internet. The DIR-890L offers a high-performance firewall features like SPI (Stateful
Packet Inspection).
From the
Features
menu, click
Firewall
.
Click
Advanced Settings...
to expand the list and view more options.
Page 67 / 181
62
D-Link DIR-890L User Manual
Section 3 - Configuration
Click to enable
PPTP
, which will allow multiple machines on the
LAN to connect to their corporate network using the PPTP protocol.
Enable to allow multiple VPN clients to connect to their corporate
network using IPSec. Some VPN clients support traversal of IPSec
through NAT. This Application Level Gateway (ALG) may interfere
with the operation of such VPN clients. If you are having trouble
connecting with your corporate network, try turning this ALG off.
Check with the system administrator of your corporate network to
find out whether your VPN client supports NAT traversal.
Enable to allow applications that use Real Time Streaming Protocol
(RTSP) to receive streaming media from the Internet.
Enable to allow devices and applications using VoIP (Voice over IP)
to communicate across NAT. Some VoIP applications and devices
have the ability to discover NAT devices and work around them. This
Application Level Gateway (ALG) may interfere with the operation of
such devices. If you are having trouble making VoIP calls, try turning
this ALG off.
Click
Save
when you are done.
PPTP:
IPSec (VPN):
RTSP:
SIP:
Page 68 / 181
63
D-Link DIR-890L User Manual
Section 3 - Configuration
IPv4/IPv6 Rules
Enter a
Name
for the new rule.
Enter the
Source IP Address Range
that the rule applies to.
Using
the drop-down menu, specify whether it is a
WAN
or
LAN
IP address.
Enter the
Destination IP Address Range
that the rule applies to.
Using the drop-down menu, specify whether it is a
WAN
or
LAN
IP
address.
Select the protocol of the traffic to allow or deny (
Any
,
TCP
, or
UDP
)
and then enter the range of ports that the rule will apply to.
Use the drop-down menu to select a
Schedule
when the rule will
be enabled. The schedule may be set to
Always Enable
, or you can
create a schedule from the
Schedules
section (refer to page 73).
Click
Apply
when you are done.
The IPv4/IPv6 Rules section allows you to specify the kind of traffic that is allowed to pass through the network.
Name:
Source IP
Address Range:
Destination IP
Address Range:
Port Range:
Schedule:
Use the drop-down menu to select whether you want to
Turn IPv4 Filtering ON
and
ALLOW
or
DENY
the rules you create. Or you may choose to
Turn IPv4 Fltering OFF
.
If you wish to remove a rule, click on its trash can icon in the
Delete
column. If you
wish to edit a rule, click on its pencil icon in the
Edit
column. If you wish to create a
new rule, click
Add Rule
.
Click
Save
when you are done.
When you click on
Add Rule
, the
Create New Rule
window will open. Enter the required
information into the fields described below:
Page 69 / 181
64
D-Link DIR-890L User Manual
Section 3 - Configuration
Port Forwarding
Enter a
Name
for the new rule.
Enter the IP address of the computer on your local network that
you want to allow the incoming service to. Or, select the
Computer
Name
from the drop-down menu.
Enter a
TCP Port
(or a range of TCP ports) you want to open. Separate
ports with a comma (for example: 24,1009,3000-4000).
Enter a
UDP Port
(or a range of UDP ports) you want to open.
Separate ports with a comma (for example: 24,1009,3000-4000).
Use the drop-down menu to select a
Schedule
when the rule will
be enabled. The schedule may be set to
Always Enable
, or you can
create a schedules from the
Schedules
section (refer to page 73).
Click
Apply
when you are done.
Name:
Local IP:
TCP Port:
UDP Port:
Schedule:
If you wish to remove a rule, click on its trash can icon in the
Delete
column. If you
wish to edit a rule, click on its pencil icon in the
Edit
column. If you wish to create a
new rule, click
Add Rule
.
Click
Save
when you are done.
When you click on
Add Rule
, the
Create New Rule
window will open. Enter the required
information into the fields described below:
Port forwarding allows you to specify a single port or a range of ports to open for specific devices on the network. It allows traffic requests from a
specific application to be directed to a specific client.
From the
Features
menu, click
Port Forwarding
.
Page 70 / 181
65
D-Link DIR-890L User Manual
Section 3 - Configuration
Virtual Server
Enter a
Name
for the new rule.
Enter the IP address of the device on your local network that you
want to allow the incoming service to or select the device from the
drop-down menu.
Select the protocol of the traffic to allow or deny (
TCP
,
UDP
,
Both
, or
Other
).
If you selected
Other
, enter the
Protocol Number
.
Enter the public port you want to open.
Enter the private port you want to open.
Use the drop-down menu to select a schedule when the rule will be
enabled. The schedule may be set to
Always Enable
, or create your
own schedule from the
Schedules
section (refer to page 73).
Click
Apply
when you are done.
The DIR-890L can store a maximum of 15 rules. If you wish to remove a rule, click on
its trash can icon in the
Delete
column. If you wish to edit a rule, click on its pencil
icon in the
Edit
column. If you wish to create a new rule, click the
Add Rules
button
.
Click
Save
when you are done.
When you click on
Add Rule
, the
Create New Rule
window will open. Enter the required
information into the fields described below:
Name:
Local IP:
Protocol:
Protocol:
External Port:
Internal Port:
Schedule:
The Virtual Server allows you to specify a single public port for redirection to an internal LAN IP Address and Private LAN port.
From the
Port Forwarding
page click
Virtual Server
.
19216811.live