1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DSR-500N
    5. /
  5. 21
Page 101 / 270 Scroll up to view Page 96 - 100
Unified Services Router
User Manual
99
ICMP
types,
visit
the
parameters .
Start Port: The first TCP, UDP or BOTH port of a range that the service uses. If the
service uses only one port, then the Start Po rt will be the same as the Finish Port.
Finish Port: The last port in the range that the service uses. If the service uses only
one port, then the Finish Port will be the same as the Start Port.
Port: The port that the service uses.
5.6 ALG support
Advanced > Firewall Settings > ALGs
Application Level Gateways (ALGs) are security component that enhance the firewall
and NAT support of this router to seamlessly support application layer protocols. In
some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP/
UDP ports to communicate with the known ports a particular client application (such
as H.323 or RTSP) requires, without which the admin would have to open large
number of ports to accomplish the same support. Because the ALG understands the
protocol used by the specific application that it supports, it is a very secure and
efficient way of introducing support for client applications through the router’s
firewall.
Page 102 / 270
Unified Services Router
User Manual
100
Figure 61: Available ALG support on the route r.
5.7
VPN Passthrough for Firewall
Advanced > Firewall Settings > VPN Passthrough
This router’s firewall settings can be configured to allow encrypted VPN traffic for
IPsec, PPTP, and L2TP VPN tunnel connections between the LAN and internet. A
specific firewall rule or service is not appropriate to introduce this passthrough
support; instead the appropriate check boxes in the VPN Passthrough page must be
enabled.
Page 103 / 270
Unified Services Router
User Manual
101
Figure 62: Passthrough options for VPN tunne ls
5.8 Application Rules
Advanced > Application Rules > Application Rules
Application rules are also referred to as p ort triggering. This feature allows devices
on the LAN or DMZ to request one or more ports to be forwarded to them. Port
triggering waits for an outbound request from the LAN/DMZ on one of the defined
outgoing ports, and then opens an incoming port for that specified type of traffic. This
can be thought of as a form of dynamic port forwarding while an application is
transmitting data over the opened outgoing or incoming port(s).
Port triggering application rules are more flexible than static port forwarding that is
an available option when configuring firewall rules. This is because a port triggering
rule does not have to reference a specific LAN IP or IP range. As well ports are not
left open when not in use, thereby providing a level of security that port forwarding
does not offer.
Port triggering is not appropriate for servers on the LAN, since there is a
dependency on the LAN device making an outgoing connection bef ore incoming
ports are opened.
Some applications require that when external devices connect to them, they receive
data on a specific port or range of ports in order to function properly. The router must
send all incoming data for that application only on the required port or range of ports.
The router has a list of common applications and games with corresponding outbound
and inbound ports to open. You can also specify a port triggering rule by defining the
type of traffic (TCP or UDP) and the range of incoming and outgoing ports to open
when enabled.
Page 104 / 270
Unified Services Router
User Manual
102
Figure 63: List of Available Applicatio n Rule s showing 4 unique rule s
The application rule status page will list any active rules, i.e. incoming ports that are
being triggered based on outbound requests from a defined outgoing port.
5.9
Web Content Filtering
The gateway offers some standard web filtering options to allow the admin to easily
create internet access policies between the secure LAN and insecure WAN. Instead of
creating policies based on the type of traffic (as is the case when using firewall rules),
web based content itself can be used to determine if traffic is allowed or dropped.
5.9.1 Content Filtering
Advanced > Website Filter > Content Filtering
Content filtering must be enabled to configure and use the subsequent features (list of
Trusted Domains, filtering on Blocked Keywords, etc.). Proxy servers, which can be
used to circumvent certain firewall rules and thus a potential security gap, can be
blocked for all LAN devices . Java applets can be prevented from being downloaded
from internet sites, and similarly the gateway can prevent ActiveX controls from
being downloaded via Internet Explorer. For added security cookies, which typically
contain session information, can be blocked as well for all devices on the private
network.
Page 105 / 270
Unified Services Router
User Manual
103
Figure 64: Conte nt Filte ring use d to block acce ss to proxy se rve rs and
pre ve nt Active X controls from be ing downloade d
5.9.2 Approved URLs
Advanced > Website Filter > Approved URLs
The Approved URLs is an acceptance list for all URL domain names . Domains added
to this list are allowed in any form.
For example, if the domain “yahoo” is added to
this list then all of the following URL’s are permitted access from the LAN:
www.yahoo.com
,
yahoo.co.uk,
etc. Import/export from a text or CSV file for
Approved URLs is also supported

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top