1. Home
    2. /
  2. Manuals
    3. /
  3. DrayTek
    4. /
  4. Vigor2130n
    5. /
  5. 29
Page 141 / 241 Scroll up to view Page 136 - 140
Vigor2130 Series User’s Guide
133
4.3.3 DMZ Host
As mentioned above,
Port Redirection
can redirect incoming TCP/UDP or other traffic on
particular ports to the specific private IP address/port of host in the LAN. However, other IP
protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor
router provides a facility
DMZ Host
that maps ALL unsolicited data on any protocol to a
single host in the LAN. Regular web surfing and other such Internet activities from other
clients will continue to work without inappropriate interruption.
DMZ Host
allows a defined
internal user to be totally exposed to the Internet, which usually helps some special
applications such as Netmeeting or Internet Games etc.
The security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest
you to add additional filter rules or a secondary firewall.
Click
DMZ Host
to open the following page:
Enable
Check to enable the DMZ Host function.
DMZ IP
Enter the private IP address of the DMZ host, or click
Choose
PC
to specify a suitable one.
Page 142 / 241
Vigor2130 Series User’s Guide
134
4.4 Firewall
Basics for Firewall
While the broadband users demand more bandwidth for multimedia, interactive applications,
or distance learning, security has been always the most concerned. The firewall of the Vigor
router helps to protect your local network against attack from unauthorized outsiders. It also
restricts users in the local network from accessing the Internet. Furthermore, it can filter out
specific packets that trigger the router to build an unwanted outgoing connection.
Denial of Service (DoS) Defense
The
DoS Defense
functionality helps you to detect and mitigate the DoS attack. The attacks
are usually categorized into two types, the flooding-type attacks and the vulnerability attacks.
The flooding-type attacks will attempt to exhaust all your system's resource while the
vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the
protocol or operation system.
The
DoS Defense
function enables the Vigor router to inspect every incoming packet based on
the attack signature database. Any malicious packet that might duplicate itself to paralyze the
host in the secure LAN will be strictly blocked and a Syslog message will be sent as warning, if
you set up Syslog server.
Also the Vigor router monitors the traffic. Any abnormal traffic flow violating the pre-defined
parameter, such as the number of thresholds, is identified as an attack and the Vigor router will
activate its defense mechanism to mitigate in a real-time manner.
Below shows the menu items for Firewall.
4.4.1 DoS Defense
Click
Firewall
and click
DoS Defense
to open the setup page. Storm control for the switch is
configured on this page.
Frame Type
Set the Unicast storm rate control, multicast storm rate control,
and a broadcast storm rate control for your router.
Status
Check this box to enable storm control status for the frame type.
Rate
The unit is packet per second (pps). Use the drop down list to
set the rate for data transmission. The rate is 2^n, where n is
equal to or less than 15, or "No Limit". The unit of the rate can
be either pps (packets per second) or kpps (kilopackets per
Page 143 / 241
Vigor2130 Series User’s Guide
135
second). The configuration indicates the permitted packet rate
for unicast, multicast, or broadcast traffic across the switch.
4.4.2 Ports Configuration
This page is used to configure the ACL (Access Control List) parameters for each port. These
parameters will affect data packets received on a port unless the data packets match a specific
ACE (Access Control Entry).
Port
There is one WAN port and 4 LAN ports in Vigor2130. Here
each port will be configured with different ID, action, rate
limiter ID, port copy and etc.
Action
Select whether forwarding is permitted ("Allow") or denied
("Deny"). The default value is "Allow".
Rate Limiter ID
Select a rate limiter to apply to this port. Available settings
include
Disabled
, and 1 to 10. The default value is
Disabled
.
Counter
Counts the number of frames that match this Access Control
Entry (ACE).
Refresh
Click this button to refresh the number of the counter
immediately.
Page 144 / 241
Vigor2130 Series User’s Guide
136
Clear
Click this button to clear the number of the counter on this
page.
Rate Limiter ID
Configure the rate limiter for the ACL (Access Control List) of the router. Please click
Rate
Limiter ID
link to access into the following page.
Rate Limiter ID
Rate limiter ID will be applied to WAN port and LAN port.
Please specify a rate number for each ID. The default setting is
“1”(packet per second).
Rate
Define the rate by choosing from the following drop down list.
Page 145 / 241
Vigor2130 Series User’s Guide
137
4.4.3 Access Control List
This page can define which kind of packet can access the router. The packet can be defined
with input port, Frame type, Rate, MAC type, VLAN ID, tag and etc.. For IPv4, we can also
define the protocol type, source IP and destination IP.
Adding a New Access Control Profile
Click
to add a new specific session limitation onto the list.
Define which port the packet from.
ACE Configuration
Ingress Port
– define which port the packet coming from. The
policy IDs are defined in
Firewall>>Port Configuration
. Each
Policy ID might have more than one port grouped.
Frame Type -
Such option differs according to the selection
you choose, we will explain it in detailed later.
Action –
it means the session limitation for this access control

Rate

4 / 5 based on 1 vote.

Popular DrayTek Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top