´³

FR-300RTR User Manual

Sect±on 3 - Configurat±on

Select the filtering method and then click

Next

to continue.

Access Control Wizard (continued)

Enter the rule:

Enable

- Check to enable the rule.

Name

- Enter a name for your rule.

Dest.IP.Start

- Enter the starting IP address.

Dest.IP.End

- Enter the ending IP address.

Protocol

- Select the protocol.

Dest.Port.Start

- Enter the starting port number.

Dest.Port.End

- Enter the ending port number.

To enable web logging, click Enable.

Click

Save

to save the access control rule.

´3

FR-300RTR User Manual

Sect±on 3 - Configurat±on

Select

Deny

or

Allow

computers access to

only these sites.

Click to delete all entries in the list.

Enter the keywords or URLs that you want to

allow or deny.

Configure Website

Filter Below:

Clear the list

below:

Website URL/

Domain:

Website Filters

Website Filters are used to allow you to set up a list of allowed Web sites that can be used by multiple users through

the network. To use this feature select to

Allow

or

Deny

, enter the domain or website and click

Add

, and then click

Save.Settings

. You must also select

Apply.Web.Filter

under the Access Control section (page 39).

´´

FR-300RTR User Manual

Sect±on 3 - Configurat±on

Enter a name for the inbound filter rule.

Select

Allow

or

Deny

.

Check to enable rule.

Enter the starting IP address. Enter 0.0.0.0 if

you do not want to specify an IP range.

Enter the ending IP address. Enter

255.255.255.255 if you do not want to specify

and IP range.

Click the

Add

button to apply your settings.

This section will list any rules that are created.

You may click the

Edit

icon to change the

settings or enable/disable the rule, or click the

Delete

icon to remove the rule.

Name:

Action:

Enable:

Remote IP Start:

Remote IP End:

Add:

Inbound Filter

Rules List:

The Inbound Filter option is an advanced method of controlling data received from the Internet. With this feature you

can configure inbound data filtering rules that control data based on an IP address range.

Inbound Filters can be used

with Virtual Server, Port Forwarding, or Remote Administration features.

Inbound Filters

´µ

FR-300RTR User Manual

Sect±on 3 - Configurat±on

SPI (Stateful Packet Inspection, also known as dynamic

packet filtering) helps to prevent cyber attacks by tracking

more state per session. It validates that the traffic passing

through the session conforms to the protocol.

Select one of the following for TCP and UDP ports:

Endpoint.Independent.

- Any incoming traffic sent to an

open port will be forwarded to the application that opened

the port. The port will close if idle for 5 minutes.

Address.Restricted

- Incoming traffic must match the IP

address of the outgoing connection.

Address.+.Port.Restriction

- Incoming traffic must match

the IP address and port of the outgoing connection.

Enable this option to provide protection from certain kinds

of “spoofing” attacks.

If an application has trouble working from behind the router,

you can expose one computer to the Internet and run the

application on that computer.

Note:

Placing a computer in the DMZ may expose that

computer to a variety of security risks. Use of this option is

only recommended as a last resort.

Specify the IP address of the computer on the LAN that

you want to have unrestricted Internet communication. If this computer obtains it’s IP address automatically using DHCP,

be sure to make a static reservation on the

System.>.Network.Settings

page so that the IP address of the DMZ machine

does not change.

Enable SPI:

NAT Endpoint

Filtering:

Enable Anti-Spoof

Checking:

Enable DMZ Host:

IP Address:

Firewall Settings

A firewall protects your network from the outside world. The Fry’s FR-300RTR offers a firewall type functionality. The SPI feature helps

prevent cyber attacks. Sometimes you may want a computer exposed to the outside world for certain types of applications. If you choose

to expose a computer, you can enable DMZ. DMZ is short for Demilitarized Zone. This option will expose the chosen computer completely

to the outside world.

´¶

FR-300RTR User Manual

Sect±on 3 - Configurat±on

VPN Pa

sthrough

RTSP

H.323

SIP (VoIP)

MS

Application Level Gateway (ALG) Configuration

Here you can enable or disable ALG’s. Some protocols and applications require special handling of the IP payload to

make them work with network address translation (NAT). Each ALG provides special handling for a specific protocol

or application. A number of ALGs for common applications are enabled by default.

Allows multiple machines on the LAN to connect to their corporate network using PPTP protocol.

Allows multiple VPN clients to connect to their corporate network using IPSec. Some VPN clients support traversal of IPSec

through NAT. This ALG may interfere with the operation of such VPN clients. If you are having trouble connecting with your

corporate network, try turning this ALG off. Please check with the system administrator of your corporate network whether

your VPN client supports NAT traversal.

Allows applications that use Real Time Streaming Protocol to receive streaming media from the internet. QuickTime and

Real Player are some of the common applications using this protocol.

Allows FTP clients and servers to transfer data across NAT. Refer to the

Advanced.>.Virtual.Server

page if you want to

host an FTP server.

Allows devices and applications using VoIP (Voice over IP) to communicate across NAT. Some VoIP applications and devices

have the ability to discover NAT devices and work around them. This ALG may interfere with the operation of such devices.

If you are having trouble making VoIP calls, try turning this ALG off.

PPTP:

IPSec (VPN):

RTSP:

FTP:

SIP: