Page 41 / 82
Scroll up to view Page 36 - 40
TL-R600VPN
SafeStream
Gigabit Broadband VPN Router User Guide
TM
35
Figure 4-25
¾
Firewall
-
Enable the general firewall or not.
•
SPI Firewall
-
SPI (Stateful Packet Inspection) keeps track of the state of network
connections traveling across it. It distinguishes legitimate packets for different types of
connections. Only packets matching a known active connection will be allowed by the
firewall; others will be rejected. SPI Firewall is enabled by factory default. If you want all
the computers on the LAN exposed to the external network, you can disable it.
¾
VPN -
VPN Passthrough must be enabled if you want to allow VPN tunnels using VPN
protocols to pass through the Router.
•
PPTP Passthrough
-
Check the box before
Enable
to allow the PPTP tunnels to pass
through the router.
•
L2TP Passthrough
-
Check the box before
Enable
to allow the L2TP tunnels to pass
through the router.
•
IPSec Passthrough -
Check the box before
Enable
to allow the IPSec tunnels to pass
through the router.
¾
ALG
-
You can determine whether to provide ALG (Application Level Gateway) service for
FTP, TFTP, H323 and RTSP to keep these special applications from the effect of NAT
service.
•
FTP ALG -
Select
Enable
to allow FTP services to operate properly.
•
TFTP ALG -
Select
Enable
to allow TFTP services to operate properly.
•
H323 ALG -
Select
Enable
to allow H323 services to operate properly.
•
RTSP ALG -
Select
Enable
to allow RTSP services to operate properly.
Page 42 / 82
SafeStream
TM
Gigabit Broadband VPN Router User Guide
TL-R600VPN
36
4.6.2
Advanced Security
Choose menu “
Security
→
Advanced Security
”, you can protect the Router from being attacked
by TCP-SYN Flood, UDP Flood and ICMP-Flood in the next screen (shown in Figure 4-26).
Figure 4-26
¾
Packets Statistics Interval -
This is the interval for capturing the statistics.
¾
DoS Attack Defense -
Enable or disable the DoS Attack Defense.
¾
Enable ICMP-FLOOD Attack Filtering
-
The attackers flood normal communication by
attacking the server with a lot of ICMP packets. Check the box to activate the function to
prevent an ICMP Flood attack. The threshold should be within the range of 5-3600 and the
default value is 50.
¾
Enable UDP-FLOOD Filtering
-
Check the box to activate the function to prevent the UDP
Flood attack of a fixed source IP. Once the packets rate exceeds threshold value, the packets
will be blocked. The threshold should be within the range of 5-3600 .and the default value is
500.
¾
Enable TCP-SYN-FLOOD Attack Filtering
-
Check the box to activate the function to
prevent a TCP-SYN-Flood attack. Once the packets rate exceeds threshold value, the
packets will be blocked. The threshold should be within the range of 5-3600 and the default
value is 50.
Page 43 / 82
SafeStream
TM
Gigabit Broadband VPN Router User Guide
TL-R600VPN
37
4.6.3
Local Management
Choose menu “
Security
→
Local Management
”, you can configure to prevent the local PCs from
accessing the router’s web-based utility in the next screen (shown in Figure 4-27).
Figure 4-27
¾
Management Rules -
Here displays the management rules
•
All the PCs on the LAN are allowed to access the Router’s Web-Based Utility:
This
rule determines that all the PCs connected to the router can visit the router’s Web-Based
Utility.
•
Only the PCs listed can browse the built-in web pages to perform Administrator
tasks:
This rule determines that only the specified LAN PCs can visit the Web-Based
Utility to configure the router.
To add a PC to the management list:
Step 1:
Select the option of
Only the PCs listed can browse the built-in web pages to
perform Administrator tasks
.
Step 2:
Enter the PC’s MAC address in the
MAC1/2/3/4
field or click the
Add
button to add your
PC’s MAC Address to the list.
Step 3:
Click the
Save
button.
4.7
Access Control
Choose menu “
Access Control
”, the next submenus are shown below.
Figure 4-28
Click any of them, and you will be able to configure the corresponding function. The detailed
explanations for each submenu are provided below.
Page 44 / 82
SafeStream
TM
Gigabit Broadband VPN Router User Guide
TL-R600VPN
38
4.7.1
Rule
Choose menu “
Access Control
→
Rule
”, you can configure the Internet Access Control to
manage Internet activities from LAN hosts in the next screen (shown in Figure 4-29).
Figure 4-29
¾
Enable Internet Access Control:
Enable or disable the Internet Access Control.
¾
Default Filter Policy:
Select a policy to allow or deny the packets matching the rules to pass
through the Router.
¾
Rule Name:
Display the name of the rule and this name is unique.
¾
Host:
Displays the hosts to which the rule takes effect.
¾
Target:
Displays the corresponding target of the rule.
¾
Schedule:
Displays the effective time of the rule.
¾
Action:
Display the actions of the router to deal with the packets.
¾
Status:
Displays the rule is enabled or disabled.
To add/modify an Internet Access Control entry:
Step 1:
Click
Add New…
/
Edit
shown in Figure 4-29, you will see a new screen shown in Figure
4-30.
Step 2:
Enter the Rule Name and select the Host, Target, Schedule, Action and Status.
Page 45 / 82
TL-R600VPN
SafeStream
Gigabit Broadband VPN Router User Guide
TM
39
Figure 4-30
Step 3:
Click the
Save
button.
Other configurations for the entries as shown in Figure 4-29:
Click the
Delete
button to delete the entry.
Click the
Enable All
button to enable all the entries.
Click the
Disable All
button to disable all the entries.
Click the
Delete All
button to delete all the entries.
Click the
Previous
button to view the information in the previous screen,
click the
Next
button to
view the information in the next screen.
4.7.2
Host
Choose menu “
Access Control
→
Host
”, you can configure Host of the Access Control rule in
the next screen (shown in Figure 4-31).
Figure 4-31
¾
Host Description:
Displays the description of the host and the description is unique.
¾
Information:
Displays the MAC address or IP address of the PCs to which the rule take
effect.
To add/modify a host for Access Control Rule:
Step 1:
Click
Add New…
/
Edit
shown in Figure 4-31, you will see a new screen shown in Figure
4-32.