TL-WR840N

300Mbps Wireless N Router User Guide

- 47 -

Figure 4-35

DMZ

To assign a computer or server to be a DMZ server:

1.

Check the

Enable

radio button.

2.

Enter the IP Address of a local host in the

DMZ Host IP Address

field.

3.

Click the

Save

button.



Note:

After you set the DMZ host, the firewall related to the host will not work.

4.8.4 UPnP

Choose menu “

Forwarding

→

UPnP

”, you can view the information about

UPnP

(Universal Plug

and Play) in the screen as shown in Figure 4-36. The UPnP feature allows the devices, such as

Internet computers, to access the local host resources or devices as needed. UPnP devices can

be automatically discovered by the UPnP service application on the LAN.

Figure 4-36 UPnP



Current UPnP Status -

UPnP can be enabled or disabled by clicking the

Enable

or

Disable

button.



Current UPnP Settings List -

This table displays the current UPnP information.

•

App Description -

The description provided by the application in the UPnP request.

•

External Port

-

The external port the Router opens for the application.

•

Protocol -

The type of protocol the Router opens for the application.

•

Internal Port

-

The Internal port the Router opens for local host.

•

IP Address

-

The IP address of the UPnP device that is currently accessing the Router.

TL-WR840N

300Mbps Wireless N Router User Guide

- 48 -

•

Status -

The status of the port is displayed here. “Enabled” means that the port is still

active. Otherwise, the port is inactive.

Click

Refresh

to update the Current UPnP Settings List.

4.9 Security

Figure 4-37 The Security menu

There are four submenus under the Security menu as shown in Figure 4-37:

Basic Security

,

Advanced Security

,

Local Management

and

Remote Management.

Click any of them, and you

will be able to configure the corresponding function.

4.9.1 Basic Security

Choose menu “

Security

→

Basic Security

”, you can configure the basic security in the screen

as shown in Figure 4-38.

Figure 4-38 Basic Security



Firewall -

A firewall protects your network from the outside world. Here you can enable or

disable the Router’s firewall.



SPI Firewall -

SPI (Stateful Packet Inspection, also known as dynamic packet filtering)

helps to prevent cyber attacks by tracking more state per session. It validates that the

traffic passing through the session conforms to the protocol. SPI Firewall is enabled by

TL-WR840N

300Mbps Wireless N Router User Guide

- 49 -

factory default. If you want all the computers on the LAN exposed to the outside world,

you can disable it.



VPN -

VPN Passthrough must be enabled if you want to allow VPN tunnels using IPSec,

PPTP, or L2TP protocols to pass through the Router’s firewall.



PPTP Passthrough -

Point-to-Point Tunneling Protocol (PPTP) allows the Point-to-Point

Protocol (PPP) to be tunneled through an IP network. To allow PPTP tunnels to pass

through the Router, keep the default,

Enabled

.



L2TP Passthrough

-

Layer 2 Tunneling Protocol (L2TP) is the method used to enable

Point-to-Point sessions via the Internet on the Layer 2 level. To allow L2TP tunnels to

pass through the Router, keep the default,

Enabled

.



IPSec Passthrough

-

Internet Protocol Security (IPSec) is a suite of protocols for

ensuring private, secure communications over Internet Protocol (IP) networks, through

the use of cryptographic security services. To allow IPSec tunnels to pass through the

Router, keep the default,

Enabled

.



ALG -

It is recommended to enable Application Layer Gateway (ALG) because ALG allows

customized Network Address Translation (NAT) traversal filters to be plugged into the

gateway to support address and port translation for certain application layer "control/data"

protocols such as FTP, TFTP, H323 etc.



FTP ALG -

To allow FTP clients and servers to transfer data across NAT, keep the

default

Enable

.



TFTP ALG -

To allow TFTP clients and servers to transfer data across NAT, keep the

default

Enable

.



H323 ALG -

To allow Microsoft NetMeeting clients to communicate across NAT, keep

the default

Enable

.



RTSP ALG

- To allow some media player clients to communicate with some streaming

media servers across NAT, click Enable.

Click the

Save

button to save your settings.

4.9.2 Advanced Security

Choose menu “

Security

→

Advanced Security

”, you can protect the Router from being

attacked by TCP-SYN Flood, UDP Flood and ICMP-Flood in the screen as shown in Figure 4-39.

TL-WR840N

300Mbps Wireless N Router User Guide

- 50 -

Figure 4-39

Advanced Security



Packets Statistics Interval (5~60) -

The default value is 10. Select a value between 5 and

60 seconds from the drop-down list. The Packets Statistics Interval value indicates the time

section of the packets statistics. The result of the statistics is used for analysis by SYN Flood,

UDP Flood and ICMP-Flood.



DoS Protection -

Denial of Service protection. Check the Enable or Disable button to

enable or disable the DoS protection function. Only when it is enabled, will the flood filters be

enabled.



Note:

Dos Protection will take effect only when the

Traffic Statistics

in “

System Tools

→

Statistics

” is enabled.



Enable ICMP-FLOOD Attack Filtering

-

Enable or Disable the ICMP-FLOOD Attack

Filtering.



ICMP-FLOOD Packets Threshold (5~3600)

-

The default value is 50. Enter a value

between 5

~

3600. When the current ICMP-FLOOD Packets number is beyond the set value,

the Router will startup the blocking function immediately.



Enable UDP-FLOOD Filtering

-

Enable or Disable the UDP-FLOOD Filtering.



UDP-FLOOD Packets Threshold (5~3600)

-

The default value is 500. Enter a value

between 5

~

3600. When the current UPD-FLOOD Packets number is beyond the set value,

the Router will startup the blocking function immediately.



Enable TCP-SYN-FLOOD Attack Filtering

-

Enable or Disable the TCP-SYN-FLOOD

Attack Filtering.

TL-WR840N

300Mbps Wireless N Router User Guide

- 51 -



TCP-SYN-FLOOD Packets Threshold (5~3600)

-

The default value is 50. Enter a value

between 5

~

3600. When the current TCP-SYN-FLOOD Packets numbers is beyond the set

value, the Router will startup the blocking function immediately.



Ignore Ping Packet From WAN Port to Router

-

Enable or Disable Ignore Ping Packet

From WAN Port to Router. The default setting is disabled. If enabled, the ping packet from

the Internet cannot access the Router.



Forbid Ping Packet From LAN Port to Router

-

Enable or Disable Forbid Ping Packet From

LAN Port to Router. The default setting is disabled. If enabled, the ping packet from LAN

cannot access the Router. This function can be used to defend against some viruses.

Click the

Save

button to save the settings.

Click the

Blocked DoS Host List

button to display the DoS host table by blocking.

4.9.3 Local Management

Choose menu “

Security

→

Local Management

”, you can configure the management rule in the

screen as shown in Figure 4-40. The management feature allows you to deny computers in LAN

from accessing the Router.

Figure 4-40 Local Management

By default, the radio button “

All the PCs on the LAN are allowed to access the Router's

Web-Based Utility

” is checked. If you want to allow PCs with specific MAC Addresses to access

the Setup page of the Router's Web-Based Utility locally from inside the network, check the radio

button “

Only the PCs listed can browse the built-in web pages to perform Administrator

tasks

”, and then enter each MAC Address in a separate field. The format for the MAC Address is

XX-XX-XX-XX-XX-XX (X is any hexadecimal digit). Only the PCs with MAC address listed can

use the password to browse the built-in web pages to perform Administrator tasks while all the

others will be blocked.

After click the

Add

button, your PC's MAC Address will be placed in the list above.