Firewall security – Efficient Networks 5100 Series User Manual

SpeedStream Router User Guide

Stateful Inspection Firewall that provides many security features such as blocking common hacker
attacks, including IP Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, UDP
port loopback, Snork Attack, TCP null scan, and TCP SYN flooding.

•

•

•

•

Network Address Port Translation (NAPT) and a secure firewall to protect your data while your
computer is connected to the Internet.

Port Forwarding to provide more flexible management by allowing you to change internal IP
addresses without affecting outside access to your network.

Virtual Private Network that allows remote users to establish a secure connection to a corporate
network by setting pass-through of the three most commonly used VPN protocols: PPTP, L2TP and
IPSec.

Firewall Security

The firewall in the SpeedStream

router is a stateful packet inspection filter that works at the IP level. The

firewall consists of an IP packet filtering mechanism, a Network Address Port Translator (NAPT), and a
Network Address Translator (NAT). When the NAPT/NAT feature is enabled, the local (unreachable) IP
addressing used in the LAN automatically protects it from access. Even when NAPT/NAT is disabled and
the LAN is accessible from the WAN, you can configure the firewall to protect the LAN from external
attacks by creating custom filters to fine-tune access control.

Note

Because a NAPT/NAT system works like a firewall, though they are not the same, are often

referred to interchangeably. In the specific context of SpeedStream routers and associated Web
management interfaces, the term “firewall” refers more specifically to IP packet filtering, such as stateful
inspection. However, in the generic sense of firewall functionality, SpeedStream products also include
NAT and NAPT.

The firewall includes the following high-level, industry-standard features:

Port forwarding through NAPT/NAT.

•
•
•
•
•
•
•
•
•

Numerous Application Level Gateways (ALGs) for proper NAPT/NAT functioning.
Stateful IP filtering with sophisticated rules database.
Automatic and protocol-specific session tracking.
Preconfigured and custom firewall levels.
Virtual DMZ.
Firewall logging with Network Time Protocol and SysLog support.
Attack Detection System (ADS).
Session Tracking

Some protocols, such as FTP, require secondary network connections on ports other than the main control
port. These connections are usually made using port numbers in the dynamic range (> 1024). The
SpeedStream firewall allows traffic on such secondary sessions without manual configuration.

2