10 firewall – EnGenius Technologies ESR-9710 User Manual

Page 58

Advertising
background image

ESR-9710 Wireless N Gigabit Router

Version 1.0

58

6.3.10 Firewall

ƒ The device provides a tight firewall by virtue of the way NAT works. Unless you

configure the router to the contrary, the NAT does not respond to unsolicited
incoming requests on any port, thereby making your LAN invisible to Internet cyber
attacks. However, some network applications cannot run with a tight firewall. Those
applications need to selectively open ports in the firewall to function correctly. The
options on this page control several ways of opening the firewall to address the
needs of specific types of applications.


ƒ Enable SPI: Place a check in this box to enable SPI. SPI ("stateful packet

inspection" also known as "dynamic packet filtering") helps to prevent cyberattacks
by tracking more state per session. It validates that the traffic passing through that
session conforms to the protocol. When the protocol is TCP, SPI checks that packet
sequence numbers are within the valid range for the session, discarding those
packets that do not have valid sequence numbers. Whether SPI is enabled or not,
the router always tracks TCP connection states and ensures that each TCP packet's
flags are valid for the current state.

ƒ TCP / UDP NAT Endpoint Filtering options control how the router's NAT manages

incoming connection requests to ports that are already being used. Select one of the
radio buttons.

o

End Point Independent Once a LAN-side application has created a

connection through a specific port, the NAT will forward any incoming
connection requests with the same port to the LAN-side application
regardless of their origin. This is the least restrictive option, giving the best
connectivity and allowing some applications (P2P applications in particular)
to behave almost as if they are directly connected to the Internet.

o

Address Restricted The NAT forwards incoming connection requests to a

LAN-side host only when they come from the same IP address with which a
connection was established. This allows the remote application to send data
back through a port different from the one used when the outgoing session
was created.

o

Port And Address Restricted The NAT does not forward any incoming

connection requests with the same port address as an already establish
connection.

Advertising
Popular Brands
Popular manuals