SMC Networks SMCWBR14-N Firewall Settings Enable SPI, NAT Endpoint Filtering, Address Restricted

Page 46

Firewall Settings

Enable SPI

SPI ("stateful packet inspection" also known as "dynamic packet filtering") helps to prevent cyber attacks by tracking more state per session. It validates that the traffic passing through that session conforms to the protocol. When the protocol is TCP, SPI checks that packet sequence numbers are within the valid range for the session, discarding those packets that do not have valid sequence numbers.

Whether SPI is enabled or not, the router always tracks TCP connection states and ensures that each TCP packet's flags are valid for the current state.

NAT Endpoint Filtering

The NAT Endpoint Filtering options control how the router's NAT manages incoming connection requests to ports that are already being used.

Endpoint Independent

Once a LAN-side application has created a connection through a specific port, the NAT will forward any incoming connection requests with the same port to the LAN-side application regardless of their origin. This is the least restrictive option, giving the best connectivity and allowing some applications (P2P applications in particular) to behave almost as if they are directly connected to the Internet.

Address Restricted

The NAT forwards incoming connection requests to a LAN-side host only when they come from the same IP address with which a connection was established. This allows the remote application to send data back through a port different from the one used when the outgoing session was created.

Port And Address Restricted

The NAT does not forward any incoming connection requests with the same port address as an already establish connection.

Note that some of these options can interact with other port restrictions. Endpoint Independent Filtering takes priority over inbound filters or schedules, so it is possible for an incoming session request related to an outgoing session to enter through a port in spite of an active inbound filter on that port. However, packets will be rejected as expected when sent to blocked ports (whether blocked by schedule or by inbound filter) for which there are no active sessions. Port and Address Restricted Filtering ensures that inbound filters and schedules work precisely, but prevents some level of connectivity, and therefore might require the use of port triggers, virtual servers, or port forwarding to open the ports needed by the application. Address Restricted Filtering gives a compromise position, which avoids problems when communicating with certain other types of NAT router (symmetric NATs in particular) but leaves inbound filters and scheduled access working as expected.

UDP Endpoint Filtering

Controls endpoint filtering for packets of the UDP protocol.

TCP Endpoint Filtering

Controls endpoint filtering for packets of the TCP protocol.

DMZ Host

43

Image 46
Contents User Guide Limited Warranty Page FCC Radiation Exposure Statement CE Mark Declaration of Conformance for EMI and Safety EECImportant Note IiiTable of Contents Getting Started with the SMCWBR14-N Package Contents Wireless LAN Networking AD-HOCIBSS NetworkPage Page Roaming in an ESS network diagram Introduction Hardware Overview Front Panel LED’s Getting Started Using the Configuration Menu ¾ Click LogBasic BasicInternetBasicWireless WEP WPA-Personal and WPA-Enterprise ExampleWPA-Personal Advanced Optional Backup Radius Server BasicNetwork Settings RIP Operating mode Router SettingsEnable RIP Act as default routerDhcp Server Settings Allow RIP updates from WANRIP Password Enable Dhcp ServerAdd/Edit Dhcp Reservation Dhcp Lease TimeAlways Broadcast Computer NameRevoke Dhcp Reservations ListNumber of Dynamic Dhcp Clients ReserveAdvanced AdvancedVirtual ServerPrivate Port Virtual Server Parameters NameProtocol Public PortSave EnableAdd/Edit Virtual Server Virtual Servers ListApplication AdvancedSpecial ApplicationsParameters for an Application Rule Example Trigger Port RangeInput Protocol Trigger ProtocolInput Port Range Add/Edit Special Applications RuleAdvancedGaming Port Forwarding Fields NameEdit/Add Game Rule TCP Ports To OpenUDP Ports To Open Game Rules ListStreamEngine Setup Enable StreamEngine AdvancedStreamEngineAutomatic Uplink Speed Automatic ClassificationDynamic Fragmentation Measured Uplink SpeedSource IP Range Add/Edit StreamEngine Rule EnablePriority Source Port RangeAdvancedRouting Add/Edit RouteRoutes List Add Policy AdvancedAccess ControlPolicy Wizard Policy TablePage Web Filter Parameters Web Site AdvancedWEB FilterAdd/Edit Web Site Allowed Web Site List Filter Wireless Clients Enable MAC Address FilterFilter Settings Mode AdvancedMAC Address FilterAdd/Edit MAC Address Filter Wired ClientsMAC Address List AdvancedFirewall Endpoint Independent Firewall Settings Enable SPINAT Endpoint Filtering Address RestrictedEnable DMZ DMZ IP AddressRtsp PptpFTP Wake-On-LAN NetmeetingSIP MMSAdvancedInbound Filter Inbound Filter Rules List Add/Edit Inbound Filter RuleAction Allow AllAdvancedAdvanced Wireless Extra Wireless Protection 802.11d EnableWMM Enable WDS EnableAdvancedNetwork Enable UPnPEnable WAN Ping Respond UPnPWAN Port Speed Enable Multicast StreamsMulticast Streams ToolsAdmin Admin PasswordRemote Admin Port User PasswordEnable Remote Management Remote Admin Inbound FilterToolsTime Automatic Time Configuration Enable NTP Server Time Configuration Current Router TimeEnable Daylight Saving Time ZoneToolsSyslog Enable Logging to Syslog ServerSyslog Server IP Address ToolsEmail Settings Email Log When Full or on Schedule On Log Full PasswordVerify Password On ScheduleRestore To Factory Default Settings Save Settings To Local Hard DriveLoad Settings From Local Hard Drive Reboot The DeviceFirmware Information Firmware UpgradeToolsFirmware Check OnlineUpload ToolsDynamic DNS Verify Password or Key TimeoutToolsSystem Check ToolsSchedules Schedule Rules List StatusDevice info Statistics and Active SessionsPage BigPond Connection Dhcp ConnectionPPPoE, PPTP, L2TP Connection LAN ComputersSignal StatusWirelessRate StatusRouting What to View Apply Log Settings NowStatusLogs View LevelsEmail Now RefreshClear Save LogStatusStatistics Errors External StatusActive SessionsInternal NATTime Out DirOut SecondsAdsl AsciiBootp CAT Dhcp DMZDSL DNSEAP GUI Icmp HttpHttps IeeeIPX ISPLPR/LPD LANLED L2TPMppe MdixMIB MTUOfdm NICNTP OSIRadius PPPRIP Snmp RSASmtp SohoTCP/IP SsidTCP TftpUTP URLUSB VlanWlan WDSWisp WPAYagi antenna 802.11Technical Support

SMCWBR14-N specifications

The SMC Networks SMCWBR14-N is a wireless router that has established itself as a reliable choice for both home and small office environments. This device is renowned for its balance of performance, flexibility, and cost-effectiveness, making it a popular option among budget-conscious consumers looking for stable connectivity.

One of the primary features of the SMCWBR14-N is its compliance with the IEEE 802.11n wireless standard. This technology allows it to deliver significantly higher data rates than older standards like 802.11g, making it ideal for tasks such as streaming video, online gaming, and large file transfers. It operates on both the 2.4 GHz frequency band, which provides extensive coverage range, and it can reach speeds of up to 300 Mbps. This dual-band functionality ensures that multiple devices can connect simultaneously without significant interference.

The router comes equipped with four 10/100 Mbps Ethernet ports, enabling wired connections for devices such as gaming consoles, desktop computers, and smart TVs. The data transfer rates over wired connections are stable, ensuring low latency and reliable performance, which is essential for users engaged in intensive online activities.

A notable feature of the SMCWBR14-N is its built-in firewall and various security options. This includes Wi-Fi Protected Access (WPA/WPA2) encryption, which significantly enhances the security of the wireless network. The router also supports MAC address filtering, which allows users to define which devices can connect to the network, adding an additional layer of security.

Configuration and management of the SMCWBR14-N are user-friendly, thanks to its web-based interface. Users can easily access the settings via any web browser, allowing for quick adjustments and monitoring of the network. The router supports Quality of Service (QoS) features, enabling users to prioritize bandwidth for specific applications, thus ensuring a smooth operation for real-time activities like VoIP calls and video conferencing.

Furthermore, the SMCWBR14-N supports various advanced features such as DHCP server functionality and dynamic DNS, making it suitable for users who desire a more hands-on approach to their networking setup.

In summary, the SMC Networks SMCWBR14-N wireless router is an excellent choice for individuals and small businesses seeking a robust and versatile networking solution. Its blend of high-speed wireless connectivity, comprehensive security options, and easy management makes it a compelling option for navigating the demands of modern internet usage.