Cradlepoint IBR600 manual DMZ DeMilitarized Zone, Firewall Options

CRADLEPOINT IBR600 USER MANUAL Firmware ver. 3.3.0

6.4.3DMZ (DeMilitarized Zone)

A DMZ host is effectively not firewalled in the sense that any computer on the internet may attempt to remotely access network services at the DMZ IP address. Typical uses involve running a public Web server or sharing files.

Input the IP Address of a single device in your network to create a DeMilitarized Zone for that device. To ensure that the IP address of the selected device remains consistent, go to the ―Reservations‖ section under Network Settings → DHCP Server and reserve the IP address for the device.

As with port forwarding, use caution when enabling the DMZ feature as it can threaten the security of your network. Only use DMZ as a last resort.

6.4.4Firewall Options

Anti-Spoof:Anti-Spoof checks help protect against malicious users faking the source address in packets they transmit in order to either hide themselves or to impersonate someone else. Once the user has spoofed their address they can launch a network attack without revealing the true source of

the attack or attempt to gain access to network services that are restricted to certain addresses.

Packet Normalization: Normalizing packets helps secure the router in untrusted environments. It does so by "scrubbing" packets that are ambiguous or might represent a break-in attempt. Packet Normalization also helps insure reliable connectivity for some WAN devices such as WiMAX modems. Only disable this option if you are sure you do not need it.

Static NAT Ports: If enabled the source port does not translate in TCP and UDP packets during NAT. Some NAT traversal protocols such as STUN(T) require that the source port stay the same when traversing the firewall.