SpeedStream Router User Guide

Stateful Inspection Firewall that provides many security features such as blocking common hacker attacks, including IP Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, UDP port loopback, Snork Attack, TCP null scan, and TCP SYN flooding.

Network Address Port Translation (NAPT) and a secure firewall to protect your data while your computer is connected to the Internet.

Port Forwarding to provide more flexible management by allowing you to change internal IP addresses without affecting outside access to your network.

Virtual Private Network that allows remote users to establish a secure connection to a corporate network by setting pass-through of the three most commonly used VPN protocols: PPTP, L2TP and IPSec.

Firewall Security

The firewall in the SpeedStream router is a stateful packet inspection filter that works at the IP level. The firewall consists of an IP packet filtering mechanism, a Network Address Port Translator (NAPT), and a Network Address Translator (NAT). When the NAPT/NAT feature is enabled, the local (unreachable) IP addressing used in the LAN automatically protects it from access. Even when NAPT/NAT is disabled and the LAN is accessible from the WAN, you can configure the firewall to protect the LAN from external attacks by creating custom filters to fine-tune access control.

Note Because a NAPT/NAT system works like a firewall, though they are not the same, are often referred to interchangeably. In the specific context of SpeedStream routers and associated Web management interfaces, the term “firewall” refers more specifically to IP packet filtering, such as stateful inspection. However, in the generic sense of firewall functionality, SpeedStream products also include NAT and NAPT.

The firewall includes the following high-level, industry-standard features:

Port forwarding through NAPT/NAT.

Numerous Application Level Gateways (ALGs) for proper NAPT/NAT functioning.

Stateful IP filtering with sophisticated rules database.

Automatic and protocol-specific session tracking.

Preconfigured and custom firewall levels.

Virtual DMZ.

Firewall logging with Network Time Protocol and SysLog support.

Attack Detection System (ADS).

Session Tracking

Some protocols, such as FTP, require secondary network connections on ports other than the main control port. These connections are usually made using port numbers in the dynamic range (> 1024). The SpeedStream firewall allows traffic on such secondary sessions without manual configuration.

2

Page 11 Page 13
Page 12
Image 12
Efficient Networks 5100 Series manual Firewall Security
Page 11 Page 13
Top Page Image Contents