Efficient Networks 5200 Series, 5400 Series, 5500 Series Firewall

SpeedStream Router User Guide

Firewall

Your SpeedStream router includes a user-configurable firewall that provides various levels of security

against outside attacks. This firewall provides only WAN-side protection. The firewall does not provide

any LAN-side protection.

The firewall also includes an advanced Attack Detection System (ADS) containing various algorithms to

detect and identify WAN attacks the moment they start and protect the LAN from such attacks. Though

WAN access may be temporarily hindered, the LAN is protected from such harmful traffic load.

The SpeedStream router is shipped with a set of preconfigured firewall database rules grouped into levels,

allowing you to easily configure the firewall. The default set of levels include:

• Off:

No restrictions are applied to either inbound or outbound traffic. In addition, all Network Address

Port Translation (NAPT) functionality is disabled - there is no address/port translation. Since there is

no address/port translation when the firewall is placed in this mode, all LAN-side connected hosts

must be assigned a valid public IP address.

• Low:

Minimal restrictions with respect to outbound traffic. Outbound traffic is allowed for all supported IP-

based applications and Application Level Gateways (ALGs). The only inbound traffic that is allowed

is that which is received within the context of an outbound session initiated on the local host and

permitted by this firewall mode.

• Medium:

Moderate restrictions with respect to outbound traffic. Outbound traffic is allowed for most supported

IP-based applications and Application Level Gateways (ALGs). The only inbound traffic that is

allowed is that which is received within the context of an outbound session initiated on the local host

and permitted by this firewall mode.

• High:

High restrictions with respect to outbound traffic. Outbound traffic is allowed only for a very

restricted set of supported IP-based applications and ALGs. The only inbound traffic that is allowed is

that which is received within the context of an outbound session initiated on the local host and

permitted by this firewall mode.

• ICSA 3.0a-compliant:

Supports the ICSA Labs criteria for firewall behavior. (For more information, visit the ICSA site at

http://www.icsalabs.com)

• Custom:

Allows advanced users to add, modify and delete their own firewall rules.

Note For specific application and protocol security modes, refer to Appendix D, “Firewall Security

Levels.”