| Version 1.0 |
6.3.10Firewall
The device provides a tight firewall by virtue of the way NAT works. Unless you configure the router to the contrary, the NAT does not respond to unsolicited incoming requests on any port, thereby making your LAN invisible to Internet cyber attacks. However, some network applications cannot run with a tight firewall. Those applications need to selectively open ports in the firewall to function correctly. The options on this page control several ways of opening the firewall to address the needs of specific types of applications.
Enable SPI: Place a check in this box to enable SPI. SPI ("stateful packet inspection" also known as "dynamic packet filtering") helps to prevent cyberattacks by tracking more state per session. It validates that the traffic passing through that session conforms to the protocol. When the protocol is TCP, SPI checks that packet sequence numbers are within the valid range for the session, discarding those packets that do not have valid sequence numbers. Whether SPI is enabled or not, the router always tracks TCP connection states and ensures that each TCP packet's flags are valid for the current state.
TCP / UDP NAT Endpoint Filtering options control how the router's NAT manages incoming connection requests to ports that are already being used. Select one of the radio buttons.
o End Point Independent Once a
o Address Restricted The NAT forwards incoming connection requests to a
o Port And Address Restricted The NAT does not forward any incoming connection requests with the same port address as an already establish connection.
58
