1 OVERVIEW
Wireless Security
Because WLAN data is transmitted using radio signals, it may be possible for an unauthorized person to access your WLAN unless you prevent them from doing so. To prevent unauthorized eavesdropping of data transmitted over your LAN, you must enable wireless security. The default SVG2500 settings neither provide security for transmitted data nor protect network data from unauthorized intrusions.
The SVG2500 provides the following wireless security measures, which are described in Section 9, SVG2500 Wireless Pages.
To prevent unauthorized eavesdropping, you must encrypt data transmitted over the wireless interface using one of the following:
•If all of your wireless clients support
•To protect LAN data from unauthorized intrusions, you can restrict WLAN access to computers having one or both of:
•Known MAC addresses
•The same unique network name (SSID) as the SVG2500
Restricting access to computers having the same network name is also called “disabling SSID broadcasting” or “enabling closed network operation.”
Port Forwarding
The SVG2500 opens logical data ports when a computer on its LAN sends data, such as
Some applications, such as games and video conferencing, require multiple data ports. If you enable NAT, this can cause problems because NAT assumes that data sent through one port will return to the same port. You may need to configure port forwarding to run applications with special requirements.
To configure port forwarding, you must specify an inbound (source) port or range of ports. The inbound port opens only when data is sent to the inbound port and closes again after a specified time elapses with no data sent to it. You can configure up to 32 port forwarding entries using the Advanced Port Forwarding Page.
Virtual Private Networks
The SVG2500 supports multiple tunnel VPN
•Is compatible with Point to Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP)
•Is fully interoperable with any IPSec client or gateway and ANX certified IPSec stacks
17
