DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Minimize-Delay: Used when the time required for the packet to reach the destination must be fast (low link latency). The IP packets for this service priority are marked with a TOS value of 8.

Attack Checks

This screen allows you to specify if the router should be protected against common attacks from the LAN and WAN networks. The various types of attack checks are defined below. Select the appropriate radio boxes to enable the required security measures.

WAN Security Checks:

Respond to Ping On Internet Ports: Responds to an ICMP Echo (ping) packet coming from the Internet or WAN side. (Usually used as a diagnostic tool for connectivity problems. It is recommended that you disable this option to prevent hackers from easily discovering the router via a ping.)

Note: Under NAT mode (Network Configuration menu, WAN Mode screen), a firewall rule that directs ping requests to a particular computer on the LAN

will override this option.

Enable Stealth Mode: If Stealth Mode is enabled, the router will not respond to port scans from the WAN or Internet, which makes it less susceptible to discovery and attacks.

Block TCP Flood: If this option is enabled, the router will drop all invalid TCP packets and be protected protect from a SYN flood attack.

LAN Security Checks: Block UDP Flood: If this option is enabled, the router will not accept more than 20 simultaneous, active, UDP connections from a single computer on the LAN.

VPN Pass through: IPSec, PPTP or L2TP: Typically, this router is used as a VPN Client or Gateway that connects to other VPN Gateways. When the router is in NAT mode, all packets going to the Remote VPN Gateway are first filtered through NAT and then encrypted, per the VPN policy.

If a VPN Client or Gateway on the LAN side of this router wants to connect to another VPN endpoint on the WAN, with this router between the two VPN end points, all encrypted packets will be sent to this router. Since this router filters the encrypted packets through NAT, the packets become invalid.

IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through this router. To allow the VPN traffic to pass through without filtering, enable those options for the type of tunnel(s) that will pass through this router.

4-20

Security and Firewall Protection

v1.0, April 2007

Page 91 Page 93
Page 92
Image 92
NETGEAR DGFV338 manual Attack Checks, WAN Security Checks
Page 91 Page 93
Top Page Image Contents