FIREWALL
4-47Stateful Packet
Inspection
This option allows you to select different
application types that are using dynamic port
numbers. If you wish to use Stateful Packet
Inspection (SPI) for blocking packets, click on
the “Yes” radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then
check the inspection type that you need, such as
Packet Fragmentation, TCP Connection, UDP
Session, FTP Service, H.323 Service, and TFTP
Service.
It is called a “stateful” packet inspection because
it examines the contents of the packet to
determine the state of the communication; i.e. it
ensures that the stated destination computer has
previously requested the current
communication. This is a way of ensuring that all
communications are initiated by the recipient
computer and are taking place only with sources
that are known and trusted from previous
interactions. In addition to being more rigorous
in their inspection of packets, stateful inspection
firewalls also close off ports until a connection
to the specific port is requested.
When particular types of traffic are checked,
only the particular type of traffic initiated from
the internal LAN will be allowed. For example,
if the user only checks “FTP Service” in the
Stateful Packet Inspection section, all incoming
traffic will be blocked except for FTP
connections initiated from the local LAN.
Hacker Prevention
Feature
Discard Ping
from WAN Discard Prevents a ping on the router’s WAN port from
being routed to the network.
Parameter Defaults Description