4.9.2 Advanced Security

TL-WR841N/TL-WR841ND300Mbps Wireless N Router User Guide

disable the Router’s firewall.

zSPI Firewall - SPI (Stateful Packet Inspection, also known as dynamic packet filtering) helps to prevent cyber attacks by tracking more state per session. It validates that the traffic passing through the session conforms to the protocol. SPI Firewall is enabled by factory default. If you want all the computers on the LAN exposed to the outside world, you can disable it.

¾VPN - VPN Passthrough must be enabled if you want to allow VPN tunnels using IPSec, PPTP, or L2TP protocols to pass through the Router’s firewall.

zPPTP Passthrough - Point-to-Point Tunneling Protocol (PPTP) allows the Point-to-Point Protocol (PPP) to be tunneled through an IP network. To allow PPTP tunnels to pass through the Router, keep the default, Enabled.

zL2TP Passthrough - Layer 2 Tunneling Protocol (L2TP) is the method used to enable Point-to-Point sessions via the Internet on the Layer 2 level. To allow L2TP tunnels to pass through the Router, keep the default, Enabled.

zIPSec Passthrough - Internet Protocol Security (IPSec) is a suite of protocols for ensuring private, secure communications over Internet Protocol (IP) networks, through the use of cryptographic security services. To allow IPSec tunnels to pass through the Router, keep the default, Enabled.

¾ALG - It is recommended to enable Application Layer Gateway (ALG) because ALG allows customized Network Address Translation (NAT) traversal filters to be plugged into the gateway to support address and port translation for certain application layer "control/data" protocols such as FTP, TFTP, H323 etc.

zFTP ALG - To allow FTP clients and servers to transfer data across NAT, keep the default Enable.

zTFTP ALG - To allow TFTP clients and servers to transfer data across NAT, keep the default Enable.

zH323 ALG - To allow Microsoft NetMeeting clients to communicate across NAT, keep the default Enable.

zRTSP ALG - To allow some media player clients to communicate with some streaming media servers across NAT, click Enable.

Click the Save button to save your settings.

4.9.2 Advanced Security

Choose menu “Security Advanced Security”, you can protect the Router from being attacked by TCP-SYN Flood, UDP Flood and ICMP-Flood in the screen as shown in Figure 4-40.

RTSP ALG - To allow some media player clients to communicate with some streaming media servers across NAT, click Enable.

- 53 -

Page 62
Image 62
TP-Link manual Advanced Security, TL-WR841N/TL-WR841ND 300Mbps Wireless N Router User Guide