User's Guide
Table Of Contents
- 1. Product Overview
- 2. UI Reference
- Support
- Admin Password
- Wi-Fi - Settings
- Wi-Fi – Primary Network
- Wi-Fi – Guest Network
- Wi-Fi – Wi-Fi as WAN
- Connected Devices
- Access Control - Devices
- Access Control - Schedules
- Settings - Preferences
- Settings – Software Update
- Settings – Backup and Restore
- Advanced Features – Lan
- Advanced Features – Network
- Advanced Features – Manual DNS
- Advanced Features – Firewall
- Advanced Features – MAC Filter
- Advanced Features – Port Filtering
- Advanced Features – Port Forwarding
- Advanced Features – WAN Configuration
- GPS - Status
- GPS - Local
- GPS - Remote
- GPIO
- VPN
- Remote Management
- About – General Status
- About – Primary WAN
- About - Ethernet WAN
- About – Wi-Fi as WAN
- About – System Status
- 3. Using, Testing, Troubleshooting
- 4. Regulatory Information
User Guide
Skyus 500 (Ninkasi)
Rev 1 Page 26 of 78
inseego.com
Advanced Features – Firewall
The Skyus 500 firewall determines which Internet traffic is allowed to pass between the router
and connected devices and protects your connected devices from malicious incoming traffic from
the Internet. The firewall cannot be turned off.
Use the Firewall tab to adjust the general security level of the firewall, designate a specific device
to receive all traffic, and set up specific firewall rules.
Security Level
You can select from three general security levels to block traffic into and through the Skyus 500.
The default Security Level is Medium.
• Low — allows inbound traffic to services with open ports matching the inbound request
port. Outbound traffic is allowed to any service.
• Medium — Rejects inbound traffic. Outbound traffic is allowed for any service.
• High — Rejects inbound traffic. Outbound traffic is allowed only for TELNET (port 23), FTP
(port 21), HTTP (port 21), HTTP (port 80), HTTPS (port 443), SMTP (port 25), DNS (port 53),
POP3 (port 110), and IMAP (port 143).
DMZ
DMZ allows the connected device specified as the DMZ IP address (the DMZ destination) to
receive all traffic that would otherwise be blocked by the firewall.
NOTE: Allowing DMZ may assist some troublesome network applications to function properly,
but the DMZ device should have its own firewall to protect itself against malicious traffic.
Allow DMZ: Check this box to allow DMZ.
Destination IP Address: Enter the IP address of the connected device you wish to become the
DMZ device (the DMZ destination). NOTE: You can check the IP address of each connected
device on the Connected Devices screen.
Click Save Changes.
Firewall Rules
You can define one or more specific rules for the firewall to follow. Use the fields to set up a rule,
and click Add New Rule. New rules are added to the bottom of the list. Use Up and Down to
reposition rules on the list.
NOTE: For Src. IP and Dest. IP, enter a specific IP address or the keyword any.