Manualshelf

User manual

ManualsBrandsRosewill ManualsNetwork CardRNX-N4
61626364656667686970
Wireless Adapter RNX-N4 User Manual
61
Enable SPI: Place a check in this box to enable SPI. SPI ("stateful packet inspection"
also known as "dynamic packet filtering") helps to prevent cyberattacks by tracking
more state per session. It validates that the traffic passing through that session
conforms to the protocol. When the protocol is TCP, SPI checks that packet sequence
numbers are within the valid range for the session, discarding those packets that do
not have valid sequence numbers. Whether SPI is enabled or not, the router always
tracks TCP connection states and ensures that each TCP packet's flags are valid for
the current state.
TCP / UDP NAT Endpoint Filtering options control how the router's NAT manages
incoming connection requests to ports that are already being used. Select one of the
radio buttons.
1. End Point Independent Once a LAN-side application has created a connection
through a specific port, the NAT will forward any incoming connection requests with
the same port to the LAN-side application regardless of their origin. This is the least
restrictive option, giving the best connectivity and allowing some applications (P2P
applications in particular) to behave almost as if they are directly connected to the
Internet.
2. Address Restricted The NAT forwards incoming connection requests to a LAN-side
host only when they come from the same IP address with which a connection was
established. This allows the remote application to send data back through a port
different from the one used when the outgoing session was created.
3. Port And Address Restricted The NAT does not forward any incoming connection
requests with the same port address as an already establish connection.
Note: Some of these options can interact with other port restrictions. Endpoint
Independent Filtering takes priority over inbound filters or schedules, so it is possible for
an incoming session request related to an outgoing session to enter through a port in
spite of an active inbound filter on that port. However, packets will be rejected as
expected when sent to blocked ports (whether blocked by schedule or by inbound filter)
for which there are no active sessions. Port and Address Restricted Filtering ensures
that inbound filters and schedules work precisely, but prevents some level of
connectivity, and therefore might require the use of port triggers, virtual servers, or port
forwarding to open the ports needed by the application. Address Restricted Filtering