Manualshelf

User Manual

ManualsBrandsU-MEDIA Communications ManualsComputers & Accessories2.4GHz 11n Draft 2.0 1+4 Port WLAN Router
41424344454647484950
42
Firewall Settings
Enable SPI
SPI ("stateful packet inspection" also known as "dynamic packet filtering") helps to prevent
cyberattacks by tracking more state per session. It validates that the traffic passing through
that session conforms to the protocol. When the protocol is TCP, SPI checks that packet
sequence numbers are within the valid range for the session, discarding those packets that do
not have valid sequence numbers.
Whether SPI is enabled or not, the router always tracks TCP connection states and ensures that
each TCP packet's flags are valid for the current state.
NAT Endpoint Filtering
The NAT Endpoint Filtering options control how the router's NAT manages incoming connection
requests to ports that are already being used.
Endpoint Independent
Once a LAN-side application has created a connection through a specific port, the NAT will
forward any incoming connection requests with the same port to the LAN-side application
regardless of their origin. This is the least restrictive option, giving the best connectivity and
allowing some applications (P2P applications in particular) to behave almost as if they are
directly connected to the Internet.
Address Restricted
The NAT forwards incoming connection requests to a LAN-side host only when they come from
the same IP address with which a connection was established. This allows the remote
application to send data back through a port different from the one used when the outgoing
session was created.
Port And Address Restricted
The NAT does not forward any incoming connection requests with the same port address as an
already establish connection.
Note that some of these options can interact with other port restrictions. Endpoint Independent
Filtering takes priority over inbound filters or schedules, so it is possible for an incoming session
request related to an outgoing session to enter through a port in spite of an active inbound filter
on that port. However, packets will be rejected as expected when sent to blocked ports
(whether blocked by schedule or by inbound filter) for which there are no active sessions. Port
and Address Restricted Filtering ensures that inbound filters and schedules work precisely, but
prevents some level of connectivity, and therefore might require the use of port triggers, virtual
servers, or port forwarding to open the ports needed by the application. Address Restricted
Filtering gives a compromise position, which avoids problems when communicating with certain
other types of NAT router (symmetric NATs in particular) but leaves inbound filters and
scheduled access working as expected.
UDP Endpoint Filtering
Controls endpoint filtering for packets of the UDP protocol.