IPv4/IPv6 SPI firewall protection - This option protects your local network from Internet threats and is enabled by default. The firewall settings in your router have been optimized for most home environments, so no changes are typically needed.
A Virtual Private Network (VPN) is a network that uses a public network such as the Internet to provide secure communications between a remote computer and another network. Corporations often use a VPN to allow employees to access a corporate network remotely. The default VPN settings in your router have been configured to allow the most common types of VPN protocols, so no changes are typically needed.
IPSec Passthrough - This is a suite of protocols used to implement secure packet exchange on a VPN.
PPTP Passthrough - This allows VPN clients to establish a PPTP VPN tunnel through the router.
L2TP Passthrough - This enables VPN clients on the local network to establish an L2TP VPN tunnel through the router.
This enables you to customize IPv6 port services for services or applications. When users send these types of requests to your network via the Internet, the router will allow those requests to the appropriate computers. To add an IPv6 firewall setting, click Add IPv6 Firewall Setting.
Description - The service name or description.
Protocol - The protocol used by the service.
IPv6 Address - The IPv6 address of the computer who should receive the traffic.
Allow - The range of ports used by incoming traffic.
Enabled - Click the checkbox to enable the port service.
Select whether to enable or disable the following Internet filters:
Filter Anonymous Internet Requests - This feature blocks ping requests from computers on the Internet to your router.
Filter Multicast - Multicasts are similar to broadcasts; by default, they are sent to all computers on a network. This option blocks multicasting.
Filter Internet NAT Redirection - This feature prevents a local computer that's using a URL or Internet address on your network to access your local server.
Filter ident (port 113) - This feature prevents outside intruders from accessing your router through the Internet using service port 113. Some applications may require this service port to be available. If this is the case, disable this option.
Your router includes a Demilitarized Zone (DMZ) feature that forwards all inbound ports presented on the WAN interface, except those that are specifically forwarded, to an IP address or MAC address. This feature can be used to expose a web server, mail server, or web camera to the Internet so anyone can access it. This feature is not typically used as it presents significant security risks to the device that you designate for the DMZ. The device is not protected by the built-in firewalls, Internet filters, or router web filters.
To use this feature, click On.
Source IP address - Select this option to allow access to your DMZ device from any IP address on the Internet, or enter a specific range of IP addresses to allow.
Destination IP address - Select this option to allow access to your DMZ device from range of specific IP addresses or a specific MAC address.
To use a static IP address of the device that will be in the DMZ, select IP Address and enter the last three digits of that address. If you prefer to use the MAC address of the device instead of a static IP address, select the MAC Address option and enter the device's MAC address.
Click the View DHCP Client Table button to see the current DHCP client list.
The DDNS feature lets you configure a domain name for your home network, which you can then use to easily find your network on the Internet. This is useful if you want to remotely access a USB drive or web camera over the Internet.
To use this feature, select your DDNS service from the dropdown menu, for example, DynDNS.org or TZO.com, and then complete the fields with information provided to you by your DDNS provider.
Single Port forwarding forwards inbound traffic from the Internet on a specific port to a single device on your local network. For example, forwarding inbound web requests, typically on port 80, to a web server. To forward to multiple ports, create additional entries to forward additional ports to the same IP address. Click Add a new single port forwarding.
Application name - The application or device name using port forwarding. Refer to your device's documentation for recommendations if needed.
External Port - Enter the external port number.
Internal Port - Enter the internal port number.
Note: To set up port forwarding for multiple ports, enter the same number in the External Port and Internal Port fields.
Protocol - Select the protocol to use.
Device IP# - Enter the last three digits of the IP address you have reserved for the computer you want to forward Internet traffic to.
Enabled - Click the checkbox to enable the port forwarding. If you don't want to use port forwarding but want to keep the information in the table, unselect the checkbox.
Port forwarding forwards inbound traffic from the Internet on range of ports to a specific device on your local network. For example, some applications can use a range of ports so that if one port is busy, they can try another one. Click Add new Port Range Forwarding.
Note: Set up a DHCP reservation for the computer's IP address on which you installed the software application that requires port range forwarding.
Application name - The application or device name using port forwarding.
Start/End Port - The port number or range of ports used by the application or device for port forwarding. To specify a range of ports, separate the first and last port numbers with a dash, for example, 5800-5900.
Protocol - Select the protocol to use, typically TCP.
Device IP# - Enter the last three digits of the computer's IP address running the software that requires port forwarding.
Enabled - Click the checkbox to enable port range forwarding. If you don't want to use port forwarding but want to keep the information in the table, unselect the checkbox.
Port range triggering allows the router to watch outgoing data for specific port numbers. The IP address of the computer that sends the matching data is remembered by the router, so that when the requested data returns through the router, the data is routed back to the proper computer. This is useful when using a USB or Bluetooth headset for online chat and gaming. Click Add a new Port Range Triggering.
Note: Refer to your device's documentation for information on the ports that the device uses.
For each entry, enter a descriptive Device or Application name, and then enter the ports.
Enabled - Click the checkbox to enable port range triggering. If you don't want to use port range triggering for that entry, but want to keep the information in the table, unselect the checkbox.