Cradlepoint Technology mbr1200 User Guide
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010 CRADLEPOINT, INC. PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 42
5.3 Firewall
Use the Firewall sub-menu to protect your network from the outside world. The MBR1200 provides
a tight firewall by virtue of the way NAT works. Unless you configure the router to the contrary, the
NAT does not respond to unsolicited incoming requests on any port, thereby making your LAN
invisible to public Internet view. However, some network applications cannot run with a tight
firewall. Those applications need to selectively open ports in the firewall to function correctly.
a tight firewall by virtue of the way NAT works. Unless you configure the router to the contrary, the
NAT does not respond to unsolicited incoming requests on any port, thereby making your LAN
invisible to public Internet view. However, some network applications cannot run with a tight
firewall. Those applications need to selectively open ports in the firewall to function correctly.
5.3.1
Firewall Settings
Enable SPI.
SPI (Stateful Packet Inspection, also known as dynamic packet filtering) helps to
prevent cyber attacks by tracking more state per session. It validates that the traffic passing
through the session conforms to the protocol. When SPI is enabled, the extra state information will
be reported on the Status
through the session conforms to the protocol. When SPI is enabled, the extra state information will
be reported on the Status
→ Active Sessions sub-menu.
Whether SPI is enabled or not, the router always tracks TCP connection states and ensures that
each TCP packet's flags are valid for the current state.
each TCP packet's flags are valid for the current state.
5.3.2
NAT Endpoint Filtering
The NAT Endpoint Filtering options control how the route
r‟s NAT manages incoming connection
requests to ports that are already being used.
UDP Endpoint Filtering/TCP Endpoint Filtering.
The UDP Endpoint Filtering check box
controls endpoint filtering for packets of the UDP protocol and the TCP Endpoint Filtering check
box controls endpoint filtering for packets of the TCP protocol. Select a NAT Endpoint Filtering
option:
box controls endpoint filtering for packets of the TCP protocol. Select a NAT Endpoint Filtering
option:
Endpoint Independent. Once a LAN-side application has created a connection
through a specific port, the NAT will forward any incoming connection requests with the
same port to the LAN-side application regardless of their origin. This is the least
restrictive option, giving the best connectivity and allowing some applications (P2P
applications in particular) to behave almost as if they are directly connected to the
Internet.
through a specific port, the NAT will forward any incoming connection requests with the
same port to the LAN-side application regardless of their origin. This is the least
restrictive option, giving the best connectivity and allowing some applications (P2P
applications in particular) to behave almost as if they are directly connected to the
Internet.
Address Restricted. The NAT forwards incoming connection requests to a LAN-side
host only when they come from the same IP address with which a connection was
established. This allows the remote application to send data back through a port
different from the one used when the outgoing session was created.
host only when they come from the same IP address with which a connection was
established. This allows the remote application to send data back through a port
different from the one used when the outgoing session was created.
(continued)