Netgear DGFV338 사용자 설명서
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-20
Security and Firewall Protection
v1.0, April 2007
•
Minimize-Delay: Used when the time required for the packet to reach the destination must be
fast (low link latency). The IP packets for this service priority are marked with a TOS value of
8.
fast (low link latency). The IP packets for this service priority are marked with a TOS value of
8.
Attack Checks
This screen allows you to specify if the router should be protected against common attacks from
the LAN and WAN networks. The various types of attack checks are defined below. Select the
appropriate radio boxes to enable the required security measures.
the LAN and WAN networks. The various types of attack checks are defined below. Select the
appropriate radio boxes to enable the required security measures.
•
WAN Security Checks:
–
Respond to Ping On Internet Ports: Responds to an ICMP Echo (ping) packet coming from
the Internet or WAN side. (Usually used as a diagnostic tool for connectivity problems. It
is recommended that you disable this option to prevent hackers from easily discovering
the router via a ping.)
the Internet or WAN side. (Usually used as a diagnostic tool for connectivity problems. It
is recommended that you disable this option to prevent hackers from easily discovering
the router via a ping.)
–
Enable Stealth Mode: If Stealth Mode is enabled, the router will not respond to port scans
from the WAN or Internet, which makes it less susceptible to discovery and attacks.
from the WAN or Internet, which makes it less susceptible to discovery and attacks.
–
Block TCP Flood: If this option is enabled, the router will drop all invalid TCP packets
and be protected protect from a SYN flood attack.
and be protected protect from a SYN flood attack.
•
LAN Security Checks: Block UDP Flood: If this option is enabled, the router will not accept
more than 20 simultaneous, active, UDP connections from a single computer on the LAN.
more than 20 simultaneous, active, UDP connections from a single computer on the LAN.
•
VPN Pass through: IPSec, PPTP or L2TP: Typically, this router is used as a VPN Client or
Gateway that connects to other VPN Gateways. When the router is in NAT mode, all packets
going to the Remote VPN Gateway are first filtered through NAT and then encrypted, per the
VPN policy.
Gateway that connects to other VPN Gateways. When the router is in NAT mode, all packets
going to the Remote VPN Gateway are first filtered through NAT and then encrypted, per the
VPN policy.
If a VPN Client or Gateway on the LAN side of this router wants to connect to another VPN
endpoint on the WAN, with this router between the two VPN end points, all encrypted packets
will be sent to this router. Since this router filters the encrypted packets through NAT, the
packets become invalid.
endpoint on the WAN, with this router between the two VPN end points, all encrypted packets
will be sent to this router. Since this router filters the encrypted packets through NAT, the
packets become invalid.
IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through this
router. To allow the VPN traffic to pass through without filtering, enable those options for the
type of tunnel(s) that will pass through this router.
router. To allow the VPN traffic to pass through without filtering, enable those options for the
type of tunnel(s) that will pass through this router.
Note: Under NAT mode (Network Configuration menu, WAN Mode screen), a
firewall rule that directs ping requests to a particular computer on the LAN
will override this option.
will override this option.