EnGenius Technologies ESR-9710 Manual Do Utilizador
ESR-9710 Wireless N Gigabit Router
Version 1.0
58
6.3.10 Firewall
The device provides a tight firewall by virtue of the way NAT works. Unless you
configure the router to the contrary, the NAT does not respond to unsolicited
incoming requests on any port, thereby making your LAN invisible to Internet cyber
attacks. However, some network applications cannot run with a tight firewall. Those
applications need to selectively open ports in the firewall to function correctly. The
options on this page control several ways of opening the firewall to address the
needs of specific types of applications.
incoming requests on any port, thereby making your LAN invisible to Internet cyber
attacks. However, some network applications cannot run with a tight firewall. Those
applications need to selectively open ports in the firewall to function correctly. The
options on this page control several ways of opening the firewall to address the
needs of specific types of applications.
Enable SPI: Place a check in this box to enable SPI. SPI ("stateful packet
inspection" also known as "dynamic packet filtering") helps to prevent cyberattacks
by tracking more state per session. It validates that the traffic passing through that
session conforms to the protocol. When the protocol is TCP, SPI checks that packet
sequence numbers are within the valid range for the session, discarding those
packets that do not have valid sequence numbers. Whether SPI is enabled or not,
the router always tracks TCP connection states and ensures that each TCP packet's
flags are valid for the current state.
by tracking more state per session. It validates that the traffic passing through that
session conforms to the protocol. When the protocol is TCP, SPI checks that packet
sequence numbers are within the valid range for the session, discarding those
packets that do not have valid sequence numbers. Whether SPI is enabled or not,
the router always tracks TCP connection states and ensures that each TCP packet's
flags are valid for the current state.
TCP / UDP NAT Endpoint Filtering options control how the router's NAT manages
incoming connection requests to ports that are already being used. Select one of the
radio buttons.
radio buttons.
o
End Point Independent Once a LAN-side application has created a
connection through a specific port, the NAT will forward any incoming
connection requests with the same port to the LAN-side application
regardless of their origin. This is the least restrictive option, giving the best
connectivity and allowing some applications (P2P applications in particular)
to behave almost as if they are directly connected to the Internet.
connection requests with the same port to the LAN-side application
regardless of their origin. This is the least restrictive option, giving the best
connectivity and allowing some applications (P2P applications in particular)
to behave almost as if they are directly connected to the Internet.
o
Address Restricted The NAT forwards incoming connection requests to a
LAN-side host only when they come from the same IP address with which a
connection was established. This allows the remote application to send data
back through a port different from the one used when the outgoing session
was created.
connection was established. This allows the remote application to send data
back through a port different from the one used when the outgoing session
was created.
o
Port And Address Restricted The NAT does not forward any incoming
connection requests with the same port address as an already establish
connection.
connection.