Access Help

MAC Filters
Protocol/IP Filters
Virtual Server
Firewall & DMZ
Port Forwarding
Application Rules
Internet Bandwidth Control
Guest Zone
Advanced Network
Parental Control

MAC Filters

Enables you to allow or deny Internet access to users within the LAN, based on the MAC Address of their network interface. Click the radio button next to Disabled to disable the MAC filter function.

MAC Address: Enter the MAC Address of the user's network interface.
DHCP Client List: DHCP clients will have their hostnames displayed in the Computer Name drop-down menu. You can select the Computer Name you want to add to the MAC Filter List and click arrow button. This will automatically add the selected computer's MAC address to the appropriate field.

Users can use the Always drop-down menu to select a previously defined schedule or click the New Schedule button to add a new schedule.

The checkbox is used to enable or disable a particular entry.

URL Blocking is used to deny computers within the LAN (Local Area Network) from accessing specific web sites by its URL (Uniform Resource Locator). A URL is a specially formatted text string that defines a location on the Internet. If any part of the URL contains the blocked word, the site will not be accessible and the web page will not be displayed. Domain Blocking is used to deny or allow computers within the LAN (Local Area Network) from accessing specific domains on the Internet. Domain blocking will deny or allow all requests such as http and ftp to a specific domain. Select Allow users to access all domains except "Blocked Domains" if you allow users to access all domains except the domains in the Blocked Domains list. Select Deny users to access all domains except "Permitted Domains" if you only want users to access Permitted Domains.

Example 1:

If you wanted to block LAN users from any website containing a URL pertaining to shopping, you would need to select "DENY computers access to ONLY these sites" and then enter "shopping" into the Website Filtering Rules list. Sites like these will be denied access to LAN users because they contain the keyword in the URL.

http://shopping.yahoo.com
http://shopping.msn.com

Example 2:

If you want your children to only access particular sites, you would then choose "ALLOW computers access to ONLY these sites" and then enter in the domains you want your children to have access to.

Google.com
Cartoons.com
Discovery.com

Protocol/IP Filters

Enables you to allow or deny Internet access to users based on the communications protocol of the origin. Click the radio button next to Disabled to disable the protocol filter.

Add Inbound Filter Rule

Here you can add entries to the Inbound Filter Rules List below, or edit existing entries.

Name: Enter a meaningful name for the rule.
Action: This rule can either Allow or Deny messages.
Remote IP Range: Define the ranges of Internet addresses this rule applies to. For a single IP address, enter the same address in both the Start and End boxes. Up to eight ranges can be entered. The Enable checkbox allows you to turn on or off specific entries in the list of ranges.
Add/Update: Saves the new or edited Inbound Filter Rule in the following list.

Inbound Filter Rules List

This section lists the current Inbound Filter Rules. An Inbound Filter Rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the Update Inbound Filter Rule section is activated for editing.

In addition to the filters listed here, two predefined filters are available wherever inbound filters can be applied.

Virtual Server

This screen enables you to create a virtual server via the router. If the router is set as a virtual server, remote users requesting Web or FTP services through the WAN are directed to local servers in the LAN. The router redirects the request via the protocol and port numbers to the correct LAN server. The Virtual Sever profiles are listed in the table at the bottom of the page.

Example:

You are hosting a web server on a PC that has LAN IP address of 192.168.0.50 and your ISP is blocking port number 80.

Name the Virtual Server (for example: Web Server)
Enter the IP Address of the machine on your LAN. For example: 192.168.0.50
Enter the Private Port number as [80].
Enter the Public Port as [8888].
Select the Protocol (for example TCP).
Ensure the schedule is set to Always
Repeat these steps for each Virtual Server Rule you wish to add. After the list is complete, click Save Settings at the top of the page.

With this Virtual Server entry, all Internet traffic from port 8888 will be redirected to your internal web server on port 80 at IP Address 192.168.0.50.

Virtual Server Parameters

Name: Enter a descriptive name for the virtual server.
IP Address: The IP address of the system on your internal network that will provide the virtual service, for example 192.168.0.50. You can select a computer from the list of DHCP clients in the 'Computer Name' drop-down menu, or you can manually enter the IP address of the server computer.
Private Port: Type the port number of the computer on the LAN that is being used to act as a virtual server.
Public Port: Type the port number on the WAN that will be used to provide access to the virtual server.
Traffic Type: Select the protocol used by the service. The common choices are UDP, TCP, and both UDP and TCP. They can be selected from the drop-down menu. To specify any other protocol, select Other from the list, then enter the corresponding protocol number (as assigned by the IANA) in the Protocol box.
Schedule: Select a schedule for when the service will be enabled. If you do not see the schedule you need in the list of schedules, go to the Tools --> Schedules screen and create a new schedule.

24 -- Virtual Servers List

Use the checkboxes on the left to activate or deactivate completed Virtual Server entries.

Firewall & DMZ

This screen enables you to set up the firewall . The router provides basic firewall functions, by filtering all the packets that enter the router using a set of rules. The rules are in an order sequence list. The lower the rule number, the higher the priority the rule has. The rule profiles are listed in the table at the bottom of the page.

Firewall Settings

Enable SPI: SPI (Stateful Packet Inspection also known as dynamic packet filtering) helps to prevent cyber attacks by tracking more states per session. It validates that the traffic passing through that session conforms to the protocol. Whether or not SPI is enabled, the router always tracks TCP connection states and ensures that each TCP packet's flags are valid for the current state.

DMZ Host

This screen enables you to create a DMZ for those computers that cannot access Internet applications properly through the router and associated security settings.

Application Level Gateway (ALG) Configuration

Here you can enable or disable ALGs. Some protocols and applications require special handling of the IP payload to make them work with Network Address Translation (NAT). Each ALG provides special handling for a specific protocol or application. The number of ALGs for common applications are enabled by default.

PPTP: Allows multiple machines on the LAN to connect to their corporate networks using PPTP protocol. When the PPTP ALG is enabled, LAN computers can establish PPTP VPN connections either with the same or with different VPN servers. When the PPTP ALG is disabled, the router allows VPN operation in a restricted way -- LAN computers are typically able to establish VPN tunnels to different VPN Internet servers but not to the same server. The advantage of disabling the PPTP ALG is to increase VPN performance. Enabling the PPTP ALG also allows incoming VPN connections to a LAN side VPN server (refer to Advanced -> Virtual Server ).
IPSec (VPN): Allows multiple VPN clients to connect to their corporate networks using IPSec. Some VPN clients support traversal of IPSec through NAT. This option may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try disabling this option.; Check with the system administrator of your corporate network whether your VPN client supports NAT traversal.; Note that L2TP VPN connections typically use IPSec to secure the connection. To achieve multiple VPN pass-through in this case, the IPSec ALG must be enabled.
RTSP: Allows applications that use the Real Time Streaming Protocol (RTSP) to receive streaming media from the Internet. QuickTime and Real Player are some of the common applications that use this protocol.
SIP: Allows devices and applications using VoIP (Voice over IP) to communicate across NAT. Some VoIP applications and devices have the ability to discover NAT devices and work around them. This ALG may interfere with the operation of such devices. If you are having trouble making VoIP calls, try turning this ALG off.

Firewall Rules

Firewall Rules are an advanced feature used to deny or allow traffic from passing through the device. You can create detailed rules for the device. Please refer to the manual for more details and examples.

Port Forwarding

Select a filter that restricts the Internet hosts that can access this virtual server to hosts that you trust. If you do not see the filter you need in the list of filters

Application Rules

Use this feature if you are trying to execute one of the listed network applications and it is not communicating as expected.

Use the Application Name drop-down menu to view a list of pre-defined applications that you can select from. If you select one of the pre-defined applications, click the arrow button next to the drop-down menu to fill out the appropriate fields.

Internet Bandwidth Control

Some experimentation and performance measurement may be required to converge on the optimal value.

Guest Zone

This selection helps you to define the Guest Zone scale.

Enable Guest Zone

Specifies whether the Guest Zone will be enabled or disabled.

Wireless Network Name

Provide a name for the Guest Zone wireless network.

Enable Routing Between Zones

Use this section to enable routing between the Host Zone and Guest Zone, Guest clients cannot access Host clients' data without enabling this function.

Wireless Security Mode

Securing your wireless network is important as it is used to protect the integrity of the information being transmitted. The router is capable of 4 types of wireless security; WEP, WPA only, WPA2 only, and WPA/WPA2 (auto-detect).

WEP

Wired Equivalent Protocol (WEP) is a wireless security protocol for Wireless Local Area Networks (WLAN). WEP provides security by encrypting the data that is sent over the WLAN. The router supports 2 levels of WEP Encryption: 64-bit and 128-bit. WEP is disabled by default. The WEP setting can be changed to fit an existing wireless network or to customize your wireless network.

Authentication: Authentication is a process by which the router verifies the identity of a network device that is attempting to join the wireless network. There are two types authentication for this device when using WEP.
WEP Encryption: Select the level of WEP Encryption that you would like to use on your network. The two supported levels of WEP encryption are 64-bit and 128-bit.
Key Type: The Key Types that are supported by the router are HEX (Hexadecimal) and ASCII (American Standard Code for Information Interchange.) The Key Type can be changed to fit an existing wireless network or to customize your wireless network.

WPA/WPA2

WPA2 authorizes and authenticates users connecting to the wireless network. WPA2 uses stronger security than WEP and is based on a key that changes automatically at regular intervals.

Cipher Type: The router supports two different cipher types when WPA is used as the Security Type. These two options are TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption Standard).
PSK/EAP: When PSK is selected, your wireless clients will need to provide a passphrase for authentication. When EAP is selected, you will need to have a RADIUS server on your network that will handle the authentication of all your wireless clients.
Network Key: This is what your wireless clients will need in order to communicate with your router, When PSK is selected enter 8-63 alphanumeric characters. Be sure to write this Passphrase down as you will need to enter it on any other wireless devices you are trying to add to your network.
RADIUS Server: This means that WPA authentication will be used in conjunction with a RADIUS server that must be present on your network. Enter the IP address, port, and Shared Secret that your RADIUS is configured for. You also have the option to enter information for a second RADIUS server in the event that there are two on your network that you are using to authenticate wireless clients.

Advanced Network

This section contains settings which can change the way the router handles certain types of traffic. We recommend that you not change any of these settings unless you are already familiar with them or have been instructed to change them by one of our support personnel.

UPnP: UPnP is short for Universal Plug and Play which is a networking architecture that provides compatibility among networking equipment, software, and peripherals. This device is a UPnP enabled router, meaning it will work with other UPnP devices/software. If you do not want to use the UPnP functionality, it can be disabled by selecting Disabled.
WAN Ping: When you Enable WAN Ping response, you are causing the public WAN (Wide Area Network) IP address on the device to respond to ping commands sent by Internet users. Pinging public WAN IP addresses is a common method used by hackers to test whether your WAN IP address is valid.
Enable Multicast Streams: Enable this option if you are receiving video on demand type of service from the Internet. The router uses the IGMP protocol to support efficient multicasting (transmission of identical content, such as multimedia, from a source to a number of recipients). This option must be enabled if any applications on the LAN participate in a multicast group. If you have a multimedia LAN application that is not receiving content as expected, try enabling this option.

Parental Control

Create a list of websites that will be allowed or denied access to your network, by this router.

Keywords can be entered in this list in order to block any URL containing the keyword entered.

Login

Access Help