Help - Security Help Index  |  Glossary

Firewall
Enable If enabled, DoS (Denial of Service) attacks will be detected and blocked. The default is enabled. It is strongly recommended that this setting be left enabled. Note:
  • A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use it - the service is unavailable.
  • This device uses "Stateful Inspection" technology. This system can detect situations where individual TCP/IP packets are valid, but collectively they become a DoS attack.
Threshold This setting affects the number of "half-open" connections allowed.
  • A "half-open" connection arises when a remote client contacts the Server with a connection request, but then does not reply to the Server's response.
  • While the optimum number of "half-open" connections allowed (the "Threshold") depends on many factors, the most important factor is the available bandwidth of your Internet connection.
  • Select the setting to match the bandwidth of your Internet connection.

Options
Respond to ICMP The ICMP protocol is used by the "ping" and "traceroute" programs, and by network monitoring and diagnostic programs.
  • If checked, the Broadband Router will repond to ICMP packets received from the Internet.
  • If not checked, ICMP packets from the Internet will be ignored. Disabling this option provides a slight increase in security.
Allow VPN
Passthrough		 The IPSec, PPTP, and L2TP protocols are used to establish a secure connection, and are widely used by VPN (Virtual Private Networking)programs.
  • If checked, these VPN connections are allowed.
  • If not checked, these VPN connections are blocked.

Note: IPSec sessions must NOT use AH (Authentication Header). Packets using AH cannot be routed correctly.
Drop Fragmented
IP Packets		 If enabled, fragmented IP packets are discarded, forcing re-transmission of these packets. In some situations, this could prevent successful commnunication.
Block TCP Flood A TCP flood is excessively large number of TCP connection requests. This is usually a DoS (Denial of Service) attack. This setting should be normally be enabled.
Block UDP Flood A UDP flood is excessively large number of UDP packets. This is usually a DoS (Denial of Service) attack. This setting should be normally be enabled.
Block
non-standard
packets		 Abnormal packets are often used by hackers and in DoS attacks, but may also be generated by mis-configured network devices. (PCs will normally not generate non-standard packets.) This setting should normally be enabled.