Security Setting

The Security Setting menu lets you control access to or from your local area network with the following options: Packet Filters control access to your network based on the IP addresses of incoming and outgoing data packets. Domain Filters prevent access by your network's users to specific Web sites. URL Blocking prevents access by your network's users to Web sites whose address contains a specific keyword. MAC Control assigns access rights for specific users. Schedule Rule designates time spans, letting you turn services on and off automatically. Miscellaneous functions govern the following additional security concerns: Remote Administrator Host lets a remote administrator perform router configuration. Administrator Time-out automatically closes the Web User Interface after the specified period elapses. Discard PING from WAN side disallows pinging by external users. SPI Mode validates data packet headers. DoS Attack Detection stops Denial of Service attacks.

Packet Filters

The Packet Filters option lets you control which data packets are allowed to pass through the router. Each time the router receives a packet, it analyses the packet against the parameters that you set with this option. You can place restrictions on both inbound and outbound packets.

• Enable—When this check box is selected, the router applies the filter; when this check box is not selected, the router does not apply the filter.
• Allow/Deny all to pass except those that match the following rules.
• If you want to specify only the IP addresses and ports to be blocked, select Allow.
• If you want to specify only the IP addresses and ports that can send (outbound) or receive (inbound) packets through the router, select Deny.
• ID—The router-assigned packet filtering rule number.
• Source IP:Ports—The sending address, or range of addresses, to which the filter rule applies.

  To specify a range of addresses, use a hyphen between the first and last address of the range. For example, 1.2.3.100-1.2.3.149

• Destination IP:Ports—The receiving address, or range of addresses, to which the filter rule applies.
• Enable—When this box is checked, the filter setting is on for the specified addresses. When this box is not checked, the filter setting is off for the specified addresses.
• Use Rule#—Associates the specified addresses with a schedule rule.
• Schedule rule—To associate a schedule rule with a packet filter ID line:
1. Select a rule from the Schedule rule list.
2. Select the line ID from the ID list.
3. Click Copy to.

   For more information about schedule rules, see Schedule Rule.

• Outbound Filter/Inbound Filter—Switches between the two screens.
• MAC Level—Displays the MAC Address Control screen. Because you apply a packet filter rule to an IP address, you need to control the assignment of that IP address to ensure that the rule is applied as you intended. The MAC Level function lets you assign an IP address to a specific device on your LAN.

After making any changes, remember to click Save.

Domain Filters

Domain filtering lets you specify URLs (Internet addresses) or URL suffixes to which access is restricted on your network. For example, you can block access to a site named www.unwanteddomain.com

• Domain Filter—Check Enable to turn on domain filtering. Clear Enable to turn off domain filtering.
• Log DNS Query—works in conjunction with the Action field for specific rules. Check Enable to take the selected action when an attempt is made to gain access to any of the specified sites.
• Privilege IP Addresses Range—A range of host IP address that will not be affected by domain filtering.
• ID—The router-assigned domain filtering rule number.
• Domain Suffix—The ending of the URLs, or Internet addresses, to be subject to domain filtering, for example, org or abc.net. You can specify any portion of the URL's ending, not just those portions normally separated by periods. For example, if you specify ent.com, the router will filter URLs ending in entertainment.com, parent.com, and so on.
• Action—The action to be taken when access to a restricted site is attempted:
• Drop blocks access to the site.
• Log records the access attempt if Log DNS Query is enabled.
• Enable—When this box is checked, the router applies the domain filter to the specified URL suffix; when this box is not checked, the router does not apply the filter to the URL suffix.

After making any changes, remember to click Save.

URL Blocking

URL Blocking lets you specify keywords for the router to disallow in URLs. For example, you can deny access to any Web site whose name contains the word adult.

• URL Blocking Enable—When this check box is selected, URL blocking is on; when this check box is not selected, URL blocking is off.
• ID—The router-assigned URL blocking rule number.
• URL—Any part of a URL that you want to block. For example, specifying adult will disallow access to any Web site whose URL contains the word adult.
• Enable—When this check box is selected, the router applies URL blocking to the specified keyword; when this check box is not selected, the router does not apply URL blocking to the specified keyword.

After making any changes, remember to click Save.

MAC Control

MAC Address Control lets you associate a specific IP address with a device's MAC address, and then allow or disallow access from that device to the router's services.

• Enable—When this check box is selected, the router applies the MAC address control rules; when this check box is not selected, the router does not apply the MAC address control rules. As long as MAC Address Control is enabled, each MAC address specified on this screen remains associated with its specified IP address. Even if the device performs operations to release and renew its address, upon renewal it will be reassigned its MAC Address Control IP address.
• Connection control—Turns on and off the action that you select in the drop-down list. For example, if you select allow, and Connection control is selected, clients that are not specified in Mac Address can connect to the router.
• ID—The router-assigned MAC address control rule number.
• MAC Address—The MAC address of the device.
• IP Address—The IP address to be assigned to the device.
• C—When this check box is selected, the specified device has access to the router; when this box is not selected, the specified device does not have access to the router.
• DHCP clients—retrieves a client's MAC address and places it in the MAC Address field of the selected line. To populate the line:
1. Select a client from the DHCP clients list.
2. Select the line ID from the ID list.
3. Click Copy to.

After making any changes, remember to click Save.

Schedule Rule

The Schedule Rule screen gives you control over the time frames during which other rules take effect. For example, you can set up a Schedule Rule timeframe that runs from 12:00 A.M. on Saturday through 12:00 A.M. on Monday, then assign that rule to your packet filtering rules. The result is that packet filtering will occur only during weekend hours; at all other times, packet filtering will be off.

• Enable—When this check box is selected, the router applies the schedule rules; when this check box is not selected, the router does not apply the schedule rules.
• Rule #—The router-assigned ID schedule rule number
• Rule Name—The user-assigned schedule rule name
• Action
• To change a schedule rule, click Edit.
• To delete a schedule rule, click Delete.
• Add New Rule—displays the Schedule Rule Setting screen, which lets you define and name time frames.



To define a schedule rule:

1. Type the name of the rule.
2. Use the 24-hour clock to specify the Start Time and End Time for each day that you want the schedule rule to take effect. For example, to specify 9:00 a.m. to 5:00 p.m., the start time is 09:00 and the end time is 17:00.
3. Click Save.

After making any changes to the Schedule Rule screen, remember to click Save.

Miscellaneous

• Remote Administrator Host / Port —Identifies a remote host to have access to the router's Web User Interface.
• To allow access by all hosts:
1. In the first Setting field, type 0.0.0.0
2. Select Enable.
• To allow access by a specific host:
1. In the first Setting field, type the IP address of the host.
2. Select Enable.
• To allow access by a subnet:
1. In the first Setting field, specify a subnet mask, for example, 10.1.2.0/24.
2. Select Enable.
• To disallow access by all remote hosts, clear Enable.
• Administrator Time-out—A length of time after which the Web User Interface automatically logs out if no activity has occurred. To disable this feature, set the time-out to 0 (zero).
• Discard PING from WAN side—Disallows pinging by external users. To activate this feature, select Enable.
• SPI Mode—Checks every data packet to determine whether the packet is valid. To activate Stateful Packet Inspection (SPI), select Enable.
• DoS Attack Detection—Intercepts and logs attempted Denial of Service (DoS) attacks. To activate this feature, select Enable.

After making any changes, remember to click Save.