7 ip filter/firewall setup, 1 basics for firewall – Draytek 2900 User Manual
Page 78

Vigor2900 Series User’s Guide
72
3
3
.
.
7
7
I
I
P
P
F
F
i
i
l
l
t
t
e
e
r
r
/
/
F
F
i
i
r
r
e
e
w
w
a
a
l
l
l
l
S
S
e
e
t
t
u
u
p
p
3
3
.
.
7
7
.
.
1
1
B
B
a
a
s
s
i
i
c
c
s
s
f
f
o
o
r
r
F
F
i
i
r
r
e
e
w
w
a
a
l
l
l
l
While the broadband users demand more bandwidth for multimedia, interactive applications, 
or distance learning, security has been always the most concerned. The firewall of the Vigor 
router helps to protect your local network against attack from unauthorized outsiders. It also 
restricts users in the local network from accessing the Internet. Furthermore, it can filter out 
specific packets that trigger the router to build an unwanted outgoing connection. 
The most basic security concept is to set user name and password while you install your router. 
The administrator login will prevent unauthorized access to the router configuration from your 
router. 
F
F
i
i
r
r
e
e
w
w
a
a
l
l
l
l
F
F
a
a
c
c
i
i
l
l
i
i
t
t
i
i
e
e
s
s
The users on the LAN are provided with secured protection by the following firewall facilities:
z
User-configurable IP filter (Call Filter/ Data Filter).
z
Stateful Packet Inspection (SPI): tracks packets and denies unsolicited incoming data
z
Selectable Denial of Service (DoS) /Distributed DoS (DDoS) attacks protection
z
URL Content Filter
I
I
P
P
F
F
i
i
l
l
t
t
e
e
r
r
s
s
Depending on whether there is an existing Internet connection, or in other words “the WAN 
link status is up or down”, the IP filter architecture categorizes traffic into two: Call Filter and 
Data Filter. 
z
Call Filter - When there is no existing Internet connection, Call Filter is applied to all 
traffic, all of which should be outgoing. It will check packets according to the filter rules. 
If legal, the packet will pass. Then the router shall “initiate a call” to build the Internet 
connection and send the packet to Internet. 
