Westermo MRD-3x0 User Manual

65

6623-3201

5.1.1 Network Address and Port Translation 
(NAPT)

As connection pass from the LAN network out the wire-
less port, the firewall can perform Network Address and Port
Translation (NAPT). When set, this option will cause the fire-
wall to substitute the address of the wireless port for the 
source address of connections received from the LAN net-
work. This is most useful where the LAN network is a private 
network but the wireless port has a public address.
In some cases, for example, if connected to an IP WAN that 
supports direct routing to the LAN network of the unit, it 
may be desirable to disable the NAPT function. This will allow 

clients on the LAN to be directly addressed without the need 
for port forwards. To disable NAPT, uncheck the Connections 
from LAN checkbox and press Update.

5.1.2 Stateful Packet Inspection (SPI)

The firewall in the unit can function in Stateful Packet
Inspection (SPI) mode. When enabled, the firewall will track 
the state of each connection passing through it (for example, 
TCP streams) and only allow packets belonging to a known 
connection to enter from the wireless port. In most cases, SPI 
should be enabled for greater security. When disabled, the fire-
wall will allow all incoming packets from the wireless port to 
be forwarded through to the LAN network.

In some cases, for example, if connected to an IP WAN that 
supports direct routing to the LAN network of the unit, it 
may be desirable to disable the SPI function. This will allow 
clients on the LAN to be directly addressed without the need 
for port forwards. To disable SPI, uncheck the Accept only
established destined to LAN checkbox and press Update.