Firewall, Firewall security levels – Efficient Networks SpeedStream 5100 Series User Manual
Page 35
SpeedStream Router User Guide
27
Firewall
Your SpeedStream router includes a user-configurable firewall that provides various levels of security
against outside attacks. This firewall provides only WAN-side protection. The firewall does not provide
any LAN-side protection.
The firewall also includes an advanced Attack Detection System (ADS) containing various algorithms to
detect and identify WAN attacks the moment they start and protect the LAN from such attacks. Though
WAN access may be temporarily hindered, the LAN is protected from such harmful traffic load.
Firewall Security Levels
The SpeedStream
router is shipped with a set of preconfigured firewall database rules grouped into levels,
allowing you to easily configure the firewall. The default set of levels include:
• Off:
No restrictions are applied to either inbound or outbound traffic. In addition, all Network Address
Port Translation (NAPT) functionality is disabled - there is no address/port translation. Since there is
no address/port translation when the firewall is placed in this mode, all LAN-side connected hosts
must be assigned a valid public IP address.
• Low:
Minimal restrictions with respect to outbound traffic. Outbound traffic is allowed for all supported IP-
based applications and Application Level Gateways (ALGs). The only inbound traffic that is allowed
is that which is received within the context of an outbound session initiated on the local host and
permitted by this firewall mode
.
• Medium:
Moderate restrictions with respect to outbound traffic. Outbound traffic is allowed for most supported
IP-based applications and Application Level Gateways (ALGs). The only inbound traffic that is
allowed is that which is received within the context of an outbound session initiated on the local host
and permitted by this firewall mode.
• High:
High restrictions with respect to outbound traffic. Outbound traffic is allowed only for a very
restricted set of supported IP-based applications and ALGs. The only inbound traffic that is allowed is
that which is received within the context of an outbound session initiated on the local host and
permitted by this firewall mode.
• ICSA 3.0a-compliant:
Supports the ICSA Labs criteria for firewall behavior. (For more information, visit the ICSA site at
http://www.icsalabs.com)
• Custom:
Allows advanced users to add, modify and delete their own firewall rules.
Note
For specific application and protocol security modes, refer to Appendix D, “Firewall Security
Levels.”