50
Advanced Security
Use the Advanced Security features of the Router to globally enable or disable NAT and Firewall protection for
any WAN connection, enable or disable DMZ IP addresses, enable or disable remote Telnet or web management
from specified IP addresses, and enable/disable ICMP ping packets from the WAN.
Figure 4-8. Advanced Security menu
Follow the instructions below to set up the Advanced Security features. To enable ICMP Ping packets from the
WAN, click to check the Allow Incoming ICMP Ping selection box and click the Apply button. The ICMP
(Internet Control Message Protocol) Ping packet is used to test connectivity of IP devices. Keep in mind that
when this is enabled, the Router may be vulnerable to denial of service type attacks.
Enable/Disable NAT and Firewall
NAT and basic Firewall protection can be enabled or disabled for any WAN connection. These may also be
enabled or disabled when configuring the WAN connection for any connection type except Bridge connections.
By default, they are enabled for WAN connections (except Bridge connections) when they are first set up.
Firewall protection includes the previously discussed Port Forwarding and Access Control. Therefore, this must
be enabled to use these features.
To enable NAT and Firewall protection for any WAN connection including Bridge type connections, check the
Enable NAT and Firewall Services selection box and click the Apply button. Be sure to save the changes in
the System Commands menu or the settings will be lost.
To disable NAT and Firewall Services, deselect it and click the Apply button. Be aware that this remove basic
security and expose your LAN to potentially malicious agents form the WAN.
Remember to save the configuration changes.
DMZ IP Address
A DMZ address is used for a device that is not given basic protection of NAT and Firewall services. You may
select an IP address from the pull-down menu or create a New IP by pressing the button. This brings up the LAN
Clients menu in which you may create a static client IP or reserve a dynamically assigned IP address for DMZ
designation.