3Com 3CR858-91 User Guide - Page 51

SPI, Address Translation NAT feature of the Router. See

Page 51 highlights

Firewall 51 ■ Special Applications - Special Applications allows you to specify ports to be open for specific applications to work properly with the Network Address Translation (NAT) feature of the Router. See "Special Applications" on page 54. ■ Virtual Servers - This function enables you to route external (Internet) calls for services such as a web server, FTP server, or other applications through your Router to your internal network. See "Virtual Servers" on page 56. ■ Client IP Filters - You can configure the Router to restrict access to the Internet, e-mail or other network services at specific days and times. Restriction can be set for a single computer, a range of computers, or multiple computers. See "Client IP Filters" on page 57. ■ MAC Address Filtering - This is a powerful security feature that allows you to specify which computers are allowed on the network. See "MAC Address Filtering" on page 62. ■ DMZ (De-Militarized Zone) - If you have a client PC that cannot run an Internet application properly from behind the firewall, you can use DMZ to open the client up to unrestricted two-way Internet access. See "DMZ" on page 63. CAUTION: DMZ reduces network security, and 3Com recommends you only use it on a temporary basis. SPI Stateful Packet Inspection (SPI) inspects, and if required blocks packets at the application layer. SPI also maintains TCP and UDP session information, including timeouts and the number of active sessions, and provides the ability to detect and prevent certain types of network attacks such as DoS attacks. Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. The goal is not to steal information, but to disable a device or network so users no longer have access to network resources.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130

Firewall
51
Special Applications — Special Applications allows you to specify ports
to be open for specific applications to work properly with the Network
Address Translation (NAT) feature of the Router. See
“Special
Applications”
on
page 54
.
Virtual Servers — This function enables you to route external (Internet)
calls for services such as a web server, FTP server, or other applications
through your Router to your internal network. See
“Virtual Servers”
on
page 56
.
Client IP Filters — You can configure the Router to restrict access to
the Internet, e-mail or other network services at specific days and
times. Restriction can be set for a single computer, a range of
computers, or multiple computers. See
“Client IP Filters”
on
page 57
.
MAC Address Filtering — This is a powerful security feature that
allows you to specify which computers are allowed on the network.
See
“MAC Address Filtering”
on
page 62
.
DMZ (De-Militarized Zone) — If you have a client PC that cannot run
an Internet application properly from behind the firewall, you can use
DMZ to open the client up to unrestricted two-way Internet access.
See
“DMZ”
on
page 63
.
CAUTION:
DMZ reduces network security, and 3Com recommends you
only use it on a temporary basis.
SPI
Stateful Packet Inspection (SPI) inspects, and if required blocks packets at
the application layer. SPI also maintains TCP and UDP session information,
including timeouts and the number of active sessions, and provides the
ability to detect and prevent certain types of network attacks such as DoS
attacks.
Denial of Service (DoS) attacks are aimed at devices and networks with a
connection to the Internet. The goal is not to steal information, but to
disable a device or network so users no longer have access to network
resources.