D-Link DGL-4500 Product Manual - Page 50

Section 3 - Configuration Firewall Settings A firewall protects your network from the outside world. The D-Link DGL-4500 offers a firewall type functionality. Enable SPI: SPI (Stateful Packet Inspection, also known as dynamic packet filtering) helps to prevent cyber attacks by tracking more state per session. It validates that the traffic passing through the session conforms to the protocol. NAT Endpoint Select one of the following for TCP and UDP ports: Filtering: Endpoint Independent - Any incoming traffic sent to an open port will be forwarded to the application that opened the port. The port will close if idle for 5 minutes. Address Restricted - Incoming traffic must match the IP address of the outgoing connection. Address and Port Restriction - Incoming traffic must match the IP address and port of the outgoing connection. Anti-Spoofing: Click to enable Anti-Spoofing protection. Enable DMZ Host: If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on that computer. Note: Placing a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort. IP Address: Specify the IP address of the computer on the LAN that you want to have unrestricted Internet communication. If this computer obtains it's IP address automatically using DHCP, be sure to make a static reservation on the Basic > DHCP page so that the IP address of the DMZ machine does not change. Non-UDP/TCP/ICMP Enable this feature to allow the router' NAT to track application that uses protocols other than UDP, TCP or ICMP. LAN Sessions: ALG: Check the PPTP, IPSec, RTSP, and SIP boxes to allow pass-through. D-Link DGL-4500 User Manual 45