42
Chapter 4
•
SPI Firewall
- SPI (Stateful Packet Inspection, also known as dynamic packet
filtering) helps to prevent cyber attacks by tracking more state per session. It
validates that the traffic passing through the session conforms to the protocol.
SPI Firewall is enabled by default.
•
VPN
- VPN Passthrough must be enabled if you want to allow VPN tunnels using IPSec,
PPTP or L2TP protocols to pass through the router’s firewall.
•
PPTP Passthrough
- Point-to-Point Tunneling Protocol (PPTP) allows the Point-
to-Point Protocol (PPP) to be tunneled through an IP network. If you want to allow
PPTP tunnels to pass through the router, you can keep the default (Enabled).
•
L2TP Passthrough
- Layer 2 Tunneling Protocol (L2TP) is the method used
to enable Point-to-Point sessions via the Internet on the Layer 2 level. If you
want to allow L2TP tunnels to pass through the router, you can keep the default
(Enabled).
•
IPSec Passthrough
- Internet Protocol Security (IPSec) is a suite of protocols for
ensuring private, secure communications over Internet Protocol (IP) networks,
through the use of cryptographic security services. If you want to allow IPSec
tunnels to pass through the router, you can keep the default (Enabled).
•
ALG
- It is recommended to enable Application Layer Gateway (ALG) because ALG
allows customized Network Address Translation (NAT) traversal filters to be plugged
into the gateway to support address and port translation for certain application layer
“control/data” protocols such as FTP, TFTP, H323 etc.
•
FTP ALG
- To allow FTP clients and servers to transfer data across NAT, keep
the default
Enable
.
•
TFTP ALG
- To allow TFTP clients and servers to transfer data across NAT, keep
the default
Enable
.
•
H323 ALG
- To allow Microsoft NetMeeting clients to communicate across NAT,
keep the default
Enable.
•
RTSP ALG
- To allow some media player clients to communicate with some
streaming media servers across NAT, click
Enable
.
•
SIP ALG
- To allow some multimedia clients to communicate across NAT, click
Enable
.
3. Click
Save
.
4. 8. 2. Advanced Security
1. Visit
http://tplinkwifi.net
, and log in with the username and password you set for the router.
2. Go to
Security
>
Advanced Security
, and you can protect the router from being attacked by
ICMP-Flood, UDP Flood and TCP-SYN Flood.