background image
Chapter 2. Getting to Know the Internet Security Router
Internet Security Router User
’s Manual
4
Table 2.2. Rear Panel Labels and LEDs
Label
Function
Switches the unit on and off
POWER
Connects to the supplied power adapter
Reset
Resets the device
CONSOLE
RJ-45 serial port for console management
WAN
Connects to your WAN device, such as ADSL or
cable modem.
P1
– P4
Connects the device to your PC's Ethernet port,
or to the uplink port on your LAN's hub/switch,
using the cable provided
2.4
Major Features
2.4.1
Firewall Features
The Firewall as implemented in the Internet Security Router provides the following features to protect your
network from being attacked and to prevent your network from being used as the springboard for attacks.
„ Address Sharing and Management
„ Packet Filtering
„ Stateful Packet Inspection
„ Defense against Denial of Service Attacks
„ Application Content Filtering
„ Log and Alert
„ Remote Access
„ Keyword based URL Filtering
2.4.1.1
Address Sharing and Management
The Internet Security Router Firewall provides NAT to share a single high-speed Internet connection and to
save the cost of multiple connections required for the hosts on the LAN segments connected to the Internet
Security Router. This feature conceals network address and prevents them from becoming public. It maps
unregistered IP addresses of hosts connected to the LAN with valid ones for Internet access. The Internet
Security Router Firewall also provides reverse NAT capability, which enables SOHO users to host various
services such as e-mail servers, web servers, etc. The NAT rules drive the translation mechanism at the NAT
router. The following types of NAT are supported by the Internet Security Router.
„ Static NAT – Maps an internal host address to a globally valid Internet address (one-to-one). All
packets are directly translated with the information contained in the map.
„ Dynamic NAT – Maps an internal host address dynamically to a globally valid Internet address (m-to-
n). The map usually contains a pool of internal IP addresses (m) and a pool of globally valid Internet IP
addresses (n) with m usually greater than n. Each internal IP address is mapped to one external IP
address on a first come first serve basis.
„ NAPT (Network Address and Port Translation) – Also called IP Masquerading. Maps many internal
hosts to only one globally valid Internet address. The map usually contains a pool of network ports to
be used for translation. Every packet is translated with the globally valid Internet address; the port
number is translated with a free pool from the pool of network ports.