Table of Contents
Advertisement
Enable SYN FLOOD defense: When enabled, the device can effectively defend against
Intranet SYN FLOOD attacks.
Enable ARP proofing defense: When enabled, the device's LAN port can send ARP broadcast
packets at a certain time interval (the default is 100 milliseconds), which can effectively
defend against ARP spoofing.
Enable device access control: When enabled, only the hosts within the address field range to
log on the device via the LAN port.
Enable port scan defense: When enabled, the device can effectively defend against Intranet
port scanning.
2.
External Attack Prevention
Reject external Ping: When enabled, the WAN port of the device does not respond to the ping
requests from the external network.
11.2
Access control
This section describes the functions and configuration methods of the Firewall -> Access control
policy.
Flexibility in the use of the access control feature not only can set Internet access for different
users, but also can control the Internet access of users at different times. In practical applications,
the device can be configured with related access control policies according to the management
regulations of individual agencies. For example, for school users, access control policies can be
configured to prohibit students from visiting the games websites. For family users, it can be
configured to only allow children to access the Internet during the specified time. For enterprise
users, it can be configured to prevent the machines of the finance department from being accessed
by the Internet.
http://www.level1.com
Figure 11_2 Attack Prevention - External Attack Prevention
Chapter 11 Firewall
Page 103
Advertisement
Table of Contents
