Firewall - Cradlepoint MBR1200 Product Manual

Failesafe gigabit n router for mobile broadband

Hide thumbs Also See for MBR1200:

User manual (66 pages)

Quick start manual (5 pages)

Specifications (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

page of 132

/ 132
Contents
Table of Contents
Bookmarks

Table of Contents

MBR1200 | USER MANUAL Firmware ver. 1.6.12

CRADLEPOINT

5.3 Firewall

Use the Firewall sub-menu to protect your network from the outside world. The MBR1200 provides

a tight firewall by virtue of the way NAT works. Unless you configure the router to the contrary, the

NAT does not respond to unsolicited incoming requests on any port, thereby making your LAN

invisible to public Internet view. However, some network applications cannot run with a tight

firewall. Those applications need to selectively open ports in the firewall to function correctly.

Firewall Settings

5.3.1

Enable SPI. SPI (Stateful Packet Inspection, also known as dynamic packet filtering) helps to

prevent cyber attacks by tracking more state per session. It validates that the traffic passing

through the session conforms to the protocol. When SPI is enabled, the extra state information will

be reported on the Status → Active Sessions sub-menu.

Whether SPI is enabled or not, the router always tracks TCP connection states and ensures that

each TCP packet's flags are valid for the current state.

NAT Endpoint Filtering

5.3.2

The NAT Endpoint Filtering options control how the router‟s NAT manages incoming connection

requests to ports that are already being used.

UDP Endpoint Filtering/TCP Endpoint Filtering. The UDP Endpoint Filtering check box

controls endpoint filtering for packets of the UDP protocol and the TCP Endpoint Filtering check

box controls endpoint filtering for packets of the TCP protocol. Select a NAT Endpoint Filtering

option:



Endpoint Independent. Once a LAN-side application has created a connection

through a specific port, the NAT will forward any incoming connection requests with the

same port to the LAN-side application regardless of their origin. This is the least

restrictive option, giving the best connectivity and allowing some applications (P2P

applications in particular) to behave almost as if they are directly connected to the

Internet.



Address Restricted. The NAT forwards incoming connection requests to a LAN-side

host only when they come from the same IP address with which a connection was

established. This allows the remote application to send data back through a port

different from the one used when the outgoing session was created.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

(continued)

FOR MORE HELP AND RESOURCES

PAGE 42

Table of Contents

Show Quick Links

Quick Links:
Wireless Setup Using a Mobile

Hide quick links:

Table of Contents

Firewall - Cradlepoint MBR1200 Product Manual

5.3 Firewall

Hide quick links:

Related Manuals for Cradlepoint MBR1200

Related Content for Cradlepoint MBR1200

Table of Contents