Table of Contents
Advertisement
7.3.3 Advanced
Advanced firewall settings are used to supplement the firewall rules, providing extra security enhancement
against DHCP and ARP traffics traversing the available interfaces of system.
Trust Interface: Each VAP interface can be checked individually to mark as trusted interfaces;
security enforcements on DHCP/ARP like DHCP snooping and ARP inspection will be carried out on
non-trusted interfaces.
DHCP Snooping: When enabled, DHCP packets will be validated against possible threats like
DHCP starvation attack; in addition, the trusted DHCP server (IP/MAC) can be specified to prevent
rouge DHCP server.
ARP Inspection: When enabled, ARP packets will be validated against ARP spoofing.
Force DHCP option when enabled, the AP only learns MAC/IP pair information through
DHCP packets. Since devices configured with static IP address does not send DHCP
traffic, therefore any clients with static IP address will be blocked from internet access
unless its MAC/IP pair is listed and enabled on the Static Trust List.
Trust List Broadcast can be enabled to let other AP (with L2 firewall feature) learn the
trusted MAC/IP pairs to issue ARP requests.
Static Trust List can be used to add MAC or MAC/IP pairs of devices that are trusted to
issue ARP request. Other network nodes can still send their ARP requests; however, if
their IP appears in the static list (with different MAC), their ARP requests will be dropped
to prevent eavesdropping.
If any settings are made, please click SAVE to save the configuration before leaving this page.
61
Advertisement
Table of Contents
