1. Manuals
  2. Brands
  3. Asus Manuals
  4. Network Router
  5. RX3042H
  6. User manual

Dos (Denial Of Service) Protection; Firewall And Access Control List (Acl); Priority Order Of Acl Rule; Tracking Connection State - Asus RX3042H User Manual

Hide thumbs
Table of Contents

Advertisement

RX3042H User's Manual
Configuring Firewall

9.1.2 DoS (Denial of Service) Protection

Both DoS protection and stateful packet inspection provide first line
of defense for your network. No configuration is required for both
protections on your network as long as firewall is enabled for the
RX3042H. By default, the firewall is enabled at the factory. Please
refer to section 9.3.1 "Firewall " to enable or disable firewall service
on the RX3042H.

9.1.3 Firewall and Access Control List (ACL)

9.1.3.1 Priority Order of ACL Rule

All ACL rules have a rule ID assigned – the smaller the rule ID, the
higher the priority. Firewall monitors the traffic by extracting header
information from the packet and then either drops or forwards the
packet by looking for a match in the ACL rule table based on the
header information. Note that the ACL rule checking starts from the
rule with the smallest rule ID until a match is found or all the ACL
rules are examined. If no match is found, the packet is dropped;
otherwise, the packet is either dropped or forwarded based on the
action defined in the matched ACL rule.

9.1.3.2 Tracking Connection State

The stateful packet inspection engine in the firewall keeps track
of the state, or progress, of a network connection. By storing
information about each connection in a state table, RX3042H is
able to quickly determine if a packet passing through the firewall
belongs to an already established connection. If it does, it is passed
through the firewall without going through ACL rule evaluation.
For example, an ACL rule allows outbound ICMP packet from
192.168.1.1 to 192.168.2.1. When 192.168.1.1 send an ICMP echo
request (i.e. a ping packet) to 192.168.2.1, 192.168.2.1 will send an
ICMP echo reply to 192.168.1.1. In the RX3042H, you donʼt need to
create another inbound ACL rule because stateful packet inspection
engine will remember the connection state and allows the ICMP
echo reply to pass through the firewall

9.1.4 Default ACL Rules

The RX3042H supports two types of access rules:
64

Advertisement

Table of Contents
loading

Related Manuals for Asus RX3042H

Related Content for Asus RX3042H

Table of Contents