Add/Edit
Allowed
Remote
Access
Addresses IP Address: The IP address that will be allowed to access administrative services through the
WAN.
Netmask
(Optional): The netmask allows you to specify what IP address sets will be allowed access. If this field is left empty a netmask of
255.255.255.255 is used, which means that only the single specified IP address has remote administration access.
Application
Gateways
Enabling an application gateway makes pinholes through the firewall. This may be required for some applications to function, or for an application
to improve functionality or add features.
Exercise
caution
in
enabling
application
gateways
as
they
impact
the
security
of
your
network.
Enable any of the following types of application gateways:
• PPTP: For virtual private network access using Point-to-Point Tunneling Protocol. This is enabled by default.
• SIP: For VoIP (voice over IP) using Session Initiation Protocol.
• TFTP: Enables file transfer using Trivial File Transfer Protocol.
• FTP: To allow normal mode when using File Transfer Protocol. This is not needed for passive mode. This is enabled by default.
• IRC: For Direct Client to Client (DCC) transfer when using Internet Relay Chat. You may wish to forward TCP port 113 for incoming identd
(RFC 1413) requests.
Firewall
Options
Anti-Spoof: Anti-Spoof checks help protect against malicious users faking the source address in packets they transmit in order to either hide
themselves or to impersonate someone else. Once the user has spoofed their address they can launch a network attack without revealing the true
Figure 64: Application Gateways
47