Firewall

The Firewall menu item allows you to set the parameters for the router’s firewall. Various settings are possible here.

Basic

Here you can configure the basic settings of the firewall.

image70

Name

Description

Default

Default Filter Policy

Possible options are allow and block

Allow

Block Anonymous WAN Request (ping)

Enable to block ping requests generated anonymously from the network

Disabled

Filter Multicast

Click to enable filtering of multicast

Enabled

Defend DoS Attack

Click to enable fending off DoS attacks

Enabled

Filtering

At this point you can filter what the firewall should let through and what not. Various configurations are possible here, which you can reach via Firewall > Filtering.

image71

Name

Description

Default

Enable

Click to activate filtering

Enabled

Proto

Selection of the protocol. The options “TCP”/”UDP”/”ICMP” are possible

All

Source

Set source IP address

Blank

Source Port

Set source port if corresponding protocol was selected

Blank

Destination

Set destination IP

Blank

Destination Port

Set destination port if corresponding protocol was selected

Blank

Action

Selection whether setting should be accepted or blocked

Allowed

Log

Click to enable logging of the setting

Disabled

Description

Describe configuration

Blank

Content Filtering

The content filter in the firewall allows you to filter the call of special URLs, which can then be blocked or allowed. You can create the configuration under Firewall > Content Filtering.

image72

Name

Description

Default

Enable

Enable or disable the content filter function

Enabled

URL

Entering the URL to be blocked or filtered

Blank

Action

Selection whether URL is blocked or accepted

Enabled

Log

Can be activated for logging

Disabled

Description

Describe configuration

Blank

Port Mapping

NAT-PMP (NAT Port Mapping) allows a computer in a private network (behind a NAT router) to automatically configure the router so that devices behind the router can be reached from outside the private network. It essentially controls what is known as port forwarding. NAT-PMP, like UPnP also, and allows a program to request all incoming data from outside on a specific TCP or UDP port. You can perform the configuration under**Firewall > Port Mapping**.

image73

Name

Description

Default

Enable

Enable or disable port mapping

Enabled

Proto

Selection of TCP, UDP or TCP&UDP protocols

TCP

Source

Enter source IP

0.0.0.0/0

Service Port

Enter port of the service

8080

Internal Address

Set internal IP for mapping

Blank

Internal Port

Set port mapping to “internal”

8080

Log

Click to enable logging of port mapping

Disabled

External Address (Optional) / Tunnel Name (OpenVPN)

Used in conjunction with VPN. For port forwarding with VPN, the virtual VPN IP address of the TC router must be entered here

Blank

Description

Describe the meaning of the individual classifications

Blank

Virtual IP Mapping

The IP of an internal PC can be assigned to a virtual IP. An external network can access the internal PC via this virtual IP address. You can set up this configuration under Firewall > Virtual IP Mapping.

image74

Name

Description

Default

Virtual IP for Router

Set virtual IP for router

Blank

Source IP Range

Set range of source IP addresses

Blank

Virtual IP

Set virtual IP

Blank

Real IP

Set real IP

Blank

Log

Enable logging for virtual IP

Disabled

Description

Describe configuration

Blank

DMZ

A Demilitarized Zone (DMZ) refers to a computer network with security-controlled access to the servers connected to it.

The systems set up in the DMZ are shielded from other networks (e.g. Internet, LAN) by one or more firewalls. This separation allows access to publicly accessible services while protecting the internal network (LAN) from unauthorized access from the outside.

The purpose is to make services of the computer network available to both the Internet (WAN) and the intranet (LAN) on as secure a basis as possible.

A DMZ provides protection by isolating a system from two or more networks.

image75

image76

By mapping all ports and the external PC, you can access all ports of the device connected to the TK500.

With this function it is not possible to assign the administration port of the TK500 (e.g.: 80 TCP) to the port of the device. To forward port 80, change the management port of the router under System > Admin Access.

Name

Description

Default

Enable DMZ

Click to enable DMZ

Disabled

DMZ Host

Set DMZ host IP

Blank

Source Address Range

Set IP address with restricted IP access

Blank

Interface

Selection of the appropriate interface

Blank

MAC-IP Bundling

MAC IP bundling means assigning a predefined IP address to a defined MAC address. Thus the given MAC address always gets the same IP address. You can reach this menu item under Firewall > MAC-IP Bundling.

image77

If a firewall blocks all access to the external network, only PCs with MAC-IP bundling will gain access to the external network.

Name

Description

Default

MAC Address

Set MAC address for bundling

Blank

IP Address

Set IP address for bundling

192.168.2.2

Description

Describe configuration

Blank

NAT

Network Address Translation (NAT) In computer networks, Network Address Translation is the collective term for procedures that automatically replace address information in data packets with other information in order to connect different networks. They are therefore typically used on routers.

Use of Source-NAT (SNAT)

It allows devices with private network addresses to connect to the Internet. Private IP addresses cannot usually be routed by the provider, so they must be translated into a public, routable IP address. The TK500v2 has implemented this function, which enables communication between different networks. In addition, a relevant security aspect is found in NAT, since a public IP address cannot be traced back to the associated private IP address.

Use of Destination-NAT (DNAT)

This is used to offer services that are operated on computers under a single IP address. It is often referred to as port mapping or port forwarding.

NAT

Configuration

  • To configure NAT, go to the menu item Firewall and select the subitem NAT.

  • Here you can find a list of all existing NAT rules

  • New NAT rules can be added via the Add button