Note: The Firewall Control form is not applicable to MCD for Industry Standard Servers (ISS).
The Firewall Control form is used to program and verify the firewall settings for the Internet gateway. The firewall examines all packets attempting to access the internal network from the Internet. Unless a packet is part of an existing connection, or matches a specific TCP or UDP port programmed for forwarding, it is declared as "unknown". All unknown packets are logged in System Diagnostics and then either dropped or rejected.
The firewall can also be programmed to allow outbound Virtual Private Network (VPN) tunnels with PPTP and IPSec pass-through and inbound connections with IP Port Forwarding (see Port Forward Table form).
Use this form when performing the following tasks:
Parameter |
Description |
Default Value |
Logging State |
Select "Disabled" to disable logging of unknown packets. |
Enabled |
PPTP Pass-through |
Select "Disabled" to disable PPTP Pass-through. When PPTP Pass-through is "Enabled", outbound PPTP VPN tunnels are allowed to pass through the firewall from the LAN to the internet. |
Enabled |
IPSEC Pass-through |
Select "Disabled" to disable IPSEC Pass-through. When IPSEC Pass-through is "Enabled", outbound IPSec VPN tunnels are allowed to pass through the firewall from the LAN to the internet. |
Enabled |
Action for Unknown Packets |
Select the method of handling unknown packets received on the WAN interface: Drop: the unknown packet is discarded without a reply to the sender. Reject: the unknown packet generates an error packet (ICMP port unreachable) for the sender. Additionally, the packet is logged if logging is enabled for this packet type. |
Drop |
Do Not Log UDP Ports |
List the UDP packets that do not generate logs when packets are received on the specified ports. Valid ports are numbered 1-65535 with a total field length of up to 128 characters. Port ranges are of the form x-y, where x is less than y. List ports and/or port ranges separated by commas. |
137-139, 520 |
Do Not Log TCP Ports |
List the TCP packets that do not generate logs when packets are received on the specified ports. Valid ports are numbered 1-65535 with a total field length of up to 128 characters. Port ranges are of the form x-y, where x is less than y. List ports and/or port ranges separated by commas. |
135, 137-139 |
WAN Firewall |
Select "Enabled" to enable the firewall and Network Address Translation (NAT) For a computer to communicate with other computers and Web servers on the Internet, it must have an IP address. An IP address is a unique 32-bit number that identifies the location of your computer on a network. An IP address is similar to a street address in that it is means to find out exactly where you are and deliver information to you. Network Address Translation allows a single device, such as a router, to act as an agent between the Internet (or "public network") and a local (or "private") network. This means that only a single, unique IP address is required to represent an entire group of computers. on the WAN port . Disabling the firewall makes it feasible to connect the WAN port to a separate network with transparent routing provisioned between the networks on the WAN port and the LAN ports of the controller. |
Enabled |