Security Profile

The security profiles control the firewall: what to allow and what to refuse.
Only advanced users are recommended to change the security profiles.

Press "Get default values" to restore the security profiles to their original values.

NOTE! Press "Save" after your settings!


Allowed applications

Applications allowed to get in through the firewall (from WAN to LAN):

Web, Telnet, SSH, FTP server - Check box if you have any of these servers on your LAN, and you want computers on the Internet to be able to access them. Enter the server's IP address.
PING receiver - Check box if you want ping-requests from the Internet answered by a PC on your LAN. Enter the PC's LAN IP address.
(Not recommended, as it is a security risk at "flood-pinging")
SIP - Check box if you want incoming SIP messages to be allowed through / answered.
Remote configuration - Check box(es) if you want the configuration web interface (these pages) or the command line interface (Telnet) resp. to be accessible from the Internet.
(NOTE! Extreme security risk! Not recommended!)

Multi-user gaming support:
Some games where many users can play with each other over the Internet demand that the firewall allows non-conventional data traffic.
Check the appropriate box if you want to play such a game over the Internet. Also, make sure that "All" is checked at "Applications from inside"!
NOTE! Only one PC on LAN can play with others on the Internet! Enter that PC's IP address!
You may also try to enable "loose UDP" at "General settings" to allow some other games to work.
(NOTE! If you play these games on your own, or with other LAN users only, you do not need to set any of this.)
DirectX - Check box if you want to play games using the Microsoft DirectX communication module:
(Ages of Empire, Midtown Madness, Motocross Madness, most Microsoft-games, many Windows-games)
Delta Force, Command & Conquer III,
Red Alert, Descent 3 - Check box if you want to play any of these games over the Internet.
Microsoft Netmeeting 2.0 - Check box if you want to communicate with other Netmeeting users over the Internet.

NOTE! Press "Save" after your settings!


Enter port redirections

Manual port redirections from WAN to LAN ports. (only for advanced users)

TCP connections - Rules for data traffic using TCP packets.
UDP connections - Rules for data traffic using UDP packets.
outside port(s) - WAN port(s) to be opened.
inside host - IP address of LAN PC that should receive the data traffic.
inside port - Leave blank if same as outside ports!

NOTE! Press "Save" after your settings!


Enter IP redirections

Manual IP protocol/address redirections from WAN to LAN. (only for advanced users)
Redirections selected in priority order, 1:st row first.

Protocol - Protocol number or (for common protocols) name. Leave blank for "all protocols".

NOTE! Press "Save" after your settings!


Applications from inside

Applications allowed to get out through the firewall (from LAN to WAN):

All - Allow all outgoing data traffic to pass through. No filtering. (NOTE! Security risk! Not recommended!)
All TCP - Allow all outgoing TCP packets to pass through. (Not recommended)
All UDP - Allow all outgoing UDP packets to pass through. (Not recommended)
Web - Allow web access ("surfing").
NNTP - Allow access to newsgroups.
POP3 - Allow reception of e-mail.
IMAP - Allow reception of e-mail.
SMTP - Allow sending e-mail.
FTP - Allow file transfers.
Ping - Allow outgoing ping (a LAN PC pinging to a PC on WAN / Internet).
inside -> DMZ - Allow all, all TCP or all UDP traffic from LAN to DMZ.
Other TCP ports - Open specific port numbers (only for advanced users) (several ports can be entered, separated by comma)
Other UDP ports - Open specific port numbers (only for advanced users) (several ports can be entered, separated by comma)
Administration (Telnet) - Allow access to command line interface.

NOTE! Press "Save" after your settings!


General settings

Other security profile settings:

Loose UDP (Peer-to-peer gaming) - Many games use "loose UDP" for communicating between several users over the Internet:
e.g. BattleZone1.4, Dark Reign1.4, Diablo, HeavyGear2, Quake I/II, StarCraft, WorldCraft, and most of the games from Activision
Check the box to allow such traffic to pass through.
Disable "ICMP close" (Port Unreachable) - Avoid "UDP connections" from being closed by ICMP Port Unreachable messages.
Enable strict TCP inspection - Uncheck this if encountering compatibility problems with certain servers.
TCP inactivity timeout - Close the connection if no data has been transmitted for the specified time.
UDP inactivity timeout - Close the connection if no data has been transmitted for the specified time.
Firewall Log - Select the extent of the firewall log. Warning!! Settings other than "off" may affect the speed/throughput.
NB! Not all intended packets will be logged under heavy load.
Forward to syslog server - Select the data to be copied from the firewall log to an external syslog server. See also " Administration ".
Include link layer information - For example Ethernet headers .
Log raw data - Restricts how much of the logged data that is shown in raw (hex or ASCII) form, default is null bytes .
Exclude protocol headers - For example IP and TCP headers .

NOTE! Press "Save" after your settings!


Read more online:
Security Profile