Firewall, Port Mapping & Filters : Hawking Dual WAN Firewall Router w/4-Port Switch Review

Firewall, Port Mapping & Filters

By TG Publishing Team, published on September 5, 2002
Source: Tom's Guide US | Keywords: hawking, dual, wan, firewall, router, w

Contents

5. Firewall, Port Mapping & Filters

The FR24 has a Stateful Packet Inspection (SPI) based firewall and uses a rule-based firewall management system. It also supports Multi-NAT or Many-to-Many NAT for up to 16 WAN IP addresses.

Tip: MultiNAT allows you to take multiple WAN IP addresses and share them with ranges of private LAN IP addresses. This lets you, for example, have up to 16 DMZ mappings (one for each WAN IP address you have), and also lets you have multiple virtual (mapped) servers of the same type (HTTP / Web servers for example) operating on the same port.

NOTE! This feature is useable only if you have multiple WAN IP addresses assigned from your ISP!

Hawking also gives you some control over the Stateful Packet Inspection (SPI) features of the VBR's firewall as shown in Figure 4, including disabling all SPI features.

Figure 4: Advanced Firewall
(click on the image for a full-sized view)

Port forwarding is provided for single ports via the Virtual Server feature and static port ranges via the WAN Access Controls shown in Figure 5.

Figure 5: WAN Access Control
(click on the image for a full-sized view)

Triggered port range mapping capabilities are not provided and port mappings are not schedulable, but server "loopback" is supported for Virtual servers and WAN-LAN rules.

See this page of the Hardware Router Terminology Guide if you need an explanation of static vs. triggered port mapping.

Tip: See this page of our Hardware Router NTK - Terminology Guide for an explanation of "loopback".

Internet access control (Port Filters) is handled by the LAN Access Control screen shown in Figure 6.

Figure 6: LAN Access Controls
(click on the image for a full-sized view)

Both Control features let you specify source and destination IP address ranges, TCP or UDP port ranges (but not both in one rule), whether to discard or forward the matching packet, and whether the action is logged. On the downside, you can't name or edit rules, or temporarily disable them while leaving them programmed. There's also no abilitiy to schedule the time that the rules are applied.

Lest we not forget - because it's over in the Setup Wizard section - there's also the URL Keyword blocking feature, and the ability to block ActiveX controls, Java applets, Cookies, and Web proxy requests.