Section 3 - Configuration
A firewall protects your network from the outside world. The D-Link DIR-652 offers a firewall type functionality. The SPI feature helps prevent cyber
attacks. Sometimes you may want a computer exposed to the outside world for certain types of applications. If you choose to expose a computer,
you cam enable DMZ. DMZ is short for Demilitarized Zone. This option will expose the chosen computer completely to the outside world.
Enable SPI:
SPI (Stateful Packet Inspection, also known as dynamic
packet filtering) helps to prevent cyber attacks by tracking
more state per session. It validates that the traffic passing
through the session conforms to the protocol.
NAT Endpoint
Select one of the following for TCP and UDP ports:
Endpoint. Independent. - Any incoming traffic sent to
Filtering:
an open port will be forwarded to the application that
opened the port. The port will close if idle for 5 minutes.
Address.Restricted - Incoming traffic must match the IP
address of the outgoing connection.
Address.+.Port.Restriction - Incoming traffic must match
the IP address and port of the outgoing connection.
Enable DMZ Host:
If an application has trouble working from behind the
router, you can expose one computer to the Internet and
run the application on that computer.
Note: Placing a computer in the DMZ may expose that
computer to a variety of security risks. Use of this option is
only recommended as a last resort.
IP Address:
Specify the IP address of the computer on the LAN that
you want to have unrestricted Internet communication. If
this computer obtains it's IP address automatically using
DHCP, be sure to make a static reservation on the Basic
> DHCP page so that the IP address of the DMZ machine
does not change.
D-Link DIR-652 User Manual
Firewall Settings
62