TL-ER5120 User Guide
Page 9
... Firewall + Supporting One-Click IP-MAC Binding to avoid ARP spoofing and guarantee a network without stagnation. + Featured Attack Defense to protect the network from visiting the malicious Web sites. Chapter 2 Introduction Thanks for choosing the Gigabit Load Balance Broadband Router TL-ER5120. 2.1 Overview of the Router The Gigabit Load Balance Broadband Router TL-ER5120 from TP-LINK...
... Firewall + Supporting One-Click IP-MAC Binding to avoid ARP spoofing and guarantee a network without stagnation. + Featured Attack Defense to protect the network from visiting the malicious Web sites. Chapter 2 Introduction Thanks for choosing the Gigabit Load Balance Broadband Router TL-ER5120. 2.1 Overview of the Router The Gigabit Load Balance Broadband Router TL-ER5120 from TP-LINK...
TL-ER5120 User Guide
Page 11
... firewall supporting URL/MAC Filtering ¾ Supports Access Control ¾ Supports Attack Defense ¾ Supports IP-MAC Binding ¾ Supports GARP (Gratuitous ARP) ¾ Deploys One-Click restricting of IM/P2P applications 2.3 Appearance 2.3.1 Front Panel The front panel of TL-ER5120 is no device linked... to the corresponding port Flashing The corresponding port is transmitting or receiving data On (Green) The linked device is running at 1000Mbps On (Yellow) The linked device is running at 100Mbps Off There ...
... firewall supporting URL/MAC Filtering ¾ Supports Access Control ¾ Supports Attack Defense ¾ Supports IP-MAC Binding ¾ Supports GARP (Gratuitous ARP) ¾ Deploys One-Click restricting of IM/P2P applications 2.3 Appearance 2.3.1 Front Panel The front panel of TL-ER5120 is no device linked... to the corresponding port Flashing The corresponding port is transmitting or receiving data On (Green) The linked device is running at 1000Mbps On (Yellow) The linked device is running at 100Mbps Off There ...
TL-ER5120 User Guide
Page 40
... the Hosts in Public mode and Private mode. In Public mode, the DMZ port allows the Hosts in DMZ cannot access LAN. TL-ER5120 provides a DMZ port to allow all the local hosts connected to this port to be exposed to public IP addresses for some special... Internet gaming and video-conferencing. The DMZ physical port can directly communicate with Internet via NAT mode which has fewer default firewall restrictions than the LAN does. 3.1.5 DMZ DMZ (Demilitarized Zone) is a network which translates private IP addresses within the different subnet of TL-ER5120. -35- Figure 3-17 DMZ -
... the Hosts in Public mode and Private mode. In Public mode, the DMZ port allows the Hosts in DMZ cannot access LAN. TL-ER5120 provides a DMZ port to allow all the local hosts connected to this port to be exposed to public IP addresses for some special... Internet gaming and video-conferencing. The DMZ physical port can directly communicate with Internet via NAT mode which has fewer default firewall restrictions than the LAN does. 3.1.5 DMZ DMZ (Demilitarized Zone) is a network which translates private IP addresses within the different subnet of TL-ER5120. -35- Figure 3-17 DMZ -
TL-ER5120 User Guide
Page 75
The Flags describe certain characteristics of route entry. Metric The Metric of route entry. 3.4 Firewall 3.4.1 Anti ARP Spoofing ARP (Address Resolution Protocol) is used IP address-to-MAC address mapping entries are high security risks during ARP Implementation ...corresponding MAC address and maintain an ARP Table, where the latest used to analyze and map IP addresses to access the network. Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to external network via Gateway. Logical Interface: The logical interface of the route. Physical Interface: The...
The Flags describe certain characteristics of route entry. Metric The Metric of route entry. 3.4 Firewall 3.4.1 Anti ARP Spoofing ARP (Address Resolution Protocol) is used IP address-to-MAC address mapping entries are high security risks during ARP Implementation ...corresponding MAC address and maintain an ARP Table, where the latest used to analyze and map IP addresses to access the network. Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to external network via Gateway. Logical Interface: The logical interface of the route. Physical Interface: The...
TL-ER5120 User Guide
Page 77
Choose the menu Firewall→Anti ARP Spoofing→ARP Scanning to the list on IP-MAC Binding page, but not effective yet. -72- Note: If all the active ...
Choose the menu Firewall→Anti ARP Spoofing→ARP Scanning to the list on IP-MAC Binding page, but not effective yet. -72- Note: If all the active ...
TL-ER5120 User Guide
Page 78
Figure 3-47 ARP List The configurations for a long time. Choose the menu Firewall→Attack Defense→Attack Defense to load the following page. -73- Please add entries manually on 3.4.1.1 IP-MAC Binding. 3.4.1.3 ARP List On this page, ... new IP-MAC information or be automatically removed from ARP attack, you cannot add IP-MAC Binding entries on 3.4.1.2 ARP Scanning page. Choose the menu Firewall→Anti ARP Spoofing→ARP List to load the following page. This period is the same as to guarantee the network security. Note: If...
Figure 3-47 ARP List The configurations for a long time. Choose the menu Firewall→Attack Defense→Attack Defense to load the following page. -73- Please add entries manually on 3.4.1.1 IP-MAC Binding. 3.4.1.3 ARP List On this page, ... new IP-MAC information or be automatically removed from ARP attack, you cannot add IP-MAC Binding entries on 3.4.1.2 ARP Scanning page. Choose the menu Firewall→Anti ARP Spoofing→ARP List to load the following page. This period is the same as to guarantee the network security. Note: If...
TL-ER5120 User Guide
Page 80
... actual situation. ¾ MAC Filtering MAC Address: Enter the MAC Address to the Internet of local host by specifying their MAC addresses. Choose the menu Firewall→MAC Filtering→MAC Filtering to load the following items are displayed on this page, you private network, it is recommended to the abnormal...
... actual situation. ¾ MAC Filtering MAC Address: Enter the MAC Address to the Internet of local host by specifying their MAC addresses. Choose the menu Firewall→MAC Filtering→MAC Filtering to load the following items are displayed on this page, you private network, it is recommended to the abnormal...
TL-ER5120 User Guide
Page 81
URL Filter functions to filter the Internet URL address, so as to provide a convenient way for retrieving it. Choose the menu Firewall→Access Control→URL Filtering to load the following items are displayed on this screen: ¾ General To control the access to Internet for ...
URL Filter functions to filter the Internet URL address, so as to provide a convenient way for retrieving it. Choose the menu Firewall→Access Control→URL Filtering to load the following items are displayed on this screen: ¾ General To control the access to Internet for ...
TL-ER5120 User Guide
Page 83
3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall→Access Control→Web Filtering to load the following page. Figure 3-51 Web Filtering Check the box before Enable Web Filtering and select the web components to be filtered. 3.4.4.3 Access Rules Choose the menu Firewall→Access Control→Access Rules to load the following page. -78-
3.4.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall→Access Control→Web Filtering to load the following page. Figure 3-51 Web Filtering Check the box before Enable Web Filtering and select the web components to be filtered. 3.4.4.3 Access Rules Choose the menu Firewall→Access Control→Access Rules to load the following page. -78-
TL-ER5120 User Guide
Page 86
... entry in Figure 3-52 indicates: The TELNET packets transmitted from the hosts within the network of 192.168.0.0/24 will be filtered for Firewall function conveniently. Choose the menu Firewall→Access Control→Service to Saturday. ¾ List of Rules You can view the information of subnet mask, please refer to...
... entry in Figure 3-52 indicates: The TELNET packets transmitted from the hosts within the network of 192.168.0.0/24 will be filtered for Firewall function conveniently. Choose the menu Firewall→Access Control→Service to Saturday. ¾ List of Rules You can view the information of subnet mask, please refer to...
TL-ER5120 User Guide
Page 87
... start and end ports to load the following items are displayed on Access Rule page. Protocol: Select the protocol for the service. Choose the menu Firewall→App Control→Control Rules to make a destination port range for the service. The name will display in the drop-down list of the...
... start and end ports to load the following items are displayed on Access Rule page. Protocol: Select the protocol for the service. Choose the menu Firewall→App Control→Control Rules to make a destination port range for the service. The name will display in the drop-down list of the...
TL-ER5120 User Guide
Page 89
Effective Time: Description: Status: Specify the time for the entry. You can download the latest database from http://www.tp-link.com, Click the button and select the file, and then click the button to 3.2.1 Group. 3.4.5.2 Database On this entry is enabled. Give a description for the ... can control the dial-up of the entries and edit them by the Action buttons. The effective time of Account pages. -84- Choose the menu Firewall→App Control→Database to users in network management. The first entry in the popup checkbox.
Effective Time: Description: Status: Specify the time for the entry. You can download the latest database from http://www.tp-link.com, Click the button and select the file, and then click the button to 3.2.1 Group. 3.4.5.2 Database On this entry is enabled. Give a description for the ... can control the dial-up of the entries and edit them by the Action buttons. The effective time of Account pages. -84- Choose the menu Firewall→App Control→Database to users in network management. The first entry in the popup checkbox.
TL-ER5120 User Guide
Page 114
... and the IP Address for the NTP Server. You can select a severity level to display the log information with UDP port of 123 to the firewall software of the PC. 2. The time will refresh automatically every 5 seconds. Severity: Displays the severity level of Logs displays the system log information in log...
... and the IP Address for the NTP Server. You can select a severity level to display the log information with UDP port of 123 to the firewall software of the PC. 2. The time will refresh automatically every 5 seconds. Severity: Displays the severity level of Logs displays the system log information in log...
TL-ER5120 User Guide
Page 120
Figure 4-6 User Config - Add all the Users you just created into the Group 1 and click the button to apply. 4.2.2.2 App Control Choose the menu Firewall→App Control→Control Rules to be blocked on the popup window. Status: Activate -115- Then continue with the following settings: Settings: Object: Group: ...
Figure 4-6 User Config - Add all the Users you just created into the Group 1 and click the button to apply. 4.2.2.2 App Control Choose the menu Firewall→App Control→Control Rules to be blocked on the popup window. Status: Activate -115- Then continue with the following settings: Settings: Object: Group: ...
TL-ER5120 User Guide
Page 123
... the premise of the local network. 4.2.3.1 LAN ARP Defense You can enable Port Mirror function and Statistics function to defend ARP attack. Choose the menu Firewall→Anti ARP Spoofing→ARP Scanning to implement flood defense and Packet Anomaly Defense. Then click the button, the scanning result will display as...
... the premise of the local network. 4.2.3.1 LAN ARP Defense You can enable Port Mirror function and Statistics function to defend ARP attack. Choose the menu Firewall→Anti ARP Spoofing→ARP Scanning to implement flood defense and Packet Anomaly Defense. Then click the button, the scanning result will display as...
TL-ER5120 User Guide
Page 124
... the items for General and set the GARP packets sending interval to apply. Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to apply. -119- Figure 4-13 Scanning Result Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to ARP List. The ARP List will display... add it to load the configuration page. Select the ARP entries needed to be added in the same way. 3) Set Attack Defense Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to the list, you can be bound or click the button, and then click the button.
... the items for General and set the GARP packets sending interval to apply. Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to apply. -119- Figure 4-13 Scanning Result Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to ARP List. The ARP List will display... add it to load the configuration page. Select the ARP entries needed to be added in the same way. 3) Set Attack Defense Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to the list, you can be bound or click the button, and then click the button.
TL-ER5120 User Guide
Page 125
... WAN port by ARP Scanning first. After obtaining the MAC address of the WAN port will display in the Scanning Result table. Choose the menu Firewall→Anti ARP Spoofing→ARP Scanning to load the configuration page. Enter the default gateway of the WAN port such as Figure 4-16 shows... address of WAN port from Scanning Result table, select this entry, then click the button to finish the binding operation. 4.2.3.3 Attack Defense Choose the menu Firewall→Attack Defense→Attack Defense to load the configuration page.
... WAN port by ARP Scanning first. After obtaining the MAC address of the WAN port will display in the Scanning Result table. Choose the menu Firewall→Anti ARP Spoofing→ARP Scanning to load the configuration page. Enter the default gateway of the WAN port such as Figure 4-16 shows... address of WAN port from Scanning Result table, select this entry, then click the button to finish the binding operation. 4.2.3.3 Attack Defense Choose the menu Firewall→Attack Defense→Attack Defense to load the configuration page.
TL-ER5120 User Guide
Page 144
... IPSec) that connects to a few thousand meters). Glossary Description H.323 H H.323 allows dissimilar communication devices to communicate with each Router/firewall/host must verify the identity of its peer. Company that reports errors and provides other companies and individuals. IPsec(IP Security)...based on real-life use these addresses to create and update routing tables and data -139- MAC address(Media Standardized data link layer address that is required for services (such as text and graphic files. Other devices in the M network use . IKE...
... IPSec) that connects to a few thousand meters). Glossary Description H.323 H H.323 allows dissimilar communication devices to communicate with each Router/firewall/host must verify the identity of its peer. Company that reports errors and provides other companies and individuals. IPsec(IP Security)...based on real-life use these addresses to create and update routing tables and data -139- MAC address(Media Standardized data link layer address that is required for services (such as text and graphic files. Other devices in the M network use . IKE...