XII. Firewall/Security Features

From the main menu, select [System Maintenance] > [Management]  and you have various option controlling access to the router's management menus/interface.

Internet Access Control

Firstly you can allow or disallow management from the Internet. This means that a remote user, for example a technician or support person will be able to access the router's management menus and adjust your setting or view the router's status. This includes the https and ssh interfaces, so is very useful for remote management. It's important to set an admin password for the router, otherwise anyone in the world could access your router and it is also advised to not enable management for interfaces which do not offer encryption (eg HTTP, TELNET & FTP) .

For more information on how to log into the router check the article How do I log into a Vigor router or AP

From this menu you can set the router not to reply to pings from the Internet; this provides a little extra security as your public IP address will then not respond to a ping request if someone is scanning ranges of IP addresses looking for hosts.

Access List from Internet

For extra security, you can limit which remote clients that are able to access the router's management interfaces. This means, for example, that only a user on PC 194.143.123.12 can access the menus. You can allow external IP addresses. Once you enable this facility (by entering an IP address in one of the boxes) ONLY those IP addresses or subnets (ranges) you specify will be able to access the router's menus. For this reason if you are accessing the router remotely it is very important that you remember to include your own IP address/subnet too, otherwise you will lose the ability to access the router management yourself. In the screenshot above, we have allowed access from any local PC and then a single external IP address. If you do accidentally lock yourself out, you will have to access the router locally to get back in.

Management Port Setup

Allows the managment ports to be changed on the router

SSL/TLS

Controls which SSL/TLS protocols are enabled on the router. Enabling SSL 3.0 is not recommended.

CVM Access Control

This control Central VPN Management service so that the router can manage VPN profiles on other remote router, for more info see Central VPN Management overview

Device Management

Device managment is for central management functionality, such as controlling DrayTek Access Points and Switches from the rotuers Web UI.

Validation Code

With this enabled a validication code must be entered by the user when logging into the Web UI. Enabling this adds extra protection against brute force login attacks

Disable Auto-logout

Enabling  this will disable the auto-logout function. It's recommended to keep the auto-logout function active as this can provide protection against  attacks  that  try  to  trick  the  administrator into making changes  to the Web interface by social engineering (such as a URL in an e-mail or website). You should also manually log out from the router to close the admin session when you are finished. Click the 'Logout' icon (top right) on the router's web interface. Unless you have secure/exclusive access to your computer, we recommend against storing your router's admin password in the browser, instead enter it manually each time.

---

How do you rate this article?