Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!
Privacy Policy

Wi-Fi Router Charts

Click for Wi-Fi Router Charts

Mesh System Charts

Click for Wi-Fi Mesh System Charts

LAN & WAN Reviews

Tags:

Firewall Features

The 9000VPN's firewall has the ability to expose LAN side servers to the Internet (Virtual Servers) and establish firewall rules for inbound and outbound traffic (also known as port filtering). Figure 12 shows the Virtual Server controls, which contain a few controls not typically found.

OvisLink MU-9000VPN Virtual Servers

Figure 12: Virtual Servers

The IP Sharing control can be used to disable the NAT (Internet sharing) function, which would make the 9000VPN function as a normal router. NAT Loopback lets LAN-side users reach Internet accessible servers via their public IP addresses or domain names, instead of having to use local IP addresses. This desirable feature is found on competitive products, but the 9000VPN is the first time I've seen it under user control.

The Forwarding to VPN Server control isn't described in OvisLink's documentation, but I found out that it is essentially a special Virtual Server enable in case you want to have your own PPTP server running on the router's LAN side instead of the built-in server. I liked that UPnP defaults to being turned off and that you can separately disable the NAT Traversal function that lets UPnP automatically open holes in your firewall.

Both the Virtual Server and Firewall (port filtering) features use a pre-defined list of Services (Figure 13), to which you can add your own. You can specify a single port or range and select from TCP, UDP and ICMP protocols. Note that you can't edit defined service, but can delete them.

OvisLink MU-9000VPN Services

Figure 13: Services

Speaking of the Firewall, Figure 14 shows a rule that I set to block Web access. This is as good a time as any to highlight OvisLink's use of "slash" or CIDR Notation. While its use may be more natural to networking professionals, I feel it's not appropriate for use in a SOHO product - especially when there is no explanation of how to use it in the User Manual.

In the case of setting firewall rules, it makes setting a rule that applies to a list of IP addresses difficult, if not impossible - forcing a user to use up multiple rules to achieve the desired effect.

OvisLink MU-9000VPN Firewall Rules

Figure 14: Firewall Rules

Note that neither Virtual Servers or Firewall rules can be scheduled, i.e.enabled by day and time. There are also no firewall controls to block cookies, Java and Active X applets or Web Proxies.

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2

Most Read This Week

Over In The Forums

Why is it called "router.asus.com" like it goes online to the internet?
[XT8] Constant USB reset using xhci-hcd, any thoughts?
omada controller software yes or no?
When HDD hibernation enabled will USB flash still work?
[Question] Skynet Deliberate Attack or Infected Device?