Firewall Features
The 9000VPN's firewall has the ability to expose LAN side servers to the Internet (Virtual Servers) and establish firewall rules for inbound and outbound traffic (also known as port filtering). Figure 12 shows the Virtual Server controls, which contain a few controls not typically found.
Figure 12: Virtual Servers
The IP Sharing control can be used to disable the NAT (Internet sharing) function, which would make the 9000VPN function as a normal router. NAT Loopback lets LAN-side users reach Internet accessible servers via their public IP addresses or domain names, instead of having to use local IP addresses. This desirable feature is found on competitive products, but the 9000VPN is the first time I've seen it under user control.
The Forwarding to VPN Server control isn't described in OvisLink's documentation, but I found out that it is essentially a special Virtual Server enable in case you want to have your own PPTP server running on the router's LAN side instead of the built-in server. I liked that UPnP defaults to being turned off and that you can separately disable the NAT Traversal function that lets UPnP automatically open holes in your firewall.
Both the Virtual Server and Firewall (port filtering) features use a pre-defined list of Services (Figure 13), to which you can add your own. You can specify a single port or range and select from TCP, UDP and ICMP protocols. Note that you can't edit defined service, but can delete them.
Figure 13: Services
Speaking of the Firewall, Figure 14 shows a rule that I set to block Web access. This is as good a time as any to highlight OvisLink's use of "slash" or CIDR Notation. While its use may be more natural to networking professionals, I feel it's not appropriate for use in a SOHO product - especially when there is no explanation of how to use it in the User Manual.
In the case of setting firewall rules, it makes setting a rule that applies to a list of IP addresses difficult, if not impossible - forcing a user to use up multiple rules to achieve the desired effect.
Figure 14: Firewall Rules
Note that neither Virtual Servers or Firewall rules can be scheduled, i.e.enabled by day and time. There are also no firewall controls to block cookies, Java and Active X applets or Web Proxies.