Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Firewall Features

Once I started to dig into the 8200's firewall configuration, however, I found the Network Map doesn't reflect its Access Control (Port / Service filters) settings. Ok, so maybe that's not so bad, but I found the Access Control tab didn't reflect controls put into effect by the Security > General tab, which I think is a bad thing.

The Security tab offers three general Security levels - Maximum, Typical, and Minimum (Figure 3).

USR8200 - General Security levels

Figure 3: General Security Levels
(click on the image for a full-sized view)

Maximum allows all clients access to only Telnet, FTP, HTTP, HTTPS, DNS, IMAP, POP3 and SMTP services and is the default setting. I bumped into this early in my testing when I found that an SSH program that I use wouldn't work - no thanks to the (lack of) information in the Access Control page. A quick change to the Typical setting fixed the problem.

But I'm puzzled by the inclusion of the Minimum setting, and its name. Since it essentially removes the 8200's firewall by Accepting all Outbound and Inbound traffic, I think it would be more appropriately titled No Security and have some explanatory warning as to the security risk this setting exposes your LAN to. Although USR isn't unique in its use of a Rule and Service firewall model, I think it is unique in providing access to an Accept All rule for Inbound traffic, which essentially turns off the 8200's firewall protection.

USR8200 - Access Control
Figure 4: Access Control
(click on the image for a full-sized view)

At any rate, if you do want to set up Access Controls, the 8200 tries to make it easy by presenting an extensive list of pre-made filters that you can just check off (Figure 4). But then it makes it difficult by allowing you to set those filters only for either the entire LAN or a single IP address (or computer name) at a time. At least you can edit and temporarily disable rules, but there's no ability to schedule them to be in effect during specific days and time periods.

Inbound port forwarding (Local Servers) setup looks and works pretty much like the Access Controls, except you don't get an "entire LAN" option. As with Access Controls, Local Servers aren't schedulable. Triggered port mappings are not supported, but "Loopback" for Local Servers is.

If these simple filtering options don't suit you, and you have some experience in setting up multi-stage firewalls, you can try the Advanced Filtering features.

USR8200 - Advanced Filtering
Figure 5: Advanced Filtering
(click on the image for a full-sized view)

Figure 5 shows the available rule sets and Figure 6 shows just some of the settings for each of the sets. The good news is that this is pro-level firewall configuration ability.

USR8200 - Advanced Filtering Rules

Figure 6: Advanced Filtering Rules
(click on the image for a full-sized view)

The bad news is that you're on your own to figure out how and when to use this powerful capability and which of the rule sets to apply. The HTML User Manual is no help, and (at the time of review) there aren't any applications notes to help either.

Rounding out the firewall's features is the Restrictions feature. This is basic URL level filtering, but Figure 7 reveals a problem with USR's implementation.

USR8200 - Restrictions
Figure 7: Restrictions
(click on the image for a full-sized view)

Clicking the New Entry link allows you to enter only IP addresses or URLs that can be resolved to IP addresses. You can't enter just words or wildcard forms of URLs, i.e. *.yahoo.com. Figure 7 shows that two of the websites that I randomly chose resolve differently in their www and root forms. So entering www.whitehouse.gov would not block a user who tries to surf to whitehouse.gov.

Other limitations are that the Restrictions apply to all LAN users and you can't set a "trusted user". Options to block proxies, Java applets and Active X controls and Cookies also aren't supported.

Let's move on to the VPN features and performance.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I can normally access 192.168.100.1 cable modem through my router fine when the internet is up (presumably routed to the CMTS and back to the cable mo...
Ramblings of an Old Man … RuckusWhere else can an old man ramble on about computers and networks? (My wife tolerates it only to the point that it puts...
Hello,I want to access one of my home devices with a LAN connection from my cell when I am outside. I tried using my Asus RT-AC88U's original firmware...
RT-AC88U. This is all I get

Don't Miss These

  • 1
  • 2
  • 3