Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Firewall Features, Continued

One thing the ACL rules don't do is content filtering, which is instead handled by the relatively crude URL Filter feature (Figure 9).

ASUS SL1000 - URL Filter

Figure 9: URL Filter

You get only ten 15 character keywords to use as filters and, once programmed, filters can be edited and deleted but not disabled. When the filter is tripped, you get an "Access Denied by ASUSTeK Internet Security Router" screen. The keywords are broad in that the filter will kick in if the keyword string is found anywhere in the URL. But I found that the filters can be easily bypassed by anyone savvy enough to look up and enter the IP address of the desired site instead of its URL.

The SL1000's DoS Attack Filter settings expose the controls for its SPI features. The Help button brings up short, but informative descriptions of each of the controls, with most of them disabled by default as shown in Figure10.

ASUS SL1000 - DoS Attack Filter

Figure 10: DoS Attack Filter setup

The only "exploit" that I tried was a port scan of the SL1000's WAN, which was logged in short order.

Even with this overflowing basket of features, there are still some tricks the SL1000's firewall won't perform. UPnP isn't supported (no loss in my book) nor is server loopback, i.e. the ability to access port-mapped servers by their WAN IP (or assigned domain name) from LAN-side clients, supported either.

On the usability side of things, It would be nice to be able to disable the ACL rules and leave them programmed instead of having to delete them. A confirmation step before rules are deleted would be helpful, too.

Navigating your way through this maze of selections takes some getting used to. One of the things I didn't like is that you have to specify the WAN IP of the router as the Destination IP for Inbound ACL's. Since most ISPs assign dynamic IP addresses, inbound rules could stop working when the SL1000 renews its DHCP lease or logs into a PPPoE connection. It would be much better if you could just specify the WAN port instead of a specific IP address.

To their credit, ASUS tries to help with descriptions and examples of each feature in its printed User Guide. There's also online help available which, in some cases, I found more helpful than some of the printed material. ASUS tells me that they're also busy compiling application notes and a FAQ guide, which they plan to have available when the SL1000 starts shipping.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

After 4 days, Port Forwarding rule disappears from router. It can be easily reentered and will persist for approximately the same period, before disap...
I live in a complex that has great broadband. I have been annoyed with my Linksys's inability to keep things running, and since my alexa stuff does no...
Hello to everybody from Italy. It's my first postI recently picked up an DSL-AC68U and installed merlin. For now the only issued that i encountered is...
Hello,Just bought a brand new AX88U router. My issue is connecting to the 2.4ghz band. If I am right next to the router it works fine but if I move to...
Greetings,Just setup a R6700V3 to replace an 8 year old D-Link 655. Roku Premiere was killing the 655 every 4-24 hours.My Windows 10 PC connects via e...

Don't Miss These

  • 1
  • 2
  • 3