Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Firewall Features, Continued

One thing the ACL rules don't do is content filtering, which is instead handled by the relatively crude URL Filter feature (Figure 9).

ASUS SL1000 - URL Filter

Figure 9: URL Filter

You get only ten 15 character keywords to use as filters and, once programmed, filters can be edited and deleted but not disabled. When the filter is tripped, you get an "Access Denied by ASUSTeK Internet Security Router" screen. The keywords are broad in that the filter will kick in if the keyword string is found anywhere in the URL. But I found that the filters can be easily bypassed by anyone savvy enough to look up and enter the IP address of the desired site instead of its URL.

The SL1000's DoS Attack Filter settings expose the controls for its SPI features. The Help button brings up short, but informative descriptions of each of the controls, with most of them disabled by default as shown in Figure10.

ASUS SL1000 - DoS Attack Filter

Figure 10: DoS Attack Filter setup

The only "exploit" that I tried was a port scan of the SL1000's WAN, which was logged in short order.

Even with this overflowing basket of features, there are still some tricks the SL1000's firewall won't perform. UPnP isn't supported (no loss in my book) nor is server loopback, i.e. the ability to access port-mapped servers by their WAN IP (or assigned domain name) from LAN-side clients, supported either.

On the usability side of things, It would be nice to be able to disable the ACL rules and leave them programmed instead of having to delete them. A confirmation step before rules are deleted would be helpful, too.

Navigating your way through this maze of selections takes some getting used to. One of the things I didn't like is that you have to specify the WAN IP of the router as the Destination IP for Inbound ACL's. Since most ISPs assign dynamic IP addresses, inbound rules could stop working when the SL1000 renews its DHCP lease or logs into a PPPoE connection. It would be much better if you could just specify the WAN port instead of a specific IP address.

To their credit, ASUS tries to help with descriptions and examples of each feature in its printed User Guide. There's also online help available which, in some cases, I found more helpful than some of the printed material. ASUS tells me that they're also busy compiling application notes and a FAQ guide, which they plan to have available when the SL1000 starts shipping.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi guys! I've been having no trouble with my AC68U for years...I'm currently running Merlin v384.9. And after several hours running, I slowly start lo...
My sister is building a house caddy-corner to my Parents to take care of them and I've taken it upon myself to help them link their networks together....
Hi, I noticed an anomaly with using OpenVPN with Merlin and thought I'd ask here. Scenario is:1) connect using my Android phone to the VPN server host...
Now that I have a number of smart devices (thermostat, security cams, etc) in my home, I'm finding internet outages a bit more than a nuisance when I'...
New to the forum and hoping to find some answers. I have a N2350 and set up as my iTunes server. I'm starting to upload my music but I can't seem to d...

Don't Miss These

  • 1
  • 2
  • 3