Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Firewall Features

The 9000VPN's firewall has the ability to expose LAN side servers to the Internet (Virtual Servers) and establish firewall rules for inbound and outbound traffic (also known as port filtering). Figure 12 shows the Virtual Server controls, which contain a few controls not typically found.

OvisLink MU-9000VPN Virtual Servers

Figure 12: Virtual Servers

The IP Sharing control can be used to disable the NAT (Internet sharing) function, which would make the 9000VPN function as a normal router. NAT Loopback lets LAN-side users reach Internet accessible servers via their public IP addresses or domain names, instead of having to use local IP addresses. This desirable feature is found on competitive products, but the 9000VPN is the first time I've seen it under user control.

The Forwarding to VPN Server control isn't described in OvisLink's documentation, but I found out that it is essentially a special Virtual Server enable in case you want to have your own PPTP server running on the router's LAN side instead of the built-in server. I liked that UPnP defaults to being turned off and that you can separately disable the NAT Traversal function that lets UPnP automatically open holes in your firewall.

Both the Virtual Server and Firewall (port filtering) features use a pre-defined list of Services (Figure 13), to which you can add your own. You can specify a single port or range and select from TCP, UDP and ICMP protocols. Note that you can't edit defined service, but can delete them.

OvisLink MU-9000VPN Services

Figure 13: Services

Speaking of the Firewall, Figure 14 shows a rule that I set to block Web access. This is as good a time as any to highlight OvisLink's use of "slash" or CIDR Notation. While its use may be more natural to networking professionals, I feel it's not appropriate for use in a SOHO product - especially when there is no explanation of how to use it in the User Manual.

In the case of setting firewall rules, it makes setting a rule that applies to a list of IP addresses difficult, if not impossible - forcing a user to use up multiple rules to achieve the desired effect.

OvisLink MU-9000VPN Firewall Rules

Figure 14: Firewall Rules

Note that neither Virtual Servers or Firewall rules can be scheduled, i.e.enabled by day and time. There are also no firewall controls to block cookies, Java and Active X applets or Web Proxies.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

A feature request to Asuswrt-Merlin branchI've got an rt-ac86u operating in AP-mode behind a firewall. It would be nice to be able to take advantage o...
Experiencing a very strange issue with my RT-AC86U. Everything works great via the 5GHz radio (eth6), but when a device connects to the 2.4GHz radio (...
Hi do not be angry. I do not speak well in English.My trouble would be such that I bought it a little of my money was a new routert finally.Too I am b...
I don't log in to github all that often, but I did just now and saw this: cooking something special ...
Hey All,So i've done a search here but haven't found a solution.I have an asus RT-AC68U and had Merlin's 380.68.4 firmware on it. I updated to 384.13 ...

Don't Miss These

  • 1
  • 2
  • 3