Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Reviews

Firewall Features, Continued

The other major function a router's firewall performs is to control access to content and applications, and the 4300 has a few tricks up its sleeve in that department. But you'll need to pay attention when using these controls or you may spend some time scratching your head trying to figure out why your Internet access has been cut off. The Access Control feature is whitelist only, so when you enable it, it disables all Internet access except that which you define rules for. Rules must be defined for each client IP address, so rule definition can get tedious. And since you get only 25 rules, you might run out if you have a lot of clients to control. At least you get a pick list of active client IP addresses with host name to help speed things along.

Access Control rule

Figure 8: Access Control rule
(click image to enlarge)

Figure 8 shows an example Access Control rule definition that I created. Note the options of applying the Web Filter feature (more on that shortly), logging access and filtering ports. However, the Help and User Manual descriptions of this feature had me thinking it worked the opposite way that it did. What I found is that any rules you enter in the Filter Ports section will be used to block those services, not enable them. So you only need to use the Filter Ports section if you want to restrict access to specific ports (services).

The Web Filter control lets you enter up to 100 domains that will be used by the Access Control feature. Note that this "Filter" is a white, i.e. allow, list which confused me because its name implies the opposite action. But if I had read the online help or User guide, or even looked at the title of the list itself (Allowed Web Site List) I would have saved myself some time, since it's properly documented.

When I checked it out, I found the Web Filter was smart enough to not be bypassed by using a website's IP address because it does a DNS lookup of any entries. But it's a little too "smart" because it will block access to a page in the Allowed Site list if that page accesses a server in an unlisted domain as part of its page load process. Since it's a pretty common occurance for a site to use third-party ad servers in an assortment of domains, you may find that the Web Filter has limited practical use.

The last access control is the MAC Address Filter. It works like other MAC address filters that you find on wireless routers, except that the 4300's filter can control whether wireless and wired clients can connect to the router. As Figure 9 shows, the filter conveniently presents a pick list of current clients to help you along and can be set to allow or deny access to the clients you enter.

MAC address filter

Figure 9: MAC address filtering
(click image to enlarge)

But, as a close look at Figure 9 will reveal, the feature is buggy. I found that I could get the list into both allow and deny modes by repeated application (save and reboot) of the mode that I wanted, but that the information in the filter's admin interface would not properly reflect what the 4300 was actually doing.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Can I use the Android ASUS app to do a dirty update from 384.17 to 384.18?
The FCC posted this announcement to Twitter about an hour ago"The FCC has adopted new rules for the 6 GHz band, unleashing 1,200 megahertz to boost #W...
Hi guys,I don't know what this is, but it started suddenly with one of the betas in the past.. It doesn't appear directly after a reboot or a flash, b... unplugged my Echo and Dot two years ago. But the recordings were ...
Asuswrt-Merlin 384.19 beta is now available (except for the RT-AX56U which won't be available for this release, due to outdated GPL code).The main cha...

Don't Miss These

  • 1
  • 2
  • 3