Security Settings

The Internet Gate has three freely configurable security profiles:

• Hi - protect LAN from WAN, limit outgoing traffic to web surf and e-mail
• Lo - same protection of LAN from WAN as in Hi, but allow all outgoing traffic
• AC - by default same protection as Hi

Even though all three profiles are freely configurable you should leave profiles Hi and Lo unchanged and apply your changes to profile AC.

With three security profiles you can easily and instantly change firewall security level using the ALT button on the front of the unit, if you for instance want to temporarily open up firewall to allow through a certain program or game.

You can change active profile on the Security Settings page, the main menu or using the ALT button.

You can edit any security profile by clicking on it.

Most problems involving traffic not getting through the firewall can be solved by changing to security profile Lo.

Even though security profile Lo is called “low” it still offers the same security as Hi against incoming packets from the Internet. It is only the rules for packets going out to the Internet that have less limitations.

The firewall in Internet Gate uses flows to be able to stateful inspect data streams. It can handle thousands of simultaneous data streams through the firewall. In extreme cases you still might need to adjust the amount of flows available for the firewall and LAN clients.

The firewall in Internet Gate uses flows to be able to stateful inspect data streams. Each new data stream to be inspected uses one flow to track what state the data stream is in. Once the data stream is closed the flow is returned for new usage (after a small timeout).

In use shows how many flows are used by the firewall right now (or actually: when you opened the web page - to see the up-to-date value, click refresh on your browser).

Peak shows the absolute highest number of flows ever used since Internet Gate was turned on.

Total is the number of flows reserved, available to be used by the firewall. Default value is 4000, allowed values are between 500 and 9000. If no Total value is visible (field empty) it means the default value of 4000.

If the Peak value approaches the Total value you are recommended to increase the Total value, click on Apply, save permanently and reboot.

Total is recommended to be set to at least 1000 more than Peak. For instance if Peak is 3600 and Total is 4000 you are recommended to increase Total to for example 5000.

However, flows consume memory and resources in your Internet Gate. Having reserved too many flows may reduce overall performance.

During heavy load, when most flows are already in use, the remaining free flows should be rationed out to LAN clients most needing them. In some cases, for example when running certain BitTorrent or other peer-to-peer applications, one client can use thousands of data streams requiring thousands of flows to get through the firewall. Without flow quotas they might use up all flows, leaving other LAN clients unable to connect to the Internet.

Flow Quotas limit the maximum amount of flows one single LAN client can use. With default configuration no LAN client is allowed to use more than 3000 (4000-1000) flows.

If there are less than 1000 flows left, flow quotas become activated. If a LAN client already have more than 200 flows and requests to open a new one will be denied. Applications running on that client receive no answer from the remote host.