RayTalk RA-696 - Advanced

To Next Page

To Previous Page



4.4.3

d



AdvancedFirewallSettingscanbeenabledtosupplementthefirewallrules,providingextrasecurityenhancementagainstDHCP

andARPtrafficstraversingtheavailableinterfacesofthesystem.



 DHCPSnooping:Whenenabled,DHCPpacketswillbevalidatedaga instpossiblethreatslikeDHCPstarvationattack.In

addition,theTrustedDHCPList(IP/MAC)canbeusedtospecifylegitimateDHCPserverstopreventrougeDHCPserver.

 ARPInspection:Whenenabled,ARPpacketswillbevalidatedagainstARPspoofing.



o ForceDHCPoptionwhenenabled,theAPonlylearnsMAC/IPpairinformationthroughDHCPpackets.Sincedevices

configuredwithstaticIPaddressdoes notsendDHCPtraffic,

anyclient

withstaticIPaddresswillbeblockedfrom

internetaccessunlessitsMAC/IPpairislistedandenabledontheStaticList.

o BroadcastcanbeenabledtoletotherAP(withL2firewallfeature)learnthetrustedMAC/IP



o pairstoissueARPrequests.



o StaticListcanbeusedtoaddMACorMAC/IPpairsofdevicesthataretrustedtoissueARPrequest.Othernetwork

nodescanstillse ndtheirARPrequests;however,iftheirIPappearsonthestaticlist(withdifferentMAC),theirARP

requestswillbedroppedtopreventeavesdropping.



Ifanysettingsaremade,pleaseclickApplytosavetheconfigurationbeforeleavingthispage.

Related product manuals