Firewall rules add another layer of granularity to what is allowed to be forwarded across interfaces and additionally which packets are allowed to be inputted and outputted.

5.1.1 - Firewall Zones

The firewall can collect interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:

• A rule for a packet originating in a zone must be entering the extender on one of the zone's interfaces,

• A rule for a packet being forwarded to a zone must be exiting the extender on one of the zone's interfaces.

After accessing the admin, go to Network > Firewall to enter the Firewall - Zone Settings.The SYN-flood protection is enabled by default. You can use the below default firewall zone settings in most of the conditions.

5.1.2 - Port Forwards

Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another. Port Forwarding allows remote computers to connect the WiFi extender within a private local-area network (LAN).

Log in to the admin, go to Network > Firewall > click the tab Port Forwards to enter the configure section.

1. Click the button Add

2. Name : Enter the reference name. e.g., Test

3. Protocol: Select from TCP, UDP, and TCP+UDP

4. External zone : Select WAN

5. External port : Set the port number want to access from the external network

6. Internal zone : Select LAN

7. Internal IP Address : Select from the connected intranet hosts

8. Internal port : Choose the port number which needs to forward from the intranet host

9. Click the button Save & Apply