Firewall rules add another layer of granularity to what is allowed to be forwarded across interfaces and additionally which packets are allowed to be inputted and outputted.
5.1.1 - Firewall Zones
The firewall can collect interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:
A rule for a packet originating in a zone must be entering the extender on one of the zone's interfaces,
A rule for a packet being forwarded to a zone must be exiting the extender on one of the zone's interfaces.
After accessing the admin, go to Network > Firewall to enter the Firewall - Zone Settings.The SYN-flood protection is enabled by default. You can use the below default firewall zone settings in most of the conditions.
Default firewall zone settings
5.1.2 - Port Forwards
Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another. Port Forwarding allows remote computers to connect the WiFi extender within a private local-area network (LAN).
Log in to the admin, go to Network > Firewall > click the tab Port Forwards to enter the configure section.
Click the button Add
Name : Enter the reference name. e.g., Test
Protocol: Select from TCP, UDP, and TCP+UDP
External zone : Select WAN
External port : Set the port number want to access from the external network
Internal zone : Select LAN
Internal IP Address : Select from the connected intranet hosts
Internal port : Choose the port number which needs to forward from the intranet host