# Firewall Settings

## Firewall Zones <a href="#firewall-zones" id="firewall-zones"></a>

The firewall can collect interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:

* A rule for a packet originating in a zone must enter the extender on one of the zone's interfaces,
* A rule for a packet being forwarded to a zone must be exiting the extender on one of the zone's interfaces.

After accessing the admin, go to `Network` > `Firewall` to enter the `Firewall - Zone Settings`.The `SYN-flood protection` is enabled by default. You can use the default firewall zone settings below in most conditions.

<figure><img src="https://965772593-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lx_t9df5OXiii0kaJ6x%2F-LxegQqqJ83AJN3WWLj1%2F-LxegeTg6jI9vYHaLu7t%2Fimage.png?alt=media&#x26;token=aa1a8b99-1c77-4b2a-b3e8-73fa6c6693e0" alt=""><figcaption><p>Default firewall zone settings</p></figcaption></figure>

## Port Forwards <a href="#port-forwards" id="port-forwards"></a>

Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another. Port Forwarding allows remote computers to connect the WiFi extender within a private local-area network (LAN).

Log in to the admin, go to `Network` > `Firewall` > Click the tab `Port Forwards` to enter the configure section.

1. Click the button `Add`
2. `Name` : Enter the reference name. e.g., *Test*
3. `Protocol`: Select from `TCP`, `UDP`, and `TCP+UDP`
4. `External zone` : Select `WAN`
5. `External port` : Set the port number you want to access from the external network
6. `Internal zone` : Select `LAN`
7. `Internal IP Address` Select from the connected intranet hosts
8. `Internal port` : Choose the port number that needs to be forwarded from the intranet host
9. Click the button `Save & Apply`