Come configurare il firewall e le porte per proteggere la navigazione thumbnail

How to configure firewall and ports to protect browsing

Posted by Walker Ronnie
Last Updated:June 7, 2023

Il firewall of the FRITZ! Box protects all connected devices from unsolicited data from the Internet and provides protection and security from hacker attacks. Here is the guide to set the firewall and ports for safer browsing.

FRITZ! in security: overview of firewall functions

The FRITZ!Box checks all data packets itself and automatically rejects unwanted data (Stateful Packet Inspection). L’IP masquerading o Network Address Translation (NAT) makes devices invisible to the Internet, so that no one can access them directly from the Internet.

For example: an end device sends a request to a service on the internet and the FRITZ!Box saves the request in its routing table. If the FRITZ!Box receives a response from the service, this response is evaluated for the plausibility of the status. If the service provides a direct response to a request from the end device, the FRITZ!Box forwards the data to the device.

To protect users from the so-called “port scanning” and for secure surfing, all TCP and UDP ports of the FRITZ! they are closed by default. If you want to reach a device from the Internet, you must therefore configure port sharing.

NordVPN – 56% off annual plan + 3 months free. Best VPN service in Italy.

The essential requirement

If the ports are enabled, a port is enabled in the firewall for the selected device which will allow you to access the device directly from the Internet. Similar to a VPN connection, you need a public IP address to enable ports.

By sharing ports, you can also access other connected devices, but only if the FRITZ!Box can be reached from the Internet. Port sharing is configured under “Internet” > “Sharing” in the FRITZ!Box user interface.

AVM FRITZ!Repeater 1200 AX

FRITZ! in safety: different types of qualification

The necessary ports are automatically enabled without user intervention, for example for SIP telephony, a feature that makes this technology particularly easy to use.

You have several options for configuring specific port-allowing:

  • Enabling static ports. Enabling static ports is an ideal choice for remote maintenance server or VPN server. If your application supports neither UPnP nor PCP protocol, enabling static ports is a good alternative to enabling them automatically.
  • Automatic enable. Automatic port enabling is suitable in cases where the application needs many ports enabled or if it uses different ports each time it is used. This type of authorization is often used for game consoles.
  • Exposed Host. ATTENTION: since this option completely disables the firewall for the selected device, we recommend that you use it only in exceptional cases. An exceptional case could arise when a static port sharing has been configured for a server, but the sharing does not work. For testing purposes, the application can be configured as an exposed host; If you are able to access the device at this point, static port enabling has not been configured correctly.
  • Enabling MyFRITZ!. If you want to access a web server or a NAS system, it is advisable to use the MyFRITZ! authorizations. In this case it is possible to reach the application via a URI scheme, such as https or ftp. With this type of authorization, the application can be reached via a direct link to the official FRITZ! website.
    • Walker Ronnie
    View More Posts
    Walker Ronnie is a tech writer who keeps you informed on the latest developments in the world of technology. With a keen interest in all things tech-related, Walker shares insights and updates on new gadgets, innovative advancements, and digital trends. Stay connected with Walker to stay ahead in the ever-evolving world of technology.