FRITZ!Box 3390 Service - Knowledge Base

FRITZ!Box 3390 Service

Security functions (firewall) of the FRITZ!Box

The FRITZ!Box offers a completely closed firewall to protect against unwanted data from the Internet. In the factory settings, all network devices (for example computers, smartphones, game consoles) in the FRITZ!Box home network are already completely protected against attacks from the Internet.

ATTENTION!The firewall is not enabled when the FRITZ!Box shares the Internet connection of another router ("IP client mode"). In this case, we recommend setting up a firewall in the other router.

The FRITZ!Box's firewall provides the following security functions:

  • No network devices in the home network are visible on the Internet, which means that it is not possible to access them directly over the Internet. IP Masquerading or Network Address Translation (NAT) ensures this on the TCP/IP level.
  • The FRITZ!Box checks all incoming and outgoing data packets and automatically rejects unrequested data from the Internet (Stateful Packet Inspection). This way only data packets that are direct replies to previous requests reach the home network.
  • By default, all TCP and UDP ports are either closed for incoming connections from the Internet or completely concealed. Therefore, so-called "portscans" cannot find any open TCP or UDP ports that could indicate weak points for potential attacks from "hackers".

    Note:If you would like to access server services (for example HTTP server, remote maintenance server) or applications (for example online games) over the Internet, you can configure port sharing for specific ports.

  • The FRITZ!Box uses packet filters to prevent data packets (such as NetBIOS) containing information about devices in the home network from reaching the Internet.