FRITZ!Box 4040 Service - Knowledge Base
- FRITZ!Box 7590
- FRITZ!Box 7582
- FRITZ!Box 7581
- FRITZ!Box 7560
- FRITZ!Box 7530
- FRITZ!Box 7490
- FRITZ!Box 7430
- FRITZ!Box 7390
- FRITZ!Box 7369
- FRITZ!Box 7360
- FRITZ!Box 7340
- FRITZ!Box 7330
- FRITZ!Box 7272
- FRITZ!Box 6890 LTE
- FRITZ!Box 6840 LTE
- FRITZ!Box 6820 LTE
- FRITZ!Box 6810 LTE
- FRITZ!Box 6591 Cable
- FRITZ!Box 6590 Cable
- FRITZ!Box 6490 Cable
- FRITZ!Box 5491
Security functions (firewall) of the FRITZ!Box
The FRITZ!Box offers a completely closed firewall to protect against unwanted data from the internet. In the factory settings, all of the computers, smartphones, and other devices connected to the FRITZ!Box are already completely protected against attacks from the internet.
ATTENTION!The firewall is not enabled when the FRITZ!Box shares the internet connection of another router ("internet router as IP client"). In this case, we recommend setting up a firewall in the other router.
The FRITZ!Box's firewall provides the following security functions:
- The FRITZ!Box checks all incoming and outgoing data packets and automatically rejects unwanted data from the internet (Stateful Packet Inspection). This way only data packets that are direct replies to previous requests reach the home network.
- No devices in the home network are visible on the internet, which means that it is not possible to access them directly over the internet. IP Masquerading or Network Address Translation (NAT) ensures this on the TCP/IP level.
- By default, all TCP and UDP ports are closed for incoming connections from the internet to the home network. Therefore, so-called "portscans" cannot find any open TCP or UDP ports that could indicate weak points for potential attacks from "hackers".
- The FRITZ!Box uses packet filters to prevent data packets (such as NetBIOS) containing information about devices in the home network from reaching the internet.
You can set up port sharing for specific ports for web servers or VPN servers, online games, and other applications that should be accessible from the internet.
If the FRITZ!Box should reject unsolicited queries from the internet instead of replying with ICMP control messages, enable the "Firewall in stealth mode" option under "Internet > Filters > Lists" in the FRITZ!Box user interface.
You can find an overview of opened ports and active packet filters under "Diagnostics > Security" in the FRITZ!Box user interface.