Knowledge Base
AVM Content
- FRITZ!Box 7690
- FRITZ!Box 7682
- FRITZ!Box 7590 AX
- FRITZ!Box 7590
- FRITZ!Box 7583 VDSL
- FRITZ!Box 7583
- FRITZ!Box 7582
- FRITZ!Box 7581
- FRITZ!Box 7560
- FRITZ!Box 7530 AX
- FRITZ!Box 7520
- FRITZ!Box 7510
- FRITZ!Box 7490
- FRITZ!Box 7430
- FRITZ!Box 7390
- FRITZ!Box 7360
- FRITZ!Box 6890 LTE
- FRITZ!Box 6850 5G
- FRITZ!Box 6850 LTE
- FRITZ!Box 6840 LTE
Security functions (firewall) of the FRITZ!Box
The FRITZ!Box offers you a completely closed firewall to protect against unwanted data from the internet. In the factory settings, all of the computers, smartphones, and other devices connected to the FRITZ!Box are already fully protected against attacks from the internet.
ATTENTION!The firewall is not active when the FRITZ!Box uses the internet connection of another router ("IP client mode"). In this case, set up the firewall in the other router.
The FRITZ!Box's firewall provides the following security functions:
- The FRITZ!Box checks all incoming and outgoing data packets and automatically rejects unwanted data from the internet (Stateful Packet Inspection). This way only data packets that are direct replies to previous requests reach the home network.
- None of the devices in the home network are visible on the internet, which means that it is not possible to access the devices directly over the internet. This is ensured by IP Masquerading or Network Address Translation (NAT) on the TCP/IP level.
- By default, all TCP and UDP ports are closed for incoming connections from the internet to the home network. Therefore, so-called "port scans" cannot find any open TCP or UDP ports that could represent weak points for potential attacks from "hackers".
- The FRITZ!Box uses packet filters to prevent data packets (for example NetBIOS) containing information about devices in the home network from reaching the internet.
You can specifically set up port sharing for web servers or VPN servers, online games, and other applications that should be accessible from the internet.
If you want to make it more difficult to identify the FRITZ!Box with port scans, you can enable the option "Firewall in stealth mode" under "Internet > Filter > Lists > Global Filter Settings" in the FRITZ!Box user interface. Then the FRITZ!Box discards all queries from the internet to ports that have not been opened for sharing.
You can find an overview of opened ports and active packet filters under "Diagnostics > Security" in the FRITZ!Box user interface.