47User Manual ENGLISHEAP/OWL-Series Wave 2 Enterprise Access PointCopyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.5.3 AdvancedAt Firewall > Advanced, more advanced settings on firewall rules can be configured, providing extrasecurity enhancement against DHCP and ARP traffic traversing the available interfaces of the system.Trust Interface: Each VAP interface can be checked individually to mark as trusted interfaces; securityenforcements on DHCP/ARP like DHCP snooping and ARP inspection will be carried out on non-trustedinterfaces.DHCP Snooping: When enabled, DHCP packets will be validated against possible threats like DHCPstarvation attack; in addition, the trusted DHCP server (IP/MAC) can be specified to prevent rouge DHCPserver.ARP Inspection: When enabled, ARP packets will be validated against ARP spoofing.- Proxy ARP option when enabled, AP will reply ARP requests on behalf of downlink stations. TheARP table maintained by the AP will be used as a look up table upon receipt of ARP request fromAP uplink. Adversely, without Proxy ARP, ARP request is broadcasted down into the AP’s wirelessnetwork causing network inefficiencies.- Force DHCP option when enabled, the AP only learns MAC/IP pair information through DHCPpackets. Since devices configured with static IP address does not send DHCP traffic, any clientswith static IP address will be blocked from internet access unless its MAC/IP pair is listed andenabled on the Static Trust List.- Trust List Broadcast can be enabled to let other APs (with L2 firewall feature) learn the trustedMAC/IP pairs to issue ARP requests.- Static Trust List can be used to add MAC or MAC/IP pairs of devices that are trusted to issue ARPrequest. Other network nodes can still send their ARP requests; however, if their IP appears onthe static list (with different MAC), their ARP requests will be dropped to prevent eavesdropping.RF Isolation (between RFs): Clients are isolated between RF Card A and RF Card B.VAP Isolation (within RF): Clients on different VAPs on the same RF Card are isolated.If any settings are changed, please click SAVE to save the configuration before leaving this page. Note: - RF Isolation (between RFs) may be limited on selected AP models.- VAP Isolation (within RF) may be limited on selected AP model.