Page 71 / 240
Scroll up to view Page 66 - 70
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-11
v1.0, March 2009
LAN WAN Outbound Services Rules
You may define rules that will specify exceptions to the default rules. By adding custom rules, you
can block or allow access based on the service or application, source or destination IP addresses,
and time of day. The outbound rule will block the selected application from any internal IP LAN
address to any external WAN IP address according to the schedule created in the Schedule menu.
You can also tailor these rules to your specific needs (see
“Administrator Tips” on page 4-43
).
To create a new outbound service rule:
1.
Click
Add
under the Outbound Services Table. The
Add LAN WAN Outbound Service
screen will display.
.
2.
Complete the Outbound Service screen, and save the data (see
Table 4-2 on page 4-3
).
3.
Click
Apply
to save your changes and reset the fields on this screen. The new rule will be
listed on the
Outbound Services
table.
Note:
This feature is for Advanced Administrators only! Incorrect configuration will
cause serious problems.
Figure 4-3
Page 72 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-12
Firewall Protection and Content Filtering
v1.0, March 2009
LAN WAN Inbound Services Rules
This Inbound Services Rules table lists all existing rules for inbound traffic. If you have not
defined any rules, no rules will be listed. By default, all inbound traffic is blocked. Remember that
allowing inbound services opens holes in your firewall. Only enable those ports that are necessary
for your network.
To create a new inbound service rule:
1.
Click
Add
under the Inbound Services Table. The
Add LAN WAN Inbound Service
screen
will display.
2.
Complete the Add WAN LAN Inbound Services screen (see
Table 4-3 on page 4-7
).
3.
Click
Apply
to save your changes and reset the fields on this screen. The new rule will be
listed on the
Inbound Services
table.
Setting DMZ WAN Rules
The firewall rules for traffic between the DMZ and the WAN/Internet are configured on the
DMZ
WAN Rules
screen. The Default Outbound Policy is to allow all traffic from and to the Internet to
pass through. Firewall rules can then be applied to block specific types of traffic from either going
Figure 4-4
Page 73 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-13
v1.0, March 2009
out from the DMZ to the Internet (Outbound) or coming in from the Internet to the DMZ
(Inbound). The default outbound policy can be changed to block all outbound traffic and enable
only specific services to pass through the router by adding an Outbound services Rule.
Figure 4-5
Page 74 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-14
Firewall Protection and Content Filtering
v1.0, March 2009
To change the Default Outbound Policy:
1.
Select
Security
from the main menu,
Firewall Rules
from the submenu and then select the
DMZ WAN Rules
tab. The
DMZ WAN Rules
screen will display.
2.
Click
Add
under the
Outbound Services
table. The
Add DMZ WAN Outbound Services
screen will display.
3.
Accept the default settings to block all services or select a specific service to block from the
Services pull-down menu.
4.
Click
Apply.
The Block Always rule will appear in the Outbound Services table. The rule is
automatically enabled.
The procedures described in
“Setting LAN WAN Rules” on page 4-9
for setting inbound and
outbound rules on the standard LAN firewall are the same as the procedures used for setting
inbound and outbound rules on the DMZ port firewall.
Setting LAN DMZ Rules
The LAN DMZ Rules screen allows you to create rules that define the movement of traffic
between the LAN and the DMZ. The Default Outbound and Inbound Policies is to allow all traffic
between the local LAN and DMZ network. Firewall rules can then be applied to block specific
types of traffic from either going out from the LAN to the DMZ (Outbound) or coming in from the
DMZ to the LAN (Inbound).
To access the
LAN DMZ Rules
screen:
1.
Select
Security
on the main menu, then select
Firewall Rules
and click the
LAN DMZ Rules
tab. The
LAN DMZ Rules
screen will display showing the both the Outbound Services and
Inbound Services tables.
Figure 4-6
Page 75 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-15
v1.0, March 2009
To make changes to an existing outbound or inbound LAN DMZ service rule:
1.
In the
Action
column adjacent to the rule click:
•
Edit
– to make any changes to the rule definition. The Outbound Service screen will
display containing the data for the selected rule
“Outbound Rules (Service Blocking)” on
page 4-3
).
•
Up
– to move the rule up one position in the table rank.
•
Down
– to move the rule down one position in the table rank.
2.
Check the radio box adjacent to the rule and:
•
Click
Disable
to disable the rule. The “!” Status icon will change from green to grey,
indicating that the rule is disabled. (By default, when a rule is added to the table it is
automatically enabled.)
•
Click
Delete
to delete the rule.
3.
Click
Select All
to select all rules. A check will appear in the radio box for each rule.
LAN DMZ Outbound Services Rules
To create a new outbound LAN DMZ service rule:
1.
Click
Add
under the Outbound Services Table. The
Add LAN DMZ Outbound Service
screen will display.
Figure 4-7
19216811.live