1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 27
Page 131 / 469 Scroll up to view Page 126 - 130
LAN Configuration
131
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
Click
Apply
to save your settings.
IPv4 Static Route Example
In this example, we assume the following:
The VPN firewall’s primary Internet access is through a cable modem to an ISP.
The VPN firewall is on a local LAN with IP address 192.168.1.100.
The VPN firewall connects to a remote network where you need to access a device.
The LAN IP address of the remote network is 134.177.0.0.
When you first configured the VPN firewall, two implicit static routes were created:
A default static route was created with your ISP as the gateway.
A second static route was created to the local LAN for all 192.168.1.x addresses.
With this configuration, if you attempt to access a device on the 134.177.0.0 remote network,
the VPN firewall forwards your request to the ISP. In turn, the ISP forwards your request to
the remote network, where the request is likely to be denied by the remote network’s firewall.
In this case, you need to define a static route, informing the VPN firewall that the 134.177.0.0
IP address should be accessed through the local LAN IP address (192.168.1.100).
The static route on the VPN firewall needs to be defined as follows:
The destination IP address and IP subnet mask need to specify that the static route
applies to all 134.177.x.x IP addresses.
The gateway IP address needs to specify that all traffic for the 134.177.x.x IP addresses
should be forwarded to the local LAN IP address (192.168.1.100).
A metric value of 1 should work since the VPN firewall is on the local LAN.
The static route can be made private only as a precautionary security measure in case
RIP is activated.
Authentication for
RIP-2B/2M required?
(continued)
Not Valid Before
The beginning of the lifetime of the MD5 key. Enter the month,
date, year, hour, minute, and second. Before this date and
time, the MD5 key is not valid.
Not Valid After
The end of the lifetime of the MD5 key. Enter the month, date,
year, hour, minute, and second. After this date and time, the
MD5 key is no longer valid.
Table 30.
RIP Configuration screen settings (continued)
Setting
Description
Page 132 / 469
LAN Configuration
132
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Manage Static IPv6 Routing
NETGEAR’s implementation of IPv6 does not support RIP next generation (RIPng) to
exchange routing information, and dynamic changes to IPv6 routes are not possible. To
enable routers to exchange information over a static IPv6 route, you need to manually
configure the static route information on each router.
To add an IPv6 static route to the Static Route table:
1.
Select
Network Configuration > Routing
.
2.
In the upper right of the screen, select the
IPv6
radio button. The Static Routing screen
displays the IPv6 settings:
Figure 72.
3.
Click the
Add
table button under the Static Routes table. The Add IPv6 Static Routing
screen displays:
Figure 73.
Page 133 / 469
LAN Configuration
133
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
Enter the settings as described in the following table:
5.
Click
Apply
to save your settings. The new static route is added to the List of IPv6 Static
Routes table.
To edit an IPv6 static route:
1.
On the Static Routing screen for IPv6 (see
Figure
72
on page
132), click the
Edit
button
in the Action column for the route that you want to modify. The Edit IPv6 Static Routing
screen displays. This screen is identical to the Add IPv6 Static Routing screen.
2.
Modify the settings as described in the previous table.
3.
Click
Apply
to save your settings.
To delete one or more routes:
1.
On the Static Routing screen for IPv6 (see
Figure
72
on page
132), select the check box
to the left of each route that you want to delete, or click the
Select All
table button to
select all routes.
2.
Click the
Delete
table button.
Table 31.
Add IPv6 Static Routing screen settings
Setting
Description
Route Name
The route name for the static route (for purposes of identification and
management).
Active
To make the static route effective, select the
Active
check box.
Note:
A route can be added to the table and made inactive if not needed. This
allows you to use routes as needed without deleting and re-adding the entry.
IPv6 Destination
The destination IPv6 address of the host or network to which the route leads.
IPv6 Prefix Length
The destination IPv6 prefix length of the host or network to which the route leads.
Interface
From the drop-down list, select the physical or virtual network interface (the WAN1,
WAN2, WAN3, or WAN4 interface, a sit0 Tunnel, LAN interface, or DMZ interface)
through which the route is accessible.
IPv6 Gateway
The gateway IPv6 address through which the destination host or network can be
reached.
Metric
The priority of the route. Select a value between 2 and 15. If multiple routes to the
same destination exist, the route with the lowest metric is used.
Page 134 / 469
134
4
4.
Firewall Protection
This chapter describes how to use the firewall features of the VPN firewall to protect your
network. The chapter contains the following sections:
About Firewall Protection
Overview of Rules to Block or Allow Specific Kinds of Traffic
Configure LAN WAN Rules
Configure DMZ WAN Rules
Configure LAN DMZ Rules
Examples of Firewall Rules
Configure Other Firewall Features
Services, Bandwidth Profiles, and QoS Profiles
Configure Content Filtering
Set a Schedule to Block or Allow Specific Traffic
Enable Source MAC Filtering
Set Up IP/MAC Bindings
Configure Port Triggering
Configure Universal Plug and Play
Page 135 / 469
Firewall Protection
135
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
About Firewall Protection
A firewall protects one network (the trusted network, such as your LAN) from another (the
untrusted network, such as the Internet), while allowing communication between the two. You
can further segment keyword blocking to certain known groups. For information about how to
set up LAN groups, see
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
on page
96.
For IPv4, a firewall incorporates the functions of a Network Address Translation (NAT) router,
protects the trusted network from hacker intrusions or attacks, and controls the types of traffic
that can flow between the Internet, DMZ, and LAN. Unlike simple NAT routers, a firewall uses
a process called stateful packet inspection to protect your network from attacks and
intrusions. NAT performs a limited stateful inspection in that it considers whether the
incoming packet is in response to an outgoing request, but true stateful packet inspection
goes far beyond NAT.
For IPv6, which in itself provides stronger security than IPv4, a firewall in particular controls
the exchange of traffic between the Internet, DMZ, and LAN.
Administrator Tips
Consider the following operational items:
1.
As an option, you can enable remote management if you have to manage distant sites
from a central location (see
Configure Authentication Domains, Groups, and Users
on
page
303 and
Configure Remote Management Access
on page
338).
2.
Although rules are the basic way of managing the traffic through your system (see
Overview
of Rules to Block or Allow Specific Kinds of Traffic
on page
136), you can further refine your
control using the following features and capabilities of the VPN firewall:
-
Groups and hosts (see
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
on
page
96)
-
Services (see
Outbound Rules (Service Blocking)
on page
137 and
Inbound Rules
(Port Forwarding)
on page
140)
-
Schedules (see
Set a Schedule to Block or Allow Specific Traffic
on page
189)
-
Allowing or blocking sites (see
Configure Content Filtering
on page
186)
-
Source MAC filtering (see
Enable Source MAC Filtering
on page
190)
-
Port triggering (see
Configure Port Triggering
on page
197)
3.
Some firewall settings might affect the performance of the VPN firewall. For more
information, see
Performance Management
on page
329.
4.
The firewall logs can be configured to log and then email denial of access, general attack,
and other information to a specified email address. For information about how to configure
logging and notifications, see
Configure Logging, Alerts, and Event Notifications
on
page
362.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top