1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 29
Page 141 / 469 Scroll up to view Page 136 - 140
Firewall Protection
141
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Note:
When the Block TCP Flood and Block UDP Flood check boxes are
selected on the Attack Checks screen (which they are by default;
see
Attack Checks
on page
170), multiple concurrent connections of
the same application from one host or IP address (such as multiple
DNS queries from one computer) trigger the VPN firewall’s DoS
protection.
The following table describes the fields that define the rules for inbound traffic and that are
common to most Inbound Service screens (see
Figure
79
on page
150,
Figure
85
on
page
156, and
Figure
91
on page
162).
The steps to configure inbound rules are described in the following sections:
Configure LAN WAN Rules
Configure DMZ WAN Rules
Configure LAN DMZ Rules
Table 34.
Inbound rules overview
Setting
Description
Inbound Rules
Service
The service or application to be covered by this rule. If the
service or application does not display in the list, you need to
define it using the Services screen (see
Add Customized
Services
on page
177).
All rules
Action
The action for outgoing connections covered by this rule:
BLOCK always
BLOCK by schedule, otherwise allow
ALLOW always
ALLOW by schedule, otherwise block
Note:
Any inbound traffic that is not blocked by rules you create
is allowed by the default rule.
All rules
Select Schedule
The time schedule (that is, Schedule1, Schedule2, or
Schedule3) that is used by this rule.
This drop-down list is activated only when BLOCK by
schedule, otherwise allow or ALLOW by schedule, otherwise
block is selected as the action.
Use the Schedule screen to configure the time schedules
(see
Set a Schedule to Block or Allow Specific Traffic
on
page
189).
All rules when BLOCK
by schedule,
otherwise allow or
ALLOW by schedule,
otherwise block is
selected as the action
Page 142 / 469
Firewall Protection
142
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Send to LAN Server
The LAN server address determines which computer on your
network is hosting this service rule. (You can also translate this
address to a port number.) The options are:
Single address
. Enter the required address in the Start field
to apply the rule to a single device on your LAN.
Address range
. Enter the required addresses in the Start
and Finish fields to apply the rule to a range of devices.
IPv4 LAN WAN rules
Send to DMZ Server
The DMZ server address determines which computer on your
network is hosting this service rule. (You can also translate this
address to a port number.)
IPv4 DMZ WAN rules
Translate to Port
Number
If the LAN server or DMZ server that is hosting the service is
using a port other than the default port for the service, you can
select this setting and specify a port number. If the service is
using the default port, you do not need to select this setting.
IPv4 LAN WAN rules
IPv4 DMZ WAN rules
WAN Destination IP
Address
The setting that determines the destination IP address applicable
to incoming traffic. This is the public IP address that maps to the
internal LAN server.
This can be either the address of the WAN interface or another
public IP address.
You can also enter an address range. Enter the required
addresses in the Start and Finish fields to apply the rule to a
range of devices.
IPv4 LAN WAN rules
IPv4 DMZ WAN rules
LAN Users
These settings apply to a LAN WAN inbound rule when the WAN
mode is classical routing, and determine which computers on
your network are affected by this rule. The options are:
Any
. All computers and devices on your LAN.
Single address
. Enter the required address in the Start field
to apply the rule to a single device on your LAN.
Address range
. Enter the required addresses in the Start
and Finish fields to apply the rule to a range of devices.
Group
. Select the LAN group to which the rule applies. Use
the LAN Groups screen to assign computers to groups (see
Manage the Network Database
on page
97). Groups apply
only to IPv4 rules.
IP Group
. Select the IP group to which the rule applies. Use
the IP Groups screen to assign IP addresses to groups. See
Create IP Groups
on page
179.
Note:
For IPv4 LAN WAN inbound rules, this field does not
apply when the WAN mode is NAT because your network
presents only
one
IP address to the Internet.
LAN WAN rules
LAN DMZ rules
Table 34.
Inbound rules overview (continued)
Setting
Description
Inbound Rules
Page 143 / 469
Firewall Protection
143
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
WAN Users
The settings that determine which Internet locations are covered
by the rule, based on their IP address. The options are:
Any
. All Internet IP addresses are covered by this rule.
Single address
. Enter the required address in the Start
field.
Address range
. Enter the required addresses in the Start
and Finish fields.
IP Group
. Select the IP group to which the rule applies. Use
the IP Groups screen to assign IP addresses to groups. See
Create IP Groups
on page
179.
LAN WAN rules
DMZ WAN rules
DMZ Users
The settings that determine which DMZ computers on the DMZ
network are affected by this rule. The options are:
Any
. All computers and devices on your DMZ network.
Single address
. Enter the required address in the Start field
to apply the rule to a single computer on the DMZ network.
Address range
. Enter the required addresses in the Start
and Finish fields to apply the rule to a range of DMZ
computers.
Note:
For IPv4 DMZ WAN inbound rules, this field does not
apply when the WAN mode is NAT because your network
presents only
one
IP address to the Internet.
DMZ WAN rules
LAN DMZ rules
QoS Profile
The priority assigned to IP packets of this service. The priorities
are defined by
Type of Service in the Internet Protocol Suite
standards
, RFC 1349. The QoS profile determines the priority of
a service, which, in turn, determines the quality of that service for
the traffic passing through the firewall.
The VPN firewall marks the Type of Service (ToS) field as
defined in the QoS profiles that you create. For more information,
see
Create Quality of Service Profiles for IPv4 Firewall Rules
on
page
184.
Note:
There are no default QoS profiles on the VPN firewall.
After you have created a QoS profile, it can become active only
when you apply it to a nonblocking inbound or outbound firewall
rule.
Note:
QoS profiles do not apply to LAN DMZ rules.
IPv4 LAN WAN rules
IPv4 DMZ WAN rules
Log
The setting that determines whether packets covered by this rule
are logged. The options are:
Always
. Always log traffic that matches this rule. This is
useful when you are debugging your rules.
Never
. Never log traffic that matches this rule.
All rules
Table 34.
Inbound rules overview (continued)
Setting
Description
Inbound Rules
Page 144 / 469
Firewall Protection
144
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Note:
Some residential broadband ISP accounts do not allow you to run
any server processes (such as a web or FTP server) from your
location. Your ISP might periodically check for servers and might
suspend your account if it discovers any active servers at your
location. If you are unsure, see the acceptable use policy of your
ISP.
Order of Precedence for Rules
As you define a new rule, it is added to a table in a Rules screen as the last item in the list, as
shown in the following figure, which shows the LAN WAN Rules screen for IPv4 as an
example:
Figure 74.
Bandwidth Profile
Bandwidth limiting determines how the data is sent to and from
your host. The purpose of bandwidth limiting is to provide a
solution for limiting the outgoing and incoming traffic, thus
preventing the LAN users from consuming all the bandwidth of
the Internet link. For more information, see
Create Bandwidth
Profiles
on page
181. For inbound traffic, you can configure
bandwidth limiting only on the LAN interface for a LAN WAN rule.
Note:
Bandwidth limiting does not apply to the DMZ interface.
IPv4 LAN WAN rules
Table 34.
Inbound rules overview (continued)
Setting
Description
Inbound Rules
Page 145 / 469
Firewall Protection
145
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
For any traffic attempting to pass through the firewall, the packet information is subjected to
the rules in the order shown in the Outbound Services and Inbound Services tables,
beginning at the top of each table and proceeding to the bottom of each table. In some cases,
the order of precedence of two or more rules might be important in determining the
disposition of a packet. For example, you should place the most strict rules at the top (those
with the most specific services or addresses). The Up and Down table buttons in the Action
column allow you to relocate a defined rule to a new position in the table.
Configure LAN WAN Rules
Create LAN WAN Outbound Service Rules
Create LAN WAN Inbound Service Rules
The default outbound policy is to allow all traffic to the Internet to pass through. Firewall rules
can then be applied to block specific types of traffic from going out from the LAN to the
Internet (outbound). This feature is also referred to as service blocking. You can change the
default policy of Allow Always to Block Always to block all outbound traffic, which then allows
you to enable only specific services to pass through the VPN firewall.
To change the default outbound policy for IPv4 traffic or to change existing IPv4 rules:
1.
Select
Security > Firewall
. The Firewall submenu tabs display with the LAN WAN
Rules screen in view. In the upper right of the screen, the IPv4 radio button is selected
by default. The LAN WAN Rules screen displays the IPv4 settings. (The following figure
contains examples.)
Figure 75.
2.
From the Default Outbound Policy drop-down list, select
Block Always
. (By default, Allow
Always is selected.)
3.
Next to the drop-down list, click the
Apply
table button.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top