NETGEAR SRX5308 Router Manual PDF (Setup & Configuration Guide)

Page 146 / 469 Scroll up to view Page 141 - 145

Firewall Protection

146

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

To change an existing outbound or inbound service rule, in the Action column to the right of

the rule, click one of the following table buttons:

•

Up

. Moves the rule up one position in the table rank.

•

Down

. Moves the rule down one position in the table rank.

•

Edit

.

Lets you change the definition of an existing rule. Depending on your selection, one

of the following screens displays:

-

Edit LAN WAN Outbound Service screen for IPv4 (identical to

Figure

77

on page

148)

-

Edit LAN WAN Inbound Service screen for IPv4 (identical to

Figure

79

on page

150)



To change the default outbound policy for IPv6 traffic or to change existing IPv6 rules:

1.

Select

Security > Firewall

. The Firewall submenu tabs display with the LAN WAN

Rules screen for IPv4 in view.

2.

In the upper right of the screen, select the

IPv6

radio button. The LAN WAN Rules screen

displays the IPv6 settings. (The following figure contains examples.)

Figure 76.

3.

From the Default Outbound Policy drop-down list, select

Block Always

. (By default, Allow

Always is selected.)

4.

Next to the drop-down list, click the

Apply

table button.

To change an existing outbound or inbound service rule, in the Action column to the right of

the rule, click one of the following table buttons:

•

Up

. Moves the rule up one position in the table rank.

•

Down

. Moves the rule down one position in the table rank.

•

Edit

.

Lets you change the definition of an existing rule. Depending on your selection, one

of the following screens displays:

-

Edit LAN WAN Outbound Service screen for IPv6 (identical to

Figure

78

on page

149)

-

Edit LAN WAN Inbound Service screen for IPv6 (identical to

Figure

80

on page

151)

Page 147 / 469

Firewall Protection

147

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308



To enable, disable, or delete one or more IPv4 or IPv6 rules:

1.

Select the check box to the left of each rule that you want to enable, disable, or delete,

or click the

Select All

table button to select all rules.

2.

Click one of the following table buttons:

•

Enable

.

Enables the rule or rules. The ! status icon changes from a gray circle to a

green circle, indicating that the selected rule or rules are enabled. (By default, when a

rule is added to the table, it is automatically enabled.)

•

Disable

.

Disables the rule or rules. The ! status icon changes from a green circle to a

gray circle, indicating that the selected rule or rules are disabled.

•

Delete

.

Deletes the selected rule or rules.

Create LAN WAN Outbound Service Rules

You can define rules that specify exceptions to the default rules. By adding custom rules, you

can block or allow access based on the service or application, source or destination IP

addresses, and time of day. An outbound rule can block or allow traffic between an internal IP

LAN address and any external WAN IP address according to the schedule created on the

Schedule screen.

WARNING:

Make sure that you understand the consequences of a LAN WAN

outbound rule before you apply the rule. Incorrect configuration

might cause serious connection problems.

You can also tailor these rules to your specific needs (see

Administrator Tips

on page

135).

IPv4 LAN WAN Outbound Rules



To create an IPv4 LAN WAN outbound rule:

1.

In the upper right of the LAN WAN Rules screen, the IPv4 radio button is selected by

default. The screen displays the IPv4 settings (see

Figure

75

on page

145).

Click the

Add

table button under the Outbound Services table. The Add LAN WAN

Outbound Service screen for IPv4 displays:

Page 148 / 469

Firewall Protection

148

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 77.

2.

Enter the settings as described in

Table

33

on page

137. In addition to selections from the

Service, Action, and Log drop-down lists, you need to make selections from the following

drop-down lists:

•

LAN Users

•

WAN Users

Unless your selection from the Action drop-down list is BLOCK always, you also need to

make selections from the following drop-down lists:

•

Select Schedule

•

QoS Profile

•

Bandwidth Profile

•

NAT IP (This drop-down list is available only when the WAN mode is NAT.)

3.

Click

Apply

to save your changes. The new rule is now added to the Outbound Services

table.

IPv6 LAN WAN Outbound Rules



To create an IPv6 LAN WAN outbound rule:

1.

In the upper right of the LAN WAN Rules screen, select the

IPv6

radio button. The screen

displays the IPv6 settings (see

Figure

76

on page

146).

2.

Click the

Add

table button under the Outbound Services table. The Add LAN WAN

Outbound Service screen for IPv6 displays:

Page 149 / 469

Firewall Protection

149

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 78.

3.

Enter the settings as described in

Table

33

on page

137. In addition to selections from the

Service, Action, and Log drop-down lists, you need to make selections from the following

drop-down lists:

•

LAN Users

•

WAN Users

Unless your selection from the Action drop-down list is BLOCK always, you also need to

make a selection from the following drop-down lists:

•

Select Schedule

•

QoS Priority

4.

Click

Apply

to save your changes. The new rule is now added to the Outbound Services

table.

Create LAN WAN Inbound Service Rules

The Inbound Services table lists all existing rules for inbound traffic. If you have not defined

any rules, no rules are listed. By default, all inbound traffic (from the Internet to the LAN) is

blocked. Remember that allowing inbound services opens potential security holes in your

firewall. Enable only those ports that are necessary for your network.

WARNING:

Make sure that you understand the consequences of a LAN WAN

inbound rule before you apply the rule. Incorrect configuration

might cause serious connection problems. If you are configuring

the VPN firewall from a remote connection, you might be locked

out.

Page 150 / 469

Firewall Protection

150

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

IPv4 LAN WAN Inbound Service Rules



To create an IPv4 LAN WAN inbound rule:

1.

In the upper right of the LAN WAN Rules screen, the IPv4 radio button is selected by default.

The screen displays the IPv4 settings (see

Figure

75

on page

145).

Click the

Add

table button under the Inbound Services table. The Add LAN WAN Inbound

Service screen for IPv4 displays:

Figure 79.

2.

Enter the settings as described in

Table

34

on page

141. In addition to selections from the

Service, Action, and Log drop-down lists, you need to make selections from the following

drop-down lists:

•

WAN Destination IP Address

•

LAN Users (This drop-down list is available only when the WAN mode is Classical

Routing. When the WAN mode is NAT, your network presents only one IP address to

the Internet.)

•

WAN Users

Unless your selection from the Action drop-down list is BLOCK always, you also need to

make selections from the following drop-down lists:

•

Select Schedule

•

Send to Lan Server

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share