1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 32
Page 156 / 469 Scroll up to view Page 151 - 155
Firewall Protection
156
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Unless your selection from the Action drop-down list is BLOCK always, you also need to
make selections from the following drop-down lists:
Select Schedule
QoS Priority
4.
Click
Apply
.
The new rule is now added to the Outbound Services table. The rule is
automatically enabled.
Create DMZ WAN Inbound Service Rules
The Inbound Services table lists all existing rules for inbound traffic. If you have not defined
any rules, no rules are listed. By default, all inbound traffic (from the Internet to the DMZ) is
blocked.
Inbound rules that are configured on the LAN WAN Rules screen take precedence over
inbound rules that are configured on the DMZ WAN Rules screen. As a result, if an inbound
packet matches an inbound rule on the LAN WAN Rules screen, it is not matched against the
inbound rules on the DMZ WAN Rules screen.
IPv4 DMZ WAN Inbound Service Rules
To create an IPv4 DMZ WAN inbound rule:
1.
In the upper right of the DMZ WAN Rules screen, the IPv4 radio button is selected by
default. The screen displays the IPv4 settings (see
Figure
81
on page
152).
Click the
Add
table button under the Inbound Services table. The Add DMZ WAN
Inbound Service screen for IPv4 displays:
Figure 85.
Page 157 / 469
Firewall Protection
157
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
2.
Enter the settings as described in
Table
34
on page
141. In addition to selections from the
Service, Action, and Log drop-down lists, you need to make selections from the following
drop-down lists:
WAN Destination IP Address
DMZ Users (This drop-down list is available only when the WAN mode is Classical
Routing. When the WAN mode is NAT, your network presents only one IP address to
the Internet.)
WAN Users
Unless your selection from the Action drop-down list is BLOCK always, you also need to
make selections from the following drop-down lists:
Select Schedule
Send to DMZ Server
The following configurations are optional:
Translate to Port Number
QoS Profile
3.
Click
Apply
to save your changes. The new rule is now added to the Inbound Services
table.
IPv6 DMZ WAN Inbound Service Rules
To create an IPv6 DMZ WAN inbound rule:
1.
In the upper right of the DMZ WAN Rules screen, select the
IPv6
radio button. The screen
displays the IPv6 settings (see
Figure
82
on page
153).
2.
Click the
Add
table button under the Inbound Services table. The Add DMZ WAN Inbound
Service screen for IPv6 displays:
Figure 86.
3.
Enter the settings as described in
Table
34
on page
141. In addition to selections from the
Service, Action, and Log drop-down lists, you need to make selections from the following
drop-down lists:
DMZ Users
WAN Users
Page 158 / 469
Firewall Protection
158
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Unless your selection from the Action drop-down list is BLOCK always, you also need to
make selections from the following drop-down list:
Select Schedule
4.
Click
Apply
to save your changes. The new rule is now added to the Inbound Services
table.
Configure LAN DMZ Rules
Create LAN DMZ Outbound Service Rules
Create LAN DMZ Inbound Service Rules
The LAN DMZ Rules screen allows you to create rules that define the movement of traffic
between the LAN and the DMZ. The default outbound and inbound policies are to block all
traffic between the local LAN and DMZ network. You can then apply firewall rules to allow
specific types of traffic either going out from the LAN to the DMZ (outbound) or coming in
from the DMZ to the LAN (inbound).
There is no drop-down list that lets you set the default outbound policy as there is on the LAN
WAN Rules screen. You can change the default outbound policy by allowing all outbound
traffic and then blocking specific services from passing through the VPN firewall. You do so
by adding outbound service rules (see
Create LAN DMZ Outbound Service Rules
on
page
160).
To access the LAN DMZ Rules screen for IPv4 or to change existing IPv4 rules:
Select
Security > Firewall > LAN DMZ Rules
.
In the upper right of the screen, the IPv4 radio
button is selected by default. The LAN DMZ Rules screen displays the IPv4 settings. (The
following figure contains examples.)
Figure 87.
Page 159 / 469
Firewall Protection
159
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To change an existing outbound or inbound service rule, in the Action column to the right of
the rule, click one of the following table buttons:
Up
. Moves the rule up one position in the table rank.
Down
. Moves the rule down one position in the table rank.
Edit
.
Lets you change the definition of an existing rule. Depending on your selection, one
of the following screens displays:
-
Edit LAN DMZ Outbound Service screen for IPv4 (identical to
Figure
89
on page
160)
-
Edit LAN DMZ Inbound Service screen for IPv4 (identical to
Figure
91
on page
162)
To access the LAN DMZ Rules screen for IPv6 or to change existing IPv6 rules:
1.
Select
Security > Firewall > LAN DMZ Rules
. The Firewall submenu tabs display with
the LAN DMZ Rules screen for IPv4 in view.
2.
In the upper right of the screen, select the
IPv6
radio button. The LAN DMZ Rules screen
displays the IPv6 settings. (The following figure contains examples.)
Figure 88.
To change an existing outbound or inbound service rule, in the Action column to the right of
the rule, click one of the following table buttons:
Up
. Moves the rule up one position in the table rank.
Down
. Moves the rule down one position in the table rank.
Edit
.
Lets you change the definition of an existing rule. Depending on your selection, one
of the following screens displays:
-
Edit LAN DMZ Outbound Service screen for IPv6 (identical to
Figure
90
on page
161)
-
Edit LAN DMZ Inbound Service screen for IPv6 (identical to
Figure
92
on page
163)
To enable, disable, or delete one or more IPv4 or IPv6 rules:
1.
Select the check box to the left of each rule that you want to enable, disable, or delete,
or click the
Select All
table button to select all rules.
Page 160 / 469
Firewall Protection
160
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
2.
Click one of the following table buttons:
Enable
.
Enables the rule or rules. The ! status icon changes from a gray circle to a
green circle, indicating that the selected rule or rules are enabled. (By default, when a
rule is added to the table, it is automatically enabled.)
Disable
.
Disables the rule or rules. The ! status icon changes from a green circle to a
gray circle, indicating that the selected rule or rules are disabled.
Delete
.
Deletes the selected rule or rules.
Create LAN DMZ Outbound Service Rules
You can change the default outbound policy or define rules that specify exceptions to the
default outbound policy. By adding custom rules, you can block or allow access based on the
service or application, source or destination IP addresses, and time of day. An outbound rule
can block or allow traffic between the DMZ and any internal LAN IP address according to the
schedule created on the Schedule screen.
IPv4 LAN DMZ Outbound Service Rules
To create an IPv4 LAN DMZ outbound rule:
1.
In the upper right of the LAN DMZ Rules screen, the IPv4 radio button is selected by default.
The screen displays the IPv4 settings (see
Figure
87
on page
158).
Click the
Add
table button under the Outbound Services table. The Add LAN DMZ
Outbound Service screen for IPv4 displays:
Figure 89.
2.
Enter the settings as described in
Table
33
on page
137. In addition to selections from the
Service, Action, and Log drop-down lists, you need to make selections from the following
drop-down lists:
LAN Users
DMZ Users

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top