Page 161 / 469
Scroll up to view Page 156 - 160
Firewall Protection
161
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Unless your selection from the Action drop-down list is BLOCK always, you also need to
make a selection from the following drop-down list:
•
Select Schedule
3.
Click
Apply
.
The new rule is now added to the Outbound Services table. The rule is
automatically enabled.
IPv6 LAN DMZ Outbound Service Rules
To create an IPv6 LAN DMZ outbound rule:
1.
In the upper right of the LAN DMZ Rules screen, select the
IPv6
radio button. The screen
displays the IPv6 settings (see
Figure
88
on page
159).
2.
Click the
Add
table button under the Outbound Services table. The Add LAN DMZ
Outbound Service screen for IPv6 displays:
Figure 90.
3.
Enter the settings as described in
Table
33
on page
137. In addition to selections from the
Service, Action, and Log drop-down lists, you need to make selections from the following
drop-down lists:
•
LAN Users
•
DMZ Users
Unless your selection from the Action drop-down list is BLOCK always, you also need to
make a selection from the following drop-down list:
•
Select Schedule
4.
Click
Apply
.
The new rule is now added to the Outbound Services table. The rule is
automatically enabled.
Page 162 / 469
Firewall Protection
162
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Create LAN DMZ Inbound Service Rules
The Inbound Services table lists all existing rules for inbound traffic. If you have not defined
any rules, no rules are listed. By default, all inbound traffic (from the LAN to the DMZ) is
blocked.
IPv4 LAN DMZ Inbound Service Rules
To create an IPv4 LAN DMZ inbound rule:
1.
In the upper right of the LAN DMZ Rules screen, the IPv4 radio button is selected by default.
The screen displays the IPv4 settings (see
Figure
87
on page
158).
Click the
Add
table button under the Inbound Services table. The Add LAN DMZ Inbound
Service screen for IPv4 displays:
Figure 91.
2.
Enter the settings as described in
Table
34
on page
141. In addition to selections from the
Service, Action, and Log drop-down lists, you need to make selections from the following
drop-down lists:
•
LAN Users
•
DMZ Users
Unless your selection from the Action drop-down list is BLOCK always, you also need to
make a selection from the following drop-down list:
•
Select Schedule
3.
Click
Apply
to save your changes. The new rule is now added to the Inbound Services
table.
Page 163 / 469
Firewall Protection
163
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
IPv6 LAN DMZ Inbound Service Rules
To create an IPv6 LAN DMZ inbound rule:
1.
In the upper right of the LAN DMZ Rules screen, select the
IPv6
radio button. The screen
displays the IPv6 settings (see
Figure
88
on page
159).
2.
Click the
Add
table button under the Inbound Services table. The Add LAN DMZ Inbound
Service screen for IPv6 displays:
Figure 92.
3.
Enter the settings as described in
Table
34
on page
141. In addition to selections from the
Service, Action, and Log drop-down lists, you need to make selections from the following
drop-down lists:
•
LAN Users
•
DMZ Users
Unless your selection from the Action drop-down list is BLOCK always, you also need to
make a selection from the following drop-down list:
•
Select Schedule
4.
Click
Apply
to save your changes. The new rule is now added to the Inbound Services
table.
Page 164 / 469
Firewall Protection
164
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Examples of Firewall Rules
•
Examples of Inbound Firewall Rules
•
Examples of Outbound Firewall Rules
Examples of Inbound Firewall Rules
IPv4 LAN WAN Inbound Rule: Host a Local Public Web Server
If you host a public web server on your local network, you can define a rule to allow inbound
web (HTTP) requests from any outside IP address to the IP address of your web server at
any time of the day.
Figure 93.
IPv4 LAN WAN Inbound Rule: Allow a Videoconference from Restricted
Addresses
If you want to allow incoming videoconferencing to be initiated from a restricted range of
outside IP addresses, such as from a branch office, you can create an inbound rule (see the
following figure). In the example, CU-SeeMe connections are allowed only from a specified
range of external IP addresses.
Page 165 / 469
Firewall Protection
165
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 94.
IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Set Up One-to-One NAT
Mapping
In this example, multi-NAT is configured to support multiple public IP addresses on one WAN
interface. An inbound rule configures the VPN firewall to host an additional public IP address
and associate this address with a web server on the LAN.
The following addressing scheme is used to illustrate this procedure:
•
NETGEAR VPN firewall:
-
WAN IP address. 10.1.0.118
-
LAN IP address subnet.
192.168.1.1 with subnet 255.255.255.0
-
DMZ IP address subnet. 176.16.10.1 with subnet 255.255.255.0
•
Web server computer on the VPN firewall’s LAN:
-
LAN IP address. 192.168.1.2
-
DMZ IP address. 176.16.10.2
-
Access to the web server is through the public IP address. 10.168.50.1
19216811.live