1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 36
Page 176 / 469 Scroll up to view Page 171 - 175
Firewall Protection
176
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To delete one or more multicast source addresses:
1.
In the Alternate Networks table, select the check box to the left of each address that you
want to delete, or click the
Select All
table button to select all addresses.
2.
Click the
Delete
table button.
Manage the Application Level Gateway for SIP Sessions
The application level gateway (ALG) facilitates multimedia sessions such as voice over IP
(VoIP) sessions that use the Session Initiation Protocol (SIP) across the firewall and provides
support for multiple SIP clients. SIP support for the ALG, which is an IPv4 feature, is disabled
by default.
To enable ALG for SIP:
1.
Select
Security > Firewall > Advanced
.
The Advanced screen displays:
Figure 104.
2.
Select the
Enable SIP ALG
check box.
3.
Click
Apply
to save your settings.
Services, Bandwidth Profiles, and QoS Profiles
Add Customized Services
Create IP Groups
Create Bandwidth Profiles
Create Quality of Service Profiles for IPv4 Firewall Rules
Quality of Service Priorities for IPv6 Firewall Rules
When you create inbound and outbound firewall rules, you use firewall objects such as
services, QoS profiles, bandwidth profiles, and schedules to narrow down the firewall rules:
Services
. A service narrows down the firewall rule to an application and a port number.
For information about adding services and IP groups, see
Add Customized Services
on
page
177 and
Create IP Groups
on page
179.
Bandwidth profiles
. A bandwidth profile allocates and limits traffic bandwidth for the LAN
users to which an IPv4 firewall rule is applied. For information about creating bandwidth
profiles, see
Create Bandwidth Profiles
on page
181.
Page 177 / 469
Firewall Protection
177
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
QoS profiles and priorities
. A Quality of Service (QoS) profile defines the relative
priority of an IP packet for traffic that matches the firewall rule. For information about
creating QoS profiles for IPv4 firewall rules, see
Create Quality of Service Profiles for
IPv4 Firewall Rules
on page
184. For information about predefined QoS priorities that are
available for IPv6 firewall rules, see
Quality of Service Priorities for IPv6 Firewall Rules
on
page
186.
Note:
A schedule narrows down the period during which a firewall rule is
applied. For information about specifying schedules, see
Set a
Schedule to Block or Allow Specific Traffic
on page
189.
Add Customized Services
Services are functions performed by server computers at the request of client computers.
You can configure up to 124 custom services.
For example, web servers serve web pages, time servers serve time and date information,
and game hosts serve data about other players’ moves. When a computer on the Internet
sends a request for service to a server computer, the requested service is identified by a
service or port number. This number appears as the destination port number in the
transmitted IP packets. For example, a packet that is sent with destination port number 80 is
an HTTP (web server) request.
The service numbers for many common protocols are defined by the Internet Engineering
Task Force (IETF) and published in RFC
1700,
Assigned Numbers
. Service numbers for
other applications are typically chosen from the range 1024 to 65535 by the authors of the
application. However, on the VPN firewall you can select service numbers in the range from 1
to 65535.
Although the VPN firewall already holds a list of many service port numbers, you are not
limited to these choices. Use the Services screen to add additional services and applications
to the list for use in defining firewall rules. The Services screen shows a list of services that
you have defined, as shown in the following figure.
To define a new service, you need to determine first which port number or range of numbers
is used by the application. You can usually determine this information by contacting the
publisher of the application, user groups, or newsgroups. When you have the port number
information, you can enter it on the Services screen.
To add a customized service:
1.
Select
Security > Services
. The Services screen displays. The Custom Services table
shows the user-defined services. (The following figure shows some examples.)
Page 178 / 469
Firewall Protection
178
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 105.
2.
In the Add Customer Service section of the screen, enter the settings as described in the
following table:
3.
Click
Apply
to save your settings. The new custom service is added to the Custom Services
table.
To edit a service:
1.
In the Custom Services table, click the
Edit
table button to the right of the service that
you want to edit. The Edit Service screen displays:
Table 37.
Services screen settings
Setting
Description
Name
A descriptive name of the service for identification and management purposes.
Type
From the Type drop-down list, select the Layer 3 protocol that the service uses as its
transport protocol:
TCP
UDP
ICMP
ICMPv6
ICMP Type
A numeric value that can range between 0 and 40. For a list of ICMP types, see
.
Note:
This field is enabled only when you select ICMP or ICMPv6 from the Type
drop-down list.
Start Port
The first TCP or UDP port of a range that the service uses.
Note:
This field is enabled only when you select TCP or UDP from the Type drop-down list.
Finish Port
The last TCP or UDP port of a range that the service uses. If the service uses only a single
port number, enter the same number in the Start Port and Finish Port fields.
Note:
This field is enabled only when you select TCP or UDP from the Type drop-down list.
Page 179 / 469
Firewall Protection
179
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 106.
2.
Modify the settings that you wish to change (see the previous table).
3.
Click
Apply
to save your changes. The modified service is displayed in the Custom Services
table.
To delete one or more services:
1.
In the Custom Services table, select the check box to the left of each service that you
want to delete, or click the
Select All
table button to select all services.
2.
Click the
Delete
table button.
Create IP Groups
An IP group contains a collection of individual IP addresses that do not need to be within the
same IP address range. You specify an IP group as either a LAN group or WAN group and
use the group as a firewall object to which you apply a firewall rule.
To create an IP group:
1.
Select
Security > Services > IP Groups
. The IP Groups screen displays. (The
following figure shows two groups in the Custom IP Groups Table as examples.)
Figure 107.
Page 180 / 469
Firewall Protection
180
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
2.
In the Add New Custom IP Group section of the screen, do the following:
In the IP Group Name field, enter a name for the group.
From the IP Group Type drop-down list, select
LAN Group
or
WAN Group
.
3.
Click
Apply
to save your changes. The new IP group is displayed in the Custom IP Groups
Table.
4.
In the Custom IP Groups Table, click the
Edit
table button to the right of the IP group that
you just created. The Edit IP Group screen displays. (The following figure shows two IP
addresses in the IP Addresses Grouped table as examples.)
Figure 108.
5.
In the IP Address fields, type an IP address.
6.
Click the
Add
table button to add the IP address to the IP Addresses Grouped table.
7.
Repeat the previous two steps to add more IP addresses to the IP Addresses Grouped
table.
8.
Click the
Edit
table button to return to the IP Groups screen.
To edit an IP group:
1.
In the Custom IP Groups Table, click the
Edit
table button to the right of the IP group that
you want to edit. The Edit IP Group screen displays.
2.
In the Edit New Custom IP Group section of the screen, modify the settings that you wish to
change:
You can change the group name.
You can change the group type.
You can delete an IP address from the IP Addresses Grouped table by selecting the
check box to the left of the IP address that you want to delete and then clicking the
Delete
table button. You can delete all IP addresses by clicking the
Select All
table
button and clicking the
Delete
table button.
You can add IP addresses to the IP Addresses Grouped Table (see
Step
4
,
Step
5
, and
Step
6
in the previous procedure).
3.
Click the
Edit
table button to return to IP Groups screen.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top