1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 37
Page 181 / 469 Scroll up to view Page 176 - 180
Firewall Protection
181
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To delete an IP group:
1.
In the Custom IP Groups table, select the check box to the left of the IP group that you
want to delete, or click the
Select All
table button to select all groups.
2.
Click the
Delete
table button.
Create Bandwidth Profiles
Bandwidth profiles determine how data is communicated with the hosts. The purpose of
bandwidth profiles is to provide a method for allocating and limiting traffic, thus allocating
LAN users sufficient bandwidth while preventing them from consuming all the bandwidth on
your WAN link. A single bandwidth profile can be for both outbound and inbound traffic.
For outbound IPv4 traffic, you can apply bandwidth profiles on the WAN interface; for inbound
IPv4 traffic, you can apply bandwidth profiles to a LAN interface. Bandwidth profiles do not
apply to the DMZ interface, nor to IPv6 traffic.
When a new connection is established by a device, the device locates the firewall rule
corresponding to the connection:
If the rule has a bandwidth profile specification, the device creates a bandwidth class in
the kernel.
If multiple connections correspond to the same firewall rule, the connections all share the
same bandwidth class.
An exception occurs for an individual bandwidth profile if the classes are per-source IP
address classes. The source IP address is the IP address of the first packet that is
transmitted for the connection. So for outbound firewall rules, the source IP address is the
LAN-side IP address; for inbound firewall rules, the source IP address is the WAN-side IP
address. The class is deleted when all the connections that are using the class expire.
After you have created a bandwidth profile, you can assign the bandwidth profile to firewall
rules on the following screens:
Add LAN WAN Outbound Services screen for IPv4 (see
Figure
77
on page
148)
Add LAN WAN Inbound Services screen for IPv4 (see
Figure
79
on page
150)
To add and enable a bandwidth profile:
1.
Select
Security > Bandwidth Profiles
. The Bandwidth Profiles screen displays. (The
following figure shows some examples.)
Page 182 / 469
Firewall Protection
182
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 109.
2.
Under the List of Bandwidth Profiles table, click the
Add
table button.
The Add Bandwidth
Profile screen displays:
Figure 110.
3.
Enter the settings as described in the following table:
Table 38.
Add Bandwidth Profile screen settings
Setting
Description
Profile Name
A descriptive name of the bandwidth profile for identification and management
purposes.
Direction
From the Direction drop-down list, select the traffic direction for the bandwidth profile:
Inbound Traffic
. The bandwidth profile is applied only to inbound traffic. Specify
the inbound minimum and maximum bandwidths.
Outbound Traffic
. The bandwidth profile is applied only to outbound traffic.
Specify the outbound minimum and maximum bandwidths.
Both
. The bandwidth profile is applied to both outbound and inbound traffic.
Specify both the outbound and inbound minimum and maximum bandwidths.
Page 183 / 469
Firewall Protection
183
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
Click
Apply
to save your settings. The new bandwidth profile is added to the List of
Bandwidth Profiles table.
5.
In the Bandwidth Profiles section of the screen, select the
Yes
radio button under Enable
Bandwidth Profiles? (By default, the
No
radio button is selected.)
6.
Click
Apply
to save your settings.
To edit a bandwidth profile:
1.
In the List of Bandwidth Profiles table, click the
Edit
table button to the right of the
bandwidth profile that you want to edit. The Edit Bandwidth Profile screen displays.
2.
Modify the settings that you wish to change (see the previous table).
3.
Click
Apply
to save your changes. The modified bandwidth profile is displayed in the List of
Bandwidth Profiles table.
To delete one or more bandwidth profiles:
1.
In the List of Bandwidth Profiles table, select the check box to the left of each bandwidth
profile that you want to delete, or click the
Select All
table button to select all profiles.
2.
Click the
Delete
table button to delete the selected profile or profiles.
Inbound Minimum
Bandwidth
The inbound minimum allocated bandwidth in Kbps. There is no default setting.
Inbound Maximum
Bandwidth
The inbound maximum allowed bandwidth in Kbps. The maximum allowable
bandwidth is 100,000 Kbps, and you cannot configure less than 100 Kbps. There is
no default setting.
Outbound Minimum
Bandwidth
The outbound minimum allocated bandwidth in Kbps. There is no default setting.
Outbound Maximum
Bandwidth
The outbound maximum allowed bandwidth in Kbps. The maximum allowable
bandwidth is 100,000 Kbps, and you cannot configure less than 100 Kbps. There is
no default setting.
Type
From the Type drop-down list, select the type for the bandwidth profile:
Group
. The profile applies to all users, that is, all users share the available
bandwidth.
Individual
. The profile applies to an individual user, that is, each user can use
the available bandwidth.
Maximum Number
of Instances
If you select Individual from the Type drop-down list, you need
to specify the maximum number of class instances that can be
created by the individual bandwidth profile.
Note:
If the number of users exceeds the configured number
of instances, the same bandwidth is shared among all the
users of that bandwidth profile.
Table 38.
Add Bandwidth Profile screen settings (continued)
Setting
Description
Page 184 / 469
Firewall Protection
184
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Create Quality of Service Profiles for IPv4 Firewall Rules
A Quality of Service (QoS) profile defines the relative priority of an IP packet when multiple
connections are scheduled for simultaneous transmission on the VPN firewall. A QoS profile
becomes active only when it is associated with a nonblocking inbound or outbound firewall
rule or service, and traffic matching the firewall rule or service is processed by the VPN
firewall. Priorities are defined by
Type of Service in the Internet Protocol Suite standards
,
RFC
1349.
You can assign a QoS profile to an IPv4 firewall rule on the following screens:
Add LAN WAN Outbound Services screen for IPv4 (see
Figure
77
on page
148)
Add LAN WAN Inbound Services screen for IPv4 (see
Figure
79
on page
150)
Add DMZ WAN Outbound Services screen for IPv4 (see
Figure
83
on page
154)
Add DMZ WAN Inbound Services screen for IPv4 (
Figure
85
on page
156)
There is no default QoS profile on the VPN firewall. You
could
create QoS profiles similar to
the QoS priorities that are listed in the following section,
Quality of Service Priorities for IPv6
Firewall Rules
.
Note:
To configure and apply QoS profiles successfully, familiarity with
QoS concepts such QoS priority queues, IP precedence, DHCP, and
their values is helpful.
To create a QoS profile:
1.
Select
Security > Services > QoS Profiles
.
The QoS Profiles screen displays. (The
following figure shows some profiles in the List of QoS Profiles table as examples.)
Figure 111.
The screen displays the List of QoS Profiles table with the user-defined profiles.
2.
Under the List of QoS Profiles table, click the
Add
table button. The Add QoS Profile screen
displays:
Page 185 / 469
Firewall Protection
185
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 112.
3.
Enter the settings as described in the following table.
4.
Click
Apply
to save your settings. The new QoS profile is added to the List of QoS Profiles
table.
Table 39.
Add QoS Profile screen settings
Setting
Description
Profile Name
A descriptive name of the QoS profile for identification and management purposes.
Re-Mark
Select the
Re-Mark
check box
to set the Differentiated Services (DiffServ) mark in the
Type of Service (ToS) byte of an IP header by specifying the QoS type (IP precedence
or DHCP) and QoS value. If you clear the Re-Mark check box (which is the default
setting), the QoS profile is specified only by the QoS priority.
QoS
From the QoS drop-down list, select one of the following traffic
classification methods:
IP Precedence
. A legacy method that sets the priority in the ToS
byte of an IP header.
DSCP
. A method that sets the Differentiated Services Code Point
(DSCP) in the Differentiated Services (DS) field (which is the same
as the ToS byte) of an IP header.
QoS Value
The QoS value in the ToS or DiffServ byte of an IP header. The QoS
value that you enter depends on your selection from the QoS
drop-down list:
For IP Precedence, select a value from 0 to 7.
For DSCP, select a value from 1 to 63.
QoS Priority
The QoS priority represents the classification level of the packet among the priority
queues within the VPN firewall. If you select
Default
, packets are mapped based on
the ToS bits in their IP headers.
From the QoS Priority drop-down list, select one of the following priority queues:
Default
High
Medium High
Medium
Low

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top