ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual
VPN Firewall and Network Management 6-5
v1.1, August 2010
Port Forwarding
The VPN firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt
to steal data or damage your PCs, but overloads your Internet connection so you can not use it (that
is, the service is unavailable). You can also create additional firewall rules that are customized to
block or allow specific traffic. (See “Using Rules to Block or Allow Specific Kinds of Traffic” on
page 4-2 for the procedure on how to use this feature.)
You can control specific inbound traffic (that is, from WAN to LAN and from WAN to DMZ). The
LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for inbound traffic
If you have not defined any rules, only the default rule will be listed. The default rule blocks all
inbound traffic.
Each rule lets you specify the desired action for the connections covered by the rule:
• BLOCK always
• BLOCK by schedule, otherwise Allow
• ALLOW always
• ALLOW by schedule, otherwise Block
You can also enable a check on special rules:
• VPN Passthrough. Passes the VPN traffic without any filtering, specially used when this
firewall is between two VPN tunnel end points.
• Drop fragmented IP packets. Drops any fragmented IP packets.
• UDP Flooding. Limits the number of UDP sessions created from one LAN machine.
• TCP Flooding. Protects the VPN firewall from SYN flood attack.
• Enable DNS Proxy. Allows the VPN firewall to handle DNS queries from the LAN.
• Enable Stealth Mode. Prevents the VPN firewall from responding to incoming requests for
unsupported services.
As you define your firewall rules, you can further refine their application according to the
following criteria:
• LAN Users. These settings determine which computers on your network are affected by this
rule. Select the desired IP Address in this field.
Warning: This feature is for advanced administrators only! Incorrect configuration will
cause serious problems.