ProSafe VPN Firewall 200 FVX538 Reference Manual
Router and Network Management 6-5
v1.0, August 2006
VPN Firewall Features That Increase Traffic
Features that tend to increase WAN-side loading are as follows:
• Port forwarding
• Port triggering
• DMZ port
• Exposed hosts
•VPN tunnels
Port Forwarding
The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal
data or damage your PCs, but overloads your Internet connection so you can not use it (i.e., the
service is unavailable). You can also create additional firewall rules that are customized to block or
allow specific traffic.
You can control specific inbound traffic (i.e., from WAN to LAN and from WAN to DMZ).
Inbound Services lists all existing rules for inbound traffic. If you have not defined any rules, only
the default rule will be listed. The default rule blocks all inbound traffic.
Each rule lets you specify the desired action for the connections covered by the rule:
•BLOCK always
• BLOCK by schedule, otherwise Allow
• ALLOW always
• ALLOW by schedule, otherwise Block
You can also enable a check on special rules:
• VPN Passthrough – Enable this to pass the VPN traffic without any filtering, specially used
when this firewall is between two VPN tunnel end points.
• Drop fragmented IP packets – Enable this to drop the fragmented IP packets.
• UDP Flooding – Enable this to limit the number of UDP sessions created from one LAN
machine.
• TCP Flooding – Enable this to protect the router from Syn flood attack.
Warning: This feature is for Advanced Administrators only! Incorrect configuration
will cause serious problems.