NETGEAR FVX538NA Network Card User Manual


 
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-2 Firewall Protection and Content Filtering
v1.0, August 2006
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the FVX538 are:
Inbound: Block all access from outside except responses to requests from the LAN side.
Outbound: Allow all access from the LAN side to the outside.
The firewall rules for blocking/allowing traffic on the VPN firewall can be applied to LAN/WAN
traffic, DMZ/WAN traffic and LAN/DMZ traffic.
Services-Based Rules
The rules to block traffic are based on the traffic’s category of service.
Outbound Rules (service blocking) – Outbound traffic is normally allowed unless the
firewall is configured to disallow it.
Inbound Rules (port forwarding) – Inbound traffic is normally blocked by the firewall
unless the traffic is in response to a request from the LAN side. The firewall can be configured
to allow this otherwise blocked traffic.
Customized Services – Additional services can be added to the list of services in the factory
default list. These added services can then have rules defined for them to either allow or block
that traffic (see “Adding Customized Services” on page 4-21.
Quality of Service (QoS) priorities – Each service at its own native priority that impacts its
quality of performance and tolerance for jitter or delays. You can change this QoS priority if
desired to change the traffic mix through the system (see “Setting Quality of Service (QoS)
Priorities” on page 4-23).
Outbound Rules (Service Blocking)
The FVX538 allows you to block the use of certain Internet services by PCs on your network. This
is called service blocking or port filtering.
Note: See “Enabling Source MAC Filtering” on page 4-27 for yet another way to block
outbound traffic from selected PCs that would otherwise be allowed by the
firewall.