NETGEAR SRX5308-100NAS Switch User Manual


 
Firewall Protection
131
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
incoming packet is in response to an outgoing request, but true stateful packet inspection
goes far beyond NAT.
For IPv6, which in itself provides stronger security th
an IPv4, a firewall in particular controls
the exchange of traffic between the Internet, DMZ, and LAN.
Administrator Tips
Consider the following operational items:
1. As an option, you ca
n enable remote management if you have to manage distant sites
from a central location (see Configure Authentication Domains, Groups, and Users on
page 296 and Configure Remote Management Access on p
age 330).
2. Although rules are the
basic way of managing the traffic through your system (see Overview
of Rules to Block or Allow Specific Kinds of Traffic on p
age 131), you can further refine your
control using the following features and cap
abilities of the VPN firewall:
- Group
s and hosts (see Manage IPv4 Groups and Hosts (IPv4 LAN Groups) on
page 91)
- Ser
vices (see Outbound Rules (Service Blocking) on page 133 and Inbound Rules
(Port Forwarding) on p
age 135)
- Schedules (see Set a Schedule to Block or Allow Specific Traffic o
n page 185)
- Allowin
g or blocking sites (see Configure Content Filtering on page 181)
- Sou
rce MAC filtering (see Enable Source MAC Filtering on page 186)
- Por
t triggering (see Configure Port Triggering on page 192)
3. Some fire
wall settings might affect the performance of the VPN firewall. For more
information, see Performance Management on p
age 321.
4. The firewall logs can be
configured to log and then email denial of access, general attack,
and other information to a specified email address. For information about how to configure
logging and notifications, see Configure Logging, Alerts, and Event Notifications on
page 353.
Overview of Rules to Block or Allow Specific Kinds of
Traffic
Outbound Rules (Service Blocking)
Inbound Rules (Port Forwarding)
Order of Precedence for Rules
Firewall rules are used to block or allow specific traf
fic passing through from one side to the
other. You can configure up to 600 firewall rules on the VPN firewall (see the following table).
Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively
allowing only specific outside users to access specific resources. Outbound rules (LAN to
WAN) determine what outside resources local users can have access to.