Firewall Protection
132
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
A firewall has two default rules, one for inbound traffic and one for outbound. The default
rules of the VPN firewall are:
• Inbound. Block all access from outside except responses to requests from the LAN side.
• Outbound. Allow all access from the LAN side to the outside.
The firewall rules for blocking and allowing traffic on t
he VPN firewall can be applied to LAN
WAN traffic, DMZ WAN traffic, and LAN DMZ traffic.
The rules to block or allow traffic are based on the traffic’s category of service:
• Out
bound rules (service blocking). Outbound traffic is allowed unless you configure
the firewall to block specific or all outbound traffic.
• Inboun
d rules (port forwarding). Inbound traffic is blocked unless the traffic is in
response to a request from the LAN side. You can configure the firewall to allow specific
or all inbound traffic.
• Customized se
rvices. You can add additional services to the list of services in the
factory defaults list. You can then define rules for these added services to either allow or
block that traffic (see Add Customized Services on page 172).
• Qua
lity of Service (QoS) priorities. Each service has its own native priority that impacts
its quality of performance and tolerance for jitter or delays. You can change the QoS
priority, which changes the traffic mix through the system (see Create Quality of Service
Profiles for IPv4 Firewall Rules on p
age 179 and Quality of Service Priorities for IPv6
Firewall Rules o
n page 181).
• Bandwid
th profiles. After you have a configured a bandwidth profile (see Create
Bandwidth Profiles on p
age 176), you can assign it to a rule.
Table 31. Number of supported firewall rule configurations
Traffic Rule Maximum Number of
Outbound Rules
Maximum Number of
Inbound Rules
Maximum Number of
Combined Supported Rules
LAN WAN 300 300 600
DMZ WAN 50 50 100
LAN DMZ 50 50 100
Total Rules 400 400 800