NETGEAR SRX5308-100NAS Switch User Manual


 
Firewall Protection
135
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Inbound Rules (Port Forwarding)
If you have enabled Network Address Translation (NAT), your network presents one IP
address only to the Internet, and outside users cannot directly access any of your local
computers (LAN users). (For information about configuring NAT, see Network Address
Translation o
n page 28.) However, by defining an inbound rule you can make a local server
(for example, a web server or game server) visib
le and available to the Internet. The rule
informs the firewall to direct inbound traffic for a particular service to one local server based
on the destination port number. This process is also known as port forwarding.
WARNING:
Allowing inbound services opens security holes in your network.
Enable only those ports that are necessary for your network.
Bandwidth Profile Bandwidth limiting determines how the data is sent to and from
your host. The purpose of bandwidth limiting is to provide a
solution for limiting the outgoing and incoming traffic, thus
preventing the LAN users from consuming all the bandwidth of the
Internet link. For more information, see Create Bandwidth Profiles
on page 176. For outbound traffic, you can configure bandwidth
limiting only on the WAN interface for a LAN WAN rule.
Note: Ba
ndwidth limiting does not apply to the DMZ interface.
IPv4 LAN WAN rules
Log The setting that determines whether packets covered by this rule
are logged. The options are:
Alway
s. Always log traffic that matches this rule. This is useful
when you are debugging your rules.
Neve
r. Never log traffic that matches this rule.
All rules
NAT IP The setting that specifies whether th
e source address of the
outgoing packets on the WAN is autodetected, is assigned the
address of the WAN interface, or is a different IP address. You can
specify these settings only for outbound traffic of the WAN
interface. The options are:
Auto. Th
e source address of the outgoing packets is
autodetected through the configured routing and load balancing
rules.
W
AN Interface Address. All the outgoing packets on the WAN
are assigned to the address of the specified WAN interface.
S
ingle Address. All the outgoing packets on the WAN are
assigned to the specified IP address, for example, a secondary
WAN address that you have configured.
Note: T
he NAT IP drop-down list is available only when the WAN
mode is NAT. If you select Single Address, the IP address
specified should fall under the WAN subnet.
IPv4 LAN WAN rules
IPv4 DMZ WAN rules
Table 32. Outbound rules overview (continued)
Setting Description Outbound Rules