Introduction
14
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
- Allows browser-based, platform-independent remote access through a number of
popular browsers, such as Microsoft Internet Explorer, Mozilla Firefox, and Apple
Safari.
- Provides granular access to
corporate resources based on user type or group
membership.
A Powerful, True Firewall with Content Filtering
Unlike simple NAT routers, the VPN firewall is a true firewall, using stateful packet inspection
(SPI) to defend against hacker attacks. Its firewall features have the following capabilities:
• DoS protection.
Automatically detects and thwarts denial of service (DoS) attacks such
as Ping of Death and SYN flood.
• Secure firewall. Blocks un
wanted traffic from the Internet to your LAN.
• Content fil
tering. Prevents objectionable content from reaching your computers. You
can control access to Internet content by screening for web services, web addresses, and
keywords within web addresses.
• Schedul
e policies. Permits scheduling of firewall policies by day and time.
• Logs security incident
s. Logs security events such as logins and secure logins. You can
configure the firewall to email the log to you at specified intervals. You can also configure
the VPN firewall to send immediate alert messages to your email address or email pager
when a significant event occurs.
Security Features
The VPN firewall is equipped with several features designed to maintain security:
• Computers h
idden by NAT. NAT opens a temporary path to the Internet for requests
originating from the local network. Requests originating from outside the LAN are
discarded, preventing users outside the LAN from finding and directly accessing the
computers on the LAN.
• Port forwarding
with NAT. Although NAT prevents Internet locations from directly
accessing the computers on the LAN, the VPN firewall allows you to direct incoming
traffic to specific computers based on the service port number of the incoming request.
• DMZ po
rt. Incoming traffic from the Internet is usually discarded by the VPN firewall
unless the traffic is a response to one of your local computers or a service for which you
have configured an inbound rule. Instead of discarding this traffic, you can use the
dedicated demilitarized zone (DMZ) port to forward the traffic to one computer on your
network.
Autosensing Ethernet Connections with Auto Uplink
With its internal four-port 10/100/1000 Mbps switch and four 10/100/1000 WAN ports, the
VPN firewall can connect to a 10-Mbps standard Ethernet network, a 100-Mbps Fast Ethernet