Firewall Protection
168
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
3. Click Apply to save your settings.
IPv6 Attack Checks
To enable IPv6 attack checks for your network environment:
1. Select Security > Firewall > Att
ack Checks.
2. In
the upper right of the screen, select the IPv6 radio button. The Attack Checks screen
displays the IPv6 settings:
Figure 98.
3. Configure the following settings:
• Respond to Ping on Internet Port
s. Select the Respond to Ping on Internet Ports
check box to enable the VPN firewall to respond to a ping from the Internet to its IPv6
VPN Pass through
IPSec
PPTP
L2TP
When the VPN firewall functions in NAT mode, all packets going to the remote VPN
g
ateway are first filtered through NAT and then encrypted according to the VPN
policy. For example, if a VPN client or gateway on the LAN side of the VPN firewall
wants to connect to another VPN endpoint on the WAN side (placing the VPN firewall
between two VPN endpoints), encrypted packets are sent to the VPN firewall.
Because the VPN firewall filters the encrypted packets through NAT, the packets
become invalid unless you enable the VPN Pass through feature.
To enable the VPN tunnel to pass the VPN traf
fic without any filtering, select any or
all of the following check boxes:
• IPSec. Di
sables NAT filtering for IPSec tunnels.
• PPTP. Di
sables NAT filtering for PPTP tunnels.
• L2TP. Disables NAT filtering for L2TP tunnels.
By default, all three check boxes are selected.
Multicast Pass through
Enable IGMP IP multicast pass-through allows multicast p
ackets that originate in the WAN, such
as packets from a media streaming or gaming application, to be forwarded to the
LAN subnet. Internet Group Management Protocol (IGMP) is used to support
multicast between IP hosts and their adjacent neighbors.
Select the En
able IGMP check box to enable IP multicast pass-through. By default,
IP multicast pass-through is disabled.
Table 34. Attack Checks screen settings for IPv4 (continued)
Setting Description