NETGEAR SRX5308-100NAS Switch User Manual


 
Firewall Protection
176
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
To delete an IP group:
1. In the Custom IP Groups table, select the check box to the left of the IP group that you
want to delete, or click the Select All table button to select all groups.
2. Click the Delete t
able button.
Create Bandwidth Profiles
Bandwidth profiles determine the way in which data is communicated with the hosts. The
purpose of bandwidth profiles is to provide a method for allocating and limiting traffic, thus
allocating LAN users sufficient bandwidth while preventing them from consuming all the
bandwidth on your WAN link. A single bandwidth profile can be for both outbound and
inbound traffic.
For outbound IPv4 traffic, you can apply bandwidth
profiles on the WAN interface; for inbound
IPv4 traffic, you can apply bandwidth profiles to a LAN interface. Bandwidth profiles do not
apply to the DMZ interface, nor to IPv6 traffic.
When a new connection is established by a de
vice, the device locates the firewall rule
corresponding to the connection:
If the
rule has a bandwidth profile specification, the device creates a bandwidth class in
the kernel.
If mult
iple connections correspond to the same firewall rule, the connections all share the
same bandwidth class.
An exception occurs for an individual bandwidth profile if the classes are per-source IP
addre
ss classes. The source IP address is the IP address of the first packet that is
transmitted for the connection. So for outbound firewall rules, the source IP address is the
LAN-side IP address; for inbound firewall rules, the source IP address is the WAN-side IP
address. The class is deleted when all the connections that are using the class expire.
After you have created a bandwidth profile, you ca
n assign the bandwidth profile to firewall
rules on the following screens:
Add LAN W
AN Outbound Services screen for IPv4 (see Figure 74 on page 143)
Add LAN W
AN Inbound Services screen for IPv4 (see Figure 76 on page 145)
To add and enable a bandwidth profile:
1. Select Security > Bandwid
th Profiles. The Bandwidth Profiles screen displays. (The
following figure shows some examples.)