Firewall Protection
187
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
4. Click Apply to save your settings. The MAC Address field in the Add Source MAC Address
section of the screen now becomes available.
5. Build
your list of source MAC addresses to be permitted or blocked by entering the first MAC
address in the MAC Address field. A MAC address needs to be entered in the format
xx:xx:xx:xx:xx:xx, in which x is a numeric (0 to 9) or a letter between a and f (inclusive), for
example: aa:1
1:bb:22:cc:33.
WARNING:
If you select Permit and Block the rest from the drop-down list but
do not add the MAC address of the computer from which you are
accessing the web management interface, you are locked out of
the web management interface.
6. Click the Add table button. The MAC address is added to the MAC Addresses table.
7. Repe
at the previous two steps to add more MAC addresses to the MAC Addresses table.
To remove one or more MAC addresses from the table:
1. Select
the check box to the left of each MAC address that you want to delete, or click
the Select All table button to select all addresses.
2. Click the Del
ete table button.
Set Up IP/MAC Bindings
IP/MAC binding allows you to bind an IPv4 or IPv6 address to a MAC address and the other
way around. Some computers or devices are configured with static addresses. To prevent
users from changing their static IP addresses, the IP/MAC binding feature needs to be
enabled on the VPN firewall. If the VPN firewall detects packets with an IP address that
matches the IP address in the IP/MAC Bindings table but does not match the related MAC
address in the IP/MAC Bindings table (or the other way around), the packets are dropped. If
you have enabled the logging option for the IP/MAC binding feature, these packets are
logged before they are dropped. The VPN firewall displays the total number of dropped
packets that violate either the IP-to-MAC binding or the MAC-to-IP binding.
Note: You can bind IP addresses to MAC addresses for DHCP
assignment on the LAN Groups submenu. See
Manage the Network
Database on page 92.
As an example, assume that three computers on the LAN are set up as follows, and that their
I
Pv4 and MAC addresses are added to the IP/MAC Bindings table:
• Host 1. MAC address (0
0:01:02:03:04:05) and IP address (192.168.10.10)
• Host 2. MAC address (0
0:01:02:03:04:06) and IP address (192.168.10.11)
• Host 3. MAC address (0
0:01:02:03:04:07) and IP address (192.168.10.12)