Firewall Protection
188
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
There are three possible scenarios in relation to the addresses in the IP/MAC Bindings table:
• Host 1 has not changed its IP and MAC addresses. A packet coming from Host 1 has IP
and MAC addresses that match those in the IP/MAC Bindings table.
• Host 2
has changed its MAC address to 00:01:02:03:04:09. The packet has an IP
address that matches the IP address in the IP/MAC Bindings table but a MAC address
that does not match the MAC address in the IP/MAC Bindings table.
• Host
3 has changed its IP address to 192.168.10.15. The packet has a MAC address that
matches the MAC address in the IP/MAC Bindings table but an IP address that does not
match the IP address in the IP/MAC Bindings table.
In this example, the VPN firewall blocks the traffic coming
from Host 2 and Host 3, but allows
the traffic coming from Host 1 to any external network. The total count of dropped packets is
displayed.
IPv4/MAC Bindings
To set up a binding between a MAC address and an IPv4 address:
1. Select Security > Address
Filter > IP/MAC Binding. In the upper right of the screen,
the IPv4 radio button is selected by default. The IP/MAC Binding screen displays the
IPv4 settings. (The following figure shows a binding in the IP/MAC Binding table as an
example.)
Figure 112.
2. In the Email IP/MAC Violations section of the screen, specify if you want to enable email
logs for IP/MAC binding violations. (You have to do this only once.) Select one of the
following radio buttons:
• Ye
s. IP/MAC binding violations are emailed. Click the Firewall Logs & E-mail page
link to ensure that emailing of logs is enabled on the Firewall Logs & E-mail screen
(see Configure Logging, Alerts, and Event Notifications on p
age 353).
• No. IP/MAC bindin
g violations are not emailed.