Support User Manuals

NETGEAR SRX5308-100NAS Switch User Manual

Open as PDF

of 460

Network and System Management

322

ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308

In practice, the WAN-side bandwidth capacity is much lower when DSL or cable modems are

used to connect to the Internet. At 1.5 Mbps, the WAN ports support the following traffic rates:

• Lo

ad balancing mode. 6 Mbps (four WAN ports at 1.5 Mbps each)

• Auto

-rollover mode. 1.5 Mbps (one active WAN port at 1.5 Mbps)

• Sin

gle WAN port mode. 1.5 Mbps (one active WAN port at 1.5 Mbps)

As a result, and depending on the traffic that is being carried,

the WAN side of the VPN

firewall is the limiting factor to throughput for most installations.

Using four WAN ports in load balancing mode increases the bandwidth capacity of the WAN

side of t

he VPN firewall, but there is no backup if one of the WAN ports fails. When such a

failure occurs, the traffic that would have been sent on the failed WAN port is diverted to

another WAN port that is still working, thus increasing its load. However, there is one

exception: Traffic that is bound by protocol to the WAN port that failed is not diverted.

Features That Reduce Traffic

You can adjust the following features of the VPN firewall in such a way that the traffic load on

the WAN side decreases:

• LAN W

AN outbound rules (also referred to as service blocking)

• DMZ W

AN outbound rules (also referred to as service blocking)

• Content

filtering

• Source MAC filterin

g

LAN WAN Outbound Rules and DMZ WAN Outbound Rules (Service Blocking)

You can control specific outbound traffic (from LAN to WAN and from the DMZ to WAN). The

LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for outbound

traffic. Any outbound rule that you create restricts outgoing traffic and therefore decreases

the traffic load on the WAN side.

On the LAN WAN screen, if you have not defined any rules, only the default rule is listed. The

defau

lt LAN WAN outbound rule allows all outgoing traffic.

WARNING:

Incorrect configuration of outbound firewall rules can cause

serious connection problems.

Each rule lets you specify the desired action for the connections that are covered by the rule:

• BLOCK always

• BLOCK by schedu

le, otherwise allow

• ALLOW always

• ALLOW by

schedule, otherwise block

previous next