NETGEAR SRX5308-100NAS Switch User Manual


 
Network and System Management
323
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
The following section summarizes the various criteria that you can apply to outbound rules in
order to reduce traffic. For more information about outbound rules, see Outbound Rules
(Service Blocking) on
page 133. For detailed procedures on how to configure outbound rules,
see Configure LAN WAN Rules on p
age 140 and Configure DMZ WAN Rules on page 147.
When you define outbound firewall rules, you can further refine their application according to
t
he following criteria:
Servi
ces. You can specify the services or applications to be covered by an outbound
rule. If the desired service or application does not display in the list, you need to define it
using the Services screen (see Outbound Rules (Service Blocking) on
page 133 and Add
Customized Services on p
age 172).
L
AN users (or DMZ users). You can specify which computers on your network are
affected by an outbound rule. There are several options:
- Any. Th
e rule applies to all computers and devices on your LAN or DMZ.
- Sin
gle address. The rule applies to the address of a particular computer.
- Addres
s range. The rule applies to a range of addresses.
- Group
s. The rule applies to a group of computers. (You can configure groups for LAN
WAN outbound rules but not for DMZ WAN outbound rules.) The Known PCs and
Devices table is an automatically maintained list of all known computers and network
devices and is generally referred to as the network database, which is described in
Manage the Network Database on p
age 92. Computers and network devices are
entered into the network database by various methods, which are described in
Manage IPv4 Groups and Hosts (IPv4 LAN Groups) on p
age 91.
- I
P Groups. The rule applies to a group of individual LAN IP addresses. Use the IP
Groups screen (under the Network Security main navigation menu) to assign IP
addresses to groups. For more information, see Create IP Groups on p
age 174. (LAN
IP groups do not apply to DMZ WAN outbound rules.)
W
AN users. You can specify which Internet locations are covered by an outbound rule,
based on their IP address:
- Any. Th
e rule applies to all Internet IP address.
- Sin
gle address. The rule applies to a single Internet IP address.
- Addres
s range. The rule applies to a range of Internet IP addresses.
- I
P Groups. The rule applies to a group of individual WAN IP addresses. Use the IP
Groups screen (under the Network Security main navigation menu) to assign IP
addresses to groups. For more information, see Create IP Groups on p
age 174.
Sch
edule. You can configure three different schedules to specify when a rule is applied.
Once a schedule is configured, it affects all rules that use this schedule. You specify the
days of the week and time of day for each schedule. For more information, see Set a
Schedule to Block or Allow Specific Traffic on p
age 185.
QoS profile.
You can apply QoS profiles to outbound rules to regulate the priority of
traffic. For information about QoS profiles, see Create Quality of Service Profiles for IPv4
Firewall Rules on p
age 179.
Ban
dwidth profile. You can define bandwidth profiles and then apply them outbound
LAN WAN rules to limit traffic. (You cannot apply bandwidth profiles to DMZ WAN rules.)