NETGEAR SRX5308-100NAS Switch User Manual


  Open as PDF
of 460
 
Network and System Management
324
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
For information about how to define bandwidth profiles, see Create Bandwidth Profiles on
page 176.
Content Filtering
If you want to reduce traffic by preventing access to certain sites on the Internet, you can use
the VPN firewall’s content-filtering feature. By default, this feature is disabled; all requested
traffic from any website is allowed.
The VPN firewall provides the following methods to filter web
content in order to reduce
traffic:
Keyword
blocking. You can specify words that, should they appear in the website name
(URL) or newsgroup name, cause that site or newsgroup to be blocked by the VPN
firewall.
W
eb object blocking. You can block the following web component types: embedded
objects (ActiveX and Java), proxies, and cookies.
To further narrow down the content filtering, you can configure groups to which the
con
tent-filtering rules apply and trusted domains for which the content-filtering rules do not
apply.
Source MAC Filtering
If you want to reduce outgoing traffic by preventing Internet access by certain computers on
the LAN, you can use the source MAC filtering feature to drop the traffic received from the
computers with the specified MAC addresses. By default, this feature is disabled; all traffic
received from computers with any MAC address is allowed. See Enable Source MAC
Filtering on p
age 186 for the procedure on how to use this feature.
Features That Increase Traffic
The following features of the VPN firewall tend to increase the traffic load on the WAN side:
LAN W
AN inbound rules (also referred to as port forwarding)
DMZ W
AN inbound rules (also referred to as port forwarding)
Port triggerin
g
Enabling t
he DMZ port
Config
uring exposed hosts
Config
uring VPN tunnels
LAN WAN Inbound Rules and DMZ WAN Inbound Rules (Port Forwarding)
The LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for
inbound traffic (from WAN to LAN and from WAN to the DMZ). Any inbound rule that you
create allows additional incoming traffic and therefore increases the traffic load on the WAN
side.
 previous next