NETGEAR SRX5308-100NAS Switch User Manual


 
Network and System Management
325
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
ON the LAN WAN screen, if you have not defined any rules, only the default rule is listed. The
default LAN WAN inbound rule blocks all access from outside except responses to requests
from the LAN side.
WARNING:
Incorrect configuration of inbound firewall rules can cause
serious connection problems.
Each rule lets you specify the desired action for the connections covered by the rule:
BLOCK always
BLOCK by
schedule, otherwise allow
AL
LOW always
ALL
OW by schedule, otherwise block
The following section summarizes the various crite
ria that you can apply to inbound rules and
that might increase traffic. For more information about inbound rules, see Inbound Rules
(Port Forwarding) on p
age 135. For detailed procedures on how to configure inbound rules,
see Configure LAN WAN Rules on p
age 140 and Configure DMZ WAN Rules on page 147.
When you define inbound firewall rules, you can further refine their application according to
t
he following criteria:
Servi
ces. You can specify the services or applications to be covered by an inbound rule.
If the desired service or application does not display in the list, you need to define it using
the Services screen (see Inbound Rules (Port Forwarding) on p
age 135 and Add
Customized Services on p
age 172).
W
AN destination IP address. You can specify the destination IP address for incoming
traffic. Traffic is directed to the specified address only when the destination IP address of
the incoming packet matches the IP address of the selected WAN interface.
L
AN users (or DMZ users). Only when the IPv4 routing mode is Classical Routing, you
can specify which computers on your network are affected by an inbound rule. When
Classical Routing is enabled, there are several options:
- Any. Th
e rule applies to all computers and devices on your LAN or DMZ.
- Sin
gle address. The rule applies to the address of a particular computer.
- Addres
s range. The rule applies to a range of addresses.
- Group
s. The rule is applied to a group of computers. (You can configure groups for
LAN WAN outbound rules but not for DMZ WAN outbound rules.) The Known PCs
and Devices table is an automatically maintained list of all known computers and
network devices and is generally referred to as the network database, which is
described in Manage the Network Database on p
age 92. Computers and network
devices are entered into the network dat
abase by various methods, which are
described in Manage IPv4 Groups and Hosts (IPv4 LAN Groups) on p
age 91.
- I
P Groups. The rule applies to a group of individual LAN IP addresses. Use the IP
Groups screen (under the Network Security main navigation menu) to assign IP