NETGEAR SRX5308-100NAS Switch User Manual


 
Network and System Management
326
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
addresses to groups. For more information, see Create IP Groups on page 174. (LAN
IP groups do not apply to DMZ WAN inbound rules.)
W
AN users. You can specify which Internet locations are covered by an inbound rule,
based on their IP address:
- Any.
The rule applies to all Internet IP address.
- Single a
ddress. The rule applies to a single Internet IP address.
- Address range. The ru
le applies to a range of Internet IP addresses.
- IP Group
s. The rule applies to a group of individual WAN IP addresses. Use the IP
Groups screen (under the Network Security main navigation menu) to assign IP
addresses to groups. For more information, see Create IP Groups on
page 174.
Schedul
e. You can configure three different schedules to specify when a rule is applied.
Once a schedule is configured, it affects all rules that use this schedule. You specify the
days of the week and time of day for each schedule. For more information, see Set a
Schedule to Block or Allow Specific Traffic on
page 185.
Bandwid
th profile. You can define bandwidth profiles and then apply them to inbound
LAN WAN rules to limit traffic. (You cannot apply bandwidth profiles to DMZ WAN rules.)
For information about how to define bandwidth profiles, see Create Bandwidth Profiles on
page 176.
Port Triggering
Port triggering allows some applications running on a LAN network to be available to external
applications that would otherwise be partially blocked by the firewall. Using the port triggering
feature requires that you know the port numbers used by the application. Without port
triggering, the response from the external application would be treated as a new connection
request rather than a response to a request from the LAN network. As such, it would be
handled in accordance with the inbound port forwarding rules, and most likely would be
blocked.
For the procedure on how to configure port triggering, see Configure Port Triggering on
page 192.
DMZ Port
The demilitarized zone (DMZ) is a network that, by default, has fewer firewall restrictions
when compared to the LAN. The DMZ can be used to host servers (such as a web server,
FTP server, or email server) and provide public access to them. The fourth LAN port on the
VPN firewall (the rightmost LAN port) can be dedicated as a hardware DMZ port to safely
provide services to the Internet without compromising security on your LAN. By default, the
DMZ port and both inbound and outbound DMZ traffic are disabled. Enabling the DMZ port
and allowing traffic to and from the DMZ increases the traffic through the WAN ports.
For information about how to enable the DMZ port, see Enable and Configure the DMZ Port
for IPv4 and IPv6 Traffic on p
age 109. For the procedures about how to configure DMZ traffic
rules, see Configure DMZ WAN Rules on
page 147.