NETGEAR SRX5308-100NAS Switch User Manual


 
Network and System Management
327
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Exposed Hosts
Specifying an exposed host allows you to set up a computer or server that is available to
anyone on the Internet for services that you have not yet defined. For an example of how to
set up an exposed host, see IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Specifying an
Exposed Host on p
age 163.
VPN, L2TP, and PPTP Tunnels
The VPN firewall supports site-to-site IPSec VPN tunnels, dedicated SSL VPN tunnels, L2TP
tunnels, and PPTP tunnels. Each tunnel requires extensive processing for encryption and
authentication, thereby increasing traffic through the WAN ports.
For information about IPSec VPN, L2TP, and PPTP tunnels, see Chapter 5, Virtual Private
Networking Using IPSec and L2TP Connections. For information about SSL VPN tunnels,
see Chapter 6, Virtual Private Networking Using SSL Connections.
Use QoS and Bandwidth Assignment to Shift the Traffic Mix
By setting the QoS priority and assigning bandwidth profiles to firewall rules, you can shift the
traffic mix to aim for optimum performance of the VPN firewall.
Set QoS Priorities
The QoS priority settings determine the Quality of Service for the traffic passing through the
VPN firewall.
You can create and assign QoS profiles to WAN interfaces. For more information about QoS
p
rofiles for WAN interfaces, see Configure WAN QoS Profiles on p
age 72.
You can also create and assign a QoS profile (IPv4) or QoS priority (IPv6) to LAN WAN and
DMZ W
AN outbound firewall rules. The QoS is set individually for each firewall rule. You can
change the mix of traffic through the WAN ports by granting some services a higher priority
than others:
Y
ou can accept the default priority defined by the service itself by not changing its QoS
priority.
Y
ou can change the priority to a higher or lower value than its default setting to give the
service higher or lower priority than it otherwise would have.
For more information about QoS profiles, see Create Quality of Service Profiles for IPv4
Firewall Rules on p
age 179 and Quality of Service Priorities for IPv6 Firewall Rules on
page 181.
Assign Bandwidth Profiles
When you set the QoS priority, the WAN bandwidth does not change. You change the WAN
bandwidth that is assigned to a service or application by applying a bandwidth profile to a
LAN WAN inbound or outbound rule. The purpose of bandwidth profiles is to provide a