ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
4-4 Firewall Protection
v1.0, April 2010
Outbound Rules (Service Blocking)
The VPN firewall allows you to block the use of certain Internet services by PCs on your network.
This is called service blocking or port filtering.
Table 4-2 on page 4-4 describes the fields that define the rules for outbound traffic and that are
common to most Outbound Service screens (see Figure 4-3 on page 4-13, Figure 4-6 on page 4-16,
and Figure 4-9 on page 4-19).
The steps to configure outbound rules are described in the following sections:
• “Setting LAN WAN Rules” on page 4-11.
• “Setting DMZ WAN Rules” on page 4-14.
• “Setting LAN DMZ Rules” on page 4-18.
Note: See “Enabling Source MAC Filtering” on page 4-44 for yet another way to block
outbound traffic from selected PCs that would otherwise be allowed by the
firewall.
Warning: Allowing inbound services opens security holes in your VPN firewall. Enable
only those ports that are necessary for your network.
Table 4-2. Outbound Rules Overview
Setting Description (or Subfield and Description)
Service The service or application to be covered by this rule. If the service or application does
not appear in the list, you must define it using the Services screen (see “Adding
Customized Services” on page 4-31).
Action The action for outgoing connections covered by this rule:
• BLOCK always.
• BLOCK by schedule, otherwise allow.
• ALLOW always.
• ALLOW by schedule, otherwise block.
Note: Any outbound traffic that is not blocked by rules you create is allowed by the
default rule.
ALLOW rules are useful only if the traffic is already covered by a BLOCK rule. That
is, you wish to allow a subset of traffic that is currently blocked by another rule.
To Next Page
Loading...
