ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Firewall Protection 4-7
v1.0, April 2010
• If your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP
address might change periodically as the DHCP lease expires. Consider using Dyamic DNS so
that external users can always find your network (see “Configuring Dynamic DNS” on
page 2-27).
• If the IP address of the local server PC is assigned by DHCP, it might change when the PC is
rebooted. To avoid this, use the Reserved (DHCP Client) feature in the LAN Groups screen to
keep the PC’s IP address constant (see “Setting Up Address Reservation” on page 3-19).
• Local PCs must access the local server using the PCs’ local LAN address. Attempts by local
PCs to access the server using the external WAN IP address will fail.
Table 4-3 on page 4-8 describes the fields that define the rules for inbound traffic and that are
common to most Inbound Service screens (see Figure 4-4 on page 4-14, Figure 4-7 on page 4-17,
and Figure 4-10 on page 4-20).
The steps to configure inbound rules are described in the following sections:
• “Setting LAN WAN Rules” on page 4-11
• “Setting DMZ WAN Rules” on page 4-14
Note: See “Configuring Port Triggering” on page 4-48 for yet another way to allow
certain types of inbound traffic that would otherwise be blocked by the firewall.
Note: The VPN firewall always blocks denial of service (DoS) attacks. A DoS attack
does not attempt to steal data or damage your PCs, but overloads your Internet
connection so you cannot use it (that is, the service becomes unavailable).
Note: When the Block TCP Flood and Block UDP Flood check boxes are selected on the
Attack Checks screen (see “Attack Checks” on page 4-26), multiple concurrent
connections of the same application from one host or IP address (such as multiple
DNS queries from one PC) trigger the VPN firewall’s DoS protection.
To Next Page
Loading...
