Firewall Protection
83
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Administrator Tips
Consider the following operational items:
1. As an option, you can enable remote management if you have to manage distant sites
from a central location (see Configure VPN Authentication Domains, Groups, and Users
on page 221 and Configure Remote Management Access on page 252).
2. Although using rules (see Use Rules to Block or Allow Specific Kinds of Traffic on page 83)
is the basic way of managing the traffic through your system, you can further refine your
control using the following features and capabilities of the VPN firewall:
- Groups and hosts (see Manage Groups and Hosts (LAN Groups) on page 67)
- Services (see Services-Based Rules on page 84)
- Schedules (see Set a Schedule to Block or Allow Specific Traffic on page 122)
- Source MAC filtering (see Enable Source MAC Filtering on page 127)
- Port triggering (see Configure Port Triggering on page 131)
3. Some firewall settings might affect the performance of the VPN firewall. For more
information, see Performance Management on page 244.
4. The firewall logs can be configured to log and then email dropped packet information and
other information to a specified email address. For information about how to configure
logging and notifications, see Activate Notification of Events, Alerts, and Syslogs on
page 271.
Use Rules to Block or Allow Specific Kinds of Traffic
Firewall rules are used to block or allow specific traffic passing through from one side to the
other. You can configure up to 600 rules on the VPN firewall. Inbound rules (WAN to LAN)
restrict access by outsiders to private resources, selectively allowing only specific outside
users to access specific resources. Outbound rules (LAN to WAN) determine what outside
resources local users can have access to.
A firewall has two default rules, one for inbound traffic and one for outbound. The default
rules of the VPN firewall are:
• Inbound. Block all access from outside except responses to requests from the LAN side.
• Outbound. Allow all access from the LAN side to the outside.
The firewall rules for blocking and allowing traffic on the VPN firewall can be applied to a
combination of LAN-WAN traffic, DMZ-WAN traffic, and LAN-DMZ traffic.
Table 17. Number of supported firewall rule configurations
Traffic rule Maximum number of
outbound rules
Maximum number of
inbound rules
Maximum number of
supported rules
LAN WAN 200 200 200
DMZ WAN 200 200 200
To Next Page
Loading...
Need help?
General