NXC Series User’s Guide
185
CHAPTER 16
Firewall
16.1 Overview
Use the firewall to block or allow services that use static port numbers. The firewall can also limit
the number of user sessions.
16.1.1 What You Can Do in this Chapter
•The Firewall screens (Section 16.2 on page 187) enable or disable the firewall and asymmetrical
routes, and manage and configure firewall rules.
•The Session Control screens (Section 16.3 on page 191) limit the number of concurrent NAT/
firewall sessions a client can use.
16.1.2 What You Need to Know
The following terms and concepts may help as you read this chapter.
Stateful Inspection
The NXC has a stateful inspection firewall. The NXC restricts access by screening data packets
against defined access rules. It also inspects sessions. For example, traffic from one zone is not
allowed unless it is initiated by a computer in another zone first.
Zones
A zone is a group of interfaces. Group the NXC’s interfaces into different zones based on your
needs. You can configure firewall rules for data passing between zones or even between interfaces
in a zone.
Default Firewall Behavior
Firewall rules are grouped based on the direction of travel of packets to which they apply. Here is
the default firewall behavior for traffic going through the NXC in various directions.
Table 91 Default Firewall Behavior
FROM ZONE TO ZONE BEHAVIOR
From ANY to ANY Traffic that does not match any firewall rule is allowed. So for example, LAN to
WAN, LAN to DMZ, and LAN to WLAN traffic is allowed. This also includes traffic
to or from interfaces that are not assigned to a zone (extra-zone traffic).
To Next Page
Loading...
