NXC Series User’s Guide
230
CHAPTER 17
Firewall
17.1 Overview
Use the firewall to block or allow services that use static port numbers. The firewall can also limit the
number of user sessions.
17.1.1 What You Can Do in this Chapter
• The Firewall screens (Section 17.2 on page 232) enable or disable the firewall and asymmetrical
routes, and manage and configure firewall rules.
• The Session Control screens (Section 17.3 on page 235) limit the number of concurrent NAT/firewall
sessions a client can use.
17.1.2 What You Need to Know
The following terms and concepts may help as you read this chapter.
Stateful Inspection
The NXC has a stateful inspection firewall. The NXC restricts access by screening data packets against
defined access rules. It also inspects sessions. For example, traffic from one zone is not allowed unless it is
initiated by a computer in another zone first.
Zones
A zone is a group of interfaces. Group the NXC’s interfaces into different zones based on your needs.
You can configure firewall rules for data passing between zones or even between interfaces in a zone.
Default Firewall Behavior
Firewall rules are grouped based on the direction of travel of packets to which they apply. Here is the
default firewall behavior for traffic going through the NXC in various directions.
To-NXC Rules
Rules with EnterpriseWLAN as the To Zone apply to traffic going to the NXC itself. By default:
Table 104 Default Firewall Behavior
FROM ZONE TO ZONE BEHAVIOR
From ANY to ANY Traffic that does not match any firewall rule is allowed. So for example, LAN to WAN,
LAN to DMZ, and LAN to WLAN traffic is allowed. This also includes traffic to or from
interfaces that are not assigned to a zone (extra-zone traffic).
To Next Page
Loading...
