Chapter 17 Firewall
NXC Series User’s Guide
232
17.2 Firewall
The following describes the firewall screen functions.
Click Configuration > Firewall to open the Firewall screen. Use this screen to enable or disable the
firewall and asymmetrical routes, and display the configured firewall rules. Specify from which zone
packets come and to which zone packets travel to display only the rules specific to the selected
direction. Note the following.
• If you enable intra-zone traffic blocking (see the chapter about zones), the firewall automatically
creates (implicit) rules to deny packet passage between the interfaces in the specified zone.
• Besides configuring the firewall, you also need to configure NAT rules to allow computers on the WAN
to access LAN devices.
• The NXC applies NAT (Destination NAT) settings before applying the firewall rules. So for example, if
you configure a NAT entry that sends WAN traffic to a LAN IP address, when you configure a
corresponding firewall rule to allow the traffic, you need to set the LAN IP address as the destination.
• The ordering of your rules is very important as rules are applied in sequence.
Figure 133 Configuration > Firewall
The following table describes the labels in this screen.
Table 105 Configuration > Firewall
LABEL DESCRIPTION
Global Setting
Enable Firewall Select this check box to activate the firewall. The NXC performs access control when the
firewall is activated.
IPv4 Rule Summary
Allow
Asymmetrical
Route
If an alternate gateway on the LAN has an IP address in the same subnet as the NXC’s LAN IP
address, return traffic may not go through the NXC. This is called an asymmetrical or “triangle”
route. This causes the NXC to reset the connection, as the connection has not been
acknowledged.
Select this check box to have the NXC permit the use of asymmetrical route topology on the
network (not reset the connection).
Note: Allowing asymmetrical routes may let traffic from the WAN go directly to the
LAN without passing through the NXC.
To Next Page
Loading...
