UAG4100 User’s Guide
238
CHAPTER 25
Firewall
25.1 Overview
Use the firewall to block or allow services that use static port numbers. The firewall can also limit
the number of user sessions.
This example shows the UAG’s default firewall behavior for WAN to LAN traffic and how stateful
inspection works. A LAN user can initiate a Telnet session from within the LAN zone and the firewall
allows the response. However, the firewall blocks Telnet traffic initiated from the WAN zone and
destined for the LAN zone.
Figure 163 Default Firewall Action
25.1.1 What You Can Do in this Chapter
•Use the Firewall screens (Section 25.2 on page 240) to enable or disable the firewall and
asymmetrical routes, and manage and configure firewall rules.
•Use the Session Control screens (see Section 25.3 on page 245) to limit the number of
concurrent NAT/firewall sessions a client can use.
25.1.2 What You Need to Know
Stateful Inspection
The UAG has a stateful inspection firewall. The UAG restricts access by screening data packets
against defined access rules. It also inspects sessions. For example, traffic from one zone is not
allowed unless it is initiated by a computer in another zone first.
Zones
A zone is a group of interfaces. Group the UAG’s interfaces into different zones based on your
needs. You can configure firewall rules for data passing between zones or even between interfaces.
To Next Page
Loading...
