User manual

Firewall

6. Firewall

The CyberGuard SG appliance is equipped with a fully featured, stateful firewall. The

firewall allows you to control both incoming and outgoing access, so that PCs on the LAN

can have tailored Internet access facilities and are shielded from malicious attacks. By

default the firewall is active, and allows all outgoing connections and blocks all incoming

connections.

The CyberGuard SG appliance’s stateful firewall keeps track of outgoing connections

(e.g. a PC on your LAN requesting content from a server on the Internet) and only allows

corresponding incoming traffic (e.g. the server on the Internet sending the requested

content to the PC).

Sometimes it may be useful to allow some incoming connections, e.g. if you have a mail

or web server on your LAN that you want to be accessible from the Internet. These

situations are catered for by configuring Packet Filtering rules.

Generally, the majority of customizations to the default firewall ruleset will be done

through Packet Filtering, see the Packet Filtering section later in this chapter for details.

Incoming Access

The Incoming Access section allows you to control access to the CyberGuard SG

appliance itself, e.g. for remote administration. Click Incoming Access on the Firewall

menu to show the Incoming Access configuration page.