Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS338
51525354555657585960
ProSafe VPN Firewall 50 FVS338 Reference Manual
4-2 Firewall Protection and Content Filtering
v1.0, January 2010
intrusions. NAT performs a very limited stateful inspection in that it considers whether the
incoming packet is in response to an outgoing request, but true Stateful Packet Inspection goes far
beyond NAT.
Using Rules to Block or Allow Specific Kinds of Traffic
This section includes the following topics:
“Services-Based Rules” on this page
“Viewing the Firewall Rules” on page 4-7
“Order of Precedence for Firewall Rules” on page 4-8
“Setting the Default Outbound Policy” on page 4-8
“Setting the Default Outbound Policy” on page 4-8
“Modifying Rules” on page 4-10
“Inbound Rules Examples” on page 4-11
“Outbound Rules Example: Blocking Instant Messenger” on page 4-14
Firewall rules are used to block or allow specific traffic passing through from one side to the other.
You can configure up to 600 rules on the FVS338. Inbound rules (WAN to LAN) restrict access by
outsiders to private resources, selectively allowing only specific outside users to access specific
resources. Outbound rules (LAN to WAN) determine what outside resources local users can have
access to.
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the VPN firewall are:
Inbound. Block all access from outside except responses to requests from the LAN side.
Outbound. Allow all access from the LAN side to the outside.
User-defined firewall rules for blocking or allowing traffic on the VPN firewall can be applied to
inbound or outbound traffic.
Services-Based Rules
The rules to block traffic are based on the traffic’s category of service.
Inbound Rules (port forwarding). Inbound traffic is normally blocked by the c unless the
traffic is in response to a request from the LAN side. The VPN firewall can be configured to
allow this otherwise blocked traffic.