Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS338
61626364656667686970
ProSafe VPN Firewall 50 FVS338 Reference Manual
4-8 Firewall Protection and Content Filtering
v1.0, January 2010
Order of Precedence for Firewall Rules
As you define new rules, they are added to the tables on the LAN WAN Rules screen, as shown in
Figure 4-1 on page 4-7
For any traffic attempting to pass through the VPN firewall, the packet information is subjected to
the rules in the order shown in the Outbound Services and Inbound Services rules tables,
beginning at the top and proceeding to the default rules at the bottom. In some cases, the order of
precedence of two or more rules may be important in determining the disposition of a packet. For
example, you should place the most strict rules at the top (those with the most specific services or
addresses). The Up and Down buttons allow you to relocate a defined rule to a new position in the
table.
Setting the Default Outbound Policy
The default outbound policy is to allow all traffic from and to the Internet to pass through. Firewall
rules can then be applied to block specific types of traffic from either going out from the LAN to
the Internet (Outbound) or coming in from the Internet to the LAN (Inbound). The default policy
can be changed to block all outbound traffic and enable only specific services to pass through the
VPN firewall.
To change the default outbound policy:
1. Select Security from the main menu and Firewall Rules from the submenu. The LAN WAN
Rules screen will display (see Figure 4-1 on page 4-7).
2. Change the Default Outbound Policy by selecting Block Always from the pull-down menu.
3. Click Apply.
Creating a LAN WAN Outbound Services Rule
You may define additional rules that will specify exceptions to the default rules. By adding custom
rules, you can block or allow access based on the service or application, source or destination IP
addresses, and time of day.
You can also tailor these rules to your specific needs (see “Administrator Tips” on page 4-36).
Note: This feature is for advanced administrators only! Incorrect configuration will cause
serious problems.