Quick Reference Guide
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
VPN Firewall and Network Management 9-5
v1.0, January 2010
Port Forwarding
The firewall always blocks DoS (Denial of Service) attacks. A DoS attack does not attempt to steal
data or damage your PCs, but overloads your Internet connection so you can not use it (that is, the
service is unavailable). You can also create additional firewall rules that are customized to block or
allow specific traffic. (See “Using Rules & Services to Block or Allow Traffic” on page 5-2 for the
procedure on how to use this feature.)
You can control specific inbound traffic (that is, from WAN to LAN). The LAN WAN Rules
screen lists all existing rules for inbound traffic If you have not defined any rules, only the default
rule will be listed. The default rule blocks all inbound traffic.
Each rule lets you specify the desired action for the connections covered by the rule:
•BLOCK always
• ALLOW always
• BLOCK by schedule, otherwise allow
• ALLOW by schedule, otherwise block
You can also enable a check on special rules:
• VPN Passthrough. Passes the VPN traffic without any filtering, specially used when this
firewall is between two VPN tunnel end points.
• Drop fragmented IP packets. Drops any fragmented IP packets.
• UDP Flooding. Limits the number of UDP sessions created from one LAN machine.
• TCP Flooding. Protects the VPN firewall from SYN flood attack.
• Enable DNS Proxy. Allows the VPN firewall to handle DNS queries from the LAN.
• Enable Stealth Mode. Prevents the VPN firewall from responding to incoming requests for
unsupported services.
As you define your firewall rules, you can further refine the application according to the following
criteria:
• LAN Users. These settings determine which computers on your network are affected by this
rule. Select the desired IP Address in this field.
Warning: This feature is for advanced administrators only! Incorrect configuration will
cause serious problems.