Manualshelf

User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550
131132133134135136137138139140
Firewall
127
4. Firewall
The SG unit is equipped with a fully featured, stateful firewall. The firewall allows you to
control both incoming and outgoing access, so that PCs on local networks can have
tailored Internet access facilities while being shielded from malicious attacks from
external networks.
The SG unit’s stateful firewall keeps track of outgoing connections (e.g. a PC on your
LAN requesting content from a server on the Internet) and only allows corresponding
incoming traffic (e.g. the server on the Internet sending the requested content to the PC).
By default, your SG unit allows network traffic as shown in the following table:
Sometimes it is useful to allow some incoming connections, e.g. if you have a mail or web
server on your LAN or DMZ that you want to be accessible from the Internet. This is
accomplished using a combination of NAT and packet filter rules.
The SG unit web management console provides a powerful interface for tailoring your
firewall to your network. For details, refer to the Customizing your Firewall section later in
this chapter.
Incoming Access
The Incoming Access section allows you to control access to the SG unit itself, e.g. for
remote administration. Click Incoming Access under Firewall on the main menu to
display the Incoming Access configuration page.
Incoming Interface Outgoing Interface Action
LAN Any Accept
VPN Any Accept
Dialin Any Accept
DMZ Internet Accept
DMZ Any except Internet Drop
Internet Any Drop
Guest Any Drop