Specifications

ManualsBrandsWaters Network Systems ManualsComputer equipmentProSwitch-Quad Series

131

132

133

134

135

136

137

138

139

140

Firewall Protection

135

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

About Firewall Protection

A firewall protects one network (the trusted network, such as your LAN) from another (the

untrusted network, such as the Internet), while allowing communication between the two. You

can further segment keyword blocking to certain known groups. For information about how to

set up LAN groups, see Manage IPv4 Groups and Hosts (IPv4 LAN Groups) on page 96.

For IPv4, a firewall incorporates the functions of a Network Address Translation (NAT) router,

protects the trusted network from hacker intrusions or attacks, and controls the types of traffic

that can flow between the Internet, DMZ, and LAN. Unlike simple NA

T routers, a firewall uses

a process called stateful packet inspection to protect your network from attacks and

intrusions. NAT performs a limited stateful inspection in that it considers whether the

incoming packet is in response to an outgoing request, but true stateful packet inspection

goes far beyond NAT.

For IPv6, which in itself provides stronger security than IPv4, a firewall in particular controls

the exchange of traf

fic between the Internet, DMZ, and LAN.

Administrator Tips

Consider the following operational items:

1. As an option, you can enable remote management if you have to manage distant sites

from a central location (see Configure Authentication Domains, Groups, and Users on

page 303 and Configure Remote Management Access on page 338).

2. Although rules are the basic way of managing the traffic through your system (see Overview

of Rules to Block or

Allow Specific Kinds of Traffic on page 136), you can further refine your

control using the following features and capabilities of the VPN firewall:

- Groups and hosts (see Manage IPv4 Groups and Hosts (IPv4 LAN Groups) on

page 96)

- Services (see Outbound Rules (Service Blocking) on page 137 and Inbound Rules

(Port Forwarding) on page 140)

- Schedules (see Set a Schedule to Block or Allow Specific Traffic on page 189)

- Allowing or blocking sites (see Configure Content Filtering on page 186)

- Source MAC filtering (see Enable Source MAC Filtering on page 190)

- Port triggering (see Configure Port Triggering on page 197)

3. Some firewall settings might af

fect the performance of the VPN firewall. For more

information, see Performance Management on page 329

4. The firewall logs can be configured to log and then email denial of access, general attack,

and other information to a specified email address. For information about how to configure

logging and notifications, see Configure Logging, Alerts, and Event Notifications on

page 362.