Manualshelf

Specifications

ManualsBrandsWaters Network Systems ManualsComputer equipmentProSwitch-Quad Series
131132133134135136137138139140
Firewall Protection
140
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Inbound Rules (Port Forwarding)
If you have enabled Network Address Translation (NAT), your network presents one IP
address only to the Internet, and outside users cannot directly access any of your local
computers (LAN users). (For information about configuring NAT, see Network Address
Translation on page 29.) However, by defining an inbound rule you can make a local server
(for example, a web server or game server) visible and available to the Internet. The rule
informs the firewall to direct inbound traf
fic for a particular service to one local server based
on the destination port number
. This process is also known as port forwarding.
WARNING:
Allowing inbound services opens security holes in your network.
Only enable those ports that are necessary for your network.
Whether or not DHCP is enabled, how the computer accesses the server’s LAN address
impacts the inbound rules. For example:
If your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP
address might change periodically as the DHCP lease expires. Consider using Dynamic
DNS so that external users can always find your network (see Configure Dynamic DNS
on page 49).
If the IP address of the local server computer is assigned by DHCP, it might change when
the computer is rebooted.
To avoid this, use the Reserved (DHCP Client) feature in the
LAN Groups screen to keep the computer’s IP address constant (see Set Up DHCP
Address Reservation on page 101).
Local computers need to access the local server using the computers’ local LAN address.
Attempts by local computers to access the server using the external WAN IP address will
fail.
Note: See Configure Port Triggering on page 197 for yet another way to
allow certain types of inbound traffic that would otherwise be blocked
by the firewall.
Note: The VPN firewall always blocks denial of service (DoS) attacks. A
DoS attack does not attempt to steal data or damage your
computers, but overloads your Internet connection so you cannot
use it (that is, the service becomes unavailable).