Specifications
Firewall Protection
172
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
3. Click Apply to save your settings.
IPv6 Attack Checks
To enable IPv6 attack checks for your network environment:
1. Select Security > Firewall > Attack Checks
.
2. In the upper right of the screen, select the IPv6 radio button. The
Attack Checks screen
displays the IPv6 settings:
Figure 101.
3. Configure the following settings:
• Respond to Ping on Internet Ports. Select the Respond to Ping on Internet Ports
check box to enable the VPN firewall to respond to a ping from the Internet to its IPv6
address. A ping can be used as a diagnostic tool. Keep this check box cleared unless
you have a specific reason to enable the VPN firewall to respond to a ping from the
Internet.
• IPsec
. Select the IPsec check box to enable IPSec VPN traf
fic that is initiated from
the LAN to reach the W
AN, irrespective of the default firewall outbound policy and
custom firewall rules.
4. Click Apply to save your settings.
VPN Pass through
IPSec
PPTP
L2TP
When the VPN firewall functions in NA
T mode, all packets going to the remote VPN
gateway are first filtered through NA
T and then encrypted according to the VPN
policy. For example, if a VPN client or gateway on the LAN side of the VPN firewall
wants to connect to another VPN endpoint on the WAN side (placing the VPN firewall
between two VPN endpoints), encrypted packets are sent to the VPN firewall.
Because the VPN firewall filters the encrypted packets through NAT, the packets
become invalid unless you enable the VPN Pass through feature.
To enable the VPN tunnel to pass the VPN traffic without any filtering, select any or
all of the following check boxes:
• IPSec. Disables NA
T filtering for IPSec tunnels.
• PPTP. Disables NAT filtering for PPTP tunnels.
• L2TP. Disables NAT filtering for L2TP tunnels.
By default, all three check boxes are selected.
Table 35. Attack Checks screen settings for IPv4 (continued)
Setting Description