Specifications
Network and System Management
330
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Features That Reduce Traffic
You can adjust the following features of the VPN firewall in such a way that the traffic load on
the WAN side decreases:
• LAN WAN outbound rules (also referred to as service blocking)
• DMZ WAN outbound rules (also referred to as service blocking)
• Content filtering
• Source MAC filtering
LAN WAN Outbound Rules and DMZ WAN Outbound Rules (Service
Blocking)
You can control specific outbound traffic (from LAN to WAN and from the DMZ to WAN). The
LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for outbound
traffic. Any outbound rule that you create restricts outgoing traffic and therefore decreases
the traffic load on the WAN side.
On the LAN WAN screen, if you have not defined any rules, only the default rule is listed. The
default LAN WAN outbound rule allows all outgoing traf
fic.
WARNING:
Incorrect configuration of outbound firewall rules can cause
serious connection problems.
Each rule lets you specify the desired action for the connections that are covered by the rule:
• BLOCK always
• BLOCK by schedule, otherwise allow
• ALLOW always
• ALLOW by schedule, otherwise block
The following section summarizes the various criteria that you can apply to outbound rules in
order to reduce traf
fic. For more information about outbound rules, see
Outbound Rules
(Service Blocking) on page 137. For detailed procedures on how to configure outbound rules,
see Configure LAN WAN Rules on page 145 and Configure DMZ WAN Rules on page 152.
When you define outbound firewall rules, you can further refine their application according to
the following criteria:
• Services. Y
ou can specify the services or applications to be covered by an outbound rule.
If the desired service or application does not display in the list, you need to define it using
the Services screen (see Outbound Rules (Service Blocking) on page 137 and Add
Customized Services on page 177).