4 Firewall

The Firewall section describes how to enable, disable, and modify firewall rules and various features using the Firewall Rules table. This section also details virtual servers, services, service groups, and schedules.

Overview

The X family provides a Stateful Packet Inspection Firewall, providing session level control for IP-based protocols. The firewall can perform advanced session-oriented functionality including Network Address Translation (NAT), Web Filtering, Virtual Servers (DMZ), and traffic prioritization.

The firewall only opens TCP or UDP ports between two IP addresses when the firewall rules permit the communication. Secondary connections (for protocols such as FTP and SIP) are opened automatically where appropriate, and only for the duration of the primary session.

Firewall rules control the flow of traffic between Security Zones, provide bandwidth management, and ensure quality of service. You can use firewall rules to:

Determine when and how traffic will be classified and controlled by the X family device.

For local users that have been authenticated, determine whether the user has permission to access the requested service, based on the privilege group the user belongs to.

Prioritize specific types of network traffic.

Allow or deny a session request.

Apply web filtering to specific categories.

Schedule when a service will be denied or allowed.

Allocate bandwidth resources to a service and ensure a service has available bandwidth.

Limit bandwidth resources to certain services.

Time out idle sessions.

Monitor network traffic.

For a full description of firewall rules, together with configuration examples, refer to the Concepts Guide.

X Family LSM User’s Guide V 2.5.1

63