1 OVERVIEW
Firewall
The SVG2500 firewall protects the SVG2500 LAN from undesired attacks and other intrusions from the Internet. It provides an advanced, integrated
•Maintains state data for every TCP/IP session on the OSI network and transport layers
•Monitors all incoming and outgoing packets, applies the firewall policy to each one, and screens for improper packets and intrusion attempts
•Provides comprehensive logging for all:
•User authentications
•Rejected internal and external connection requests
•Session creation and termination
•Outside attacks (intrusion detection)
You can configure the firewall filters to set rules for port usage. For information about choosing a predefined firewall policy template, see Section 7, SVG2500 Firewall Pages.
DMZ
A
For example, you can set up a web server on a DMZ computer to enable outside users to access your website without exposing confidential data on your network.
A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can leave a computer used for gaming only exposed to the Internet while protecting the rest of your network. For more information, see Gaming Configuration Guidelines.
Port Triggering
When you run an application that accesses the Internet, it typically initiates communications with a computer on the Internet. For some applications, especially gaming, the computer on the Internet also initiates communications with your computer. Because NAT does not normally allow these incoming connections:
•The SVG2500 has preconfigured port triggers for common applications.
•If needed, you can configure additional port triggers on the Advanced Port Triggers Page.
16