Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

b.Click the button for the desired actions:

Edit - to make any changes to the rule definition. The Inbound Service screen will be displayed (see “Inbound Rules (Port Forwarding)” on page 6-5) with the data for the selected rule.

Move - to move the selected rule to a new position in the table. You will be prompted for the new position.

Delete - to delete the selected rule.

Attack Checks—These check boxes allows you to enable check on various attacks. Select the appropriate checkbox to enable them.

VPN Passthrough: Enable this to pass the VPN traffic without any filtering, specially used when this box is between two VPN tunnel end points.

Drop fragmented IP packets: Enable this to drop the fragmented IP packets.

UDP Flooding: Enable this to limit the number of UDP sessions created from one LAN machine.

TCP Flooding: Enable this to protect the router from Syn flood attack.

Enable DNS Proxy: Enable this to allow the incoming DNS queries.

Enable Stealth Mode: Enable this to set the firewall to operate in stealth mode.

Respond To Ping On Internet Ports—If you want the router to respond to a 'Ping' from the Internet, click this check box. This can be used as a diagnostic tool. You shouldn't check this box unless you have a specific reason to do so.

Services-Based Rules

The rules to block traffic are based on the traffic’s category of service.

Inbound rules (port forwarding)—Inbound traffic is normally blocked by the firewall unless the traffic is in response to a request from the LAN side. The firewall can be configured to allow this otherwise blocked traffic.

Outbound rules (service blocking)—Outbound traffic is normally allowed unless the firewall is configured to disallow it.

Customized services—Additional services can be added to the list of services in the factory default list. These added services can then have rules defined for them to either allow or block that traffic.

6-4

Firewall Protection and Content Filtering

202-10085-01, March 2005

Page 80
Image 80
NETGEAR FVS124G manual Services-Based Rules