Firewall Protection and Content Filtering 4-1
v1.0, March 2008

Chapter 4

Firewall Protection and Content Filtering

The ProSafe VPN Firewall 50 provides you with Web content filtering options such as Block Sites
and Keyword Blocking. Parents and network administrators can establish restricted access policies
based on time-of-day, Web addresses and Web address keywords. You can also block Internet
access by applications and services, such as chat or games. It also provides various firewall
activity reports and instant alerts via e-mail.

About Firewall Security

A firewall is a special category of router that protects one network (the “trusted” network, such as
your LAN) from another (the untrusted network, such as the Internet), while allowing
communication between the two.
A firewall incorporates the functions of a NAT (Network Address Translation) router, while
adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic
that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall
uses a process called statef ul packet inspection to protect your network from attacks and
intrusions. NAT performs a very limited stateful inspection in that it considers whether the
incoming packet is in response to an outgoi ng requ est, but true S tateful Packet Inspection goes far
beyond NAT.

Using Rules to Block or Allow Specific Kinds of Traffic

Firewall rules are used to block or allow specific traf fic passing through from o ne side to the other.
You can configure up to 600 rules on the FVS338. Inbound rules (WAN to LAN) restrict access by
outsiders to private resources, selectively allowing only spec ific outside users to access specific
resources. Outbound rules (LAN to WAN) determine what outside resources local users can have
access to.
A firewall has two default rules, one for inbound traf fic and one for outbound. The default rules of
the FVS338 are:
Inbound: Block all access from outside except responses to requests from the LAN side.