ProSecure Unified Threat Management (UTM) Appliance Reference Manual

LAN WAN Inbound Rules and DMZ WAN Inbound Rules (Port Forwarding)

The LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for inbound traffic (from WAN to LAN and from WAN to the DMZ). If you have not defined any rules, only the default rule is listed. The default rule blocks all access from outside except responses to requests from the LAN side. Any inbound rule that you create allows additional incoming traffic and therefore increases the traffic load on the WAN side.

Warning: This feature is for advanced administrators only! Incorrect configuration might cause serious problems.

Each rule lets you specify the desired action for the connections covered by the rule:

BLOCK always

BLOCK by schedule, otherwise Allow

ALLOW always

ALLOW by schedule, otherwise Block

The section below summarizes the various criteria that you can apply to inbound rules and that might increase traffic. For more information about inbound rules, see “Inbound Rules (Port Forwarding)” on page 5-6. For detailed procedures on how to configure inbound rules, see “Setting LAN WAN Rules” on page 5-12and “Setting DMZ WAN Rules” on page 5-15.

When you define inbound firewall rules, you can further refine their application according to the following criteria:

Services. You can specify the services or applications to be covered by an inbound rule. If the desired service or application does not appear in the list, you must define it using the Services screen (see “Services-Based Rules” on page 5-3and “Adding Customized Services” on page 5-32).

WAN Destination IP Address. For the dual-WAN port models only, you can specify the destination IP address for incoming traffic. Traffic is directed to the specified address only when the destination IP address of the incoming packet matches the IP address of the selected WAN interface (that is WAN1 or WAN2 interface). For the single-WAN port models, the WAN Destination IP Address is a fixed field.

LAN Users. You can specify which computers on your network are affected by an inbound rule. There are several options:

Any. All PCs and devices on your LAN.

Single address. The rule is applied to the address of a particular PC.

10-6

Network and System Management

v1.0, January 2010

Page 342
Image 342
NETGEAR UTM50-100NAS, UTM5-100NAS manual Network and System Management