ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
4-2 Firewall Protection and Content Filtering
v1.2, June 2008
A firewall incorporates the functions of a NAT (Network Address Translation) router, while
adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic
that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall
uses a process called stateful packet inspection to protect your network from attacks and
intrusions. NAT performs a very limited stateful inspection in that it considers whether the
incoming packet is in response to an outgoing request, but true Stateful Packet Inspection goes far
beyond NAT.
Using Rules to Block or Allow Specific Kinds of TrafficThis section includes the following topics:
•“About Services-Based Rules” on page4-3
•“Viewing the Rules” on page4-7
•“Order of Precedence for Rules” on page 4-8
•“Setting the Default Outbound Policy” on page 4-8
•“Creating a LAN WAN Outbound Services Rule” on page4-9
•“Creating a LAN WAN Inbound Services Rule” on page4-10
•“Inbound Rules Examples” on page4-12
•“Outbound Rules Example” on page 4-15
•“Adding Customized Services” on page4-15
•“Setting Quality of Service (QoS) Priorities” on page 4-17
Firewall rules are used to block or allow specific traffic passing through from one side to the other.
Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing
only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine
what outside resources local users can have access to.
A firewall has two default rules, one for inbound traffic and one for outbound traffic. The default
rules of the FVS336G are:
•Inbound. Block all access from outside except responses to requests from the LAN side.
•Outbound. Allow all access from the LAN side to the outside.
User-defined firewall rules for blocking or allowing traffic on the VPN firewall can be applied to
inbound or outbound traffic.