ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
5-2
Firewall Security and Content Filtering
v1.0, July 2008
A firewall incorporates the functions of a NAT (Network Address Translation) router, while
adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic
that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall
uses a process called stateful packet inspection to protect your network from attacks and
intrusions. NAT performs a very limited stateful inspection in that it considers whether the
incoming packet is in response to an outgoing request, but true Stateful Packet Inspection goes far
beyond NAT.
Using Rules & Services to Block or Allow Traffic
Firewall rules and services are used to block or allow specific traffic passing through from one side
to the other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources,
selectively allowing only specific outside users to access specific resources. Outbound rules (LAN
to WAN) determine what outside resources local users can have access to.
A firewall has two default rules, one for inbound traffic and one for outbound traffic. The default
rules of the SRXN3205 are:
•
Inbound
. Block all access from outside except responses to requests from the LAN side.
•
Outbound
. Allow all access from the LAN side to the outside.
User-defined firewall rules for blocking or allowing traffic on the firewall can be applied to
inbound or outbound traffic.
Services-Based Rules
The rules to block traffic are based on the traffic’s category of service.
•
Outbound Rules (service blocking)
. Outbound traffic is normally allowed unless the firewall
is configured to disallow it.
•
Inbound Rules (port forwarding)
. Inbound traffic is normally blocked by the firewall unless
the traffic is in response to a request from the LAN side. The firewall can be configured to
allow this otherwise blocked traffic.
•
Customized Services
. Additional services can be added to the list of services in the factory
default list. These added services can then have rules defined for them to either allow or block
that traffic (see
“Adding Customized Services” on page 5-17
.