ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
10-8
Network and System Management
v1.0, September 2009
LAN port) can be dedicated as a hardware DMZ port to safely provide services to the Internet
without compromising security on your LAN. By default, the DMZ port and both inbound and
outbound DMZ traffic are disabled. Enabling the DMZ port and allowing traffic to and from the
DMZ increases the traffic through the WAN ports.
For the information on how to enable the DMZ port, see
“Configuring and Enabling the DMZ
Port” on page 4-18
. For the procedures on how to configure DMZ traffic rules, see
“Setting DMZ
WAN Rules” on page 5-14
.
Configuring Exposed Hosts
Specifying an exposed host allows you to set up a computer or server that is available to anyone on
the Internet for services that you have not yet defined. For an example on how to set up an exposed
host, see
“LAN WAN or DMZ WAN Inbound Rule: Specifying an Exposed Host” on page 5-28
.
Configuring VPN Tunnels
The UTM supports up to 25 site-to-site IPsec VPN tunnels and up to 13 dedicated SSL VPN
tunnels. Each tunnel requires extensive processing for encryption and authentication, thereby
increasing traffic through the WAN ports.
For information about IPsec VPN tunnels, see
Chapter 7, “Virtual Private Networking Using IPsec
Connections
.” For information about SSL VPN tunnels, see
Chapter 8, “Virtual Private
Networking Using SSL Connections
.”
Using QoS and Bandwidth Assignment to Shift the Traffic Mix
By specifying QoS and bandwidth profiles and assigning these profiles to outbound and inbound
firewall rules, you can shift the traffic mix to aim for optimum performance of the UTM.
Assigning QoS Profiles
The QoS profile settings determine the priority and, in turn, the quality of service for the traffic
passing through the UTM. After you have created a QoS profile, you can assign the QoS profile to
firewall rules. The QoS is set individually for each service. You can change the mix of traffic
through the WAN ports by granting some services a higher priority than others:
•
You can accept the default priority defined by the service itself by not changing its QoS
setting.
•
You can change the priority to a higher or lower value than its default setting to give the
service higher or lower priority than it otherwise would have.