Table of Contents
Advertisement
16.1 Overview
Use the firewall to block or allow services that use static port numbers. The firewall can also limit
the number of user sessions.
16.1.1 What You Can Do in this Chapter
• The Firewall screens
routes, and manage and configure firewall rules.
• The Session Control screens
firewall sessions a client can use.
16.1.2 What You Need to Know
The following terms and concepts may help as you read this chapter.
Stateful Inspection
The NXC has a stateful inspection firewall. The NXC restricts access by screening data packets
against defined access rules. It also inspects sessions. For example, traffic from one zone is not
allowed unless it is initiated by a computer in another zone first.
Zones
A zone is a group of interfaces. Group the NXC's interfaces into different zones based on your
needs. You can configure firewall rules for data passing between zones or even between interfaces
in a zone.
Default Firewall Behavior
Firewall rules are grouped based on the direction of travel of packets to which they apply. Here is
the default firewall behavior for traffic going through the NXC in various directions.
Table 91 Default Firewall Behavior
FROM ZONE TO ZONE
From ANY to ANY
C
HAPTER
(Section 16.2 on page
187) enable or disable the firewall and asymmetrical
(Section 16.3 on page
BEHAVIOR
Traffic that does not match any firewall rule is allowed. So for example, LAN to
WAN, LAN to DMZ, and LAN to WLAN traffic is allowed. This also includes traffic
to or from interfaces that are not assigned to a zone (extra-zone traffic).
NXC Series User's Guide
185
Firewall
191) limit the number of concurrent NAT/
1 6
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
