Firewall
The SBG901 firewall protects the SBG901 LAN from undesired attacks and other intrusions from
the Internet. It provides an advanced, integrated
detection, session tracking, and denial-of-service attack prevention. The firewall:
•
Maintains state data for every
•
Monitors all incoming and outgoing packets, applies the firewall policy to each one, and
screens for improper packets and intrusion attempts
•
Provides comprehensive logging for all:
User authentications
Rejected internal and external connection requests
Session creation and termination
Outside attacks (intrusion detection)
You can configure the firewall filters to set rules for port usage. For information about choosing a
predefined firewall policy template, see the
DMZ
A de-militarized zone
between an SBG901 LAN and the Internet. A DMZ prevents direct access by outside users to
private data.
For example, you can set up a web server on a DMZ computer to enable outside users to access
your website without exposing confidential data on your network.
A DMZ can also be useful to play interactive games that may have a problem running through a
firewall. You can leave a computer used for gaming only exposed to the Internet while protecting the
rest of your network. For more information, see
Port Triggering
When you run an application that accesses the Internet, it typically initiates communications with
a computer on the Internet. For some applications, especially gaming, the computer on the
Internet also initiates communications with your computer. Because NAT does not normally allow
these incoming connections:
•
If needed, you can configure additional port triggers on the Advanced Port Triggers Page.
1 Introduction
This document is uncontrolled pending incorporation in PDM
TCP/IP
session on the
(DMZ)
is one or more computers logically located outside the firewall
stateful-inspection
OSI
network and transport layers
Firewall
Pages.
Gaming Configuration
21
firewall supporting intrusion
Guidelines.