Warning: This feature is for advanced administrators only! Incorrect configuration
might cause serious problems.
Each rule lets you specify the desired action for the connections covered by the rule:
•
BLOCK always
•
BLOCK by schedule, otherwise Allow
•
ALLOW always
•
ALLOW by schedule, otherwise Block
The following section summarizes the various criteria that you can apply to inbound rules and that
might increase traffic. For more information about inbound rules, see
Forwarding)" on page
"Setting LAN WAN Rules" on page 4-11
When you define inbound firewall rules, you can further refine their application according to the
following criteria:
•
Services. You can specify the services or applications to be covered by an inbound rule. If the
desired service or application does not appear in the list, you must define it using the Services
screen (see
"Services-Based Rules" on page 4-3
page
4-31).
•
WAN destination IP address. You can specify the destination IP address for incoming traffic.
Traffic is directed to the specified address only when the destination IP address of the
incoming packet matches the IP address of the selected WAN interface.
•
LAN users. You can specify which computers on your network are affected by an inbound
rule. There are several options:
–
Any. The rule applies to all PCs and devices on your LAN.
–
Single address. The rule applies to the address of a particular PC.
–
Address range. The rule applies to a range of addresses.
–
Groups. The rule is applied to a group of PCs. (You can configure groups for LAN WAN
outbound rules but not for DMZ WAN outbound rules.) The Known PCs and Devices
table is an automatically maintained list of all known PCs and network devices and is
generally referred to as the network database, which is described in
Network Database" on page
database by various methods that are described in
Groups)" on page
Network and System Management
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
4-6. For detailed procedures on how to configure inbound rules, see
and
3-15. PCs and network devices are entered into the network
3-14.
v1.0, April 2010
"Setting DMZ WAN Rules" on page
and
"Adding Customized Services" on
"Managing Groups and Hosts (LAN
"Inbound Rules (Port
4-14.
"Managing the
8-5