NETGEAR SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall Reference Manual page 94

ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Outbound Rules (Service Blocking)
The VPN firewall allows you to block the use of certain Internet services by PCs on your network.
This is called service blocking or port filtering.
Note: See "Enabling Source MAC Filtering" on page 4-44
outbound traffic from selected PCs that would otherwise be allowed by the
firewall.
Warning: Allowing inbound services opens security holes in your VPN firewall. Enable
only those ports that are necessary for your network.
Table 4-2 on page 4-4
common to most Outbound Service screens (see
and Figure 4-9 on page
The steps to configure outbound rules are described in the following sections:
• "Setting LAN WAN Rules" on page
• "Setting DMZ WAN Rules" on page
• "Setting LAN DMZ Rules" on page
Table 4-2. Outbound Rules Overview
Setting Description (or Subfield and Description)
Service The service or application to be covered by this rule. If the service or application does
not appear in the list, you must define it using the Services screen (see
Customized Services" on page
Action The action for outgoing connections covered by this rule:
• BLOCK always.
• BLOCK by schedule, otherwise allow.
• ALLOW always.
• ALLOW by schedule, otherwise block.
Note: Any outbound traffic that is not blocked by rules you create is allowed by the
default rule.
ALLOW rules are useful only if the traffic is already covered by a BLOCK rule. That
is, you wish to allow a subset of traffic that is currently blocked by another rule.
4-4
describes the fields that define the rules for outbound traffic and that are
4-19).
4-11.
4-14.
4-18.
v1.0, April 2010
for yet another way to block
Figure 4-3 on page 4-13,
4-31).
Figure 4-6 on page 4-16,
"Adding
Firewall Protection