Netgear FVS318v3 – Cable/DSL ProSafe VPN Firewall with 8-Port Switch Reference Manual
ProSafe VPN Firewall FVS318v3 Reference Manual
Firewall Protection and Content Filtering
3-5
v5.0, January 2012
•
Action. Choose how you would like this type of traffic to be handled. You can block or allow
always, or you can choose to block or allow according to the schedule you have defined in the
Schedule menu.
always, or you can choose to block or allow according to the schedule you have defined in the
Schedule menu.
•
Source Address. Specify traffic originating on the LAN (outbound) or the WAN (inbound),
and choose whether you would like the traffic to be restricted by source IP address. You can
select Any, a Single address, or a Range. If you select a range of addresses, enter the range in
the start and finish boxes. If you select a single address, enter it in the start box.
and choose whether you would like the traffic to be restricted by source IP address. You can
select Any, a Single address, or a Range. If you select a range of addresses, enter the range in
the start and finish boxes. If you select a single address, enter it in the start box.
•
Destination Address.The Destination Address will be assumed to be from the opposite (LAN
or WAN) of the Source Address. As with the Source Address, you can select Any, a Single
address, or a Range unless NAT is enabled and the destination is the LAN. In that case, you
must enter a Single LAN address in the start box.
or WAN) of the Source Address. As with the Source Address, you can select Any, a Single
address, or a Range unless NAT is enabled and the destination is the LAN. In that case, you
must enter a Single LAN address in the start box.
•
Log. You can select whether the traffic will be logged. The choices are:
•
•
Never – no log entries will be made for this service.
•
Match – traffic of this type that matches the parameters and action will be logged.
Inbound Rules (Port Forwarding)
Because the FVS318v3 uses Network Address Translation (NAT), your network presents only one
IP address to the Internet, and outside users cannot directly address any of your local computers.
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule tells the firewall to direct inbound
traffic for a particular service to one local server based on the destination port number. This is also
known as port forwarding.
IP address to the Internet, and outside users cannot directly address any of your local computers.
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule tells the firewall to direct inbound
traffic for a particular service to one local server based on the destination port number. This is also
known as port forwarding.
Remember that allowing inbound services opens holes in your VPN firewall. Only enable those
ports that are necessary for your network. Following are two application examples of inbound
rules:
ports that are necessary for your network. Following are two application examples of inbound
rules:
Note: Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to the Acceptable Use
Policy of your ISP.
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to the Acceptable Use
Policy of your ISP.