Netgear UTM25EW-100NAS ユーザーズマニュアル
ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
5-6
Firewall Protection
v1.0, September 2009
Inbound Rules (Port Forwarding)
If you have enabled Network Address Translation (NAT), your network presents only one IP
address to the Internet and outside users cannot directly address any of your local computers.
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule informs the firewall to direct inbound
traffic for a particular service to one local server based on the destination port number. This
process is also known as port forwarding.
address to the Internet and outside users cannot directly address any of your local computers.
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule informs the firewall to direct inbound
traffic for a particular service to one local server based on the destination port number. This
process is also known as port forwarding.
QoS Profile
The priority assigned to IP packets of this service. The priorities are defined by “Type
of Service (ToS) in the Internet Protocol Suite” standards, RFC 1349. The QoS profile
determines the priority of a service which, in turn, determines the quality of that
service for the traffic passing through the firewall.
The UTM marks the Type Of Service (ToS) field as defined in the QoS profiles that
you create. For more information, see
of Service (ToS) in the Internet Protocol Suite” standards, RFC 1349. The QoS profile
determines the priority of a service which, in turn, determines the quality of that
service for the traffic passing through the firewall.
The UTM marks the Type Of Service (ToS) field as defined in the QoS profiles that
you create. For more information, see
.
Note: There is no default QoS profile on the UTM. After you have created a QoS
profile, it can become active only when you apply it to a non-blocking inbound or
outbound firewall rule.
profile, it can become active only when you apply it to a non-blocking inbound or
outbound firewall rule.
Bandwidth Profile
Bandwidth limiting determines the way in which the data is sent to and from your
host. The purpose of bandwidth limiting is to provide a solution for limiting the
outgoing and incoming traffic, thus preventing the LAN users from consuming all the
bandwidth of the Internet link. Bandwidth limiting occurs in the following ways:
• For outbound traffic: on the available WAN interface in the single WAN port mode
host. The purpose of bandwidth limiting is to provide a solution for limiting the
outgoing and incoming traffic, thus preventing the LAN users from consuming all the
bandwidth of the Internet link. Bandwidth limiting occurs in the following ways:
• For outbound traffic: on the available WAN interface in the single WAN port mode
and auto-rollover mode, and on the selected interface in load balancing mode.
• For inbound traffic: on the LAN interface for all WAN modes.
Note: Bandwidth Limiting does not apply to the DMZ interface.
Note: Bandwidth Limiting does not apply to the DMZ interface.
Log
The settings that determines whether packets covered by this rule are logged. The
options are:
• Always. Always log traffic considered by this rule, whether it matches or not. This is
options are:
• Always. Always log traffic considered by this rule, whether it matches or not. This is
useful when debugging your rules.
• Never. Never log traffic considered by this rule, whether it matches or not.
NAT IP
The settings that specify whether the source address of the outgoing packets on the
WAN should be assigned the address of the WAN interface or the address of a
different interface. The options are:
• WAN Interface Address: All the outgoing packets on the WAN are to the address of
WAN should be assigned the address of the WAN interface or the address of a
different interface. The options are:
• WAN Interface Address: All the outgoing packets on the WAN are to the address of
the assigned WAN interface.
• Single Address: All the outgoing packets on the WAN are assigned the specified IP
address, for example, a secondary WAN address that you have configured.
Note: This option is available only when the WAN mode is NAT. The IP address
specified should fall under the WAN subnet.
specified should fall under the WAN subnet.
Table 5-2. Outbound Rules Overview (continued)
Setting
Description (or Subfield and Description)