Netgear FVS336Gv2 – ProSafe Dual WAN Gigabit Firewall with SSL & IPSec VPN 참조 매뉴얼
Customize Firewall Protection
215
ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
Inbound Rules — Port Forwarding
The VPN firewall has a default inbound LAN WAN rule, which blocks all access from outside
except responses to requests from the LAN side.
except responses to requests from the LAN side.
If you have enabled Network Address Translation (NAT), your network presents one IP
address only to the Internet, and outside users cannot directly access any of your local
computers (LAN users). For information about configuring NAT, see
address only to the Internet, and outside users cannot directly access any of your local
computers (LAN users). For information about configuring NAT, see
30. However, by defining an inbound rule you can make a
local server (for example, a web server or game server) visible and available to the Internet.
Bandwidth Profile Bandwidth limiting determines how the data is sent to and from
your host. The purpose of bandwidth limiting is to provide a
solution for limiting the outgoing and incoming traffic, thus
preventing the LAN users from consuming all the bandwidth of the
Internet link. For more information, see
solution for limiting the outgoing and incoming traffic, thus
preventing the LAN users from consuming all the bandwidth of the
Internet link. For more information, see
299. For outbound traffic, you can
configure bandwidth limiting only on the WAN interface for a LAN
WAN rule.
WAN rule.
Note:
When you enable a bandwidth profile, the performance of
the VPN firewall might be affected slightly.
Note:
Bandwidth limiting does not apply to the DMZ interface.
IPv4 LAN WAN rules
Log
The setting that determines whether packets covered by this rule
are logged. The options are as follows:
are logged. The options are as follows:
•
Always. Always log traffic that matches this rule. This is useful
when you are debugging your rules.
•
Never. Never log traffic that matches this rule.
All rules
NAT IP
The setting that specifies whether the source address of the
outgoing packets on the WAN is autodetected, is assigned the
address of the WAN interface, or is a different IP address. You can
specify these settings only for outbound traffic of the WAN
interface. The options are as follows:
outgoing packets on the WAN is autodetected, is assigned the
address of the WAN interface, or is a different IP address. You can
specify these settings only for outbound traffic of the WAN
interface. The options are as follows:
•
Auto. The source address of the outgoing packets is
autodetected through the configured routing and load
balancing rules.
balancing rules.
•
WAN Interface Address. All the outgoing packets on the
WAN are assigned to the address of the specified WAN
interface.
WAN are assigned to the address of the specified WAN
interface.
•
Single Address. All the outgoing packets on the WAN are
assigned to the specified IP address, for example, a
secondary WAN address that you have configured.
assigned to the specified IP address, for example, a
secondary WAN address that you have configured.
Note:
The NAT IP menu is available only when the WAN mode is
NAT.
Note:
If you select Single Address from the NAT IP menu, the IP
address specified must fall under the WAN subnet.
IPv4 LAN WAN rules
IPv4 DMZ WAN rules
Table 5. Outbound rules overview (continued)
Setting
Description
Outbound Rules