Firewall, Port triggering – Motorola SURFBOARD SVG2500 User Manual
Page 31
1 OVERVIEW
16
Firewall
The SVG2500 firewall protects the SVG2500 LAN from undesired attacks and other
intrusions from the Internet. It provides an advanced, integrated
firewall supporting intrusion detection, session tracking, and denial-of-service attack
prevention. The firewall:
• Maintains state data for every
session on the
network and transport
layers
• Monitors all incoming and outgoing
applies the firewall policy to each
one, and screens for improper packets and intrusion attempts
• Provides comprehensive logging for all:
•
User authentications
•
Rejected internal and external connection requests
•
Session creation and termination
•
Outside attacks (intrusion detection)
You can configure the firewall filters to set rules for port usage. For information about
choosing a predefined firewall policy template, see
DMZ
A de-militarized zone
(DMZ)
is one or more computers logically located outside the
firewall between an SVG2500 LAN and the Internet. A DMZ prevents direct access
by outside users to private data.
For example, you can set up a web server on a DMZ computer to enable outside
users to access your website without exposing confidential data on your network.
A DMZ can also be useful to play interactive games that may have a problem running
through a firewall. You can leave a computer used for gaming only exposed to the
Internet while protecting the rest of your network. For more information, see
.
Port Triggering
When you run an application that accesses the Internet, it typically initiates
communications with a computer on the Internet. For some applications, especially
gaming, the computer on the Internet also initiates communications with your
computer. Because NAT does not normally allow these incoming connections:
• The SVG2500 has preconfigured port triggers for common applications.
• If needed, you can configure additional port triggers on the Advanced Port
Triggers Page.