Chapter 18 Firewall
NXC5200 User’s Guide
252
Session Limits
Accessing the NXC or network resources through the NXC requires a NAT session
and corresponding firewall session. Peer to peer applications, such as file sharing
applications, may use a large number of NAT sessions. A single client could use all
of the available NAT sessions and prevent others from connecting to or through
the NXC. The NXC lets you limit the number of concurrent NAT/firewall sessions a
client can use.
18.1.3 Firewall Rule Example Applications
Suppose that your company decides to block all of the LAN users from using IRC
(Internet Relay Chat) through the Internet. To do this, you would configure a LAN
to WAN firewall rule that blocks IRC traffic from any source IP address from going
to any destination address. You do not need to specify a schedule since you need
the firewall rule to always be in effect. The following figure shows the results of
this rule.
Figure 111
Blocking All LAN to WAN IRC Traffic Example
Your firewall would have the following rules.
• The first row blocks LAN access to the IRC service on the WAN.
• The second row is the firewall’s default policy that allows all LAN to WAN traffic.
Table 89
Blocking All LAN to WAN IRC Traffic Example
#
USER
SOURCE
DESTINATION
SCHEDULE SERVICE
ACTION
1
Any
Any
Any
Any
IRC
Deny
2
Any
Any
Any
Any
Any
Allow