Network and System Management
432
ProSecure Unified Threat Management (UTM) Appliance
- Web services blocking. You can block web services such as instant messaging,
peer-to-peer and media applications, and tools. For more information, see Customize
Web Protocol Scan Settings on page 210.
- Web object blocking. You can block the following web component types: embedded
objects (ActiveX, Java, Flash), proxies, and cookies; and you can disable
JavaScripts. For more information, see Configure Web Content Filtering on page 218.
- Setting the size of web files to be scanned. Scanning large web files requires
network resources and might slow down traffic. You can specify the maximum size of
the files that are scanned, and if files that exceed the maximum size are skipped
(which might compromise security) or blocked. For more information, see Configure
Web Malware or Antivirus Scans on page 216.
For these features (except for web object blocking and setting the size of files to be
scanned), you can set schedules to specify when web content is filtered (see Configure
Web Content Filtering on page 218), and configure exceptions for groups (see Set
Exception Rules for Web and Application Access on page 248).
• Application control. The UTM provides extensive methods to filter traffic for entire
categories of applications, for individual applications, or for a combination of both. For
more information, see Configure Application Control on page 240.
Source MAC Filtering
If you want to reduce outgoing traffic by preventing Internet access by certain computers on
the LAN, you can use the source MAC filtering feature to drop the traffic received from the
computers with the specified MAC addresses. By default, this feature is disabled; all traffic
received from computers with any MAC address is allowed. See Enable Source MAC
Filtering on page 179 for the procedure on how to use this feature.
Features That Increase Traffic
The following features of the UTM tend to increase the traffic load on the WAN side:
• LAN WAN inbound rules (also referred to as port forwarding)
• DMZ WAN inbound rules (also referred to as port forwarding)
• Port triggering
• Enabling the DMZ port
• Configuring exposed hosts
• Configuring VPN tunnels
LAN WAN Inbound Rules and DMZ WAN Inbound Rules (Port Forwarding)
The LAN WAN Rules screen and the DMZ WAN Rules screen list all existing rules for
inbound traffic (from WAN to LAN and from WAN to the DMZ). If you have not defined any
rules, only the default rule is listed. The default rule blocks all access from outside except
responses to requests from the LAN side. Any inbound rule that you create allows additional
incoming traffic and therefore increases the traffic load on the WAN side.