Configuring Firewall Settings116 WatchGuard Firebox X EdgeFiltering incoming traffic for servicesTo limit the computers that can send incoming traffic from theexternal network using the service, see “Filtering incoming trafficfor services” on page 110.Filtering outgoing traffic for servicesTo limit what computers can send traffic from the internal networkusing the service, and what computers on the external network canreceive that traffic, see “Filtering outgoing traffic for services” onpage 110.Services for the Optional NetworkBy default, the Firebox® X Edge allows all traffic that starts in thetrusted network and tries to go to the optional network, and deniesall traffic that starts in the optional network and tries to go to thetrusted network.Here are some examples of how you can use the optional network:• You can use the optional network for servers that the externalnetwork can get to. This helps to protect the trusted network,because no traffic is allowed to the trusted network from theoptional network when the Firebox is in default configuration.When computers are accessible from the external network, theyare more vulnerable to attack. If your public Web or FTP serveron the optional network is hacked or compromised, the attackercannot get to your trusted network.• You can use the optional network to secure a wireless network.Wireless networks are usually less secure than wired networks. Ifyou have a Wireless Access Point you can increase the security ofyour trusted network by keeping the Wireless Access Point onthe optional network.• You can use the optional network to have a different network IPaddress range that is allowed to communicate with the trustednetwork. See the section “Disabling Traffic Filters,” below.