Home » ZyXEL Manuals » Networking » ZyXEL ZyWALL USG 50 » Manual Viewer

ZyXEL ZyWALL USG 50 User Manual - Page 359

Global Firewall Rules, Firewall Rule Criteria, User Specific Firewall Rules, Firewall

Get ZyXEL ZyWALL USG 50 PDF manuals and user guides

View all ZyXEL ZyWALL USG 50 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 359 highlights

Chapter 22 Firewall • The ZyWALL drops most packets from the WAN zone to the ZyWALL itself, except for ESP/AH/IKE/NATT/HTTPS services for VPN tunnels, and generates a log. • The ZyWALL drops most packets from the DMZ zone to the ZyWALL itself, except for DNS and NetBIOS traffic, and generates a log. When you configure a firewall rule for packets destined for the ZyWALL itself, make sure it does not conflict with your service control rule. See Chapter 45 on page 675 for more information about service control (remote management). The ZyWALL checks the firewall rules before the service control rules for traffic destined for the ZyWALL. You can configure a To-ZyWALL firewall rule (with From Any To ZyWALL direction) for traffic from an interface which is not in a zone. Global Firewall Rules Firewall rules with from any and/or to any as the packet direction are called global firewall rules. The global firewall rules are the only firewall rules that apply to an interface or VPN tunnel that is not included in a zone. The from any rules apply to traffic coming from the interface and the to any rules apply to traffic going to the interface. Firewall Rule Criteria The ZyWALL checks the schedule, user name (user's login name on the ZyWALL), source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the ZyWALL takes the action specified in the rule. User Specific Firewall Rules You can specify users or user groups in firewall rules. For example, to allow a specific user from any computer to access a zone by logging in to the ZyWALL, you can set up a rule based on the user name only. If you also apply a schedule to the firewall rule, the user can only access the network at the scheduled time. A useraware firewall rule is activated whenever the user logs in to the ZyWALL and will be disabled after the user logs out of the ZyWALL. Firewall and Application Patrol To use a service, make sure both the firewall and application patrol allow the service's packets to go through the ZyWALL. The ZyWALL checks the firewall rules before the application patrol rules for traffic going through the ZyWALL. ZyWALL USG 50 User's Guide 359

Section	Page
ZyWALL USG 50	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	29
Introducing the ZyWALL	31
1.1 Overview and Key Default Settings	31
1.2 Rack-mounted Installation	32
1.2.1 Rack-Mounted Installation Procedure	32
1.3 Front Panel	33
1.3.1 Front Panel LEDs	33
1.4 Management Overview	34
1.5 Starting and Stopping the ZyWALL	35
Features and Applications	37
2.1 Features	37
2.2 Applications	39
2.2.1 VPN Connectivity	40
2.2.2 SSL VPN Network Access	40
2.2.3 User-Aware Access Control	42
2.2.4 Multiple WAN Interfaces	42
Web Configurator	43
3.1 Web Configurator Requirements	43
3.2 Web Configurator Access	43
3.3 Web Configurator Screens Overview	45
3.3.1 Title Bar	45
3.3.2 Navigation Panel	47
3.3.3 Main Window	52
3.3.4 Tables and Lists	54
Installation Setup Wizard	59
4.1 Installation Setup Wizard Screens	59
4.1.1 Internet Access Setup - WAN Interface	59
4.1.2 Internet Access: Ethernet	60
4.1.3 Internet Access: PPPoE	62
4.1.4 Internet Access: PPTP	63
4.1.5 ISP Parameters	64
4.1.6 Internet Access Setup - Second WAN Interface	65
4.1.7 Internet Access - Finish	66
4.2 Device Registration	66
Quick Setup	69
5.1 Quick Setup Overview	69
5.2 WAN Interface Quick Setup	70
5.2.1 Choose an Ethernet Interface	70
5.2.2 Select WAN Type	70
5.2.3 Configure WAN Settings	71
5.2.4 WAN and ISP Connection Settings	72
5.2.5 Quick Setup Interface Wizard: Summary	74
5.3 VPN Quick Setup	75
5.4 VPN Setup Wizard: Wizard Type	76
5.5 VPN Express Wizard - Scenario	77
5.5.1 VPN Express Wizard - Configuration	78
5.5.2 VPN Express Wizard - Summary	79
5.5.3 VPN Express Wizard - Finish	80
5.5.4 VPN Advanced Wizard - Scenario	81
5.5.5 VPN Advanced Wizard - Phase 1 Settings	82
5.5.6 VPN Advanced Wizard - Phase 2	84
5.5.7 VPN Advanced Wizard - Summary	85
5.5.8 VPN Advanced Wizard - Finish	86
Configuration Basics	87
6.1 Object-based Configuration	87
6.2 Zones, Interfaces, and Physical Ports	88
6.2.1 Interface Types	89
6.2.2 Default Interface and Zone Configuration	89
6.3 Terminology in the ZyWALL	91
6.4 Packet Flow	91
6.4.1 Routing Table Checking Flow	92
6.4.2 NAT Table Checking Flow	94
6.5 Feature Configuration Overview	95
6.5.1 Feature	95
6.5.2 Licensing Registration	96
6.5.3 Licensing Update	96
6.5.4 Interface	96
6.5.5 Trunks	97
6.5.6 Policy Routes	97
6.5.7 Static Routes	98
6.5.8 Zones	98
6.5.9 DDNS	99
6.5.10 NAT	99
6.5.11 HTTP Redirect	99
6.5.12 ALG	100
6.5.13 Auth. Policy	100
6.5.14 Firewall	101
6.5.15 IPSec VPN	102
6.5.16 SSL VPN	102
6.5.17 Application Patrol	102
6.5.18 Anti-Virus	103
6.5.19 IDP	103
6.5.20 ADP	103
6.5.21 Content Filter	104
6.5.22 Anti-Spam	104
6.6 Objects	105
6.6.1 User/Group	106
6.7 System	106
6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM	106
6.7.2 Logs and Reports	107
6.7.3 File Manager	107
6.7.4 Diagnostics	108
6.7.5 Shutdown	108
Tutorials	109
7.1 How to Configure Interfaces, Port Roles, and Zones	109
7.1.1 Configure a WAN Ethernet Interface	110
7.1.2 Configure Port Roles	111
7.1.3 Configure the DMZ Interface for a Local Network	111
7.1.4 Configure Zones	112
7.2 How to Configure a Cellular Interface	113
7.3 How to Configure Load Balancing	115
7.3.1 Set Up Available Bandwidth on Ethernet Interfaces	115
7.3.2 Configure the WAN Trunk	116
7.4 How to Set Up an IPSec VPN Tunnel	118
7.4.1 Set Up the VPN Gateway	119
7.4.2 Set Up the VPN Connection	120
7.4.3 Configure Security Policies for the VPN Tunnel	121
7.5 How to Configure User-aware Access Control	122
7.5.1 Set Up User Accounts	122
7.5.2 Set Up User Groups	123
7.5.3 Set Up User Authentication Using the RADIUS Server	124
7.5.4 Web Surfing Policies With Bandwidth Restrictions	126
7.5.5 Set Up MSN Policies	129
7.5.6 Set Up Firewall Rules	130
7.6 How to Use a RADIUS Server to Authenticate User Accounts based on Groups	131
7.7 How to Use Endpoint Security and Authentication Policies	133
7.7.1 Configure the Endpoint Security Objects	133
7.7.2 Configure the Authentication Policy	135
7.8 How to Configure Service Control	136
7.8.1 Allow HTTPS Administrator Access Only From the LAN	137
7.9 How to Allow Incoming H.323 Peer-to-peer Calls	139
7.9.1 Turn On the ALG	140
7.9.2 Set Up a NAT Policy For H.323	140
7.9.3 Set Up a Firewall Rule For H.323	142
7.10 How to Allow Public Access to a Web Server	143
7.10.1 Create the Address Objects	144
7.10.2 Configure NAT	144
7.10.3 Set Up a Firewall Rule	145
7.11 How to Use an IPPBX on the DMZ	146
7.11.1 Turn On the ALG	148
7.11.2 Create the Address Objects	148
7.11.3 Setup a NAT Policy for the IPPBX	149
7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP	150
7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP	151
7.12 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic	152
7.12.1 Create the Public IP Address Range Object	152
7.12.2 Configure the Policy Route	153
Technical Reference	155
Dashboard	157
8.1 Overview	157
8.1.1 What You Can Do in this Chapter	157
8.2 The Dashboard Screen	157
8.2.1 The CPU Usage Screen	162
8.2.2 The Memory Usage Screen	163
8.2.3 The Active Sessions Screen	164
8.2.4 The VPN Status Screen	165
8.2.5 The DHCP Table Screen	165
8.2.6 The Number of Login Users Screen	166
Monitor	169
9.1 Overview	169
9.1.1 What You Can Do in this Chapter	169
9.2 The Port Statistics Screen	170
9.2.1 The Port Statistics Graph Screen	172
9.3 Interface Status Screen	173
9.4 The Traffic Statistics Screen	175
9.5 The Session Monitor Screen	178
9.6 The DDNS Status Screen	181
9.7 IP/MAC Binding Monitor	181
9.8 The Login Users Screen	182
9.9 Cellular Status Screen	183
9.9.1 More Information	185
9.10 Application Patrol Statistics	186
9.10.1 Application Patrol Statistics: General Setup	187
9.10.2 Application Patrol Statistics: Bandwidth Statistics	188
9.10.3 Application Patrol Statistics: Protocol Statistics	189
9.10.4 Application Patrol Statistics: Individual Protocol Statistics by Rule	190
9.11 The IPSec Monitor Screen	191
9.11.1 Regular Expressions in Searching IPSec SAs	192
9.12 The SSL Connection Monitor Screen	193
9.13 The Anti-Virus Statistics Screen	194
9.14 The IDP Statistics Screen	196
9.15 The Content Filter Statistics Screen	198
9.16 Content Filter Cache Screen	200
9.17 The Anti-Spam Statistics Screen	203
9.18 The Anti-Spam Status Screen	205
9.19 Log Screen	206
Registration	209
10.1 Overview	209
10.1.1 What You Can Do in this Chapter	209
10.1.2 What you Need to Know	209
10.2 The Registration Screen	211
10.3 The Service Screen	213
Interfaces	215
11.1 Interface Overview	215
11.1.1 What You Can Do in this Chapter	215
11.1.2 What You Need to Know	216
11.2 Port Role	218
11.3 Ethernet Summary Screen	219
11.3.1 Ethernet Edit	221
11.3.2 Object References	230
11.4 PPP Interfaces	231
11.4.1 PPP Interface Summary	232
11.4.2 PPP Interface Add or Edit	233
11.5 Cellular Configuration Screen (3G)	237
11.5.1 Cellular Add/Edit Screen	239
11.6 VLAN Interfaces	246
11.6.1 VLAN Summary Screen	248
11.6.2 VLAN Add/Edit	249
11.7 Bridge Interfaces	256
11.7.1 Bridge Summary	258
11.7.2 Bridge Add/Edit	259
11.7.3 Virtual Interfaces Add/Edit	264
11.8 Interface Technical Reference	266
Trunks	271
12.1 Overview	271
12.1.1 What You Can Do in this Chapter	271
12.1.2 What You Need to Know	272
12.2 The Trunk Summary Screen	276
12.3 Configuring a Trunk	277
12.4 Trunk Technical Reference	279
Policy and Static Routes	281
13.1 Policy and Static Routes Overview	281
13.1.1 What You Can Do in this Chapter	281
13.1.2 What You Need to Know	282
13.2 Policy Route Screen	284
13.2.1 Policy Route Edit Screen	287
13.3 IP Static Route Screen	291
13.3.1 Static Route Add/Edit Screen	292
13.4 Policy Routing Technical Reference	293
Routing Protocols	297
14.1 Routing Protocols Overview	297
14.1.1 What You Can Do in this Chapter	297
14.1.2 What You Need to Know	297
14.2 The RIP Screen	298
14.3 The OSPF Screen	299
14.3.1 Configuring the OSPF Screen	303
14.3.2 OSPF Area Add/Edit Screen	306
14.3.3 Virtual Link Add/Edit Screen	307
14.4 Routing Protocol Technical Reference	308
Zones	311
15.1 Zones Overview	311
15.1.1 What You Can Do in this Chapter	311
15.1.2 What You Need to Know	312
15.2 The Zone Screen	313
15.3 Zone Edit	314
DDNS	315
16.1 DDNS Overview	315
16.1.1 What You Can Do in this Chapter	315
16.1.2 What You Need to Know	315
16.2 The DDNS Screen	316
16.2.1 The Dynamic DNS Add/Edit Screen	318
NAT	321
17.1 NAT Overview	321
17.1.1 What You Can Do in this Chapter	321
17.1.2 What You Need to Know	322
17.2 The NAT Screen	322
17.2.1 The NAT Add/Edit Screen	324
17.3 NAT Technical Reference	327
HTTP Redirect	331
18.1 Overview	331
18.1.1 What You Can Do in this Chapter	331
18.1.2 What You Need to Know	332
18.2 The HTTP Redirect Screen	333
18.2.1 The HTTP Redirect Edit Screen	334
ALG	335
19.1 ALG Overview	335
19.1.1 What You Can Do in this Chapter	335
19.1.2 What You Need to Know	336
19.1.3 Before You Begin	339
19.2 The ALG Screen	339
19.3 ALG Technical Reference	341
IP/MAC Binding	343
20.1 IP/MAC Binding Overview	343
20.1.1 What You Can Do in this Chapter	343
20.1.2 What You Need to Know	344
20.2 IP/MAC Binding Summary	344
20.2.1 IP/MAC Binding Edit	345
20.2.2 Static DHCP Edit	346
20.3 IP/MAC Binding Exempt List	347
Authentication Policy	349
21.1 Overview	349
21.1.1 What You Can Do in this Chapter	349
21.1.2 What You Need to Know	350
21.2 Authentication Policy Screen	350
21.2.1 Creating/Editing an Authentication Policy	353
Firewall	357
22.1 Overview	357
22.1.1 What You Can Do in this Chapter	357
22.1.2 What You Need to Know	358
22.1.3 Firewall Rule Example Applications	360
22.1.4 Firewall Rule Configuration Example	363
22.2 The Firewall Screen	365
22.2.1 Configuring the Firewall Screen	366
22.2.2 The Firewall Add/Edit Screen	369
22.3 The Session Limit Screen	370
22.3.1 The Session Limit Add/Edit Screen	372
IPSec VPN	375
23.1 IPSec VPN Overview	375
23.1.1 What You Can Do in this Chapter	375
23.1.2 What You Need to Know	376
23.1.3 Before You Begin	378
23.2 The VPN Connection Screen	378
23.2.1 The VPN Connection Add/Edit (IKE) Screen	380
23.2.2 The VPN Connection Add/Edit Manual Key Screen	387
23.3 The VPN Gateway Screen	390
23.3.1 The VPN Gateway Add/Edit Screen	391
23.4 IPSec VPN Background Information	399
SSL VPN	411
24.1 Overview	411
24.1.1 What You Can Do in this Chapter	411
24.1.2 What You Need to Know	411
24.2 The SSL Access Privilege Screen	413
24.2.1 The SSL Access Policy Add/Edit Screen	414
24.3 The SSL Global Setting Screen	416
24.3.1 How to Upload a Custom Logo	418
24.4 Establishing an SSL VPN Connection	419
SSL User Screens	421
25.1 Overview	421
25.1.1 What You Need to Know	421
25.2 Remote User Login	422
25.3 The SSL VPN User Screens	427
25.4 Bookmarking the ZyWALL	428
25.5 Logging Out of the SSL VPN User Screens	428
SSL User Application Screens	431
26.1 SSL User Application Screens Overview	431
26.2 The Application Screen	431
ZyWALL SecuExtender	433
27.1 The ZyWALL SecuExtender Icon	433
27.2 Statistics	434
27.3 View Log	435
27.4 Suspend and Resume the Connection	435
27.5 Stop the Connection	436
27.6 Uninstalling the ZyWALL SecuExtender	436
Application Patrol	437
28.1 Overview	437
28.1.1 What You Can Do in this Chapter	437
28.1.2 What You Need to Know	438
28.1.3 Application Patrol Bandwidth Management Examples	443
28.2 Application Patrol General Screen	447
28.3 Application Patrol Applications	448
28.3.1 The Application Patrol Edit Screen	449
28.3.2 The Application Patrol Policy Edit Screen	453
28.4 The Other Applications Screen	456
28.4.1 The Other Applications Add/Edit Screen	459
Anti-Virus	463
29.1 Overview	463
29.1.1 What You Can Do in this Chapter	463
29.1.2 What You Need to Know	464
29.1.3 Before You Begin	465
29.2 Anti-Virus Summary Screen	466
29.2.1 Anti-Virus Policy Add or Edit Screen	469
29.3 Anti-Virus Black List	471
29.4 Anti-Virus Black List or White List Add/Edit	472
29.5 Anti-Virus White List	473
29.6 Signature Searching	474
29.7 Anti-Virus Technical Reference	477
IDP	479
30.1 Overview	479
30.1.1 What You Can Do in this Chapter	479
30.1.2 What You Need To Know	479
30.1.3 Before You Begin	480
30.2 The IDP General Screen	481
30.3 Introducing IDP Profiles	483
30.3.1 Base Profiles	484
30.4 The Profile Summary Screen	485
30.5 Creating New Profiles	486
30.5.1 Procedure To Create a New Profile	486
30.6 Profiles: Packet Inspection	487
30.6.1 Profile > Group View Screen	487
30.6.2 Policy Types	490
30.6.3 IDP Service Groups	491
30.6.4 Profile > Query View Screen	493
30.6.5 Query Example	495
30.7 Introducing IDP Custom Signatures	497
30.7.1 IP Packet Header	497
30.8 Configuring Custom Signatures	498
30.8.1 Creating or Editing a Custom Signature	500
30.8.2 Custom Signature Example	506
30.8.3 Applying Custom Signatures	508
30.8.4 Verifying Custom Signatures	509
30.9 IDP Technical Reference	510
ADP	513
31.1 Overview	513
31.1.1 ADP and IDP Comparison	513
31.1.2 What You Can Do in this Chapter	513
31.1.3 What You Need To Know	513
31.1.4 Before You Begin	514
31.2 The ADP General Screen	515
31.3 The Profile Summary Screen	516
31.3.1 Base Profiles	517
31.3.2 Configuring The ADP Profile Summary Screen	517
31.3.3 Creating New ADP Profiles	518
31.3.4 Traffic Anomaly Profiles	518
31.3.5 Protocol Anomaly Profiles	521
31.3.6 Protocol Anomaly Configuration	521
31.4 ADP Technical Reference	525
Content Filtering	533
32.1 Overview	533
32.1.1 What You Can Do in this Chapter	533
32.1.2 What You Need to Know	533
32.1.3 Before You Begin	535
32.2 Content Filter General Screen	535
32.3 Content Filter Policy Add or Edit Screen	538
32.4 Content Filter Profile Screen	540
32.5 Content Filter Categories Screen	540
32.5.1 Content Filter Blocked and Warning Messages	552
32.6 Content Filter Customization Screen	553
32.7 Content Filter Technical Reference	555
Content Filter Reports	557
33.1 Overview	557
33.2 Viewing Content Filter Reports	557
Anti-Spam	565
34.1 Overview	565
34.1.1 What You Can Do in this Chapter	565
34.1.2 What You Need to Know	565
34.2 Before You Begin	567
34.3 The Anti-Spam General Screen	567
34.3.1 The Anti-Spam Policy Add or Edit Screen	569
34.4 The Anti-Spam Black List Screen	571
34.4.1 The Anti-Spam Black or White List Add/Edit Screen	573
34.4.2 Regular Expressions in Black or White List Entries	574
34.5 The Anti-Spam White List Screen	575
34.6 The DNSBL Screen	576
34.7 Anti-Spam Technical Reference	578
User/Group	583
35.1 Overview	583
35.1.1 What You Can Do in this Chapter	583
35.1.2 What You Need To Know	583
35.2 User Summary Screen	586
35.2.1 User Add/Edit Screen	586
35.3 User Group Summary Screen	589
35.3.1 Group Add/Edit Screen	590
35.4 Setting Screen	591
35.4.1 Default User Authentication Timeout Settings Edit Screens	594
35.4.2 User Aware Login Example	596
35.5 User /Group Technical Reference	597
Addresses	599
36.1 Overview	599
36.1.1 What You Can Do in this Chapter	599
36.1.2 What You Need To Know	599
36.2 Address Summary Screen	599
36.2.1 Address Add/Edit Screen	601
36.3 Address Group Summary Screen	602
36.3.1 Address Group Add/Edit Screen	603
Services	605
37.1 Overview	605
37.1.1 What You Can Do in this Chapter	605
37.1.2 What You Need to Know	605
37.2 The Service Summary Screen	606
37.2.1 The Service Add/Edit Screen	608
37.3 The Service Group Summary Screen	608
37.3.1 The Service Group Add/Edit Screen	610
Schedules	611
38.1 Overview	611
38.1.1 What You Can Do in this Chapter	611
38.1.2 What You Need to Know	611
38.2 The Schedule Summary Screen	612
38.2.1 The One-Time Schedule Add/Edit Screen	613
38.2.2 The Recurring Schedule Add/Edit Screen	614
AAA Server	617
39.1 Overview	617
39.1.1 Directory Service (AD/LDAP)	617
39.1.2 RADIUS Server	618
39.1.3 ASAS	618
39.1.4 What You Can Do in this Chapter	618
39.1.5 What You Need To Know	619
39.2 Active Directory or LDAP Server Summary	621
39.2.1 Adding an Active Directory or LDAP Server	621
39.3 RADIUS Server Summary	623
39.3.1 Adding a RADIUS Server	625
Authentication Method	627
40.1 Overview	627
40.1.1 What You Can Do in this Chapter	627
40.1.2 Before You Begin	627
40.1.3 Example: Selecting a VPN Authentication Method	627
40.2 Authentication Method Objects	628
40.2.1 Creating an Authentication Method Object	629
Certificates	633
41.1 Overview	633
41.1.1 What You Can Do in this Chapter	633
41.1.2 What You Need to Know	633
41.1.3 Verifying a Certificate	635
41.2 The My Certificates Screen	637
41.2.1 The My Certificates Add Screen	638
41.2.2 The My Certificates Edit Screen	643
41.2.3 The My Certificates Import Screen	646
41.3 The Trusted Certificates Screen	647
41.3.1 The Trusted Certificates Edit Screen	648
41.3.2 The Trusted Certificates Import Screen	652
41.4 Certificates Technical Reference	653
ISP Accounts	655
42.1 Overview	655
42.1.1 What You Can Do in this Chapter	655
42.2 ISP Account Summary	655
42.2.1 ISP Account Edit	656
SSL Application	659
43.1 Overview	659
43.1.1 What You Can Do in this Chapter	659
43.1.2 What You Need to Know	659
43.1.3 Example: Specifying a Web Site for Access	660
43.2 The SSL Application Screen	661
43.2.1 Creating/Editing a Web-based SSL Application Object	662
Endpoint Security	665
44.1 Overview	665

Match case Limit results 1 per page

Chapter 22 Firewall

ZyWALL USG 50 User’s Guide

359

•

The ZyWALL drops most packets from the WAN zone to the ZyWALL itself,

except for ESP/AH/IKE/NATT/HTTPS services for VPN tunnels, and generates a

log.

•

The ZyWALL drops most packets from the DMZ zone to the ZyWALL itself,

except for DNS and NetBIOS traffic, and generates a log.

When you configure a firewall rule for packets destined for the ZyWALL itself,

make sure it does not conflict with your service control rule. See

Chapter 45 on

page 675

for more information about service control (remote management). The

ZyWALL checks the firewall rules before the service control rules for traffic

destined for the ZyWALL.

You can configure a To-ZyWALL firewall rule (with

From Any To ZyWALL

direction) for traffic from an interface which is not in a zone.

Global Firewall Rules

Firewall rules with

from any

and/or

to any

as the packet direction are called

global firewall rules. The global firewall rules are the only firewall rules that apply

to an interface or VPN tunnel that is not included in a zone. The

from any

rules

apply to traffic coming from the interface and the

to any

rules apply to traffic

going to the interface.

Firewall Rule Criteria

The ZyWALL checks the schedule, user name (user’s login name on the ZyWALL),

source IP address, destination IP address and IP protocol type of network traffic

against the firewall rules (in the order you list them). When the traffic matches a

rule, the ZyWALL takes the action specified in the rule.

User Specific Firewall Rules

You can specify users or user groups in firewall rules. For example, to allow a

specific user from any computer to access a zone by logging in to the ZyWALL, you

can set up a rule based on the user name only. If you also apply a schedule to the

firewall rule, the user can only access the network at the scheduled time. A user-

aware firewall rule is activated whenever the user logs in to the ZyWALL and will

be disabled after the user logs out of the ZyWALL.

Firewall and Application Patrol

To use a service, make sure both the firewall and application patrol allow the

service’s packets to go through the ZyWALL. The ZyWALL checks the firewall rules

before the application patrol rules for traffic going through the ZyWALL.