ZyXEL ZyWALL USG 50 User Manual - Page 359
Global Firewall Rules, Firewall Rule Criteria, User Specific Firewall Rules, Firewall
View all ZyXEL ZyWALL USG 50 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 359 highlights
Chapter 22 Firewall • The ZyWALL drops most packets from the WAN zone to the ZyWALL itself, except for ESP/AH/IKE/NATT/HTTPS services for VPN tunnels, and generates a log. • The ZyWALL drops most packets from the DMZ zone to the ZyWALL itself, except for DNS and NetBIOS traffic, and generates a log. When you configure a firewall rule for packets destined for the ZyWALL itself, make sure it does not conflict with your service control rule. See Chapter 45 on page 675 for more information about service control (remote management). The ZyWALL checks the firewall rules before the service control rules for traffic destined for the ZyWALL. You can configure a To-ZyWALL firewall rule (with From Any To ZyWALL direction) for traffic from an interface which is not in a zone. Global Firewall Rules Firewall rules with from any and/or to any as the packet direction are called global firewall rules. The global firewall rules are the only firewall rules that apply to an interface or VPN tunnel that is not included in a zone. The from any rules apply to traffic coming from the interface and the to any rules apply to traffic going to the interface. Firewall Rule Criteria The ZyWALL checks the schedule, user name (user's login name on the ZyWALL), source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the ZyWALL takes the action specified in the rule. User Specific Firewall Rules You can specify users or user groups in firewall rules. For example, to allow a specific user from any computer to access a zone by logging in to the ZyWALL, you can set up a rule based on the user name only. If you also apply a schedule to the firewall rule, the user can only access the network at the scheduled time. A useraware firewall rule is activated whenever the user logs in to the ZyWALL and will be disabled after the user logs out of the ZyWALL. Firewall and Application Patrol To use a service, make sure both the firewall and application patrol allow the service's packets to go through the ZyWALL. The ZyWALL checks the firewall rules before the application patrol rules for traffic going through the ZyWALL. ZyWALL USG 50 User's Guide 359