ZyXEL NXC2500 User Guide - Page 230
Stateful Inspection, Zones, Default Firewall Behavior, To-NXC Rules
View all ZyXEL NXC2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 230 highlights
CHAPTER 17 Firewall 17.1 Overview Use the firewall to block or allow services that use static port numbers. The firewall can also limit the number of user sessions. 17.1.1 What You Can Do in this Chapter • The Firewall screens (Section 17.2 on page 232) enable or disable the firewall and asymmetrical routes, and manage and configure firewall rules. • The Session Control screens (Section 17.3 on page 235) limit the number of concurrent NAT/firewall sessions a client can use. 17.1.2 What You Need to Know The following terms and concepts may help as you read this chapter. Stateful Inspection The NXC has a stateful inspection firewall. The NXC restricts access by screening data packets against defined access rules. It also inspects sessions. For example, traffic from one zone is not allowed unless it is initiated by a computer in another zone first. Zones A zone is a group of interfaces. Group the NXC's interfaces into different zones based on your needs. You can configure firewall rules for data passing between zones or even between interfaces in a zone. Default Firewall Behavior Firewall rules are grouped based on the direction of travel of packets to which they apply. Here is the default firewall behavior for traffic going through the NXC in various directions. Table 104 Default Firewall Behavior FROM ZONE TO ZONE BEHAVIOR From ANY to ANY Traffic that does not match any firewall rule is allowed. So for example, LAN to WAN, LAN to DMZ, and LAN to WLAN traffic is allowed. This also includes traffic to or from interfaces that are not assigned to a zone (extra-zone traffic). To-NXC Rules Rules with EnterpriseWLAN as the To Zone apply to traffic going to the NXC itself. By default: NXC Series User's Guide 230