ZyXEL UAG715 User Guide - Page 241
Global Firewall Rules, Firewall Rule Criteria, User Specific Firewall Rules, Firewall and VPN
View all ZyXEL UAG715 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 241 highlights
Chapter 21 Firewall Global Firewall Rules Firewall rules with from any and/or to any as the packet direction are called global firewall rules. The global firewall rules are the only firewall rules that apply to an interface or VPN tunnel that is not included in a zone. The from any rules apply to traffic coming from the interface and the to any rules apply to traffic going to the interface. Firewall Rule Criteria The UAG checks the schedule, user name (user's login name on the UAG), source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the UAG takes the action specified in the rule. User Specific Firewall Rules You can specify users or user groups in firewall rules. For example, to allow a specific user from any computer to access a zone by logging in to the UAG, you can set up a rule based on the user name only. If you also apply a schedule to the firewall rule, the user can only access the network at the scheduled time. A user-aware firewall rule is activated whenever the user logs in to the UAG and will be disabled after the user logs out of the UAG. Firewall and VPN Traffic After you create a VPN tunnel and add it to a zone, you can set the firewall rules applied to VPN traffic. If you add a VPN tunnel to an existing zone (the LAN1 zone for example), you can configure a new LAN1 to LAN1 firewall rule or use intra-zone traffic blocking to allow or block VPN traffic transmitting between the VPN tunnel and other interfaces in the LAN zone. If you add the VPN tunnel to a new zone (the VPN zone for example), you can configure rules for VPN traffic between the VPN zone and other zones or From VPN To-Device rules for VPN traffic destined for the UAG. Session Limits Accessing the UAG or network resources through the UAG requires a NAT session and corresponding firewall session. Peer to peer applications, such as file sharing applications, may use a large number of NAT sessions. A single client could use all of the available NAT sessions and prevent others from connecting to or through the UAG. The UAG lets you limit the number of concurrent NAT/firewall sessions a client can use. Finding Out More • See Section 21.4 on page 248 for an example of creating firewall rules as part of configuring user-aware access control. UAG715 User's Guide 241