ZyXEL Vantage CNM User Guide - Page 125
Device Operation > Device Configuration > Security > Firewall > Default
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 125 highlights
Chapter 6 Device Security Settings Table 42 Device Operation > Device Configuration > Security > Firewall > Default Rule (continued) LABEL DESCRIPTION From, To Set the firewall's default actions based on the direction of travel of packets. Here are some example descriptions of the directions of travel. From LAN To LAN means packets traveling from a computer on one LAN subnet to a computer on another LAN subnet on the LAN interface of the device or the device itself. The device does not apply the firewall to packets traveling from a LAN computer to another LAN computer on the same subnet. From VPN means traffic that came into the device through a VPN tunnel and is going to the selected "to" interface. For example, From VPN To LAN specifies the VPN traffic that is going to the LAN. The device applies the firewall to the traffic after decrypting it. To VPN is traffic that comes in through the selected "from" interface and goes out through any VPN tunnel. For example, From LAN To VPN specifies the traffic that is coming from the LAN and going out through a VPN tunnel. The device applies the firewall to the traffic before encrypting it. From VPN To VPN means traffic that comes in through a VPN tunnel and goes out through (another) VPN tunnel or terminates at the device. This is the case when the device is the hub in a hub-and-spoke VPN. This is also the case if you allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the device. The device applies the firewall to the traffic after decrypting it. Note: The VPN connection directions apply to the traffic going to or from the device's VPN tunnels. They do not apply to other VPN traffic for which the device is not one of the gateways (VPN pass-through traffic). Here are the default actions from which you can select. Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination-unreachable message to the sender. Select Reject to deny the packets and send a TCP reset packet (for a TCP packet) or an ICMP destination-unreachable message (for a UDP packet) to the sender. Select Permit to allow the passage of the packets. The firewall rules for the WAN port with a higher route priority also apply to the dial backup connection. Log Select the check box next to a direction of packet travel to create a log when the above action is taken for packets that are traveling in that direction and do not match any of your customized rules. Vantage CNM User's Guide 125