ZyXEL ZyWALL 5 User Guide - Page 252
Firewall Rules Example
View all ZyXEL ZyWALL 5 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 252 highlights
Chapter 13 Firewall Screens 13.1.1 What You Can Do Using the Firewall Screens • Use the Default Rule screens (Section 13.4 on page 256) to configure general firewall settings when the ZyWALL is set to router mode or bridge mode. • Use the Rule Summary screens (Section 13.5 on page 259) to configure firewall rules. • Use the Anti-Probing screen (Section 13.6 on page 263) to specify which of the ZyWALL's interfaces will respond to Ping requests and whether or not the ZyWALL is to respond to probing for unused ports. • Use the Threshold (Section 13.7 on page 264) screen to configure DoS thresholds and actions to be taken when a threshold is reached • Use the Service (Section 13.8 on page 266) screen to configure custom services for use in firewall rules or view the services that are predefined in the ZyWALL. 13.1.2 What You Need To Know About the ZyWALL Firewall Packet Direction Packets have source and destination address headers. You can set what the ZyWALL does with packets traveling in a specific direction (including going to/coming from a VPN tunnel) that do not match any of the firewall rules. See also Packet Direction on page 252. Asymmetrical Routes Asymmetrical routes only apply if you have another gateway on your LAN, the ZyWALL is in Router mode, and the firewall is enabled. If return traffic is routed through the LAN gateway (instead of the ZyWALL), then the ZyWALL may reset the 'incomplete' connection. When you enable asymmetrical routes, interface to same interface (for example WAN 1 to WAN 1, VPN to VPN and so on) traffic is not checked by the firewall. See Asymmetrical Routes and IP Alias on page 274 for information on how to use IP alias instead of asymmetrical routes. 13.1.3 Before You Begin Before you configure the firewall, you must first decide if the ZyWALL will act as a Router or a Bridge. When the ZyWALL is in Bridge mode, the firewall is transparent to your network. You do not have to reconfigure existing network configurations. 13.2 Firewall Rules Example Suppose that your company decides to block all of the LAN users from using IRC (Internet Relay Chat) through the Internet. To do this, you would configure a LAN to WAN firewall rule that blocks IRC traffic from any source IP address from going to any destination address. You do not need to specify a schedule since you need the firewall rule to always be in effect. The following figure shows the results of this rule. 252 ZyWALL 5/35/70 Series User's Guide