ZyXEL ZyWALL ATP700 User Guide - Page 521
Configuration > Security Policy > Policy Control
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 521 highlights
Chapter 24 Security Policy The following table describes the labels in this screen. Table 198 Configuration > Security Policy > Policy Control LABEL DESCRIPTION Show Filter/Hide Filter General Settings Enable Policy Control IPv4 / IPv6 Configuration From / To IPv4 / IPv6 Source Click Show Filter to display IPv4 and IPv6 (if enabled) security policy search filters. Enable or disable the Security Policy feature on the Zyxel Device. Select this to activate Security Policy on the Zyxel Device to perform access control. Use IPv4 / IPv6 search filters to find specific IPv4 and IPv6 (if enabled) security policies based on direction, application, user, source, destination and/or schedule. Select a zone to view all security policies from a particular zone and/or to a particular zone. any means all zones. Type an IPv4 or IPv6 IP address to view all security policies based on the IPv4 / IPv6 source address object used. IPv4 / IPv6 Destination • An IPv4 IP address is written as four integer blocks separated by periods. This is an example IPv4 address: 172.16.6.7. • An 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address: 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. Type an IPv4 or IPv6 IP address to view all security policies based on the IPv4 / IPv6 destination address object used. • An IPv4 IP address is written as four integer blocks separated by periods. This is an example IPv4 address: 172.16.6.7. • An 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address: 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. Service View all security policies based the service object used. User View all security policies based on user or user group object used. Schedule View all security policies based on the schedule object used. IPv4/IPv6 Policy Management Use the following items to manage IPv4 and IPv6 policies. Allow Asymmetrical Route If an alternate gateway on the LAN has an IP address in the same subnet as the Zyxel Device's LAN IP address, return traffic may not go through the Zyxel Device. This is called an asymmetrical or "triangle" route. This causes the Zyxel Device to reset the connection, as the connection has not been acknowledged. Select this check box to have the Zyxel Device permit the use of asymmetrical route topology on the network (not reset the connection). Add Edit Remove Activate Inactivate Note: Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the Zyxel Device. A better solution is to use virtual interfaces to put the Zyxel Device and the backup gateway on separate subnets. Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry. Double-click an entry or select it and click Edit to open a screen where you can modify the entry's settings. To remove an entry, select it and click Remove. The Zyxel Device confirms you want to remove it before doing so. To turn on an entry, select it and click Activate. To turn off an entry, select it and click Inactivate. ZyWALL ATP Series User's Guide 521