ZyXEL Communications ZyWALL USG Series Application Note page 107

These sections cover configuring the ZyWALL to protect your network.
• Firewall on page 53
• User-aware Access Control on page 54
• Endpoint Security (EPS) on page 55
• Device and Service Registration on page 55
• Anti-Virus Policy Configuration on page 56
• IDP Profile Configuration on page 58
• ADP Profile Configuration on page 59
• Content Filter Profile Configuration on page 61
• Viewing Content Filter Reports on page 63
• Anti-Spam Policy Configuration on page 66
2.1 Firewall
The firewall controls the travel of traffic between or within zones for services using static port
numbers. Use application patrol to control services using flexible/dynamic port numbers (see
5.8 on page 120
(SNAT). Firewall rules can use schedule, user , user groups, address, address group, service, and
service group objects. T o-ZyWALL firewall rules control access to the ZyWALL itself including
management access. By default the firewall allows various types of management from the LAN,
HTTPS from the WAN and no management from the DMZ. The firewall also limits the number of user
sessions.
This example shows the ZyWALL's default firewall behavior for WAN to LAN traffic and how stateful
inspection works. A LAN user can initiate a T elnet session from within the LAN zone and the firewall
allows the response. However , the firewall blocks T elnet traffic initiated from the WAN zone and
destined for the LAN zone. The firewall allows VPN traffic between any of the networks.
Figure 28
LAN
Tutorial 2: Protecting Your Network
for an example). The firewall can also control traffic for NAT (DNAT) and policy routes
Default Firewall Action
WAN
Section