Chapter 18 Security Policy; Overview; What You Can Do In This Chapter - ZyXEL Communications USG40 User Manual

18.1 Overview

A security policy is a template of security settings that can be applied to specific traffic at specific
times. The policy can be applied:
• to a specific direction of travel of packets (from / to)
• to a specific source and destination address objects
• to a specific type of traffic (services)
• to a specific user or group of users
• at a specific schedule
The policy can be configured:
• to allow or deny traffic that matches the criteria above
• send a log or alert for traffic that matches the criteria above
• to apply the actions configured in the UTM profiles (application patrol, content filter, IDP, anti-
virus, anti-spam) to traffic that matches the criteria above
Note: Security policies can be applied to both IPv4 and IPv6 traffic
The security policies can also limit the number of user sessions.
The following example shows the ZyWALL/USG's default security policies behavior for a specific
direction of travel of packets. WAN to LAN traffic and how stateful inspection works. A LAN user can
initiate a Telnet session from within the LAN zone and the ZyWALL/USG allows the response.
However, the ZyWALL/USG blocks incoming Telnet traffic initiated from the WAN zone and destined
for the LAN zone.
Figure 214 Default Directional Security Policy Example

18.1.1 What You Can Do in this Chapter

• Use the Security Policy Control screens
policies, asymmetrical routes, and manage and configure policies.
C
HAPTER
(Section 18.2 on page
ZyWALL/USG Series User's Guide
319
Security Policy
321) to enable or disable
1 8