What You Need To Know - ZyXEL Communications USG40 User Manual
Usg series
Hide thumbs
Also See for USG40:
- User manual (994 pages) ,
- Handbook (810 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
• Use the Anomaly Detection and Prevention (ADP) screens
detect traffic with protocol anomalies and take appropriate action.
• Use the Session Control screens (see
concurrent NAT/security policies traffic sessions a client can use.
18.1.2 What You Need to Know
Stateful Inspection
The ZyWALL/USG uses stateful inspection in its security policies. The ZyWALL/USG restricts access
by screening data packets against defined access rules. It also inspects sessions. For example,
traffic from one zone is not allowed unless it is initiated by a computer in another zone first.
Zones
A zone is a group of interfaces. Group the ZyWALL/USG's interfaces into different zones based on
your needs. You can configure security policies for data passing between zones or even between
interfaces.
Default Directional Security Policy Behavior
Security Policies can be grouped based on the direction of travel of packets to which they apply.
Here is the The ZyWALL/USG has default Security Policy behavior for traffic going through the
ZyWALL/USG in various directions.
Table 130 Directional Security Policy Behavior
FROM ZONE TO ZONE
From any to Device
From LAN1 to any (other than
the ZyWALL/USG)
From LAN2 to any (other than
the ZyWALL/USG)
From LAN1 to Device
From LAN2 to Device
From WAN to Device
From any to any
To-Device Policies
Policies with Device as the To Zone apply to traffic going to the ZyWALL/USG itself. By default:
• The Security Policy allows only LAN, or WAN computers to access or manage the ZyWALL/USG.
• The ZyWALL/USG allows DHCP traffic from any interface to the ZyWALL/USG.
Chapter 18 Security Policy
Section 18.3 on page
BEHAVIOR
DHCP traffic from any interface to the ZyWALL/USG is allowed.
Traffic from the LAN1 to any of the networks connected to the ZyWALL/USG is
allowed.
Traffic from the LAN2 to any of the networks connected to the ZyWALL/USG is
allowed.
Traffic from the LAN1 to the ZyWALL/USG itself is allowed.
Traffic from the LAN2 to the ZyWALL/USG itself is allowed.
The default services listed in
the WAN to the ZyWALL/USG itself. All other WAN to ZyWALL/USG traffic is
dropped.
Traffic that does not match any
traffic from the WAN to any of the networks behind the ZyWALL/USG.
This also includes traffic to or from interfaces that are not assigned to a zone
(extra-zone traffic).
ZyWALL/USG Series User's Guide
320
(Section 18.3 on page
327) to limit the number of
To-Device Policies on page 320
Security policy
is dropped. This includes
327) to
are allowed from
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
