Table of Contents
Advertisement
Default Directional Security Policy Behavior
Security Policies can be grouped based on the direction of travel of packets to which they apply. Here
is the The Zyxel Device has default Security Policy behavior for traffic going through the Zyxel Device in
various directions.
Table 189 Directional Security Policy Behavior
FROM ZONE TO ZONE
From any to Device
From LAN1 to any (other than
the Zyxel Device)
From LAN2 to any (other than
the Zyxel Device)
From LAN1 to Device
From LAN2 to Device
From WAN to Device
From any to any
To-Device Policies
Policies with Device as the To Zone apply to traffic going to the Zyxel Device itself. By default:
• The Security Policy allows only LAN, or WAN computers to access or manage the Zyxel Device.
• The Zyxel Device allows DHCP traffic from any interface to the Zyxel Device.
• The Zyxel Device drops most packets from the WAN zone to the Zyxel Device itself and generates a
log except for AH, ESP, GRE, HTTPS, IKE, NATT.
When you configure a Security Policy rule for packets destined for the Zyxel Device itself, make sure it
does not conflict with your service control rule. The Zyxel Device checks the security policy before the
service control rules for traffic destined for the Zyxel Device.
A From Any To Device direction policy applies to traffic from an interface which is not in a zone.
Global Security Policies
Security Policies with from any and/or to any as the packet direction are called global Security Policies.
The global Security Policies are the only Security Policies that apply to an interface that is not included in
a zone. The from any policies apply to traffic coming from the interface and the to any policies apply to
traffic going to the interface.
Security Policy Rule Criteria
The Zyxel Device checks the schedule, user name (user's login name on the Zyxel Device), source IP
address and object, destination IP address and object, IP protocol type of network traffic (service) and
Security Service profile criteria against the Security Policies (in the order you list them). When the traffic
matches a policy, the Zyxel Device takes the action specified in the policy.
Chapter 25 Security Policy
BEHAVIOR
DHCP traffic from any interface to the Zyxel Device is allowed.
Traffic from the LAN1 to any of the networks connected to the Zyxel Device is
allowed.
Traffic from the LAN2 to any of the networks connected to the Zyxel Device is
allowed.
Traffic from the LAN1 to the Zyxel Device itself is allowed.
Traffic from the LAN2 to the Zyxel Device itself is allowed.
The default services listed in
Zyxel Device itself. All other WAN to Zyxel Device traffic is dropped.
Traffic that does not match any
from the WAN to any of the networks behind the Zyxel Device.
This also includes traffic to or from interfaces that are not assigned to a zone
(extra-zone traffic).
ZyWALL ATP Series User's Guide
475
To-Device Policies
are allowed from the WAN to the
Security policy
is dropped. This includes traffic
- Quick Links:
- Web Configurator
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZyWall ATP series
Related Products for ZyXEL Communications ZyWall ATP series
- ZyXEL Communications ZyWALL USG Series
- ZyXEL Communications ZyWALL 310
- ZyXEL Communications ZyWALL 310 Series
- ZyXEL Communications ZyWall ZLD Series
- ZyXEL Communications ZLD
- ZyXEL Communications ZyWALL ATP Series
- ZyXEL Communications ZyWALL 10
- ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0