Table of Contents
Advertisement
The following table describes the labels in this screen.
Table 190 Configuration > Security Policy > Policy Control
LABEL
DESCRIPTION
Show Filter/Hide
Click Show Filter to display IPv4 and IPv6 (if enabled) security policy search filters.
Filter
General Settings
Enable or disable the Security Policy feature on the Zyxel Device.
Enable Policy
Select this to activate Security Policy on the Zyxel Device to perform access control.
Control
IPv4 / IPv6
Use IPv4 / IPv6 search filters to find specific IPv4 and IPv6 (if enabled) security policies based on
Configuration
direction, application, user, source, destination and/or schedule.
From / To
Select a zone to view all security policies from a particular zone and/or to a particular zone.
any means all zones.
IPv4 / IPv6
Type an IPv4 or IPv6 IP address to view all security policies based on the IPv4 / IPv6 source
Source
address object used.
•
An IPv4 IP address is written as four integer blocks separated by periods. This is an example
IPv4 address: 172.16.6.7.
•
An 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons
(:). This is an example IPv6 address: 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
IPv4 / IPv6
Type an IPv4 or IPv6 IP address to view all security policies based on the IPv4 / IPv6 destination
Destination
address object used.
•
An IPv4 IP address is written as four integer blocks separated by periods. This is an example
IPv4 address: 172.16.6.7.
•
An 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons
(:). This is an example IPv6 address: 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
Service
View all security policies based the service object used.
User
View all security policies based on user or user group object used.
Schedule
View all security policies based on the schedule object used.
IPv4/IPv6 Policy
Use the following items to manage IPv4 and IPv6 policies.
Management
Allow
If an alternate gateway on the LAN has an IP address in the same subnet as the Zyxel Device's
Asymmetrical
LAN IP address, return traffic may not go through the Zyxel Device. This is called an
Route
asymmetrical or "triangle" route. This causes the Zyxel Device to reset the connection, as the
connection has not been acknowledged.
Select this check box to have the Zyxel Device permit the use of asymmetrical route topology
on the network (not reset the connection).
Note: Allowing asymmetrical routes may let traffic from the WAN go directly to the
LAN without passing through the Zyxel Device. A better solution is to use virtual
interfaces to put the Zyxel Device and the backup gateway on separate
subnets.
Add
Click this to create a new entry. Select an entry and click Add to create a new entry after the
selected entry.
Edit
Double-click an entry or select it and click Edit to open a screen where you can modify the
entry's settings.
Remove
To remove an entry, select it and click Remove. The Zyxel Device confirms you want to remove
it before doing so.
Activate
To turn on an entry, select it and click Activate.
Inactivate
To turn off an entry, select it and click Inactivate.
Chapter 25 Security Policy
ZyWALL ATP Series User's Guide
479
- Quick Links:
- Web Configurator
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZyWall ATP series
Related Products for ZyXEL Communications ZyWall ATP series
- ZyXEL Communications ZyWALL USG Series
- ZyXEL Communications ZyWALL 310
- ZyXEL Communications ZyWALL 310 Series
- ZyXEL Communications ZyWall ZLD Series
- ZyXEL Communications ZLD
- ZyXEL Communications ZyWALL ATP Series
- ZyXEL Communications ZyWALL 10
- ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0