ZyXEL Communications ZyWall ATP series User Manual page 495

Figure 337 Limited LAN to WAN IRC Traffic Example
Your security policy would have the following configuration.
Table 199 Limited LAN1 to WAN IRC Traffic Example 1
# USER SOURCE
1 Any 172.16.1.7
2 Any Any
3 Any Any
• The first row allows the LAN1 computer at IP address 172.16.1.7 to access the IRC service on the WAN.
• The second row blocks LAN1 access to the IRC service on the WAN.
• The third row is the default policy of allowing all traffic from the LAN1 to go to the WAN.
Alternatively, you configure a LAN1 to WAN policy with the CEO's user name (say CEO) to allow IRC
traffic from any source IP address to go to any destination address.
Your Security Policy would have the following settings.
Table 200 Limited LAN1 to WAN IRC Traffic Example 2
# USER SOURCE
1 CEO Any
2 Any Any
3 Any Any
• The first row allows any LAN1 computer to access the IRC service on the WAN by logging into the Zyxel
Device with the CEO's user name.
• The second row blocks LAN1 access to the IRC service on the WAN.
• The third row is the default policy of allowing allows all traffic from the LAN1 to go to the WAN.
The policy for the CEO must come before the policy that blocks all LAN1 to WAN IRC traffic. If the policy
that blocks all LAN1 to WAN IRC traffic came first, the CEO's IRC traffic would match that policy and the
Zyxel Device would drop it and not check any other security policies.
Chapter 25 Security Policy
DESTINATION SCHEDULE
Any Any
Any Any
Any Any
DESTINATION SCHEDULE
Any Any
Any Any
Any Any
ZyWALL ATP Series User's Guide
495
SERVICE ACTION
IRC Allow
IRC Deny
Any Allow
SERVICE ACTION
IRC Allow
IRC Deny
Any Allow