Table of Contents
Advertisement
Table 88 Firewall (continued)
LABEL
Maximum
session per host
From Zone
To Zone
The following read-only fields summarize the rules you have created that apply to traffic traveling in the
selected packet direction.
#
Priority
Schedule
User
Source
Destination
Service
Access
Log
ZyWALL USG 1000 User's Guide
DESCRIPTION
Use this field to set the highest number of sessions that the ZyWALL will permit a
computer with the same IP address to have at one time.
When computers use peer to peer applications, such as file sharing applications,
they may use a large number of NAT sessions. If you do not limit the number of NAT
sessions a single client can establish, this can result in all of the available NAT
sessions being used. In this case, no additional NAT sessions can be established,
and users may not be able to access the Internet.
Each NAT session establishes a corresponding firewall session. Use this field to
limit the number of NAT/firewall sessions each client computer can establish
through the ZyWALL.
If your network has a small number of clients using peer to peer applications, you
can raise this number to ensure that their performance is not degraded by the
number of NAT sessions they can establish. If your network has a large number of
users using peer to peer applications, you can lower this number to ensure no single
client is using too many of the available NAT sessions.
This is the direction of travel of packets. Select from which zone the packets come
and to which zone the packets go.
Firewall rules are grouped based on the direction of travel of packets to which they
apply. For example, from LAN to LAN means packets traveling from a computer or
subnet on the LAN to either another computer or subnet on the LAN.
From any displays all the firewall rules for traffic going to a particular zone.
To any displays all the firewall rules for traffic coming from a particular zone.
From any to any displays all of the firewall rules.
To ZyWALL rules are for traffic that is destined for the ZyWALL and control which
computers can manage the ZyWALL.
This is the index number of your firewall rule. It is not associated with a specific rule.
This is the position of your firewall rule in the global rule list (including all through-
ZyWALL and to-ZyWALL rules). The ordering of your rules is important as rules are
applied in sequence.
This field tells you the schedule object that the rule uses. none means the rule is
active at all times if enabled.
This is the user name or user group name to which this firewall rule applies.
This displays the source address object to which this firewall rule applies.
This displays the destination address object to which this firewall rule applies.
This displays the service object to which this firewall rule applies.
This field displays whether the firewall silently discards packets (deny), discards
packets and sends a TCP reset packet to the sender (reject) or permits the
passage of packets (allow).
This field shows you whether a log (and alert) is created when packets match this
rule or not.
Chapter 19 Firewall
285
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications Unified Security Gateway ZyWALL 1000
Related Products for ZyXEL Communications Unified Security Gateway ZyWALL 1000
- ZyXEL Communications Internet Security Gateway 10~100 Series
- ZyXEL Communications ZYWALL 1050 - V2.00 EDITION 1
- ZyXEL Communications ZyWALL 10/10
- ZyXEL Communications 10 Series
- ZyXEL Communications 100 Series
- ZyXEL Communications ZyWALL 10/10 II/50
- ZyXEL Communications Unified Security Gateway ZyWALL 300
- ZyXEL Communications ZyXEL Prestige 100MH