Security Policy; Chapter 13 Security Policy; Overview; What You Can Do In This Chapter - ZyXEL Communications USG FLEX H Series User Manual

13.1 Overview

A security policy is a template of security settings that can be applied to specific traffic at specific times.
The policy can be applied:
• to a specific direction of travel of packets (from / to)
• to a specific source and destination address objects
• to a specific type of traffic (services)
• to a specific user or group of users
• at a specific schedule
The policy can be configured:
• to allow or deny traffic that matches the criteria above
• send a log or alert for traffic that matches the criteria above
• to apply the actions configured in the profiles (application patrol, content filter, IDP, anti-malware,
email security) to traffic that matches the criteria above
The security policies can also limit the number of user sessions.
The following example shows the Zyxel Device's default security policies behavior for a specific direction
of travel of packets. WAN to LAN traffic and how stateful inspection works. A LAN user can initiate an SSH
session from within the LAN zone and the Zyxel Device allows the response. However, the Zyxel Device
blocks incoming SSH traffic initiated from the WAN zone and destined for the LAN zone.
Figure 133 Default Directional Security Policy Example

13.2 What You Can Do in this Chapter

• Use the Policy Control screens
routes, and manage and configure policies.
C

Security Policy

(Section 13.3 on page
USG FLEX H Series User's Guide
190
H A P T E R
192) to enable or disable policies, asymmetrical
13