Firewall - ZyXEL Communications NXC5200 User Manual

on separate subnets. Virtual interfaces allow you to partition your network into
logical sections over the same interface. See the chapter about interfaces for more
information.
By putting LAN 1 and the alternate gateway (A in the figure) in different subnets,
all returning network traffic must pass through the NXC to the LAN. The following
steps and figure describe such a scenario.
A computer on the LAN initiates a connection by sending a SYN packet to a
1
receiving server on the WAN.
The NXC reroutes the packet to gateway A, which is in Subnet 2.
2
The reply from the WAN goes to the NXC.
3
The NXC then sends it to the computer on the LAN in Subnet 1.
4
LAN

18.2 Firewall

The following describes the Firewall screen functions.
Click Configuration > Firewall to open the Firewall screen. Use this screen to
enable or disable the firewall and asymmetrical routes, set a maximum number of
sessions per host, and display the configured firewall rules. Specify from which
zone packets come and to which zone packets travel to display only the rules
specific to the selected direction. Note the following.
• If you enable intra-zone traffic blocking (see the chapter about zones), the
firewall automatically creates (implicit) rules to deny packet passage between
the interfaces in the specified zone.
• Besides configuring the firewall, you also need to configure NAT rules to allow
computers on the WAN to access LAN devices.
NXC5200 User's Guide
Chapter 18 Firewall
257