What You Need To Know - ZyXEL Communications ZYWALL USG 20 Manual

Unified security gateway

Hide thumbs Also See for ZYWALL USG 20:

Brochure & specs (6 pages)

User manual (88 pages)

Table of Contents

Chapter 22 Firewall

22.1.2 What You Need to Know

Stateful Inspection

The ZyWALL has a stateful inspection firewall. The ZyWALL restricts access by

screening data packets against defined access rules. It also inspects sessions. For

example, traffic from one zone is not allowed unless it is initiated by a computer in

another zone first.

A zone is a group of interfaces or VPN tunnels. Group the ZyWALL's interfaces into

different zones based on your needs. You can configure firewall rules for data

passing between zones or even between interfaces and/or VPN tunnels in a zone.

Default Firewall Behavior

Firewall rules are grouped based on t he direction of travel of packets to which they

apply. Here is the default firewall behavior for traffic going through the ZyWALL in

various directions.

Table 105 Default Firewall Behavior

FROM ZONE TO ZONE

From WAN to ZyWALL

From WAN to any (other

than the ZyWALL)

From DMZ to ZyWALL

From DMZ to any (other

than the ZyWALL)

From WLAN to WAN

From WLAN to ZyWALL

From WLAN to any

(other than the ZyWALL)

From ANY to ANY

Traffic from the WAN to the ZyWALL itself is allowed for certain

default services described in

other WAN to ZyWALL traffic is dropped.

Traffic from the WAN to any of the networks behind the

ZyWALL is dropped.

Traffic from the DMZ to the ZyWALL itself is allowed for certain

default services described in

other DMZ to ZyWALL traffic is dropped.

Traffic from the DMZ to any of the networks behind the

ZyWALL is dropped.

Traffic from the WLAN to the WAN is allowed.

Traffic from the WLAN to the ZyWALL itself is allowed for

certain default services described in

375. All other WLAN to ZyWALL traffic is dropped.

Traffic from the WLAN to any of the networks behind the

ZyWALL is dropped.

Traffic that does not match any firewall rule is allowed. So for

example, LAN to WAN, LAN to DMZ, and LAN to WLAN traffic is

allowed. This also includes traffic to or from interfaces or VPN

tunnels that are not assigned to a zone (extra-zone traffic).

To-ZyWALL Rules on page

ZyWALL USG 20/20W User's Guide

Show Quick Links

Table of Contents

Troubleshooting

Zywall usg 20w Zywall usg 2000

What You Need To Know - ZyXEL Communications ZYWALL USG 20 Manual

22.1.2 What You Need to Know

Hide quick links:

Troubleshooting

Related Manuals for ZyXEL Communications ZYWALL USG 20

Related Content for ZyXEL Communications ZYWALL USG 20

This manual is also suitable for:

Table of Contents