Packet Flow - ZyXEL Communications ZYWALL USG 2000 Manual

Anti-Virus Scanner
With the anti-virus packet scanner, your ZyWALL scans files transmitting through
the enabled interfaces into the network. The ZyWALL helps stop threats at the
network edge before they reach the local host computers.
Anti-Spam
The anti-spam feature can mark or discard spam. Use the white list to identify
legitimate e-mail. Use the black list to identify spam e-mail. The ZyWALL can also
check e-mail against a DNS black list (DNSBL) of IP addresses of servers that are
suspected of being used by spammers.
Application Patrol
Application patrol (App. Patrol) manages instant messenger (IM), peer-to-peer
(P2P) applications like MSN and BitTorrent. You can even control the use of a
particular application's individual features (like text messaging, voice, video
conferencing, and file transfers). Application patrol has powerful bandwidth
management including traffic prioritization to enhance the performance of delay-
sensitive applications like voice and video. You can also use an option that gives
SIP priority over all other traffic. This maximizes SIP traffic throughput for
improved VoIP call sound quality.

2.2 Packet Flow

This section lists the order in which the ZyWALL applies its features and checks.
The following is the key used to describe the packet flow in the ZyWALL.
Table 4 Packet Flow Key
Ethernet
VLAN
Encap
ALG
DNAT
Routing
FW
zFW
IDP
ZyWALL USG 2000 User's Guide
The interface on which the packet is received or sent
Virtual LAN
The PPPoE or PPTP encapsulation used
Application Layer Gateway
Destination NAT
Routing includes policy routes, interface routing, static routes and load
balancing for example.
Firewall (Through ZyWALL)
Firewall (To ZyWALL)
Intrusion Detection and Protection
Chapter 2 Features and Applications
41