Chapter 19 Firewall; Overview; What You Can Do In This Chapter; What You Need To Know - ZyXEL Communications 310 User Manual

19.1 Overview

Use the firewall to block or allow services that use static port numbers. This example shows the
ZyWALL's default firewall behavior for WAN to LAN traffic and how stateful inspection works. A LAN
user can initiate a Telnet session from within the LAN zone and the firewall allows the response.
However, the firewall blocks Telnet traffic initiated from the WAN zone and destined for the LAN
zone. The firewall allows VPN traffic between any of the networks.
Figure 161 Default Firewall Action
LAN

19.1.1 What You Can Do in this Chapter

• Use the Firewall screens
asymmetrical routes, and manage and configure firewall rules.
• Use the Session Limit screens (see
NAT/firewall sessions a client can use.

19.1.2 What You Need to Know

Stateful Inspection
The ZyWALL has a stateful inspection firewall. The ZyWALL restricts access by screening data
packets against defined access rules. It also inspects sessions. For example, traffic from one zone is
not allowed unless it is initiated by a computer in another zone first.
Zones
A zone is a group of interfaces or VPN tunnels. Group the ZyWALL's interfaces into different zones
based on your needs. You can configure firewall rules for data passing between zones or even
between interfaces and/or VPN tunnels in a zone.
Example Firewall Behavior
Firewall rules are grouped based on the direction of travel of packets to which they apply. Here is
example firewall behavior for traffic going through the ZyWALL in various directions. See the
Configuration > Firewall screen for default firewall behavior.
ZyWALL 110/310/1100 Series User's Guide
C
HAPTER
(Section 19.2 on page 268) to enable or disable the firewall and
Section 19.3 on page
Firewall
WAN
273) to limit the number of concurrent
1 9
265