ZyXEL Communications UAG2100 User Manual page 245

Figure 167 Limited LAN to WAN IRC Traffic Example
Your firewall would have the following configuration.
Table 113 Limited LAN1 to WAN IRC Traffic Example 1
# USER SOURCE
1 Any 172.16.1.7
2 Any Any
3 Any Any
• The first row allows the LAN1 computer at IP address 172.16.1.7 to access the IRC service on the
WAN.
• The second row blocks LAN1 access to the IRC service on the WAN.
• The third row is the firewall's default policy of allowing all traffic from the LAN1 to go to the WAN.
Alternatively, you configure a LAN1 to WAN rule with the CEO's user name (say CEO) to allow IRC
traffic from any source IP address to go to any destination address.
Your firewall would have the following configuration.
Table 114 Limited LAN1 to WAN IRC Traffic Example 2
# USER SOURCE
1 CEO Any
2 Any Any
3 Any Any
• The first row allows any LAN1 computer to access the IRC service on the WAN by logging into the
UAG with the CEO's user name.
• The second row blocks LAN1 access to the IRC service on the WAN.
• The third row is the firewall's default policy of allowing all traffic from the LAN1 to go to the WAN.
The rule for the CEO must come before the rule that blocks all LAN1 to WAN IRC traffic. If the rule
that blocks all LAN1 to WAN IRC traffic came first, the CEO's IRC traffic would match that rule and
the UAG would drop it and not check any other firewall rules.
Chapter 25 Firewall
DESTINATION SCHEDULE
Any Any
Any Any
Any Any
DESTINATION SCHEDULE
Any Any
Any Any
Any Any
UAG2100 User's Guide
245
SERVICE ACTION
IRC Allow
IRC Deny
Any Allow
SERVICE ACTION
IRC Allow
IRC Deny
Any Allow