Firewall; Application Patrol - ZyXEL Communications ZyWALL USG 300 User Manual
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 300:
- User manual (1156 pages) ,
- Quick start manual (128 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
5.4.12 Firewall
The firewall controls the travel of traffic between or within zones. You can also configure the
firewall to control traffic for virtual server (port forwarding) and policy routes (NAT). You
can configure firewall rules based on schedules, specific users (or user groups), source or
destination addresses (or address groups) and services (or service groups). Each of these
objects must be configured in a different screen.
To-ZyWALL firewall rules control access to the ZyWALL. Configure to-ZyWALL firewall
rules for remote management. By default, the firewall allows any computer from the LAN
zone to access or manage the ZyWALL. The ZyWALL drops packets from the WAN or DMZ
zone to the ZyWALL itself, except for Device HA and VPN traffic.
MENU ITEM(S)
PREREQUISITES
Example: Suppose you have a SIP proxy server connected to the DMZ zone for VoIP calls.
You could configure a firewall rule to allow VoIP sessions from the SIP proxy server on DMZ
to the LAN so VoIP users on the LAN can receive calls.
1 Create a VoIP service object for UDP port 5060 traffic (Object > Service).
2 Create an address object for the VoIP server (Object > Address).
3 Click Firewall to go to the firewall configuration.
4 Select from the DMZ zone to the LAN zone, and add a firewall rule using the items you
have configured.
• You don't need to specify the schedule or the user.
• In the Source field, select the address object of the VoIP server.
• You don't need to specify the destination address.
• Leave the Access field set to Allow and the Log field set to No.
The ZyWALL checks the firewall rules in order. Make sure each rule is in the
correct place in the sequence.
5.4.13 Application Patrol
Use application patrol to control which individuals can use which services through the
ZyWALL (and when they can do so). You can also specify allowed amounts of bandwidth and
priorities. You must subscribe to use application patrol. You can subscribe using the
Licensing > Registration screens or one of the wizards.
MENU ITEM(S)
PREREQUISITES
Example: Suppose you want to allow vice president Bob to use BitTorrent and block
everyone else from using it.
ZyWALL USG 300 User's Guide
Firewall
Zones, schedules, users, user groups, addresses (source, destination), address
groups (source, destination), services, service groups
AppPatrol
Registration, zones, Schedules, users, user groups, addresses (source,
destination), address groups (source, destination). These are only used as
criteria in exceptions and conditions.
Chapter 5 Configuration Basics
115
Advertisement
Table of Contents
Troubleshooting
