Firewall Rule Example Applications; Figure 205 Blocking All Lan To Wan Irc Traffic Example; Table 107 Blocking All Lan To Wan Irc Traffic Example - ZyXEL Communications ZyWALL USG 300 User Manual

Chapter 20 Firewall
Session Limits
Accessing the ZyWALL or network resources through the ZyWALL requires a NAT session
and corresponding firewall session. Peer to peer applications, such as file sharing applications,
may use a large number of NAT sessions. A single client could use all of the available NAT
sessions and prevent others from connecting to or through the ZyWALL. The ZyWALL lets
you limit the number of concurrent NAT/firewall sessions a client can use.
Finding Out More
• See Section 5.4.12 on page 115
• See Section 6.4.6 on page 137
configuring user-aware access control
• See Section 6.6.3 on page 143
traffic from the WAN to the LAN.

20.1.3 Firewall Rule Example Applications

Suppose that your company decides to block all of the LAN users from using IRC (Internet
Relay Chat) through the Internet. To do this, you would configure a LAN to WAN firewall
rule that blocks IRC traffic from any source IP address from going to any destination address.
You do not need to specify a schedule since you need the firewall rule to always be in effect.
The following figure shows the results of this rule.

Figure 205 Blocking All LAN to WAN IRC Traffic Example

Your firewall would have the following rules.

Table 107 Blocking All LAN to WAN IRC Traffic Example

#
1
2
• The first row blocks LAN access to the IRC service on the WAN.
• The second row is the firewall's default policy that allows all traffic from the LAN to go to
the WAN.
318
for related information on the Firewall screens.
for an example of creating firewall rules as part of
for an example of creating a firewall rule to allow H.323
USER SOURCE
Any Any
Any Any
(Section 6.4 on page
DESTINATION SCHEDULE
Any Any
Any Any
132).
SERVICE ACTION
IRC Deny
Any Allow
ZyWALL USG 300 User's Guide