What You Need To Know About The Firewall - ZyXEL Communications ZyWALL USG 300 User Manual
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 300:
- User manual (1156 pages) ,
- Quick start manual (128 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
Chapter 20 Firewall
20.1.2 What You Need to Know About the Firewall
Stateful Inspection
The ZyWALL has a stateful inspection firewall. The ZyWALL restricts access by
screening data packets against defined access rules. It also inspects sessions. For
example, traffic from one zone is not allowed unless it is initiated by a computer in
another zone first.
Zones
A zone is a group of interfaces or VPN tunnels. Group the ZyWALL's interfaces into
different zones based on your needs. You can configure firewall rules for data
passing between zones or even between interfaces and/or VPN tunnels in a zone.
Default Firewall Behavior
Firewall rules are grouped based on the direction of travel of packets to which they
apply. Here is the default firewall behavior for traffic going through the ZyWALL in
various directions.
Table 103 Default Firewall Rules
FROM ZONE TO ZONE
From ANY to ANY
From WAN to LAN
From WAN to WLAN
From WAN to ZyWALL
(Default services)
From WAN to ZyWALL
From DMZ to LAN
From DMZ to WLAN
From DMZ to ZyWALL
(Default services)
From DMZ to ZyWALL
From WLAN to LAN
From WLAN to WAN
(guest)
From WLAN to WAN
(DNS)
334
STATEFUL PACKET INSPECTION
Traffic that does not match any firewall rule is allowed. This
includes traffic to or from interfaces or VPN tunnels that are
not assigned to a zone (extra-zone traffic).
Traffic from the WAN to the LAN is dropped.
Traffic from the WAN to the WLAN is dropped.
Traffic from the WAN to the ZyWALL (default services) is
allowed. Default services are traffic types described in
ZyWALL Rules on page
335.
Traffic from the WAN to the ZyWALL itself is dropped except
for the traffic types described in
335.
Traffic from the DMZ to the LAN is dropped.
Traffic from the DMZ to the WLAN is dropped.
Traffic from the DMZ to the ZyWALL (default services) is
allowed. Default services are traffic types described in
ZyWALL Rules on page
335.
Traffic from the DMZ to the ZyWALL itself is dropped except for
the traffic types described in
Traffic from the WLAN to the LAN is dropped.
Traffic from the WLAN to the WAN (guest) is allowed.
Traffic from the WLAN to the WAN (DNS) is allowed.
To-ZyWALL Rules on page
To-ZyWALL Rules on page
ZyWALL USG 300 User's Guide
To-
To-
335.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
