ZyXEL Communications ZyWALL 1050 User Manual page 314

ZyWALL 1050 User's Guide
Table 100 Firewall: To-ZyWALL Rules (continued)
LABEL
Maximum
session per host
Firewall Rule
#
Priority
From
To
Schedule
User
Source
Destination
Service
Access
Log
314
DESCRIPTION
Use this field to set the highest number of sessions that the ZyWALL will permit a
computer with the same IP address to have at one time.
When computers use peer to peer applications, such as file sharing applications,
they may use a large number of NAT sessions. If you do not limit the number of NAT
sessions a single client can establish, this can result in all of the available NAT
sessions being used. In this case, no additional NAT sessions can be established,
and users may not be able to access the Internet.
Each NAT session establishes a corresponding firewall session. Use this field to limit
the number of NAT/firewall sessions each client computer can establish through the
ZyWALL.
If your network has a small number of clients using peer to peer applications, you
can raise this number to ensure that their performance is not degraded by the
number of NAT sessions they can establish. If your network has a large number of
users using peer to peer applications, you can lower this number to ensure no single
client is using too many of the available NAT sessions.
Select Through-ZyWALL rules if you want to configure the firewall rules for traffic
that goes through the ZyWALL. Select To-ZyWALL rules if you want to configure
the firewall rules for traffic that is destined for the ZyWALL and allow or disallow a
specific computer to manage the ZyWALL.
If you select Through-ZyWALL rules, you can either
• Select Zone Pairs to display the through-firewall rules that are applied to traffic
traveling between the selected zones or
• Select All rules to display all through-firewall rules configured on the ZyWALL.
This is the index number of your firewall rule. It is not associated with a specific rule.
This is the position of your firewall rule in the global rule list (including all through-
ZyWALL and to-ZyWALL rules). The ordering of your rules is important as rules are
applied in sequence.
This is the zone from which the packets come.
This is the zone to which the packets travel.
This field tells you the schedule object that the rule uses.
This is the user name or user group name to which this firewall rule applies.
This displays the source address object to which this firewall rule applies.
This displays the destination address object to which this firewall rule applies.
This displays the service object to which this firewall rule applies.
This field displays whether the firewall silently discards packets (deny), discards
packets and sends a TCP reset packet to the sender (reject) or permits the passage
of packets (allow).
This field shows you whether a log (and alert) is created when packets match this
rule or not.
Click the Add icon in the heading row to add a new first entry.
This displays whether the rule is enabled or not. Click the Active icon to activate or
deactivate the rule.
Click the Edit icon to go to the screen where you can edit the rule on the ZyWALL.
Click the Add icon in an entry to add a rule below the current entry.
Chapter 19 Firewall