Figure 11-5 Stateful Inspection - ZyXEL Communications ZyWall 10W User Manual

ZyWALL Series Internet Security Gateway
Allows all sessions originating from the LAN (local network) to the WAN (Internet).
Denies all sessions originating from the WAN to the LAN.
User A initiates a telnet session.
The previous figure shows the ZyWALL's default firewall rules in action as well as demonstrates how
stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this
request are allowed. However other Telnet traffic initiated from the WAN is blocked.
11.5.1 Stateful Inspection Process
In this example, the following sequence of events occurs when a TCP packet leaves the LAN network
through the firewall's WAN interface. The TCP packet is the first in a session, and the packet's application
layer protocol is configured for a firewall rule inspection:
1. The packet travels from the firewall's LAN to the WAN.
2. The packet is evaluated against the interface's existing outbound access list, and the packet is
permitted (a denied packet would simply be dropped at this point).
11-8

Figure 11-5 Stateful Inspection

Return traffic for User A's telnet
session is permitted.
Other Telnet traffic is
blocked.
Firewalls