Table of Contents
Advertisement
7.1
About Filtering
Your ZyWALL uses filters to decide whether to allow passage of a data packet and/or to make a call. There
are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and
protocol filters, which are discussed later.
Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided
into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering
can be applied on either the WAN side or the LAN side. Call filtering is used to determine if a packet
should be allowed to trigger a call. Remote node call filtering is only applicable when using PPPoE
encapsulation. Outgoing packets must undergo data filtering before they encounter call filtering as shown in
the following figure.
Data
Outgoing
Filtering
Packet
Match
Drop
packet
For incoming packets, your ZyWALL applies data filters only. Packets are processed depending upon
whether a match is found. The following sections describe how to configure filter sets.
Filters
This chapter shows you how to create and apply filters.
Call Filtering
No
Built-in
match
default
Call Filters
Match
Drop packet
if line not up
Or
but do not reset
Figure 7-1 Outgoing Packet Filtering Process
ZyWALL 10 Internet Security Gateway
Filter Configuration
No
User-defined
match
Call Filters
(if applicable)
Match
Drop packet
if line not up
Or
Send packet
Send packet
but do not reset
Idle Timer
Idle Timer
Chapter 7
Active Data
No
match
Initiate call
if line not up
Send packet
and reset
Idle Timer
7-1
Advertisement
Table of Contents
Troubleshooting
