To Vpn Packet Direction - ZyXEL Communications ZYWALL 2 PLUS User Manual

Chapter 11 Firewall
By default, the ZyWALL drops packets traveling in the following directions.
• WAN to LAN
• WAN to WAN
See Chapter 4 on page 85

11.3.1 To VPN Packet Direction

The ZyWALL can apply firewall rules to traffic before encrypting it to send through a VPN
tunnel. To VPN means traffic that comes in through the selected "from" interface and goes out
through any of the ZyWALL's VPN tunnels. For example, From LAN To VPN specifies the
traffic that is coming from the LAN and going out through any of the ZyWALL's VPN
tunnels.
For example, by default the From LAN To VPN default firewall rule allows traffic from the
LAN computers to go out through any of the ZyWALL's VPN tunnels. You could configure
the From DMZ To VPN default rule to set the ZyWALL to silently block traffic from the
DMZ computers from going out through any of the ZyWALL's VPN tunnels.
184
These rules specify which computers connected to the WAN can
access which computers or services on the LAN. For example, you
may create rules to:
• Allow certain types of traffic, such as Lotus Notes database
synchronization, from specific hosts on the Internet to specific
hosts on the LAN.
• Allow public access to a Web server on your protected network.
You could also block certain IP addresses from accessing it.
Note: You also need to configure NAT port forwarding (or
full featured NAT address mapping rules) to allow
computers on the WAN to access devices on the
LAN. See Section 17.5.3 on page 318
By default the ZyWALL stops computers connected to the WAN from
managing the ZyWALL or using the ZyWALL as a gateway to
communicate with other computers on the WAN. You could configure
one of these rules to allow a WAN computer to manage the ZyWALL.
Note: You also need to configure the remote management
settings to allow a WAN computer to manage the
ZyWALL.
for information about packets traveling to or from the VPN tunnels.
for an example.
ZyWALL 2 Plus User's Guide