Alg; Auth. Policy; Firewall - ZyXEL Communications ZYWALL USG 1000 - EDITION 2 Manual

6.5.12 ALG

The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications
to go through NAT on the ZyWALL. You can also specify additional signaling port
numbers.
MENU ITEM(S)

6.5.13 Auth. Policy

Use authentication policies to control who can access the network. You can
authenticate users (require them to log in) and even perform Endpoint Security
(EPS) checking to make sure users' computers comply with defined corporate
policies before they can access the network.
MENU ITEM(S)
PREREQUISITES

6.5.14 Firewall

The firewall controls the travel of traffic between or within zones. You can also
configure the firewall to control traffic for NAT (DNAT) and policy routes (SNAT).
You can configure firewall rules based on schedules, specific users (or user
groups), source or destination addresses (or address groups) and services (or
service groups). Each of these objects must be configured in a different screen.
To-ZyWALL firewall rules control access to the ZyWALL. Configure to-ZyWALL
firewall rules for remote management. By default, the firewall only allows
management connections from the LAN, WAN zone.
MENU ITEM(S)
PREREQUISITES
Example: Suppose you have a SIP proxy server connected to the DMZ zone for
VoIP calls. You could configure a firewall rule to allow VoIP sessions from the SIP
proxy server on DMZ to the LAN so VoIP users on the LAN can receive calls.
Create a VoIP service object for UDP port 5060 traffic (Configuration > Object >
1
Service).
Create an address object for the VoIP server (Configuration > Object >
2
Address).
ZyWALL USG 1000 User's Guide
Configuration > Network > ALG
Configuration > Auth. Policy
Addresses, services, endpoint security objects, users, authentication
methods
Configuration > Firewall
Zones, schedules, users, user groups, addresses (source,
destination), address groups (source, destination), services, service
groups
Chapter 6 Configuration Basics
107