Table of Contents
Advertisement
To-ZyWALL Rules
Rules with ZyWALL as the To Zone apply to traffic going to the ZyWALL itself. By
default:
• The firewall allows only LAN, WLAN (USG 20W), or WAN computers to access or
manage the ZyWALL.
• The ZyWALL drops most packets from the WAN zone to the ZyWALL itself,
except for ESP/AH/IKE/NATT/HTTPS services for VPN tunnels, and generates a
log.
• The ZyWALL drops most packets from the DMZ zone to the ZyWALL itself,
except for DNS and NetBIOS traffic, and generates a log.
When you configure a firewall rule for packets destined for the ZyWALL itself,
make sure it does not conflict with your service control rule. See
page 629
for more information about service control (remote management). The
ZyWALL checks the firewall rules before the service control rules for traffic
destined for the ZyWALL.
You can configure a To-ZyWALL firewall rule (with From Any To ZyWALL
direction) for traffic from an interface which is not in a zone.
Global Firewall Rules
Firewall rules with from any and/or to any as the packet direction are called
global firewall rules. The global firewall rules are the only firewall rules that apply
to an interface or VPN tunnel that is not included in a zone. The from any rules
apply to traffic coming from the interface and the to any rules apply to traffic
going to the interface.
Firewall Rule Criteria
The ZyWALL checks the schedule, user name (user's login name on the ZyWALL),
source IP address, destination IP address and IP protocol type of network traffic
against the firewall rules (in the order you list them). When the traffic matches a
rule, the ZyWALL takes the action specified in the rule.
User Specific Firewall Rules
You can specify users or user groups in firewall rules. For example, to allow a
specific user from any computer to access a zone by logging in to the ZyWALL, you
can set up a rule based on the user name only. If you also apply a schedule to the
firewall rule, the user can only access the network at the scheduled time. A user-
aware firewall rule is activated whenever the user logs in to the ZyWALL and will
be disabled after the user logs out of the ZyWALL.
ZyWALL USG 20/20W User's Guide
Chapter 22 Firewall
Chapter 43 on
375
- Quick Links:
- Web Configurator
- Quick Setup
- Resetting the Zywall
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZYWALL USG 20
Related Products for ZyXEL Communications ZYWALL USG 20
- ZyXEL Communications ZyXEL ZYWALL10
- ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0
- ZyXEL Communications ZYWALL - CLI
- ZyXEL Communications ZYWALL2 ET 2WE
- ZyXEL Communications ZyWALL USG 50
- ZyXEL Communications ZYWALL USG CLI
- ZyXEL Communications ZyWall1
- ZyXEL Communications ZYWALL 200