Filter Types And Nat; Firewall Versus Filters; Applying A Filter; Figure 32-11 Protocol And Device Filter Sets - ZyXEL Communications ZyWALL 5 User Manual
Internet security appliance
Hide thumbs
Also See for ZyWALL 5:
- User manual (668 pages) ,
- Support notes (305 pages) ,
- Quick start manual (139 pages)
Table of Contents
Advertisement
This brings you to menu 11.5. Apply a filter set (our example filter set 3) as shown in Figure
3.
32-14.
Press [ENTER] to confirm after you enter the set numbers and to leave menu 11.5.
4.
32.4 Filter Types and NAT
There are two classes of filter rules, Generic Filter (Device) rules and protocol filter (TCP/IP) rules.
Generic filter rules act on the raw data from/to LAN and WAN. Protocol filter rules act on the IP
packets. Generic and TCP/IP filter rules are discussed in more detail in the next section. When NAT
(Network Address Translation) is enabled, the inside IP address and port number are replaced on a
connection-by-connection basis, which makes it impossible to know the exact address and port on the
wire. Therefore, the ZyWALL applies the protocol filters to the "native" IP address and port number
before NAT for outgoing packets and after NAT for incoming packets. On the other hand, the generic,
or device filters are applied to the raw packets that appear on the wire. They are applied at the point
when the ZyWALL is receiving and sending the packets; i.e. the interface. The interface can be an
Ethernet port or any other hardware port. The following diagram illustrates this.
32.5 Firewall Versus Filters
Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are
also made between filtering, NAT and the firewall.
32.6 Applying a Filter
This section shows you where to apply the filter(s) after you design it (them). The ZyWALL already
has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet, FTP and HTTP
connections.
If you do not activate the firewall, it is advisable to apply filters.
32.6.1 Applying LAN Filters
LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security
breaches. Go to menu 3.1 (shown next) and enter the number(s) of the filter set(s) that you want to
apply as appropriate. You can choose up to four filter sets (from twelve) by entering their numbers
separated by commas, e.g., 3, 4, 6, 11. Input filter sets filter incoming traffic to the ZyWALL and
output filter sets filter outgoing traffic from the ZyWALL. For PPPoE or PPTP encapsulation, you
have the additional option of specifying remote node call filter sets.
Filter Configuration
Figure 32-11 Protocol and Device Filter Sets
ZyWALL 5 Internet Security Appliance
32-11
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
