Table of Contents
Advertisement
Chapter 18 Firewall
Finding Out More
• See
Section 5.4.11 on page 86
• See
Section 6.6.6 on page 119
configuring user-aware access control
• See
Section 6.9.3 on page 126
traffic from the WAN to LAN1.
18.1.3 Firewall Rule Example Applications
Suppose that your company decides to block all of the LAN users from using IRC (Internet
Relay Chat) through the Internet. To do this, you would configure a LAN1 to WAN firewall
rule that blocks IRC traffic from any source IP address from going to any destination address.
You do not need to specify a schedule since you need the firewall rule to always be in effect.
The following figure shows the results of this rule.
Figure 222 Blocking All LAN to WAN IRC Traffic Example
Your firewall would have the following configuration.
Table 108 Blocking All LAN1 to WAN IRC Traffic Example
#
1
Default
• The first row blocks LAN1 access to the IRC service on the WAN.
• The second row is the firewall's default policy that allows all traffic from the LAN to go to
the WAN.
The ZyWALL applies the firewall rules in order. So for this example, when the ZyWALL
receives traffic from LAN1, it checks it against the first rule. If the traffic matches (if it is IRC
traffic) the firewall takes the action in the rule (drop) and stops checking the firewall rules.
Any traffic that does not match the first firewall rule will match the default rule and the
ZyWALL forwards it.
292
for related information on the Firewall screens.
for an example of creating firewall rules as part of
for an example of creating a firewall rule to allow H.323
USER
SOURCE
Any
Any
Any
Any
(Section 6.6 on page
DESTINATION SCHEDULE
Any
Any
Any
Any
114).
SERVICE
ACTION
IRC
Deny
Any
Allow
ZyWALL USG 50-H User's Guide
Advertisement
Table of Contents
Troubleshooting
