Stateful Inspection Firewalls; Introduction To Zyxel's Firewall - ZyXEL Communications ZyWall 70 User Manual
Internet security appliance
Hide thumbs
Also See for ZyWall 70:
- Quick start manual (141 pages) ,
- Brochure & specs (2 pages) ,
- User manual (872 pages)
Table of Contents
Advertisement
ZyWALL 70 User's Guide
1 Information hiding prevents the names of internal systems from being made known via
DNS to outside systems, since the application gateway is the only host whose name must
be made known to outside systems.
2 Robust authentication and logging pre-authenticates application traffic before it reaches
internal hosts and causes it to be logged more effectively than if it were logged with
standard host logging. Filtering rules at the packet filtering router can be less complex
than they would be if the router needed to filter application traffic and direct it to a
number of specific systems. The router need only allow application traffic destined for
the application gateway and reject the rest.
9.2.3 Stateful Inspection Firewalls
Stateful inspection firewalls restrict access by screening data packets against defined access
rules. They make access control decisions based on IP address and protocol. They also
"inspect" the session data to assure the integrity of the connection and to adapt to dynamic
protocols. These firewalls generally provide the best speed and transparency; however, they
may lack the granular application level access control or caching that some proxies support.
See
Section 9.5 on page 173
Firewalls, of one type or another, have become an integral part of standard security solutions
for enterprises.
9.3 Introduction to ZyXEL's Firewall
The ZyWALL firewall is a stateful inspection firewall and is designed to protect against
Denial of Service attacks when activated (in SMT menu 21.2 or in the web configurator). The
ZyWALL's purpose is to allow a private Local Area Network (LAN) to be securely connected
to the Internet. The ZyWALL can be used to prevent theft, destruction and modification of
data, as well as log events, which may be important to the security of your network. The
ZyWALL also has packet-filtering capabilities.
The ZyWALL is installed between the LAN and a broadband modem connecting to the
Internet. This allows it to act as a secure gateway for all data passing between the Internet and
the LAN.
The ZyWALL allows you to physically separate the network into the following areas:
• The WAN (Wide Area Network) port(s) attaches to the broadband modem (cable or
ADSL) connecting to the Internet.
• The LAN (Local Area Network) port(s) attaches to a network of computers, which needs
security from the outside world. These computers will have access to Internet services
such as e-mail, FTP, and the World Wide Web. However, inbound access will not be
allowed unless the remote host is authorized to use a specific service.
168
for more information on Stateful Inspection.
Chapter 9 Firewalls
Advertisement
Table of Contents
Troubleshooting
