ZyXEL Communications ZyWALL 1100 User Manual page 329

Table 134 Configuration > Security Policy > Policy Control (continued)
LABEL DESCRIPTION
Allow If an alternate gateway on the LAN has an IP address in the same subnet as the ZyWALL/
Asymmetrica
USG's LAN IP address, return traffic may not go through the ZyWALL/USG. This is called an
l Route
asymmetrical or "triangle" route. This causes the ZyWALL/USG to reset the connection, as
the connection has not been acknowledged.
Select this check box to have the ZyWALL/USG permit the use of asymmetrical route
topology on the network (not reset the connection).
Note: Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN
Add Click this to create a new entry. Select an entry and click Add to create a new entry after
the selected entry.
Edit Double-click an entry or select it and click Edit to open a screen where you can modify the
entry's settings.
Remove To remove an entry, select it and click Remove. The ZyWALL/USG confirms you want to
remove it before doing so.
Activate To turn on an entry, select it and click Activate.
Inactivate To turn off an entry, select it and click Inactivate.
Move To change a policy's position in the numbered list, select the policy and click Move to
display a field to type a number for where you want to put that policy and press [ENTER] to
move the policy to the number that you typed.
The ordering of your policies is important as they are applied in order of their numbering.
The following read-only fields summarize the policies you have created that apply to traffic traveling in the
selected packet direction.
Priority This is the position of your Security Policy in the global policy list (including all through-
ZyWALL/USG and to-ZyWALL/USG policies). The ordering of your policies is important as
policies are applied in sequence. Default displays for the default Security Policy behavior
that the ZyWALL/USG performs on traffic that does not match any other Security Policy.
Status This icon is lit when the entry is active and dimmed when the entry is inactive.
Name This is the name of the Security policy.
From / To This is the direction of travel of packets. Select from which zone the packets come and to
which zone they go.
Security Policies Rare grouped based on the direction of travel of packets to which they
apply. For example, from LAN to LAN means packets traveling from a computer or subnet
on the LAN to either another computer or subnet on the LAN.
From any displays all the Security Policies for traffic going to the selected To Zone.
To any displays all the Security Policies for traffic coming from the selected From Zone.
From any to any displays all of the Security Policies.
To Device policies are for traffic that is destined for the ZyWALL/USG and control which
computers can manage the ZyWALL/USG.
IPv4 / IPv6 This displays the IPv4 / IPv6 source address object to which this Security Policy applies.
Source
IPv4 / IPv6 This displays the IPv4 / IPv6 destination address object to which this Security Policy
Destination applies.
Service This displays the service object to which this Security Policy applies.
User This is the user name or user group name to which this Security Policy applies.
Schedule This field tells you the schedule object that the policy uses. none means the policy is active
at all times if enabled.
Chapter 19 Security Policy
without passing through the ZyWALL/USG. A better solution is to use virtual
interfaces to put the ZyWALL/USG and the backup gateway on separate subnets.
ZyWALL/USG Series User's Guide
329