ZyXEL Communications 3.1 User Manual
ZyWALL (ZLD) CLI Reference Guide
133
C
H A P T E R
1 6
Firewall
This chapter introduces the ZyWALL’s firewall and shows you how to configure your ZyWALL’s
firewall.
firewall.
16.1 Firewall Overview
The ZyWALL’s firewall is a stateful inspection firewall. The ZyWALL restricts access by screening
data packets against defined access rules. It can also inspect sessions. For example, traffic from
one zone is not allowed unless it is initiated by a computer in another zone first.
data packets against defined access rules. It can also inspect sessions. For example, traffic from
one zone is not allowed unless it is initiated by a computer in another zone first.
A zone is a group of interfaces or VPN tunnels. Group the ZyWALL’s interfaces into different zones
based on your needs. You can configure firewall rules for data passing between zones or even
between interfaces and/or VPN tunnels in a zone.
based on your needs. You can configure firewall rules for data passing between zones or even
between interfaces and/or VPN tunnels in a zone.
This example shows the ZyWALL’s default firewall behavior for WAN to LAN traffic and how stateful
inspection works. A LAN user can initiate a Telnet session from within the LAN zone and the firewall
allows the response. However, the firewall blocks Telnet traffic initiated from the WAN zone and
destined for the LAN zone. The firewall allows VPN traffic between any of the networks.
inspection works. A LAN user can initiate a Telnet session from within the LAN zone and the firewall
allows the response. However, the firewall blocks Telnet traffic initiated from the WAN zone and
destined for the LAN zone. The firewall allows VPN traffic between any of the networks.
Figure 18
Default Firewall Action
Your customized rules take precedence and override the ZyWALL’s default settings. The ZyWALL
checks the schedule, user name (user’s login name on the ZyWALL), source IP address, destination
IP address and IP protocol type of network traffic against the firewall rules (in the order you list
them). When the traffic matches a rule, the ZyWALL takes the action specified in the rule.
checks the schedule, user name (user’s login name on the ZyWALL), source IP address, destination
IP address and IP protocol type of network traffic against the firewall rules (in the order you list
them). When the traffic matches a rule, the ZyWALL takes the action specified in the rule.
For example, if you want to allow a specific user from any computer to access one zone by logging
in to the ZyWALL, you can set up a rule based on the user name only. If you also apply a schedule
to the firewall rule, the user can only access the network at the scheduled time. A user-aware
firewall rule is activated whenever the user logs in to the ZyWALL and will be disabled after the user
logs out of the ZyWALL.
in to the ZyWALL, you can set up a rule based on the user name only. If you also apply a schedule
to the firewall rule, the user can only access the network at the scheduled time. A user-aware
firewall rule is activated whenever the user logs in to the ZyWALL and will be disabled after the user
logs out of the ZyWALL.
LAN
WAN