ZyXEL Communications 50 User Manual
ZyWALL 50 Internet Security Gateway
7-8
Firewalls
Denies all sessions originating from the WAN to the LAN.
Figure 7-5 Stateful Inspection
The previous figure shows the ZyWALL’s default firewall rules in action as well as demonstrates how
stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this
request are allowed. However other Telnet traffic initiated from the WAN is blocked.
stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this
request are allowed. However other Telnet traffic initiated from the WAN is blocked.
7.5.1 Stateful Inspection Process
In this example, the following sequence of events occurs when a TCP packet leaves the LAN network
through the firewall's WAN interface. The TCP packet is the first in a session, and the packet's application
layer protocol is configured for a firewall rule inspection:
through the firewall's WAN interface. The TCP packet is the first in a session, and the packet's application
layer protocol is configured for a firewall rule inspection:
1. The packet travels from the firewall's LAN to the WAN.
2. The packet is evaluated against the interface's existing outbound access list, and the packet is
2. The packet is evaluated against the interface's existing outbound access list, and the packet is
permitted (a denied packet would simply be dropped at this point).