ZyXEL Communications ISG50 User Manual

Chapter 6 Configuration Basics

ISG50 User’s Guide

Zones cannot overlap. Each interface and VPN tunnel can be assigned to at most one zone. Virtual 
interfaces are automatically assigned to the same zone as the interface on which they run. When 
you create a zone, the ISG50 does not create any firewall rule or configure remote management for 
the new zone. 

Example: For example, to create the DMZ-2 zone, click Network > Zone and then the Add icon. 

Dynamic DNS maps a domain name to a dynamic IP address. The ISG50 helps maintain this 
mapping. 

Use Network Address Translation (NAT) to make computers on a private network behind the ISG50 
available outside the private network. 

The ISG50 only checks regular (through-ISG50) firewall rules for packets that are redirected by 
NAT, it does not check the to-ISG50 firewall rules. 

Example: Suppose you have an FTP server with a private IP address connected to a DMZ port. You 
could configure a NAT rule to forwards FTP sessions from the WAN to the DMZ. 

Click Configuration > Network > NAT to configure the NAT entry. Add an entry.

Name the entry.

Select the WAN interface that the FTP traffic is to come in through.

Specify the public WAN IP address where the ISG50 will receive the FTP packets.

In the Mapped IP field, list the IP address of the FTP server. The ISG50 will forward the packets 
received for the original IP address.

In Mapping Type, select Port.

Enter 21 in both the Original and the Mapped Port fields.

Interfaces, IPSec VPN

Firewall, remote management, ADP

Interface

Interfaces, addresses (HOST)