ZyXEL Communications ZyWALL 300 User Manual
Chapter 19 Firewall
ZyWALL USG 300 User’s Guide
278
Your customized rules take precedence and override the ZyWALL’s default settings. The
ZyWALL checks the schedule, user name (user’s login name on the ZyWALL), source IP
address, destination IP address and IP protocol type of network traffic against the firewall
rules (in the order you list them). When the traffic matches a rule, the ZyWALL takes the
action specified in the rule.
ZyWALL checks the schedule, user name (user’s login name on the ZyWALL), source IP
address, destination IP address and IP protocol type of network traffic against the firewall
rules (in the order you list them). When the traffic matches a rule, the ZyWALL takes the
action specified in the rule.
For example, if you want to allow a specific user from any computer to access one zone by
logging in to the ZyWALL, you can set up a rule based on the user name only. If you also
apply a schedule to the firewall rule, the user can only access the network at the scheduled
time. A user-aware firewall rule is activated whenever the user logs in to the ZyWALL and
will be disabled after the user logs out of the ZyWALL.
logging in to the ZyWALL, you can set up a rule based on the user name only. If you also
apply a schedule to the firewall rule, the user can only access the network at the scheduled
time. A user-aware firewall rule is activated whenever the user logs in to the ZyWALL and
will be disabled after the user logs out of the ZyWALL.
19.2 Firewall Rules
Firewall rules are grouped based on the direction of travel of packets to which they apply.
"
The LAN, WAN, DMZ, and WLAN are default zones. Refer to
for more information on zones.
"
If you create a new zone, there is no default firewall rule for it and any packets
sent to or from the new zone are allowed.
sent to or from the new zone are allowed.
19.2.1 Rule Directions
The following table shows you the default firewall rules that inspect packets going through the
ZyWALL.
ZyWALL.
"
The ZyWALL checks the firewall rules before the application patrol rules for
traffic going through the ZyWALL.
traffic going through the ZyWALL.
If you want to use a service, make sure both the firewall and application patrol allow the
service’s packets to go through the ZyWALL.
service’s packets to go through the ZyWALL.
You can use the firewall to block a service with a static port number. To block a service using
a flexible/dynamic port number by inspecting the service’s packets, you need to use
application patrol. See the chapter about application patrol for more information.
a flexible/dynamic port number by inspecting the service’s packets, you need to use
application patrol. See the chapter about application patrol for more information.