ZyXEL Communications ZyWALL 300 User Manual

 Chapter 27 Application Patrol

ZyWALL USG 300 User’s Guide

Application patrol looks at the connection direction, that is from which zone the connection 
was initiated and to which zone the connection is going. 

A connection has outbound and inbound packet flows. The ZyWALL controls the bandwidth 
of traffic of each flow as it is going out through an interface or VPN tunnel. 

• The outbound traffic flows from the connection initiator to the connection responder. 

• The inbound traffic flows from the connection responder to the connection initiator. 

For example, a LAN to WAN connection is initiated from the LAN and goes to the WAN.

• Outbound traffic goes from a LAN zone device to a WAN zone device. Bandwidth 

management is applied before sending the packets out a WAN zone interface on the 
ZyWALL. 

• Inbound traffic comes back from the WAN zone device to the LAN zone device. 

Bandwidth management is applied before sending the traffic out a LAN zone interface. 

Figure 296   LAN to WAN Connection and Packet Directions

You can limit an application’s outbound or inbound bandwidth. This limit keeps the traffic 
from using up too much of the out-going interface’s bandwidth. This way you can make sure 
there is bandwidth for other applications. When you apply a bandwidth limit to outbound or 
inbound traffic, each member of the out-going zone can send up to the limit. 

Take a LAN to WAN policy for example. 

• Outbound traffic is limited to 200 kbps. The connection initiator is on the LAN so 

outbound means the traffic traveling from the LAN to the WAN. Each of the WAN zone’s 
two interfaces can send the limit of 200 kbps of traffic.  

• Inbound traffic is limited to 500 kbs. The connection initiator is on the LAN so inbound 

means the traffic traveling from the WAN to the LAN.