ZyXEL Communications ZyWALL 1000 User Manual
Chapter 5 Configuration Basics
ZyWALL USG 1000 User’s Guide
118
2 Click Network > Routing > Policy Route to go to the policy route configuration screen.
Add a policy route.
3 Name the policy route.
4 Select the interface that the traffic comes in through (ge4 in this example).
5 Select the FTP server’s address as the source address.
6 You don’t need to specify the destination address or the schedule.
7 For the service, select FTP.
8 For the Next Hop fields, select Interface as the Type if you have a single WAN
4 Select the interface that the traffic comes in through (ge4 in this example).
5 Select the FTP server’s address as the source address.
6 You don’t need to specify the destination address or the schedule.
7 For the service, select FTP.
8 For the Next Hop fields, select Interface as the Type if you have a single WAN
connection or Trunk if you have multiple WAN connections.
9 Select the interface that you are using for your WAN connection (ge2 and ge3 are WAN
interfaces by default). If you have multiple WAN connections, select the trunk.
10 Specify the amount of bandwidth FTP traffic can use. You may also want to set a low
priority for FTP traffic.
"
The ZyWALL checks the policy routes in the order that they are listed. So
make sure that your custom policy route comes before any other routes that
would also match the FTP traffic.
make sure that your custom policy route comes before any other routes that
would also match the FTP traffic.
5.4.11 Static Routes
Use static routes to tell the ZyWALL about networks not directly connected to the ZyWALL.
5.4.12 Firewall
The firewall controls the travel of traffic between or within zones. You can also configure the
firewall to control traffic for virtual server (port forwarding) and policy routes (NAT). You
can configure firewall rules based on schedules, specific users (or user groups), source or
destination addresses (or address groups) and services (or service groups). Each of these
objects must be configured in a different screen.
To-ZyWALL firewall rules control access to the ZyWALL. Configure to-ZyWALL firewall
rules for remote management. By default, the firewall allows any computer from the LAN
zone to access or manage the ZyWALL. The ZyWALL drops packets from the WAN or DMZ
zone to the ZyWALL itself, except for Device HA and VPN traffic.
firewall to control traffic for virtual server (port forwarding) and policy routes (NAT). You
can configure firewall rules based on schedules, specific users (or user groups), source or
destination addresses (or address groups) and services (or service groups). Each of these
objects must be configured in a different screen.
To-ZyWALL firewall rules control access to the ZyWALL. Configure to-ZyWALL firewall
rules for remote management. By default, the firewall allows any computer from the LAN
zone to access or manage the ZyWALL. The ZyWALL drops packets from the WAN or DMZ
zone to the ZyWALL itself, except for Device HA and VPN traffic.
Example: Suppose you have a SIP proxy server connected to the DMZ-2 zone for VoIP calls.
You could configure a firewall rule to allow VoIP sessions from the SIP proxy server on
DMZ-2 to the LAN so VoIP users on the LAN can receive calls.
You could configure a firewall rule to allow VoIP sessions from the SIP proxy server on
DMZ-2 to the LAN so VoIP users on the LAN can receive calls.
1 Create a VoIP service object for UDP port 5060 traffic (Object > Service).
MENU ITEM(S)
Network > Routing > Static Route
PREREQUISITES
Interfaces
MENU ITEM(S)
Firewall
PREREQUISITES
Zones, schedules, users, user groups, addresses (source, destination), address
groups (source, destination), services, service groups