ZyXEL Communications ZyWALL 1000 User Manual
Chapter 5 Configuration Basics
ZyWALL USG 1000 User’s Guide
119
2 Create an address object for the VoIP server (Object > Address).
3 Click Firewall to go to the firewall configuration.
4 Select from the DMZ-2 zone to the LAN zone, and add a firewall rule using the items
3 Click Firewall to go to the firewall configuration.
4 Select from the DMZ-2 zone to the LAN zone, and add a firewall rule using the items
you have configured.
• You don’t need to specify the schedule or the user.
• In the Source field, select the address object of the VoIP server.
• You don’t need to specify the destination address.
• Leave the Access field set to Allow and the Log field set to No.
• You don’t need to specify the schedule or the user.
• In the Source field, select the address object of the VoIP server.
• You don’t need to specify the destination address.
• Leave the Access field set to Allow and the Log field set to No.
"
The ZyWALL checks the firewall rules in order. Make sure each rule is in the
correct place in the sequence.
correct place in the sequence.
5.4.13 Application Patrol
Use application patrol to control which individuals can use which services through the
ZyWALL (and when they can do so). You can also specify allowed amounts of bandwidth and
priorities. You must subscribe to use application patrol. You can subscribe using the
Licensing > Registration screens or one of the wizards.
ZyWALL (and when they can do so). You can also specify allowed amounts of bandwidth and
priorities. You must subscribe to use application patrol. You can subscribe using the
Licensing > Registration screens or one of the wizards.
Example: Suppose you want to allow vice president Bob to use BitTorrent and block
everyone else from using it.
everyone else from using it.
1 Create a user account for Bob (User/Group).
2 Click AppPatrol > Peer to Peer to go to the application patrol configuration screen.
2 Click AppPatrol > Peer to Peer to go to the application patrol configuration screen.
Click the BitTorrent application patrol entry’s Edit icon.
• Set the default policy’s access to Drop.
• Add another policy.
• Select the user account that you created for Bob.
• You can leave the source, destination and log settings at the default.
• Set the default policy’s access to Drop.
• Add another policy.
• Select the user account that you created for Bob.
• You can leave the source, destination and log settings at the default.
"
With this example, Bob would have to log in using his account. If you do not
want him to have to log in, you might create an exception policy with Bob’s
computer IP address as the source.
want him to have to log in, you might create an exception policy with Bob’s
computer IP address as the source.
MENU ITEM(S)
AppPatrol
PREREQUISITES
Registration, zones, Schedules, users, user groups, addresses (source,
destination), address groups (source, destination). These are only used as
criteria in exceptions and conditions.