ZyXEL Communications ZyWALL 1000 User Manual
Chapter 2 Features and Applications
ZyWALL USG 1000 User’s Guide
59
2.2.1 Interface to Interface (Through ZyWALL)
Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT-> Routing -> FW -> AC -> IDP -> AV-
> AP -> CF -> SNAT -> BWM -> Encap -> VLAN -> Ethernet
> AP -> CF -> SNAT -> BWM -> Encap -> VLAN -> Ethernet
2.2.2 Interface to Interface (To/From ZyWALL)
To: Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT -> Routing -> zFW -> ADP -> RM
From: RM -> Routing -> BWM -> Encap -> VLAN -> Ethernet
From: RM -> Routing -> BWM -> Encap -> VLAN -> Ethernet
2.2.3 Interface to Interface (From VPN Tunnel)
This example shows the flow from a VPN tunnel though the ZyWALL, not to the ZyWALL or
to another VPN tunnel (VPN concentrator).
Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT-> Routing -> zFW -> IPSec D -> ALG
-> AC -> DNAT-> Routing -> FW -> AC -> IDP -> AV -> AP -> CF -> -> SNAT -> BWM -
> Encap -> VLAN -> Ethernet
to another VPN tunnel (VPN concentrator).
Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT-> Routing -> zFW -> IPSec D -> ALG
-> AC -> DNAT-> Routing -> FW -> AC -> IDP -> AV -> AP -> CF -> -> SNAT -> BWM -
> Encap -> VLAN -> Ethernet
2.2.4 Interface to Interface (To VPN Tunnel)
This example shows the flow to a VPN tunnel from a source other than the ZyWALL or
another VPN tunnel (VPN concentrator).
another VPN tunnel (VPN concentrator).
AC
Application Classifier is the Application Protocol (AP) layer-7 classifier.
DNAT
Destination NAT
Routing
Routing includes policy routes, interface routing, static routes and load balancing
for example.
FW
Firewall (Through ZyWALL)
zFW
Firewall (To ZyWALL)
IDP
Intrusion Detection & Protection
ADP
Anomaly Detection and Protection
AP
Application Patrol
CF
Content Filtering
SNAT
Source NAT
IPSec D/E
VPN Decryption/Encryption
BWM
Bandwidth Management
RM
Remote Management (System)
AV
Anti-Virus
Table 4 Packet Flow Key