ZyXEL Communications 5 Series User Manual
Chapter 5 Tutorials
ZyWALL 5/35/70 Series User’s Guide
125
Figure 60 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example
4 Use this screen to specify which computers behind the routers can use the VPN tunnel.
Configure the fields that are circled as follows and click Apply. You may notice that the
example does not specify the port numbers. This is due to the following reasons.
example does not specify the port numbers. This is due to the following reasons.
• While FTP uses a control session on port 20, the port for the data session is not fixed.
So this example uses the firewall’s FTP application layer gateway (ALG) to handle
this instead of specifying port numbers in this VPN network policy.
this instead of specifying port numbers in this VPN network policy.
• The firewall provides better security because it operates at layer 4 and checks traffic
sessions. The VPN network policy only operates at layer 3 and just checks IP
addresses and port numbers.
addresses and port numbers.