ZyXEL Communications 1000 User Manual
Chapter 6 Configuration Basics
ZyWALL USG 1000 User’s Guide
109
6.5.12 ALG
The ZyWALL’s Application Layer Gateway (ALG) allows VoIP and FTP applications
to go through NAT on the ZyWALL. You can also specify additional signaling port
numbers.
to go through NAT on the ZyWALL. You can also specify additional signaling port
numbers.
6.5.13 Auth. Policy
Use authentication policies to control who can access the network. You can
authenticate users (require them to log in) and even perform Endpoint Security
(EPS) checking to make sure users’ computers comply with defined corporate
policies before they can access the network.
authenticate users (require them to log in) and even perform Endpoint Security
(EPS) checking to make sure users’ computers comply with defined corporate
policies before they can access the network.
6.5.14 Firewall
The firewall controls the travel of traffic between or within zones. You can also
configure the firewall to control traffic for NAT (DNAT) and policy routes (SNAT).
You can configure firewall rules based on schedules, specific users (or user
groups), source or destination addresses (or address groups) and services (or
service groups). Each of these objects must be configured in a different screen.
configure the firewall to control traffic for NAT (DNAT) and policy routes (SNAT).
You can configure firewall rules based on schedules, specific users (or user
groups), source or destination addresses (or address groups) and services (or
service groups). Each of these objects must be configured in a different screen.
To-ZyWALL firewall rules control access to the ZyWALL. Configure to-ZyWALL
firewall rules for remote management. By default, the firewall only allows
management connections from the LAN, WAN zone.
firewall rules for remote management. By default, the firewall only allows
management connections from the LAN, WAN zone.
Example: Suppose you have a SIP proxy server connected to the DMZ zone for
VoIP calls. You could configure a firewall rule to allow VoIP sessions from the SIP
proxy server on DMZ to the LAN so VoIP users on the LAN can receive calls.
VoIP calls. You could configure a firewall rule to allow VoIP sessions from the SIP
proxy server on DMZ to the LAN so VoIP users on the LAN can receive calls.
1
Create a VoIP service object for UDP port 5060 traffic (Configuration > Object >
Service).
Service).
2
Create an address object for the VoIP server (Configuration > Object >
Address).
Address).
MENU ITEM(S)
Configuration > Network > ALG
MENU ITEM(S)
Configuration > Auth. Policy
PREREQUISITES
Addresses, services, endpoint security objects, users, authentication
methods
methods
MENU ITEM(S)
Configuration > Firewall
PREREQUISITES
Zones, schedules, users, user groups, addresses (source,
destination), address groups (source, destination), services, service
groups
destination), address groups (source, destination), services, service
groups