ZyXEL Communications 1000 User Manual
Chapter 24 Firewall
ZyWALL USG 1000 User’s Guide
436
24.3 The Session Limit Screen
Click Configuration > Firewall > Session Limit to display the Firewall
Session Limit screen. Use this screen to limit the number of concurrent NAT/
firewall sessions a client can use. You can apply a default limit for all users and
Session Limit screen. Use this screen to limit the number of concurrent NAT/
firewall sessions a client can use. You can apply a default limit for all users and
Description
Enter a descriptive name of up to 60 printable ASCII characters for the
firewall rule. Spaces are allowed.
firewall rule. Spaces are allowed.
Schedule
Select a schedule that defines when the rule applies. Otherwise, select
none and the rule is always effective.
none and the rule is always effective.
User
This field is not available when you are configuring a to-ZyWALL rule.
Select a user name or user group to which to apply the rule. The firewall
rule is activated only when the specified user logs into the system and
the rule will be disabled when the user logs out.
rule is activated only when the specified user logs into the system and
the rule will be disabled when the user logs out.
Otherwise, select any and there is no need for user logging.
Note: If you specified a source IP address (group) instead of any in
the field below, the user’s IP address should be within the IP
address range.
address range.
Source
Select a source address or address group for whom this rule applies.
Select any if the policy is effective for every source.
Select any if the policy is effective for every source.
Destination
Select a destination address or address group for whom this rule
applies. Select any if the policy is effective for every destination.
applies. Select any if the policy is effective for every destination.
Service
Select a service or service group from the drop-down list box.
Access
Use the drop-down list box to select what the firewall is to do with
packets that match this rule.
packets that match this rule.
Select deny to silently discard the packets without sending a TCP reset
packet or an ICMP destination-unreachable message to the sender.
packet or an ICMP destination-unreachable message to the sender.
Select reject to deny the packets and send a TCP reset packet to the
sender. Any UDP packets are dropped without sending a response
packet.
sender. Any UDP packets are dropped without sending a response
packet.
Select allow to permit the passage of the packets.
Log
Select whether to have the ZyWALL generate a log (log), log and alert
(log alert) or not (no) when the rule is matched. See
(log alert) or not (no) when the rule is matched. See
for more on logs.
OK
Click OK to save your customized settings and exit this screen.
Cancel
Click Cancel to exit this screen without saving.
Table 113 Configuration > Firewall > Add (continued)
LABEL
DESCRIPTION