ZyXEL Communications 200 Series User Manual
Chapter 19 Firewall
ZyWALL USG 100/200 Series User’s Guide
336
19.1.2 What You Need to Know About the Firewall
Stateful Inspection
The ZyWALL has a stateful inspection firewall. The ZyWALL restricts access by screening
data packets against defined access rules. It also inspects sessions. For example, traffic from
one zone is not allowed unless it is initiated by a computer in another zone first.
data packets against defined access rules. It also inspects sessions. For example, traffic from
one zone is not allowed unless it is initiated by a computer in another zone first.
Zones
A zone is a group of interfaces or VPN tunnels. Group the ZyWALL’s interfaces into different
zones based on your needs. You can configure firewall rules for data passing between zones or
even between interfaces and/or VPN tunnels in a zone.
zones based on your needs. You can configure firewall rules for data passing between zones or
even between interfaces and/or VPN tunnels in a zone.
Default Firewall Behavior
Firewall rules are grouped based on the direction of travel of packets to which they apply.
Here are the default firewall behavior for traffic going through the ZyWALL. By default the
ZyWALL forces authentication for WLAN users. Un-authenticated WLAN users can only
access the WAN.
Here are the default firewall behavior for traffic going through the ZyWALL. By default the
ZyWALL forces authentication for WLAN users. Un-authenticated WLAN users can only
access the WAN.
"
By default, the ZyWALL allows traffic going to or from the OPT zone.
Table 109 Default Firewall Behavior
FROM ZONE TO ZONE
STATEFUL PACKET INSPECTION
From LAN1 to LAN1
Traffic between LAN1 interfaces is allowed.
From LAN1 to WAN
Traffic from LAN1 to the WAN is allowed.
From LAN1 to DMZ
Traffic from LAN1 to the DMZ is allowed.
From LAN1 to WLAN
Traffic from LAN1 to WLAN is allowed.
From LAN1 to WLAN
Traffic from LAN1 to WLAN is allowed.
From WLAN to LAN1
Traffic from WLAN to LAN1 is allowed.
From WLAN to WAN
Traffic from WLAN to the WAN is allowed.
From WLAN to DMZ
Traffic from WLAN to the DMZ is allowed.
From WLAN to WLAN
Traffic between WLAN interfaces is allowed.
From WAN to LAN1
Traffic from the WAN to LAN1 is dropped.
From WAN to WAN
Traffic between interfaces in the WAN is dropped.
From WAN to DMZ
Traffic from the WAN to the DMZ is allowed.
From WAN to WLAN
Traffic from the WAN to WLAN is allowed.
From DMZ to LAN1
Traffic from the DMZ to LAN1 is dropped.
From DMZ to WAN
Traffic from the DMZ to the WAN is allowed.
From DMZ to WLAN
Traffic from the DMZ to the WLAN is dropped.
From DMZ to DMZ
Traffic between interfaces in the DMZ is dropped.