ZyXEL p-660h-61 User Guide
Prestige 660H Series User’s Guide
10-2
Firewalls
10.2.3 Stateful Inspection Firewalls
Stateful inspection firewalls restrict access by screening data packets against defined access rules.
They make access control decisions based on IP address and protocol. They also "inspect" the session
data to assure the integrity of the connection and to adapt to dynamic protocols. These firewalls
generally provide the best speed and transparency, however, they may lack the granular application
level access control or caching that some proxies support. See section 10.5 for more information on
Stateful Inspection.
They make access control decisions based on IP address and protocol. They also "inspect" the session
data to assure the integrity of the connection and to adapt to dynamic protocols. These firewalls
generally provide the best speed and transparency, however, they may lack the granular application
level access control or caching that some proxies support. See section 10.5 for more information on
Stateful Inspection.
Firewalls, of one type or another, have become an integral part of standard security solutions for
enterprises.
enterprises.
10.3 Introduction to ZyXEL’s Firewall
The Prestige firewall is a stateful inspection firewall and is designed to protect against Denial of
Service attacks when activated (in SMT menu 21.2 or in the web configurator). The Prestige’s purpose
is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The Prestige
can be used to prevent theft, destruction and modification of data, as well as log events, which may be
important to the security of your network. The Prestige also has packet filtering capabilities.
Service attacks when activated (in SMT menu 21.2 or in the web configurator). The Prestige’s purpose
is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The Prestige
can be used to prevent theft, destruction and modification of data, as well as log events, which may be
important to the security of your network. The Prestige also has packet filtering capabilities.
The Prestige is installed between the LAN and the Internet. This allows it to act as a secure gateway
for all data passing between the Internet and the LAN.
for all data passing between the Internet and the LAN.
The Prestige has one ISDN port and one Ethernet LAN port, which physically separate the network
into two areas.
into two areas.
♦
The ISDN port connects to the Internet.
♦
The LAN (Local Area Network) port attaches to a network of computers, which needs security
from the outside world. These computers will have access to Internet services such as e-mail,
FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you
configure remote management or create a firewall rule to allow a remote host to use a specific
service.
from the outside world. These computers will have access to Internet services such as e-mail,
FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you
configure remote management or create a firewall rule to allow a remote host to use a specific
service.
Figure 10-1 Prestige Firewall Application
Denial of
Service Attacks
Service Attacks