ZyXEL 35 User Guide
ZyWALL 35 Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
287
the outside world. LAN users are invisible to outside users. So, to make an internal server for outside access, we
must specify the service port and the LAN IP of this server in Menu 15. Thus NAT is able to forward the
incoming packets to the requested service behind NAT and the outside users access the server using the
ZyWALL's WAN IP address. So, we have to configure the internal IPSec as a default server (unspecified
service port) in menu 15 when it acts a server gateway.
A31. What is STP (Spanning Tree Protocol) /RSTP (Rapid STP)?
When the ZyWALL is set to bridge mode, (R)STP detects and breaks network loops and provides backup
links between switches, bridges or routers. It allows a bridge to interact with other (R)STP-compliant
bridges in your network to ensure that only one path exists between any two stations on the network. The
configuration is especially for the advanced user who knows the protocol well.
A32. What is the flow ZyWALL handles inbound and outgoing traffic?
(1) For a ZyWALL with router mode, following are the inspection flow for inbound and outgoing traffic.
Traffic from WAN: -> NAT -> Firewall-> Policy Route -> Load Balance -> Static Route -> IDP -> AV
-> AS ->
CF -> BWM
Traffic to WAN: -> Firewall -> Policy Route -> Load Balance -> Static Route -> IDP -> AV -> AS ->
CF -> BMW -> NAT
(2) For a ZyWALL with bridge mode, the inspection flow is as following.
Traffic will be handled: -> Firewall-> IDP -> AV -> AS ->
CF -> BWM
A33. What is “UTM”?
UTM stands for Unified Threat Management and is a term describing a firewall appliance that integrates
multiple security features, including Anti-Virus, IDP, Anti-Spam and VPN features, into a single box.
Armed with the UTM appliance, the IT staff can manage the emerging threats from Internet, having lower
TCO and reduced management overhead.
A34. What are the differences between ZyWALL UTM models and previous ZyWALL