ZyXEL Communications ZYWALL10 User Manual
ZyWALL 10 Internet Security Gateway
Filters
7-1
Chapter 7
Filter Configuration
This chapter shows you how to create and apply filters.
7.1 About
Filtering
Your ZyWALL uses filters to decide whether to allow passage of a data packet and/or to make a call. There
are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and
protocol filters, which are discussed later.
Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided
into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering
can be applied on either the WAN side or the LAN side. Call filtering is used to determine if a packet
should be allowed to trigger a call. Remote node call filtering is only applicable when using PPPoE
encapsulation. Outgoing packets must undergo data filtering before they encounter call filtering as shown in
the following figure.
are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and
protocol filters, which are discussed later.
Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided
into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering
can be applied on either the WAN side or the LAN side. Call filtering is used to determine if a packet
should be allowed to trigger a call. Remote node call filtering is only applicable when using PPPoE
encapsulation. Outgoing packets must undergo data filtering before they encounter call filtering as shown in
the following figure.
Figure 7-1 Outgoing Packet Filtering Process
For incoming packets, your ZyWALL applies data filters only. Packets are processed depending upon
whether a match is found. The following sections describe how to configure filter sets.
whether a match is found. The following sections describe how to configure filter sets.
Data
Filtering
Filtering
Outgoing
Packet
Drop
packet
Built-in
default
Call Filters
User-defined
Call Filters
(if applicable)
Initiate call
if line not up
Active Data
Send packet
and reset
Idle Timer
Or
Or
Drop packet
if line not up
if line not up
Drop packet
if line not up
if line not up
Send packet
but do not reset
Idle Timer
Send packet
but do not reset
Idle Timer
Match
Match
Match
No
match
No
match
No
match
Call Filtering