ZyXEL Communications P-312 User Manual
P312 Broadband Security Gateway
13-2
What Is a Firewall?
needed to filter application traffic and direct it to a number of specific systems. The router need only
allow application traffic destined for the application gateway and reject the rest.
allow application traffic destined for the application gateway and reject the rest.
13.1.3 Stateful Inspection firewalls
Stateful Inspection firewalls restrict access by screening data packets against defined access rules. They make
access control decisions based on IP address and protocol. They also "inspect" the session data to assure the
integrity of the connection and to adapt to dynamic protocols. These firewalls generally provides the best
speed and transparency, however, they may lack the granular application level access control or caching that
some proxies support. See section 13.4 for more information on Stateful Inspection.
Firewalls, of one type or another, have become an integral part of standard security solutions for the
enterprise.
access control decisions based on IP address and protocol. They also "inspect" the session data to assure the
integrity of the connection and to adapt to dynamic protocols. These firewalls generally provides the best
speed and transparency, however, they may lack the granular application level access control or caching that
some proxies support. See section 13.4 for more information on Stateful Inspection.
Firewalls, of one type or another, have become an integral part of standard security solutions for the
enterprise.
13.2 Introduction to ZyXEL’s Firewall
The Prestige firewall is a stateful inspection firewall and is designed to protect against Denial of Service
attacks when activated (in SMT Menu 21.2 or the Prestige Web Configurator). The purpose is to allow a
private Local Area Network (LAN) to be securely connected to the Internet. The Prestige can be used to
prevent theft, destruction, and modification of data as well as log events, which may be important to the
security of your network. The Prestige also has packet filtering capabilities.
The Prestige is installed between the LAN and a broadband modem connecting to the Internet. This allows it
to act as a secure gateway for all data passing between the Internet and the LAN.
The Prestige has one Ethernet WAN port and one Ethernet LAN port, which are used to physically separate
the network into two areas.
attacks when activated (in SMT Menu 21.2 or the Prestige Web Configurator). The purpose is to allow a
private Local Area Network (LAN) to be securely connected to the Internet. The Prestige can be used to
prevent theft, destruction, and modification of data as well as log events, which may be important to the
security of your network. The Prestige also has packet filtering capabilities.
The Prestige is installed between the LAN and a broadband modem connecting to the Internet. This allows it
to act as a secure gateway for all data passing between the Internet and the LAN.
The Prestige has one Ethernet WAN port and one Ethernet LAN port, which are used to physically separate
the network into two areas.
!
The WAN (Wide Area Network) port attaches to the broadband modem (Cable Modem, ADSL modem)
connecting to the Internet.
connecting to the Internet.
!
The LAN (Local Area Network) port attaches to the network of machines, which are to be secured from
the outside world. These machines will have access to Internet services such as E-mail, FTP, and the
World Wide Web. However, “inbound access” will not be allowed unless the remote host is authorized
to use the specific service.
the outside world. These machines will have access to Internet services such as E-mail, FTP, and the
World Wide Web. However, “inbound access” will not be allowed unless the remote host is authorized
to use the specific service.