ZyXEL Communications P-2304R-P1 Series User Manual
Chapter 12 Firewall
P-2304R-P1 Series User’s Guide
138
The ZyXEL Device has one Ethernet WAN port and four Ethernet LAN ports, which are used
to physically separate the network into two areas.The WAN (Wide Area Network) port
attaches to the broadband (cable or DSL) modem to the Internet.
The LAN (Local Area Network) port attaches to a network of computers, which needs security
from the outside world. These computers will have access to Internet services such as e-mail,
FTP and the World Wide Web. However, "inbound access" is not allowed (by default) unless
the remote host is authorized to use a specific service.
to physically separate the network into two areas.The WAN (Wide Area Network) port
attaches to the broadband (cable or DSL) modem to the Internet.
The LAN (Local Area Network) port attaches to a network of computers, which needs security
from the outside world. These computers will have access to Internet services such as e-mail,
FTP and the World Wide Web. However, "inbound access" is not allowed (by default) unless
the remote host is authorized to use a specific service.
12.1.3 Guidelines For Enhancing Security With Your Firewall
1 Change the default password via web configurator.
2 Think about access control before you connect to the network in any way, including
2 Think about access control before you connect to the network in any way, including
attaching a modem to the port.
3 Limit who can access your router.
4 Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled
4 Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled
service could present a potential security risk. A determined hacker might be able to find
creative ways to misuse the enabled services to access the firewall or the network.
creative ways to misuse the enabled services to access the firewall or the network.
5 For local services that are enabled, protect against misuse. Protect by configuring the
services to communicate only with specific peers, and protect by configuring rules to
block packets for the services at specific interfaces.
block packets for the services at specific interfaces.
6 Protect against IP spoofing by making sure the firewall is active.
7 Keep the firewall in a secured (locked) room.
7 Keep the firewall in a secured (locked) room.
12.1.4 The Firewall, NAT and Remote Management
Figure 68 Firewall Rule Directions
12.1.4.1 LAN-to-WAN rules
LAN-to-WAN rules are local network to Internet firewall rules. The default is to forward all
traffic from your local network to the Internet.
You can block certain LAN-to-WAN traffic in the Services screen (click the Services tab).
All services displayed in the Blocked Services list box are LAN-to-WAN firewall rules that
block those services originating from the LAN.
traffic from your local network to the Internet.
You can block certain LAN-to-WAN traffic in the Services screen (click the Services tab).
All services displayed in the Blocked Services list box are LAN-to-WAN firewall rules that
block those services originating from the LAN.