ZyXEL Communications Corporation EMG6765-Q10A Manuel D’Utilisation

 Chapter 17 Firewall

EMG6765-Q10A User’s Guide

Don't enable any local service (such as NTP) that you don't use. Any enabled service could present a 
potential security risk. A determined hacker might be able to find creative ways to misuse the enabled 
services to access the firewall or the network. 

For local services that are enabled, protect against misuse. Protect by configuring the services to 
communicate only with specific peers, and protect by configuring rules to block packets for the services 
at specific interfaces. 

Protect against IP spoofing by making sure the firewall is active. 

Keep the firewall in a secured (locked) room. 

Use this screen to enable or disable the EMG6765-Q10A’s firewall, and set up firewall logs. Click Security 
> Firewall to open the General screen.

Figure 74   Security > Firewall > General l

The following table describes the labels in this screen.

If an outside user attempts to probe an unsupported port on your EMG6765-Q10A, an ICMP response 
packet is automatically returned. This allows the outside user to know the EMG6765-Q10A exists. Use this 
screen to prevent the ICMP response packet from being sent. This keeps outsiders from discovering your 
EMG6765-Q10A when unsupported ports are probed.

You can also use this screen to enable service blocking, enter/delete/modify the services you want to 
block and the date/time you want to block them.

Click Security > Firewall > Services. The screen appears as shown next. 

Table 55   Security > Firewall > General 

Enable Firewall

Select this check box to activate the firewall. The EMG6765-Q10A performs access control 
and protects against Denial of Service (DoS) attacks when the firewall is activated.

Apply

Click Apply to save the settings. 

Cancel

Click Cancel to start configuring this screen again.