ZyXEL Communications 1000 ユーザーズマニュアル
Chapter 24 Firewall
ZyWALL USG 1000 User’s Guide
426
traffic blocking to allow or block VPN traffic transmitting between the VPN tunnel
and other interfaces in the LAN zone. If you add the VPN tunnel to a new zone (the
VPN zone for example), you can configure rules for VPN traffic between the VPN
zone and other zones or From VPN To-ZyWALL rules for VPN traffic destined for
the ZyWALL.
and other interfaces in the LAN zone. If you add the VPN tunnel to a new zone (the
VPN zone for example), you can configure rules for VPN traffic between the VPN
zone and other zones or From VPN To-ZyWALL rules for VPN traffic destined for
the ZyWALL.
Session Limits
Accessing the ZyWALL or network resources through the ZyWALL requires a NAT
session and corresponding firewall session. Peer to peer applications, such as file
sharing applications, may use a large number of NAT sessions. A single client
could use all of the available NAT sessions and prevent others from connecting to
or through the ZyWALL. The ZyWALL lets you limit the number of concurrent NAT/
firewall sessions a client can use.
session and corresponding firewall session. Peer to peer applications, such as file
sharing applications, may use a large number of NAT sessions. A single client
could use all of the available NAT sessions and prevent others from connecting to
or through the ZyWALL. The ZyWALL lets you limit the number of concurrent NAT/
firewall sessions a client can use.
Finding Out More
• See
for related information on the Firewall
screens.
• See
for an example of creating firewall rules as part
of configuring user-aware access control (
• See
allow H.323 traffic from the WAN to the LAN.
• See
allow web traffic from the WAN to a server on the DMZ.
• See
allow SIP traffic for an IPPBX or SIP server on the DMZ.
24.1.3 Firewall Rule Example Applications
Suppose that your company decides to block all of the LAN users from using IRC
(Internet Relay Chat) through the Internet. To do this, you would configure a LAN
to WAN firewall rule that blocks IRC traffic from any source IP address from going
to any destination address. You do not need to specify a schedule since you need
(Internet Relay Chat) through the Internet. To do this, you would configure a LAN
to WAN firewall rule that blocks IRC traffic from any source IP address from going
to any destination address. You do not need to specify a schedule since you need