ZyXEL Communications 1000 ユーザーズマニュアル

Chapter 24 Firewall

ZyWALL USG 1000 User’s Guide

traffic blocking to allow or block VPN traffic transmitting between the VPN tunnel 
and other interfaces in the LAN zone. If you add the VPN tunnel to a new zone (the 
VPN zone for example), you can configure rules for VPN traffic between the VPN 
zone and other zones or From VPN To-ZyWALL rules for VPN traffic destined for 
the ZyWALL.

Accessing the ZyWALL or network resources through the ZyWALL requires a NAT 
session and corresponding firewall session. Peer to peer applications, such as file 
sharing applications, may use a large number of NAT sessions. A single client 
could use all of the available NAT sessions and prevent others from connecting to 
or through the ZyWALL. The ZyWALL lets you limit the number of concurrent NAT/
firewall sessions a client can use.

• See 

 for related information on the Firewall 

screens.

• See 

 for an example of creating firewall rules as part 

of configuring user-aware access control (

• See 

 for an example of creating a firewall rule to 

allow H.323 traffic from the WAN to the LAN. 

• See 

 for an example of creating a firewall rule to 

allow web traffic from the WAN to a server on the DMZ. 

• See 

 for an example of creating firewall rules to 

allow SIP traffic for an IPPBX or SIP server on the DMZ. 

Suppose that your company decides to block all of the LAN users from using IRC 
(Internet Relay Chat) through the Internet. To do this, you would configure a LAN 
to WAN firewall rule that blocks IRC traffic from any source IP address from going 
to any destination address. You do not need to specify a schedule since you need