ZyXEL 2WG 사용자 가이드
ZyWALL 2WG User’s Guide
99
C
H A P T E R
4
Tutorial
This chapter describes how to apply security settings to VPN traffic, how to set up your
ZyWALL if you have more than one fixed (static) IP address from your ISP and how to
allocate bandwidth and apply priorities to traffic that flows out through the ZyWALL’s WAN
port.
ZyWALL if you have more than one fixed (static) IP address from your ISP and how to
allocate bandwidth and apply priorities to traffic that flows out through the ZyWALL’s WAN
port.
4.1 Security Settings for VPN Traffic
The ZyWALL can apply the firewall and content filtering to the traffic going to or from the
ZyWALL’s VPN tunnels. The ZyWALL applies the security settings to the traffic before
encrypting VPN traffic that it sends out or after decrypting received VPN traffic.
ZyWALL’s VPN tunnels. The ZyWALL applies the security settings to the traffic before
encrypting VPN traffic that it sends out or after decrypting received VPN traffic.
"
The security settings apply to VPN traffic going to or from the ZyWALL’s VPN
tunnels. They do not apply to other VPN traffic for which the ZyWALL is not
one of the gateways (VPN pass-through traffic).
tunnels. They do not apply to other VPN traffic for which the ZyWALL is not
one of the gateways (VPN pass-through traffic).
You can turn on content filtering for all of the ZyWALL’s VPN traffic (regardless of its
direction of travel). You can apply firewall security to VPN traffic based on its direction of
travel. The following examples show how you do this for
direction of travel). You can apply firewall security to VPN traffic based on its direction of
travel. The following examples show how you do this for
the firewall.
4.1.1 Firewall Rule for VPN Example
The firewall provides even more fine-tuned control for VPN tunnels. You can configure
default and custom firewall rules for VPN packets.
Take the following example. You have a LAN FTP server with IP address 192.168.1.4 behind
device A. You could configure a VPN rule to allow the network behind device B to access
your LAN FTP server through a VPN tunnel. Now, if you don’t want other services like chat
or e-mail going to the FTP server, you can configure firewall rules that allow only FTP traffic
to come from VPN tunnels to the FTP server. Furthermore, you can configure the firewall rule
so that only the network behind device B can access the FTP server through a VPN tunnel (not
other remote networks that have VPN tunnels with the ZyWALL).
default and custom firewall rules for VPN packets.
Take the following example. You have a LAN FTP server with IP address 192.168.1.4 behind
device A. You could configure a VPN rule to allow the network behind device B to access
your LAN FTP server through a VPN tunnel. Now, if you don’t want other services like chat
or e-mail going to the FTP server, you can configure firewall rules that allow only FTP traffic
to come from VPN tunnels to the FTP server. Furthermore, you can configure the firewall rule
so that only the network behind device B can access the FTP server through a VPN tunnel (not
other remote networks that have VPN tunnels with the ZyWALL).