ZyXEL 35 Guia Do Utilizador

 

 

All contents copyright (c) 2006 ZyXEL Communications Corporation.   

245

 

 

A typical SMB network, as illustrated in the above figure, may be segmented into Intranet (trusted 

network), DMZ for Internet-facing servers and Internet (distrusted networks). 

 

In Intranet, there are tens of company employees having to access the Internet resources. They need to do 

web browsing, send/receive emails via company mail server, using hotmail or Google Gmail, doing file 

download upload and even having IM application to increase productivity. 

In the DMZ, they will host couple Internet-facing servers, including DNS, web, email and ftp servers to 

provide services to their customers/partners. 

 

From Internet, public users may need to access the servers in DMZ.   

In addition to basic access control lists deployed on ZyWALL 5 UTM, IT staff must have additional 

application layer of protection. It should inspect traffics from/to these network segments to ensure 

malicious activities will not take place. 

 

To protect computer networks against virus intrusions and attacks from Internet 

Following example will demonstrate how to use ZyWALL 5 UTM to prevent virus and worms from entering 

the intranet and DMZ networks behind ZyWALL. 

Since most virus and worms are coming from the internet, thus all incoming traffic from internet (WAN) to 

intranet (LAN and DMZ) should be inspected. Configure your ZyWALL 5 UTM based on this example will