ZyXEL p-2302hw-p1 Manual Do Utilizador
P-2302HW/HWL-P1 Series User’s Guide
Chapter 14 Firewall
191
Blocked LAN-to-WAN packets are considered alerts. Alerts are “higher priority logs” that
include system errors, attacks and attempted access to blocked web sites. Alerts appear in red
in the View Log screen. You may choose to have alerts e-mailed immediately in the Log
Settings screen.
include system errors, attacks and attempted access to blocked web sites. Alerts appear in red
in the View Log screen. You may choose to have alerts e-mailed immediately in the Log
Settings screen.
LAN-to-LAN/ZyXEL Device means the LAN to the ZyXEL Device LAN interface. This is
always allowed, as this is how you manage the ZyXEL Device from your local computer.
always allowed, as this is how you manage the ZyXEL Device from your local computer.
14.1.4.2 WAN-to-LAN rules
WAN-to-LAN rules are Internet to your local network firewall rules. The default is to block
all traffic from the Internet to your local network.
all traffic from the Internet to your local network.
How can you forward certain WAN to LAN traffic? You may allow traffic originating from the
WAN to be forwarded to the LAN by:
WAN to be forwarded to the LAN by:
• Configuring NAT port forwarding rules.
• Configuring WAN or LAN & WAN access for services in the Remote Management
screens. When you allow remote management from the WAN, you are actually
configuring WAN-to-WAN/ZyXEL Device firewall rules. WAN-to-WAN/ZyXEL Device
firewall rules are Internet to the ZyXEL Device WAN interface firewall rules. The default
is to block all such traffic. When you decide what WAN-to-LAN packets to log, you are
in fact deciding what WAN-to-LAN and WAN-to-WAN/ZyXEL Device packets to log.
configuring WAN-to-WAN/ZyXEL Device firewall rules. WAN-to-WAN/ZyXEL Device
firewall rules are Internet to the ZyXEL Device WAN interface firewall rules. The default
is to block all such traffic. When you decide what WAN-to-LAN packets to log, you are
in fact deciding what WAN-to-LAN and WAN-to-WAN/ZyXEL Device packets to log.
Forwarded WAN-to-LAN packets are not considered alerts.
14.2 Triangle Route
When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and
the Internet. In an ideal network topology, all incoming and outgoing network traffic passes
through the ZyXEL Device to protect your LAN against attacks.
the Internet. In an ideal network topology, all incoming and outgoing network traffic passes
through the ZyXEL Device to protect your LAN against attacks.
Figure 103 Ideal Firewall Setup
14.2.1 The “Triangle Route” Problem
A traffic route is a path for sending or receiving data packets between two Ethernet devices.
You may have more than one connection to the Internet (through one or more ISPs). If an
alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL
Device’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may
occur. The steps below describe the “triangle route” problem.
You may have more than one connection to the Internet (through one or more ISPs). If an
alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL
Device’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may
occur. The steps below describe the “triangle route” problem.