ZyXEL g-2000 plusv2 Guia Do Utilizador
ZyXEL G-2000 Plus v2 User’s Guide
Chapter 11 Firewall Screens
147
3 Does a rule that allows Internet users access to resources on the LAN create a security
vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the
LAN, Internet users may be able to connect to computers with running FTP servers.
LAN, Internet users may be able to connect to computers with running FTP servers.
4 Does this rule conflict with any existing rules?
Once these questions have been answered, adding rules is simply a matter of plugging the
information into the correct fields in the web configurator screens.
information into the correct fields in the web configurator screens.
11.3.3 Key Fields For Configuring Rules
11.3.3.1 Action
Should the action be to Block or Forward?
Note: “Block” means the firewall silently discards the packet.
11.3.3.2 Service
Select the service from the Service scrolling list box. If the service is not listed, it is necessary
to first define it. See “Predefined Services” on page 159 for more information on predefined
services.
to first define it. See “Predefined Services” on page 159 for more information on predefined
services.
11.3.3.3 Source Address
What is the connection’s source address; is it on the LAN or WAN? Is it a single IP, a range of
IPs or a subnet?
IPs or a subnet?
11.3.3.4 Destination Address
What is the connection’s destination address; is it on the LAN or WAN? Is it a single IP, a
range of IPs or a subnet?
range of IPs or a subnet?
11.4 Connection Direction Examples
This section describes examples for firewall rules for connections going from LAN to WAN
and from WAN to LAN.
and from WAN to LAN.
LAN to LAN/ZyXEL device and WAN to WAN/ZyXEL device rules apply to packets
coming in on the associated interface (LAN or WAN respectively). LAN to LAN/ZyXEL
device means policies for LAN-to-ZyXEL device (the policies for managing the ZyXEL
device through the LAN interface) and policies for LAN-to-LAN (the policies that control
routing between two subnets on the LAN). Similarly, WAN to WAN/ZyXEL device polices
apply in the same way to the WAN ports.
coming in on the associated interface (LAN or WAN respectively). LAN to LAN/ZyXEL
device means policies for LAN-to-ZyXEL device (the policies for managing the ZyXEL
device through the LAN interface) and policies for LAN-to-LAN (the policies that control
routing between two subnets on the LAN). Similarly, WAN to WAN/ZyXEL device polices
apply in the same way to the WAN ports.