ZyXEL 2WG 用户指南
Chapter 12 Firewall Screens
ZyWALL 2WG User’s Guide
242
12.1.1 What You Can Do in the Firewall Screens
• Use the Default Rule screens (
) to configure general firewall
settings when the ZyWALL is set to router mode or bridge mode.
• Use the Rule Summary screens (
) to configure firewall rules.
• Use the Anti-Probing screen (
ZyWALL’s interfaces will respond to Ping requests and whether or not the ZyWALL is to
respond to probing for unused ports.
respond to probing for unused ports.
• Use the Threshold screen (
actions to be taken when a threshold is reached.
• Use the Service screen (
) to configure custom services for use in
firewall rules or view the services that are predefined in the ZyWALL.
12.1.2 What You Need To Know About The ZyWALL Firewall
Packet Direction
Packets have source and destination address headers. You can set what the ZyWALL does with
packets traveling in a specific direction (including going to/coming from a VPN tunnel) that
do not match any of the firewall rules. See also
packets traveling in a specific direction (including going to/coming from a VPN tunnel) that
do not match any of the firewall rules. See also
Packet Direction Examples on page 261
.
Asymmetrical Routes
Asymmetrical routes only apply if you have another gateway on your LAN, the ZyWALL is in
Router mode, and the firewall is enabled. If return traffic is routed through the LAN gateway
(instead of the ZyWALL), then the ZyWALL may reset the ‘incomplete’ connection. When
you enable asymmetrical routes, interface to same interface (for example WAN 1 to WAN 1,
VPN to VPN and so on) traffic is not checked by the firewall. See
Router mode, and the firewall is enabled. If return traffic is routed through the LAN gateway
(instead of the ZyWALL), then the ZyWALL may reset the ‘incomplete’ connection. When
you enable asymmetrical routes, interface to same interface (for example WAN 1 to WAN 1,
VPN to VPN and so on) traffic is not checked by the firewall. See
Asymmetrical Routes and
IP Alias on page 264
for information on how to use IP alias instead of asymmetrical routes.
12.1.3 Before You Begin
Before you configure the firewall, you must first decide if the ZyWALL will act as a Router or
a Bridge. When the ZyWALL is in Bridge mode, the firewall is transparent to your network.
You do not have to reconfigure existing network configurations.
a Bridge. When the ZyWALL is in Bridge mode, the firewall is transparent to your network.
You do not have to reconfigure existing network configurations.
12.2 Firewall Rules Example
Suppose that your company decides to block all of the LAN users from using IRC (Internet
Relay Chat) through the Internet. To do this, you would configure a LAN to WAN firewall rule
that blocks IRC traffic from any source IP address from going to any destination address. You
do not need to specify a schedule since you need the firewall rule to always be in effect. The
following figure shows the results of this rule.
Relay Chat) through the Internet. To do this, you would configure a LAN to WAN firewall rule
that blocks IRC traffic from any source IP address from going to any destination address. You
do not need to specify a schedule since you need the firewall rule to always be in effect. The
following figure shows the results of this rule.