1. Home
    2. /
  2. Manuals
    3. /
  3. ZoneAlarm
    4. /
  4. Z100G
    5. /
  5. 38
Page 186 / 428 Scroll up to view Page 181 - 185
Using Firewall Rules
172
Check Point ZoneAlarm User Guide
Using Firewall Rules
The ZoneAlarm router checks the protocol used, the ports range, and the destination IP
address, when deciding whether to allow or block traffic.
User-defined rules have priority over the default security policy rules and provide you with
greater flexibility in defining and customizing your security policy.
For example, if your company computers are located on the LAN network, and guests are
allowed to use the WLAN network, then as a result of the default security policy rules,
employees on the LAN will be able to connect to guest computers, while guests will not be
able to access any sensitive information on the company computers. You can override the
default security policy rules, by creating firewall rules that allow specific WLAN
computers (such a employee's laptop) to connect to the LAN network and company
resources.
The ZoneAlarm router processes user-defined rules in the order they appear in the
Rules
table, so that rule 1 is applied before rule 2, and so on. This enables you to define
exceptions to rules, by placing the exceptions higher up in the
Rules
table.
Page 187 / 428
Using Firewall Rules
Chapter 10: Setting Your Security Policy
173
For example, if you want to block all outgoing FTP traffic, except traffic from a specific IP
address, you can create a rule blocking all outgoing FTP traffic and move the rule down in
the
Rules
table. Then create a rule allowing FTP traffic from the desired IP address and
move this rule to a higher location in the Rules table than the first rule. In the figure below,
the general rule is rule number 2, and the exception is rule number 1.
The ZoneAlarm router will process rule 1 first, allowing outgoing FTP traffic from the
specified IP address, and only then it will process rule 2, blocking all outgoing FTP traffic.
Page 188 / 428
Using Firewall Rules
174
Check Point ZoneAlarm User Guide
The following rule types exist:
Table 32: Firewall Rule Types
Rule
Description
Allow and
Forward
This rule type enables you to do the following:
Permit incoming traffic from the Internet to a specific service and
destination IP address in your internal network and then forward all
such connections to a specific computer in your network. Such rules
are called NAT forwarding rules.
For example, if the gateway has two public IP addresses,
62.98.112.1 and 62.98.112.2, and the network contains two private
Web servers, A and B, you can forward all traffic with the destination
62.98.112.1 to server A, while forwarding all traffic with the
destination 62.98.112.2 to server B.
Note:
Creating an Allow and Forward rule for incoming traffic to the
default destination
This Gateway
(which represents the ZoneAlarm IP
address), is equivalent to defining a server in the
Servers
page.
Permit outgoing traffic from your internal network to a specific
service and destination IP address on the Internet and then divert all
such connections to a specific IP address. Such rules are called
transparent proxy rules.
For example, you can redirect all traffic destined for a specific Web
server on the Internet to a different IP address.
Redirect the specified connections to a specific port. This option is
called Port Address Translation (PAT).
Note:
You must use this type of rule to allow incoming connections if your
network uses Hide NAT.
Page 189 / 428
Using Firewall Rules
Chapter 10: Setting Your Security Policy
175
Rule
Description
Allow
This rule type enables you to do the following:
Permit outgoing access from your internal network to a specific
service on the Internet.
Permit incoming access from the Internet to a specific service in
your internal network.
Note:
You cannot use an Allow rule to permit incoming traffic, if the network or
VPN uses Hide NAT. Use an “Allow and Forward” rule instead. However, you
can use Allow rules for static NAT IP addresses.
Block
This rule type enables you to do the following:
Block outgoing access from your internal network to a specific
service on the Internet.
Block incoming access from the Internet to a specific service in your
internal network.
Page 190 / 428
Using Firewall Rules
176
Check Point ZoneAlarm User Guide
Adding and Editing Firewall Rules
To add or edit a firewall rule
1.
Click
Security
in the main menu, and click the
Rules
tab.
The
Rules
page appears.
2.
Do one of the following:
To add a new rule, click
Add Rule
.
To edit an existing rule, click the Edit icon next to the desired rule.

Rate

3.5 / 5 based on 2 votes.

Popular ZoneAlarm Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top