Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

176

The following table describes the labels in this screen.

15.3

The Default Action Screen

Use this screen to set the default action that the firewall takes on packets that do not match any of

the firewall rules. Click

Security > Firewall > Default Action

to display the following screen.

Figure 82

Security > Firewall > Default Action

Table 60

Security > Firewall > General

LABEL

DESCRIPTION

High

This setting blocks all traffic to and from the Internet. Only local network traffic and LAN to WAN

service (Telnet, FTP, HTTP, HTTPS, DNS, POP3, SMTP) is permitted.

Medium

This is the recommended setting. It allows traffic to the Internet but blocks anyone from the

Internet from accessing any services on your local network.

Low

This setting allows traffic to the Internet and also allows someone from the Internet to access

services on your local network. This would be used with Port Forwarding, Default Server.

Custom

This setting allows the customer to create and edit individual firewall rules.

Firewall rules can be created in the Default Action screen (

Section 15.3 on page 176

) and Rules

screen (

Section 15.4 on page 178

).

Off

This setting is not recommended. It disables firewall protection for your network and could

potentially expose your network to significant security risks. This option should only be used for

troubleshooting or if you intend using another firewall in conjunction with your ZyXEL router.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

177

The following table describes the labels in this screen.

Table 61

Security > Firewall > Default Action

LABEL

DESCRIPTION

Packet Direction

This is the direction of travel of packets (

LAN to Router

,

LAN to WAN

,

WAN to Router

,

WAN to LAN

).

Firewall rules are grouped based on the direction of travel of packets to which they apply.

For example,

LAN to Router

means packets traveling from a computer/subnet on the

LAN to the AMG1302/AMG1202-TSeries itself.

Default Action

Use the drop-down list boxes to select the default action that the firewall is to take on

packets that are traveling in the selected direction and do not match any of the firewall

rules.

Select

Drop

to silently discard the packets without sending a TCP reset packet or an ICMP

destination-unreachable message to the sender.

Select

Reject

to deny the packets and send a TCP reset packet (for a TCP packet) or an

ICMP destination-unreachable message (for a UDP packet) to the sender.

Select

Permit

to allow the passage of the packets.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

178

15.4

The Rules Screen

Click

Security > Firewall > Rules

to display the following screen. This screen displays a list of the

configured firewall rules. Note the order in which the rules are listed.

Note: The firewall configuration screen shown in this section is specific to the following

devices: P-The ordering of your rules is very important as rules are applied in turn.

Figure 83

Security > Firewall > Rules

The following table describes the labels in this screen.

Table 62

Security > Firewall > Rules

LABEL

DESCRIPTION

Firewall Rules Storage

Space in Use

This read-only bar shows how much of the AMG1302/AMG1202-TSeries's memory for

recording firewall rules it is currently using. When you are using 80% or less of the

storage space, the bar is green. When the amount of space used is over 80%, the

bar is red.

Packet Direction

Use the drop-down list box to select a direction of travel of packets for which you

want to configure firewall rules.

Create a new rule

after rule number

Select an index number and click

Add

to add a new firewall rule after the selected

index number. For example, if you select “6”, your new rule becomes number 7 and

the previous rule 7 (if there is one) becomes rule 8.

The following read-only fields summarize the rules you have created that apply to

traffic traveling in the selected packet direction. The firewall rules that you configure

(summarized below) take priority over the general firewall action settings in the

General

screen.

#

This is your firewall rule number. The ordering of your rules is important as rules are

applied in turn.

Active

This field displays whether a firewall is turned on or not. Select the check box to

enable the rule. Clear the check box to disable the rule.

Source IP Address

This column displays the source addresses or ranges of addresses to which this

firewall rule applies. Please note that a blank source or destination address is

equivalent to

Any

.

Destination IP Address

This column displays the destination addresses or ranges of addresses to which this

firewall rule applies. Please note that a blank source or destination address is

equivalent to

Any

.

Service

This column displays the services to which this firewall rule applies. See

Appendix F

on page 305

for more information.

Action

This field displays whether the firewall silently discards packets (

Drop

), discards

packets and sends a TCP reset packet or an ICMP destination-unreachable message

to the sender (

Reject

) or allows the passage of packets (

Permit

).

Source Interface

This column displays the source interface to which this firewall rule applies. This is

the interface through which the traffic entered the AMG1302/AMG1202-TSeries.

Please note that a blank source interface is equivalent to

Any

.

Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

179

15.4.1

The Rules Add Screen

Use this screen to configure firewall rules. In the

Rules

screen, select an index number and click

Add

or click a rule’s

Edit

icon to display this screen and refer to the following table for information

on the labels.

Destination Interface

This column displays the destination interface to which this firewall rule applies. This

is the interface through which the traffic is destined to leave the AMG1302/

AMG1202-TSeries. Please note that a blank source interface is equivalent to

Any

.

Modify

Click the

Edit

icon to go to the screen where you can edit the rule.

Click the

Remove

icon to delete an existing firewall rule. A window displays asking

you to confirm that you want to delete the firewall rule. Note that subsequent firewall

rules move up by one when you take this action.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Table 62

Security > Firewall > Rules

LABEL

DESCRIPTION

Chapter 15 Firewall

AMG1302/AMG1202-TSeries User’s Guide

180

Figure 84

Security > Firewall > Rules > Add

The following table describes the labels in this screen.

Table 63

Security > Firewall > Rules > Add

LABEL

DESCRIPTION

Active

Select this option to enable this firewall rule.

Action for Matched

Packets

Use the drop-down list box to select whether to discard (

Drop

), deny

and send an

ICMP destination-unreachable message to the sender of (

Reject

) or allow the

passage of (

Permit

) packets that match this rule.

IP Version Type

Select the IP version,

IPv4

or

IPv6

, to apply this firewall rule to.

Rate Limit

Set a maximum number of packets per second, minute, or hour to limit the

throughput of traffic that matches this rule.

Maximum Burst

Number

Set the maximum number of packets that can be sent at the peak rate.

Log

This field determines if a log for packets that match the rule is created or not.

Rules/Destination Address