Zyxel P-2602HW-D1A Router Manual PDF (Setup & Configuration Guide)

Page 196 / 427 Scroll up to view Page 191 - 195

P-2602H(W)(L)-DxA Series User’s Guide

196

Chapter 14 Firewall Configuration

14.4.1

LAN to WAN Rules

The default rule for LAN to WAN traffic is that all users on the LAN are allowed non-

restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want

to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules

The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If

you wish to allow certain WAN users to have access to your LAN, you will need to create

custom rules to allow it.

14.4.2

Alerts

Alerts are reports on events, such as attacks, that you may want to know about right away. You

can choose to generate an alert when a rule is matched in the

Edit Rule

screen (see

Figure 105

on page 200

).

When an event generates an alert, a message can be immediately sent to an e-

mail account that you specify in the

Log Settings

screen. Refer to

Chapter 24 on page 295

for

details.

14.5

General Firewall Policy

Click

Security > Firewall

to display the following screen. Activate the firewall by selecting

the

Active Firewall

check box as seen in the following screen.

Refer to

Section 13.1 on page 181

for more information.

Figure 103

Firewall: General

Page 197 / 427

P-2602H(W)(L)-DxA Series User’s Guide

Chapter 14 Firewall Configuration

197

The following table describes the labels in this screen.

14.6

Firewall Rules Summary

Note:

The ordering of your rules is very important as rules are applied in turn.

Refer to

Section 13.1 on page 181

for more information.

Click

Security > Firewall > Rules

to bring up the following screen. This screen displays a list

of the configured firewall rules. Note the order in which the rules are listed.

Table 70

Firewall: General

LABEL

DESCRIPTION

Active Firewall

Select this check box to activate the firewall. The ZyXEL Device performs access

control and protects against Denial of Service (DoS) attacks when the firewall is

activated.

Bypass Triangle

Route

Select this check box to have the ZyXEL Device firewall permit the use of triangle

route topology on the network. See the appendix

for more on triangle route

topology.

Note:

Allowing asymmetrical routes may let traffic from the WAN go

directly to a LAN computer without passing through the

router. See

Appendix H on page 377

for more on triangle

route topology and how to deal with this problem.

Packet Direction

This is the direction of travel of packets (

LAN to LAN / Router

,

LAN to WAN

,

WAN to WAN / Router

,

WAN to LAN)

.

Firewall rules are grouped based on the direction of travel of packets to which they

apply. For example,

LAN to LAN / Router

means packets traveling from a

computer/subnet on the LAN to either another computer/subnet on the LAN

interface of the ZyXEL Device or the ZyXEL Device itself.

Default Action

Use the drop-down list boxes to select the default action that the firewall is take on

packets that are traveling in the selected direction and do not match any of the

firewall rules.

Select

Drop

to silently discard the packets without sending a TCP reset packet or

an ICMP destination-unreachable message to the sender.

Select

Reject

to deny the packets and send a TCP reset packet (for a TCP packet)

or an ICMP destination-unreachable message (for a UDP packet) to the sender.

Select

Permit

to allow the passage of the packets.

Log

Select the check box to create a log (when the above action is taken) for packets

that are traveling in the selected direction and do not match any of your customized

rules.

Expand...

Click this button to display more information.

Basic...

Click this button to display less information.

Apply

Click

Apply

to save your changes back to the ZyXEL Device.

Cancel

Click

Cancel

to begin configuring this screen afresh.

Page 198 / 427

P-2602H(W)(L)-DxA Series User’s Guide

198

Chapter 14 Firewall Configuration

Figure 104

Firewall Rules

The following table describes the labels in this screen.

Table 71

Firewall Rules

LABEL

DESCRIPTION

Firewall Rules

Storage Space

in Use

This read-only bar shows how much of the ZyXEL Device's memory for recording

firewall rules it is currently using. When you are using 80% or less of the storage

space, the bar is green. When the amount of space used is over 80%, the bar is red.

Packet Direction

Use the drop-down list box to select a direction of travel of packets for which you

want to configure firewall rules.

Create a new

rule after rule

number

Select an index number and click

Add

to add a new firewall rule after the selected

index number. For example, if you select “6”, your new rule becomes number 7 and

the previous rule 7 (if there is one) becomes rule 8.

The following read-only fields summarize the rules you have created that apply to

traffic traveling in the selected packet direction. The firewall rules that you configure

(summarized below) take priority over the general firewall action settings in the

General

screen.

#

This is your firewall rule number. The ordering of your rules is important as rules are

applied in turn.

Active

This field displays whether a firewall is turned on or not. Select the check box to

enable the rule. Clear the check box to disable the rule.

Source IP

This drop-down list box displays the source addresses or ranges of addresses to

which this firewall rule applies. Please note that a blank source or destination

address is equivalent to

Any

.

Destination IP

This drop-down list box displays the destination addresses or ranges of addresses to

which this firewall rule applies. Please note that a blank source or destination

address is equivalent to

Any

.

Service

This drop-down list box displays the services to which this firewall rule applies. See

Appendix 31 on page 371

for more information.

Action

This field displays whether the firewall silently discards packets (

Drop

), discards

packets and sends a TCP reset packet or an ICMP destination-unreachable

message to the sender (

Reject

) or allows the passage of packets (

Permit

).

Schedule

This field tells you whether a schedule is specified (

Yes

) or not (

No

).

Page 199 / 427

P-2602H(W)(L)-DxA Series User’s Guide

Chapter 14 Firewall Configuration

199

14.6.1

Configuring Firewall Rules

Refer to

Section 13.1 on page 181

for more information.

In the

Rules

screen, select an index number and click

Add

or click a rule’s

Edit

icon to

display this screen and refer to the following table for information on the labels.

Log

This field shows you whether a log is created when packets match this rule (

Yes

) or

not (

No

).

Modify

Click the Edit icon to go to the screen where you can edit the rule.

Click the Remove icon to delete an existing firewall rule. A window displays asking

you to confirm that you want to delete the firewall rule. Note that subsequent firewall

rules move up by one when you take this action.

Order

Click the Move icon to display the

Move the rule to

field. Type a number in the M

ove

the rule to

field and click the

Move

button to move the rule to the number that you

typed. The ordering of your rules is important as they are applied in order of their

numbering.

Apply

Click

Apply

to save your changes back to the ZyXEL Device.

Cancel

Click

Cancel

to begin configuring this screen afresh.

Table 71

Firewall Rules (continued)

LABEL

DESCRIPTION

Page 200 / 427

P-2602H(W)(L)-DxA Series User’s Guide

200

Chapter 14 Firewall Configuration

Figure 105

Firewall: Edit Rule

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share