Page 156 / 421 Scroll up to view Page 151 - 155
Chapter 9 Firewalls
P-660HN-FxZ Series User’s Guide
154
Figure 82
Firewall Example: Edit Rule: Destination Address
9
Use the
Add >>
and
Remove
buttons between
Available Services
and
Selected
Services
list boxes to configure it as follows. Click
Apply
when you are done.
"
Custom services show up with an “*” before their names in the
Services
list
box and the
Rules
list box.
Page 157 / 421
Chapter 9 Firewalls
P-660HN-FxZ Series User’s Guide
155
Figure 83
Firewall Example: Edit Rule: Select Customized Services
On completing the configuration procedure for this Internet firewall rule, the
Rules
screen
should look like the following.
Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through
10.0.0.15 on the LAN.
Page 158 / 421
Chapter 9 Firewalls
P-660HN-FxZ Series User’s Guide
156
Figure 84
Firewall Example: Rules: MyService
9.2
The Firewall General Screen
Use this screen to configure the firewall settings. Click
Security > Firewall
to display the
following screen.
Figure 85
Security > Firewall > General
Page 159 / 421
Chapter 9 Firewalls
P-660HN-FxZ Series User’s Guide
157
The following table describes the labels in this screen.
9.3
The Firewall Rule Screen
"
The ordering of your rules is very important as rules are applied in turn.
Refer to
Section 9.5 on page 166
for more information.
Table 52
Security > Firewall > General
LABEL
DESCRIPTION
Active Firewall
Select this check box to activate the firewall. The ZyXEL Device performs access
control and protects against Denial of Service (DoS) attacks when the firewall is
activated.
Bypass Triangle
Route
If an alternate gateway on the LAN has an IP address in the same subnet as the
ZyXEL Device’s LAN IP address, return traffic may not go through the ZyXEL
Device. This is called an asymmetrical or “triangle” route. This causes the ZyXEL
Device to reset the connection, as the connection has not been acknowledged.
Select this check box to have the ZyXEL Device permit the use of asymmetrical
route topology on the network (not reset the connection).
Note: Allowing asymmetrical routes may let traffic from the WAN go
directly to the LAN without passing through the ZyXEL
Device. A better solution is to use IP alias to put the ZyXEL
Device and the backup gateway on separate subnets. See
Section 9.5.4.1 on page 169
for an example.
Packet Direction
This is the direction of travel of packets (
LAN to LAN / Router
,
LAN to WAN
,
WAN to WAN / Router
,
WAN to LAN)
.
Firewall rules are grouped based on the direction of travel of packets to which they
apply. For example,
LAN to LAN / Router
means packets traveling from a
computer/subnet on the LAN to either another computer/subnet on the LAN
interface of the ZyXEL Device or the ZyXEL Device itself.
Default Action
Use the drop-down list boxes to select the default action that the firewall is to take
on packets that are traveling in the selected direction and do not match any of the
firewall rules.
Select
Drop
to silently discard the packets without sending a TCP reset packet or
an ICMP destination-unreachable message to the sender.
Select
Reject
to deny the packets and send a TCP reset packet (for a TCP
packet) or an ICMP destination-unreachable message (for a UDP packet) to the
sender.
Select
Permit
to allow the passage of the packets.
Log
Select the check box to create a log (when the above action is taken) for packets
that are traveling in the selected direction and do not match any of your
customized rules.
Expand...
Click this to display more information.
Basic...
Click this to display less information.
Apply
Click this to save your changes.
Cancel
Click this to restore your previously saved settings.
Page 160 / 421
Chapter 9 Firewalls
P-660HN-FxZ Series User’s Guide
158
Click
Security > Firewall > Rules
to bring up the following screen. This screen displays a list
of the configured firewall rules. Note the order in which the rules are listed.
Figure 86
Security > Firewall > Rules
The following table describes the labels in this screen.
Table 53
Security > Firewall > Rules
LABEL
DESCRIPTION
Firewall Rules
Storage Space
in Use
This read-only bar shows how much of the ZyXEL Device's memory for recording
firewall rules it is currently using. When you are using 80% or less of the storage
space, the bar is green. When the amount of space used is over 80%, the bar is red.
Packet
Direction
Use the drop-down list box to select a direction of travel of packets for which you
want to configure firewall rules.
Create a new
rule after rule
number
Select an index number and click
Add
to add a new firewall rule after the selected
index number. For example, if you select “6”, your new rule becomes number 7 and
the previous rule 7 (if there is one) becomes rule 8.
The following read-only fields summarize the rules you have created that apply to
traffic traveling in the selected packet direction. The firewall rules that you configure
(summarized below) take priority over the general firewall action settings in the
General
screen.
#
This is your firewall rule number. The ordering of your rules is important as rules are
applied in turn.
Active
This field displays whether a firewall is turned on or not. Select the check box to
enable the rule. Clear the check box to disable the rule.
Source IP
This drop-down list box displays the source addresses or ranges of addresses to
which this firewall rule applies. Please note that a blank source or destination
address is equivalent to
Any
.
Destination IP
This drop-down list box displays the destination addresses or ranges of addresses to
which this firewall rule applies. Please note that a blank source or destination
address is equivalent to
Any
.
Service
This drop-down list box displays the services to which this firewall rule applies. See
Appendix E on page 371
for more information.
Action
This field displays whether the firewall silently discards packets (
Drop
), discards
packets and sends a TCP reset packet or an ICMP destination-unreachable
message to the sender (
Reject
) or allows the passage of packets (
Permit
).
Schedule
This field tells you whether a schedule is specified (
Yes
) or not (
No
).
Log
This field shows you whether a log is created when packets match this rule (
Yes
) or
not (
No
).

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top