Zyxel P-660HN-F1Z Router Manual PDF (Setup & Configuration Guide)

Page 161 / 421 Scroll up to view Page 156 - 160

Chapter 9 Firewalls

P-660HN-FxZ Series User’s Guide

159

9.3.1

Configuring Firewall Rules

Refer to

Section 9.1.2 on page 152

for more information.

Use this screen to configure firewall rules. In the

Rules

screen, select an index number and

click

Add

or click a rule’s

Edit

icon to display this screen and refer to the following table for

information on the labels.

Modify

Click the Edit icon to go to the screen where you can edit the rule.

Click the Remove icon to delete an existing firewall rule. A window displays asking

you to confirm that you want to delete the firewall rule. Note that subsequent firewall

rules move up by one when you take this action.

Order

Click the Move icon to display the

Move the rule to

field. Type a number in the

Move the rule to

field and click the

Move

button to move the rule to the number that

you typed. The ordering of your rules is important as they are applied in order of their

numbering.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Table 53

Security > Firewall > Rules (continued)

LABEL

DESCRIPTION

Page 162 / 421

Chapter 9 Firewalls

P-660HN-FxZ Series User’s Guide

160

Figure 87

Security > Firewall > Rules: Edit

The following table describes the labels in this screen.

Table 54

Security > Firewall > Rules: Edit

LABEL

DESCRIPTION

Edit Rule

Active

Select this option to enable this firewall rule.

Page 163 / 421

Chapter 9 Firewalls

P-660HN-FxZ Series User’s Guide

161

Action for Matched

Packet

Use the drop-down list box to select whether to discard (

Drop

), deny

and send

an ICMP destination-unreachable message to the sender of (

Reject

) or allow the

passage of (

Permit

) packets that match this rule.

Source/Destination Address

Address Type

Do you want your rule to apply to packets with a particular (single) IP, a range of

IP addresses (for instance, 192.168.1.10 to 192.169.1.50), a subnet or any IP

address? Select an option from the drop-down list box that includes:

Single

Address

,

Range Address

,

Subnet Address

and

Any

Address

.

Start IP Address

Enter the single IP address or the starting IP address in a range here.

End IP Address

Enter the ending IP address in a range here.

Subnet Mask

Enter the subnet mask here, if applicable.

Add >>

Click

Add >>

to add a new address to the

Source

or

Destination Address

box.

You can add multiple addresses, ranges of addresses, and/or subnets.

Edit <<

To edit an existing source or destination address, select it from the box and click

Edit <<

.

Delete

Highlight an existing source or destination address from the

Source

or

Destination Address

box above and click

Delete

to remove it.

Services

Available/ Selected

Services

Please see

Appendix E on page 371

for more information on services available.

Highlight a service from the

Available Services

box on the left, then click

Add

>>

to add it to the

Selected Services

box on the right. To remove a service,

highlight it in the

Selected Services

box on the right, then click

Remove

.

Edit Customized

Service

Click the

Edit Customized Services

link to bring up the screen that you use to

configure a new custom service that is not in the predefined list of services.

Schedule

Day to Apply

Select everyday or the day(s) of the week to apply the rule.

Time of Day to

Apply (24-Hour

Format)

Select

All Day

or enter the start and end times in the hour-minute format to apply

the rule.

Log

Log Packet Detail

Information

This field determines if a log for packets that match the rule is created or not. Go

to the

Log Settings

page and select the

Access Control

logs category to have

the ZyXEL Device record these logs.

Alert

Send Alert

Message to

Administrator When

Matched

Select the check box to have the ZyXEL Device generate an alert when the rule

is matched.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Table 54

Security > Firewall > Rules: Edit (continued)

LABEL

DESCRIPTION

Page 164 / 421

Chapter 9 Firewalls

P-660HN-FxZ Series User’s Guide

162

9.3.2

Customized Services

Configure customized services and port numbers not predefined by the ZyXEL Device. For a

comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number

Authority) website. See

Appendix E on page 371

for some examples. Click the

Edit

Customized Services

link while editing a firewall rule to configure a custom service port.

This displays the following screen.

Figure 88

Security > Firewall > Rules: Edit: Edit Customized Services

The following table describes the labels in this screen.

9.3.3

Configuring a Customized Service

Use this screen to add a customized rule or edit an existing rule. Click a rule number in the

Firewall Customized Services

screen to display the following screen.

Table 55

Security > Firewall > Rules: Edit: Edit Customized Services

LABEL

DESCRIPTION

No.

This is the number of your customized port. Click a rule’s number of a service to go to the

Firewall Customized Services Config

screen to configure or edit a customized service.

Name

This is the name of your customized service.

Protocol

This shows the IP protocol (

TCP

,

UDP

or

TCP/UDP

) that defines your customized

service.

Port

This is the port number or range that defines your customized service.

Back

Click this to return to the

Firewall Edit Rule

screen.

Page 165 / 421

Chapter 9 Firewalls

P-660HN-FxZ Series User’s Guide

163

Figure 89

Security > Firewall > Rules: Edit: Edit Customized Services: Config

The following table describes the labels in this screen.

9.4

The Firewall Threshold Screen

For DoS

attacks, the ZyXEL Device uses thresholds to determine when to start dropping

sessions that do not become fully established (half-open sessions). These thresholds apply

globally to all sessions.

For TCP, half-open means that the session has not reached the established state-the TCP three-

way handshake has not yet been completed. Under normal circumstances, the application that

initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver

sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator

responds with an ACK (acknowledgment). After this handshake, a connection is established.

Table 56

Security > Firewall > Rules: Edit: Edit Customized Services: Config

LABEL

DESCRIPTION

Config

Service Name

Type a unique name for your custom port.

Service Type

Choose the IP port (

TCP

,

UDP

or

TCP/UDP

) that defines your customized port from

the drop down list box.

Port Configuration

Type

Click

Single

to specify one port only or

Range

to specify a span of ports that define

your customized service.

Port Number

Type a single port number or the range of port numbers that define your customized

service.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Delete

Click this to delete the current rule.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share