Page 16 / 43 Scroll up to view Page 11 - 15
ZyWALL 2
16
5 Advanced Configuration
This section shows you how to configure some of the advanced features of the ZyWALL.
5.1 Network Address Translation Overview
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host
in a packet. For example, the source address of an outgoing packet, used within one network is
changed to a different IP address known within another network.
If you have a single public IP address then choose
SUA Only
in the
Network Address
Translation
field of the
WAN ISP
screen (see
section 4.4
). If you have multiple public IP
addresses then you may use full feature mapping types (see the
User’s Guide
for more details).
NAT supports five types of IP/port mapping.
They are:
1.
One-to-One
: One-to-one mode maps one local IP address to one global IP address. Note
that port numbers do not change for One-to-One NAT mapping type.
2.
Many-to-One
: Many-to-One mode maps multiple local IP addresses to one global IP
address. This is equivalent to SUA (that is, PAT, port address translation), ZyXEL's Single
User Account feature.
3.
Many-to-Many Overload
: Many-to-Many Overload mode maps multiple local IP
addresses to shared global IP addresses.
4.
Many One-to-One
: Many One-to-One mode maps each local IP address to unique global
IP addresses.
5.
Server
: This type allows you to specify inside servers of different services behind the NAT
to be accessible to the outside world.
5.2 Configuring SUA Server
A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP,
that you can make visible to the outside world even though SUA makes your whole inside network
appear as a single computer to the outside world.
Click
SUA/NAT
to open the
SUA Server
screen.
Page 17 / 43
ZyWALL 2
17
The following table describes the fields in this screen.
LABEL
DESCRIPTION
Default Server
In addition to the servers for specified services, NAT supports a default server. A default
server receives packets from ports that are not specified in this screen. If you do not
assign a default server IP address, then all packets received for ports not specified in this
screen will be discarded.
#
This is the number of an individual SUA server entry.
Active
Select this check box to enable the SUA server entry. Clear this checkbox to disallow
forwarding of these ports to an inside server without having to delete the entry.
Name
Enter a name to identify this port-forwarding rule.
Start Port
Type a port number in this field. To forward only one port, type the port number again in
the
End Port
field. To forward a series of ports, type the start port number here and the
end port number in the
End Port
field.
End Port
Type a port number in this field. To forward only one port, type the port number in the
Start
Port
field above and then type it again in this field. To forward a series of ports, type
the last port number in a series that begins with the port number in the
Start
Port
field
above.
Page 18 / 43
ZyWALL 2
18
LABEL
DESCRIPTION
Server IP
Address
Enter the inside IP address of the server here.
5.3 Firewall Overview
The ZyWALL firewall is a stateful inspection firewall and is designed to protect against Denial of
Service attacks when activated. The ZyWALL’s purpose is to allow a private Local Area Network
(LAN) to be securely connected to the Internet. The ZyWALL can be used to prevent theft,
destruction and modification of data, as well as log events, which may be important to the security
of your network. The ZyWALL also has packet-filtering capabilities.
When activated, the firewall allows all traffic to the Internet that originates from the LAN, and
blocks all traffic to the LAN that originates from the Internet. In other words the ZyWALL will:
Allow all sessions originating from the LAN to the WAN
Deny all sessions originating from the WAN to the LAN
LAN-to-WAN
rules are local network to Internet firewall rules. The default is to forward all traffic
from your local network to the Internet.
The following figure illustrates a ZyWALL firewall application.
Page 19 / 43
ZyWALL 2
19
5.4 Configuring Firewall
Click
FIREWALL
to open the
Summary
screen. Enable (or activate) the firewall by selecting the
Enable Firewall
check box as seen in the following screen.
The following table describes the fields in this screen.
LABEL
Enable Firewall
Select this check box to activate the firewall. The ZyWALL performs access control and
protects against Denial of Service (DoS) attacks when the firewall is activated.
Bypass Triangle
Route
Select this check box to have the ZyWALL firewall ignore the use of triangle route
topology on the network. See your
User’s Guide-
Appendices
for more on triangle route
topology.
Page 20 / 43
ZyWALL 2
20
LABEL
Firewall Rules
Storage Space in
Use
This read-only bar shows how much of the ZyWALL's memory for recording firewall rules
it is currently using. When you are using 80% or less of the storage space, the bar is
green. When the amount of space used is over 80%, the bar is red.
Packet Direction
Use the drop-down list box to select a direction of travel of packets (
LAN to
LAN/ZyWALL
,
LAN to WAN
,
WAN to LAN
,
WAN to WAN/ZyWALL
) for which you want
to configure firewall rules.
Block/
Forward
Use the option buttons to select whether to
Block
(silently discard) or
Forward
(allow the
passage of) packets that are traveling in the selected direction.
Log
Select the check box to create a log (when the above action is taken) for packets that are
traveling in the selected direction and do not match any of the rules below.
The following read-only fields summarize the rules you have created that apply to traffic traveling in the selected
packet direction. The firewall rules that you configure (summarized below) take priority over the general firewall
action settings above.
#
This is your firewall rule number. The ordering of your rules is important as rules are
applied in turn. The
Move
field below allows you to reorder your rules.
Status
This field displays whether a firewall is turned on (
Active
) or not (
Inactive
). Rules that
have not been configured display
Empty
.
Source Address
This drop-down list box displays the source addresses or ranges of addresses to which
this firewall rule applies. Please note that a blank source or destination address is
equivalent to
Any
.
Destination
Address
This drop-down list box displays the destination addresses or ranges of addresses to
which this firewall rule applies. Please note that a blank source or destination address is
equivalent to
Any
.
Service Type
This drop-down list box displays the services to which this firewall rule applies. Please
note that a blank service type is equivalent to
Any
.
Action
This is the specified action for that rule, either
Block
or
Forward
. Note that
Block
means
the firewall silently discards the packet.
Schedule
This field tells you whether a schedule is specified (
Yes
) or not (
No
).
Log
This field shows you if a log is created for packets that match the rule (
Match
), don't
match the rule (
Not Match
), both (
Both
) or no log is created (
None
).
Alert
This field tells you whether this rule generates an alert (
Yes
) or not (
No
) when the rule is
matched.
Insert
Type the index number for where you want to put a rule. For example, if you type “6”, your
new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Click
Insert
to display this screen and refer to the following table for information on the
fields.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top