Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 311 / 944 Scroll up to view Page 306 - 310

ZyWALL USG 50 User’s Guide

311

C

HAPTER

15

Zones

15.1

Zones Overview

Set up zones to configure network security and network policies in the ZyWALL. A

zone is a group of interfaces and/or VPN tunnels. The ZyWALL uses zones instead

of interfaces in many security and policy settings, such as firewall rules, Anti-X,

and remote management.

Zones cannot overlap. Each Ethernet interface, VLAN interface, bridge interface,

PPPoE/PPTP interface and VPN tunnel can be assigned to at most one zone. Virtual

interfaces are automatically assigned to the same zone as the interface on which

they run.

Figure 187

Example: Zones

15.1.1

What You Can Do in this Chapter

Use the

Zone

screens (see

Section 15.2 on page 313

) to manage the ZyWALL’s

zones.

Page 312 / 944

Chapter 15 Zones

ZyWALL USG 50 User’s Guide

312

15.1.2

What You Need to Know

Effects of Zones on Different Types of Traffic

Zones effectively divide traffic into three types--intra-zone traffic, inter-zone

traffic, and extra-zone traffic--which are affected differently by zone-based

security and policy settings.

Intra-zone Traffic

•

Intra-zone traffic is traffic between interfaces or VPN tunnels in the same zone.

For example, in

Figure 187 on page 311

, traffic between VLAN 2 and the

Ethernet is intra-zone traffic.

•

In each zone, you can either allow or prohibit all intra-zone traffic. For example,

in

Figure 187 on page 311

, you might allow intra-zone traffic in the LAN zone

but prohibit it in the WAN zone.

•

You can also set up firewall rules to control intra-zone traffic (for example, DMZ-

to-DMZ), but many other types of zone-based security and policy settings do

not affect intra-zone traffic.

Inter-zone Traffic

Inter-zone traffic is traffic between interfaces or VPN tunnels in different zones.

For example, in

Figure 187 on page 311

, traffic between VLAN 1 and the Internet

is inter-zone traffic. This is the normal case when zone-based security and policy

settings apply.

Extra-zone Traffic

•

Extra-zone traffic is traffic to or from any interface or VPN tunnel that is not

assigned to a zone. For example, in

Figure 187 on page 311

, traffic to or from

computer

C

is extra-zone traffic.

•

Some zone-based security and policy settings may apply to extra-zone traffic,

especially if you can set the zone attribute in them to

Any

or

All

. See the

specific feature for more information.

Finding Out More

•

See

Section 6.5.8 on page 98

for related information on these screens.

•

See

Section 7.1 on page 109

for an example of configuring Ethernet interfaces,

port groups, and zones.

Page 313 / 944

Chapter 15 Zones

ZyWALL USG 50 User’s Guide

313

15.2

The Zone Screen

The

Zone

screen provides a summary of all zones. In addition, this screen allows

you to add, edit, and remove zones. To access this screen, click

Configuration >

Network > Zone

.

Configuration > Network > Zone

The following table describes the labels in this

screen.

Table 87

Configuration > Network > Zone

LABEL

DESCRIPTION

User

Configuration /

System

Default

The ZyWALL comes with pre-configured

System Default

zones that you

cannot delete. You can create your own

User Configuration

zones

Add

Click this to create a new, user-configured zone.

Edit

Double-click an entry or select it and click

Edit

to open a screen where

you can modify the entry’s settings.

Remove

To remove a user-configured trunk, select it and click

Remove

. The

ZyWALL confirms you want to remove it before doing so.

Object

References

Select an entry and click

Object Reference

s to open a screen that

shows which settings use the entry. See

Section 11.3.2 on page 230

for

an example.

#

This field is a sequential value, and it is not associated with any

interface.

Name

This field displays the name of the zone.

Block Intra-

zone

This field indicates whether or not the ZyWALL blocks network traffic

between members in the zone.

Member

This field displays the names of the interfaces that belong to each zone.

Page 314 / 944

Chapter 15 Zones

ZyWALL USG 50 User’s Guide

314

15.3

Zone Edit

The

Zone Edit

screen allows you to add or edit a zone. To access this screen, go

to the

Zone

screen (see

Section 15.2 on page 313

), and click the

Add

icon or an

Edit

icon.

Figure 188

Network > Zone > Add

The following table describes the labels in this screen.

Table 88

Network > Zone > Edit

LABEL

DESCRIPTION

Name

For a system default zone, the name is read only.

For a user-configured zone, type the name used to refer to the zone. You

may use 1-31 alphanumeric characters, underscores(

_

), or dashes (-),

but the first character cannot be a number. This value is case-sensitive.

Block Intra-

zone Traffic

Select this check box to block network traffic between members in the

zone.

Member List

Available

lists the interfaces and VPN tunnels that do not belong to any

zone. Select the interfaces and VPN tunnels that you want to add to the

zone you are editing, and click the right arrow button to add them.

Member

lists the interfaces and VPN tunnels that belong to the zone.

Select any interfaces that you want to remove from the zone, and click

the left arrow button to remove them.

OK

Click

OK

to save your customized settings and exit this screen.

Cancel

Click

Cancel

to exit this screen without saving.

Page 315 / 944

ZyWALL USG 50 User’s Guide

315

C

HAPTER

16

DDNS

16.1

DDNS Overview

Dynamic DNS (DDNS) services let you use a domain name with a dynamic IP

address.

16.1.1

What You Can Do in this Chapter

•

Use the

DDNS

screen (see

Section 16.2 on page 316

) to view a list of the

configured

DDNS domain names and their details.

•

Use the

DDNS Add/Edit

screen (see

Section 16.2.1 on page 318

) to add a

domain name to the ZyWALL or to edit the configuration of an existing domain

name.

16.1.2

What You Need to Know

DNS maps a domain name to a corresponding IP address and vice versa. Similarly,

dynamic DNS maps a domain name to a dynamic IP address. As a result, anyone

can use the domain name to contact you (in NetMeeting, CU-SeeMe, etc.) or to

access your FTP server or Web site, regardless of the current IP address.

Note: You must have a public WAN IP address to use Dynamic DNS.

You must set up a dynamic DNS account with a supported DNS service provider

before you can use Dynamic DNS services with the ZyWALL. When registration is

complete, the DNS service provider gives you a password or key. At the time of

writing, the ZyWALL supports the following DNS service providers. See the listed

websites for details about the DNS services offered by each.

Table 89

DDNS Service Providers

PROVIDER

SERVICE TYPES SUPPORTED

WEBSITE

DynDNS

Dynamic DNS, Static DNS, and Custom DNS

www.dyndns.com

Dynu

Basic, Premium

www.dynu.com

No-IP

www.no-ip.com

Peanut Hull

www.oray.cn

3322

3322 Dynamic DNS, 3322 Static DNS

www.3322.org

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share