Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 451 / 944 Scroll up to view Page 446 - 450

Chapter 28 Application Patrol

ZyWALL USG 50 User’s Guide

451

#

This field is a sequential value, and it is not associated with a specific

entry.

Note: The ZyWALL checks ports in the order they appear in the list.

While this sequence does not affect the functionality, you

might improve the performance of the ZyWALL by putting

more commonly used ports at the top of the list.

Service Port

This column lists port numbers the ZyWALL uses to identify this

application.

Policy

Add

Click this to create a new entry. Select an entry and click

Add

to create

a new entry after the selected entry.

Edit

Select an entry and click this to be able to modify it.

Remove

Select an entry and click this to delete it.

Activate

To turn on an entry, select it and click

Activate

.

Inactivate

To turn off an entry, select it and click

Inactivate

.

Move

To change an entry’s position in the numbered list, select it and click

Move

to display a field to type a number for where you want to put that

entry and press [ENTER] to move the entry to the number that you

typed.

Status

The activate (light bulb) icon is lit when the entry is active and dimmed

when the entry is inactive.

#

This field is a sequential value, and it is not associated with a specific

condition.

Note: The ZyWALL checks conditions in the order they appear in

the list. While this sequence does not affect the functionality,

you might improve the performance of the ZyWALL by

putting more common conditions at the top of the list.

Port

This field displays the specific port number to which this policy applies.

Schedule

This is the schedule that defines when the policy applies.

any

means

the policy is active at all times if enabled.

User

This is the user name or user group to which the policy applies. If

any

displays, the policy applies to all users.

From

This is the source zone of the traffic to which this policy applies.

To

This is the destination zone of the traffic to which this policy applies.

Source

This is the source address or address group for whom this policy

applies. If

any

displays, the policy is effective for every source.

Destination

This is the destination address or address group for whom this policy

applies. If

any

displays, the policy is effective for every destination.

Table 131

Application Edit (continued)

LABEL

DESCRIPTION

Page 452 / 944

Chapter 28 Application Patrol

ZyWALL USG 50 User’s Guide

452

Access

This field displays what the ZyWALL does with packets for this

application that match this policy.

forward

- the ZyWALL routes the packets for this application.

Drop

- the ZyWALL does not route the packets for this application and

does not notify the client of its decision.

Reject

- the ZyWALL does not route the packets for this application

and notifies the client of its decision.

DSCP Marking

This is how the ZyWALL handles the DSCP value of the outgoing

packets that match this policy.

In

- Inbound, the traffic the ZyWALL sends to a connection’s initiator.

Out

- Outbound, the traffic the ZyWALL sends out from a connection’s

initiator.

If this field displays a DSCP value, the ZyWALL applies that DSCP value

to the route’s outgoing packets.

preserve

means the ZyWALL does not modify the DSCP value of the

route’s outgoing packets.

default

means the ZyWALL sets the DSCP value of the route’s outgoing

packets to 0.

The “

af

” choices stand for Assured Forwarding. The number following

the “

af

” identifies one of four classes and one of three drop

preferences. See

Assured Forwarding (AF) PHB for DiffServ on page

293

for more details.

BWM

These fields show the amount of bandwidth the application’s traffic that

matches the policy can use. These fields only apply when

Access

is set

to

forward

.

In

- This is how much inbound bandwidth, in kilobits per second, this

policy allows the application to use. Inbound refers to the traffic the

ZyWALL sends to a connection’s initiator. If

no

displays here, this policy

does not apply bandwidth management for the application’s incoming

traffic.

Out

- This is how much outbound bandwidth, in kilobits per second,

this policy allows the application to use. Outbound refers to the traffic

the ZyWALL sends out from a connection’s initiator. If

no

displays here,

this policy does not apply bandwidth management for the application’s

outgoing traffic.

Pri

- This is the priority for this application’s traffic that matches this

policy. The smaller the number, the higher the priority. The traffic of an

application with higher priority is given bandwidth before traffic of an

application with lower priority. The ZyWALL ignores this number if the

incoming and outgoing limits are both set to 0. In this case the traffic is

automatically treated as being set to the lowest priority (7) regardless

of this field’s configuration.

Log

This field shows whether the ZyWALL generates a log (

log

), a log and

alert (

log alert

) or neither (

no

) when the application’s traffic matches

this policy.

Table 131

Application Edit (continued)

LABEL

DESCRIPTION

Page 453 / 944

Chapter 28 Application Patrol

ZyWALL USG 50 User’s Guide

453

28.3.2

The Application Patrol Policy Edit Screen

The

Application Policy Edit

screen allows you to edit a group of settings for an

application. To access this screen, go to the application patrol

Common

,

Instant

Messenger

,

Peer to Peer

,

VoIP

, or

Streaming

screen and click an application’s

Edit

icon. Then click the

Add

icon or an

Edit

icon in the

Policy

table. The screen

displayed here is for the MSN instant messenger service.

Figure 278

Application Policy Edit

The following table describes the labels in this screen.

OK

Click

OK

to save your changes back to the ZyWALL.

Cancel

Click

Cancel

to exit this screen without saving your changes.

Table 131

Application Edit (continued)

LABEL

DESCRIPTION

Table 132

Application Policy Edit

LABEL

DESCRIPTION

Create new

Object

Use to configure any new settings objects that you need to use in this

screen.

Enable Policy

Select this check box to turn on this policy for the application.

Port

Use this field to specify a specific port number to which to apply this

policy. Type zero, if this policy applies for every port number.

Page 454 / 944

Chapter 28 Application Patrol

ZyWALL USG 50 User’s Guide

454

Schedule

Select a schedule that defines when the policy applies or select

Create

Object

to configure a new one (see

Chapter 38 on page 611

for details).

Otherwise, select

none

to make the policy always effective.

User

Select a user name or user group to which to apply the policy. Use

Create new Object

if you need to configure a new user account (see

Section 35.2.1 on page 586

for details). Select

any

to apply the policy

for every user.

From

Select the source zone of the traffic to which this policy applies.

To

Select the destination zone of the traffic to which this policy applies.

Source

Select a source address or address group for whom this policy applies.

Use

Create new Object

if you need to configure a new one. Select

any

if the policy is effective for every source.

Destination

Select a destination address or address group for whom this policy

applies. Use

Create new Object

if you need to configure a new one.

Select

any

if the policy is effective for every destination.

Access

This field controls what the ZyWALL does with packets for this

application that match this policy. Choices are:

forward

- the ZyWALL routes the packets for this application.

Drop

- the ZyWALL does not route the packets for this application and

does not notify the client of its decision.

Reject

- the ZyWALL does not route the packets for this application and

notifies the client of its decision.

DSCP Marking

Set how the ZyWALL handles the DSCP value of the outgoing packets

that match this policy. Inbound refers to the traffic the ZyWALL sends to

a connection’s initiator. Outbound refers to the traffic the ZyWALL sends

out from a connection’s initiator.

Select one of the pre-defined DSCP values to apply or select

User

Defined

to specify another DSCP value. The “

af

” choices stand for

Assured Forwarding. The number following the “

af

” identifies one of four

classes and one of three drop preferences. See

Assured Forwarding (AF)

PHB for DiffServ on page 293

for more details.

Select

preserve

to have the ZyWALL keep the packets’ original DSCP

value.

Select

default

to have the ZyWALL set the DSCP value of the packets to

0.

Table 132

Application Policy Edit (continued)

LABEL

DESCRIPTION

Page 455 / 944

Chapter 28 Application Patrol

ZyWALL USG 50 User’s Guide

455

Action Block

For some applications, you can select individual uses of the application

that the policy will have the ZyWALL block. These fields only apply when

Access

is set to

forward

.

Login

- Select this option to block users from logging in to a server for

this application.

Message

- Select this option to block users from sending or receiving

instant messages.

Audio

- Select this option to block users from sending or receiving audio

traffic.

Video

- Select this option to block users from sending or receiving video

traffic.

File Transfer

- Select this option to block users from sending or

receiving files.

Bandwidth

Management

Configure these fields to set the amount of bandwidth the application

can use. These fields only apply when

Access

is set to

forward

.

You must also enable bandwidth management in the main application

patrol screen (

AppPatrol > General

) in order to apply bandwidth

shaping.

Inbound

kbps

Type how much inbound bandwidth, in kilobits per second, this policy

allows the application to use. Inbound refers to the traffic the ZyWALL

sends to a connection’s initiator.

If you enter

0

here, this policy does not apply bandwidth management

for the application’s traffic that the ZyWALL sends to the initiator. Traffic

with bandwidth management disabled (inbound and outbound are both

set to 0) is automatically treated as the lowest priority (7).

If the sum of the bandwidths for routes using the same next hop is

higher than the actual transmission speed, lower priority traffic may not

be sent if higher priority traffic uses all of the actual bandwidth.

Outbound

kbps

Type how much outbound bandwidth, in kilobits per second, this policy

allows the application to use.

Outbound refers to the traffic the ZyWALL

sends out from a connection’s initiator.

If you enter

0

here, this policy does not apply bandwidth management

for the application’s traffic that the ZyWALL sends out from the initiator.

Traffic with bandwidth management disabled (inbound and outbound are

both set to 0) is automatically treated as the lowest priority (7).

If the sum of the bandwidths for routes using the same next hop is

higher than the actual transmission speed, lower priority traffic may not

be sent if higher priority traffic uses all of the actual bandwidth.

Table 132

Application Policy Edit (continued)

LABEL

DESCRIPTION

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share