Chapter 19 Firewall

 

Table 114 Firewall > Edit (continued)

 

LABEL

DESCRIPTION

 

Description

Enter a descriptive name of up to 60 printable ASCII characters for the firewall rule.

 

 

Spaces are allowed.

 

 

 

 

Schedule

Select a schedule that defines when the rule applies or select Create Object to

 

 

configure a new one (see Chapter 38 on page 619 for details). Otherwise, select

 

 

none and the rule is always effective.

 

 

 

 

User

This field is not available when you are configuring a to-ZyWALL rule.

 

 

Select a user name or user group to which to apply the rule. Select Create Object

 

 

to configure a new user account (see Section 35.2.1 on page 596 for details). The

 

 

firewall rule is activated only when the specified user logs into the system and the

 

 

rule will be disabled when the user logs out.

 

 

Otherwise, select any and there is no need for user logging.

 

 

Note: If you specified a source IP address (group) instead of any in

 

 

the field below, the user’s IP address should be within the IP

 

 

address range.

 

 

 

 

Source

Select a source address or address group for whom this rule applies. Select

 

 

Create Object to configure a new one. Select any if the policy is effective for every

 

 

source.

 

 

 

 

Destination

Select a destination address or address group for whom this rule applies. Select

 

 

Create Object to configure a new one. Select any if the policy is effective for every

 

 

destination.

 

 

 

 

Service

Select a service or service group from the drop-down list box. Select Create

 

 

Object to add a new service. See Chapter 37 on page 613 for more information.

 

 

 

 

Access

Use the drop-down list box to select what the firewall is to do with packets that

 

 

match this rule.

 

 

Select deny to silently discard the packets without sending a TCP reset packet or

 

 

an ICMP destination-unreachable message to the sender.

 

 

Select reject to deny the packets and send a TCP reset packet to the sender. Any

 

 

UDP packets are dropped without sending a response packet.

 

 

Select allow to permit the passage of the packets.

 

 

 

 

Log

Select whether to have the ZyWALL generate a log (log), log and alert (log alert)

 

 

or not (no) when the rule is matched. See Chapter 45 on page 715 for more on

 

 

logs.

 

 

 

 

OK

Click OK to save your customized settings and exit this screen.

 

 

 

 

Cancel

Click Cancel to exit this screen without saving.

 

 

 

 

347

ZyWALL USG 100/200 Series User’s Guide