4

Tutorial

This chapter describes how to apply security settings to VPN traffic, how to set up your ZyWALL if you have more than one fixed (static) IP address from your ISP and how to allocate bandwidth and apply priorities to traffic that flows out through the ZyWALL’s WAN port.

4.1 Security Settings for VPN Traffic

The ZyWALL can apply the firewall and content filtering to the traffic going to or from the ZyWALL’s VPN tunnels. The ZyWALL applies the security settings to the traffic before encrypting VPN traffic that it sends out or after decrypting received VPN traffic.

"The security settings apply to VPN traffic going to or from the ZyWALL’s VPN tunnels. They do not apply to other VPN traffic for which the ZyWALL is not one of the gateways (VPN pass-through traffic).

You can turn on content filtering for all of the ZyWALL’s VPN traffic (regardless of its direction of travel). You can apply firewall security to VPN traffic based on its direction of travel. The following examples show how you do this for the firewall.

4.1.1Firewall Rule for VPN Example

The firewall provides even more fine-tuned control for VPN tunnels. You can configure default and custom firewall rules for VPN packets.

Take the following example. You have a LAN FTP server with IP address 192.168.1.4 behind device A. You could configure a VPN rule to allow the network behind device B to access your LAN FTP server through a VPN tunnel. Now, if you don’t want other services like chat or e-mail going to the FTP server, you can configure firewall rules that allow only FTP traffic to come from VPN tunnels to the FTP server. Furthermore, you can configure the firewall rule so that only the network behind device B can access the FTP server through a VPN tunnel (not other remote networks that have VPN tunnels with the ZyWALL).

 

101

ZyWALL 2WG User’s Guide