Chapter 11 Firewall
11.3 Packet Direction Examples
Firewall rules are grouped based on the direction of travel of packets to which they apply. This section gives some examples of why you might configure firewall rules for specific connection directions.
By default, the ZyWALL allows packets traveling in the following directions.:
• LAN to LAN These rules specify which computers on the LAN can manage the ZyWALL (remote management) and communicate between networks or subnets connected to the LAN interface (IP alias).
| " |
|
| You can also configure the remote management | |
|
| settings to allow only a specific computer to |
|
| manage the ZyWALL. |
|
|
|
• LAN to WAN | These rules specify which computers on the LAN can access which | |
1 | computers or services connected to WAN 1. See Section 11.5 on page | |
| 248 for an example. | |
By default, the ZyWALL drops packets traveling in the following directions.
• WAN 1 to LAN These rules specify which computers connected to WAN 1 can access which computers or services on the LAN. For example, you may create rules to:
•Allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the Internet to specific hosts on the LAN.
•Allow public access to a Web server on your protected network. You could also block certain IP addresses from accessing it.
"You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow computers on the WAN to access devices on the LAN. See Section 17.5.3 on page 395 for an example.
242 |
| |
ZyWALL 2WG User’s Guide |
| |
|
|
|