Chapter 11 Firewall

 

Table 69 SECURITY > FIREWALL > Default Rule (Bridge Mode)

 

LABEL

DESCRIPTION

 

From, To

The firewall rules are grouped by the direction of packet travel. This displays the

 

 

number of rules for each packet direction. Click the edit icon to go to a summary

 

 

screen of the rules for that packet direction.

 

 

Here are some example descriptions of the directions of travel.

 

 

From LAN To LAN means packets traveling from a computer on one LAN subnet to

 

 

a computer on another LAN subnet on the LAN interface of the ZyWALL or the

 

 

ZyWALL itself. The ZyWALL does not apply the firewall to packets traveling from a

 

 

LAN computer to another LAN computer on the same subnet.

 

 

From VPN means traffic that came into the ZyWALL through a VPN tunnel and is

 

 

going to the selected “to” interface. For example, From VPN To LAN specifies the

 

 

VPN traffic that is going to the LAN. The ZyWALL applies the firewall to the traffic

 

 

after decrypting it.

 

 

To VPN is traffic that comes in through the selected “from” interface and goes out

 

 

through any VPN tunnel. For example, From LAN To VPN specifies the traffic that

 

 

is coming from the LAN and going out through a VPN tunnel. The ZyWALL applies

 

 

the firewall to the traffic before encrypting it.

 

 

From VPN To VPN means traffic that comes in through a VPN tunnel and goes out

 

 

through (another) VPN tunnel or terminates at the ZyWALL. This is the case when

 

 

the ZyWALL is the hub in a hub-and-spoke VPN. This is also the case if you allow

 

 

someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage

 

 

the ZyWALL. The ZyWALL applies the firewall to the traffic after decrypting it.

 

 

Note: The VPN connection directions apply to the traffic going to or

 

 

from the ZyWALL’s VPN tunnels. They do not apply to other

 

 

VPN traffic for which the ZyWALL is not one of the gateways

 

 

(VPN pass-through traffic).

 

 

Use the drop-down list box to set the firewall’s default actions based on the direction

 

 

of travel of packets.

 

 

Select Drop to silently discard the packets without sending a TCP reset packet or

 

 

an ICMP destination-unreachable message to the sender.

 

 

Select Reject to deny the packets and send a TCP reset packet (for a TCP packet)

 

 

or an ICMP destination-unreachable message (for a UDP packet) to the sender.

 

 

Select Permit to allow the passage of the packets.

 

 

The firewall rules for the WAN port with a higher route priority also apply to the dial

 

 

backup connection.

 

 

 

 

Log

Select this to create a log when the above action is taken.

 

 

 

 

Log Broadcast

Select this to create a log for any broadcast frames traveling in the selected

 

Frame

direction. Many of these logs in a short time period could indicate a broadcast storm.

 

 

A broadcast storm occurs when a packet triggers multiple responses from all hosts

 

 

on a network or when computers attempt to respond to a host that never replies. As

 

 

a result, duplicated packets are continuously created and circulated in the network,

 

 

thus reducing network performance or even rendering it inoperable. A broadcast

 

 

storm can be caused by an attack on the network, an incorrect network topology

 

 

(such as a bridge loop) or a malfunctioning network device.

 

 

 

 

Apply

Click Apply to save your changes back to the ZyWALL.

 

 

 

 

Reset

Click Reset to begin configuring this screen afresh.

 

 

 

11.9 Firewall Rule Summary

Click SECURITY > FIREWALL > Rule Summary to open the screen. This screen displays a list of the configured firewall rules.

 

255

ZyWALL 2WG User’s Guide