|
| Chapter 11 Firewall |
| Table 69 SECURITY > FIREWALL > Default Rule (Bridge Mode) | |
| LABEL | DESCRIPTION |
| From, To | The firewall rules are grouped by the direction of packet travel. This displays the |
|
| number of rules for each packet direction. Click the edit icon to go to a summary |
|
| screen of the rules for that packet direction. |
|
| Here are some example descriptions of the directions of travel. |
|
| From LAN To LAN means packets traveling from a computer on one LAN subnet to |
|
| a computer on another LAN subnet on the LAN interface of the ZyWALL or the |
|
| ZyWALL itself. The ZyWALL does not apply the firewall to packets traveling from a |
|
| LAN computer to another LAN computer on the same subnet. |
|
| From VPN means traffic that came into the ZyWALL through a VPN tunnel and is |
|
| going to the selected “to” interface. For example, From VPN To LAN specifies the |
|
| VPN traffic that is going to the LAN. The ZyWALL applies the firewall to the traffic |
|
| after decrypting it. |
|
| To VPN is traffic that comes in through the selected “from” interface and goes out |
|
| through any VPN tunnel. For example, From LAN To VPN specifies the traffic that |
|
| is coming from the LAN and going out through a VPN tunnel. The ZyWALL applies |
|
| the firewall to the traffic before encrypting it. |
|
| From VPN To VPN means traffic that comes in through a VPN tunnel and goes out |
|
| through (another) VPN tunnel or terminates at the ZyWALL. This is the case when |
|
| the ZyWALL is the hub in a |
|
| someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage |
|
| the ZyWALL. The ZyWALL applies the firewall to the traffic after decrypting it. |
|
| Note: The VPN connection directions apply to the traffic going to or |
|
| from the ZyWALL’s VPN tunnels. They do not apply to other |
|
| VPN traffic for which the ZyWALL is not one of the gateways |
|
| (VPN |
|
| Use the |
|
| of travel of packets. |
|
| Select Drop to silently discard the packets without sending a TCP reset packet or |
|
| an ICMP |
|
| Select Reject to deny the packets and send a TCP reset packet (for a TCP packet) |
|
| or an ICMP |
|
| Select Permit to allow the passage of the packets. |
|
| The firewall rules for the WAN port with a higher route priority also apply to the dial |
|
| backup connection. |
|
|
|
| Log | Select this to create a log when the above action is taken. |
|
|
|
| Log Broadcast | Select this to create a log for any broadcast frames traveling in the selected |
| Frame | direction. Many of these logs in a short time period could indicate a broadcast storm. |
|
| A broadcast storm occurs when a packet triggers multiple responses from all hosts |
|
| on a network or when computers attempt to respond to a host that never replies. As |
|
| a result, duplicated packets are continuously created and circulated in the network, |
|
| thus reducing network performance or even rendering it inoperable. A broadcast |
|
| storm can be caused by an attack on the network, an incorrect network topology |
|
| (such as a bridge loop) or a malfunctioning network device. |
|
|
|
| Apply | Click Apply to save your changes back to the ZyWALL. |
|
|
|
| Reset | Click Reset to begin configuring this screen afresh. |
|
|
|
11.9 Firewall Rule Summary
Click SECURITY > FIREWALL > Rule Summary to open the screen. This screen displays a list of the configured firewall rules.
| 255 |
ZyWALL 2WG User’s Guide | |
|
|