19
Firewall
19.1 Overview
Use the firewall to block or allow services that use static port numbers. This example shows the ZyWALL’s default firewall behavior for WAN to LAN traffic and how stateful inspection works. A LAN user can initiate a Telnet session from within the LAN zone and the firewall allows the response. However, the firewall blocks Telnet traffic initiated from the WAN zone and destined for the LAN zone. The firewall allows VPN traffic between any of the networks.
Figure 161 Default Firewall Action
LAN | WAN |
19.1.1What You Can Do in this Chapter
•Use the Firewall screens (Section 19.2 on page 268) to enable or disable the firewall and asymmetrical routes, and manage and configure firewall rules.
•Use the Session Limit screens (see Section 19.3 on page 273) to limit the number of concurrent NAT/firewall sessions a client can use.
19.1.2What You Need to Know
Stateful Inspection
The ZyWALL has a stateful inspection firewall. The ZyWALL restricts access by screening data packets against defined access rules. It also inspects sessions. For example, traffic from one zone is not allowed unless it is initiated by a computer in another zone first.
Zones
A zone is a group of interfaces or VPN tunnels. Group the ZyWALL’s interfaces into different zones based on your needs. You can configure firewall rules for data passing between zones or even between interfaces and/or VPN tunnels in a zone.
Example Firewall Behavior
Firewall rules are grouped based on the direction of travel of packets to which they apply. Here is example firewall behavior for traffic going through the ZyWALL in various directions. See the Configuration > Firewall screen for default firewall behavior.
| 265 |
ZyWALL 110/310/1100 Series User’s Guide | |
|
|