ZyXEL Communications 110, 1100, 310 19.3 The Session Limit Screen, any, any, allow, ZyWALL, Cancel

		Chapter 19 Firewall

	Table 99 Configuration > Firewall > Add (continued)
	LABEL	DESCRIPTION
	From	For through-ZyWALL rules, select the direction of travel of packets to which the rule applies.
	To	any means all interfaces or VPN tunnels.
		ZyWALL means packets destined for the ZyWALL itself.

	Description	Enter a descriptive name of up to 60 printable ASCII characters for the firewall rule. Spaces are
		allowed.

	Schedule	Select a schedule that defines when the rule applies. Otherwise, select none and the rule is
		always effective.

	User	This field is not available when you are configuring a to-ZyWALL rule.
		Select a user name or user group to which to apply the rule. The firewall rule is activated only
		when the specified user logs into the system and the rule will be disabled when the user logs
		out.
		Otherwise, select any and there is no need for user logging.
		Note: If you specified a source IP address (group) instead of any in the field below, the user’s IP
		address should be within the IP address range.

	Source	Select an IPv4 address or address group to apply an IPv4 rule to traffic coming from it. Select
		an IPv6 address or address group to apply an IPv6 rule to traffic coming from it. Select any to
		apply an IPv4 rule to all traffic coming from IPv4 addresses. Select any to apply an IPv6 rule to
		all traffic coming from IPv6 addresses.

	Destination	Select an IPv4 address or address group to apply an IPv4 rule to traffic going to it. Select an
		IPv6 address or address group to apply an IPv6 rule to traffic going to it. Select any to apply an
		IPv4 rule to all traffic going to IPv4 addresses. Select any to apply an IPv6 rule to all traffic
		going to IPv6 addresses.

	Service	Select a service or service group from the drop-down list box.

	Access	Use the drop-down list box to select what the firewall is to do with packets that match this rule.
		Select deny to silently discard the packets without sending a TCP reset packet or an ICMP
		destination-unreachable message to the sender.
		Select reject to deny the packets and send a TCP reset packet to the sender. Any UDP packets
		are dropped without sending a response packet.
		Select allow to permit the passage of the packets.

	Log	Select whether to have the ZyWALL generate a log (log), log and alert (log alert) or not (no)
		when the rule is matched. See Chapter 38 on page 485 for more on logs.

	OK	Click OK to save your customized settings and exit this screen.

	Cancel	Click Cancel to exit this screen without saving.

19.3 The Session Limit Screen

Click Configuration > Firewall > Session Limit to display the Firewall Session Limit screen. Use this screen to limit the number of concurrent NAT/firewall sessions a client can use. You can apply a default limit for all users and individual limits for specific users, addresses, or both. The individual limit takes priority if you apply both.

	273
ZyWALL 110/310/1100 Series User’s Guide	273