Chapter 6 Configuration Basics

6.5.14 Firewall

The firewall controls the travel of traffic between or within zones. You can also configure the firewall to control traffic for NAT (DNAT) and policy routes (SNAT). You can configure firewall rules based on schedules, specific users (or user groups), source or destination addresses (or address groups) and services (or service groups). Each of these objects must be configured in a different screen.

To-ZyWALL firewall rules control access to the ZyWALL. Configure to-ZyWALL firewall rules for remote management. By default, the firewall only allows management connections from the LAN or WAN zone.

MENU ITEM(S) Configuration > Firewall

Zones, schedules, users, user groups, addresses (source,

PREREQUISITES destination), address groups (source, destination), services, service groups

Example: Suppose you have a SIP proxy server connected to the DMZ zone for VoIP calls. You could configure a firewall rule to allow VoIP sessions from the SIP proxy server on DMZ to the LAN so VoIP users on the LAN can receive calls.

1Create a VoIP service object for UDP port 5060 traffic (Configuration > Object > Service).

2Create an address object for the VoIP server (Configuration > Object > Address).

3Click Configuration > Firewall to go to the firewall configuration.

4Select from the DMZ zone to the LAN1 zone, and add a firewall rule using the items you have configured.

You don’t need to specify the schedule or the user.

In the Source field, select the address object of the VoIP server.

You don’t need to specify the destination address.

Leave the Access field set to Allow and the Log field set to No.

Note: The ZyWALL checks the firewall rules in order. Make sure each rule is in the correct place in the sequence.

 

101

ZyWALL USG 50 User’s Guide