22

Firewall

22.1 Overview

Use the firewall to block or allow services that use static port numbers. Use application patrol (see Chapter 28 on page 437) to control services using flexible/ dynamic port numbers. The firewall can also limit the number of user sessions.

This figure shows the ZyWALL’s default firewall rules in action and demonstrates how stateful inspection works. User 1 can initiate a Telnet session from within the LAN1 zone and responses to this request are allowed. However, other Telnet traffic initiated from the WAN or DMZ zone and destined for the LAN1 zone is blocked.

Communications between the WAN and the DMZ zones are allowed. The firewall allows VPN traffic between any of the networks.

Figure 214 Default Firewall Action

22.1.1What You Can Do in this Chapter

Use the Firewall screens (Section 22.2 on page 365) to enable or disable the firewall and asymmetrical routes, and manage and configure firewall rules.

Use the Session Limit screens (see Section 22.3 on page 370) to limit the number of concurrent NAT/firewall sessions a client can use.

 

357

ZyWALL USG 50 User’s Guide