Chapter 22 Firewall

4The ZyWALL then sends it to the computer on the LAN1 in Subnet 1.

Figure 222 Using Virtual Interfaces to Avoid Asymmetrical Routes

LAN1

22.2.1 Configuring the Firewall Screen

Click Configuration > Firewall to open the Firewall screen. Use this screen to enable or disable the firewall and asymmetrical routes, set a maximum number of sessions per host, and display the configured firewall rules. Specify from which zone packets come and to which zone packets travel to display only the rules specific to the selected direction. Note the following.

If you enable intra-zone traffic blocking (see the chapter about zones), the firewall automatically creates (implicit) rules to deny packet passage between the interfaces in the specified zone.

Besides configuring the firewall, you also need to configure NAT rules to allow computers on the WAN to access LAN devices. See Chapter 17 on page 321 for more information.

The ZyWALL applies NAT (Destination NAT) settings before applying the firewall rules. So for example, if you configure a NAT entry that sends WAN traffic to a LAN IP address, when you configure a corresponding firewall rule to allow the traffic, you need to set the LAN IP address as the destination. See Section 7.9 on page 139 for an example.

366

 

ZyWALL USG 50 User’s Guide