ZyXEL Communications NOT AVAILABLE Firewall, 19.1 Firewall Overview

19

Firewall

This chapter introduces the NXC’s firewall and shows you how to configure your NXC’s firewall.

19.1 Firewall Overview

The NXC’s firewall is a stateful inspection firewall. The NXC restricts access by screening data packets against defined access rules. It can also inspect sessions. For example, traffic from one zone is not allowed unless it is initiated by a computer in another zone first.

A zone is a group of interfaces. Group the NXC’s interfaces into different zones based on your needs. You can configure firewall rules for data passing between zones or even between interfaces in a zone.

The following figure shows the NXC’s default firewall rules in action as well as demonstrates how stateful inspection works. User 1 can initiate a Telnet session from within the LAN zone and responses to this request are allowed. However, other Telnet traffic initiated from the WAN or DMZ zone and destined for the LAN zone is blocked. Communications between the WAN and the DMZ zones are allowed.

Figure 13 Default Firewall Action

	119
NXC CLI Reference Guide	119

Contents

NXC Series Quick Start Guide CLI Reference Guide Default Login Details Page Contents Overview Page Page Page Page Page Page Page Page Page Page Page Command Line Interface 1.1 Overview 1.1.1The Configuration File 1.2Accessing the CLI 1.2.1Console Port 1.2.2Web Configurator Console Page Page 1.2.3 Telnet 1.2.4SSH (Secure SHell) 1.3 How to Find Commands in this Guide 1.4 How Commands Are Explained 1.4.1Background Information 1.4.2Command Input Values 1.4.3 Command Summary 1.5CLI Modes 1.6 Shortcuts and Help 1.6.1 List of Available Commands 1.6.2 List of Sub-commandsor Required User Input 1.6.3 Entering Partial Commands 1.6.4 Entering a ? in a Command 1.6.5 Command History 1.6.6 Navigation 1.6.7 Erase Current Command 1.7 Input Values Page Page 1.8 Saving Configuration Changes 1.9Logging Out Page User and Privilege Modes 2.1 User And Privilege Modes Page 2.1.1 Debug Commands Page Object Reference 3.1 Object Reference Commands 3.1.1 Object Reference Command Example Status 4.1 Status Show Commands Page Page Page Registration 5.1 myZyXEL.com overview 5.1.1Subscription Services Available on the NXC 5.1.2 Maximum Number of Managed APs 5.2 Registration Commands 5.2.1 Command Examples 5.3 Country Code Page Page Page Page Interfaces 6.1 Interface Overview 6.1.1 Types of Interfaces 6.2Interface General Commands Summary 6.2.1 Basic Interface Properties and IP Address Commands Page Page 6.2.2 DHCP Setting Commands Page Page Page 6.2.3 Connectivity Check (Ping-check)Commands 6.3 Ethernet Interface Specific Commands 6.3.1 MAC Address Setting Commands 6.4 Port Commands 6.5 Port Role Commands 6.5.1 Port Role Examples 6.6USB Storage Specific Commands Page 6.6.1 USB Storage General Commands Example 6.7 VLAN Interface Specific Commands Page 6.7.1 VLAN Interface Examples Route 7.1 Policy Route 7.2 Policy Route Commands Page Page 7.2.1 Assured Forwarding (AF) PHB for DiffServ 7.2.2 Policy Route Command Example 7.3 IP Static Route 7.4 Static Route Commands 7.4.1 Static Route Commands Example 7.5 Learned Routing Information Commands 7.5.1 show ip route Command Example Page AP Management 8.1 AP Management Overview 8.2 AP Management Commands Page 8.2.1 AP Management Commands Example Wireless LAN Profiles 9.1 Wireless LAN Profiles Overview 9.2 AP & Monitor Profile Commands Page Page Page Page 9.2.1 AP & Monitor Profile Commands Example 9.3 SSID Profile Commands 9.3.1 SSID Profile Example 9.4 Security Profile Commands Page Page 9.4.1 Security Profile Example 9.5 MAC Filter Profile Commands 9.5.1 MAC Filter Profile Example Rogue AP 10.1 Rogue AP Detection Overview 10.2 Rogue AP Detection Commands 10.2.1 Rogue AP Detection Examples 10.3 Rogue AP Containment Overview 10.4Rogue AP Containment Commands 10.4.1 Rogue AP Containment Example Wireless Frame Capture 11.1 Wireless Frame Capture Overview 11.2 Wireless Frame Capture Commands 11.2.1 Wireless Frame Capture Examples Dynamic Channel Selection 12.1 DCS Overview 12.2 DCS Commands 12.2.1 DCS Examples Page Page Wireless Load Balancing 13.1 Wireless Load Balancing Overview 13.2 Wireless Load Balancing Commands Page 13.2.1 Wireless Load Balancing Examples Page Dynamic Guest 14.1 Dynamic Guest Overview 14.2 Dynamic Guest Commands Page 14.2.1 Dynamic Guest Examples Page Zones 15.1Zones Overview 15.2 Zone Commands Summary 15.2.1 Zone Command Examples Page ALG 16.1 ALG Introduction 16.2 ALG Commands 16.3 ALG Commands Example Captive Portal 17.1 Captive Portal Overview 17.1.1 Web Authentication Policy Commands Page Page 17.1.2 page-customizationCommands RTLS 18.1 RTLS Introduction 18.2 RTLS Commands Page Firewall 19.1 Firewall Overview 19.2 Firewall Commands Page 19.2.1 Firewall Sub-Commands 19.2.2 Firewall Command Examples 19.3 Session Limit Commands Page Page Application Patrol 20.1 Application Patrol Overview 20.2 Application Patrol Commands Summary 20.2.1 Pre-definedApplication Commands 20.2.2 Rule Commands for Pre-definedApplications Page 20.2.3 Exception Commands for Pre-definedApplications 20.2.4 Other Application Commands 20.2.5 Rule Commands for Other Applications 20.2.6General Commands for Application Patrol Page Page Page Anti-Virus 21.1 Anti-VirusOverview 21.2 Anti-virusCommands 21.2.1 General Anti-virusCommands 21.2.2 Zone to Zone Anti-virusRules Page 21.2.3 White and Black Lists Page 21.2.4 Signature Search Anti-virusCommand 21.3 Update Anti-virusSignatures 21.3.1 Update Signature Examples 21.4 Anti-virusStatistics 21.4.1 Anti-virusStatistics Example IDP Commands 22.1 Overview 22.2 General IDP Commands 22.2.1IDP Activation 22.3 IDP Profile Commands 22.3.1 Global Profile Commands 22.3.2IDP Zone to Zone Rules 22.3.3 Editing/Creating IDP Signature Profiles 22.3.4 Editing/Creating Anomaly Profiles Page Page Page 22.3.5 Editing System Protect 22.3.6 Signature Search Page Page 22.4 IDP Custom Signatures 22.4.1 Custom Signature Examples Page Page 22.5 Update IDP Signatures 22.5.1 Update Signature Examples 22.6 IDP Statistics 22.6.1 IDP Statistics Example Device HA 23.1 Device HA Overview 23.1.1Before You Begin 23.2 General Device HA Commands 23.3 Active-PassiveMode Device HA 23.4Active-PassiveMode Device HA Commands 23.4.1 Active-PassiveMode Device HA Commands Page 23.4.2 Active-PassiveMode Device HA Command Example Page User/Group 24.1 User Account Overview 24.1.1 User Types 24.2 User/Group Commands Summary 24.2.1 User Commands 24.2.2 User Group Commands 24.2.3 User Setting Commands Page 24.2.4 MAC Auth Commands 24.2.5 Additional User Commands Page Page Addresses 25.1Address Overview 25.2 Address Commands Summary 25.2.1 Address Object Commands 25.2.2 Address Group Commands Page Services 26.1 Services Overview 26.2 Services Commands Summary 26.2.1 Service Object Commands 26.2.2 Service Group Commands Page Page Schedules 27.1 Schedule Overview 27.2Schedule Commands Summary 27.2.1 Schedule Command Examples AAA Server 28.1 AAA Server Overview 28.2Authentication Server Command Summary 28.2.1 aaa group server ad Commands 28.2.2 aaa group server ldap Commands 28.2.3 aaa group server radius Commands Page 28.2.4 aaa group server Command Example Authentication Objects 29.1 Authentication Objects Overview 29.2 aaa authentication Commands 29.2.1 aaa authentication Command Example 29.3 test aaa Command 29.3.1 Test a User Account Command Example Page Authentication Server 30.1 Authentication Server Overview 30.2 Authentication Server Commands 30.2.1 Authentication Server Command Examples ENC 31.1 ENC Overview 31.2 ENC-AgentCommands Page 31.2.1 ENC-AgentCommand Examples Page Certificates 32.1 Certificates Overview 32.2 Certificate Commands 32.3 Certificates Commands Input Values 32.4 Certificates Commands Summary Page 32.5 Certificates Commands Examples System 33.1 System Overview 33.2 Customizing the WWW Login Page Page 33.3 Host Name Commands 33.4 Time and Date 33.4.1 Date/Time Commands 33.5 Console Port Speed 33.6 DNS Overview 33.6.1 DNS Commands 33.6.2 DNS Command Example System Remote Management 34.1Remote Management Overview 34.1.1 Remote Management Limitations 34.1.2System Timeout 34.2 Common System Command Input Values 34.3 HTTP/HTTPS Commands 34.3.1 HTTP/HTTPS Command Examples 34.4 SSH 34.4.1 SSH Implementation on the NXC 34.4.2 Requirements for Using SSH 34.4.3 SSH Commands 34.4.4 SSH Command Examples 34.5 Telnet 34.6 Telnet Commands 34.6.1 Telnet Commands Examples 34.7 Configuring FTP 34.7.1 FTP Commands 34.7.2 FTP Commands Examples 34.8 SNMP 34.8.1 Supported MIBs 34.8.2 SNMP Traps 34.8.3 SNMP Commands 34.8.4 SNMP Commands Examples 34.9 Language Commands File Manager 35.1 File Directories 35.2Configuration Files and Shell Scripts Overview 35.2.1 Comments in Configuration Files or Shell Scripts 35.2.2Errors in Configuration Files or Shell Scripts 35.2.3 NXC Configuration File Details 35.2.4Configuration File Flow at Restart 35.3 File Manager Commands Input Values 35.4 File Manager Commands Summary 35.5 File Manager Command Example 35.6 FTP File Transfer 35.6.1 Command Line FTP File Upload 35.6.2Command Line FTP Configuration File Upload Example 35.6.3 Command Line FTP File Download 35.6.4 Command Line FTP Configuration File Download Example 35.7 NXC File Usage at Startup 35.8 Notification of a Damaged Recovery Image or Firmware 35.9 Restoring the Recovery Image (NXC5200 Only) Page 35.10 Restoring the Firmware Page 35.11 Restoring the Default System Database Page 35.11.1 Using the atkz -uDebug Command (NXC5200 Only) Page Page Logs 36.1Log Commands Summary 36.1.1 Log Entries Commands 36.1.2 System Log Commands 36.1.3 Debug Log Commands 36.1.4 E-mailProfile Log Commands Page 36.1.5 Console Port Log Commands 36.1.6 Access Point Logging Commands Page Page Reports and Reboot 37.1 Report Commands Summary 37.1.1 Report Commands 37.1.2 Report Command Examples 37.1.3 Session Commands 37.2 Email Daily Report Commands Page 37.2.1 Email Daily Report Example 37.3 Reboot Session Timeout Page Diagnostics 39.1 Diagnostics 39.2 Diagnosis Commands 39.3 Diagnosis Commands Example Page Packet Flow Explore 40.1 Packet Flow Explore 40.2 Packet Flow Explore Commands 40.3 Packet Flow Explore Commands Example Maintenance Tools 41.1 Maintenance Tools Commands Page 41.1.1 Command Examples Page Page Page Watchdog Timer 42.1 Hardware Watchdog Timer 42.2 Software Watchdog Timer 42.3 Application Watchdog 42.3.1 Application Watchdog Commands Example Page Managed AP Commands 43.1 Managed Series AP Commands Overview 43.2 Accessing the AP CLI 43.3 CAPWAP Client Commands 43.3.1 CAPWAP Client Commands Example 43.4 DNS Server Commands 43.4.1 DNS Server Commands Example 43.4.2 DNS Server Commands and DHCP Page List of Commands