P312 Broadband Security Gateway

Chapter 19

Example Firewall Rules

19.1 Examples

Please note that whenever you open a hole in the firewall to forward a service from the Internet to the local network, and NAT is also enabled, you may have to also configure a server behind NAT using SMT menu

15.2.Please see the chapter on NAT for more detailed information on NAT and also see Figure 14-5for a view of how Filtering, the Firewall and NAT interact.

19.1.1 Example 1 - Firewall Rule To Allow Web Service From The Internet

Let’s say we have one server on the local network, with an IP of 10.100.1.2, supporting FTP, HTTP, Telnet and mail services. The only traffic allowed from the Internet is web service. We want to be able to forward all traffic initiated from our local network (local network). We want to know who accesses our server and send e-mail alerts when this happens. Our mail account is user@zyxel.com. Another network administrator has an e-mail address of user2@zyxel.com. This is what we do.

Step 1. Activate the firewall. You may activate the firewall by Prestige Web Configurator shown next (click Configuration, the Config tab, then check the Firewall Enabled box) or in SMT Menu

21.2.You can only configure the firewall using the Prestige Web Configurator or CI commands (see the Appendix). When the firewall is active, the default rules allow all traffic from the local network to the WAN (Internet) and block all traffic from the Internet to the local network.

Example Firewall Rules

19-1

Page 203
Image 203
ZyXEL Communications P-312 manual Example Firewall Rules, Examples