Chapter 9 Firewalls
The following table describes the labels in this screen.
Table 52 Security > Firewall > General
LABEL | DESCRIPTION |
Active Firewall | Select this check box to activate the firewall. The ZyXEL Device performs access |
| control and protects against Denial of Service (DoS) attacks when the firewall is |
| activated. |
|
|
Bypass Triangle | If an alternate gateway on the LAN has an IP address in the same subnet as the |
Route | ZyXEL Device’s LAN IP address, return traffic may not go through the ZyXEL |
| Device. This is called an asymmetrical or “triangle” route. This causes the ZyXEL |
| Device to reset the connection, as the connection has not been acknowledged. |
| Select this check box to have the ZyXEL Device permit the use of asymmetrical |
| route topology on the network (not reset the connection). |
| Note: Allowing asymmetrical routes may let traffic from the WAN go |
| directly to the LAN without passing through the ZyXEL |
| Device. A better solution is to use IP alias to put the ZyXEL |
| Device and the backup gateway on separate subnets. See |
| Section 9.5.4.1 on page 169 for an example. |
|
|
Packet Direction | This is the direction of travel of packets (LAN to LAN / Router, LAN to WAN, |
| WAN to WAN / Router, WAN to LAN). |
| Firewall rules are grouped based on the direction of travel of packets to which they |
| apply. For example, LAN to LAN / Router means packets traveling from a |
| computer/subnet on the LAN to either another computer/subnet on the LAN |
| interface of the ZyXEL Device or the ZyXEL Device itself. |
|
|
Default Action | Use the |
| on packets that are traveling in the selected direction and do not match any of the |
| firewall rules. |
| Select Drop to silently discard the packets without sending a TCP reset packet or |
| an ICMP |
| Select Reject to deny the packets and send a TCP reset packet (for a TCP |
| packet) or an ICMP |
| sender. |
| Select Permit to allow the passage of the packets. |
|
|
Log | Select the check box to create a log (when the above action is taken) for packets |
| that are traveling in the selected direction and do not match any of your |
| customized rules. |
|
|
Expand... | Click this to display more information. |
|
|
Basic... | Click this to display less information. |
|
|
Apply | Click this to save your changes. |
|
|
Cancel | Click this to restore your previously saved settings. |
|
|
9.3The Firewall Rule Screen
"The ordering of your rules is very important as rules are applied in turn.
Refer to Section 9.5 on page 166 for more information.
| 157 |
|
|