Chapter 10 Firewalls
The following table describes the labels in this screen.
Table 52 Security > Firewall > General
LABEL | DESCRIPTION |
Active Firewall | Select this check box to activate the firewall. The ZyXEL Device |
| performs access control and protects against Denial of Service (DoS) |
| attacks when the firewall is activated. |
|
|
Bypass Triangle | If an alternate gateway on the LAN has an IP address in the same |
Route | subnet as the ZyXEL Device’s LAN IP address, return traffic may not go |
| through the ZyXEL Device. This is called an asymmetrical or “triangle” |
| route. This causes the ZyXEL Device to reset the connection, as the |
| connection has not been acknowledged. |
| Select this check box to have the ZyXEL Device permit the use of |
| asymmetrical route topology on the network (not reset the connection). |
| Note: Allowing asymmetrical routes may let traffic from the WAN go |
| directly to the LAN without passing through the ZyXEL |
| Device. A better solution is to use IP alias to put the ZyXEL |
| Device and the backup gateway on separate subnets. See |
| Section 10.5.4.1 on page 208 for an example. |
|
|
Packet | This is the direction of travel of packets (LAN to LAN / Router, LAN to |
Direction | WAN, WAN to WAN / Router, WAN to LAN). |
| Firewall rules are grouped based on the direction of travel of packets to |
| which they apply. For example, LAN to LAN / Router means packets |
| traveling from a computer/subnet on the LAN to either another |
| computer/subnet on the LAN interface of the ZyXEL Device or the ZyXEL |
| Device itself. |
|
|
Default Action | Use the |
| firewall is to take on packets that are traveling in the selected direction |
| and do not match any of the firewall rules. |
| Select Drop to silently discard the packets without sending a TCP reset |
| packet or an ICMP |
| Select Reject to deny the packets and send a TCP reset packet (for a |
| TCP packet) or an ICMP |
| packet) to the sender. |
| Select Permit to allow the passage of the packets. |
|
|
Log | Select the check box to create a log (when the above action is taken) |
| for packets that are traveling in the selected direction and do not match |
| any of your customized rules. |
|
|
Expand... | Click this to display more information. |
|
|
Basic... | Click this to display less information. |
|
|
Apply | Click this to save your changes. |
|
|
Cancel | Click this to restore your previously saved settings. |
|
|
| 195 |
|
|