ZyXEL Communications unified security gateway 22.1.2 What You Need to Know

FROM ZONE TO ZONE

BEHAVIOR

From WAN to ZyWALL

Traffic from the WAN to the ZyWALL itself is allowed for certain

default services described in To-ZyWALL Rules on page 375. All

other WAN to ZyWALL traffic is dropped.

From WAN to any (other

Traffic from the WAN to any of the networks behind the

than the ZyWALL)

ZyWALL is dropped.

From DMZ to ZyWALL

Traffic from the DMZ to the ZyWALL itself is allowed for certain

default services described in To-ZyWALL Rules on page 375. All

other DMZ to ZyWALL traffic is dropped.

From DMZ to any (other

Traffic from the DMZ to any of the networks behind the

than the ZyWALL)

ZyWALL is dropped.

From WLAN to WAN

Traffic from the WLAN to the WAN is allowed.

(USG 20W)

From WLAN to ZyWALL

Traffic from the WLAN to the ZyWALL itself is allowed for

(USG 20W)

certain default services described in To-ZyWALL Rules on page

375. All other WLAN to ZyWALL traffic is dropped.

From WLAN to any

Traffic from the WLAN to any of the networks behind the

(other than the ZyWALL)

ZyWALL is dropped.

(USG 20W)

From ANY to ANY

Traffic that does not match any firewall rule is allowed. So for

example, LAN to WAN, LAN to DMZ, and LAN to WLAN traffic is

allowed. This also includes traffic to or from interfaces or VPN

tunnels that are not assigned to a zone (extra-zone traffic).