Chapter 6 Configuration Basics

Example: Suppose you have a SIP proxy server connected to the DMZ zone for VoIP calls. You could configure a firewall rule to allow VoIP sessions from the SIP proxy server on DMZ to the LAN so VoIP users on the LAN can receive calls.

1Create a VoIP service object for UDP port 5060 traffic (Configuration > Object > Service).

2Create an address object for the VoIP server (Configuration > Object > Address).

3Click Configuration > Firewall to go to the firewall configuration.

4Select from the DMZ zone to the LAN1 zone, and add a firewall rule using the items you have configured.

You don’t need to specify the schedule or the user.

In the Source field, select the address object of the VoIP server.

You don’t need to specify the destination address.

Leave the Access field set to Allow and the Log field set to No.

Note: The ZyWALL checks the firewall rules in order. Make sure each rule is in the correct place in the sequence.

6.5.15 IPSec VPN

Use IPSec VPN to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for communication. The ZyWALL also offers hub-and-spoke VPN.

MENU ITEM(S)

Configuration > VPN > IPSec VPN; you can also use the Quick

Setup VPN Setup wizard.

 

Interfaces, certificates (authentication), authentication methods

PREREQUISITES (extended authentication), addresses (local network, remote network, NAT), to-ZyWALL firewall, firewall

WHERE USED Policy routes, zones, L2TP VPN

Example: See Chapter 7 on page 119.

6.5.16 SSL VPN

Use SSL VPN to give remote users secure network access.

MENU ITEM(S) Configuration > VPN > SSL VPN

Interfaces, SSL application, users, user groups, addresses (network

PREREQUISITES list, IP pool for assigning to clients, DNS and WINS server addresses), to-ZyWALL firewall, firewall

110

 

ZyWALL USG 2000 User’s Guide