24

Firewall

24.1 Overview

Use the firewall to block or allow services that use static port numbers. Use application patrol (see Chapter 32 on page 521) to control services using flexible/ dynamic port numbers. The firewall can also limit the number of user sessions.

This figure shows the ZyWALL’s default firewall rules in action and demonstrates how stateful inspection works. User 1 can initiate a Telnet session from within the LAN zone and responses to this request are allowed. However, other Telnet traffic initiated from the WAN or DMZ zone and destined for the LAN zone is blocked.

Communications between the WAN and the DMZ zones are allowed. The firewall allows VPN traffic between any of the networks.

Figure 313 Default Firewall Action

24.1.1What You Can Do in this Chapter

Use the Firewall screens (Section 24.2 on page 431) to enable or disable the firewall and asymmetrical routes, and manage and configure firewall rules.

Use the Session Limit screens (see Section 24.3 on page 436) to limit the number of concurrent NAT/firewall sessions a client can use.

 

423

ZyWALL USG 2000 User’s Guide