Manuals / Brands / Computer Equipment / Network Card / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications ZYWALL10 13.4.1 Stateful Inspection Process, Figure 13-5Stateful Inspection, The default action for packets not matching following rules

1 267

Download 267 pages, 2.84 Mb

ZyWALL 10 Internet Security Gateway

!Denies all sessions originating from the WAN (Internet) to the LAN (local network).

Figure 13-5 Stateful Inspection

The previous figure shows the ZyWALL’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.

13.4.1 Stateful Inspection Process

In this example, the following sequence of events occurs when a TCP packet leaves the LAN network through the firewall's WAN interface. The TCP packet is the first in a session, and the packet's application layer protocol is configured for a firewall rule inspection:

1.The packet travels from the firewall's LAN to the WAN.

2.The packet is evaluated against the interface's existing outbound access list, and the packet is permitted (a denied packet would simply be dropped at this point).

3.The packet is inspected by a firewall rule to determine and record information about the state of the packet's connection. This information is recorded in a new state table entry created for the new connection. If there is not a firewall rule for this packet and it is not an attack, then The default action for packets not matching following rules field (see Figure 16-3) determines the action for this packet.

4.Based on the obtained state information, a firewall rule creates a temporary access list entry that is inserted at the beginning of the WAN interface's inbound extended access list. This temporary access list entry is designed to permit inbound packets of the same connection as the outbound packet just inspected.

5.The outbound packet is forwarded out the interface.

What Is a Firewall?

13-7

Contents

User’s Guide Copyright Federal Communications Commission (FCC) Interference Statement Information for Canadian Users Standard Declaration of Conformity ZyXEL Communications Corp No. 6, Innovation Rd. II Science-BasedIndustrial Park Hsinchu, Taiwan, 300 R.O.C Page ZyXEL Limited Warranty Customer Support Table of Contents Chapter 4 Remote Node Setup Chapter 5 IP Static Route Setup Chapter 6 Network Address Translation (NAT) Chapter 9 System Information & Diagnosis Chapter 10 Firmware and Configuration File Maintenance Chapter 12 Telnet Configuration and Capabilities Chapter 13 What is a Firewall Chapter 14 Introducing the ZyWALL Firewall Chapter 16 Creating Custom Rules Appendix B PPTP Appendix C Hardware Specifications Appendix D Important Safety Instructions Page List of Figures Page Page Page Page Page List of Tables Page Page Page Preface Related Documentation Syntax Conventions Bold Times Bold Arial Part I: Getting Started Page Getting to Know Your ZyWALL 1.1The ZyWALL 10 Internet Security Gateway 1.2Features of The ZyWALL PPTP Encapsulation Dynamic DNS Support IP Multicast IP Alias SNMP 1.3Applications for ZyWALL 1.3.1 Broadband Internet Access via Cable or xDSL Modem Figure 1-1Secure Internet Access via Cable Figure 1-2Secure Internet Access via DSL Hardware Installation & Initial Setup 2.1Front Panel LEDs and Back Panel Ports 2.1.1 Front Panel LEDs 2.2ZyWALL 10 Rear Panel and Connections 2.3Additional Installation Requirements 2.4Turn On Your ZyWALL 2.5Navigating the SMT Interface Table 2-2Main Menu Commands 2.5.1 Main Menu 2.5.2 System Management Terminal Interface Summary 2.5.3 SMT Menus at a Glance 2.6Changing the System Password 2.6.1 Resetting the ZyWALL 2.7General Setup 2.7.1 Dynamic DNS 2.7.2 Procedure For Configuring Menu 2.7.3 Configuring Dynamic DNS 2.8WAN Setup 2.9LAN Setup 2.9.1 LAN Port Filter Setup Internet Access 3.1TCP/IP and DHCP for LAN 3.1.1 Factory LAN Defaults 3.1.2 DHCP Configuration 3.1.3 IP Address and Subnet Mask 3.1.4 Private IP Addresses 3.1.5 RIP Setup 3.1.6 IP Multicast 3.1.7 IP Alias 3.2TCP/IP and DHCP Ethernet Setup Figure 3-3Menu 3 — LAN Setup TCP/IP and DHCP Setup Menu 3.2 — TCP/IP and DHCP Ethernet Setup Figure 3-4Menu 3.2 — TCP/IP and DHCP Ethernet Setup Table 3-1DHCP Ethernet Setup Menu Fields Table 3-2LAN TCP/IP Setup Menu Fields 3.2.1 IP Alias Setup 3.3Internet Access Setup 3.3.1 Ethernet Encapsulation Figure 3-6Menu 4 — Internet Access Setup (Ethernet) Table 3-4Internet Access Setup Menu Fields 3.3.2 PPTP Encapsulation 3.3.3 Configuring the PPTP Client 3.3.4 PPPoE Encapsulation Figure 3-8Internet Access Setup (PPPoE) Table 3-6New Fields in Menu 4 (PPPoE) screen Service Name 3.4Basic Setup Complete Part II: Advanced Applications Remote Node Setup 4.1Remote Node Profile 4.1.1 Ethernet Encapsulation Table 4-1Fields in Menu 4.1.2 PPPoE Encapsulation 4.1.3 PPTP Encapsulation Figure 4-3Menu 11.1 — Remote Node Profile for PPTP Encapsulation Table 4-3Fields in Menu 11.1 (PPTP Encapsulation) 4.2Editing TCP/IP Options (with Ethernet Encapsulation) 4.2.1 Editing TCP/IP Options (with PPTP Encapsulation) Figure 4-5Menu 11.3 — Remote Node Network Layer Options Table 4-5Remote Node Network Layer Options Menu Fields 4.2.2 Editing TCP/IP Options (with PPPoE Encapsulation) 4.3Remote Node Filter Figure 4-6Menu 11.5 — Remote Node Filter (Ethernet Encapsulation) Figure 4-7Menu 11.5 — Remote Node Filter (PPPoE or PPTP Encapsulation) IP Static Route Setup 5.1IP Static Route Setup Table 5-1IP Static Route Menu Fields Page Network Address Translation (NAT) 6.1Introduction 6.1.1 NAT Definitions 6.1.2 What NAT Does 6.1.3 How NAT works 6.1.4 NAT Mapping Types 6.1.5 SUA (Single User Account) Versus NAT 6.1.6 NAT Application 6.2SMT Menus 6.2.1 Applying NAT in the SMT Menus Figure 6-3Menu 4 — Applying NAT for Internet Access Menu 11.3 - Remote Node Network Layer Options Figure 6-4Menu 11.3 — Applying NAT to the Remote Node 6.2.2 Configuring NAT 6.2.3 Address Mapping Sets and NAT Server Sets: Enter 1 to bring up Menu 15.1 — Address Mapping Sets Figure 6-6Menu 15.1 — Address Mapping Sets Figure 6-7Menu 15.1.255 — SUA Address Mapping Rules Table 6-4SUA Address Mapping Rules Select Rule Set Name Figure 6-8Menu 15.1.1 — First Set Ordering Your Rules Table 6-5Fields in Menu Edit Menu 15.1.1.1 - Address Mapping Rule Local Global Start/End IPs 6.3NAT Server Sets 6.3.1 Multiple Servers behind NAT 6.3.2 Configuring a Server behind NAT Figure 6-11Menu 15.2 — NAT Server Setup Table 6-7Services & Port numbers 6.4Examples 6.4.1 Internet Access Only 6.4.2 Example 2: Internet Access with an Inside Server 6.4.3 Example 3: General Case Edit Action One-to-One Start IP Figure 6-17Example 3: Menu Figure 6-18Example 3: Menu Figure 6-19Example 3: Final Menu Figure 6-20Example 3: Menu 6.4.4 Example 4: NAT Unfriendly Application Programs Figure 6-22Example 4: Menu 15.1.1.1 — Address Mapping Rule Figure 6-23Example 4: Menu 15.1.1 — Address Mapping Rules Part III: Advanced Management Page Filter Configuration 7.1About Filtering 7.1.1 The Filter Structure of the ZyWALL Filter Set Execute Filter Rule Figure 7-2Filter Rule Process 7.2Configuring a Filter Set Figure 7-6NetBIOS_WAN Filter Rules Summary Figure 7-7NetBIOS _LAN Filter Rules Summary Figure 7-8TEL_FTP_WEB_WAN Filter Rules Summary 7.2.1 Filter Rules Summary Menu 7.2.2 Configuring a Filter Rule 7.2.3 TCP/IP Filter Rule Table 7-3TCP/IP Filter Rule Menu Fields Page Figure 7-10Executing an IP Filter 7.2.4 Generic Filter Rule Table 7-4Generic Filter Rule Menu Fields 7.3Example Filter Yes Equal Drop Forward Figure 7-13Example Filter — Menu 7.4Filter Types and NAT 7.5Firewall 7.6Applying a Filter and Factory Defaults 7.6.1 LAN traffic 7.6.2 Remote Node Filters Page SNMP Configuration 8.1About SNMP 8.2Configuring SNMP Table 8-1SNMP Configuration Menu Fields System Information & Diagnosis 9.1System Status Figure 9-2Menu 24.1 — System Maintenance — Status Table 9-1System Maintenance — Status Menu Fields 9.2System Information and Console Port Speed 9.2.1 System Information 9.2.2 Console Port Speed 9.3Log and Trace 9.3.1 Viewing Error Log 9.3.2 UNIX Syslog Table 9-3System Maintenance Menu Syslog Parameters Page Page 9.3.3 Call-TriggeringPacket 9.4Diagnostic 9.4.1 WAN DHCP Figure 9-11WAN & LAN DHCP Table 9-4System Maintenance Menu Diagnostic Firmware and Configuration File Maintenance 10.1 Filename conventions 10.1.1 Firmware Development 10.2 Backup Configuration 10.2.1 Example: Backup Configuration Using HyperTerminal 10.2.2 Backup Configuration Using Telnet 10.3 Restore Configuration 10.3.1 Example: Restore Configuration Using HyperTerminal 10.4 Upload Firmware 10.4.1 Uploading the Router Firmware 10.4.2 Example: Xmodem Upload Using HyperTerminal 10.4.3 Uploading Router Configuration File 10.5 TFTP File Transfer 10.5.1 Example: TFTP Command 10.6 FTP File Transfer Figure 10-13Telnet into Menu Figure 10-14Telnet into Menu 24.7.2 — System Maintenance 10.6.1 Using the FTP command from the DOS Prompt Table 10-3Third Party FTP Clients — General Fields System Maintenance & Information 11.1 Command Interpreter Mode 11.2 Call Control Support 11.2.1 Budget Management 11.2.2 Call History 11.3 Time and Date Setting Figure 11-6Menu 24 — System Maintenance Figure 11-7Menu 24.10 System Maintenance — Time and Date Setting How often does the ZyWALL update the time 11.4 Remote Management Setup 11.5 Boot Commands Figure 11-10Boot Module Commands Page Telnet Configuration and Capabilities 12.1 About Telnet Configuration 12.2 Telnet Under NAT 12.3 Telnet Capabilities 12.3.1 Single Administrator 12.4 Telnet Behind the Firewall Part IV: Firewall and Content Filters Page What is a Firewall 13.1 Types of Firewalls 13.1.1 Packet Filtering Firewalls 13.1.2 Application-levelFirewalls 13.1.3 Stateful Inspection Firewalls 13.2 Introduction to ZyXEL’s Firewall 13.3 Denial of Service 13.3.1 Basics 13.3.2 Types of DoS attacks Figure 13-2 Three-WayHandshake SYN Attack Figure 13-3SYN Flood LAND Attack 13.4 Stateful Inspection 13.4.1 Stateful Inspection Process 13.4.2 Stateful Inspection & the ZyWALL 13.4.3 TCP Security 13.4.4 UDP/ICMP Security 13.4.5 Upper Layer Protocols 13.5 Guidelines For Enhancing Security With Your Firewall 13.5.1 Security In General Page Page Introducing the ZyWALL Firewall 14.1 SMT Menus 14.1.1 View Firewall Log 14.1.2 Attack Types ICMP Echo ICMP Vulnerability Table 14-1ICMP Commands That Trigger Alerts Illegal Commands (NetBIOS and SMTP) Table 14-2Legal NetBIOS Commands Traceroute Teardrop SYN Flood Figure 14-4View Firewall Log 14.2 The Big Picture - Filtering, Firewall and NAT 14.3 Packet Filtering Vs Firewall 14.3.1 Packet Filtering: 14.3.2 Firewall Page Introducing the ZyWALL Web Configurator 15.1 Web Configurator Login and Welcome Screens Figure 15-2ZyWALL Web Configurator Welcome Screen 15.2 Enabling the Firewall 15.3 E-mail 15.3.1 What are Alerts 15.3.2 What are Logs Table 15-1 E-mail 15.3.3 SMTP Error Messages 15.3.4 Example E-mailLog 15.4 Attack Alert 15.4.1 Threshold Values: 15.4.2 Half-OpenSessions Figure 15-6Attack Alert Table 15-3Attack Alert Page Page Creating Custom Rules 16.1 Rules Overview 16.2 Rule Logic Overview 16.2.1 Rule Checklist 16.2.2 Security Ramifications 16.2.3 Key Fields For Configuring Rules 16.3 Connection Direction 16.3.1 LAN to WAN Rules 16.3.2 WAN to LAN Rules 16.4 Rule Summary Figure 16-3Firewall Rules Summary — First Screen Table 16-1Firewall Rules Summary — First Screen 16.5 Predefined Services Table 16-2Predefined Services Page 16.5.1 Creating/Editing Firewall Rules Table 16-3Creating/Editing A Firewall Rule 16.5.2 Source and Destination Addresses Table 16-4Adding/Editing Source and Destination Addresses 16.6 Timeout 16.6.1 Factors Influencing Choices for Timeout Values Table 16-5Timeout Menu Page Custom Ports 17.1 Introduction Table 17-1Custom Ports 17.2 Creating/Editing A Custom Port Table 17-2Creating/Editing A Custom Port Logs 18.1 Log Screen Table 18-1Log Screen Example Firewall Rules 19.1 Examples 19.1.1 Example 1: Firewall Rule To Allow Web Service From The Internet Config Firewall Enabled Figure 19-1Activate The Firewall Figure 19-2Example 1: E-mailScreen Rule Summary Available Services list box and click Figure 19-3Example 1: Configuring a Rule Page 19.1.2 Example 2: Small Office With Mail, FTP and Web Servers Figure 19-6Send Alerts When Attacked Single Figure 19-7Configuring A POP Custom Port Rule Summary Source Address Figure 19-8Example 2: Local Network Rule 1 Configuration Figure 19-9Example 2: Local Network Rule Summary Destination Address Figure 19-10Example: Internet to Local Network Rule Summary Services Figure 19-11Custom Port for Syslog Figure 19-12Syslog Rule Configuration Figure 19-13Example 3: Rule Summary Content Filtering 20.1 Categories 20.1.1 Restrict Web Features 20.1.2 Filter List 20.1.3 Days and Times Figure 20-1Categories Screen 20.2 Update List 20.3 Exempting Computers 20.4 Customizing 20.5 Keywords 20.6 Log Records Part V: Troubleshooting, Appendices, Glossary and Index Page Troubleshooting 21.1 Problems Starting Up the ZyWALL 21.2 Problems with the LAN Interface 21.3 Problems with the WAN interface 21.4 Problems with Internet Access 21.5 Problems with the Firewall Page Appendix A PPPoE How PPPoE Works ZyWALL as a PPPoE Client Diagram 2 ZyWALL as a PPPoE Client Appendix B PPTP Diagram 4 PPTP Protocol Overview Control & PPP connections Diagram 5 Example Message Exchange between PC and an ANT Appendix C Hardware Specifications Appendix D Important Safety Instructions Appendix E Firewall CLI Commands Page Page Page Page Page Page Glossary of Terms Page Page Page Page Page Page Page Page Page Page Index