ZyWALL 5/35/70 Series User’s Guide

10.7.2Firewall

The firewall inspects packet contents as well as their source and destination addresses. Firewalls of this type employ an inspection module, applicable to all protocols, that understands data in the packet is intended for other layers, from the network layer (IP headers) up to the application layer.

The firewall performs stateful inspection. It takes into account the state of connections it handles so that, for example, a legitimate incoming packet can be matched with the outbound request for that packet and allowed in. Conversely, an incoming packet masquerading as a response to a nonexistent outbound request can be blocked.

The firewall uses session filtering, i.e., smart rules, that enhance the filtering process and control the network session rather than control individual packets in a session.

The firewall provides e-mail service to notify you of routine reports and when alerts occur.

10.7.2.1 When To Use The Firewall

1To prevent DoS attacks and prevent hackers cracking your network.

2A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required.

3To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters cannot distinguish traffic originating from an inside host or an outside host by IP address.

4The firewall performs better than filtering if you need to check many rules.

5Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur.

6The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database.

209

Chapter 10 Firewalls