19
Firewall
This chapter introduces the ZyWALL’s firewall and shows you how to configure your ZyWALL’s firewall. See Section 5.4.12 on page 118 for related information on these screens.
19.1 Firewall Overview
The ZyWALL’s firewall is a stateful inspection firewall. The ZyWALL restricts access by screening data packets against defined access rules. It can also inspect sessions. For example, traffic from one zone is not allowed unless it is initiated by a computer in another zone first.
A zone is a group of interfaces or VPN tunnels. Group the ZyWALL’s interfaces into different zones based on your needs. You can configure firewall rules for data passing between zones or even between interfaces and/or VPN tunnels in a zone.
The following figure shows the ZyWALL’s default firewall rules in action as well as demonstrates how stateful inspection works. User 1 can initiate a Telnet session from within the LAN zone and responses to this request are allowed. However, other Telnet traffic initiated from the WAN or DMZ zone and destined for the LAN zone is blocked. Communications between the WAN and the DMZ zones are allowed. The firewall allows VPN traffic between any of the networks.
Figure 182 Default Firewall Action
| 277 |
ZyWALL USG 1000 User’s Guide | |
|
|