ZyXEL Communications ZyWALL 1000 19.3 Firewall Rule Example Applications, 19.2.2 Firewall and VPN Traffic

Chapter 19 Firewall

The ZyWALL checks the firewall rules before the service control rules for traffic destined for the ZyWALL.

You can configure a to-ZyWALL firewall rule (with From Any To ZyWALL direction) for traffic from an interface which is not in a zone.

19.2.2 Firewall and VPN Traffic

After you create a VPN tunnel and apply it to a zone, you can set the firewall rules applied to VPN traffic. If you add a VPN tunnel to an existing zone (the LAN zone for example), you can configure a new LAN to LAN firewall rule or use intra-zone traffic blocking to allow or block VPN traffic transmitting between the VPN tunnel and other interfaces in the LAN zone. If you add the VPN tunnel to a new zone (the VPN zone for example), you can configure rules for VPN traffic between the VPN zone and other zones or From VPN To-ZyWALLrules for VPN traffic destined for the ZyWALL.

19.3 Firewall Rule Example Applications

Suppose that your company decides to block all of the LAN users from using IRC (Internet Relay Chat) through the Internet. To do this, you would configure a LAN to WAN firewall rule that blocks IRC traffic from any source IP address from going to any destination address. You do not need to specify a schedule since you need the firewall rule to always be in effect. The following figure shows the results of this rule.

Figure 183 Blocking All LAN to WAN IRC Traffic Example

280
280	ZyWALL USG 1000 User’s Guide