|
| Chapter 19 Firewall |
| Table 88 Firewall (continued) | |
| LABEL | DESCRIPTION |
| Maximum | Use this field to set the highest number of sessions that the ZyWALL will permit a |
| session per host | computer with the same IP address to have at one time. |
|
| When computers use peer to peer applications, such as file sharing applications, |
|
| they may use a large number of NAT sessions. If you do not limit the number of NAT |
|
| sessions a single client can establish, this can result in all of the available NAT |
|
| sessions being used. In this case, no additional NAT sessions can be established, |
|
| and users may not be able to access the Internet. |
|
| Each NAT session establishes a corresponding firewall session. Use this field to |
|
| limit the number of NAT/firewall sessions each client computer can establish |
|
| through the ZyWALL. |
|
| If your network has a small number of clients using peer to peer applications, you |
|
| can raise this number to ensure that their performance is not degraded by the |
|
| number of NAT sessions they can establish. If your network has a large number of |
|
| users using peer to peer applications, you can lower this number to ensure no single |
|
| client is using too many of the available NAT sessions. |
|
|
|
| From Zone | This is the direction of travel of packets. Select from which zone the packets come |
| To Zone | and to which zone the packets go. |
|
| Firewall rules are grouped based on the direction of travel of packets to which they |
|
| apply. For example, from LAN to LAN means packets traveling from a computer or |
|
| subnet on the LAN to either another computer or subnet on the LAN. |
|
| From any displays all the firewall rules for traffic going to a particular zone. |
|
| To any displays all the firewall rules for traffic coming from a particular zone. |
|
| From any to any displays all of the firewall rules. |
|
| To ZyWALL rules are for traffic that is destined for the ZyWALL and control which |
|
| computers can manage the ZyWALL. |
|
|
|
| The following | |
| selected packet direction. | |
|
|
|
| # | This is the index number of your firewall rule. It is not associated with a specific rule. |
|
|
|
| Priority | This is the position of your firewall rule in the global rule list (including all through- |
|
| ZyWALL and |
|
| applied in sequence. |
|
|
|
| Schedule | This field tells you the schedule object that the rule uses. none means the rule is |
|
| active at all times if enabled. |
|
|
|
| User | This is the user name or user group name to which this firewall rule applies. |
|
|
|
| Source | This displays the source address object to which this firewall rule applies. |
|
|
|
| Destination | This displays the destination address object to which this firewall rule applies. |
|
|
|
| Service | This displays the service object to which this firewall rule applies. |
|
|
|
| Access | This field displays whether the firewall silently discards packets (deny), discards |
|
| packets and sends a TCP reset packet to the sender (reject) or permits the |
|
| passage of packets (allow). |
|
|
|
| Log | This field shows you whether a log (and alert) is created when packets match this |
|
| rule or not. |
|
|
|
| 285 |
ZyWALL USG 1000 User’s Guide | |
|
|