|
| Chapter 19 Firewall |
| Table 89 Firewall > Edit (continued) | |
| LABEL | DESCRIPTION |
| Description | Enter a descriptive name of up to 60 printable ASCII characters for the firewall rule. |
|
| Spaces are allowed. |
|
|
|
| Schedule | Select a schedule that defines when the rule applies or select Create Object to |
|
| configure a new one (see Chapter 37 on page 527 for details). Otherwise, select |
|
| none and the rule is always effective. |
|
|
|
| User | This field is not available when you are configuring a |
|
| Select a user name or user group to which to apply the rule. Select Create Object |
|
| to configure a new user account (see Section 34.2.1 on page 506 for details). The |
|
| firewall rule is activated only when the specified user logs into the system and the |
|
| rule will be disabled when the user logs out. |
|
| Otherwise, select any and there is no need for user logging. |
|
| Note: If you specified a source IP address (group) instead of any in |
|
| the field below, the user’s IP address should be within the IP |
|
| address range. |
|
|
|
| Source | Select a source address or address group for whom this rule applies. Select |
|
| Create Object to configure a new one. Select any if the policy is effective for every |
|
| source. |
|
|
|
| Destination | Select a destination address or address group for whom this rule applies. Select |
|
| Create Object to configure a new one. Select any if the policy is effective for every |
|
| destination. |
|
|
|
| Service | Select a service or service group from the |
|
| Object to add a new service. See Chapter 36 on page 521 for more information. |
|
|
|
| Access | Use the |
|
| match this rule. |
|
| Select deny to silently discard the packets without sending a TCP reset packet or |
|
| an ICMP |
|
| Select reject to deny the packets and send a TCP reset packet to the sender. Any |
|
| UDP packets are dropped without sending a response packet. |
|
| Select allow to permit the passage of the packets. |
|
|
|
| Log | Select whether to have the ZyWALL generate a log (log), log and alert (log alert) |
|
| or not (no) when the rule is matched. |
|
|
|
| OK | Click OK to save your customized settings and exit this screen. |
|
|
|
| Cancel | Click Cancel to exit this screen without saving. |
|
|
|
19.7 Firewall Rule Configuration Example
The following Internet firewall rule example allows a hypothetical MyService from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 (Dest_1) on the LAN.
1Click Firewall. Click the Add icon (
) in the heading row to configure a new first entry (as in this example) or the Add icon (
) in an entry to add a rule below the selected entry. Remember the sequence (priority) of the rules is important since they are applied in order.
| 287 |
ZyWALL USG 1000 User’s Guide | |
|
|