Chapter 27 Application Patrol
Table 115 Application Policy Edit (continued)
LABEL | DESCRIPTION |
Schedule | Select a schedule that defines when the policy applies or select Create Object to |
| configure a new one (see Chapter 37 on page 527 for details). Otherwise, select |
| none to make the policy always effective. |
|
|
User | Select a user name or user group to which to apply the policy. Select Create |
| Object to configure a new user account (see Section 34.2.1 on page 506 for |
| details). Select any to apply the policy for every user. |
|
|
From | Select the source zone of the traffic to which this policy applies. |
|
|
To | Select the destination zone of the traffic to which this policy applies. |
|
|
Source | Select a source address or address group for whom this policy applies. Select |
| Create Object to configure a new one. Select any if the policy is effective for every |
| source. |
|
|
Destination | Select a destination address or address group for whom this policy applies. Select |
| Create Object to configure a new one. Select any if the policy is effective for every |
| destination. |
|
|
Access | This field controls what the ZyWALL does with packets for this application that |
| match this policy. Choices are: |
| forward - the ZyWALL routes the packets for this application. |
| Drop - the ZyWALL does not route the packets for this application and does not |
| notify the client of its decision. |
| Reject - the ZyWALL does not route the packets for this application and notifies the |
| client of its decision. |
|
|
Action Block | For some applications, you can select individual uses of the application that the |
| policy will have the ZyWALL block. These fields only apply when Access is set to |
| forward. |
| Login - Select this option to block users from logging in to a server for this |
| application. |
| Message - Select this option to block users from sending or receiving instant |
| messages. |
| Audio - Select this option to block users from sending or receiving audio traffic. |
| Video - Select this option to block users from sending or receiving video traffic. |
| File Transfer - Select this option to block users from sending or receiving files. |
|
|
Bandwidth | Configure these fields to set the amount of bandwidth the application can use. |
Management | These fields only apply when Access is set to forward. |
| You must also enable bandwidth management in the main application patrol screen |
| (AppPatrol > General) in order to apply bandwidth shaping. |
|
|
Inbound kbps | Type how much inbound bandwidth, in kilobits per second, this policy allows the |
| application to use. Inbound refers to the traffic the ZyWALL sends to a |
| connection’s initiator. |
| If you enter 0 here, this policy does not apply bandwidth management for the |
| application’s traffic that the ZyWALL sends to the initiator. Traffic with bandwidth |
| management disabled (inbound and outbound are both set to 0) is automatically |
| treated as the lowest priority (7). |
| If the sum of the bandwidths for routes using the same next hop is higher than the |
| actual transmission speed, lower priority traffic may not be sent if higher priority |
| traffic uses all of the actual bandwidth. |
|
|
394 |
| |
ZyWALL USG 1000 User’s Guide |
| |
|
|
|