Chapter 5 Configuration Basics
Zones cannot overlap. Each interface and VPN tunnel can be assigned to at most one zone. Virtual interfaces are automatically assigned to the same zone as the interface on which they run.
When you create a zone, the ZyWALL does not create any firewall rules, assign an IDP profile, or configure service control for the new zone.
MENU ITEM(S) | Network > Zone |
PREREQUISITES | Interfaces, IPSec VPN, SSL VPN |
WHERE USED | Firewall, IDP, service control, |
|
|
Example: For example, to create the
Use device HA to create redundant backup gateways. The ZyWALL runs VRRP v2. You can only set up device HA with other ZyWALLs of the same model running the same firmware version.
MENU ITEM(S) | Device HA |
PREREQUISITES | Interfaces (with a static IP address), |
|
|
Example: See Chapter 6 on page 125.
5.4.9 DDNSDynamic DNS maps a domain name to a dynamic IP address. The ZyWALL helps maintain this mapping.
MENU ITEM(S) | Network > DDNS |
PREREQUISITES | Interfaces |
|
|
Use policy routes to control the routing of packets through the ZyWALL’s interfaces, trunks, and VPN connections. You also use policy routes for bandwidth management (out of the ZyWALL), port triggering, and general NAT on the source address. You have to set up the criteria,
MENU ITEM(S) | Network > Routing > Policy Route | |
| Criteria: users, user groups, interfaces (incoming), IPSec VPN (incoming), | |
| addresses (source, destination), address groups (source, destination), | |
PREREQUISITES | schedules, services, service groups | |
| ||
| NAT: addresses (translated address), services and service groups (port | |
| triggering) | |
|
|
Example: You have an FTP server connected to ge 4 (in the DMZ zone). You want to limit the amount of FTP traffic that goes out from the FTP server through your WAN connection.
1Create an address object for the FTP server (Object > Address).
| 117 |
ZyWALL USG 300 User’s Guide | |
|
|