Chapter 5 Configuration Basics

2Create an address object for the VoIP server (Object > Address).

3Click Firewall to go to the firewall configuration.

4Select from the DMZ-2zone to the LAN zone, and add a firewall rule using the items you have configured.

You don’t need to specify the schedule or the user.

In the Source field, select the address object of the VoIP server.

You don’t need to specify the destination address.

Leave the Access field set to Allow and the Log field set to No.

"The ZyWALL checks the firewall rules in order. Make sure each rule is in the correct place in the sequence.

5.4.13Application Patrol

Use application patrol to control which individuals can use which services through the ZyWALL (and when they can do so). You can also specify allowed amounts of bandwidth and priorities. You must subscribe to use application patrol. You can subscribe using the Licensing > Registration screens or one of the wizards.

MENU ITEM(S)

AppPatrol

 

Registration, zones, Schedules, users, user groups, addresses (source,

PREREQUISITES

destination), address groups (source, destination). These are only used as

 

criteria in exceptions and conditions.

 

 

Example: Suppose you want to allow vice president Bob to use BitTorrent and block everyone else from using it.

1Create a user account for Bob (User/Group).

2Click AppPatrol > Peer to Peer to go to the application patrol configuration screen. Click the BitTorrent application patrol entry’s Edit icon.

Set the default policy’s access to Drop.

Add another policy.

Select the user account that you created for Bob.

You can leave the source, destination and log settings at the default.

"With this example, Bob would have to log in using his account. If you do not want him to have to log in, you might create an exception policy with Bob’s computer IP address as the source.

 

119

ZyWALL USG 300 User’s Guide