Chapter 19 Firewall
"
"
The following table explains the default firewall rules for traffic going through the ZyWALL. See Section 19.2.1.2 on page 280 for details on the firewall rules for traffic going to the ZyWALL itself.
Table 84 Default Firewall Rules
FROM ZONE TO ZONE | STATEFUL PACKET INSPECTION |
From LAN to LAN | Traffic between interfaces in the LAN is allowed. |
|
|
From LAN to WAN | Traffic from the LAN to the WAN is allowed. |
|
|
From LAN to DMZ | Traffic from the LAN to the DMZ is allowed. |
|
|
From LAN to WLAN | Traffic from the LAN to the WLAN is allowed. |
|
|
From WAN to LAN | Traffic from the WAN to the LAN is dropped. |
|
|
From WAN to WAN | Traffic between interfaces in the WAN is dropped. |
|
|
From WAN to DMZ | Traffic from the WAN to the DMZ is allowed. |
|
|
From WAN to ZyWALL | Traffic from the WAN to the ZyWALL itself is dropped except for |
| the traffic types described in Section 19.2.1.2 on page 280. |
|
|
From WAN to WLAN | Traffic from the WAN to the WLAN is allowed. |
|
|
From DMZ to LAN | Traffic from the DMZ to the LAN is dropped. |
|
|
From DMZ to WAN | Traffic from the DMZ to the WAN is dropped. |
|
|
From DMZ to DMZ | Traffic between interfaces in the DMZ is dropped. |
|
|
From WLAN to LAN | Traffic from the WLAN to the LAN is rejected unless it is from an |
| authenticated wireless LAN user. |
|
|
From WLAN to DMZ | Traffic from the WLAN to the DMZ is rejected unless it is from |
| an authenticated wireless LAN user. |
|
|
From WLAN to WAN | Traffic from the WLAN to the WAN is rejected unless it is DNS |
| UDP traffic or from an authenticated wireless LAN user or a |
| guest . |
|
|
If you enable
You also need to configure virtual servers (NAT port forwarding) to allow computers on the WAN to access devices on the LAN. See Chapter 16 on page 255 for more information.
19.2.1.1 Global Firewall Rules
If an interface or VPN tunnel is not included in a zone, only the global firewall rules (with from any to any direction) apply to traffic going to and from that interface.
| 279 |
ZyWALL USG 300 User’s Guide | |
|
|