Chapter 19 Firewall
The following table describes the labels in this screen.
Table 89 Firewall > Edit
LABEL | DESCRIPTION |
Enable | Select this check box to activate the firewall rule. |
|
|
From | For |
To | rule applies. |
| any means all interfaces or VPN tunnels. |
| ZyWALL means packets destined for the ZyWALL itself. |
|
|
Description | Enter a descriptive name of up to 60 printable ASCII characters for the firewall rule. |
| Spaces are allowed. |
|
|
Schedule | Select a schedule that defines when the rule applies or select Create Object to |
| configure a new one (see Chapter 37 on page 527 for details). Otherwise, select |
| none and the rule is always effective. |
|
|
User | This field is not available when you are configuring a |
| Select a user name or user group to which to apply the rule. Select Create Object |
| to configure a new user account (see Section 34.2.1 on page 506 for details). The |
| firewall rule is activated only when the specified user logs into the system and the |
| rule will be disabled when the user logs out. |
| Otherwise, select any and there is no need for user logging. |
| Note: If you specified a source IP address (group) instead of any in |
| the field below, the user’s IP address should be within the IP |
| address range. |
|
|
Source | Select a source address or address group for whom this rule applies. Select |
| Create Object to configure a new one. Select any if the policy is effective for every |
| source. |
|
|
Destination | Select a destination address or address group for whom this rule applies. Select |
| Create Object to configure a new one. Select any if the policy is effective for every |
| destination. |
|
|
Service | Select a service or service group from the |
| Object to add a new service. See Chapter 36 on page 521 for more information. |
|
|
Access | Use the |
| match this rule. |
| Select deny to silently discard the packets without sending a TCP reset packet or |
| an ICMP |
| Select reject to deny the packets and send a TCP reset packet to the sender. Any |
| UDP packets are dropped without sending a response packet. |
| Select allow to permit the passage of the packets. |
|
|
Log | Select whether to have the ZyWALL generate a log (log), log and alert (log alert) |
| or not (no) when the rule is matched. |
|
|
OK | Click OK to save your customized settings and exit this screen. |
|
|
Cancel | Click Cancel to exit this screen without saving. |
19.7 Firewall Rule Configuration Example
The following Internet firewall rule example allows a hypothetical MyService from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 (Dest_1) on the LAN.
1Click Firewall. Click the Add icon (
) in the heading row to configure a new first entry (as in this example) or the Add icon (
) in an entry to add a rule below the
| 287 |
ZyWALL USG 300 User’s Guide | |
|
|