ZyXEL Communications P-202 User Manual

P-202H Plus v2 Support Notes

Inspection firewalls generally provides the best speed and transparency,
however, they may lack the granular application level access control or caching
that some proxies support.

4. What kind of firewall is the P-202H Plus v2?

1. The P-202H Plus v2's firewall inspects packets contents and IP headers. It

is applicable to all protocols, that understands data in the packet is
intended for other layers, from network layer up to the application layer.

2. The P-202H Plus v2's firewall performs stateful inspection. It takes into

account the state of connections it handles so that, for example, a
legitimate incoming packet can be matched with the outbound request for
that packet and allowed in. Conversely, an incoming packet masquerading
as a response to a nonexistent outbound request can be blocked.

3. The P-202H Plus v2's firewall uses session filtering, i.e., smart rules, that

enhance the filtering process and control the network session rather than
control individual packets in a session.

4. The P-202H Plus v2's firewall is fast. It uses a hashing function to search

the matched session cache instead of going through every individual rule
for a packet.

5. The P-202H Plus v2's firewall provides email service to notify you for

routine reports and when alerts occur.

5. Why do you need a firewall when your router has packet filtering and
NAT built-in?

With the spectacular growth of the Internet and online access, companies that do
business on the Internet face greater security threats. Although packet filter and
NAT restrict access to particular computers and networks, however, for the other
companies this security may be insufficient, because packets filters typically
cannot maintain session state. Thus, for greater security, a firewall is considered.

6. What is Denials of Service (DoS)attack?

Denial of Service (DoS) attacks are aimed at devices and networks with a
connection to the Internet. Their goal is not to steal information, but to disable a
device or network so users no longer have access to network resources.

There are four types of DoS attacks:

1. Those that exploits bugs in a TCP/IP implementation such as Ping of

Death and Teardrop.

2. Those that exploits weaknesses in the TCP/IP specification such as SYN

Flood and LAND Attacks.

All contents copyright © 2006 ZyXEL Communications Corporation.

18