4 configuring firewall, Figure 64 advanced: firewall – ZyXEL Communications NBG-415N User Manual

ZyXEL NBG-415N User’s Guide

Chapter 7 Advanced

94

The Endpoint Independent filters take priority over inbound filters or schedules, so it is
possible for an incoming session request related to an outgoing session to enter through a
port in spite of an active inbound filter on that port. However, packets will be rejected as
expected when sent to blocked ports (whether blocked by the schedule or by inbound
filter) for which there are no active sessions.

• Address Restricted

With the Address Restricted option, NAT forwards incoming connection requests to a
LAN-side host only when they come from the same IP address with which a connection
was established. This allows the remote application to send data back through a port
different from the one used when the outgoing session was created.

Use Address Restricted Filters to allow your ZyXEL Device to communicate with routers
using other NAT types (such as symmetric NATs) and still apply inbound filters and
scheduled access to traffic.

• Port And Address Restricted

Port and Address Restricted Filtering does not forward any incoming connection requests
with the same port address as an already establish connection. This ensures that inbound
filters and schedules work. In some cases, you may need to configure port triggers, virtual
servers, or port forwarding to open the ports used by the applications.

7.9.4 Configuring Firewall

To configure the firewall and DMZ settings, click Advanced > Firewall to display the
configuration screen.

Figure 64 Advanced: Firewall