2 what you need to know about the firewall, Table 109 default firewall behavior – ZyXEL Communications 200 Series User Manual

Page 336

Advertising
background image

Chapter 19 Firewall

ZyWALL USG 100/200 Series User’s Guide

336

19.1.2 What You Need to Know About the Firewall

Stateful Inspection

The ZyWALL has a stateful inspection firewall. The ZyWALL restricts access by screening
data packets against defined access rules. It also inspects sessions. For example, traffic from
one zone is not allowed unless it is initiated by a computer in another zone first.

Zones

A zone is a group of interfaces or VPN tunnels. Group the ZyWALL’s interfaces into different
zones based on your needs. You can configure firewall rules for data passing between zones or
even between interfaces and/or VPN tunnels in a zone.

Default Firewall Behavior

Firewall rules are grouped based on the direction of travel of packets to which they apply.
Here are the default firewall behavior for traffic going through the ZyWALL. By default the
ZyWALL forces authentication for WLAN users. Un-authenticated WLAN users can only
access the WAN.

"

By default, the ZyWALL allows traffic going to or from the OPT zone.

Table 109 Default Firewall Behavior

FROM ZONE TO ZONE

STATEFUL PACKET INSPECTION

From LAN1 to LAN1

Traffic between LAN1 interfaces is allowed.

From LAN1 to WAN

Traffic from LAN1 to the WAN is allowed.

From LAN1 to DMZ

Traffic from LAN1 to the DMZ is allowed.

From LAN1 to WLAN

Traffic from LAN1 to WLAN is allowed.

From LAN1 to WLAN

Traffic from LAN1 to WLAN is allowed.

From WLAN to LAN1

Traffic from WLAN to LAN1 is allowed.

From WLAN to WAN

Traffic from WLAN to the WAN is allowed.

From WLAN to DMZ

Traffic from WLAN to the DMZ is allowed.

From WLAN to WLAN

Traffic between WLAN interfaces is allowed.

From WAN to LAN1

Traffic from the WAN to LAN1 is dropped.

From WAN to WAN

Traffic between interfaces in the WAN is dropped.

From WAN to DMZ

Traffic from the WAN to the DMZ is allowed.

From WAN to WLAN

Traffic from the WAN to WLAN is allowed.

From DMZ to LAN1

Traffic from the DMZ to LAN1 is dropped.

From DMZ to WAN

Traffic from the DMZ to the WAN is allowed.

From DMZ to WLAN

Traffic from the DMZ to the WLAN is dropped.

From DMZ to DMZ

Traffic between interfaces in the DMZ is dropped.

Advertising
This manual is related to the following products:

100 Series

Popular Brands
Popular manuals