Chapter 19 Firewall
AX/DX/EX/PX Series User’s Guide
383
• LAN to WAN
These rules specify which computers on the LAN can access which computers or services on the
WAN.
By default, the Zyxel Device’s stateful packet inspection drops packets traveling in the following
directions:
•WAN to LAN
These rules specify which computers on the WAN can access which computers or services on the
LAN.
Note: You also need to configure NAT port forwarding (or full featured NAT address mapping
rules) to allow computers on the WAN to access devices on the LAN.
•WAN to Router
By default the Zyxel Device stops computers on the WAN from managing the Zyxel Device. You could
configure one of these rules to allow a WAN computer to manage the Zyxel Device.
Note: You also need to configure the remote management settings to allow a WAN
computer to manage the Zyxel Device.
You may define additional rules and sets or modify existing ones but please exercise extreme caution in
doing so.
For example, you may create rules to:
• Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.
• Allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the
Internet to specific hosts on the LAN.
• Allow everyone except your competitors to access a web server.
• Restrict use of certain protocols, such as Telnet, to authorized users on the LAN.
These custom rules work by comparing the source IP address, destination IP address and IP protocol
type of network traffic to rules set by the administrator. Your customized rules take precedence and
override the Zyxel Device’s default rules.
19.7.2 Guidelines For Security Enhancement With Your Firewall
1 Change the default password through the Web Configurator.
2 Think about access control before you connect to the network in any way.
3 Limit who can access your router.
4 Don't enable any local service (such as telnet or FTP) that you do not use. Any enabled service could
present a potential security risk. A determined hacker might be able to find creative ways to misuse the
enabled services to access the firewall or the network.
5 For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the services
at specific interfaces.
To Next Page
Loading...
Need help?
General
