Chapter 24 Firewall
ZyWALL USG 100/200 Series User’s Guide
470
4 The ZyWALL then sends it to the computer on the LAN1 in Subnet 1.
Figure 348 Using Virtual Interfaces to Avoid Asymmetrical Routes
24.2.1 Configuring the Firewall Screen
Click Configuration > Firewall to open the Firewall screen. Use this screen to
enable or disable the firewall and asymmetrical routes, set a maximum number of
sessions per host, and display the configured firewall rules. Specify from which
zone packets come and to which zone packets travel to display only the rules
specific to the selected direction. Note the following.
• If you enable intra-zone traffic blocking (see the chapter about zones), the
firewall automatically creates (implicit) rules to deny packet passage between
the interfaces in the specified zone.
• Besides configuring the firewall, you also need to configure NAT rules to allow
computers on the WAN to access LAN devices. See Chapter 19 on page 423 for
more information.
• The ZyWALL applies NAT (Destination NAT) settings before applying the firewall
rules. So for example, if you configure a NAT entry that sends WAN traffic to a
LAN IP address, when you configure a corresponding firewall rule to allow the
traffic, you need to set the LAN IP address as the destination. See Section 7.11
on page 165 for an example.
LAN1
To Next Page
Loading...
