Chapter 13 Security Policy
USG FLEX H Series User’s Guide
197
13.3.3 Example: Allow a Server to Ping the Zyxel Device Without Creating
Logs
A server on the LAN pings the Zyxel Device every 15 seconds to check if the Zyxel Device is connected
to the Internet. The Zyxel Device creates a log every time the server pings it. You want to allow the server
to ping the Zyxel Device without creating so many logs.
This example uses the parameters given below.
User This field is not available when you are configuring a to-Zyxel Device policy.
Select a user name or user group to which to apply the policy. The Security Policy is activated
only when the specified user logs into the system and the policy will be disabled when the user
logs out.
Otherwise, select any and there is no need for user logging.
Note: If you specified a source IP address (group) instead of any in the field below, the
user’s IP address should be within the IP address range.
Schedule Select a schedule that defines when the policy applies. Otherwise, select none and the policy is
always effective.
Action Use the drop-down list box to select what the Security Policy is to do with packets that match this
policy.
Select deny to silently discard the packets without sending a TCP reset packet or an ICMP
destination-unreachable message to the sender.
Select reject to discard the packets and send a TCP reset packet or an ICMP destination-
unreachable message to the sender.
Select allow to permit the passage of the packets.
Log matched
traffic
Select whether to have the Zyxel Device generate a log (log), log and alert (log alert) or not (no)
when the policy is matched to the criteria listed above.
Profile Use this section to apply anti- x profiles (created in the Configuration > Security Service screens)
to traffic that matches the criteria above. You must have created a profile first; otherwise none
displays.
Use Log to generate a log (log), log and alert (log alert) or not (no) for all traffic that matches
criteria in the profile.
Application
Patrol
Select an Application Patrol profile from the list box; none displays if no profiles have been
created in the Security Service > App Patrol screen.
Content
Filter
Select a Content Filter profile from the list box; none displays if no profiles have been created in
the Security Service > Content Filter screen.
SSL
Inspection
Select an SSL Inspection profile from the list box; none displays if no profiles have been created in
the Security Service > SSL Inspection screen.
Apply Click Apply to save your changes back to the Zyxel Device.
Reset Click Reset to return the screen to its last-saved settings.
Table 96 Security Policy > Policy Control > Add (continued)
LABEL DESCRIPTION
Table 97 Address Object Configuration Example
NAME ADDRESS TYPE IP ADDRESS
Server Host 2.2.2.2
To Next Page
Loading...
