Chapter 13 Security Policy
USG FLEX H Series User’s Guide
205
13.5 Security Policy Example Applications
Suppose you decide to block LAN users from using IRC (Internet Relay Chat) through the Internet. To do
this, you would configure a LAN to WAN Security Policy that blocks IRC traffic from any source IP address
from going to any destination address. You do not need to specify a schedule since you need the
Security Policy to always be in effect. The following figure shows the results of this policy.
Figure 140 Blocking All LAN to WAN IRC Traffic Example
Your Security Policy would have the following settings.
• The first row blocks LAN access to the IRC service on the WAN.
• The second row is the Security Policy’s default policy that allows all LAN1 to WAN traffic.
The Zyxel Device applies the security policies in order. So for this example, when the Zyxel Device
receives traffic from the LAN, it checks it against the first policy. If the traffic matches (if it is IRC traffic)
Log These are the log options. To edit this, select an item and use the Log icon.
Action This is the action the Zyxel Device should take when a packet matches a policy. To
edit this, select an item and use the Action icon.
Threshold (pkt/sec) (Flood detection only.) Select a suitable threshold level (the number of packets per
second that match the flood detection criteria) for your network. If you choose a
low threshold, most traffic anomaly attacks will be detected, but you may have
more logs and false positives.
If you choose a high threshold, some traffic anomaly attacks may not be detected,
but you will have fewer logs and false positives.
Apply Click Apply to save your changes back to the Zyxel Device.
Reset Click Reset to return the screen to its last-saved settings.
Table 101 Security Policy > DoS Prevention > Profile > Add/Edit
LABEL DESCRIPTION
Table 102 Blocking All LAN to WAN IRC Traffic Example
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
1 Any Any Any Any IRC Deny
2 Any Any Any Any Any Allow
To Next Page
Loading...
