Chapter 13 Security Policy
USG FLEX H Series User’s Guide
206
the security policy takes the action in the policy (drop) and stops checking the subsequent security
policies. Any traffic that does not match the first security policy will match the second security policy
and the Zyxel Device forwards it.
Now suppose you need to let the CEO use IRC. You configure a LAN1 to WAN security policy that allows
IRC traffic from the IP address of the CEO’s computer. You can also configure a LAN to WAN policy that
allows IRC traffic from any computer through which the CEO logs into the Zyxel Device with his/her user
name. In order to make sure that the CEO’s computer always uses the same IP address, make sure it
either:
• Has a static IP address,
or
• You configure a static DHCP entry for it so the Zyxel Device always assigns it the same IP address.
Now you configure a LAN1 to WAN security policy that allows IRC traffic from the IP address of the CEO’s
computer (172.16.1.7 for example) to go to any destination address. You do not need to specify a
schedule since you want the security policy to always be in effect. The following figure shows the results
of your two custom policies.
Figure 141 Limited LAN to WAN IRC Traffic Example
Your security policy would have the following configuration.
• The first row allows the LAN1 computer at IP address 172.16.1.7 to access the IRC service on the WAN.
• The second row blocks LAN1 access to the IRC service on the WAN.
• The third row is the default policy of allowing all traffic from the LAN1 to go to the WAN.
Alternatively, you configure a LAN1 to WAN policy with the CEO’s user name (say CEO) to allow IRC
traffic from any source IP address to go to any destination address.
Table 103 Limited LAN1 to WAN IRC Traffic Example 1
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
1 Any 172.16.1.7 Any Any IRC Allow
2 Any Any Any Any IRC Deny
3 Any Any Any Any Any Allow
To Next Page
Loading...
