Chapter 27 Security Policy
ZyWALL USG Series User’s Guide
578
IPv4 / IPv6
Destination
Type an IPv4 or IPv6 IP address to view all security policies based on the IPv4 / IPv6 destination
address object used.
• An IPv4 IP address is written as four integer blocks separated by periods. This is an example
IPv4 address: 172.16.6.7.
• An 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons
(:). This is an example IPv6 address: 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
Service View all security policies based the service object used.
User View all security policies based on user or user group object used.
Schedule View all security policies based on the schedule object used.
General Settings Enable or disable the Security Policy feature on the Zyxel Device.
Enable Policy
Control
Select this to activate Security Policy on the Zyxel Device to perform access control.
IPv4/IPv6 Policy
Management
Use the following items to manage IPv4 and IPv6 policies.
Allow
Asymmetrical
Route
If an alternate gateway on the LAN has an IP address in the same subnet as the Zyxel Device’s
LAN IP address, return traffic may not go through the Zyxel Device. This is called an
asymmetrical or “triangle” route. This causes the Zyxel Device to reset the connection, as the
connection has not been acknowledged.
Select this check box to have the Zyxel Device permit the use of asymmetrical route topology
on the network (not reset the connection).
Note: Allowing asymmetrical routes may let traffic from the WAN go directly to the
LAN without passing through the Zyxel Device. A better solution is to use virtual
interfaces to put the Zyxel Device and the backup gateway on separate
subnets.
Add Click this to create a new entry. Select an entry and click Add to create a new entry after the
selected entry.
Edit Double-click an entry or select it and click Edit to open a screen where you can modify the
entry’s settings.
Remove To remove an entry, select it and click Remove. The Zyxel Device confirms you want to remove
it before doing so.
Activate To turn on an entry, select it and click Activate.
Inactivate To turn off an entry, select it and click Inactivate.
Move To change a policy’s position in the numbered list, select the policy and click Move to display a
field to type a number for where you want to put that policy and press [ENTER] to move the
policy to the number that you typed.
The ordering of your policies is important as they are applied in order of their numbering.
Clone Use Clone to create a new entry by modifying an existing one.
• Select an existing entry.
•Click Clone, type a number where the new entry should go and then press [ENTER].
• A configuration copy of the selected entry pops up. You must at least change the name as
duplicate entry names are not allowed.
The following read-only fields summarize the policies you have created that apply to traffic traveling in the
selected packet direction.
Priority This is the position of your Security Policy in the global policy list (including all through-Zyxel
Device and to-Zyxel Device policies). The ordering of your policies is important as policies are
applied in sequence. Default displays for the default Security Policy behavior that the Zyxel
Device performs on traffic that does not match any other Security Policy.
Status This icon is lit when the entry is active and dimmed when the entry is inactive.
Table 206 Configuration > Security Policy > Policy Control (continued)
LABEL DESCRIPTION
To Next Page
Loading...
