ZyWALL / USG (ZLD) CLI Reference Guide 163
CHAPTER 25
Secure Policy
This chapter introduces the ZyWALL / USG’s secure policies and shows you how to configure them.
Note: In the guide Secure Policy commands may also be referred to as Firewall in general
descriptions.
25.1 Secure Policy Overview
A secure policy is a template of security settings that can be applied to specific traffic at specific
times. The policy can be applied:
• to a specific direction of travel of packets (from / to)
• to a specific source and destination address objects
• to a specific type of traffic (services)
• to a specific user or group of users
• at a specific schedule
The policy can be configured:
• to allow or deny traffic that matches the criteria above
• send a log or alert for traffic that matches the criteria above
• to apply the actions configured in the UTM profiles (application patrol, content filter, IDP, anti-
virus, anti-spam) to traffic that matches the criteria above
Note: Secure policies can be applied to both IPv4 and IPv6 traffic
The secure policies can also limit the number of user sessions.
The following example shows the ZyWALL / USG’s default security policies behavior for a specific
direction of travel of packets. WAN to LAN traffic and how stateful inspection works. A LAN user can
initiate a Telnet session from within the LAN zone and the ZyWALL / USG allows the response.
However, the ZyWALL / USG blocks incoming Telnet traffic initiated from the WAN zone and
destined for the LAN zone.
Figure 18 Default Directional Policy Example
To Next Page
Loading...
