ZyWALL USG 20-2000 User’s Guide 53
CHAPTER 3
Protecting Your Network
These sections cover configuring the ZyWALL to protect your network.
• Firewall on page 53
• User-aware Access Control on page 54
• Endpoint Security (EPS) on page 55
• Device and Service Registration on page 55
• Anti-Virus Policy Configuration on page 56
• IDP Profile Configuration on page 58
• ADP Profile Configuration on page 59
• Content Filter Profile Configuration on page 61
• Viewing Content Filter Reports on page 63
• Anti-Spam Policy Configuration on page 66
3.1 Firewall
The firewall controls the travel of traffic between or within zones for services using static port
numbers. Use application patrol to control services using flexible/dynamic port numbers (see
Section 5.8 on page 120 for an example). The firewall can also control traffic for NAT (DNAT) and
policy routes (SNAT). Firewall rules can use schedule, user, user groups, address, address group,
service, and service group objects. To-ZyWALL firewall rules control access to the ZyWALL itself
including management access. By default the firewall allows various types of management from the
LAN, HTTPS from the WAN and no management from the DMZ. The firewall also limits the number
of user sessions.
This example shows the ZyWALL’s default firewall behavior for WAN to LAN traffic and how stateful
inspection works. A LAN user can initiate a Telnet session from within the LAN zone and the firewall
allows the response. However, the firewall blocks Telnet traffic initiated from the WAN zone and
destined for the LAN zone. The firewall allows VPN traffic between any of the networks.
Figure 28 Default Firewall Action
To Next Page
Loading...
