Chapter 11 Firewall
ZyWALL 2WG User’s Guide
255
11.9 Firewall Rule Summary
Click
SECURITY
>
FIREWALL
>
Rule Summary
to open the screen. This screen displays
a list of the configured firewall rules.
From, To
The firewall rules are grouped by the direction of packet travel. This displays the
number of rules for each packet direction. Click the edit icon to go to a summary
screen of the rules for that packet direction.
Here are some example descriptions of the directions of travel.
From
LAN To LAN
means packets traveling from a computer on one LAN subnet to
a computer on another LAN subnet on the LAN interface of the ZyWALL or the
ZyWALL itself. The ZyWALL does not apply the firewall to packets traveling from a
LAN computer to another LAN computer on the same subnet.
From VPN
means traffic that came into the ZyWALL through a VPN tunnel and is
going to the selected “to” interface. For example,
From VPN To LAN
specifies the
VPN traffic that is going to the LAN. The ZyWALL applies the firewall to the traffic
after decrypting it.
To VPN
is traffic that comes in through the selected “from” interface and goes out
through any VPN tunnel. For example,
From LAN To VPN
specifies the traffic that
is coming from the LAN and going out through a VPN tunnel. The ZyWALL applies
the firewall to the traffic before encrypting it.
From VPN To VPN
means traffic that comes in through a VPN tunnel and goes out
through (another) VPN tunnel or terminates at the ZyWALL. This is the case when
the ZyWALL is the hub in a hub-and-spoke VPN. This is also the case if you allow
someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage
the ZyWALL. The ZyWALL applies the firewall to the traffic after decrypting it.
Note: The VPN connection directions apply to the traffic going to or
from the ZyWALL’s VPN tunnels. They do not apply to other
VPN traffic for which the ZyWALL is not one of the gateways
(VPN pass-through traffic).
Use the drop-down list box to set the firewall’s default actions based on the direction
of travel of packets.
Select
Drop
to silently discard the packets without sending a TCP reset packet or
an ICMP destination-unreachable message to the sender.
Select
Reject
to deny the packets and send a TCP reset packet (for a TCP packet)
or an ICMP destination-unreachable message (for a UDP packet) to the sender.
Select
Permit
to allow the passage of the packets.
The firewall rules for the WAN port with a higher route priority also apply to the dial
backup connection.
Log
Select this to create a log when the above action is taken.
Log Broadcast
Frame
Select this to create a log for any broadcast frames traveling in the selected
direction. Many of these logs in a short time period could indicate a broadcast storm.
A broadcast storm occurs when a packet triggers multiple responses from all hosts
on a network or when computers attempt to respond to a host that never replies. As
a result, duplicated packets are continuously created and circulated in the network,
thus reducing network performance or even rendering it inoperable. A broadcast
storm can be caused by an attack on the network, an incorrect network topology
(such as a bridge loop) or a malfunctioning network device.
Apply
Click
Apply
to save your changes back to the ZyWALL.
Reset
Click
Reset
to begin configuring this screen afresh.
Table 69
SECURITY > FIREWALL > Default Rule (Bridge Mode)
LABEL
DESCRIPTION
Summary of Contents for ZYWALL 2 WG
Page 2: ......
Page 8: ...Safety Warnings ZyWALL 2WG User s Guide 8 ...
Page 42: ...List of Figures ZyWALL 2WG User s Guide 42 ...
Page 50: ...List of Tables ZyWALL 2WG User s Guide 50 ...
Page 52: ...52 ...
Page 80: ...Chapter 2 Introducing the Web Configurator ZyWALL 2WG User s Guide 80 ...
Page 100: ...Chapter 3 Wizard Setup ZyWALL 2WG User s Guide 100 ...
Page 140: ...Chapter 4 Tutorial ZyWALL 2WG User s Guide 140 ...
Page 146: ...146 ...
Page 158: ...Chapter 6 LAN Screens ZyWALL 2WG User s Guide 158 ...
Page 171: ...Chapter 8 WAN Screens ZyWALL 2WG User s Guide 171 Figure 108 NETWORK WAN General ...
Page 200: ...Chapter 8 WAN Screens ZyWALL 2WG User s Guide 200 ...
Page 238: ...238 ...
Page 300: ...Chapter 13 Content Filtering Reports ZyWALL 2WG User s Guide 300 ...
Page 348: ...Chapter 14 IPSec VPN ZyWALL 2WG User s Guide 348 ...
Page 378: ...Chapter 15 Certificates ZyWALL 2WG User s Guide 378 ...
Page 384: ...384 ...
Page 426: ...Chapter 20 Bandwidth Management ZyWALL 2WG User s Guide 426 ...
Page 479: ...479 PART V Logs and Maintenance Logs Screens 481 Maintenance 511 ...
Page 480: ...480 ...
Page 485: ...Chapter 26 Logs Screens ZyWALL 2WG User s Guide 485 Figure 304 LOGS Log Settings ...
Page 510: ...Chapter 26 Logs Screens ZyWALL 2WG User s Guide 510 ...
Page 530: ...530 ...
Page 558: ...Chapter 30 WAN and Dial Backup Setup ZyWALL 2WG User s Guide 558 ...
Page 564: ...Chapter 31 LAN Setup ZyWALL 2WG User s Guide 564 ...
Page 570: ...Chapter 32 Internet Access ZyWALL 2WG User s Guide 570 ...
Page 574: ...Chapter 33 DMZ Setup ZyWALL 2WG User s Guide 574 ...
Page 578: ...Chapter 34 Route Setup ZyWALL 2WG User s Guide 578 ...
Page 582: ...Chapter 35 Wireless Setup ZyWALL 2WG User s Guide 582 ...
Page 594: ...Chapter 37 IP Static Route Setup ZyWALL 2WG User s Guide 594 ...
Page 614: ...Chapter 38 Network Address Translation NAT ZyWALL 2WG User s Guide 614 ...
Page 632: ...Chapter 40 Filter Configuration ZyWALL 2WG User s Guide 632 ...
Page 668: ...Chapter 44 System Maintenance Menus 8 to 10 ZyWALL 2WG User s Guide 668 ...
Page 672: ...Chapter 45 Remote Management ZyWALL 2WG User s Guide 672 ...
Page 680: ...Chapter 46 IP Policy Routing ZyWALL 2WG User s Guide 680 ...
Page 686: ...686 ...
Page 692: ...Chapter 48 Troubleshooting ZyWALL 2WG User s Guide 692 ...
Page 702: ...Chapter 49 Product Specifications ZyWALL 2WG User s Guide 702 ...
Page 704: ...704 ...
Page 712: ...Appendix A Pop up Windows JavaScripts and Java Permissions ZyWALL 2WG User s Guide 712 ...
Page 740: ...Appendix D Common Services ZyWALL 2WG User s Guide 740 ...
Page 768: ...Appendix G Legal Information ZyWALL 2WG User s Guide 768 ...
Page 774: ...Appendix H Customer Support ZyWALL 2WG User s Guide 774 ...