Chapter 25 Security Policy
ZyWALL ATP Series User’s Guide
475
Default Directional Security Policy Behavior
Security Policies can be grouped based on the direction of travel of packets to which they apply. Here
is the The Zyxel Device has default Security Policy behavior for traffic going through the Zyxel Device in
various directions.
To-Device Policies
Policies with
Device
as the
To Zone
apply to traffic going to the Zyxel Device itself. By default:
• The Security Policy allows only LAN, or WAN computers to access or manage the Zyxel Device.
• The Zyxel Device allows DHCP traffic from any interface to the Zyxel Device.
• The Zyxel Device drops most packets from the WAN zone to the Zyxel Device itself and generates a
log except for AH, ESP, GRE, HTTPS, IKE, NATT.
When you configure a Security Policy rule for packets destined for the Zyxel Device itself, make sure it
does not conflict with your service control rule. The Zyxel Device checks the security policy before the
service control rules for traffic destined for the Zyxel Device.
A
From Any To Device
direction policy applies to traffic from an interface which is not in a zone.
Global Security Policies
Security Policies with
from any
and/or
to any
as the packet direction are called global Security Policies.
The global Security Policies are the only Security Policies that apply to an interface that is not included in
a zone. The
from any
policies apply to traffic coming from the interface and the
to any
policies apply to
traffic going to the interface.
Security Policy Rule Criteria
The Zyxel Device checks the schedule, user name (user’s login name on the Zyxel Device), source IP
address and object, destination IP address and object, IP protocol type of network traffic (service) and
Security Service profile criteria against the Security Policies (in the order you list them). When the traffic
matches a policy, the Zyxel Device takes the action specified in the policy.
Table 189 Directional Security Policy Behavior
FROM ZONE TO ZONE
BEHAVIOR
From any to Device
DHCP traffic from any interface to the Zyxel Device is allowed.
From LAN1 to any (other than
the Zyxel Device)
Traffic from the LAN1 to any of the networks connected to the Zyxel Device is
allowed.
From LAN2 to any (other than
the Zyxel Device)
Traffic from the LAN2 to any of the networks connected to the Zyxel Device is
allowed.
From LAN1 to Device
Traffic from the LAN1 to the Zyxel Device itself is allowed.
From LAN2 to Device
Traffic from the LAN2 to the Zyxel Device itself is allowed.
From WAN to Device
The default services listed in
are allowed from the WAN to the
Zyxel Device itself. All other WAN to Zyxel Device traffic is dropped.
From any to any
Traffic that does not match any
Security policy
is dropped. This includes traffic
from the WAN to any of the networks behind the Zyxel Device.
This also includes traffic to or from interfaces that are not assigned to a zone
(extra-zone traffic).
Содержание ATP200
Страница 23: ...23 PART I User s Guide ...
Страница 113: ...113 PART II Technical Reference ...
Страница 216: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 216 Configuration Network Interface Ethernet Edit External Type ...
Страница 218: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 218 Figure 170 Configuration Network Interface Ethernet Edit OPT ...
Страница 236: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 236 Figure 179 Configuration Network Interface PPP Add ...
Страница 244: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 244 Figure 181 Configuration Network Interface Cellular Add Edit ...
Страница 259: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 259 Figure 191 Configuration Network Interface VLAN Add Edit ...
Страница 260: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 260 ...
Страница 273: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 273 Figure 193 Configuration Network Interface Bridge Add Edit ...
Страница 361: ...Chapter 15 UPnP ZyWALL ATP Series User s Guide 361 Figure 250 Network Connections My Network Places Properties Example ...
Страница 387: ...Chapter 20 IPSec VPN ZyWALL ATP Series User s Guide 387 Figure 271 Configuration VPN IPSec VPN VPN Connection Add Edit ...
Страница 395: ...Chapter 20 IPSec VPN ZyWALL ATP Series User s Guide 395 Figure 273 Configuration VPN IPSec VPN VPN Gateway Add Edit ...
Страница 478: ...Chapter 25 Security Policy ZyWALL ATP Series User s Guide 478 Figure 328 Configuration Security Policy Policy Control ...
Страница 712: ...Chapter 37 System ZyWALL ATP Series User s Guide 712 Figure 470 Configuration System WWW Login Page Desktop View ...