ZyWALL 110/310/1100 Series User’s Guide
265
C
H A P T E R
1 9
Firewall
19.1 Overview
Use the firewall to block or allow services that use static port numbers. This example shows the
ZyWALL’s default firewall behavior for WAN to LAN traffic and how stateful inspection works. A LAN
user can initiate a Telnet session from within the LAN zone and the firewall allows the response.
However, the firewall blocks Telnet traffic initiated from the WAN zone and destined for the LAN
zone. The firewall allows VPN traffic between any of the networks.
Figure 161
Default Firewall Action
19.1.1 What You Can Do in this Chapter
• Use the Firewall screens (
) to enable or disable the firewall and
asymmetrical routes, and manage and configure firewall rules.
• Use the Session Limit screens (see
) to limit the number of concurrent
NAT/firewall sessions a client can use.
19.1.2 What You Need to Know
Stateful Inspection
The ZyWALL has a stateful inspection firewall. The ZyWALL restricts access by screening data
packets against defined access rules. It also inspects sessions. For example, traffic from one zone is
not allowed unless it is initiated by a computer in another zone first.
Zones
A zone is a group of interfaces or VPN tunnels. Group the ZyWALL’s interfaces into different zones
based on your needs. You can configure firewall rules for data passing between zones or even
between interfaces and/or VPN tunnels in a zone.
Example Firewall Behavior
Firewall rules are grouped based on the direction of travel of packets to which they apply. Here is
example firewall behavior for traffic going through the ZyWALL in various directions. See the
Configuration > Firewall screen for default firewall behavior.
LAN
WAN