Filter
Top Products
Chapter 19 Firewall
ZyWALL USG 100/200 Series User’s Guide
336
19.1.2 What You Need to Know About the Firewall
Stateful Inspection
The ZyWALL has a stateful inspection firewall. The ZyWALL restricts access by screening
data packets against defined access rules. It also inspects sessions. For example, traffic from
one zone is not allowed unless it is initiated by a computer in another zone first.
Zones
A zone is a group of interfaces or VPN tunnels. Group the ZyWALL’s interfaces into different
zones based on your needs. You can configure firewall rules for data passing between zones or
even between interfaces and/or VPN tunnels in a zone.
Default Firewall Behavior
Firewall rules are grouped based on the direction of travel of packets to which they apply.
Here are the default firewall behavior for traffic going through the ZyWALL. By default the
ZyWALL forces authentication for WLAN users. Un-authenticated WLAN users can only
access the WAN.
" By default, the ZyWALL allows traffic going to or from the OPT zone.
Table 109 Default Firewall Behavior
FROM ZONE TO ZONE STATEFUL PACKET INSPECTION
From LAN1 to LAN1 Traffic between LAN1 interfaces is allowed.
From LAN1 to WAN Traffic from LAN1 to the WAN is allowed.
From LAN1 to DMZ Traffic from LAN1 to the DMZ is allowed.
From LAN1 to WLAN Traffic from LAN1 to WLAN is allowed.
From LAN1 to WLAN Traffic from LAN1 to WLAN is allowed.
From WLAN to LAN1 Traffic from WLAN to LAN1 is allowed.
From WLAN to WAN Traffic from WLAN to the WAN is allowed.
From WLAN to DMZ Traffic from WLAN to the DMZ is allowed.
From WLAN to WLAN Traffic between WLAN interfaces is allowed.
From WAN to LAN1 Traffic from the WAN to LAN1 is dropped.
From WAN to WAN Traffic between interfaces in the WAN is dropped.
From WAN to DMZ Traffic from the WAN to the DMZ is allowed.
From WAN to WLAN Traffic from the WAN to WLAN is allowed.
From DMZ to LAN1 Traffic from the DMZ to LAN1 is dropped.
From DMZ to WAN Traffic from the DMZ to the WAN is allowed.
From DMZ to WLAN Traffic from the DMZ to the WLAN is dropped.
From DMZ to DMZ Traffic between interfaces in the DMZ is dropped.