Filter
Top Products
Chapter 19 Firewall
ZyWALL 110/310/1100 Series User’s Guide
273
19.3 The Session Limit Screen
Click Configuration > Firewall > Session Limit to display the Firewall Session Limit screen.
Use this screen to limit the number of concurrent NAT/firewall sessions a client can use. You can
apply a default limit for all users and individual limits for specific users, addresses, or both. The
individual limit takes priority if you apply both.
From
To
For through-ZyWALL rules, select the direction of travel of packets to which the rule applies.
any means all interfaces or VPN tunnels.
ZyWALL means packets destined for the ZyWALL itself.
Description Enter a descriptive name of up to 60 printable ASCII characters for the firewall rule. Spaces are
allowed.
Schedule Select a schedule that defines when the rule applies. Otherwise, select none and the rule is
always effective.
User This field is not available when you are configuring a to-ZyWALL rule.
Select a user name or user group to which to apply the rule. The firewall rule is activated only
when the specified user logs into the system and the rule will be disabled when the user logs
out.
Otherwise, select any and there is no need for user logging.
Note: If you specified a source IP address (group) instead of any in the field below, the user’s IP
address should be within the IP address range.
Source Select an IPv4 address or address group to apply an IPv4 rule to traffic coming from it. Select
an IPv6 address or address group to apply an IPv6 rule to traffic coming from it. Select any to
apply an IPv4 rule to all traffic coming from IPv4 addresses. Select any to apply an IPv6 rule to
all traffic coming from IPv6 addresses.
Destination Select an IPv4 address or address group to apply an IPv4 rule to traffic going to it. Select an
IPv6 address or address group to apply an IPv6 rule to traffic going to it. Select any to apply an
IPv4 rule to all traffic going to IPv4 addresses. Select any to apply an IPv6 rule to all traffic
going to IPv6 addresses.
Service Select a service or service group from the drop-down list box.
Access Use the drop-down list box to select what the firewall is to do with packets that match this rule.
Select deny to silently discard the packets without sending a TCP reset packet or an ICMP
destination-unreachable message to the sender.
Select reject to deny the packets and send a TCP reset packet to the sender. Any UDP packets
are dropped without sending a response packet.
Select allow to permit the passage of the packets.
Log Select whether to have the ZyWALL generate a log (log), log and alert (log alert) or not (no)
when the rule is matched. See Chapter 38 on page 485 for more on logs.
OK Click OK to save your customized settings and exit this screen.
Cancel Click Cancel to exit this screen without saving.
Table 99 Configuration > Firewall > Add (continued)
LABEL DESCRIPTION