ZyXEL Communications Intelligent Broadband Sharing Gateway P-324 User Manual

Firewall

12-7

Figure 12-4 Firewall Rule Directions

12.4.1 LAN-to-WAN rules

LAN-to-WAN rules are local network to Internet firewall rules. The default is to forward all traffic from
your local network to the Internet.

How can you block certain LAN to WAN traffic?

You may choose to block certain LAN-to-WAN traffic in the Services screen (click the Services tab). All
services displayed in the Blocked Services list box are LAN-to-WAN firewall rules that block those
services originating from the LAN.

Blocked LAN-to-WAN packets are considered alerts. Alerts are “higher priority logs” that include system
errors, attacks and attempted access to blocked web sites. Alerts appear in red in the Log View screen. You
may choose to have alerts e-mailed immediately in the Log Settings screen.

LAN-to-LAN/Prestige means the LAN to the Prestige LAN interface. This is always allowed, as this is
how you manage the Prestige from your local computer.

12.4.2 WAN-to-LAN rules

WAN-to-LAN rules are Internet to your local network firewall rules. The default is to block all traffic from
the Internet to your local network.

How can you forward certain WAN to LAN traffic? You may allow traffic originating from the WAN to be
forwarded to the LAN by:

Configuring NAT port forwarding rules in the web configurator SUA Server screen or SMT

NAT menus.

Configuring One-to-One and Many-One-to-One NAT mapping rules in the web configurator

Address Mapping screen or SMT NAT menus.

Configuring WAN or LAN & WAN access for services in the Remote Management screens

or SMT menus. When you allow remote management from the WAN, you are actually configuring
WAN-to-WAN/Prestige firewall rules. WAN-to-WAN/Prestige firewall rules are Internet to the
Prestige WAN interface firewall rules. The default is to block all such traffic. When you decide