beautypg.com

2 firewall, 6 applying a filter – ZyXEL Communications ZyXEL ZyWALL 2WG User Manual

Page 567

background image

Chapter 39 Filter Configuration

ZyWALL 2WG User’s Guide

567

39.5.1.1 When To Use Filtering

1 To block/allow LAN packets by their MAC addresses.
2 To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets.
3 To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic

between the specific inside host/network "A" and outside host/network "B". If the filter
blocks the traffic from A to B, it also blocks the traffic from B to A. Filters cannot
distinguish traffic originating from an inside host or an outside host by IP address.

4 To block/allow IP trace route.

39.5.2 Firewall

• The firewall inspects packet contents as well as their source and destination addresses.

Firewalls of this type employ an inspection module, applicable to all protocols, that
understands data in the packet is intended for other layers, from the network layer (IP
headers) up to the application layer.

• The firewall performs stateful inspection. It takes into account the state of connections it

handles so that, for example, a legitimate incoming packet can be matched with the
outbound request for that packet and allowed in. Conversely, an incoming packet
masquerading as a response to a nonexistent outbound request can be blocked.

• The firewall uses session filtering, i.e., smart rules, that enhance the filtering process and

control the network session rather than control individual packets in a session.

• The firewall provides e-mail service to notify you of routine reports and when alerts occur.

39.5.2.1 When To Use The Firewall

1 To prevent DoS attacks and prevent hackers cracking your network.
2 A range of source and destination IP addresses as well as port numbers can be specified

within one firewall rule making the firewall a better choice when complex rules are
required.

3 To selectively block/allow inbound or outbound traffic between inside host/networks

and outside host/networks. Remember that filters cannot distinguish traffic originating
from an inside host or an outside host by IP address.

4 The firewall performs better than filtering if you need to check many rules.
5 Use the firewall if you need routine e-mail reports about your system or need to be

alerted when attacks occur.

6 The firewall can block specific URL traffic that might occur in the future. The URL can

be saved in an Access Control List (ACL) database.

39.6 Applying a Filter

This section shows you where to apply the filter(s) after you design it (them). The ZyWALL
already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet,
FTP and HTTP connections.

See also other documents in the category ZyXEL Communications Hardware: