Filter configuration, About filtering, Chapter 7 filter configuration – ZyXEL Communications ZYWALL10 User Manual

ZyWALL 10 Internet Security Gateway

Filters

7-1

Chapter 7

Filter Configuration

This chapter shows you how to create and apply filters.

7.1 About

Filtering

Your ZyWALL uses filters to decide whether to allow passage of a data packet and/or to make a call. There
are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and
protocol filters, which are discussed later.
Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided
into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering
can be applied on either the WAN side or the LAN side. Call filtering is used to determine if a packet
should be allowed to trigger a call. Remote node call filtering is only applicable when using PPPoE
encapsulation. Outgoing packets must undergo data filtering before they encounter call filtering as shown in
the following figure.

Figure 7-1 Outgoing Packet Filtering Process

For incoming packets, your ZyWALL applies data filters only. Packets are processed depending upon
whether a match is found. The following sections describe how to configure filter sets.

Data
Filtering

Outgoing

Packet

Drop

packet

Built-in

default

Call Filters

User-defined

Call Filters

(if applicable)

Initiate call

if line not up

Active Data

Send packet

and reset

Idle Timer

Or

Or

Drop packet
if line not up

Drop packet
if line not up

Send packet

but do not reset

Idle Timer

Send packet

but do not reset

Idle Timer

Match

Match

Match

No

match

No

match

No

match

Call Filtering