beautypg.com

Policy check, Policy direction, 4 policy check – ZyXEL Communications ZyXEL ZyWALL IDP 10 User Manual

Page 35

background image

ZyWALL IDP 10 User’s Guide

Interface Screens

4-3

Table 4-2 Interface: Stealth

LABEL

DESCRIPTION

Interface Stealth Setup

WAN Port

Select ON to enable stealth on the WAN port.

LAN Port

Select ON to enable stealth on the LAN port.

Apply

Click this button to save your changes back to the ZyWALL.

Reset

Click this button to begin configuring this screen afresh.

4.4 Policy

Check

Policy check determines the interface on which traffic will be checked against the ZyWALL policy
rules (both pre-defined and user-defined). By selecting LAN only, then only traffic coming into the
LAN and out through the WAN will be checked. Similarly, by selecting WAN only, then only traffic
coming into the WAN and out through the LAN will be checked.

The interface you choose depends on the deployment of your ZyWALL (see the section on application
examples in Part 1). For example for ZyWALL A1 in installation example 4, you might apply policy
checking on the LAN only. By selecting one interface instead of both (the default) ZyWALL
throughput will increase.

Figure 4-3 ZyWALL Policy Check

4.4.1 Policy Direction

Do not confuse policy check with a policy rule direction (see the IDP pre-defined and user-defined
policy screens) that refers to the intent of the policy rules (both pre-defined and user-defined).

Incoming means the policy applies to traffic coming from the WAN to the LAN.

Outgoing means the policy applies to traffic coming from the LAN to the WAN.

Bi-directional means the policy applies to traffic coming from the LAN or WAN.

Some rules such as blocking MSN Login would only apply to outgoing traffic as the intent is to block
outgoing attempts to log into MSN Messenger. Similarly other rules would only apply to incoming
traffic where the intent is to take an action on traffic initiated from somewhere on the WAN side.

Pre-defined policies have the direction pre-determined.

To configure Policy Check, click INTERFACE, then the Policy Check tab.

ZyWALL

Policy Engine

LAN

WAN

See also other documents in the category ZyXEL Communications Hardware: