beautypg.com

2 general firewall policy overview – ZyXEL Communications P-2802H(W)(L)-I Series User Manual

Page 156

background image

Chapter 11 Firewalls

P-2802H(W)(L)-I Series User’s Guide

156

• allows traffic that originates from your LAN computers to go to all of the networks.
• blocks traffic that originates on the other networks from going to the LAN.

Your customized rules take precedence and override the ZyXEL Device’s default settings. The
ZyXEL Device checks the source IP address, destination IP address and IP protocol type of
network traffic against the firewall rules (in the order you list them). When the traffic matches
a rule, the ZyXEL Device takes the action specified in the rule.

11.1.3 Guidelines For Enhancing Security With Your Firewall

1 Change the default password via web configurator.
2 Think about access control before you connect to the network in any way.
3 Limit who can access your router.
4 Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled

service could present a potential security risk. A determined hacker might be able to find
creative ways to misuse the enabled services to access the firewall or the network.

5 For local services that are enabled, protect against misuse. Protect by configuring the

services to communicate only with specific peers, and protect by configuring rules to
block packets for the services at specific interfaces.

6 Protect against IP spoofing by making sure the firewall is active.
7 Keep the firewall in a secured (locked) room.

11.2 General Firewall Policy Overview

Firewall rules are grouped based on the direction of travel of packets to which they apply.

"

The LAN includes both the LAN port and the WLAN.

By default, the ZyXEL Device’s stateful packet inspection allows packets traveling in the
following directions:

• LAN to LAN/ Router

These rules specify which computers on the LAN can manage the ZyXEL Device (remote
management) and communicate between networks or subnets connected to the LAN
interface (IP alias).

"

You can also configure the remote management settings to allow only a
specific computer to manage the ZyXEL Device.

• LAN to LAN/ Router

• WAN to LAN

• LAN to WAN

• WAN to WAN/ Router

See also other documents in the category ZyXEL Communications Hardware: