ZyXEL Communications P-660HW-TX User Manual

P-660HW-Tx v2 Series Support Notes

Stateful Inspection Firewalls restrict access by screening data packets against
defined access rules. They make access control decisions based on IP
address and protocol. They also 'inspect' the session data to assure the
integrity of the connection and to adapt to dynamic protocols. The flexible
nature of Stateful Inspection firewalls generally provides the best speed and
transparency, however, they may lack the granular application level access
control or caching that some proxies support.

4. What kind of firewall is the P-660HW-Tx v2?

1. The P-660HW-Tx v2's firewall inspects packets contents and IP

headers. It is applicable to all protocols, that understands data in the
packet is intended for other layers, from network layer up to the
application layer.

2. The P-660HW-Tx v2's firewall performs stateful inspection. It takes into

account the state of connections it handles so that, for example, a
legitimate incoming packet can be matched with the outbound request
for that packet and allowed in. Conversely, an incoming packet
masquerading as a response to a nonexistent outbound request can be
blocked.

3. The P-660HW-Tx v2's firewall uses session filtering, i.e., smart rules,

that enhance the filtering process and control the network session
rather than control individual packets in a session.

4. The P-660HW-Tx v2's firewall is fast. It uses a hashing function to

search the matched session cache instead of going through every
individual rule for a packet.

5. The P-660HW-Tx v2's firewall provides email service to notify you for

routine reports and when alerts occur.

5. Why do you need a firewall when your router has packet filtering and
NAT built-in?

With the spectacular growth of the Internet and online access, companies that
do business on the Internet face greater security threats. Although packet filter
and NAT restrict access to particular computers and networks, however, for
the other companies this security may be insufficient, because packets filters
typically cannot maintain session state. Thus, for greater security, a firewall is
considered.

6. What is Denials of Service (DoS) attack?

Denial of Service (DoS) attacks are aimed at devices and networks with a
connection to the Internet. Their goal is not to steal information, but to disable
a device or network so users no longer have access to network resources.

22

All contents copyright © 2006 ZyXEL Communications Corporation.