ZyXEL Communications Broadband Security Gateway P-312 User Manual

P312 Broadband Security Gateway

19-6

Examples Firewall Rules

Figure 19-5

Example 1 - Rule Summary Screen

19.1.2 Example 2 – Small Office With Mail, FTP and Web Servers

Our small office has:
i.

A mail server with an IP of 192.168.10.2.

ii.

Two FTP servers. We want FTP server One (IP of 192.168.10.3) to be accessible from the
Internet, but FTP server Two (192.168.10.4) may only be accessed by internal users, i.e., from the
local network.

iii.

HTTP proxy server at 192.168.10.5.

We want:
i.

To send alerts when there is an attack.

ii.

To only allow access to the Internet from the HTTP proxy server and our mail server.

iii.

To only allow FTP server One to be accessible from the Internet.

We choose to block packets
that don’t match the rules
specified below.

We want a log of
packets that match this
rule in the ACL
Default Set.

The first rule is a default rule to
allow DHCP negotiation between
the ISP and the P312. The second
rule is what we configured in the
last 2 screens. See Table 16-2 for a
detailed explanation of each field.

Click Apply in this screen when you
have finished configuring to save your
configuration back to the Prestige.