Chapter 13 Redirect Service
ZyWALL ATP Series User’s Guide
342
Even if you set a policy route to the same incoming interface and service as a HTTP redirect rule, the
Zyxel Device checks the HTTP redirect rules first and forwards HTTP traffic to a proxy server if matched.
You need to make sure there is no security policy blocking the HTTP requests from the client to the proxy
server.
You also need to manually configure a policy route to forward the HTTP traffic from the proxy server to
the Internet. To make the example in
work, make sure you have the following
settings.
For HTTP traffic between
lan1
and
dmz
:
• a from LAN1 to DMZ security policy (default) to allow HTTP requests from
lan1
to
dmz
. Responses to this
request are allowed automatically.
• a application patrol rule to allow HTTP traffic between
lan1
and
dmz
.
• a HTTP redirect rule to forward HTTP traffic from
lan1
to proxy server
A
.
For HTTP traffic between
dmz
and
wan1
:
• a from DMZ to WAN security policy (default) to allow HTTP requests from
dmz
to
wan1
. Responses to
these requests are allowed automatically.
• a application patrol rule to allow HTTP traffic between
dmz
and
wan1
.
• a policy route to forward HTTP traffic from proxy server
A
to the Internet.
SMTP
Simple Mail Transfer Protocol (SMTP) is the Internet’s message transport standard. It controls the sending
of email messages between servers. Email clients (also called email applications) then use mail server
protocols such as POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) to retrieve
email. Email clients also generally use SMTP to send messages to a mail server. The older POP2 requires
SMTP for sending messages while the newer POP3 can be used with or without it. This is why many email
applications require you to specify both the SMTP server and the POP or IMAP server (even though they
may actually be the same server).
SMTP Redirect, Firewall and Policy Route
With SMTP redirect, the relevant packet flow for SMTP traffic is:
1
Firewall
2
SMTP Redirect
3
Policy Route
Even if you set a policy route to the same incoming interface and service as a SMTP redirect rule, the
Zyxel Device checks the SMTP redirect rules first and forwards SMTP traffic to a SMTP server if matched.
You need to make sure there is no firewall rule(s) blocking the SMTP traffic from the client to the SMTP
server.
You also need to manually configure a policy route to forward the SMTP traffic from the SMTP server to
the Internet. To make the example in
work, make sure you have the following
settings.