Chapter 25 Security Policy
ZyWALL ATP Series User’s Guide
495
Figure 337
Limited LAN to WAN IRC Traffic Example
Your security policy would have the following configuration.
• The first row allows the LAN1 computer at IP address 172.16.1.7 to access the IRC service on the WAN.
• The second row blocks LAN1 access to the IRC service on the WAN.
• The third row is the default policy of allowing all traffic from the LAN1 to go to the WAN.
Alternatively, you configure a LAN1 to WAN policy with the CEO’s user name (say CEO) to allow IRC
traffic from any source IP address to go to any destination address.
Your Security Policy would have the following settings.
• The first row allows any LAN1 computer to access the IRC service on the WAN by logging into the Zyxel
Device with the CEO’s user name.
• The second row blocks LAN1 access to the IRC service on the WAN.
• The third row is the default policy of allowing allows all traffic from the LAN1 to go to the WAN.
The policy for the CEO must come before the policy that blocks all LAN1 to WAN IRC traffic. If the policy
that blocks all LAN1 to WAN IRC traffic came first, the CEO’s IRC traffic would match that policy and the
Zyxel Device would drop it and not check any other security policies.
Table 199 Limited LAN1 to WAN IRC Traffic Example 1
#
USER
SOURCE
DESTINATION
SCHEDULE
SERVICE
ACTION
1
Any
172.16.1.7
Any
Any
IRC
Allow
2
Any
Any
Any
Any
IRC
Deny
3
Any
Any
Any
Any
Any
Allow
Table 200 Limited LAN1 to WAN IRC Traffic Example 2
#
USER
SOURCE
DESTINATION
SCHEDULE
SERVICE
ACTION
1
CEO
Any
Any
Any
IRC
Allow
2
Any
Any
Any
Any
IRC
Deny
3
Any
Any
Any
Any
Any
Allow