Chapter 25 Security Policy
ZyWALL ATP Series User’s Guide
480
Move
To change a policy’s position in the numbered list, select the policy and click
Move
to display a
field to type a number for where you want to put that policy and press [ENTER] to move the
policy to the number that you typed.
The ordering of your policies is important as they are applied in order of their numbering.
Clone
Use
Clone
to create a new entry by modifying an existing one.
• Select an existing entry.
• Click
Clone
, type a number where the new entry should go and then press [ENTER].
• A configuration copy of the selected entry pops up. You must at least change the name as
duplicate entry names are not allowed.
The following read-only fields summarize the policies you have created that apply to traffic traveling in the
selected packet direction.
Priority
This is the position of your Security Policy in the global policy list (including all through-Zyxel
Device and to-Zyxel Device policies). The ordering of your policies is important as policies are
applied in sequence.
Default
displays for the default Security Policy behavior that the Zyxel
Device performs on traffic that does not match any other Security Policy.
Status
This icon is lit when the entry is active and dimmed when the entry is inactive.
Name
This is the name of the Security policy.
From / To
This is the direction of travel of packets. Select from which zone the packets come and to
which zone they go.
Security Policies are grouped based on the direction of travel of packets to which they apply.
For example, from
LAN
to
LAN
means packets traveling from a computer or subnet on the LAN
to either another computer or subnet on the LAN.
From
any
displays all the Security Policies for traffic going to the selected
To Zone
.
To
any
displays all the Security Policies for traffic coming from the selected
From Zone
.
From
any
to
any
displays all of the Security Policies.
To
ZyWALL
policies are for traffic that is destined for the Zyxel Device and control which
computers can manage the Zyxel Device.
IPv4 / IPv6 Source This displays the IPv4 / IPv6 source address object, including geographic address and FQDN
(group) objects, to which this Security Policy applies.
IPv4 / IPv6
Destination
This displays the IPv4 / IPv6 destination address object, including geographic address and
FQDN (group) objects, to which this Security Policy applies.
Service
This displays the service object to which this Security Policy applies.
User
This is the user name or user group name to which this Security Policy applies.
Schedule
This field tells you the schedule object that the policy uses.
none
means the policy is active at all
times if enabled.
Action
This field displays whether the Security Policy silently discards packets without notification
(
deny
), permits the passage of packets (
allow
) or drops packets with notification (
reject
)
Log
Select whether to have the Zyxel Device generate a log (
log
), log and alert (
log alert
) or not
(
no
) when the policy is matched to the criteria listed above.
Profile
This field shows you which Security Service profiles (application patrol, content filter, IDP, anti-
malware, email security) apply to this Security policy. Click an applied Security Service profile
icon to edit the profile directly.
Apply
Click
Apply
to save your changes back to the Zyxel Device.
Reset
Click
Reset
to return the screen to its last-saved settings.
Table 190 Configuration > Security Policy > Policy Control (continued)
LABEL
DESCRIPTION