Chapter 27 Security Policy
ZyWALL USG Series User’s Guide
576
1
A computer on the LAN1 initiates a connection by sending a SYN packet to a receiving server on the
WAN.
2
The Zyxel Device
reroutes the packet to gateway
A
, which is in
Subnet 2
.
3
The reply from the WAN goes to the Zyxel Device.
4
The Zyxel Device then sends it to the computer on the LAN1 in
Subnet 1
.
Figure 406
Using Virtual Interfaces to Avoid Asymmetrical Routes
27.4.1 Configuring the Security Policy Control Screen
Click
Configuration > Security Policy > Policy Control
to open the
Security Policy
screen. Use this screen
to enable or disable the Security Policy and asymmetrical routes, set a maximum number of sessions per
host, and display the configured Security Policies. Specify from which zone packets come and to which
zone packets travel to display only the policies specific to the selected direction. Note the following.
• Besides configuring the Security Policy, you also need to configure NAT rules to allow computers on
the WAN to access LAN devices.
• The Zyxel Device applies NAT (Destination NAT) settings before applying the Security Policies. So for
example, if you configure a NAT entry that sends WAN traffic to a LAN IP address, when you configure
a corresponding Security Policy to allow the traffic, you need to set the LAN IP address as the
destination.
• The ordering of your policies is very important as policies are applied in sequence.
The following screen shows the Security Policy summary screen.
Summary of Contents for USG110
Page 27: ...27 PART I User s Guide ...
Page 195: ...195 PART II Technical Reference ...
Page 309: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 309 ...
Page 313: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 313 ...
Page 358: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 358 ...
Page 373: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 373 ...