User guide
Using Firewall Rules
174 Check Point ZoneAlarm User Guide
The following rule types exist:
Table 32: Firewall Rule Types
Rule Description
Allow and
Forward
This rule type enables you to do the following:
• Permit incoming traffic from the Internet to a specific service and
destination IP address in your internal network and then forward all
such connections to a specific computer in your network. Such rules
are called NAT forwarding rules.
For example, if the gateway has two public IP addresses,
62.98.112.1 and 62.98.112.2, and the network contains two private
Web servers, A and B, you can forward all traffic with the destination
62.98.112.1 to server A, while forwarding all traffic with the
destination 62.98.112.2 to server B.
Note: Creating an Allow and Forward rule for incoming traffic to the
default destination This Gateway (which represents the ZoneAlarm IP
address), is equivalent to defining a server in the Servers page.
• Permit outgoing traffic from your internal network to a specific
service and destination IP address on the Internet and then divert all
such connections to a specific IP address. Such rules are called
transparent proxy rules.
For example, you can redirect all traffic destined for a specific Web
server on the Internet to a different IP address.
• Redirect the specified connections to a specific port. This option is
called Port Address Translation (PAT).
Note: You must use this type of rule to allow incoming connections if your
network uses Hide NAT.