Manualshelf

User`s guide

ManualsBrandsZyXEL Communications ManualsComputer equipmentMAX-110
131132133134135136137138139140
ZyXEL MAX-200M1 Series User’s Guide
132 Chapter 12 Firewall
The ZyXEL Device has one Ethernet (LAN) port. The LAN (Local Area Network) port
attaches to a network of computers, which needs security from the outside world. These
computers will have access to Internet services such as e-mail, FTP and the World Wide Web.
However, “inbound access” is not allowed (by default) unless the remote host is authorized to
use a specific service.
12.1.3 Guidelines For Enhancing Security With Your Firewall
1 Change the default password via web configurator.
2 Think about access control before you connect to the network in any way.
3 Limit who can access your router.
4 Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled
service could present a potential security risk. A determined hacker might be able to find
creative ways to misuse the enabled services to access the firewall or the network.
5 For local services that are enabled, protect against misuse. Protect by configuring the
services to communicate only with specific peers, and protect by configuring rules to
block packets for the services at specific interfaces.
6 Protect against IP spoofing by making sure the firewall is active.
7 Keep the firewall in a secured (locked) room.
12.1.4 The Firewall, NAT and Remote Management
Figure 72 Firewall Rule Directions
12.1.4.1 LAN-to-WAN rules
LAN-to-WAN rules are local network to Internet firewall rules. The default is to forward all
traffic from your local network to the Internet.
You can block certain LAN-to-WAN traffic in the Services screen (click the Services tab). All
services displayed in the Blocked Services list box are LAN-to-WAN firewall rules that block
those services originating from the LAN.