Manualshelf

User's Manual

ManualsBrandsZyXEL ManualsNetwork RouterZyXEL 802.11g Wireless Remote Access Broadband Gateway NBG-510S
919293949596979899100
Chapter 13 Access Control
NBG-510S User’s Guide
94
13.3 Firewall Overview
The ZyXEL Device acts as a secure gateway for all data passing between the Internet and the
LAN. The ZyXEL Device can be used to prevent theft, destruction and modification of data,
as well as log events, which may be important to the security of your network.
The ZyXEL Device’s firewall is a stateful inspection firewall. The ZyXEL Device restricts
access by screening data packets against defined access rules. It can also inspect sessions. For
example, traffic from the WAN is not allowed unless it is initiated by a computer in the LAN.
You can configure firewall rules for data passing between interfaces.
The following figure shows the ZyXEL Device’s default firewall rules in action as well as
demonstrates how stateful inspection works. User 1 can initiate a Telnet session from within
the LAN and responses to this request are allowed. However, other Telnet traffic initiated
from the WAN and destined for the LAN is blocked. The firewall allows VPN traffic.
Figure 66 Default Firewall Action
Your customized rules take precedence and override the ZyXEL Device’s default settings. The
ZyXEL Device checks the schedule, source IP address, destination IP address and IP protocol
type of network traffic against the firewall rules (in the order you list them). When the traffic
matches a rule, the ZyXEL Device takes the action specified in the rule.
For example, if you want to allow a specific WAN user from any computer to access
computers behind the ZyXEL Device, you can set up a rule based on the users IP address
only. If you also apply a schedule to the firewall rule, the user can only access the network at
the scheduled time.
13.4 Access Control Screen
Click Security > Access Control to open the following screen. Use this screen to view the
firewall settings and configure QoS settings.
Medium Internet and chat since they are somewhat sensitive to delay.
Low E-mail since it is important but can tolerate some delay.
Lowest File transfers (like FTP) since they should not affect other applications and users.
Figure 65 Priority Assignment Recommendations
PRIORITY TYPE OF TRAFFIC TO USE FOR