User's Manual

ManualsBrandsZyXEL ManualsSoftwareCommunications Network Router NOT AVAILABLE

111

112

113

114

115

116

117

118

119

120

Chapter 19 Firewall

NXC CLI Reference Guide

120

Your customized rules take precedence and override the NXC’s default settings. The NXC

checks the schedule, user name (user’s login name on the NXC), source IP address, destination

IP address and IP protocol type of network traffic against the firewall rules (in the order you

list them). When the traffic matches a rule, the NXC takes the action specified in the rule.

For example, if you want to allow a specific user from any computer to access one zone by

logging in to the NXC, you can set up a rule based on the user name only. If you also apply a

schedule to the firewall rule, the user can only access the network at the scheduled time. A

user-aware firewall rule is activated whenever the user logs in to the NXC and will be disabled

after the user logs out of the NXC.

19.2 Firewall Commands

The following table identifies the values required for many of these commands. Other input

values are discussed with the corresponding commands.

The following table describes the commands available for the firewall. You must use the

configure terminal command to enter the configuration mode before you can use these

commands.

Table 56 Input Values for General Firewall Commands

LABEL DESCRIPTION

address_object The name of the IP address (group) object. You may use 1-31 alphanumeric

characters, underscores(

_), or dashes (-), but the first character cannot be a

number. This value is case-sensitive.

user_name The name of a user (group). You may use 1-31 alphanumeric characters,

underscores(_), or dashes (-), but the first character cannot be a number.

This value is case-sensitive.

zone_object The name of the zone. Use up to 31 characters (a-zA-Z0-9_-). The name

cannot start with a number. This value is case-sensitive.

You can also use pre-defined zone names like LAN and WLAN.

rule_number The priority number of a firewall rule. 1 - X where X is the highest number of

rules the NXC model supports. See the NXC’s User’s Guide for details.

schedule_object The name of the schedule. You may use 1-31 alphanumeric characters,

underscores(

_), or dashes (-), but the first character cannot be a number.

This value is case-sensitive.

service_name The name of the service (group). You may use 1-31 alphanumeric characters,

underscores(

_), or dashes (-), but the first character cannot be a number.

This value is case-sensitive.

Table 57 Command Summary: Firewall

COMMAND DESCRIPTION

[no] connlimit max-per-host <1..8192> Sets the highest number of sessions that the

NXC will permit a host to have at one time.

The no command removes the settings.

firewall rule_number Enters the firewall sub-command mode to set

a firewall rule.

firewall zone_object {zone_object|EnterpriseWLAN}

rule_number

Enters the firewall sub-command mode to set

a direction specific through-EnterpriseWLAN

rule or to-EnterpriseWLAN rule.