Practically Networked Logo
ZyXEL ZyWALL 10 Internet Security Gateway

Page 2 
 Author: Tim Higgins
 Review Date: 9/13/2001

 Add Your Review
 Read 16 Reviews by Users

Firewall


NOTE: Opening holes in your firewall can compromise your LAN's security if done incorrectly.

The web admin interface allows you to:

  • Enable / Disable the firewall

  • Setup emailing of firewall alerts

  • Set timing thresholds for Alert features

  • Configure rules and services

  • View Firewall logs

The product comes with a number of pre-defined services (sets of ports and protocols) and you can define 10 more.  You use these services to define 10 firewall rules for outbound (Local Network) traffic and 10 for Inbound (Internet) traffic. Each rule allows you to specify (see the screen shots below) whether the referenced service is passed or blocked, whether it's logged, and whether an email alert is sent when the rule is triggered.

  ZyWALL 10 - Internet Firewall screen   ZyWALL 10 - Firewall Rule Configuration screen

There are some additional Firewall features, such as the ability to set timeouts on various TCP, UDP and ICMP connection types.   On the downside, however, you can't define custom services using the ICMP protocol, and the logging could be better (more on that later).

An important point to remember is that you must have an Internet Firewall rule to match each SUA (or forwarded port), or your forwarded service won't work!

 

Multi-flavored NAT


What sets the ZyWALL 10 apart from most other routers that I've tested is its five different NAT modes (Multi-NAT). (Check this ZyXEL FAQ for more details.)

These new NAT modes will be useful primarily to people who have multiple IP addresses from their ISP.  

NOTE: The '10 has only one physical WAN port, so it can't be connected to multiple WAN feeds, i.e. both a cable modem and a DSL connection.  Your multiple WAN IP addresses must come from the same ISP.

With Multi-NAT, for example, you can have more than one of the same type server (HTTP for example) running on the same port number, but on different IP addresses (or domains).  This is like having multiple "DMZ" capability, but you still get the firewall protection for the servers.

The old "SUA" (Single User Account) NAT mode is still supported, and it fortunately has its own page in the product's Web admin interface.

ZyWALL 10 - SUA/NAT screen

So you can easily allow servers on your LAN can be accessed from the Internet, but you are limited to 12 single-port-number-to-LAN IP mappings.  You can't specify TCP or UDP protocol, and you can't map port ranges, either.  One of the twelve mappings is dedicated to the Default Server mapping.  This is similar to the DMZ Host, or Exposed Computer feature on other routers.  Another mapping is dedicated to Port 1026 "RR Reserved", so this leaves 10 single port mappings that you can actually use.
  • Page 1
  • Page 3
    		•

    Jupitermedia is publisher of the internet.com and EarthWeb networks.

    Copyright 2003 Jupitermedia Corporation All Rights Reserved.
    Legal Notices,  Licensing,Reprints, &Permissions,  Privacy Policy.
    http://www.internet.com/
    http://www.earthweb.com/