Zywall 5 Setup - Newbie Question



Hi,

Please pardon my newbie question as I have no previous experience in
configuring the firewall. We recently purchased a ZyWall 5, with the
intention to prevent malicious attacks.

We currently host our own Web and Email servers, so we need to allow
those traffic to come in, we also need to allow internet access for
our LAN users.

The ZyWall is currently plugged into the LAN and it seems to be
working (but I am not too sure if it is giving any protection though).

The current setup is as follow:

Under Security -> Firewall:

Enabled Firewall - ON
Allow Asymmetrical Route - ON

When we turn this (Allow Asymmetrical Route) to OFF, external users
are not able to access the web servers nor our local LAN users can
access the web.

Here's the setup:

LAN to LAN / ZyWALL Permit
LAN to WAN Permit
LAN to DMZ Permit
LAN to WLAN Permit
WAN to LAN Permit
WAN to WAN / ZyWALL Permit
WAN to DMZ Permit
WAN to WLAN Permit
DMZ to LAN Drop
DMZ to WAN Permit
DMZ to DMZ / ZyWALL Drop
DMZ to WLAN Drop
WLAN to LAN Drop
WLAN to WAN Permit
WLAN to DMZ Drop
WLAN to WLAN / ZyWALL Permit

Are the above correct?? Also, what should we setup in the "Rule
Summary"??

Are the above information enough for anyone to share any information?
Do I need to provide more details??

I believe our servers are currently under "attacks", so any assistance
would be helpful and any help would be greatly appreciated. Thanks in
advance.

Best regards,
eddie teo

.



Relevant Pages

  • Re: Zywall 5 Setup - Newbie Question
    ... | our LAN users. ... | The ZyWall is currently plugged into the LAN and it seems to be ... | LAN to LAN / ZyWALL Permit ... | LAN to WAN Permit ...
    (comp.security.firewalls)
  • Re: any suggestion for a good hardware firewall
    ... >that I read, it was only describing parts of the LAN config, not the WAN ... on the ZyWALL aliases are only supported on the LAN ...
    (comp.security.firewalls)
  • Fail to integrate Zywall 70 to Cisco 3560
    ... Seems the Zywall only able to do ... tunneling between LAN to LAN but unable do LAN to LAN to routing LAN. ... But when I tried to route into internal subnets, ...
    (comp.dcom.vpn)
  • Layer 3 behind ZYXEL VPN
    ... Seems the Zywall only able to do ... tunning between LAN to LAN but unable do LAN to LAN to routing LAN. ... But when I tried to route into internal subnets, ...
    (comp.security.firewalls)
  • Re: req help with access-list config
    ... there on the internet, not on my own LAN. ... is a rogue who wants to spam using my smtp server. ... The access list would permit 12.34.56.78 to send and receive mail using my ...
    (comp.dcom.sys.cisco)