Operation Manual

ManualsBrandsZyXEL ManualscomputerSBG3300-N series

181

182

183

184

185

186

187

188

189

190

Chapter 14 Firewall

SBG3300-N Series User’s Guide

186

The following table describes the labels in this screen.

Table 77 Access Control: Add/Edit

LABEL DESCRIPTION

Enable Select this to turn on the ACL rule.

Logging Select this to have the Device log when it performs the ACL rule’s selected action on the

traffic traveling between the two zones.

Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces,

underscores, and dashes.

You must enter the filter name to add an ACL rule. This field is read-only if you are editing

the ACL rule.

Order Select the order of the ACL rule.

Direction Use the From and To drop-down list boxes to select the direction of travel of packets to

which to apply this ACL rule. Select from which zone the packets come in and to which zone

they are destined. For example, From LAN To WAN means packets traveling from a

computer or subnet on the LAN zone to the WAN zone.

From Any means traffic coming from the WAN, LAN, WLAN, DMZ, and EXTRA zones (but

not the ROUTER zone).

To Any (excl. Router) means traffic going to the WAN, LAN, WLAN, DMZ, and EXTRA

zones (but not the ROUTER zone).

EXTRA is a local zone to use as needed depending on your network topology.

To ROUTER applies to traffic that destined for the Device. Use this to control which

computers can manage the Device.

Select Source

Device

Select the source device to which the ACL rule applies. If you select Specific IP Address,

enter the source IP address in the field below.

Source IP

address

Enter the source IP address.

Select

Destination

Device

Select the destination device to which the ACL rule applies. If you select Specific IP

Address, enter the destiniation IP address in the field below.

Destination IP

address

Enter the destination IP address.

IP Type Select whether your IP type is IPv4 or IPv6.

Select Service Select the transport layer protocol that defines your customized port from the drop-down

list box. The specific protocol rule sets you add in the Security > Firewall > Service >

Add screen display in this list.

If you want to configure a customized protocol, select Specific Service.

Protocol This field is displayed only when you select Specific Protocol in Select Protocol.

Choose the IP port (TCP/UDP, TCP, UDP, ICMP, or ICMPv6) that defines your customized

port from the drop-down list box.

Custom Source

Port

This field is displayed only when you select Specific Protocol in Select Protocol.

Enter a single port number or the range of port numbers of the source.

Custom

Destination Port

This field is displayed only when you select Specific Protocol in Select Protocol.

Enter a single port number or the range of port numbers of the destination.

Policy Use the drop-down list box to select whether to discard (DROP), deny and send an ICMP

destination-unreachable message to the sender of (REJECT) or allow the passage of

(ACCEPT) packets that match this rule.