Let's navigate to: Configuration > Object > Service > Service Group The best example would be the service group "Default allow WAN to Zywall", where we can configure which services are allowed to reach from WAN to the Zywall. Similar to zones, we can use groups to bundle together either users, addresses, hosts, or objects overall. You can configure firewall rules for data passing between zones or even between interfaces and/or VPN tunnels in a zoneįor more information regarding the example on separating VLAN and zones see below: To summarize Manage interfaces into different zones based on your needs. Zones can be used as grouping, which can be utilized in firewall rules, security policies, and interfaces.
Zones can be configured by navigating to: Configuration > Object > Zone This works backward as well, if you wish to separate the access of a LAN and VLAN, this can also be done. For example, a VLAN and a LAN can communicate with each other, if they are in the same zone, this eliminates the process for granting access separately. NAT-Rule-Configuration on a USG (Port Forwarding)įor easier management zones can become in handy. For more information on creating NAT, see below: When you have specified the host as an object, you can then use it when creating a NAT rule, instead of having to specify the IP manually, then when you need to allow traffic from the firewall to that specific host, you can reuse the object again.
Let's navigate to: Configuration > Object > Address > Add
In this scenario, we are going to create an address object for a host which will be used in NAT. When you understand how the objects work, it makes it easy and efficient to manage our devices.įor example, when configuring NAT, it makes it convenient that you can use objects, so you won't have to specify an IP address multiple times, but rather you can reuse the object, which you only have to create once. It is important to understand how our firewalls work at the core of the configuration are objects. This guide will explain the concept of Objects, Zones, Groups, interfaces, NAT, Firewall, and Routing.
0 kommentar(er)
