Using ZyWALL in Bridge Mode
ZyWALL supports both routing and bridge mode. If ZyWALL runs in routing mode, the LAN/WAN/DMZ interfaces are in different network segments. If ZyWALL runs in bridge mode, then LAN/WAN/DMZ interfaces are in the same network segments. ZyWALL can only operate in either one of the modes at the same time. The major benefit of ZyWALL in bridge mode is to let users to deploy firewall devices in their network environment without changing their running network topology.
This article guides us how to configure ZyWALL in bridge mode, and use Firewall, and Bandwidth Management functions. In this example, we assume the user of ZyWALL has the following requirement. For other functions supported in ZyWALL bridge mode, such as content filter, please refer to General Application Notes.
1. The user has a ADSL router which connects his network to Internet already. This ADSL/Cable router also make NAT (Network Address Translation) for his network.
2. The user purchased ZyWALL for it's security and Bandwidth Management functions.
3. In Security aspect, he has a FTP server on his network, and would also like to protect the FTP server from DoS (Denial of Service) attacks. The user also want to block other access from Internet to his network.
4. In Bandwidth Management aspect, he would like to restrict bandwidth consumption of the FTP service to 800 kbps.
¡@
|
ZyWALL |
(NAT) Router |
|
Management IP address: 192.168.1.1 PC1~ PC2: assigned via DHCP FTP server: 192.168.1.21 |
LAN: 192.168.1.254/24 (DHCP service On) WAN: 66.66.66.66 |
1.1 Go to Control Panel/Network and Dial-up Connections.
1.2 Set a fixed IP address for the PC, 192.168.1.2.
1.3 Go to ZyWALL's WEB site via http://192.168.1.1
Step 2. Define LAN/DMZ ports and set ZyWALL in bridge mode
2.1 Go to LAN/Port Roles, set port 1,2,3 as LAN ports and port 4 as DMZ port. Then ZyWALL will reboot automatically after Apply button is pressed.
2.2 Set ZyWALL as bridge mode. Go to Home/Device Mode, select Bridge, and give ZyWALL a fixed IP address and it's subnet mask, gateway IP address. Then ZyWALL would reboot.
Step 3. Deploy ZyWALL in current environment
3.1 Connect ZyWALL's WAN port to the ADSL/Cable router
3.2 Connect the 3 internal PCs to port 1,2,3 and the FTP server to port 4 of LAN/DMZ ports.
4.1 In WAN to LAN direction, insert a firewall rule to forward FTP service to the FTP server.
Step 5. Configure Bandwidth Management
Since the FTP server is for outsider to download files. The major bandwidth consumed will be in LAN to WAN direction. And Bandwidth Management manages bandwidth on the interface which outputs the traffic, so we need to apply Bandwidth Management on WAN interface in this example. We assume the upstream speed of the Internet connection is 2 Mbps, and the user want to restrict bandwidth usage of the FTP service to 800 kbps.
5.1 Enable Bandwidth Management on WAN interface, and specify the speed to 2000 kbps.
5.2 Go to Class Setup tab, and insert a sub class in WAN interface as following. Since most of the traffic will be consumed by FTP data channel, we specify the source IP/Port number of FTP data channel in bandwidth filter.
5.3 After adding the sub-class, you should be get the result as following.
All contents copyright © 2004 ZyXEL Communications Corporation.