ZyXEL Communications ZYWALL 5 - V4.04 Guia do Utilizador descarregar pdf (Página 180)

ZyXEL Confidential

404XD3C0.docx

180/181

Appendix 14: The mechanism of ZyWALL IPSec policy IP conflict check:

ZyWALL classifies traffic to IPSec tunnels according to Network Policies. If there are two

Network Policies “conflicted”, it’s not possible for ZyWALL to classify traffic correctly.

Two policies will conflict if they satisfy both the following conditions at the same time:

(1) IP address range of “Local Network” of two policies overlaps.

(2) IP address range of “Remote Network” of two policies overlaps.

For example, the following two Network Policies will conflict:

Policy 1:

Policy 2:

To ensure there are no conflicted rules, ZyWALL will compare Network Policy with all

other policies during configuration and IKE negotiation. The conflict check occurred at the

following situations:

(1) Save Network policy at configuration time

(2) Process runtime policy sent from remote gateway during IKE negotiation

1 2 ... 175 176 177 178 179 180 181

Sem comentários

ZyXEL Communications ZYWALL 5 - V4.04 Guia do Utilizador Página 180