By default, the firewall prevents all traffic from a lower security zone to a higher security zone (commonly known as Inbound) and allows all traffic from a higher security zone to a lower security zone (commonly known as Outbound).
For example, all traffic from the LAN (trusted zone) to the WAN (untrusted zone) is permitted, and traffic from the WAN (untrusted zone) to the DMZ (public zone) is blocked.
When you create a new zone, such as a Data zone, firewall rules are automatically generated to permit or block traffic between that zone and other zones, based on the security levels for the From and To zones.
The following table displays the default access control settings for traffic between the zones in the same or different security levels.
If you want to alter the default behaviors—for example, allowing some inbound access to your network (WAN to LAN) or blocking some outbound traffic from your network (LAN to WAN)—you must create firewall rules.
Use the Default Policies page to view the default firewall behaviors for all predefined zones and new zones.
1. Click Firewall > Access Control > Default Policies.
2. Click the triangle to expand or contract the default access control settings for a specific zone. The following behaviors are defined for all predefined zones.
Note ACL rules are applicable for inter-VLAN traffic, whether within a zone or between zones. You cannot set ACL rules for intra-VLAN traffic, such as LAN to LAN.