ZyWALL 2 Plus
Internet Security Appliance
Version 4.03 12/2007 Edition 1
www.zyxel.com
About This User's Guide
Intended Audience
This manual is intended for people who want to configure the ZyWALL using the web configurator or System Management Terminal (SMT). You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Related Documentation
•Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
•Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary information.
"It is recommended you use the web configurator to configure the ZyWALL.
•Supporting Disk
Refer to the included CD for support documents.
•ZyXEL Web Site
Please refer to www.zyxel.com for additional support documentation and product certifications.
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
ZyWALL 2 Plus User’s Guide
3 |
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
Warnings tell you about things that could harm you or your device.
"Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Syntax Conventions
•The ZyWALL 2 Plus may be referred to as the “ZyWALL”, the “device” or the “system” in this User’s Guide.
•Product labels, screen names, field labels and field choices are all in bold font.
•A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.
•“Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.
•A right angle bracket ( > ) within a screen name denotes a mouse click. For example,
Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
•Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
•“e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
4 |
ZyWALL 2 Plus User’s Guide
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device.
ZyWALL |
Computer |
Notebook computer |
|
|
|
Server |
DSLAM |
Firewall |
|
|
|
Telephone |
Switch |
Router |
|
|
|
ZyWALL 2 Plus User’s Guide
5 |
Safety Warnings
For your safety, be sure to read and follow all warning notices and instructions.
•Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
•Do NOT expose your device to dampness, dust or corrosive liquids.
•Do NOT store things on the device.
•Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
•Connect ONLY suitable accessories to the device.
•Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
•Make sure to connect the cables to the correct ports.
•Place connecting cables carefully so that no one will step on them or stumble over them.
•Always disconnect all cables from this device before servicing or disassembling.
•Use ONLY an appropriate power adaptor or cord for your device.
•Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
•Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
•Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
•If the power adaptor or cord is damaged, remove it from the power outlet.
•Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
•Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
This product is recyclable. Dispose of it properly.
6 |
ZyWALL 2 Plus User’s Guide
Contents Overview
Introduction and Registration ............................................................................................... |
45 |
Getting to Know Your ZyWALL .................................................................................................. |
47 |
Introducing the Web Configurator .............................................................................................. |
51 |
Wizard Setup ............................................................................................................................. |
69 |
Tutorials ..................................................................................................................................... |
89 |
Registration ............................................................................................................................. |
127 |
Network ................................................................................................................................. |
131 |
LAN Screens ........................................................................................................................... |
133 |
Bridge Screens ........................................................................................................................ |
145 |
WAN Screens .......................................................................................................................... |
151 |
DMZ Screens ........................................................................................................................... |
171 |
Wireless LAN ........................................................................................................................... |
181 |
Security ................................................................................................................................. |
189 |
Firewall .................................................................................................................................... |
191 |
Content Filtering Screens ........................................................................................................ |
223 |
Content Filtering Reports ......................................................................................................... |
245 |
IPSec VPN ............................................................................................................................... |
253 |
Certificates ............................................................................................................................... |
295 |
Authentication Server .............................................................................................................. |
323 |
Advanced .............................................................................................................................. |
329 |
Network Address Translation (NAT) ........................................................................................ |
331 |
Static Route ............................................................................................................................. |
347 |
Bandwidth Management .......................................................................................................... |
351 |
DNS ......................................................................................................................................... |
365 |
Remote Management .............................................................................................................. |
377 |
UPnP ....................................................................................................................................... |
399 |
Custom Application .................................................................................................................. |
409 |
ALG Screen .............................................................................................................................. |
411 |
Logs and Maintenance ........................................................................................................ |
417 |
Logs Screens ........................................................................................................................... |
419 |
Maintenance ............................................................................................................................ |
447 |
ZyWALL 2 Plus User’s Guide
7 |
Contents Overview |
|
SMT ....................................................................................................................................... |
465 |
Introducing the SMT ................................................................................................................ |
467 |
SMT Menu 1 - General Setup .................................................................................................. |
475 |
WAN and Dial Backup Setup ................................................................................................... |
481 |
LAN Setup ............................................................................................................................... |
491 |
Internet Access ........................................................................................................................ |
497 |
DMZ Setup .............................................................................................................................. |
501 |
Wireless Setup ........................................................................................................................ |
505 |
Remote Node Setup ................................................................................................................ |
509 |
IP Static Route Setup .............................................................................................................. |
519 |
Network Address Translation (NAT) ........................................................................................ |
521 |
Introducing the ZyWALL Firewall ............................................................................................. |
539 |
Filter Configuration .................................................................................................................. |
541 |
SNMP Configuration ................................................................................................................ |
557 |
System Information & Diagnosis ............................................................................................. |
559 |
Firmware and Configuration File Maintenance ........................................................................ |
571 |
System Maintenance Menus 8 to 10 ....................................................................................... |
587 |
Remote Management .............................................................................................................. |
595 |
Call Scheduling ........................................................................................................................ |
599 |
Troubleshooting and Specifications .................................................................................. |
603 |
Troubleshooting ....................................................................................................................... |
605 |
Product Specifications ............................................................................................................. |
613 |
Appendices and Index ......................................................................................................... |
619 |
8 |
ZyWALL 2 Plus User’s Guide
Table of Contents
About This User's Guide .......................................................................................................... |
3 |
|
Document Conventions............................................................................................................ |
4 |
|
Safety Warnings........................................................................................................................ |
6 |
|
Contents Overview ................................................................................................................... |
7 |
|
Table of Contents...................................................................................................................... |
9 |
|
List of Figures ......................................................................................................................... |
27 |
|
List of Tables........................................................................................................................... |
39 |
|
Part I: Introduction and Registration ................................................... |
45 |
|
Chapter 1 |
|
|
Getting to Know Your ZyWALL.............................................................................................. |
47 |
|
1.1 |
ZyWALL Internet Security Appliance Overview ................................................................... |
47 |
1.2 |
Applications for the ZyWALL ............................................................................................... |
47 |
|
1.2.1 Secure Broadband Internet Access via Cable or DSL Modem .................................. |
47 |
|
1.2.2 VPN Application ......................................................................................................... |
48 |
1.3 |
Ways to Manage the ZyWALL ............................................................................................. |
48 |
1.4 |
Good Habits for Managing the ZyWALL .............................................................................. |
49 |
1.5 |
LEDs .................................................................................................................................... |
49 |
Chapter 2 |
|
|
Introducing the Web Configurator ........................................................................................ |
51 |
|
2.1 |
Web Configurator Overview ................................................................................................. |
51 |
2.2 |
Accessing the ZyWALL Web Configurator .......................................................................... |
51 |
2.3 |
Resetting the ZyWALL ......................................................................................................... |
53 |
|
2.3.1 Procedure To Use The Reset Button ......................................................................... |
53 |
|
2.3.2 Uploading a Configuration File Via Console Port ....................................................... |
53 |
2.4 |
Navigating the ZyWALL Web Configurator .......................................................................... |
54 |
|
2.4.1 Title Bar ...................................................................................................................... |
54 |
|
2.4.2 Main Window .............................................................................................................. |
55 |
|
2.4.3 HOME Screen: Router Mode ................................................................................. |
55 |
|
2.4.4 HOME Screen: Bridge Mode .................................................................................... |
57 |
|
2.4.5 Navigation Panel ........................................................................................................ |
60 |
ZyWALL 2 Plus User’s Guide
9 |
Table of Contents |
|
|
|
2.4.6 Port Statistics ........................................................................................................... |
64 |
|
2.4.7 DHCP Table Screen ................................................................................................ |
65 |
|
2.4.8 VPN Status ................................................................................................................. |
66 |
|
2.4.9 Bandwidth Monitor .................................................................................................... |
67 |
Chapter 3 |
|
|
Wizard Setup ........................................................................................................................... |
69 |
|
3.1 |
Wizard Setup Overview ...................................................................................................... |
69 |
3.2 |
Internet Access ................................................................................................................... |
70 |
|
3.2.1 ISP Parameters .......................................................................................................... |
70 |
|
3.2.2 Internet Access Wizard: Second Screen .................................................................... |
75 |
|
3.2.3 Internet Access Wizard: Registration ......................................................................... |
76 |
3.3 |
VPN Wizard Gateway Setting .............................................................................................. |
79 |
3.4 |
VPN Wizard Network Setting ............................................................................................... |
80 |
3.5 |
VPN Wizard IKE Tunnel Setting (IKE Phase 1) ................................................................... |
82 |
3.6 |
VPN Wizard IPSec Setting (IKE Phase 2) ........................................................................... |
83 |
3.7 |
VPN Wizard Status Summary .............................................................................................. |
85 |
3.8 |
VPN Wizard Setup Complete .............................................................................................. |
87 |
Chapter 4 |
|
|
Tutorials ................................................................................................................................... |
|
89 |
4.1 |
Security Settings for VPN Traffic ......................................................................................... |
89 |
|
4.1.1 Firewall Rule for VPN Example .................................................................................. |
89 |
|
4.1.2 Configuring the VPN Rule .......................................................................................... |
90 |
|
4.1.3 Configuring the Firewall Rules ................................................................................... |
93 |
4.2 |
Using NAT with Multiple Public IP Addresses ...................................................................... |
97 |
|
4.2.1 Example Parameters and Scenario ........................................................................... |
97 |
|
4.2.2 Configuring the WAN Connection with a Static IP Address ........................................ |
98 |
|
4.2.3 Public IP Address Mapping ...................................................................................... |
101 |
|
4.2.4 Forwarding Traffic from the WAN to a Local Computer ............................................ |
105 |
|
4.2.5 Allow WAN-to-LAN Traffic through the Firewall ........................................................ |
107 |
|
4.2.6 Testing the Connections ............................................................................................ |
114 |
4.3 |
Using NAT with Multiple Game Players .............................................................................. |
114 |
4.4 |
How to Manage the ZyWALL’s Bandwidth .......................................................................... |
115 |
|
4.4.1 Example Parameters and Scenario .......................................................................... |
115 |
|
4.4.2 Configuring Bandwidth Management Rules .............................................................. |
116 |
4.5 |
Configuring Content Filtering ............................................................................................. |
120 |
|
4.5.1 Enable Content Filtering ........................................................................................... |
120 |
|
4.5.2 Block Categories of Web Content ............................................................................ |
121 |
|
4.5.3 Assign Bob’s Computer a Specific IP Address ......................................................... |
123 |
|
4.5.4 Create a Content Filter Policy for Bob ...................................................................... |
123 |
|
4.5.5 Set the Content Filter Schedule ............................................................................... |
124 |
|
4.5.6 Block Categories of Web Content for Bob ............................................................... |
125 |
10 |
ZyWALL 2 Plus User’s Guide
|
|
Table of Contents |
Chapter 5 |
|
|
Registration ........................................................................................................................... |
127 |
|
5.1 myZyXEL.com overview .................................................................................................... |
127 |
|
|
5.1.1 Content Filtering Subscription Service ..................................................................... |
127 |
5.2 |
Registration ....................................................................................................................... |
128 |
5.3 |
Service ............................................................................................................................... |
129 |
Part II: Network..................................................................................... |
131 |
|
Chapter 6 |
|
|
LAN Screens.......................................................................................................................... |
133 |
|
6.1 LAN, WAN and the ZyWALL .............................................................................................. |
133 |
|
6.2 |
IP Address and Subnet Mask ............................................................................................ |
133 |
|
6.2.1 Private IP Addresses ................................................................................................ |
134 |
6.3 DHCP ................................................................................................................................ |
135 |
|
|
6.3.1 IP Pool Setup ........................................................................................................... |
135 |
6.4 |
RIP Setup .......................................................................................................................... |
135 |
6.5 |
Multicast ............................................................................................................................ |
135 |
6.6 WINS ................................................................................................................................. |
136 |
|
6.7 |
LAN .................................................................................................................................... |
136 |
6.8 |
LAN Static DHCP ............................................................................................................... |
139 |
6.9 |
LAN IP Alias .................................................................................................................... |
140 |
6.10 LAN Port Roles ................................................................................................................ |
142 |
|
Chapter 7 |
|
|
Bridge Screens...................................................................................................................... |
145 |
|
7.1 |
Bridge Loop ....................................................................................................................... |
145 |
7.2 |
Spanning Tree Protocol (STP) ........................................................................................... |
146 |
|
7.2.1 Rapid STP ................................................................................................................ |
146 |
|
7.2.2 STP Terminology ...................................................................................................... |
146 |
|
7.2.3 How STP Works ....................................................................................................... |
146 |
|
7.2.4 STP Port States ........................................................................................................ |
147 |
7.3 |
Bridge ................................................................................................................................ |
147 |
7.4 |
Bridge Port Roles ............................................................................................................. |
149 |
Chapter 8 |
|
|
WAN Screens......................................................................................................................... |
151 |
|
8.1 |
WAN Overview .................................................................................................................. |
151 |
8.2 |
TCP/IP Priority (Metric) ...................................................................................................... |
151 |
8.3 WAN Route ........................................................................................................................ |
151 |
|
8.4 |
WAN IP Address Assignment ............................................................................................ |
153 |
ZyWALL 2 Plus User’s Guide
11 |
Table of Contents |
|
|
8.5 |
DNS Server Address Assignment ................................................................................... |
153 |
8.6 WAN MAC Address ........................................................................................................... |
154 |
|
8.7 WAN ................................................................................................................................ |
154 |
|
|
8.7.1 WAN Ethernet Encapsulation ................................................................................... |
154 |
|
8.7.2 PPPoE Encapsulation .............................................................................................. |
157 |
|
8.7.3 PPTP Encapsulation ................................................................................................ |
160 |
8.8 |
Traffic Redirect ................................................................................................................ |
163 |
8.9 |
Configuring Traffic Redirect ............................................................................................... |
164 |
8.10 Configuring Dial Backup .................................................................................................. |
165 |
|
8.11 Advanced Modem Setup ................................................................................................ |
168 |
|
|
8.11.1 AT Command Strings ............................................................................................. |
168 |
|
8.11.2 DTR Signal ............................................................................................................. |
168 |
|
8.11.3 Response Strings ................................................................................................... |
169 |
8.12 Configuring Advanced Modem Setup .............................................................................. |
169 |
|
Chapter 9 |
|
|
DMZ Screens ......................................................................................................................... |
171 |
|
9.1 DMZ ................................................................................................................................. |
171 |
|
9.2 |
Configuring DMZ ............................................................................................................... |
171 |
9.3 |
DMZ Static DHCP ............................................................................................................ |
174 |
9.4 |
DMZ IP Alias .................................................................................................................... |
175 |
9.5 |
DMZ Public IP Address Example ...................................................................................... |
177 |
9.6 |
DMZ Private and Public IP Address Example ................................................................... |
177 |
9.7 |
DMZ Port Roles ............................................................................................................... |
178 |
Chapter 10 |
|
|
Wireless LAN......................................................................................................................... |
181 |
|
10.1 Wireless LAN Introduction ............................................................................................... |
181 |
|
10.2 Configuring WLAN ......................................................................................................... |
181 |
|
10.3 WLAN Static DHCP ....................................................................................................... |
184 |
|
10.4 WLAN IP Alias ............................................................................................................... |
185 |
|
10.5 WLAN Port Roles ........................................................................................................... |
187 |
|
Part III: Security.................................................................................... |
189 |
|
Chapter 11 |
|
|
Firewall................................................................................................................................... |
|
191 |
11.1 Firewall Overview ............................................................................................................ |
191 |
|
11.2 Packet Direction Matrix .................................................................................................... |
192 |
|
11.3 Packet Direction Examples .............................................................................................. |
193 |
|
|
11.3.1 To VPN Packet Direction ........................................................................................ |
195 |
12 |
ZyWALL 2 Plus User’s Guide
|
|
Table of Contents |
11.3.2 From VPN Packet Direction ................................................................................... |
196 |
|
11.3.3 From VPN To VPN Packet Direction ...................................................................... |
198 |
|
11.4 Security Considerations ................................................................................................... |
199 |
|
11.5 Firewall Rules Example ................................................................................................... |
200 |
|
11.6 Asymmetrical Routes ....................................................................................................... |
201 |
|
11.6.1 Asymmetrical Routes and IP Alias ......................................................................... |
202 |
|
11.7 Firewall Default Rule (Router Mode) ................................................................................ |
202 |
|
11.8 Firewall Default Rule (Bridge Mode) .............................................................................. |
204 |
|
11.9 Firewall Rule Summary ................................................................................................... |
206 |
|
11.9.1 Firewall Edit Rule ................................................................................................. |
208 |
|
11.10 Anti-Probing .................................................................................................................. |
211 |
|
11.11 Firewall Thresholds ..................................................................................................... |
212 |
|
11.11.1 Threshold Values .................................................................................................. |
213 |
|
11.12 Threshold Screen ........................................................................................................... |
213 |
|
11.13 Service .......................................................................................................................... |
215 |
|
11.13.1 Firewall Edit Custom Service .............................................................................. |
216 |
|
11.14 My Service Firewall Rule Example ................................................................................ |
217 |
|
Chapter 12 |
|
|
Content Filtering Screens .................................................................................................... |
223 |
|
12.1 |
Content Filtering Overview .............................................................................................. |
223 |
12.1.1 Restrict Web Features ........................................................................................... |
223 |
|
12.1.2 Create a Filter List .................................................................................................. |
223 |
|
12.1.3 Customize Web Site Access ................................................................................. |
223 |
|
12.2 |
Content Filtering with an External Database ................................................................... |
223 |
12.3 |
Content Filter General Screen ........................................................................................ |
224 |
12.4 |
Content Filter Policy ..................................................................................................... |
227 |
12.5 |
Content Filter Policy: General ......................................................................................... |
229 |
12.6 |
Content Filter Policy: External Database ........................................................................ |
230 |
12.7 |
Content Filter Policy: Customization ............................................................................... |
237 |
12.8 |
Content Filter Policy: Schedule ...................................................................................... |
239 |
12.9 |
Content Filter Object ..................................................................................................... |
240 |
12.10 Customizing Keyword Blocking URL Checking ............................................................. |
242 |
|
12.10.1 Domain Name or IP Address URL Checking ....................................................... |
242 |
|
12.10.2 Full Path URL Checking ....................................................................................... |
243 |
|
12.10.3 File Name URL Checking ..................................................................................... |
243 |
|
12.11 Content Filtering Cache ............................................................................................... |
243 |
|
Chapter 13 |
|
|
Content Filtering Reports..................................................................................................... |
245 |
|
13.1 |
Checking Content Filtering Activation .............................................................................. |
245 |
13.2 |
Viewing Content Filtering Reports ................................................................................... |
245 |
13.3 |
Web Site Submission ....................................................................................................... |
250 |
ZyWALL 2 Plus User’s Guide
13 |
Table of Contents |
|
|
Chapter 14 |
|
|
IPSec VPN |
.............................................................................................................................. |
253 |
14.1 |
IPSec VPN Overview ..................................................................................................... |
253 |
14.1.1 ....................................................................................................IKE SA Overview |
254 |
|
14.2 .............................................................................................................. |
VPN Rules (IKE) |
255 |
14.3 .................................................................................................................. |
IKE SA Setup |
257 |
14.3.1 ....................................................................................................IKE SA Proposal |
257 |
|
14.4 ........................................................................................... |
Additional IPSec VPN Topics |
261 |
14.4.1 ...........................................................................................................SA Life Time |
262 |
|
14.4.2 ...........................................................................................IPSec High Availability |
262 |
|
14.4.3 .............................................................Encryption and Authentication Algorithms |
263 |
|
14.5 ............................................................................. |
VPN Rules (IKE) Gateway Policy Edit |
264 |
14.6 ..................................................................................................... |
IPSec SA Overview |
270 |
14.6.1 ......................................................................Local Network and Remote Network |
270 |
|
14.6.2 ........................................................................................Virtual Address Mapping |
271 |
|
14.6.3 .......................................................................................................Active Protocol |
272 |
|
14.6.4 .........................................................................................................Encapsulation |
272 |
|
14.6.5 .................................................IPSec SA Proposal and Perfect Forward Secrecy |
273 |
|
14.7 ............................................................................. |
VPN Rules (IKE) Network Policy Edit |
273 |
14.8 ................................................................................... |
Network Policy Port Forwarding |
278 |
14.9 ..................................................................................................... |
Network Policy Move |
280 |
14.10 ...................................................................................IPSec SA Using Manual Keys |
281 |
|
14.10.1 ...............................................................IPSec SA Proposal Using Manual Keys |
281 |
|
14.10.2 .......................................Authentication and the Security Parameter Index (SPI) |
281 |
|
14.11 ......................................................................................................VPN Rules (Manual) |
281 |
|
14.12 ............................................................................................VPN Rules (Manual) Edit |
283 |
|
14.13 ..........................................................................................................VPN SA Monitor |
285 |
|
14.14 .......................................................................................................VPN Global Setting |
286 |
|
14.14.1 ..............................................Local and Remote IP Address Conflict Resolution |
286 |
|
14.15 ............................................................................Telecommuter VPN/IPSec Examples |
289 |
|
14.15.1 ................................................Telecommuters Sharing One VPN Rule Example |
289 |
|
14.15.2 .............................................Telecommuters Using Unique VPN Rules Example |
290 |
|
14.16 .....................................................................................VPN and Remote Management |
291 |
|
14.17 ......................................................................................................Hub-and-spoke VPN |
292 |
|
14.17.1 .............................................................................Hub-and-spoke VPN Example |
293 |
|
14.17.2 ...................................................Hub-and-spoke Example VPN Rule Addresses |
293 |
|
14.17.3 .........................................Hub-and-spoke VPN Requirements and Suggestions |
294 |
|
Chapter 15 |
|
|
Certificates ............................................................................................................................ |
295 |
|
15.1 ....................................................................................................... |
Certificates Overview |
295 |
15.1.1 .....................................................................................Advantages of Certificates |
296 |
|
15.2 .................................................................................................... |
Self - signed Certificates |
296 |
14 |
ZyWALL 2 Plus User’s Guide
|
|
Table of Contents |
15.3 |
Verifying a Certificate ....................................................................................................... |
296 |
15.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. |
296 |
|
15.4 |
Configuration Summary ................................................................................................... |
297 |
15.5 |
My Certificates ................................................................................................................ |
298 |
15.6 |
My Certificate Details ..................................................................................................... |
300 |
15.7 |
My Certificate Export ...................................................................................................... |
302 |
15.7.1 Certificate File Export Formats ............................................................................... |
302 |
|
15.8 |
My Certificate Import ..................................................................................................... |
303 |
15.8.1 Certificate File Formats .......................................................................................... |
303 |
|
15.9 |
My Certificate Create ..................................................................................................... |
305 |
15.10 Trusted CAs ................................................................................................................. |
310 |
|
15.11 Trusted CA Details ........................................................................................................ |
312 |
|
15.12 Trusted CA Import ....................................................................................................... |
314 |
|
15.13 Trusted Remote Hosts ................................................................................................. |
315 |
|
15.14 Trusted Remote Host Certificate Details ..................................................................... |
316 |
|
15.15 Trusted Remote Hosts Import ...................................................................................... |
319 |
|
15.16 Directory Servers .......................................................................................................... |
320 |
|
15.17 Directory Server Add or Edit ........................................................................................ |
321 |
|
Chapter 16 |
|
|
Authentication Server........................................................................................................... |
323 |
|
16.1 |
Authentication Server Overview ...................................................................................... |
323 |
16.1.1 Local User Database .............................................................................................. |
323 |
|
16.1.2 RADIUS .................................................................................................................. |
323 |
|
16.1.3 Types of RADIUS Messages .................................................................................. |
323 |
|
16.2 |
Local User Database ..................................................................................................... |
324 |
16.3 RADIUS ......................................................................................................................... |
326 |
|
Part IV: Advanced ................................................................................ |
329 |
|
Chapter 17 |
|
|
Network Address Translation (NAT).................................................................................... |
331 |
|
17.1 |
NAT Overview ................................................................................................................ |
331 |
17.1.1 NAT Definitions ...................................................................................................... |
331 |
|
17.1.2 What NAT Does ..................................................................................................... |
332 |
|
17.1.3 How NAT Works ..................................................................................................... |
332 |
|
17.1.4 NAT Application ...................................................................................................... |
333 |
|
17.1.5 Port Restricted Cone NAT ...................................................................................... |
334 |
|
17.1.6 NAT Mapping Types ............................................................................................... |
334 |
|
17.2 |
Using NAT ........................................................................................................................ |
335 |
17.2.1 SUA (Single User Account) Versus NAT ................................................................ |
335 |
ZyWALL 2 Plus User’s Guide
15 |
Table of Contents |
|
|
17.3 |
NAT Overview Screen ..................................................................................................... |
336 |
17.4 |
NAT Address Mapping ................................................................................................... |
337 |
17.4.1 What NAT Does ..................................................................................................... |
337 |
|
17.4.2 NAT Address Mapping Edit .................................................................................. |
339 |
|
17.5 |
Port Forwarding .............................................................................................................. |
340 |
17.5.1 Default Server IP Address ...................................................................................... |
340 |
|
17.5.2 Port Forwarding: Services and Port Numbers ........................................................ |
341 |
|
17.5.3 Configuring Servers Behind Port Forwarding (Example) ....................................... |
341 |
|
17.5.4 Port Translation ...................................................................................................... |
341 |
|
17.6 |
Port Forwarding Screen ................................................................................................... |
342 |
17.7 |
Port Triggering ............................................................................................................... |
344 |
Chapter 18 |
|
|
Static Route ........................................................................................................................... |
347 |
|
18.1 |
IP Static Route .............................................................................................................. |
347 |
18.2 |
IP Static Route ................................................................................................................. |
348 |
18.2.1 IP Static Route Edit .............................................................................................. |
349 |
|
Chapter 19 |
|
|
Bandwidth Management....................................................................................................... |
351 |
|
19.1 |
Bandwidth Management Overview ................................................................................. |
351 |
19.2 |
Bandwidth Classes and Filters ........................................................................................ |
351 |
19.3 |
Proportional Bandwidth Allocation ................................................................................... |
352 |
19.4 |
Application-based Bandwidth Management .................................................................... |
352 |
19.5 |
Subnet-based Bandwidth Management .......................................................................... |
352 |
19.6 |
Application and Subnet-based Bandwidth Management ................................................. |
352 |
19.7 |
Scheduler ........................................................................................................................ |
353 |
19.7.1 Priority-based Scheduler ........................................................................................ |
353 |
|
19.7.2 Fairness-based Scheduler ..................................................................................... |
353 |
|
19.7.3 Maximize Bandwidth Usage ................................................................................... |
353 |
|
19.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic .......................................... |
353 |
|
19.7.5 Maximize Bandwidth Usage Example .................................................................... |
354 |
|
19.8 |
Bandwidth Borrowing ....................................................................................................... |
355 |
19.8.1 Bandwidth Borrowing Example .............................................................................. |
355 |
|
19.9 |
Maximize Bandwidth Usage With Bandwidth Borrowing ................................................. |
356 |
19.10 Over Allotment of Bandwidth ......................................................................................... |
356 |
|
19.11 Configuring Summary .................................................................................................... |
357 |
|
19.12 Configuring Class Setup .............................................................................................. |
358 |
|
19.12.1 Bandwidth Manager Class Configuration ........................................................... |
359 |
|
19.12.2 Bandwidth Management Statistics ................................................................... |
362 |
|
19.13 Bandwidth Manager Monitor ........................................................................................ |
363 |
|
Chapter 20 |
|
|
DNS ........................................................................................................................................ |
|
365 |
16 |
ZyWALL 2 Plus User’s Guide
|
|
Table of Contents |
20.1 |
DNS Overview ............................................................................................................... |
365 |
20.2 |
DNS Server Address Assignment ................................................................................... |
365 |
20.3 |
DNS Servers .................................................................................................................... |
365 |
20.4 |
Address Record ............................................................................................................... |
366 |
20.4.1 DNS Wildcard ......................................................................................................... |
366 |
|
20.5 |
Name Server Record ....................................................................................................... |
366 |
20.5.1 Private DNS Server ................................................................................................ |
366 |
|
20.6 |
System Screen ................................................................................................................ |
367 |
20.6.1 Adding an Address Record .................................................................................. |
368 |
|
20.6.2 Inserting a Name Server Record .......................................................................... |
369 |
|
20.7 DNS Cache .................................................................................................................... |
371 |
|
20.8 |
Configure DNS Cache ..................................................................................................... |
371 |
20.9 |
Configuring DNS DHCP ................................................................................................ |
372 |
20.10 Dynamic DNS .............................................................................................................. |
374 |
|
20.10.1 DYNDNS Wildcard ............................................................................................... |
374 |
|
20.11 Configuring Dynamic DNS ............................................................................................. |
374 |
|
Chapter 21 |
|
|
Remote Management............................................................................................................ |
377 |
|
21.1 |
Remote Management Overview ...................................................................................... |
377 |
21.1.1 Remote Management Limitations .......................................................................... |
378 |
|
21.1.2 System Timeout ..................................................................................................... |
378 |
|
21.2 WWW (HTTP and HTTPS) ............................................................................................. |
378 |
|
21.3 |
WWW Configuration ........................................................................................................ |
379 |
21.4 HTTPS Example .............................................................................................................. |
380 |
|
21.4.1 Internet Explorer Warning Messages ..................................................................... |
381 |
|
21.4.2 Netscape Navigator Warning Messages ................................................................ |
381 |
|
21.4.3 Avoiding the Browser Warning Messages .............................................................. |
382 |
|
21.4.4 Login Screen .......................................................................................................... |
383 |
|
21.5 |
SSH .............................................................................................................................. |
385 |
21.6 How SSH Works .............................................................................................................. |
385 |
|
21.7 |
SSH Implementation on the ZyWALL .............................................................................. |
386 |
21.7.1 Requirements for Using SSH ................................................................................. |
386 |
|
21.8 |
Configuring SSH .............................................................................................................. |
386 |
21.9 |
Secure Telnet Using SSH Examples ............................................................................... |
387 |
21.9.1 Example 1: Microsoft Windows .............................................................................. |
387 |
|
21.9.2 Example 2: Linux .................................................................................................... |
388 |
|
21.10 Secure FTP Using SSH Example .................................................................................. |
389 |
|
21.11 Telnet ........................................................................................................................... |
390 |
|
21.12 Configuring TELNET ..................................................................................................... |
390 |
|
21.13 FTP .............................................................................................................................. |
391 |
|
21.14 SNMP .......................................................................................................................... |
392 |
|
21.14.1 Supported MIBs ................................................................................................... |
393 |
ZyWALL 2 Plus User’s Guide
17 |
Table of Contents |
|
|
21.14.2 SNMP Traps ......................................................................................................... |
393 |
|
21.14.3 REMOTE MANAGEMENT: SNMP ....................................................................... |
393 |
|
21.15 DNS ............................................................................................................................. |
395 |
|
21.16 Introducing Vantage CNM ............................................................................................. |
395 |
|
21.17 Configuring CNM ........................................................................................................... |
396 |
|
21.17.1 Additional Configuration for Vantage CNM .......................................................... |
397 |
|
Chapter 22 |
|
|
UPnP ...................................................................................................................................... |
|
399 |
22.1 |
Universal Plug and Play Overview ................................................................................ |
399 |
22.1.1 How Do I Know If I'm Using UPnP? ....................................................................... |
399 |
|
22.1.2 NAT Traversal ........................................................................................................ |
399 |
|
22.1.3 Cautions with UPnP ............................................................................................... |
399 |
|
22.1.4 UPnP and ZyXEL ................................................................................................... |
400 |
|
22.2 |
Configuring UPnP ............................................................................................................ |
400 |
22.3 |
Displaying UPnP Port Mapping .................................................................................... |
401 |
22.4 |
Installing UPnP in Windows Example .............................................................................. |
402 |
22.4.1 Installing UPnP in Windows Me ............................................................................. |
403 |
|
22.4.2 Installing UPnP in Windows XP ............................................................................. |
404 |
|
22.5 Using UPnP in Windows XP Example ............................................................................. |
404 |
|
22.5.1 Auto-discover Your UPnP-enabled Network Device .............................................. |
405 |
|
22.5.2 Web Configurator Easy Access ............................................................................. |
406 |
|
Chapter 23 |
|
|
Custom Application .............................................................................................................. |
409 |
|
23.1 |
Custom Applicaton ......................................................................................................... |
409 |
23.2 |
Custom Applicaton Configuration .................................................................................... |
409 |
Chapter 24 |
|
|
ALG Screen ........................................................................................................................... |
411 |
|
24.1 |
ALG Introduction .............................................................................................................. |
411 |
24.1.1 ALG and NAT .......................................................................................................... |
411 |
|
24.1.2 ALG and the Firewall ............................................................................................... |
411 |
|
24.2 |
FTP .................................................................................................................................. |
412 |
24.3 |
H.323 ............................................................................................................................... |
412 |
24.4 RTP .................................................................................................................................. |
412 |
|
24.4.1 H.323 ALG Details ................................................................................................. |
412 |
|
24.5 |
SIP ................................................................................................................................... |
413 |
24.5.1 STUN ..................................................................................................................... |
413 |
|
24.5.2 SIP ALG Details ..................................................................................................... |
413 |
|
24.5.3 SIP Signaling Session Timeout .............................................................................. |
414 |
|
24.5.4 SIP Audio Session Timeout .................................................................................... |
414 |
|
24.6 |
ALG Screen ..................................................................................................................... |
414 |
18 |
ZyWALL 2 Plus User’s Guide
|
|
Table of Contents |
Part V: Logs and Maintenance............................................................ |
417 |
|
Chapter 25 |
|
|
Logs Screens ........................................................................................................................ |
419 |
|
25.1 |
Configuring View Log ...................................................................................................... |
419 |
25.2 |
Log Description Example ................................................................................................. |
420 |
25.2.1 About the Certificate Not Trusted Log .................................................................... |
421 |
|
25.3 |
Configuring Log Settings ................................................................................................ |
422 |
25.4 |
Configuring Reports ....................................................................................................... |
425 |
25.4.1 Viewing Web Site Hits ............................................................................................ |
427 |
|
25.4.2 Viewing Host IP Address ........................................................................................ |
427 |
|
25.4.3 Viewing Protocol/Port ............................................................................................. |
428 |
|
25.4.4 System Reports Specifications ............................................................................... |
430 |
|
25.5 |
Log Descriptions .............................................................................................................. |
430 |
25.6 |
Syslog Logs .................................................................................................................... |
445 |
Chapter 26 |
|
|
Maintenance .......................................................................................................................... |
447 |
|
26.1 |
Maintenance Overview .................................................................................................... |
447 |
26.2 |
General Setup and System Name ................................................................................... |
447 |
26.2.1 General Setup ....................................................................................................... |
447 |
|
26.3 |
Configuring Password .................................................................................................... |
448 |
26.4 |
Time and Date ................................................................................................................ |
449 |
26.5 |
Pre-defined NTP Time Server Pools ............................................................................... |
452 |
26.5.1 Resetting the Time ................................................................................................. |
452 |
|
26.5.2 Time Server Synchronization ................................................................................. |
452 |
|
26.6 |
Introduction To Transparent Bridging ............................................................................... |
453 |
26.7 |
Transparent Firewalls ...................................................................................................... |
454 |
26.8 |
Configuring Device Mode (Router) ................................................................................. |
454 |
26.9 |
Configuring Device Mode (Bridge) ................................................................................. |
455 |
26.10 F/W Upload Screen ...................................................................................................... |
457 |
|
26.11 Backup and Restore ..................................................................................................... |
459 |
|
26.11.1 Backup Configuration ........................................................................................... |
460 |
|
26.11.2 Restore Configuration .......................................................................................... |
460 |
|
26.11.3 Back to Factory Defaults ..................................................................................... |
461 |
|
26.12 Restart Screen .............................................................................................................. |
461 |
|
26.13 Diagnostics .................................................................................................................... |
462 |
|
Part VI: SMT.......................................................................................... |
465 |
ZyWALL 2 Plus User’s Guide
19 |
Table of Contents |
|
|
Chapter 27 |
|
|
Introducing the SMT ............................................................................................................. |
467 |
|
27.1 |
Introduction to the SMT ................................................................................................... |
467 |
27.2 |
Accessing the SMT via the Console Port ........................................................................ |
467 |
27.2.1 Initial Screen .......................................................................................................... |
467 |
|
27.2.2 Entering the Password ........................................................................................... |
468 |
|
27.3 |
Navigating the SMT Interface .......................................................................................... |
468 |
27.3.1 Main Menu ............................................................................................................. |
469 |
|
27.3.2 SMT Menus Overview ............................................................................................ |
471 |
|
27.4 |
Changing the System Password ..................................................................................... |
472 |
27.5 |
Resetting the ZyWALL ..................................................................................................... |
473 |
Chapter 28 |
|
|
SMT Menu 1 - General Setup ............................................................................................... |
475 |
|
28.1 |
Introduction to General Setup .......................................................................................... |
475 |
28.2 |
Configuring General Setup .............................................................................................. |
475 |
28.2.1 Configuring Dynamic DNS ..................................................................................... |
476 |
|
Chapter 29 |
|
|
WAN and Dial Backup Setup................................................................................................ |
481 |
|
29.1 |
Introduction to WAN and Dial Backup Setup ................................................................... |
481 |
29.2 WAN Setup ...................................................................................................................... |
481 |
|
29.3 |
Dial Backup ..................................................................................................................... |
482 |
29.4 |
Configuring Dial Backup in Menu 2 ................................................................................. |
482 |
29.5 Advanced WAN Setup ..................................................................................................... |
483 |
|
29.6 |
Remote Node Profile (Backup ISP) ................................................................................. |
485 |
29.7 |
Editing TCP/IP Options .................................................................................................... |
487 |
29.8 |
Editing Login Script .......................................................................................................... |
488 |
29.9 |
Remote Node Filter ......................................................................................................... |
489 |
Chapter 30 |
|
|
LAN Setup |
.............................................................................................................................. |
491 |
30.1 |
Introduction to LAN Setup ............................................................................................... |
491 |
30.2 |
Accessing the LAN Menus .............................................................................................. |
491 |
30.3 ....................................................................................................... |
LAN Port Filter Setup |
491 |
30.4 ........................................................................ |
TCP/IP and DHCP Ethernet Setup Menu |
492 |
30.4.1 .........................................................................................................IP Alias Setup |
495 |
|
Chapter 31 |
|
|
Internet Access ..................................................................................................................... |
497 |
|
31.1 .............................................................................. |
Introduction to Internet Access Setup |
497 |
31.2 ................................................................................................... |
Ethernet Encapsulation |
497 |
31.3 ............................................................................................ |
Configuring the PPTP Client |
499 |
20 |
ZyWALL 2 Plus User’s Guide
|
|
Table of Contents |
31.4 |
Configuring the PPPoE Client ......................................................................................... |
499 |
31.5 |
Basic Setup Complete ..................................................................................................... |
500 |
Chapter 32 |
|
|
DMZ Setup |
............................................................................................................................. |
501 |
32.1 |
Configuring DMZ Setup ................................................................................................... |
501 |
32.2 |
DMZ Port Filter Setup ...................................................................................................... |
501 |
32.3 |
TCP/IP Setup ................................................................................................................... |
502 |
32.3.1 IP Address .............................................................................................................. |
502 |
|
32.3.2 IP Alias Setup ......................................................................................................... |
503 |
|
Chapter 33 |
|
|
Wireless Setup ...................................................................................................................... |
505 |
|
33.1 |
TCP/IP Setup ................................................................................................................... |
505 |
33.1.1 IP Address .............................................................................................................. |
505 |
|
33.1.2 IP Alias Setup ......................................................................................................... |
506 |
|
Chapter 34 |
|
|
Remote Node Setup.............................................................................................................. |
509 |
|
34.1 |
Introduction to Remote Node Setup ................................................................................ |
509 |
34.2 |
Remote Node Setup ........................................................................................................ |
509 |
34.3 |
Remote Node Profile Setup ............................................................................................. |
509 |
34.3.1 Ethernet Encapsulation .......................................................................................... |
510 |
|
34.3.2 PPPoE Encapsulation ............................................................................................. |
511 |
|
34.3.3 PPTP Encapsulation .............................................................................................. |
513 |
|
34.4 |
Edit IP .............................................................................................................................. |
514 |
34.5 |
Remote Node Filter ......................................................................................................... |
516 |
34.6 |
Traffic Redirect ................................................................................................................ |
517 |
Chapter 35 |
|
|
IP Static Route Setup............................................................................................................ |
519 |
|
35.1 |
IP Static Route Setup ...................................................................................................... |
519 |
Chapter 36 |
|
|
Network Address Translation (NAT).................................................................................... |
521 |
|
36.1 |
Using NAT ........................................................................................................................ |
521 |
36.1.1 SUA (Single User Account) Versus NAT ................................................................ |
521 |
|
36.1.2 Applying NAT ......................................................................................................... |
521 |
|
36.2 |
NAT Setup ....................................................................................................................... |
523 |
36.2.1 Address Mapping Sets ........................................................................................... |
523 |
|
36.3 |
Configuring a Server behind NAT .................................................................................... |
528 |
36.4 |
General NAT Examples ................................................................................................... |
530 |
36.4.1 Internet Access Only .............................................................................................. |
530 |
ZyWALL 2 Plus User’s Guide
21 |
Table of Contents |
|
|
36.4.2 Example 2: Internet Access with a Default Server ................................................. |
532 |
|
36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............................. |
532 |
|
36.4.4 Example 4: NAT Unfriendly Application Programs ................................................. |
536 |
|
36.5 |
Trigger Port Forwarding ................................................................................................... |
537 |
36.5.1 Two Points To Remember About Trigger Ports ...................................................... |
537 |
|
Chapter 37 |
|
|
Introducing the ZyWALL Firewall ........................................................................................ |
539 |
|
37.1 Using ZyWALL SMT Menus ............................................................................................ |
539 |
|
37.1.1 Activating the Firewall ............................................................................................ |
539 |
|
Chapter 38 |
|
|
Filter Configuration............................................................................................................... |
541 |
|
38.1 |
Introduction to Filters ....................................................................................................... |
541 |
38.1.1 The Filter Structure of the ZyWALL ........................................................................ |
542 |
|
38.2 |
Configuring a Filter Set .................................................................................................... |
544 |
38.2.1 Configuring a Filter Rule ........................................................................................ |
546 |
|
38.2.2 Configuring a TCP/IP Filter Rule ............................................................................ |
546 |
|
38.2.3 Configuring a Generic Filter Rule ........................................................................... |
549 |
|
38.3 |
Example Filter .................................................................................................................. |
550 |
38.4 |
Filter Types and NAT ....................................................................................................... |
552 |
38.5 |
Firewall Versus Filters ..................................................................................................... |
552 |
38.5.1 Packet Filtering: ..................................................................................................... |
552 |
|
38.5.2 Firewall ................................................................................................................... |
553 |
|
38.6 |
Applying a Filter .............................................................................................................. |
553 |
38.6.1 Applying LAN Filters ............................................................................................... |
554 |
|
38.6.2 Applying DMZ Filters .............................................................................................. |
554 |
|
38.6.3 Applying Remote Node Filters ............................................................................... |
555 |
|
Chapter 39 |
|
|
SNMP Configuration ............................................................................................................. |
557 |
|
39.1 |
SNMP Configuration ........................................................................................................ |
557 |
39.2 SNMP Traps .................................................................................................................... |
558 |
|
Chapter 40 |
|
|
System Information & Diagnosis......................................................................................... |
559 |
|
40.1 |
Introduction to System Status .......................................................................................... |
559 |
40.2 |
System Status .................................................................................................................. |
559 |
40.3 |
System Information and Console Port Speed .................................................................. |
561 |
40.3.1 System Information ................................................................................................ |
561 |
|
40.3.2 Console Port Speed ............................................................................................... |
562 |
|
40.4 |
Log and Trace .................................................................................................................. |
562 |
40.4.1 Viewing Error Log ................................................................................................... |
562 |
22 |
ZyWALL 2 Plus User’s Guide
|
Table of Contents |
40.4.2 Syslog Logging ....................................................................................................... |
563 |
40.4.3 Call-Triggering Packet ............................................................................................ |
566 |
40.5 Diagnostic ........................................................................................................................ |
567 |
40.5.1 WAN DHCP ............................................................................................................ |
568 |
Chapter 41 |
|
Firmware and Configuration File Maintenance .................................................................. |
571 |
41.1 Introduction ...................................................................................................................... |
571 |
41.2 Filename Conventions ..................................................................................................... |
571 |
41.3 Backup Configuration ...................................................................................................... |
572 |
41.3.1 Backup Configuration ............................................................................................. |
572 |
41.3.2 Using the FTP Command from the Command Line ............................................... |
573 |
41.3.3 Example of FTP Commands from the Command Line .......................................... |
574 |
41.3.4 GUI-based FTP Clients .......................................................................................... |
574 |
41.3.5 File Maintenance Over WAN .................................................................................. |
574 |
41.3.6 Backup Configuration Using TFTP ......................................................................... |
575 |
41.3.7 TFTP Command Example ...................................................................................... |
575 |
41.3.8 GUI-based TFTP Clients ........................................................................................ |
575 |
41.3.9 Backup Via Console Port ....................................................................................... |
576 |
41.4 Restore Configuration ...................................................................................................... |
577 |
41.4.1 Restore Using FTP ................................................................................................. |
577 |
41.4.2 Restore Using FTP Session Example .................................................................... |
578 |
41.4.3 Restore Via Console Port ....................................................................................... |
579 |
41.5 Uploading Firmware and Configuration Files .................................................................. |
579 |
41.5.1 Firmware File Upload ............................................................................................. |
580 |
41.5.2 Configuration File Upload ....................................................................................... |
580 |
41.5.3 FTP File Upload Command from the DOS Prompt Example ................................. |
581 |
41.5.4 FTP Session Example of Firmware File Upload .................................................... |
582 |
41.5.5 TFTP File Upload ................................................................................................... |
582 |
41.5.6 TFTP Upload Command Example ......................................................................... |
583 |
41.5.7 Uploading Via Console Port ................................................................................... |
583 |
41.5.8 Uploading Firmware File Via Console Port ............................................................ |
583 |
41.5.9 Example Xmodem Firmware Upload Using HyperTerminal ................................... |
583 |
41.5.10 Uploading Configuration File Via Console Port .................................................... |
584 |
41.5.11 Example Xmodem Configuration Upload Using HyperTerminal ........................... |
585 |
Chapter 42 |
|
System Maintenance Menus 8 to 10.................................................................................... |
587 |
42.1 Command Interpreter Mode ............................................................................................ |
587 |
42.1.1 Command Syntax ................................................................................................... |
588 |
42.1.2 Command Usage ................................................................................................... |
588 |
42.2 Call Control Support ........................................................................................................ |
589 |
42.2.1 Budget Management .............................................................................................. |
589 |
ZyWALL 2 Plus User’s Guide
23 |
Table of Contents
42.2.2 Call History ............................................................................................................. |
590 |
42.3 Time and Date Setting ..................................................................................................... |
591 |
Chapter 43 |
|
Remote Management............................................................................................................ |
595 |
43.1 Remote Management ...................................................................................................... |
595 |
43.1.1 Remote Management Limitations .......................................................................... |
597 |
Chapter 44 |
|
Call Scheduling..................................................................................................................... |
599 |
44.1 Introduction to Call Scheduling ........................................................................................ |
599 |
Part VII: Troubleshooting and Specifications ................................... |
603 |
|
Chapter 45 |
|
|
Troubleshooting.................................................................................................................... |
605 |
|
45.1 |
Power, Hardware Connections, and LEDs ...................................................................... |
605 |
45.2 |
ZyWALL Access and Login .............................................................................................. |
606 |
45.3 |
Internet Access ................................................................................................................ |
608 |
45.4 |
Wireless Router/AP Troubleshooting ............................................................................... |
610 |
45.5 UPnP ............................................................................................................................... |
610 |
|
Chapter 46 |
|
|
Product Specifications ......................................................................................................... |
613 |
|
46.1 |
General ZyWALL Specifications ...................................................................................... |
613 |
46.2 |
Cable Pin Assignments ................................................................................................... |
615 |
46.3 |
Wall-mounting Instructions .............................................................................................. |
617 |
Part VIII: Appendices and Index ......................................................... |
619 |
||
Appendix |
A Setting up Your Computer’s IP Address............................................................ |
621 |
|
Appendix |
B Pop-up Windows, JavaScripts and Java Permissions ...................................... |
637 |
|
Appendix |
C IP Addresses and Subnetting ........................................................................... |
645 |
|
Appendix |
D Common Services ............................................................................................ |
653 |
|
Appendix |
E |
Importing Certificates ........................................................................................ |
657 |
Appendix |
F |
Legal Information .............................................................................................. |
669 |
Appendix |
G Customer Support ............................................................................................ |
673 |
24 |
ZyWALL 2 Plus User’s Guide
Table of Contents
Index....................................................................................................................................... |
679 |
ZyWALL 2 Plus User’s Guide
25 |
Table of Contents
26 |
ZyWALL 2 Plus User’s Guide
List of Figures
Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ................................................... |
48 |
Figure 2 VPN Application ....................................................................................................................... |
48 |
Figure 3 Front Panel .............................................................................................................................. |
49 |
Figure 4 Change Password Screen ........................................................................................................ |
52 |
Figure 5 Replace Certificate Screen ....................................................................................................... |
52 |
Figure 6 Example Xmodem Upload ........................................................................................................ |
53 |
Figure 7 HOME Screen .......................................................................................................................... |
54 |
Figure 8 Web Configurator HOME Screen in Router Mode ................................................................... |
55 |
Figure 9 Web Configurator HOME Screen in Bridge Mode .................................................................... |
58 |
Figure 10 HOME > Show Statistics ........................................................................................................ |
64 |
Figure 11 HOME > DHCP Table ............................................................................................................. |
65 |
Figure 12 HOME > VPN Status .............................................................................................................. |
66 |
Figure 13 Home > Bandwidth Monitor .................................................................................................... |
67 |
Figure 14 Wizard Setup Welcome .......................................................................................................... |
69 |
Figure 15 ISP Parameters: Ethernet Encapsulation ............................................................................... |
70 |
Figure 16 ISP Parameters: PPPoE Encapsulation ................................................................................. |
72 |
Figure 17 ISP Parameters: PPTP Encapsulation ................................................................................... |
74 |
Figure 18 Internet Access Wizard: Second Screen ................................................................................ |
75 |
Figure 19 Internet Access Setup Complete ............................................................................................ |
76 |
Figure 20 Internet Access Wizard: Registration ..................................................................................... |
77 |
Figure 21 Internet Access Wizard: Registration in Progress .................................................................. |
78 |
Figure 22 Internet Access Wizard: Status .............................................................................................. |
78 |
Figure 23 Internet Access Wizard: Registration Failed .......................................................................... |
78 |
Figure 24 Internet Access Wizard: Registered Device ........................................................................... |
79 |
Figure 25 Internet Access Wizard: Activated Services ........................................................................... |
79 |
Figure 26 VPN Wizard: Gateway Setting ............................................................................................... |
80 |
Figure 27 VPN Wizard: Network Setting ................................................................................................ |
81 |
Figure 28 VPN Wizard: IKE Tunnel Setting ............................................................................................ |
82 |
Figure 29 VPN Wizard: IPSec Setting .................................................................................................... |
84 |
Figure 30 VPN Wizard: VPN Status ....................................................................................................... |
85 |
Figure 31 VPN Wizard Setup Complete ................................................................................................. |
87 |
Figure 32 Firewall Rule for VPN ............................................................................................................. |
90 |
Figure 33 SECURITY > VPN > VPN Rules (IKE) .................................................................................. |
90 |
Figure 34 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy ............................................. |
91 |
Figure 35 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example ................................ |
92 |
Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy ............................................... |
93 |
Figure 37 SECURITY > FIREWALL > Rule Summary ........................................................................... |
94 |
Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow ..................................................... |
95 |
ZyWALL 2 Plus User’s Guide
27 |
List of Figures |
|
Figure 39 SECURITY > FIREWALL > Rule Summary: Allow ................................................................. |
96 |
Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN ...................................... |
96 |
Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses ............................................... |
97 |
Figure 42 Tutorial Example: WAN Connection with a Static Public IP Address ..................................... |
98 |
Figure 43 Tutorial Example: WAN Screen ............................................................................................. |
99 |
Figure 44 Tutorial Example: DNS > System ........................................................................................... |
99 |
Figure 45 Tutorial Example: DNS > System Edit-1 ............................................................................. |
100 |
Figure 46 Tutorial Example: DNS > System Edit-2 ............................................................................. |
100 |
Figure 47 Tutorial Example: DNS > System: Done ............................................................................. |
101 |
Figure 48 Tutorial Example: Status ....................................................................................................... |
101 |
Figure 49 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers ........................ |
102 |
Figure 50 Tutorial Example: NAT > NAT Overview .............................................................................. |
103 |
Figure 51 Tutorial Example: NAT > Address Mapping .......................................................................... |
103 |
Figure 52 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) .......................................... |
104 |
Figure 53 Tutorial Example: NAT Address Mapping Edit: One-to-One (2) .......................................... |
104 |
Figure 54 Tutorial Example: NAT Address Mapping Edit: Many-to-One ............................................. |
104 |
Figure 55 Tutorial Example: NAT Address Mapping Done ................................................................. |
105 |
Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... |
106 |
Figure 57 Tutorial Example: NAT Address Mapping Edit: Server ....................................................... |
106 |
Figure 58 Tutorial Example: NAT Port Forwarding ............................................................................... |
107 |
Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... |
107 |
Figure 60 Tutorial Example: Firewall Default Rule .............................................................................. |
108 |
Figure 61 Tutorial Example: Firewall Rule: WAN to LAN .................................................................... |
108 |
Figure 62 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server ...................... |
109 |
Figure 63 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server ........................ |
110 |
Figure 64 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server ........................ |
111 |
Figure 65 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server ......................... |
111 |
Figure 66 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server ........................ |
112 |
Figure 67 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server ......................... |
113 |
Figure 68 Tutorial Example: Firewall Rule Summary ............................................................................ |
113 |
Figure 69 Tutorial Example: NAT Address Mapping Done: Game Playing ......................................... |
115 |
Figure 70 Tutorial Example: Bandwidth Management ........................................................................... |
116 |
Figure 71 Tutorial Example: Bandwidth Management Summary ......................................................... |
117 |
Figure 72 Tutorial Example: Bandwidth Management Class Setup ...................................................... |
117 |
Figure 73 Tutorial Example: Bandwidth Management Class Setup: VoIP ............................................. |
118 |
Figure 74 Tutorial Example: Bandwidth Management Class Setup: FTP ............................................. |
118 |
Figure 75 Tutorial Example: Bandwidth Management Class Setup: WWW ......................................... |
119 |
Figure 76 Tutorial Example: Bandwidth Management Class Setup Done ............................................. |
119 |
Figure 77 Tutorial Example: Bandwidth Management Monitor ............................................................. |
120 |
Figure 78 SECURITY > CONTENT FILTER > General ........................................................................ |
121 |
Figure 79 SECURITY > CONTENT FILTER > Policy ........................................................................... |
122 |
Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default) .......................... |
122 |
Figure 81 HOME > DHCP Table ........................................................................................................... |
123 |
28 |
ZyWALL 2 Plus User’s Guide
|
List of Figures |
Figure 82 SECURITY > CONTENT FILTER > Policy ........................................................................... |
123 |
Figure 83 SECURITY > CONTENT FILTER > Policy > Insert .............................................................. |
124 |
Figure 84 SECURITY > CONTENT FILTER > Policy ........................................................................... |
124 |
Figure 85 SECURITY > CONTENT FILTER > Policy > Schedule (Bob) .............................................. |
125 |
Figure 86 SECURITY > CONTENT FILTER > Policy ........................................................................... |
125 |
Figure 87 SECURITY > CONTENT FILTER > Policy > External Database (Bob) ............................... |
126 |
Figure 88 REGISTRATION ................................................................................................................... |
128 |
Figure 89 REGISTRATION: Registered Device ................................................................................... |
129 |
Figure 90 REGISTRATION > Service ................................................................................................... |
130 |
Figure 91 LAN and WAN ..................................................................................................................... |
133 |
Figure 92 NETWORK > LAN ................................................................................................................ |
137 |
Figure 93 NETWORK > LAN > Static DHCP ........................................................................................ |
139 |
Figure 94 Physical Network & Partitioned Logical Networks ................................................................ |
140 |
Figure 95 NETWORK > LAN > IP Alias ................................................................................................ |
141 |
Figure 96 NETWORK > LAN > Port Roles ........................................................................................... |
142 |
Figure 97 Port Roles Change Complete ............................................................................................... |
143 |
Figure 98 Bridge Loop: Bridge Connected to Wired LAN ..................................................................... |
145 |
Figure 99 NETWORK > Bridge ............................................................................................................. |
148 |
Figure 100 NETWORK > Bridge > Port Roles ...................................................................................... |
150 |
Figure 101 Port Roles Change Complete ............................................................................................. |
150 |
Figure 102 NETWORK > WAN Route ................................................................................................. |
152 |
Figure 103 NETWORK > WAN > WAN (Ethernet Encapsulation) ..................................................... |
155 |
Figure 104 NETWORK > WAN > WAN (PPPoE Encapsulation) ......................................................... |
158 |
Figure 105 NETWORK > WAN > WAN (PPTP Encapsulation) ........................................................... |
161 |
Figure 106 Traffic Redirect WAN Setup ................................................................................................ |
164 |
Figure 107 Traffic Redirect LAN Setup ................................................................................................. |
164 |
Figure 108 NETWORK > WAN > Traffic Redirect ................................................................................ |
164 |
Figure 109 NETWORK > WAN > Dial Backup ................................................................................... |
166 |
Figure 110 NETWORK > WAN > Dial Backup > Edit ......................................................................... |
169 |
Figure 111 NETWORK > DMZ ............................................................................................................. |
172 |
Figure 112 NETWORK > DMZ > Static DHCP ................................................................................... |
174 |
Figure 113 NETWORK > DMZ > IP Alias ............................................................................................ |
176 |
Figure 114 DMZ Public Address Example ............................................................................................ |
177 |
Figure 115 DMZ Private and Public Address Example ......................................................................... |
178 |
Figure 116 NETWORK > DMZ > Port Roles ....................................................................................... |
179 |
Figure 117 NETWORK > WLAN .......................................................................................................... |
182 |
Figure 118 NETWORK > WLAN > Static DHCP .................................................................................. |
184 |
Figure 119 NETWORK > WLAN > IP Alias ......................................................................................... |
186 |
Figure 120 WLAN Port Role Example ................................................................................................. |
187 |
Figure 121 NETWORK > WLAN > Port Roles ..................................................................................... |
188 |
Figure 122 NETWORK > WLAN > Port Roles: Change Complete ....................................................... |
188 |
Figure 123 Default Firewall Action ........................................................................................................ |
191 |
Figure 124 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... |
192 |
ZyWALL 2 Plus User’s Guide
29 |
List of Figures |
|
Figure 125 Default Block Traffic From WAN to DMZ Example ......................................................... |
193 |
Figure 126 From LAN to VPN Example ............................................................................................... |
195 |
Figure 127 Block DMZ to VPN Traffic by Default Example ............................................................... |
196 |
Figure 128 From VPN to LAN Example ............................................................................................... |
197 |
Figure 129 Block VPN to LAN Traffic by Default Example ................................................................. |
197 |
Figure 130 From VPN to VPN Example .............................................................................................. |
198 |
Figure 131 Block VPN to VPN Traffic by Default Example ............................................................... |
199 |
Figure 132 Blocking All LAN to WAN IRC Traffic Example .................................................................. |
200 |
Figure 133 Limited LAN to WAN IRC Traffic Example .......................................................................... |
201 |
Figure 134 Using IP Alias to Solve the Triangle Route Problem .......................................................... |
202 |
Figure 135 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... |
203 |
Figure 136 SECURITY > FIREWALL > Default Rule (Bridge Mode) .................................................... |
205 |
Figure 137 SECURITY > FIREWALL > Rule Summary ....................................................................... |
207 |
Figure 138 SECURITY > FIREWALL > Rule Summary > Edit ............................................................ |
209 |
Figure 139 SECURITY > FIREWALL > Anti-Probing ............................................................................ |
211 |
Figure 140 Three-Way Handshake ....................................................................................................... |
212 |
Figure 141 SECURITY > FIREWALL > Threshold ............................................................................ |
213 |
Figure 142 SECURITY > FIREWALL > Service ................................................................................... |
215 |
Figure 143 Firewall Edit Custom Service ............................................................................................. |
216 |
Figure 144 My Service Firewall Rule Example: Service ...................................................................... |
217 |
Figure 145 My Service Firewall Rule Example: Edit Custom Service ................................................. |
217 |
Figure 146 My Service Firewall Rule Example: Rule Summary ........................................................... |
218 |
Figure 147 My Service Firewall Rule Example: Rule Edit: Source and Destination Addresses .......... |
218 |
Figure 148 My Service Firewall Rule Example: Edit Rule: Service Configuration ................................ |
220 |
Figure 149 My Service Firewall Rule Example: Rule Summary: Completed ........................................ |
221 |
Figure 150 Content Filtering Lookup Procedure ................................................................................... |
224 |
Figure 151 SECURITY > CONTENT FILTER > General ...................................................................... |
225 |
Figure 152 SECURITY > CONTENT FILTER > Policy ......................................................................... |
228 |
Figure 153 SECURITY > CONTENT FILTER > Policy > General ........................................................ |
229 |
Figure 154 SECURITY > CONTENT FILTER > Policy > External Database ....................................... |
231 |
Figure 155 SECURITY > CONTENT FILTER > Policy > Customization .............................................. |
238 |
Figure 156 SECURITY > CONTENT FILTER > Policy > Schedule ...................................................... |
240 |
Figure 157 SECURITY > CONTENT FILTER > Object ........................................................................ |
241 |
Figure 158 SECURITY > CONTENT FILTER > Cache ........................................................................ |
244 |
Figure 159 myZyXEL.com: Login ......................................................................................................... |
246 |
Figure 160 myZyXEL.com: Welcome ................................................................................................... |
246 |
Figure 161 myZyXEL.com: Service Management ................................................................................ |
247 |
Figure 162 Blue Coat: Login ................................................................................................................. |
247 |
Figure 163 Content Filtering Reports Main Screen .............................................................................. |
248 |
Figure 164 Blue Coat: Report Home .................................................................................................... |
248 |
Figure 165 Global Report Screen Example .......................................................................................... |
249 |
Figure 166 Requested URLs Example ................................................................................................. |
250 |
Figure 167 Web Page Review Process Screen ................................................................................... |
251 |
30 |
ZyWALL 2 Plus User’s Guide