ZyXEL 100 User Manual
ZyWALL
10/10W/30W/50/100
Internet Security Gateway
User’s Guide
Version 3.61
July 2003
ZyWALL 10~100 Series Internet Security Gateway
Copyright
Copyright © 2003 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a
retrieval system, translated into any language, or transmitted in any form or by any means, electronic,
mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software
described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
ZyXEL further reserves the right to make changes in any products described herein without notice.
This publication is subject to change without notice.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of
their respective owners.
ii Copyright
ZyWALL 10~100 Series Internet Security Gateway
Federal Communications Commission (FCC)
Interference Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
This device may not cause harmful interference.
This device must accept any interference received, including interference that may cause undesired
operations.
This equipment has been tested and found to comply with the limits for a CLASS B digital device pursuant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy, and if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of
the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and the receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate the equipment.
Certifications
Refer to the product page at www.zyxel.com.
FCC iii
ZyWALL 10~100 Series Internet Security Gateway
Information for Canadian Users
The Industry Canada label identifies certified equipment. This certification means that the equipment meets
certain telecommunications network protective, operation, and safety requirements. The Industry Canada
does not guarantee that the equipment will operate to a user's satisfaction.
Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of
the local telecommunications company. The equipment must also be installed using an acceptable method of
connection. In some cases, the company's inside wiring associated with a single line individual service may
be extended by means of a certified connector assembly. The customer should be aware that the compliance
with the above conditions may not prevent degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by
the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may
give the telecommunications company cause to request the user to disconnect the equipment.
For their own protection, users should ensure that the electrical ground connections of the power utility,
telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution
may be particularly important in rural areas.
Caution
Users should not attempt to make such connections themselves, but should contact the appropriate electrical
inspection authority, or electrician, as appropriate.
Note
This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus set
out in the radio interference regulations of Industry Canada.
iv Information for Canadian Users
ZyWALL 10~100 Series Internet Security Gateway
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or
workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon
proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials,
ZyXEL will, at its discretion, repair or replace the defective products or components without charge for
either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to
proper operating condition. Any replacement will consist of a new or re-manufactured functionally
equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to
abnormal working conditions.
NOTE
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This
warranty is in lieu of all other warranties, express or implied, including any implied warranty of
merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect
or consequential damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material
Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be
insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty
will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor.
All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage
Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country
to country.
Online Registration
Register online registration at www.zyxel.com for free future product updates and information.
Warranty v
ZyWALL 10~100 Series Internet Security Gateway
Customer Support
When you contact your customer support representative please have the following information ready:
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Information in Menu 24.2.1 – System Information.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
LOCATION
WORLDWIDE
AMERICA
METHOD
support@zyxel.com.tw
sales@zyxel.com.tw
support@zyxel.com +1-800-255-4101 www.us.zyxel.com NORTH
sales@zyxel.com
support@zyxel.dk +45-3955-0700 www.zyxel.dk SCANDINAVIA
sales@zyxel.dk
support@zyxel.de +49-2405-6909-0 www.zyxel.de GERMANY
sales@zyxel.de
E-MAIL
SUPPORT/SALES
+886-3-578-2439 ftp.europe.zyxel.com
ftp.zyxel.com
+45-3955-0707 ftp.zyxel.dk
+49-2405-6909-99
TELEPHONE/FAX WEB SITE/ FTP SITE REGULAR MAIL
+886-3-578-3942 www.zyxel.com
www.europe.zyxel.com
ZyXEL Communications Corp.,
6 Innovation Road II, ScienceBased Industrial Park, Hsinchu
300, Taiwan
ZyXEL Communications A/S,
Columbusvej 5, 2860 Soeborg,
Denmark
ZyXEL Deutschland GmbH.
Adenauerstr. 20/A2 D-52146
Wuerselen, Germany
vi Customer Support
ZyWALL 10~100 Series Internet Security Gateway
Table of Contents
Copyright......................................................................................................................................................ii
Federal Communications Commission (FCC) Interference Statement................................................. iii
Information for Canadian Users ...............................................................................................................iv
ZyXEL Limited Warranty ..........................................................................................................................v
Customer Support ......................................................................................................................................vi
List of Figures ........................................................................................................................................ xviii
List of Tables ............................................................................................................................................xxv
Preface .....................................................................................................................................................xxix
Getting Started ................................................................................................................................................. I
Chapter 1 Getting to Know Your ZyWALL .......................................................................................... 1-1
1.1 ZyWALL Internet Security Gateway Overview ........................................................................ 1-1
1.2 ZyWALL Features ..................................................................................................................... 1-2
1.3 Applications for the ZyWALL................................................................................................... 1-8
Chapter 2 Introducing the Web Configurator ......................................................................................2-1
2.1 Web Configurator Overview...................................................................................................... 2-1
2.2 Accessing the ZyWALL Web Configurator............................................................................... 2-1
2.3 Resetting the ZyWALL.............................................................................................................. 2-2
2.4 Navigating the ZyWALL Web Configurator ............................................................................. 2-3
Chapter 3 Wizard Setup.......................................................................................................................... 3-1
3.1 Wizard Setup Overview ............................................................................................................. 3-1
3.2 Wizard Setup: General Setup and System Name ....................................................................... 3-1
3.3 Wizard Setup: Screen 2.............................................................................................................. 3-2
3.4 Wizard Setup: Screen 3.............................................................................................................. 3-8
3.5 Basic Setup Complete .............................................................................................................. 3-12
System, LAN and Wireless LAN ....................................................................................................................II
Table of Contents vii
ZyWALL 10~100 Series Internet Security Gateway
Chapter 4 System Screens........................................................................................................................4-1
4.1 System Overview........................................................................................................................4-1
4.2 Configuring General Setup .........................................................................................................4-1
4.3 Dynamic DNS.............................................................................................................................4-2
4.4 Configuring Dynamic DNS ........................................................................................................4-2
4.5 Configuring Password.................................................................................................................4-4
4.6 Configuring Time Zone ..............................................................................................................4-5
Chapter 5 LAN Screens ...........................................................................................................................5-1
5.1 LAN Overview ...........................................................................................................................5-1
5.2 DHCP Setup................................................................................................................................5-1
5.3 LAN TCP/IP ...............................................................................................................................5-1
5.4 Configuring IP ............................................................................................................................5-3
5.5 Configuring Static DHCP ...........................................................................................................5-5
5.6 Configuring IP Alias ...................................................................................................................5-6
Chapter 6 Wireless LAN Screens ............................................................................................................6-1
6.1 Wireless LAN Overview.............................................................................................................6-1
6.2 Wireless LAN Basics..................................................................................................................6-1
6.3 Wireless Security ........................................................................................................................6-3
6.4 Configuring Wireless LAN.........................................................................................................6-4
6.5 Configuring MAC Filter .............................................................................................................6-6
6.6 802.1x Overview.........................................................................................................................6-8
6.7 RADIUS .....................................................................................................................................6-8
6.8 Local User Database .................................................................................................................6-10
6.9 Configuring 802.1X ..................................................................................................................6-10
6.10 Configuring Local User Database......................................................................................... 6-11
6.11 Configuring RADIUS ........................................................................................................... 6-13
DMZ and WAN ............................................................................................................................................. III
viii Table of Contents
ZyWALL 10~100 Series Internet Security Gateway
Chapter 7 DMZ Screens.......................................................................................................................... 7-1
7.1 DMZ Overview .......................................................................................................................... 7-1
7.2 Configuring DMZ ...................................................................................................................... 7-1
Chapter 8 WAN Screens.......................................................................................................................... 8-1
8.1 WAN Overview ......................................................................................................................... 8-1
8.2 TCP/IP Priority (Metric) ............................................................................................................ 8-1
8.3 Configuring Route...................................................................................................................... 8-1
8.4 Configuring WAN ISP............................................................................................................... 8-2
8.5 Configuring WAN IP ............................................................................................................... 8-10
8.6 Configuring WAN MAC.......................................................................................................... 8-13
8.7 Traffic Redirect ........................................................................................................................ 8-14
8.8 Configuring Traffic Redirect....................................................................................................8-15
8.9 Configuring Dial Backup .........................................................................................................8-16
8.10 Advanced Modem Setup ...................................................................................................... 8-21
8.11 Configuring Advanced Modem Setup.................................................................................. 8-21
NAT and Static Route ................................................................................................................................... IV
Chapter 9 Network Address Translation (NAT) Screens...................................................................... 9-1
9.1 NAT Overview........................................................................................................................... 9-1
9.2 Using NAT................................................................................................................................. 9-6
9.3 SUA Server ................................................................................................................................ 9-6
9.4 Configuring SUA Server............................................................................................................ 9-8
9.5 Configuring Address Mapping................................................................................................. 9-10
9.6 Configuring Trigger Port.......................................................................................................... 9-13
Chapter 10 Static Route Screens .......................................................................................................... 10-1
10.1 Static Route Overview ......................................................................................................... 10-1
10.2 Configuring IP Static Route ................................................................................................. 10-1
Firewall and Content Filters ..........................................................................................................................V
Table of Contents ix
ZyWALL 10~100 Series Internet Security Gateway
Chapter 11 Firewalls ..............................................................................................................................11-1
11.1 Firewall Overview ................................................................................................................11-1
11.2 Types of Firewalls.................................................................................................................11-1
11.3 Introduction to ZyXEL’s Firewall ........................................................................................11-2
11.4 Denial of Service...................................................................................................................11-3
11.5 Stateful Inspection ................................................................................................................11-7
11.6 Guidelines For Enhancing Security With Your Firewall....................................................11-11
11.7 Packet Filtering Vs Firewall ...............................................................................................11-12
Chapter 12 Firewall Screens..................................................................................................................12-1
12.1 Access Methods ....................................................................................................................12-1
12.2 Firewall Policies Overview...................................................................................................12-1
12.3 Rule Logic Overview............................................................................................................12-2
12.4 Connection Direction Examples ...........................................................................................12-4
12.5 Configuring Firewall.............................................................................................................12-5
12.6 Example Firewall Rule .......................................................................................................12-12
12.7 Predefined Services.............................................................................................................12-17
12.8 Alerts...................................................................................................................................12-19
12.9 Configuring Attack Alert ....................................................................................................12-20
Chapter 13 Content Filtering Screens ..................................................................................................13-1
13.1 Content Filtering Overview ..................................................................................................13-1
13.2 Configuring Categories.........................................................................................................13-1
13.3 Configuring Free...................................................................................................................13-5
13.4 Configuring iCard ................................................................................................................. 13-7
13.5 Configuring List Update .......................................................................................................13-8
13.6 Configuring Exempt Computers ...........................................................................................13-9
13.7 Configuring Customize.......................................................................................................13-11
13.8 Configuring Keyword Blocking..........................................................................................13-14
x Table of Contents
ZyWALL 10~100 Series Internet Security Gateway
VPN/IPSec ..................................................................................................................................................... VI
Chapter 14 Introduction to IPSec......................................................................................................... 14-1
14.1 VPN Overview..................................................................................................................... 14-1
14.2 IPSec Architecture ............................................................................................................... 14-3
14.3 Encapsulation ....................................................................................................................... 14-5
14.4 IPSec and NAT .................................................................................................................... 14-5
Chapter 15 VPN Screens ....................................................................................................................... 15-1
15.1 VPN/IPSec Overview........................................................................................................... 15-1
15.2 IPSec Algorithms ................................................................................................................. 15-1
15.3 My IP Address...................................................................................................................... 15-2
15.4 Secure Gateway Address...................................................................................................... 15-2
15.5 Summary Screen ..................................................................................................................15-3
15.6 Keep Alive ........................................................................................................................... 15-6
15.7 NAT Traversal ..................................................................................................................... 15-6
15.8 ID Type and Content............................................................................................................ 15-7
15.9 Pre-Shared Key .................................................................................................................... 15-9
15.10 Editing VPN Policies ........................................................................................................... 15-9
15.11 IKE Phases ......................................................................................................................... 15-15
15.12 Configuring Advanced IKE Settings.................................................................................. 15-17
15.13 Manual Key Setup.............................................................................................................. 15-21
15.14 Configuring Manual Key ................................................................................................... 15-21
15.15 Viewing SA Monitor.......................................................................................................... 15-25
15.16 Configuring Global Setting ................................................................................................ 15-27
15.17 Telecommuter VPN/IPSec Examples ................................................................................ 15-28
15.18 VPN and Remote Management.......................................................................................... 15-30
Remote Management and UPnP................................................................................................................. VII
Chapter 16 Remote Management Screens........................................................................................... 16-1
Table of Contents xi
ZyWALL 10~100 Series Internet Security Gateway
16.1 Remote Management Overview............................................................................................16-1
16.2 Telnet ....................................................................................................................................16-2
16.3 Configuring TELNET...........................................................................................................16-3
16.4 Configuring FTP ................................................................................................................... 16-4
16.5 Configuring WWW...............................................................................................................16-5
16.6 Configuring SNMP ...............................................................................................................16-7
16.7 Configuring DNS................................................................................................................16-11
16.8 Configuring Security...........................................................................................................16-12
Chapter 17 UPnP....................................................................................................................................17-1
17.1 Universal Plug and Play Overview .......................................................................................17-1
17.2 UPnP and ZyXEL ................................................................................................................. 17-2
17.3 Configuring UPnP.................................................................................................................17-2
17.4 Installing UPnP in Windows Example..................................................................................17-4
17.5 Using UPnP in Windows XP Example ................................................................................. 17-6
Bandwidth Management............................................................................................................................VIII
Chapter 18 Bandwidth Management Screens......................................................................................18-1
18.1 Bandwidth Management Overview.......................................................................................18-1
18.2 Bandwidth Classes and Filters .............................................................................................. 18-1
18.3 Proportional Bandwidth Allocation ......................................................................................18-2
18.4 Bandwidth Management Usage Examples............................................................................18-2
18.5 Scheduler ..............................................................................................................................18-4
18.6 Maximize Bandwidth Usage................................................................................................. 18-5
18.7 Bandwidth Borrowing...........................................................................................................18-8
18.8 Configuring Summary ........................................................................................................18-10
18.9 Configuring Class Setup .....................................................................................................18-12
18.10 Configuring Monitor...........................................................................................................18-18
Logs.................................................................................................................................................................IX
xii Table of Contents
ZyWALL 10~100 Series Internet Security Gateway
Chapter 19 Logs Screens ....................................................................................................................... 19-1
19.1 Configuring View Log ......................................................................................................... 19-1
19.2 Configuring Log Settings ..................................................................................................... 19-3
19.3 Configuring Reports.............................................................................................................19-6
Maintenance ....................................................................................................................................................X
Chapter 20 Maintenance....................................................................................................................... 20-1
20.1 Maintenance Overview ........................................................................................................ 20-1
20.2 Status Screen ........................................................................................................................ 20-1
20.3 DHCP Table Screen ............................................................................................................. 20-4
20.4 F/W Upload Screen .............................................................................................................. 20-5
20.5 Configuration Screen............................................................................................................20-7
20.6 Restart Screen..................................................................................................................... 20-11
SMT General Configuration ........................................................................................................................ XI
Chapter 21 Introducing the SMT ......................................................................................................... 21-1
21.1 Introduction to the SMT....................................................................................................... 21-1
21.2 Accessing the Console Port via the Console Port................................................................. 21-1
21.3 Navigating the SMT Interface.............................................................................................. 21-2
21.4 Changing the System Password ........................................................................................... 21-7
21.5 Resetting the ZyWALL........................................................................................................ 21-8
Chapter 22 SMT Menu 1 - General Setup...........................................................................................22-1
22.1 Introduction to General Setup .............................................................................................. 22-1
22.2 Configuring General Setup................................................................................................... 22-1
Chapter 23 WAN and Dial Backup Setup............................................................................................23-1
23.1 Introduction to WAN and Dial Backup Setup...................................................................... 23-1
23.2 WAN Setup .......................................................................................................................... 23-1
23.3 Dial Backup.......................................................................................................................... 23-2
23.4 Configuring Dial Backup in Menu 2.................................................................................... 23-2
Table of Contents xiii
ZyWALL 10~100 Series Internet Security Gateway
23.5 Advanced WAN Setup..........................................................................................................23-4
23.6 Remote Node Profile (Backup ISP)......................................................................................23-6
23.7 Editing PPP Options .............................................................................................................23-8
23.8 Editing TCP/IP Options ......................................................................................................23-10
23.9 Editing Login Script............................................................................................................23-12
23.10 Remote Node Filter.............................................................................................................23-13
Chapter 24 LAN Setup...........................................................................................................................24-1
24.1 Introduction to LAN Setup ...................................................................................................24-1
24.2 Accessing the LAN Menus ...................................................................................................24-1
24.3 LAN Port Filter Setup...........................................................................................................24-1
24.4 TCP/IP and DHCP Ethernet Setup Menu .............................................................................24-2
24.5 Wireless LAN Setup .............................................................................................................24-6
Chapter 25 DMZ Setup..........................................................................................................................25-1
25.1 Configuring DMZ Setup .......................................................................................................25-1
25.2 DMZ Port Filter Setup ..........................................................................................................25-1
25.3 TCP/IP Setup ........................................................................................................................25-2
Chapter 26 Internet Access....................................................................................................................26-1
26.1 Introduction to Internet Access Setup...................................................................................26-1
26.2 Ethernet Encapsulation .........................................................................................................26-1
26.3 Configuring the PPTP Client ................................................................................................26-3
26.4 Configuring the PPPoE Client ..............................................................................................26-4
26.5 Basic Setup Complete ...........................................................................................................26-5
SMT Advanced Applications....................................................................................................................... XII
Chapter 27 Remote Node Setup ............................................................................................................27-1
27.1 Introduction to Remote Node Setup......................................................................................27-1
27.2 Remote Node Setup ..............................................................................................................27-1
27.3 Remote Node Profile Setup...................................................................................................27-2
xiv Table of Contents
ZyWALL 10~100 Series Internet Security Gateway
27.4 Edit IP .................................................................................................................................. 27-8
27.5 Remote Node Filter ............................................................................................................ 27-10
Chapter 28 IP Static Route Setup......................................................................................................... 28-1
28.1 IP Static Route Setup............................................................................................................ 28-1
Chapter 29 Network Address Translation (NAT) ............................................................................... 29-1
29.1 Using NAT........................................................................................................................... 29-1
29.2 NAT Setup ........................................................................................................................... 29-4
29.3 Configuring a Server behind NAT ....................................................................................... 29-9
29.4 General NAT Examples ..................................................................................................... 29-11
29.5 Trigger Port Forwarding..................................................................................................... 29-18
Chapter 30 Introducing the ZyWALL Firewall .................................................................................. 30-1
30.1 Using ZyWALL SMT Menus .............................................................................................. 30-1
Chapter 31 Filter Configuration........................................................................................................... 31-1
31.1 Introduction to Filters........................................................................................................... 31-1
31.2 Configuring a Filter Set........................................................................................................31-4
31.3 Example Filter.................................................................................................................... 31-13
31.4 Filter Types and NAT ........................................................................................................ 31-15
31.5 Firewall Versus Filters ....................................................................................................... 31-16
31.6 Applying a Filter ................................................................................................................ 31-16
Chapter 32 SNMP Configuration ......................................................................................................... 32-1
32.1 SNMP Configuration............................................................................................................ 32-1
32.2 SNMP Traps......................................................................................................................... 32-2
SMT System Maintenance......................................................................................................................... XIII
Chapter 33 System Information & Diagnosis...................................................................................... 33-1
33.1 Introduction to System Status .............................................................................................. 33-1
33.2 System Status ....................................................................................................................... 33-1
33.3 System Information and Console Port Speed....................................................................... 33-3
Table of Contents xv
ZyWALL 10~100 Series Internet Security Gateway
33.4 Log and Trace .......................................................................................................................33-6
33.5 Diagnostic ...........................................................................................................................33-11
Chapter 34 Firmware and Configuration File Maintenance ..............................................................34-1
34.1 Introduction...........................................................................................................................34-1
34.2 Filename Conventions ..........................................................................................................34-1
34.3 Backup Configuration...........................................................................................................34-2
34.4 Restore Configuration...........................................................................................................34-8
34.5 Uploading Firmware and Configuration Files ....................................................................34-11
Chapter 35 System Maintenance Menus 8 to 10..................................................................................35-1
35.1 Command Interpreter Mode..................................................................................................35-1
35.2 Call Control Support.............................................................................................................35-3
35.3 Time and Date Setting ..........................................................................................................35-6
Chapter 36 Remote Management ......................................................................................................... 36-1
36.1 Remote Management ............................................................................................................36-1
SMT Advanced Management.....................................................................................................................XIV
Chapter 37 IP Policy Routing ................................................................................................................ 37-1
37.1 Introduction to IP Policy Routing .........................................................................................37-1
37.2 Benefits ................................................................................................................................. 37-1
37.3 Routing Policy ......................................................................................................................37-1
37.4 IP Routing Policy Setup........................................................................................................37-2
37.5 Applying an IP Policy...........................................................................................................37-6
37.6 IP Policy Routing Example...................................................................................................37-7
Chapter 38 Call Scheduling...................................................................................................................38-1
38.1 Introduction to Call Scheduling ............................................................................................38-1
Chapter 39 VPN/IPSec Setup................................................................................................................39-1
39.1 Introduction...........................................................................................................................39-1
39.2 IPSec Summary Screen.........................................................................................................39-2
xvi Table of Contents
ZyWALL 10~100 Series Internet Security Gateway
39.3 IPSec Setup .......................................................................................................................... 39-6
39.4 IKE Setup........................................................................................................................... 39-11
39.5 Manual Setup ..................................................................................................................... 39-14
Chapter 40 SA Monitor ......................................................................................................................... 40-1
40.1 Introduction.......................................................................................................................... 40-1
40.2 Using SA Monitor ................................................................................................................40-1
Appendices and Index.................................................................................................................................. XV
Appendix A Troubleshooting .....................................................................................................................A
Appendix B Hardware Specifications....................................................................................................... E
Appendix C Safety Warnings and Instructions......................................................................................... J
Appendix D Removing and Installing a ZyWALL 100 Fuse ...................................................................K
Index ...........................................................................................................................................................M
Table of Contents xvii
ZyWALL 10~100 Series Internet Security Gateway
List of Figures
Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem.........................................................1-9
Figure 1-2 VPN Application .........................................................................................................................1-10
Figure 2-1 Change Password Screen ..............................................................................................................2-1
Figure 2-2 Example Xmodem Upload............................................................................................................2-3
Figure 2-3 The MAIN MENU Screen of the Web Configurator.....................................................................2-4
Figure 3-1 Wizard 1 ........................................................................................................................................3-2
Figure 3-2 Wizard 2: Ethernet Encapsulation .................................................................................................3-3
Figure 3-3 Wizard 2: PPTP Encapsulation......................................................................................................3-5
Figure 3-4 Wizard2: PPPoE Encapsulation ....................................................................................................3-7
Figure 3-5 Wizard 3 ......................................................................................................................................3-11
Figure 4-1 System General Setup ...................................................................................................................4-1
Figure 4-2 DDNS............................................................................................................................................4-3
Figure 4-3 Password .......................................................................................................................................4-4
Figure 4-4 Time Zone .....................................................................................................................................4-5
Figure 5-1 IP...................................................................................................................................................5-3
Figure 5-2 Static DHCP..................................................................................................................................5-6
Figure 5-3 IP Alias ..........................................................................................................................................5-7
Figure 6-1 RTS Threshold ..............................................................................................................................6-2
Figure 6-2 ZyWALL Wireless Security Levels...............................................................................................6-3
Figure 6-3 Wireless .........................................................................................................................................6-4
Figure 6-4 MAC Address Filter......................................................................................................................6-7
Figure 6-5 EAP Authentication.......................................................................................................................6-9
Figure 6-6 802.1X Authentication ................................................................................................................6-10
Figure 6-7 Local User Database ...................................................................................................................6-12
Figure 6-8 RADIUS......................................................................................................................................6-13
Figure 7-1 DMZ..............................................................................................................................................7-2
Figure 8-1 WAN Setup: Route........................................................................................................................8-2
Figure 8-2 Ethernet Encapsulation..................................................................................................................8-3
Figure 8-3 PPPoE Encapsulation....................................................................................................................8-5
Figure 8-4 PPTP Encapsulation......................................................................................................................8-7
Figure 8-5 RR Service Type ...........................................................................................................................8-9
Figure 8-6 IP Setup.......................................................................................................................................8-10
Figure 8-7 MAC Setup .................................................................................................................................8-13
Figure 8-8 Traffic Redirect WAN Setup .......................................................................................................8-14
Figure 8-9 Traffic Redirect LAN Setup ........................................................................................................8-14
Figure 8-10 Traffic Redirect .........................................................................................................................8-15
Figure 8-11 Dial Backup Setup.....................................................................................................................8-17
Figure 8-12 Advanced Setup......................................................................................................................... 8-22
xviii List of Figures
ZyWALL 10~100 Series Internet Security Gateway
Figure 9-1 How NAT Works .......................................................................................................................... 9-3
Figure 9-2 NAT Application With IP Alias .................................................................................................... 9-4
Figure 9-3 Multiple Servers Behind NAT Example ....................................................................................... 9-8
Figure 9-4 SUA/NAT Setup........................................................................................................................... 9-9
Figure 9-5 Address Mapping.........................................................................................................................9-11
Figure 9-6Address Mapping Edit................................................................................................................. 9-12
Figure 9-7 Trigger Port ................................................................................................................................ 9-15
Figure 10-1 Example of Static Routing Topology........................................................................................ 10-1
Figure 10-2 Static Route Screen................................................................................................................... 10-2
Figure 10-3 Edit IP Static Route .................................................................................................................. 10-3
Figure 11-1 ZyWALL Firewall Application..................................................................................................11-3
Figure 11-2 Three-Way Handshake...............................................................................................................11-5
Figure 11-3 SYN Flood.................................................................................................................................11-5
Figure 11-4 Smurf Attack..............................................................................................................................11-6
Figure 11-5 Stateful Inspection .....................................................................................................................11-8
Figure 12-1 LAN to WAN Traffic................................................................................................................ 12-4
Figure 12-2 WAN to LAN Traffic................................................................................................................ 12-5
Figure 12-3 Enabling the Firewall (ZyWALL 100)...................................................................................... 12-6
Figure 12-4 Creating/Editing A Firewall Rule (ZyWALL100) .................................................................... 12-9
Figure 12-5 Adding/Editing Source and Destination Addresses .................................................................12-11
Figure 12-6 Creating/Editing A Custom Port............................................................................................. 12-12
Figure 12-7 Firewall IP Config Screen ...................................................................................................... 12-13
Figure 12-8 Firewall Rule Edit IP Example ............................................................................................... 12-14
Figure 12-9 Edit Custom Port Example..................................................................................................... 12-14
Figure 12-10 MyService Rule Configuration (ZyWALL100).................................................................... 12-15
Figure 12-11 My Service Example Rule Summary (ZyWALL100) .......................................................... 12-16
Figure 12-12 Attack Alert .......................................................................................................................... 12-22
Figure 13-1Content Filter: Categories.......................................................................................................... 13-2
Figure 13-2 Content Filter: Free .................................................................................................................. 13-6
Figure 13-3 Content Filter: iCard................................................................................................................. 13-7
Figure 13-4 Content Filter: List Update....................................................................................................... 13-8
Figure 13-5 Content Filter: Exempt Zone.................................................................................................. 13-10
Figure 13-6 Content Filter: Customize....................................................................................................... 13-12
Figure 13-7 Content Filter: Keyword Blocking ......................................................................................... 13-14
Figure 14-1 Encryption and Decryption....................................................................................................... 14-2
Figure 14-2 VPN Application ...................................................................................................................... 14-3
Figure 14-3 IPSec Architecture .................................................................................................................... 14-4
Figure 14-4 Transport and Tunnel Mode IPSec Encapsulation.................................................................... 14-5
Figure 15-1 IPSec Summary Fields ............................................................................................................. 15-3
Figure 15-2 Summary .................................................................................................................................. 15-4
Figure 15-3 NAT Router Between IPSec Routers........................................................................................ 15-6
List of Figures xix
ZyWALL 10~100 Series Internet Security Gateway
Figure 15-4 VPN IKE.................................................................................................................................15-10
Figure 15-5 Two Phases to Set Up the IPSec SA........................................................................................15-16
Figure 15-6 VPN IKE: Advanced ...............................................................................................................15-18
Figure 15-7 Manual Setup ..........................................................................................................................15-22
Figure 15-8 SA Monitor..............................................................................................................................15-26
Figure 15-9 Global Setting .........................................................................................................................15-27
Figure 15-10 Telecommuters Sharing One VPN Rule Example.................................................................15-29
Figure 15-11 Telecommuters Using Unique VPN Rules Example .............................................................15-30
Figure 16-1 Telnet Configuration on a TCP/IP Network ..............................................................................16-3
Figure 16-2 Telnet.........................................................................................................................................16-3
Figure 16-3 FTP............................................................................................................................................16-5
Figure 16-4 WWW .......................................................................................................................................16-6
Figure 16-5 SNMP Management Model.......................................................................................................16-7
Figure 16-6 SNMP......................................................................................................................................16-10
Figure 16-7 DNS.........................................................................................................................................16-12
Figure 16-8 Security ...................................................................................................................................16-13
Figure 17-1 Configuring UPnP.....................................................................................................................17-3
Figure 18-1 Application-based Bandwidth Management Example ..............................................................18-3
Figure 18-2 Subnet-based Bandwidth Management Example ......................................................................18-3
Figure 18-3 Application and Subnet-based Bandwidth Management Example............................................18-4
Figure 18-4 Bandwidth Allotment Example .................................................................................................18-6
Figure 18-5 Maximize Bandwidth Usage Example......................................................................................18-7
Figure 18-6 Bandwidth Borrowing Example................................................................................................18-9
Figure 18-7 Bandwidth Manager: Summary .............................................................................................. 18-11
Figure 18-8 Bandwidth Manager: Class Setup ...........................................................................................18-13
Figure 18-9 Bandwidth Manager: Class Configuration..............................................................................18-14
Figure 18-10 Bandwidth Management Statistics........................................................................................18-17
Figure 18-11 Bandwidth Manager Monitor ................................................................................................18-18
Figure 19-1 View Log...................................................................................................................................19-2
Figure 19-2 Log Settings (ZyWALL 10W)................................................................................................... 19-4
Figure 19-3 Reports ......................................................................................................................................19-7
Figure 19-4 Web Site Hits Report Example..................................................................................................19-9
Figure 19-5 Protocol/Port Report Example ................................................................................................19-10
Figure 19-6 LAN IP Address Report Example ...........................................................................................19-11
Figure 20-1 System Status............................................................................................................................20-1
Figure 20-2 System Status: Show Statistics..................................................................................................20-3
Figure 20-3 DHCP Table ..............................................................................................................................20-4
Figure 20-4 Firmware Upload ......................................................................................................................20-5
Figure 20-5 Firmware Upload ......................................................................................................................20-6
Figure 20-6 Firmware Upload In Process..................................................................................................... 20-6
Figure 20-7 Network Temporarily Disconnected..........................................................................................20-6
xx List of Figures
ZyWALL 10~100 Series Internet Security Gateway
Figure 20-8 Firmware Upload Error ............................................................................................................ 20-7
Figure 20-9 Configuration ........................................................................................................................... 20-8
Figure 20-10 Reset Warning Message.......................................................................................................... 20-9
Figure 20-11 Configuration Upload Successful......................................................................................... 20-10
Figure 20-12 Network Temporarily Disconnected..................................................................................... 20-10
Figure 20-13 Configuration Upload Error ..................................................................................................20-11
Figure 20-14 Restart Screen........................................................................................................................20-11
Figure 21-1 Initial Screen ............................................................................................................................ 21-1
Figure 21-2 Password Screen....................................................................................................................... 21-2
Figure 21-3 Main Menu (ZyWALL 100) ..................................................................................................... 21-3
Figure 21-4 Getting Started and Advanced Applications SMT Menus ........................................................ 21-5
Figure 21-5 Advanced Management SMT Menus .......................................................................................21-6
Figure 21-6 Schedule Setup and IPSec VPN Configuration SMT Menus ................................................... 21-7
Figure 21-7 Menu 23: System Password...................................................................................................... 21-7
Figure 21-8 Example Xmodem Upload....................................................................................................... 21-8
Figure 22-1 Menu 1: General Setup............................................................................................................. 22-1
Figure 22-2 Configure Dynamic DNS ......................................................................................................... 22-2
Figure 23-1 MAC Address Cloning in WAN Setup ..................................................................................... 23-1
Figure 23-2 Menu 2: Dial Backup Setup .................................................................................................... 23-3
Figure 23-3 Menu 2.1 Advanced WAN Setup.............................................................................................. 23-4
Figure 23-4 Menu 11.1 Remote Node Profile (Backup ISP)........................................................................ 23-6
Figure 23-5 Menu 11.2: Remote Node PPP Options.................................................................................... 23-9
Figure 23-6 Remote Node PPP Options Menu Fields .................................................................................. 23-9
Figure 23-7 Menu 11.3: Remote Node Network Layer Options ................................................................ 23-10
Figure 23-8 Menu 11.4: Remote Node Setup Script .................................................................................. 23-13
Figure 23-9 Menu 11.5: Dial Backup Remote Node Filter ........................................................................ 23-14
Figure 24-1 Menu 3: LAN Setup ................................................................................................................. 24-1
Figure 24-2 Menu 3.1: LAN Port Filter Setup ............................................................................................. 24-2
Figure 24-3 Menu 3: TCP/IP and DHCP Setup............................................................................................ 24-2
Figure 24-4 Menu 3.2: TCP/IP and DHCP Ethernet Setup .......................................................................... 24-3
Figure 24-5 Menu 3.2.1: IP Alias Setup ....................................................................................................... 24-5
Figure 24-6 Menu 3.5 – Wireless LAN Setup.............................................................................................. 24-6
Figure 25-1 Menu 5: DMZ Setup................................................................................................................ 25-1
Figure 25-2 Menu 5.1: DMZ Port Filter Setup ............................................................................................ 25-1
Figure 25-3 Menu 5: TCP/IP Setup.............................................................................................................. 25-2
Figure 25-4 Menu 5.2: TCP/IP Setup........................................................................................................... 25-3
Figure 25-5 Menu 5.2.1: IP Alias Setup ....................................................................................................... 25-4
Figure 26-1 Menu 4: Internet Access Setup (Ethernet) ................................................................................ 26-1
Figure 26-2 Internet Access Setup (PPTP)................................................................................................... 26-4
Figure 26-3 Internet Access Setup (PPPoE)................................................................................................. 26-5
Figure 27-1 Menu 11 Remote Node Setup................................................................................................... 27-2
List of Figures xxi
ZyWALL 10~100 Series Internet Security Gateway
Figure 27-2 Menu 11.1: Remote Node Profile for Ethernet Encapsulation ..................................................27-3
Figure 27-3 Menu 11.1: Remote Node Profile for PPPoE Encapsulation ....................................................27-5
Figure 27-4 Menu 11.1: Remote Node Profile for PPTP Encapsulation.......................................................27-7
Figure 27-5 Menu 11.3: Remote Node Network Layer Options for Ethernet Encapsulation .......................27-8
Figure 27-6 Menu 11.5: Remote Node Filter (Ethernet Encapsulation) .....................................................27-11
Figure 27-7 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) ......................................... 27-11
Figure 27-8 Menu 11.1: Remote Node Profile............................................................................................27-12
Figure 27-9 Menu 11.6: Traffic Redirect Setup ..........................................................................................27-13
Figure 28-1 Menu 12: IP Static Route Setup (ZyWALL 10W)..................................................................... 28-1
Figure 28-2 Menu 12. 1: Edit IP Static Route...............................................................................................28-2
Figure 29-1 Menu 4: Applying NAT for Internet Access..............................................................................29-2
Figure 29-2 Menu 11.3: Applying NAT to the Remote Node ....................................................................... 29-3
Figure 29-3 Menu 15: NAT Setup ................................................................................................................29-4
Figure 29-4 Menu 15.1: Address Mapping Sets ...........................................................................................29-5
Figure 29-5 Menu 15.1.255: SUA Address Mapping Rules .........................................................................29-5
Figure 29-6 Menu 15.1.1: First Set............................................................................................................... 29-7
Figure 29-7 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set..............................................29-8
Figure 29-8 Menu 15.2: NAT Server Setup (ZyWALL 10) ........................................................................29-10
Figure 29-9 Multiple Servers Behind NAT Example..................................................................................29-10
Figure 29-10 NAT Example 1..................................................................................................................... 29-11
Figure 29-11 Menu 4: Internet Access & NAT Example ............................................................................29-11
Figure 29-12 NAT Example 2..................................................................................................................... 29-12
Figure 29-13 Menu 15.2: Specifying an Inside Server ...............................................................................29-13
Figure 29-14 NAT Example 3..................................................................................................................... 29-14
Figure 29-15 Example 3: Menu 11.3 .......................................................................................................... 29-15
Figure 29-16 Example 3: Menu 15.1.1.1 ....................................................................................................29-15
Figure 29-17 Example 3: Final Menu 15.1.1..............................................................................................29-16
Figure 29-18 Example 3: Menu 15.2 .......................................................................................................... 29-16
Figure 29-19 NAT Example 4..................................................................................................................... 29-17
Figure 29-20 Example 4: Menu 15.1.1.1: Address Mapping Rule .............................................................29-18
Figure 29-21 Example 4: Menu 15.1.1: Address Mapping Rules...............................................................29-18
Figure 29-22 Trigger Port Forwarding Process: Example ..........................................................................29-19
Figure 29-23 Menu 15.3: Trigger Port Setup..............................................................................................29-20
Figure 30-1 Menu 21: Filter and Firewall Setup...........................................................................................30-1
Figure 30-2 Menu 21.2: Firewall Setup........................................................................................................30-2
Figure 31-1 Outgoing Packet Filtering Process ............................................................................................ 31-2
Figure 31-2 Filter Rule Process ....................................................................................................................31-3
Figure 31-4 Menu 21: Filter and Firewall Setup...........................................................................................31-4
Figure 31-5 Menu 21.1: Filter Set Configuration .........................................................................................31-4
Figure 31-6 Menu 21.1.1.1: TCP/IP Filter Rule ...........................................................................................31-7
Figure 31-7 Executing an IP Filter..............................................................................................................31-10
xxii List of Figures
ZyWALL 10~100 Series Internet Security Gateway
Figure 31-8 Menu 21.1.4.1: Generic Filter Rule.........................................................................................31-11
Figure 31-9 Telnet Filter Example ............................................................................................................. 31-13
Figure 31-10 Example Filter: Menu 21.1.3.1............................................................................................. 31-14
Figure 31-11 Example Filter Rules Summary: Menu 21.1.3...................................................................... 31-15
Figure 31-12 Protocol and Device Filter Sets ............................................................................................ 31-16
Figure 31-13 Filtering LAN Traffic ........................................................................................................... 31-17
Figure 31-14Filtering DMZ Traffic............................................................................................................ 31-18
Figure 31-15 Filtering Remote Node Traffic ............................................................................................. 31-18
Figure 32-1 Menu 22: SNMP Configuration................................................................................................ 32-1
Figure 33-1 Menu 24: System Maintenance ................................................................................................ 33-1
Figure 33-2 Menu 24.1: System Maintenance: Status (ZyWALL 100)....................................................... 33-2
Figure 33-3 Menu 24.2: System Information and Console Port Speed ........................................................ 33-4
Figure 33-4 Menu 24.2.1: System Maintenance: Information (ZyWALL 10W).......................................... 33-4
Figure 33-5 Menu 24.2.2: System Maintenance: Change Console Port Speed .......................................... 33-5
Figure 33-6 Menu 24.3: System Maintenance: Log and Trace .................................................................... 33-6
Figure 33-7 Examples of Error and Information Messages ......................................................................... 33-7
Figure 33-8 Menu 24.3.2: System Maintenance: UNIX Syslog (ZyWALL 100)......................................... 33-7
Figure 33-9 Call-Triggering Packet Example .............................................................................................33-11
Figure 33-10 Menu 24.4: System Maintenance: Diagnostic...................................................................... 33-12
Figure 33-11 WAN & LAN DHCP ............................................................................................................ 33-13
Figure 34-1 Telnet into Menu 24.5............................................................................................................... 34-3
Figure 34-2 FTP Session Example ............................................................................................................... 34-4
Figure 34-3 System Maintenance: Backup Configuration........................................................................... 34-7
Figure 34-4 System Maintenance: Starting Xmodem Download Screen..................................................... 34-7
Figure 34-5 Backup Configuration Example ............................................................................................... 34-7
Figure 34-6 Successful Backup Confirmation Screen.................................................................................. 34-8
Figure 34-7 Telnet into Menu 24.6............................................................................................................... 34-9
Figure 34-8 Restore Using FTP Session Example ..................................................................................... 34-10
Figure 34-9 System Maintenance: Restore Configuration......................................................................... 34-10
Figure 34-10 System Maintenance: Starting Xmodem Download Screen ................................................. 34-10
Figure 34-11 Restore Configuration Example ............................................................................................34-11
Figure 34-12 Successful Restoration Confirmation Screen ........................................................................34-11
Figure 34-13 Telnet Into Menu 24.7.1: Upload System Firmware............................................................. 34-12
Figure 34-14 Telnet Into Menu 24.7.2: System Maintenance .................................................................... 34-13
Figure 34-15 FTP Session Example of Firmware File Upload .................................................................. 34-14
Figure 34-16 Menu 24.7.1 As Seen Using the Console Port...................................................................... 34-16
Figure 34-17 Example Xmodem Upload ................................................................................................... 34-17
Figure 34-18 Menu 24.7.2 As Seen Using the Console Port...................................................................... 34-18
Figure 34-19 Example Xmodem Upload ................................................................................................... 34-19
Figure 35-1 Command Mode in Menu 24.................................................................................................... 35-1
Figure 35-2 Valid Commands ...................................................................................................................... 35-2
List of Figures xxiii
ZyWALL 10~100 Series Internet Security Gateway
Figure 35-3 Call Control...............................................................................................................................35-3
Figure 35-4 Budget Management .................................................................................................................35-4
Figure 35-5 Call History...............................................................................................................................35-5
Figure 35-6 Menu 24: System Maintenance.................................................................................................35-6
Figure 35-7 Menu 24.10 System Maintenance: Time and Date Setting .......................................................35-7
Figure 36-1 Menu 24.11 – Remote Management Control ............................................................................36-2
Figure 37-2 IP Routing Policy Setup............................................................................................................37-2
Figure 37-4 Menu 25.1: Sample IP Routing Policy Setup ............................................................................37-3
Figure 37-5 IP Routing Policy ......................................................................................................................37-4
Figure 37-6 Menu 3.2: TCP/IP and DHCP Ethernet Setup...........................................................................37-6
Figure 37-7 Example of IP Policy Routing...................................................................................................37-7
Figure 37-8 IP Routing Policy Example.......................................................................................................37-8
Figure 37-9 IP Routing Policy ......................................................................................................................37-9
Figure 37-10 Applying IP Policies..............................................................................................................37-10
Figure 38-1 Schedule Setup..........................................................................................................................38-1
Figure 38-2 Schedule Set Setup....................................................................................................................38-2
Figure 38-3 Applying Schedule Set(s) to a Remote Node (PPPoE)..............................................................38-4
Figure 38-4 Applying Schedule Set(s) to a Remote Node (PPTP) ...............................................................38-5
Figure 39-1 VPN SMT Menu Tree ...............................................................................................................39-1
Figure 39-2 Menu 27: VPN/IPSec Setup......................................................................................................39-2
Figure 39-3 Menu 27.1: IPSec Summary .....................................................................................................39-2
Figure 39-4 Menu 27.1.1: IPSec Setup.........................................................................................................39-6
Figure 39-5 Menu 27.1.1.1: IKE Setup.......................................................................................................39-12
Figure 39-6 Menu 27.1.1.2: Manual Setup .................................................................................................39-15
Figure 40-1 Menu 27.2: SA Monitor ............................................................................................................40-1
xxiv List of Figures
ZyWALL 10~100 Series Internet Security Gateway
List of Tables
Table 1-1 Model Specific Features................................................................................................................. 1-6
Table 3-1 Ethernet Encapsulation .................................................................................................................. 3-3
Table 3-2 PPTP Encapsulation ....................................................................................................................... 3-5
Table 3-3 PPPoE Encapsulation..................................................................................................................... 3-7
Table 3-4 Private IP Address Ranges ............................................................................................................. 3-8
Table 3-5 Example of Network Properties for LAN Servers with Fixed IP Addresses................................ 3-10
Table 3-6 WAN Setup ...................................................................................................................................3-11
Table 4-1 System General Setup .................................................................................................................... 4-1
Table 4-2 DDNS............................................................................................................................................. 4-3
Table 4-3 Password ........................................................................................................................................ 4-5
Table 4-4 Time Zone ...................................................................................................................................... 4-6
Table 5-1 IP .................................................................................................................................................... 5-4
Table 5-2 Static DHCP................................................................................................................................... 5-6
Table 5-3 IP Alias........................................................................................................................................... 5-7
Table 6-1 Wireless.......................................................................................................................................... 6-5
Table 6-2 MAC Address Filter....................................................................................................................... 6-7
Table 6-3 802.1X Authentication ..................................................................................................................6-11
Table 6-4 Local User Database .................................................................................................................... 6-13
Table 6-5 RADIUS....................................................................................................................................... 6-14
Table 7-1 DMZ............................................................................................................................................... 7-2
Table 8-1 WAN Setup: Route......................................................................................................................... 8-2
Table 8-2 Ethernet Encapsulation .................................................................................................................. 8-3
Table 8-3 PPPoE Encapsulation..................................................................................................................... 8-5
Table 8-4 PPTP Encapsulation ....................................................................................................................... 8-7
Table 8-5 RR Service Type ............................................................................................................................ 8-9
Table 8-6 IP Setup.........................................................................................................................................8-11
Table 8-7 Traffic Redirect ............................................................................................................................ 8-15
Table 8-8Dial Backup Setup ........................................................................................................................ 8-18
Table 8-9 Advanced Setup ........................................................................................................................... 8-22
Table 9-1 NAT Definitions ............................................................................................................................. 9-1
Table 9-2 NAT Mapping Types...................................................................................................................... 9-5
Table 9-3 Services and Port Numbers ............................................................................................................ 9-7
Table 9-4 SUA/NAT Setup............................................................................................................................. 9-9
Table 9-5 Address Mapping ..........................................................................................................................9-11
Table 9-6 Address Mapping Edit.................................................................................................................. 9-13
Table 9-7 Trigger Port.................................................................................................................................. 9-15
Table 10-1 IP Static Route Summary........................................................................................................... 10-2
Table 10-2 Edit IP Static Route.................................................................................................................... 10-3
List of Tables xxv
ZyWALL 10~100 Series Internet Security Gateway
Table 11-1 Common IP Ports........................................................................................................................ 11-4
Table 11-2 ICMP Commands That Trigger Alerts ........................................................................................11-6
Table 11-3 Legal NetBIOS Commands ........................................................................................................ 11-7
Table 11-4 Legal SMTP Commands............................................................................................................. 11-7
Table 12-1 Firewall Rules Summary: First Screen .......................................................................................12-6
Table 12-2 Creating/Editing A Firewall Rule ...............................................................................................12-9
Table 12-3 Adding/Editing Source and Destination Addresses .................................................................. 12-11
Table 12-4 Creating/Editing A Custom Port ...............................................................................................12-12
Table 12-5 Predefined Services ..................................................................................................................12-17
Table 12-6 Attack Alert...............................................................................................................................12-22
Table 13-1 Content Filter: Categories ...........................................................................................................13-2
Table 13-2 Content Filter: Free.....................................................................................................................13-6
Table 13-3 Content Filter: iCard ...................................................................................................................13-7
Table 13-4 Content Filter: List Update .........................................................................................................13-9
Table 13-5 Content Filter: Exempt Zone ....................................................................................................13-10
Table 13-6 Content Filter: Customize .........................................................................................................13-12
Table 13-7 Content Filter: Keyword Blocking............................................................................................13-14
Table 14-1 VPN and NAT.............................................................................................................................14-6
Table 15-1 AH and ESP................................................................................................................................15-2
Table 15-2 Summary..................................................................................................................................... 15-4
Table 15-3 Local ID Type and Content Fields..............................................................................................15-7
Table 15-4 Peer ID Type and Content Fields ................................................................................................15-7
Table 15-5 Matching ID Type and Content Configuration Example ............................................................15-8
Table 15-6 Mismatching ID Type and Content Configuration Example.......................................................15-8
Table 15-7 VPN IKE...................................................................................................................................15-11
Table 15-8 VPN IKE: Advanced.................................................................................................................15-18
Table 15-9 VPN Manual Setup ...................................................................................................................15-22
Table 15-10 SA Monitor .............................................................................................................................15-26
Table 15-11 SA Monitor .............................................................................................................................15-27
Table 15-12 Telecommuter and Headquarters Configuration Example ......................................................15-28
Table 16-1 Telnet ..........................................................................................................................................16-4
Table 16-2 FTP .............................................................................................................................................16-5
Table 16-3 WWW......................................................................................................................................... 16-6
Table 16-4 SNMP Traps................................................................................................................................16-8
Table 16-5 SNMP .......................................................................................................................................16-10
Table 16-6 DNS ..........................................................................................................................................16-12
Table 16-7 Security .....................................................................................................................................16-13
Table 17-1 Configuring UPnP ......................................................................................................................17-3
Table 18-1 Application and Subnet-based Bandwidth Management Example .............................................18-4
Table 18-2 Bandwidth Manager: Summary ................................................................................................18-12
Table 18-3 Bandwidth Manager: Class Setup.............................................................................................18-13
xxvi List of Tables
ZyWALL 10~100 Series Internet Security Gateway
Table 18-4 Bandwidth Manager: Class Configuration............................................................................... 18-15
Table 18-5Services and Port Numbers ....................................................................................................... 18-16
Table 18-6 Bandwidth Management Statistics........................................................................................... 18-17
Table 18-7 Bandwidth Manager Monitor................................................................................................... 18-18
Table 19-1 View Log.................................................................................................................................... 19-3
Table 19-2 Log Settings Screen (ZyWALL 10W)........................................................................................ 19-5
Table 19-3 Reports ....................................................................................................................................... 19-7
Table 19-4 Web Site Hits Report.................................................................................................................. 19-9
Table 19-5 Protocol/ Port Report ............................................................................................................... 19-10
Table 19-6 LAN IP Address Report ............................................................................................................19-11
Table 19-7 Report Specifications ............................................................................................................... 19-12
Table 20-1 System Status ............................................................................................................................. 20-2
Table 20-2 System Status: Show Statistics................................................................................................... 20-3
Table 20-3 DHCP Table ............................................................................................................................... 20-4
Table 20-4 Restore Configuration ................................................................................................................ 20-9
Table 21-1 Main Menu Commands.............................................................................................................. 21-2
Table 21-2 Main Menu Summary ................................................................................................................ 21-3
Table 22-1 General Setup Menu Field ......................................................................................................... 22-1
Table 22-2 Configure Dynamic DNS Menu Fields...................................................................................... 22-3
Table 23-1 MAC Address Cloning in WAN Setup....................................................................................... 23-2
Table 23-2 Menu 2: Dial Backup Setup ....................................................................................................... 23-3
Table 23-3 Advanced WAN Port Setup: AT Commands Fields ................................................................... 23-4
Table 23-4 Advanced WAN Port Setup: Call Control Parameters ............................................................... 23-5
Table 23-5 Fields in Menu 11.1 Remote Node Profile (Backup ISP) .......................................................... 23-6
Table 23-6 Remote Node Network Layer Options Menu Fields................................................................ 23-10
Table 23-7 Menu 11.4: Remote Node Script Menu Fields......................................................................... 23-13
Table 24-1 DHCP Ethernet Setup Menu Fields............................................................................................ 24-3
Table 24-2 LAN TCP/IP Setup Menu Fields................................................................................................ 24-4
Table 24-3 IP Alias Setup Menu Fields ........................................................................................................ 24-5
Table 24-4 Wireless LAN Setup Menu Fields.............................................................................................. 24-7
Table 26-1 Menu 4: Internet Access Setup Menu Fields.............................................................................. 26-1
Table 26-2 New Fields in Menu 4 (PPTP) Screen ....................................................................................... 26-4
Table 26-3 New Fields in Menu 4 (PPPoE) screen ...................................................................................... 26-5
Table 27-1 Fields in Menu 11.1.................................................................................................................... 27-3
Table 27-2 Fields in Menu 11.1 (PPPoE Encapsulation Specific) ............................................................... 27-6
Table 27-3 Fields in Menu 11.1 (PPTP Encapsulation)................................................................................ 27-7
Table 27-4 Remote Node Network Layer Options Menu Fields.................................................................. 27-8
Table 27-5 Menu 11.1: Remote Node Profile (Traffic Redirect Field) ...................................................... 27-12
Table 27-6 Menu 11.6: Traffic Redirect Setup ........................................................................................... 27-13
Table 28-1 IP Static Route Menu Fields....................................................................................................... 28-2
Table 29-1 Applying NAT in Menus 4 & 11.3 ............................................................................................. 29-3
List of Tables xxvii
ZyWALL 10~100 Series Internet Security Gateway
Table 29-2 SUA Address Mapping Rules .....................................................................................................29-6
Table 29-3 Fields in Menu 15.1.1 .................................................................................................................29-7
Table 29-4 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set ...............................................29-9
Table 29-5 Menu 15.3: Trigger Port Setup Description.............................................................................. 29-21
Table 31-1 Abbreviations Used in the Filter Rules Summary Menu ............................................................31-5
Table 31-2 Rule Abbreviations Used ............................................................................................................31-6
Table 31-3 TCP/IP Filter Rule Menu Fields .................................................................................................31-7
Table 31-4 Generic Filter Rule Menu Fields .............................................................................................. 31-11
Table 32-1 SNMP Configuration Menu Fields .............................................................................................32-1
Table 32-2 SNMP Traps................................................................................................................................32-2
Table 33-1 System Maintenance: Status Menu Fields ..................................................................................33-2
Table 33-2 Fields in System Maintenance: Information ............................................................................... 33-5
Table 33-3 System Maintenance Menu Syslog Parameters ..........................................................................33-8
Table 33-4 System Maintenance Menu Diagnostic ....................................................................................33-13
Table 34-1 Filename Conventions ................................................................................................................34-2
Table 34-2 General Commands for GUI-based FTP Clients ........................................................................34-4
Table 34-3 General Commands for GUI-based TFTP Clients......................................................................34-6
Table 35-1 Valid Commands.........................................................................................................................35-2
Table 35-2 Budget Management...................................................................................................................35-4
Table 35-3 Call History Fields ...................................................................................................................... 35-5
Table 35-4 Time and Date Setting Fields......................................................................................................35-7
Table 36-1 Menu 24.11 – Remote Management Control..............................................................................36-2
Table 37-1 IP Routing Policy Setup..............................................................................................................37-3
Table 37-2 IP Routing Policy........................................................................................................................37-4
Table 38-1Schedule Set Setup Fields............................................................................................................38-2
Table 39-1 Menu 27.1: IPSec Summary .......................................................................................................39-3
Table 39-2 Menu 27.1.1: IPSec Setup...........................................................................................................39-6
Table 39-3 Menu 27.1.1.1: IKE Setup ........................................................................................................39-12
Table 39-4 Active Protocol: Encapsulation and Security Protocol .............................................................39-14
Table 39-5 Menu 27.1.1.2: Manual Setup...................................................................................................39-15
Table 40-1 Menu 27.2: SA Monitor..............................................................................................................40-2
xxviii List of Tables
ZyWALL 10~100 Series Internet Security Gateway
Preface
About Your ZyWALL
Congratulations on your purchase of the ZyWALL Internet Security Gateway.
About This User's Manual
This manual is designed to guide you through the configuration of your ZyWALL for its various
applications.
Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your ZyWALL. Not all features can be configured
through all interfaces.
The web configurator parts of this guide contain background information on features configurable by the web
configurator and the SMT. The SMT parts of this guide contain background information on features not
configurable by the web configurator.
This manual may refer to the ZyWALL Internet Security Gateway as the ZyWALL.
This manual covers the ZyWALL 10 to100 models. Supported features and the details of the features, vary
from model to model. Not every feature applies to every model; refer to the Model Comparison Chart in
chapter 1 of this user’s guide to see what features are specific to your ZyWALL model.
Related Documentation
Support Disk
Refer to the included CD for support documents.
Read Me First or Quick Start Guide
The Read Me First or Quick Start Guide is designed to help you get up and running right away. It
contains a detailed easy-to-follow connection diagram, default settings, handy checklists and
information on setting up your network and configuring for Internet access.
Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary information.
Packing List Card
The Packing List Card lists all items that should have come in the package.
Reference Guide
The Reference Guide provides background information on some of the ZyWALL’s features and also
includes commands for use with the command interpreter.
Certifications
Refer to the product page at www.zyxel.com
ZyXEL Glossary and Web Site
Preface xxix
for information on product certifications.
ZyWALL 10~100 Series Internet Security Gateway
Please refer to www.zyxel.com for an online glossary of networking terms and additional support
documentation.
User’s Guide Feedback
Help us help you. E-mail all User’s Guide-related comments, questions or suggestions for improvement to
techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications
Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Syntax Conventions
• The version number on the title page is the latest firmware version that is documented in this User’s
Guide. Earlier versions may also be included.
• “Enter” means for you to type one or more characters and press the carriage return. “Select” or
“Choose” means for you to use one of the predefined choices.
• The SMT menu titles and labels are in Bold Times New Roman font. Command and arrow keys are
enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape
key and [SPACE BAR] means the Space Bar.
• The choices of a menu item are in Bold Arial font.
• Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control
Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control
Panels and then click Modem.
• For brevity’s sake, we will use “e.g.” as a shorthand for “for instance” and “i.e.” for “that is” or “in other
words” throughout this manual.
xxx Preface
Loading...