ZyXEL 35 User Manual
ZyWALL 35
Internet Security Appliance
User’s Guide
Version 3.63
November 2004
ZyWALL 35 User’s Guide
Copyright
Copyright © 2004 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Copyright 1
ZyWALL 35 User’s Guide
Federal Communications
Commission (FCC) Interference
Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy, and if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
Certifications
Go to www.zyxel.com
1 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
2 Select the certification you wish to view from this page
2 Federal Communications Commission (FCC) Interference Statement
ZyWALL 35 User’s Guide
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or
subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind of character to the
purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
Safety Warnings
1 To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.
2 Do not use this product near water, for example, in a wet basement or near a swimming
pool.
3 Avoid using this product during an electrical storm. There may be a remote risk of
electric shock from lightening.
ZyXEL Limited Warranty 3
ZyWALL 35 User’s Guide
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Customer Support
METHOD
LOCATION
WORLDWIDE
NORTH
AMERICA
GERMANY
FRANCE
SPAIN
DENMARK
NORWAY
SWEDEN
FINLAND
a. “+” is the (prefix) number you enter to make an international telephone call.
SUPPORT E-MAIL TELEPHONE
SALES E-MAIL FAX FTP SITE
support@zyxel.com.tw +886-3-578-3942 www.zyxel.com
sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com
support@zyxel.com +1-800-255-4101
+1-714-632-0882
sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com
support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.
sales@zyxel.de +49-2405-6909-99
info@zyxel.fr +33 (0)4 72 52 97 97 www.zyxel.fr Z yX E L F r an c e
+33 (0)4 72 52 19 20
support@zyxel.es +34 902 195 420 www.zyxel.es Z y X E L C o m m u n i c at i o n s
sales@zyxel.es +34 913 005 345
support@zyxel.dk +45 39 55 07 00 www.zyxel.dk Z y X E L C o m m u n i c a t i o n s A / S
sales@zyxel.dk +45 39 55 07 07
support@zyxel.no +47 22 80 61 80 www.zyxel.no Z y X E L C o m m u n i c a t i o n s A / S
sales@zyxel.no +47 22 80 61 81
support@zyxel.se +46 31 744 7700 www.zyxel.se ZyXEL Communications A/S
sales@zyxel.se +46 31 744 7701
support@zyxel.fi +358-9-4780-8411 www.zyxel.fi Z yXEL Comm un i cations O y
sales@zyxel.fi +358-9-4780 8448
A
WEB SITE
www.europe.zyxel.com
ftp.europe.zyxel.com
www.us.zyxel.com ZyXEL Communications Inc.
REGULAR MAIL
ZyXEL Communications Corp.
6 Innov ati on Roa d II
Sc ience Park
Hs inchu 3 00
Ta iw a n
1130 N. Miller St.
Ana hei m
CA 92806- 2001
U.S.A.
Adenauerstr. 20/A2 D-52146
Wuerselen
Germany
1 rue de s Ve rg er s
Ba t. 1 / C
69760 Limonest
France
A l e j a n d r o V i l l e g a s 3 3
1 º , 2 8 0 4 3 M a d r i d
Spain
Col um bu sv ej 5
2860 Soeborg
Denmark
Ni ls Hansens vei 13
0667 Oslo
Norway
Sjöporten 4, 41764 Göteborg
Sweden
Mal mi nk aa ri 10
00700 Helsinki
Finland
4 Customer Support
ZyWALL 35 User’s Guide
Table of Contents
Copyright .................................................................................................................. 1
Federal Communications Commission (FCC) Interference Statement ............... 2
ZyXEL Limited Warranty.......................................................................................... 3
Customer Support.................................................................................................... 4
Preface .................................................................................................................... 45
Chapter 1
Getting to Know Your ZyWALL ............................................................................. 47
1.1 ZyWALL 35 Internet Security Appliance Overview .............................................47
1.2 ZyWALL Features ..............................................................................................47
1.2.1 Physical Features .....................................................................................48
1.2.1.1 Auto-negotiating 10/100 Mbps Ethernet LAN ..................................48
1.2.1.2 Auto-crossover 10/100 Mbps Ethernet LAN ....................................48
1.2.1.3 Auto-negotiating 10/100 Mbps Ethernet DMZ ................................48
1.2.1.4 Auto-crossover 10/100 Mbps Ethernet DMZ ...................................48
1.2.1.5 LAN/DMZ Interface .........................................................................48
1.2.1.6 Dual Auto-negotiating 10/100 Mbps Ethernet WAN .......................48
1.2.1.7 Dual Auto-crossover 10/100 Mbps Ethernet WAN ..........................48
1.2.1.8 Dial Backup WAN ...........................................................................49
1.2.1.9 Time and Date .................................................................................49
1.2.1.10 Reset Button .................................................................................49
1.2.1.11 Dual PCMCIA and CardBus Slot ..................................................49
1.2.1.12 IEEE 802.11 b/g Wireless LAN ......................................................49
1.2.2 Non-Physical Features .............................................................................49
1.2.2.1 Load Balancing ...............................................................................49
1.2.2.2 SIP Passthrough .............................................................................49
1.2.2.3 Transparent Firewall ........................................................................49
1.2.2.4 STP (Spanning Tree Protocol) / RSTP (Rapid STP) .......................50
1.2.2.5 Bandwidth Management ..................................................................50
1.2.2.6 IPSec VPN Capability ......................................................................50
1.2.2.7 X-Auth (Extended Authentication) ...................................................50
1.2.2.8 Certificates ......................................................................................50
1.2.2.9 SSH ................................................................................................50
5
ZyWALL 35 User’s Guide
1.3 Applications for the ZyWALL ..............................................................................54
1.2.2.10 HTTPS ..........................................................................................50
1.2.2.11 Firewall ..........................................................................................50
1.2.2.12 Content Filtering ............................................................................51
1.2.2.13 Universal Plug and Play (UPnP) ..................................................51
1.2.2.14 RADIUS (RFC2138, 2139) ............................................................51
1.2.2.15 IEEE 802.1x for Network Security .................................................51
1.2.2.16 Wi-Fi Protected Access .................................................................51
1.2.2.17 Wireless LAN MAC Address Filtering ...........................................51
1.2.2.18 WEP Encryption ............................................................................51
1.2.2.19 Packet Filtering .............................................................................51
1.2.2.20 Call Scheduling .............................................................................52
1.2.2.21 PPPoE ...........................................................................................52
1.2.2.22 PPTP Encapsulation .....................................................................52
1.2.2.23 Dynamic DNS Support ..................................................................52
1.2.2.24 IP Multicast ....................................................................................52
1.2.2.25 IP Alias ..........................................................................................52
1.2.2.26 IP Policy Routing ...........................................................................52
1.2.2.27 Central Network Management ......................................................53
1.2.2.28 SNMP ............................................................................................53
1.2.2.29 Network Address Translation (NAT) ..............................................53
1.2.2.30 Traffic Redirect ..............................................................................53
1.2.2.31 Port Forwarding .............................................................................53
1.2.2.32 DHCP (Dynamic Host Configuration Protocol) ..............................53
1.2.2.33 Full Network Management ............................................................54
1.2.2.34 RoadRunner Support ...................................................................54
1.2.2.35 Logging and Tracing ......................................................................54
1.2.2.36 Upgrade ZyWALL Firmware via LAN ............................................54
1.2.2.37 Embedded FTP and TFTP Servers ...............................................54
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem .................54
1.3.2 VPN Application ........................................................................................55
Chapter 2
Introducing the Web Configurator........................................................................ 57
2.1 Web Configurator Overview ...............................................................................57
2.2 Accessing the ZyWALL Web Configurator .........................................................57
2.3 Resetting the ZyWALL .......................................................................................59
2.3.1 Procedure To Use The Reset Button ........................................................59
2.3.2 Uploading a Configuration File Via Console Port .....................................59
2.4 Navigating the ZyWALL Web Configurator ........................................................60
2.4.1 Router Mode .............................................................................................60
2.4.2 Bridge Mode .............................................................................................63
2.4.3 Navigation Panel .......................................................................................65
6
ZyWALL 35 User’s Guide
2.4.4 System Statistics .......................................................................................68
2.4.4.1 Show Statistics: Line Chart .............................................................69
2.4.5 DHCP Table Screen .................................................................................70
2.4.6 VPN Status ...............................................................................................71
Chapter 3
Wizard Setup .......................................................................................................... 73
3.1 Wizard Setup Overview ......................................................................................73
3.2 Internet Access .................................................................................................73
3.2.1 ISP Parameters ........................................................................................73
3.2.1.1 Ethernet ...........................................................................................73
3.2.1.2 PPPoE Encapsulation .....................................................................75
3.2.1.3 PPTP Encapsulation .......................................................................76
3.2.2 WAN and DNS ..........................................................................................78
3.2.2.1 WAN IP Address Assignment ..........................................................78
3.2.2.2 IP Address and Subnet Mask ..........................................................78
3.2.2.3 DNS Server Address Assignment ...................................................79
3.2.2.4 WAN MAC Address .........................................................................79
3.2.3 Internet Access Wizard Setup Complete ..................................................81
3.3 VPN Overview ....................................................................................................82
3.3.1 IPSec ........................................................................................................82
3.3.2 Security Association .................................................................................82
3.4 VPN Wizard ........................................................................................................82
3.4.1 My IP Address ..........................................................................................83
3.4.2 Secure Gateway Address .........................................................................83
3.4.2.1 Dynamic Secure Gateway Address ................................................83
3.4.3 Network Setting ........................................................................................85
3.4.4 IKE Phases ...............................................................................................86
3.4.4.1 Negotiation Mode ............................................................................87
3.4.4.2 Pre-Shared Key ...............................................................................87
3.4.4.3 Diffie-Hellman (DH) Key Groups .....................................................88
3.4.4.4 Perfect Forward Secrecy (PFS) .....................................................88
3.5 IPSec Algorithms ................................................................................................88
3.5.1 AH (Authentication Header) Protocol ........................................................88
3.5.2 ESP (Encapsulating Security Payload) Protocol ......................................88
3.5.3 IKE Tunnel Setting (IKE Phase 1) ............................................................90
3.5.4 IPSec Setting (IKE Phase 2) .....................................................................91
3.5.5 VPN Status Summary ...............................................................................92
3.5.6 VPN Wizard Setup Complete ...................................................................94
Chapter 4
LAN Screens........................................................................................................... 97
4.1 LAN Overview ....................................................................................................97
7
ZyWALL 35 User’s Guide
4.2 DHCP Setup .......................................................................................................97
4.3 LAN TCP/IP ........................................................................................................98
4.4 Configuring LAN .................................................................................................99
4.5 Configuring Static DHCP ..................................................................................101
4.6 Configuring IP Alias ..........................................................................................102
4.7 Configuring Port Roles .....................................................................................104
Chapter 5
Bridge Screens..................................................................................................... 107
5.1 Bridge Loop ......................................................................................................107
5.2 Spanning Tree Protocol (STP) .........................................................................107
5.3 Configuring Bridge ...........................................................................................109
5.4 Configuring Port Roles ..................................................................................... 111
4.2.1 IP Pool Setup ............................................................................................97
4.2.2 DNS Servers .............................................................................................97
4.3.1 Factory LAN Defaults ................................................................................98
4.3.2 IP Address and Subnet Mask ...................................................................98
4.3.3 RIP Setup .................................................................................................98
4.3.4 Multicast ....................................................................................................99
5.2.1 Rapid STP ..............................................................................................108
5.2.2 STP Terminology ....................................................................................108
5.2.3 How STP Works .....................................................................................108
5.2.4 STP Port States ......................................................................................109
Chapter 6
Wireless LAN and Authentication Server .......................................................... 113
6.1 Wireless LAN Overview ................................................................................... 113
6.1.1 Additional Installation Requirements for Using 802.1x ...........................113
6.2 Wireless LAN Basics ........................................................................................ 113
6.2.1 Channel .................................................................................................. 113
6.2.2 ESS ID .................................................................................................... 113
6.2.3 RTS/CTS ............................................................................................... 114
6.2.4 Fragmentation Threshold ........................................................................ 115
6.3 Wireless Security ............................................................................................. 115
6.4 Security Parameters Summary ........................................................................ 116
6.5 WEP Encrytion .................................................................................................116
6.6 802.1x Overview .............................................................................................. 117
6.7 Dynamic WEP Key Exchange ..........................................................................117
6.8 Introduction to WPA .........................................................................................117
6.8.1 User Authentication ................................................................................117
6.8.2 Encryption ............................................................................................... 118
6.9 WPA-PSK Application Example .......................................................................118
6.10 WPA with RADIUS Application Example ........................................................119
8
ZyWALL 35 User’s Guide
6.11 Wireless Client WPA Supplicants ...................................................................120
6.12 Inserting a PCMCIA/CardBus Wireless LAN Card .........................................120
6.13 Configuring Wireless LAN ..............................................................................121
6.13.1 Static WEP ............................................................................................122
6.13.2 WPA-PSK .............................................................................................123
6.13.3 WPA ......................................................................................................125
6.13.4 802.1x + Dynamic WEP ........................................................................126
6.13.5 802.1x + Static WEP .............................................................................127
6.13.6 802.1x + No WEP .................................................................................129
6.13.7 No Access 802.1x + Static WEP ...........................................................130
6.13.8 No Access 802.1x + No WEP ...............................................................131
6.14 Configuring MAC Filter ...................................................................................131
6.15 Introduction to RADIUS ..................................................................................133
6.15.1 Types of RADIUS Messages ................................................................133
6.15.2 EAP Authentication Overview ...............................................................134
6.16 Introduction to Local User Database ..............................................................134
6.17 Authentication Server .....................................................................................135
6.18 Configuring Local User Database ..................................................................135
6.19 Configuring RADIUS ......................................................................................137
Chapter 7
WAN Screens........................................................................................................ 139
7.1 WAN Overview .................................................................................................139
7.2 Multiple WAN ....................................................................................................139
7.3 Load Balancing Introduction .............................................................................140
7.4 Load Balancing Algorithms ..............................................................................140
7.4.1 Least Load First ......................................................................................140
7.4.1.1 Example 1 .....................................................................................140
7.4.1.2 Example 2 .....................................................................................141
7.4.2 Weighted Round Robin ...........................................................................142
7.4.3 Spillover ..................................................................................................142
7.5 TCP/IP Priority (Metric) ....................................................................................143
7.6 Configuring General .........................................................................................143
7.7 Configuring Load Balancing .............................................................................146
7.7.1 Least Load First ......................................................................................146
7.7.2 Weighted Round Robin ...........................................................................147
7.7.3 Spillover ..................................................................................................148
7.8 Configuring WAN Setup ...................................................................................149
7.8.1 Ethernet Encapsulation ...........................................................................150
7.8.2 PPPoE Encapsulation .............................................................................152
7.8.3 PPTP Encapsulation ...............................................................................154
7.9 Traffic Redirect .................................................................................................156
7.10 Configuring Traffic Redirect ............................................................................157
9
ZyWALL 35 User’s Guide
7.11 Configuring Dial Backup .................................................................................158
7.12 Advanced Modem Setup ................................................................................162
7.13 Configuring Advanced Modem Setup ............................................................162
Chapter 8
DMZ Screens ........................................................................................................ 165
8.1 DMZ Overview .................................................................................................165
8.2 Configuring DMZ ..............................................................................................165
8.3 Configuring IP Alias ..........................................................................................167
8.4 DMZ Public IP Address Example .....................................................................169
8.5 DMZ Private and Public IP Address Example ..................................................169
8.6 Configuring Port Roles .....................................................................................170
Chapter 9
Firewalls................................................................................................................ 173
7.12.1 AT Command Strings ............................................................................162
7.12.2 DTR Signal ...........................................................................................162
7.12.3 Response Strings ..................................................................................162
9.1 Firewall Overview .............................................................................................173
9.2 Types of Firewalls ............................................................................................173
9.2.1 Packet Filtering Firewalls ........................................................................173
9.2.2 Application-level Firewalls ......................................................................173
9.2.3 Stateful Inspection Firewalls ...................................................................174
9.3 Introduction to ZyXEL’s Firewall .......................................................................174
9.4 Denial of Service ..............................................................................................175
9.4.1 Basics .....................................................................................................175
9.4.2 Types of DoS Attacks .............................................................................176
9.4.2.1 ICMP Vulnerability ........................................................................178
9.4.2.2 Illegal Commands (NetBIOS and SMTP) ......................................178
9.4.2.3 Traceroute .....................................................................................179
9.5 Stateful Inspection ............................................................................................179
9.5.1 Stateful Inspection Process ....................................................................180
9.5.2 Stateful Inspection and the ZyWALL .......................................................181
9.5.3 TCP Security ...........................................................................................181
9.5.4 UDP/ICMP Security ................................................................................182
9.5.5 Upper Layer Protocols ............................................................................182
9.6 Guidelines For Enhancing Security With Your Firewall ....................................183
9.7 Packet Filtering Vs Firewall ..............................................................................183
9.7.1 Packet Filtering: ......................................................................................183
9.7.1.1 When To Use Filtering ...................................................................183
9.7.2 Firewall ...................................................................................................184
9.7.2.1 When To Use The Firewall ............................................................184
10
ZyWALL 35 User’s Guide
Chapter 10
Firewall Screens................................................................................................... 185
10.1 Access Methods .............................................................................................185
10.2 Firewall Policies Overview .............................................................................185
10.3 Rule Logic Overview ......................................................................................186
10.3.1 Rule Checklist .......................................................................................186
10.3.2 Security Ramifications ..........................................................................187
10.3.3 Key Fields For Configuring Rules .........................................................187
10.3.3.1 Action ..........................................................................................187
10.3.3.2 Service ........................................................................................187
10.3.3.3 Source Address ...........................................................................187
10.3.3.4 Destination Address ....................................................................188
10.4 Connection Direction Examples .....................................................................188
10.4.1 LAN To WAN Rules ..............................................................................188
10.4.2 WAN To LAN Rules ..............................................................................188
10.5 Alerts ..............................................................................................................189
10.6 Configuring Firewall .......................................................................................189
10.6.1 Rule Summary ......................................................................................192
10.6.2 Configuring Firewall Rules ....................................................................193
10.6.3 Configuring Custom Services ...............................................................196
10.7 Example Firewall Rule ...................................................................................196
10.8 Predefined Services .......................................................................................200
10.9 Anti-Probing ...................................................................................................202
10.10 Configuring Attack Alert ...............................................................................203
10.10.1 Threshold Values ................................................................................204
10.10.2 Half-Open Sessions ............................................................................204
10.10.2.1 TCP Maximum Incomplete and Blocking Time .........................204
Chapter 11
Content Filtering Screens ...................................................................................207
11.1 Content Filtering Overview .............................................................................207
11.1.1 Restrict Web Features ..........................................................................207
11.1.2 Create a Filter List .................................................................................207
11.1.3 Customize Web Site Access ................................................................207
11.2 General Content Filter Configuration ..............................................................207
11.3 Content Filtering with an External Database ..................................................210
11.4 Categories and Registering ............................................................................210
11.5 Customization .................................................................................................217
11.6 Customizing Keyword Blocking URL Checking ..............................................220
11.6.1 Domain Name or IP Address URL Checking ........................................220
11.6.2 Full Path URL Checking ........................................................................220
11.6.3 File Name URL Checking .....................................................................220
11
ZyWALL 35 User’s Guide
Chapter 12
Content Filtering Registration and Reports....................................................... 221
12.1 Introduction to myZyXEL.com ........................................................................221
12.2 myZyXEL.com Account Registration ..............................................................222
12.3 Registering Your ZyXEL Device .....................................................................224
12.4 Content Filtering Registration .........................................................................227
12.5 Checking Content Filtering Activation ............................................................229
12.6 Updating Product Registration Information ....................................................230
12.7 Viewing Content Filtering Reports ..................................................................230
12.8 Configuration File ...........................................................................................232
Chapter 13
Introduction to IPSec ........................................................................................... 233
13.1 VPN Overview ................................................................................................233
13.2 IPSec Architecture .........................................................................................234
13.3 Encapsulation .................................................................................................235
13.4 IPSec and NAT ...............................................................................................236
12.1.1 A Note on myZyXEL.com Numbers ......................................................222
13.1.1 IPSec ....................................................................................................233
13.1.2 Security Association .............................................................................233
13.1.3 Other Terminology ................................................................................233
13.1.3.1 Encryption ...................................................................................233
13.1.3.2 Data Confidentiality .....................................................................234
13.1.3.3 Data Integrity ...............................................................................234
13.1.3.4 Data Origin Authentication ..........................................................234
13.1.4 VPN Applications ..................................................................................234
13.1.4.1 Linking Two or More Private Networks Together .........................234
13.1.4.2 Accessing Network Resources When NAT Is Enabled ...............234
13.1.4.3 Unsupported IP Applications .......................................................234
13.2.1 IPSec Algorithms ..................................................................................235
13.2.2 Key Management ..................................................................................235
13.3.1 Transport Mode ....................................................................................236
13.3.2 Tunnel Mode .........................................................................................236
12
Chapter 14
VPN Screens......................................................................................................... 239
14.1 VPN/IPSec Overview .....................................................................................239
14.2 IPSec Algorithms ............................................................................................239
14.2.1 AH (Authentication Header) Protocol ....................................................239
14.2.2 ESP (Encapsulating Security Payload) Protocol ..................................239
14.3 My IP Address ................................................................................................240
14.4 Secure Gateway Address ..............................................................................240
14.4.1 Dynamic Secure Gateway Address ......................................................241
ZyWALL 35 User’s Guide
14.5 Summary Screen ...........................................................................................241
14.6 Keep Alive ......................................................................................................243
14.7 NAT Traversal ................................................................................................243
14.7.1 NAT Traversal Configuration .................................................................244
14.7.2 X-Auth (Extended Authentication) ........................................................244
14.7.3 Remote DNS Server .............................................................................244
14.8 ID Type and Content ......................................................................................245
14.8.1 ID Type and Content Examples ............................................................246
14.9 Pre-Shared Key ..............................................................................................247
14.10 Editing VPN Policies ....................................................................................247
14.11 IKE Phases ...................................................................................................254
14.11.1 X-Auth and IKE ...................................................................................255
14.11.2 Negotiation Mode ................................................................................255
14.11.3 Diffie-Hellman (DH) Key Groups .........................................................255
14.11.4 Perfect Forward Secrecy (PFS) ..........................................................256
14.12 Configuring Advanced VPN Rule .................................................................256
14.13 Manual Key Setup ........................................................................................258
14.13.1 Security Parameter Index (SPI) ..........................................................258
14.14 Configuring Manual Key ...............................................................................259
14.15 Viewing SA Monitor ......................................................................................262
14.16 Configuring Global Setting ...........................................................................263
14.17 Telecommuter VPN/IPSec Examples ...........................................................264
14.17.1 Telecommuters Sharing One VPN Rule Example ..............................264
14.17.2 Telecommuters Using Unique VPN Rules Example ...........................264
14.18 VPN and Remote Management ...................................................................266
Chapter 15
Certificates............................................................................................................ 267
15.1 Certificates Overview .....................................................................................267
15.1.1 Advantages of Certificates ....................................................................268
15.2 Self-signed Certificates ..................................................................................268
15.3 Configuration Summary .................................................................................268
15.4 My Certificates ...............................................................................................268
15.5 Certificate File Formats ..................................................................................270
15.6 Importing a Certificate ....................................................................................271
15.7 Creating a Certificate .....................................................................................272
15.8 My Certificate Details .....................................................................................274
15.9 Trusted CAs ...................................................................................................277
15.10 Importing a Trusted CA’s Certificate .............................................................279
15.11 Trusted CA Certificate Details ......................................................................280
15.12 Trusted Remote Hosts .................................................................................283
15.13 Verifying a Trusted Remote Host’s Certificate ..............................................285
15.13.1 Trusted Remote Host Certificate Fingerprints .....................................285
13
ZyWALL 35 User’s Guide
15.14 Importing a Trusted Remote Host’s Certificate ............................................286
15.15 Trusted Remote Host Certificate Details ......................................................287
15.16 Directory Servers .........................................................................................290
15.17 Add or Edit a Directory Server .....................................................................291
Chapter 16
Network Address Translation (NAT) ................................................................... 293
16.1 NAT Overview ................................................................................................293
16.2 Using NAT ......................................................................................................297
16.3 Configuring NAT Overview .............................................................................297
16.4 Configuring Address Mapping ........................................................................299
16.5 Port Forwarding ..............................................................................................302
16.6 Configuring Port Forwarding .........................................................................305
16.7 Configuring Trigger Port .................................................................................307
16.1.1 NAT Definitions .....................................................................................293
16.1.2 What NAT Does ....................................................................................294
16.1.3 How NAT Works ...................................................................................294
16.1.4 NAT Application ....................................................................................295
16.1.5 NAT Mapping Types .............................................................................295
16.2.1 SUA (Single User Account) Versus NAT ..............................................297
16.4.1 Address Mapping Edit ...........................................................................301
16.5.1 Default Server IP Address ....................................................................303
16.5.2 Port Forwarding: Services and Port Numbers ......................................303
16.5.3 Configuring Servers Behind Port Forwarding (Example) ......................303
16.5.4 NAT and Multiple WAN .........................................................................304
16.5.5 Port Translation ....................................................................................304
14
Chapter 17
Static Route .......................................................................................................... 311
17.1 Static Route Overview ....................................................................................311
17.2 Configuring IP Static Route ............................................................................312
17.2.1 Configuring a Static Route Entry ...........................................................313
Chapter 18
Policy Route ......................................................................................................... 315
18.1 Introduction to IP Policy Routing ....................................................................315
18.2 Benefits ..........................................................................................................315
18.3 Routing Policy ................................................................................................315
18.4 IP Routing Policy Setup .................................................................................316
18.5 Configuring the IP Policy Route Entry ............................................................317
ZyWALL 35 User’s Guide
Chapter 19
Bandwidth Management...................................................................................... 321
19.1 Bandwidth Management Overview ................................................................321
19.2 Bandwidth Classes and Filters .......................................................................321
19.3 Proportional Bandwidth Allocation .................................................................322
19.4 Bandwidth Management Usage Examples ....................................................322
19.4.1 Application-based Bandwidth Management Example ..........................322
19.4.2 Subnet-based Bandwidth Management Example .................................322
19.4.3 Application and Subnet-based Bandwidth Management Example .......323
19.5 Scheduler .......................................................................................................323
19.5.1 Priority-based Scheduler ......................................................................324
19.5.2 Fairness-based Scheduler ....................................................................324
19.6 Maximize Bandwidth Usage ...........................................................................324
19.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................324
19.6.2 Maximize Bandwidth Usage Example ..................................................325
19.7 Bandwidth Borrowing .....................................................................................326
19.7.1 Bandwidth Borrowing Example .............................................................326
19.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing ......................327
19.8 Configuring Summary ....................................................................................328
19.9 Configuring Class Setup ................................................................................329
19.9.1 Bandwidth Manager Class Configuration .............................................330
19.9.2 Bandwidth Management Statistics ........................................................333
19.10 Configuring Monitor .....................................................................................334
Chapter 20
DNS........................................................................................................................ 337
20.1 DNS Overview ................................................................................................337
20.2 DNS Server Address Assignment ..................................................................337
20.3 DNS Servers ..................................................................................................337
20.4 Address Record .............................................................................................338
20.5 Name Server Record .....................................................................................338
20.5.1 Private DNS Server ..............................................................................338
20.6 The System Screen ........................................................................................339
20.6.1 Adding an Address Record ...................................................................341
20.6.2 Inserting a Name Server record ............................................................342
20.7 DNS Cache ....................................................................................................343
20.8 Configure DNS Cache ....................................................................................344
20.9 Configuring LAN DNS ....................................................................................345
20.10 Dynamic DNS ...............................................................................................346
20.10.1 DYNDNS Wildcard ..............................................................................347
20.10.2 High Availability ..................................................................................347
20.11 Configuring Dynamic DNS ...........................................................................347
15
ZyWALL 35 User’s Guide
Chapter 21
Remote Management ........................................................................................... 351
21.1 Remote Management Overview .....................................................................351
21.2 Introduction to HTTPS ....................................................................................352
21.3 Configuring WWW ..........................................................................................353
21.4 HTTPS Example ............................................................................................355
21.5 SSH Overview ...............................................................................................360
21.6 How SSH works .............................................................................................360
21.7 SSH Implementation on the ZyWALL .............................................................361
21.8 Configuring SSH ............................................................................................362
21.9 Secure Telnet Using SSH Examples ..............................................................363
21.10 Secure FTP Using SSH Example ................................................................364
21.11 Telnet ............................................................................................................365
21.12 Configuring TELNET ....................................................................................365
21.13 Configuring FTP ...........................................................................................366
21.14 Configuring SNMP .......................................................................................367
21.15 Configuring DNS ..........................................................................................371
21.16 Introducing Vantage CNM ............................................................................371
21.17 Configuring CNM ..........................................................................................372
21.1.1 Remote Management Limitations .........................................................352
21.1.2 Remote Management and NAT ............................................................352
21.1.3 System Timeout ...................................................................................352
21.4.1 Internet Explorer Warning Messages ...................................................355
21.4.2 Netscape Navigator Warning Messages ...............................................356
21.4.3 Avoiding the Browser Warning Messages ............................................357
21.4.4 Login Screen .........................................................................................357
21.7.1 Requirements for Using SSH ................................................................362
21.9.1 Example 1: Microsoft Windows .............................................................363
21.9.2 Example 2: Linux ..................................................................................363
21.14.1 Supported MIBs .................................................................................369
21.14.2 SNMP Traps .......................................................................................369
21.14.3 REMOTE MANAGEMENT: SNMP ......................................................369
16
Chapter 22
UPnP...................................................................................................................... 375
22.1 Universal Plug and Play Overview .................................................................375
22.1.1 How Do I Know If I'm Using UPnP? ......................................................375
22.1.2 NAT Traversal .......................................................................................375
22.1.3 Cautions with UPnP ..............................................................................375
22.2 UPnP and ZyXEL ...........................................................................................376
22.3 Configuring UPnP ..........................................................................................376
22.4 Displaying UPnP Port Mapping ......................................................................377
22.5 Installing UPnP in Windows Example ............................................................378
ZyWALL 35 User’s Guide
22.5.1 Installing UPnP in Windows Me ............................................................379
22.5.2 Installing UPnP in Windows XP ............................................................380
22.6 Using UPnP in Windows XP Example ...........................................................380
22.6.1 Auto-discover Your UPnP-enabled Network Device .............................381
22.6.2 Web Configurator Easy Access ............................................................382
Chapter 23
Logs Screens........................................................................................................ 385
23.1 Configuring View Log .....................................................................................385
23.2 Log Description Example ...............................................................................386
23.3 Configuring Log Settings ................................................................................387
23.4 Configuring Reports .......................................................................................390
23.4.1 Viewing Web Site Hits ...........................................................................392
23.4.2 Viewing Protocol/Port ...........................................................................392
23.4.3 Viewing LAN IP Address .......................................................................393
23.4.4 Reports Specifications ..........................................................................394
Chapter 24
Maintenance ......................................................................................................... 395
24.1 Maintenance Overview ...................................................................................395
24.2 General Setup ................................................................................................395
24.2.1 General Setup and System Name ........................................................395
24.2.2 Domain Name .......................................................................................395
24.3 Configuring Password ....................................................................................396
24.4 Pre-defined NTP Time Servers List ................................................................397
24.5 Configuring Time and Date ............................................................................398
24.5.1 Time Server Synchronization ................................................................400
24.6 Configuring Device Mode ...............................................................................401
24.7 F/W Upload Screen ........................................................................................404
24.8 Configuration Screen .....................................................................................406
24.8.1 Backup Configuration ...........................................................................406
24.8.2 Restore Configuration ..........................................................................407
24.8.3 Back to Factory Defaults .......................................................................408
24.9 Restart Screen ...............................................................................................408
Chapter 25
Introducing the SMT ............................................................................................ 411
25.1 Introduction to the SMT .................................................................................. 411
25.2 Accessing the SMT via the Console Port .......................................................411
25.2.1 Initial Screen .........................................................................................411
25.2.2 Entering the Password ..........................................................................412
25.3 Navigating the SMT Interface .........................................................................412
25.3.1 Main Menu ............................................................................................413
17
ZyWALL 35 User’s Guide
25.4 Changing the System Password ....................................................................416
25.5 Resetting the ZyWALL ...................................................................................417
Chapter 26
SMT Menu 1 - General Setup............................................................................... 419
26.1 Introduction to General Setup ........................................................................419
26.2 Configuring General Setup .............................................................................419
Chapter 27
WAN and Dial Backup Setup............................................................................... 425
27.1 Introduction to WAN and Dial Backup Setup ..................................................425
27.2 WAN Setup .....................................................................................................425
27.3 Dial Backup ....................................................................................................426
27.4 Configuring Dial Backup in Menu 2 ................................................................426
27.5 Advanced WAN Setup ....................................................................................428
27.6 Remote Node Profile (Backup ISP) ................................................................429
27.7 Editing PPP Options .......................................................................................431
27.8 Editing TCP/IP Options ..................................................................................431
27.9 Editing Login Script ........................................................................................433
27.10 Remote Node Filter ......................................................................................435
25.3.2 SMT Menus at a Glance .......................................................................415
26.2.1 Configuring Dynamic DNS ....................................................................421
26.2.1.1 Editing DDNS Host ......................................................................421
Chapter 28
LAN Setup............................................................................................................. 437
28.1 Introduction to LAN Setup ..............................................................................437
28.2 Accessing the LAN Menus .............................................................................437
28.3 LAN Port Filter Setup .....................................................................................437
28.4 TCP/IP and DHCP Ethernet Setup Menu ......................................................438
28.4.1 IP Alias Setup .......................................................................................440
28.5 Wireless LAN Setup .......................................................................................442
28.5.1 MAC Address Filter Setup ....................................................................443
Chapter 29
Internet Access .................................................................................................... 445
29.1 Introduction to Internet Access Setup ............................................................445
29.2 Ethernet Encapsulation ..................................................................................445
29.3 Configuring the PPTP Client ..........................................................................447
29.4 Configuring the PPPoE Client ........................................................................447
29.5 Basic Setup Complete ....................................................................................448
18
ZyWALL 35 User’s Guide
Chapter 30
DMZ Setup ............................................................................................................ 449
30.1 Configuring DMZ Setup ..................................................................................449
30.2 DMZ Port Filter Setup ....................................................................................449
30.3 TCP/IP Setup .................................................................................................449
30.3.1 IP Address ............................................................................................450
30.3.2 IP Alias Setup .......................................................................................450
Chapter 31
Route Setup .......................................................................................................... 453
31.1 Configuring Route Setup ................................................................................453
31.2 Route Assessment .........................................................................................453
31.3 Traffic Redirect ...............................................................................................454
31.4 Route Failover ................................................................................................455
Chapter 32
Remote Node Setup ............................................................................................. 457
32.1 Introduction to Remote Node Setup ...............................................................457
32.2 Remote Node Setup .......................................................................................457
32.3 Remote Node Profile Setup ...........................................................................457
32.3.1 Ethernet Encapsulation .........................................................................458
32.3.2 PPPoE Encapsulation ...........................................................................459
32.3.2.1 Outgoing Authentication Protocol ................................................460
32.3.2.2 Nailed-Up Connection .................................................................460
32.3.2.3 Metric ..........................................................................................460
32.3.3 PPTP Encapsulation .............................................................................461
32.4 Edit IP .............................................................................................................462
32.5 Remote Node Filter ........................................................................................464
Chapter 33
IP Static Route Setup........................................................................................... 467
33.1 IP Static Route Setup .....................................................................................467
Chapter 34
Network Address Translation (NAT) ................................................................... 469
34.1 Using NAT ......................................................................................................469
34.1.1 SUA (Single User Account) Versus NAT ..............................................469
34.1.2 Applying NAT ........................................................................................469
34.2 NAT Setup ......................................................................................................471
34.2.1 Address Mapping Sets ..........................................................................472
34.2.1.1 SUA Address Mapping Set .........................................................472
34.2.1.2 User-Defined Address Mapping Sets ..........................................473
34.2.1.3 Ordering Your Rules ....................................................................474
19
ZyWALL 35 User’s Guide
34.3 Configuring a Server behind NAT ..................................................................476
34.4 General NAT Examples ..................................................................................479
34.5 Trigger Port Forwarding .................................................................................486
Chapter 35
Introducing the ZyWALL Firewall ....................................................................... 489
35.1 Using ZyWALL SMT Menus ...........................................................................489
Chapter 36
Filter Configuration.............................................................................................. 491
36.1 Introduction to Filters ......................................................................................491
36.2 Configuring a Filter Set ..................................................................................494
36.3 Example Filter ................................................................................................500
36.4 Filter Types and NAT ......................................................................................502
36.5 Firewall Versus Filters ....................................................................................502
36.6 Applying a Filter ............................................................................................503
34.4.1 Internet Access Only .............................................................................479
34.4.2 Example 2: Internet Access with an Default Server ..............................480
34.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............480
34.4.4 Example 4: NAT Unfriendly Application Programs ...............................484
34.5.1 Two Points To Remember About Trigger Ports .....................................486
35.1.1 Activating the Firewall ...........................................................................489
36.1.1 The Filter Structure of the ZyWALL ......................................................492
36.2.1 Configuring a Filter Rule .......................................................................495
36.2.2 Configuring a TCP/IP Filter Rule ..........................................................496
36.2.3 Configuring a Generic Filter Rule .........................................................498
36.6.1 Applying LAN Filters .............................................................................503
36.6.2 Applying DMZ Filters ............................................................................503
36.6.3 Applying Remote Node Filters ..............................................................504
20
Chapter 37
SNMP Configuration ............................................................................................ 505
37.1 SNMP Configuration ......................................................................................505
37.2 SNMP Traps ...................................................................................................506
Chapter 38
System Information & Diagnosis........................................................................ 507
38.1 Introduction to System Status ........................................................................507
38.2 System Status ................................................................................................507
38.3 System Information and Console Port Speed ................................................509
38.3.1 System Information ...............................................................................509
38.3.2 Console Port Speed ..............................................................................510
38.4 Log and Trace ................................................................................................511
ZyWALL 35 User’s Guide
38.4.1 Viewing Error Log ................................................................................. 511
38.4.2 UNIX Syslog .........................................................................................512
38.4.3 Call-Triggering Packet ..........................................................................515
38.5 Diagnostic ......................................................................................................515
38.5.1 WAN DHCP ..........................................................................................516
Chapter 39
Firmware and Configuration File Maintenance ................................................. 519
39.1 Introduction ....................................................................................................519
39.2 Filename Conventions ...................................................................................519
39.3 Backup Configuration .....................................................................................520
39.3.1 Backup Configuration ...........................................................................520
39.3.2 Using the FTP Command from the Command Line ..............................521
39.3.3 Example of FTP Commands from the Command Line .........................522
39.3.4 GUI-based FTP Clients .........................................................................522
39.3.5 File Maintenance Over WAN ................................................................522
39.3.6 Backup Configuration Using TFTP .......................................................523
39.3.7 TFTP Command Example ....................................................................523
39.3.8 GUI-based TFTP Clients ......................................................................524
39.3.9 Backup Via Console Port ......................................................................524
39.4 Restore Configuration ....................................................................................525
39.4.1 Restore Using FTP ...............................................................................526
39.4.2 Restore Using FTP Session Example ..................................................527
39.4.3 Restore Via Console Port .....................................................................527
39.5 Uploading Firmware and Configuration Files .................................................528
39.5.1 Firmware File Upload ............................................................................528
39.5.2 Configuration File Upload .....................................................................529
39.5.3 FTP File Upload Command from the DOS Prompt Example ................529
39.5.4 FTP Session Example of Firmware File Upload ...................................530
39.5.5 TFTP File Upload ..................................................................................530
39.5.6 TFTP Upload Command Example ........................................................531
39.5.7 Uploading Via Console Port ..................................................................531
39.5.8 Uploading Firmware File Via Console Port ...........................................531
39.5.9 Example Xmodem Firmware Upload Using HyperTerminal ..................532
39.5.10 Uploading Configuration File Via Console Port ..................................532
39.5.11 Example Xmodem Configuration Upload Using HyperTerminal .........533
Chapter 40
System Maintenance Menus 8 to 10................................................................... 535
40.1 Command Interpreter Mode ...........................................................................535
40.1.1 Command Syntax .................................................................................535
40.1.2 Command Usage ..................................................................................536
40.2 Call Control Support .......................................................................................537
21
ZyWALL 35 User’s Guide
40.3 Time and Date Setting ....................................................................................539
Chapter 41
Remote Management ........................................................................................... 543
41.1 Remote Management .....................................................................................543
Chapter 42
IP Policy Routing.................................................................................................. 547
42.1 IP Routing Policy Summary ...........................................................................547
42.2 IP Routing Policy Setup .................................................................................548
42.3 IP Policy Routing Example .............................................................................551
Chapter 43
Call Scheduling .................................................................................................... 555
40.2.1 Budget Management ............................................................................537
40.2.2 Call History ...........................................................................................538
40.3.1 Resetting the Time ................................................................................542
41.1.1 Remote Management Limitations .........................................................545
42.2.1 Applying Policy to Packets ....................................................................550
43.1 Introduction to Call Scheduling ......................................................................555
Chapter 44
VPN/IPSec Setup .................................................................................................. 559
44.1 Introduction ....................................................................................................559
44.2 IPSec Summary Screen .................................................................................560
44.3 IPSec Setup ...................................................................................................562
44.4 IKE Setup .......................................................................................................567
44.5 Manual Setup .................................................................................................569
44.5.1 Active Protocol ......................................................................................569
44.5.2 Security Parameter Index (SPI) ............................................................569
Chapter 45
SA Monitor ............................................................................................................ 573
45.1 Introduction ....................................................................................................573
45.2 Using SA Monitor ...........................................................................................573
Chapter 46
Troubleshooting ................................................................................................... 577
46.1 Problems Starting Up the ZyWALL .................................................................577
46.2 Problems with the LAN Interface ....................................................................577
46.3 Problems with the DMZ Interface ...................................................................578
46.4 Problems with the WAN Interface ..................................................................578
46.5 Problems with Internet Access .......................................................................579
22
ZyWALL 35 User’s Guide
46.6 Problems with the Password ..........................................................................579
46.7 Problems with Remote Management .............................................................579
Appendix A
Hardware Specifications .....................................................................................581
Appendix B
Setting up Your Computer’s IP Address............................................................ 585
Appendix C
IP Subnetting ........................................................................................................ 597
Appendix D
PPPoE ................................................................................................................... 605
Appendix E
PPTP......................................................................................................................607
Appendix F
Wireless LAN and IEEE 802.11 ...........................................................................611
Appendix G
Wireless LAN With IEEE 802.1x .......................................................................... 615
Appendix H
Types of EAP Authentication.............................................................................. 617
Appendix I
Triangle Route ...................................................................................................... 619
Appendix J
SIP Passthrough ................................................................................................. 623
Appendix K
VPN Setup............................................................................................................. 629
Appendix L
Importing Certificates .......................................................................................... 641
Appendix M
Command Interpreter........................................................................................... 653
Appendix N
Firewall Commands ............................................................................................. 655
Appendix O
NetBIOS Filter Commands .................................................................................. 661
Appendix P
23
ZyWALL 35 User’s Guide
Certificates Commands ....................................................................................... 665
Appendix Q
Brute-Force Password Guessing Protection..................................................... 669
Appendix R
Boot Commands ..................................................................................................671
Appendix S
Log Descriptions.................................................................................................. 673
24
ZyWALL 35 User’s Guide
List of Figures
Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ................................ 55
Figure 2 VPN Application .................................................................................................... 56
Figure 3 Change Password Screen .................................................................................... 58
Figure 4 Replace Certificate Screen ................................................................................... 58
Figure 5 Example Xmodem Upload .................................................................................... 60
Figure 6 Web Configurator HOME Screen in Router Mode ................................................ 61
Figure 7 Web Configurator HOME Screen in Bridge Mode ................................................ 64
Figure 8 Home : Show Statistics ......................................................................................... 69
Figure 9 Home : Show Statistics: Line Chart ....................................................................... 70
Figure 10 Home : DHCP Table ............................................................................................ 71
Figure 11 Home : VPN Status ............................................................................................. 72
Figure 12 ISP Parameters : Ethernet Encapsulation .......................................................... 74
Figure 13 ISP Parameters : PPPoE Encapsulation ............................................................ 76
Figure 14 ISP Parameters : PPTP Encapsulation ............................................................... 77
Figure 15 WAN and DNS .................................................................................................... 80
Figure 16 Internet Access Wizard Setup Complete ............................................................ 82
Figure 17 VPN Wizard : Gateway Setting ........................................................................... 84
Figure 18 VPN Wizard : Network Setting ............................................................................ 85
Figure 19 Two Phases to Set Up the IPSec SA .................................................................. 86
Figure 20 VPN Wizard : IKE Tunnel Setting ........................................................................ 90
Figure 21 VPN Wizard : IPSec Setting ................................................................................ 91
Figure 22 VPN Wizard : VPN Status ................................................................................... 93
Figure 23 VPN Wizard Setup Complete .............................................................................. 95
Figure 24 LAN ..................................................................................................................... 100
Figure 25 Static DHCP ........................................................................................................ 102
Figure 26 Physical Network & Partitioned Logical Networks .............................................. 103
Figure 27 IP Alias ................................................................................................................ 103
Figure 28 Port Roles ...........................................................................................................105
Figure 29 Port Roles Change Complete ............................................................................. 105
Figure 30 Bridge Loop: Bridge Connected to Wired LAN ................................................... 107
Figure 31 Bridge .................................................................................................................. 110
Figure 32 RTS Threshold .................................................................................................... 114
Figure 33 ZyWALL Wireless Security Levels ...................................................................... 115
Figure 34 WPA-PSK Authentication .................................................................................... 119
Figure 35 WPA with RADIUS Application Example ............................................................ 120
Figure 36 Wireless: No Security .......................................................................................... 121
25
ZyWALL 35 User’s Guide
Figure 37 Wireless: Static WEP .......................................................................................... 123
Figure 38 Wireless: WPA-PSK ............................................................................................ 124
Figure 39 Wireless: WPA .................................................................................................... 125
Figure 40 Wireless: 802.1x + Dynamic WEP ...................................................................... 126
Figure 41 Wireless: 802.1x + Static WEP ........................................................................... 128
Figure 42 Wireless: 802.1x + No WEP ............................................................................... 129
Figure 43 Wireless: No Access 802.1x + Static WEP ......................................................... 130
Figure 44 MAC Address Filter ............................................................................................. 132
Figure 45 EAP Authentication ............................................................................................. 134
Figure 46 Local User Database .......................................................................................... 136
Figure 47 RADIUS .............................................................................................................. 137
Figure 48 Least Load First Example .................................................................................. 141
Figure 49 Weighted Round Robin Algorithm Example ........................................................ 142
Figure 50 Spillover Algorithm Example ............................................................................... 143
Figure 51 General ............................................................................................................... 144
Figure 52 Load Balancing: Least Load First ....................................................................... 147
Figure 53 Load Balancing: Weighted Round Robin ............................................................ 148
Figure 54 Load Balancing: Spillover ................................................................................... 149
Figure 55 WAN: Ethernet Encapsulation ............................................................................. 150
Figure 56 WAN: PPPoE Encapsulation ............................................................................... 153
Figure 57 WAN: PPTP Encapsulation ................................................................................. 155
Figure 58 Traffic Redirect WAN Setup ................................................................................ 157
Figure 59 Traffic Redirect LAN Setup ................................................................................. 157
Figure 60 Traffic Redirect .................................................................................................... 158
Figure 61 Dial Backup Setup .............................................................................................. 159
Figure 62 Advanced Setup .................................................................................................. 163
Figure 63 DMZ .................................................................................................................... 166
Figure 64 IP Alias ................................................................................................................ 168
Figure 65 DMZ Public Address Example ............................................................................ 169
Figure 66 DMZ Private and Public Address Example ......................................................... 170
Figure 67 Port Roles ...........................................................................................................171
Figure 68 Port Roles Change Complete ............................................................................. 171
Figure 69 ZyWALL Firewall Application .............................................................................. 175
Figure 70 Three-Way Handshake ....................................................................................... 176
Figure 71 SYN Flood ........................................................................................................... 177
Figure 72 Smurf Attack ....................................................................................................... 178
Figure 73 Stateful Inspection ............................................................................................... 180
Figure 74 LAN to WAN Traffic ............................................................................................. 188
Figure 75 WAN to LAN Traffic ............................................................................................. 189
Figure 76 Default Rule (Router Mode) ................................................................................ 190
Figure 77 Default Rule (Bridge Mode) ................................................................................ 191
Figure 78 Rule Summary .................................................................................................... 192
Figure 79 Creating/Editing A Firewall Rule ......................................................................... 194
26
ZyWALL 35 User’s Guide
Figure 80 Creating/Editing A Custom Service ..................................................................... 196
Figure 81 Rule Summary .................................................................................................... 197
Figure 82 Rule Edit Example .............................................................................................. 198
Figure 83 Edit Custom Service Example ............................................................................ 198
Figure 84 My Service Rule Configuration ........................................................................... 199
Figure 85 My Service Example Rule Summary .................................................................. 200
Figure 86 Anti-Probing ........................................................................................................ 203
Figure 87 Firewall Threshold ............................................................................................... 205
Figure 88 Content Filter : General ....................................................................................... 208
Figure 89 Content Filtering Lookup Procedure ................................................................... 210
Figure 90 Content Filter : Categories .................................................................................. 211
Figure 91 Content Filter : Customization ............................................................................. 218
Figure 92 myZyXEL.com Login Screen .............................................................................. 222
Figure 93 myZyXEL.com Account Registration .................................................................. 223
Figure 94 Account Registration Successful ........................................................................ 223
Figure 95 Account Confirmation E-Mail .............................................................................. 224
Figure 96 myZyXEL.com Account Activation ...................................................................... 224
Figure 97 Logged Into myZyXEL.com ................................................................................. 225
Figure 98 Product Registration ........................................................................................... 225
Figure 99 Add New Product ................................................................................................ 226
Figure 100 Product Survey ................................................................................................. 226
Figure 101 Service Management ........................................................................................ 227
Figure 102 myZyXEL.com: My Product .............................................................................. 227
Figure 103 myZyXEL.com: Service Management. .............................................................. 228
Figure 104 Service Registration ......................................................................................... 228
Figure 105 Service Registration: Successful ...................................................................... 229
Figure 106 Service Management: Service Registered ........................................................ 229
Figure 107 Cerberian Login Screen .................................................................................... 231
Figure 108 Content Filtering Reports Main Screen ............................................................. 231
Figure 109 Global Report Screen Example ........................................................................ 232
Figure 110 Requested URLs Example ................................................................................ 232
Figure 111 Encryption and Decryption ................................................................................ 234
Figure 112 IPSec Architecture ............................................................................................ 235
Figure 113 Transport and Tunnel Mode IPSec Encapsulation ............................................ 236
Figure 114 IPSec Summary Fields ...................................................................................... 241
Figure 115 VPN Rules ......................................................................................................... 242
Figure 116 NAT Router Between IPSec Routers ................................................................ 244
Figure 117 VPN Host using Intranet DNS Server Example ................................................ 245
Figure 118 Edit VPN Rule ................................................................................................... 248
Figure 119 Two Phases to Set Up the IPSec SA ................................................................ 254
Figure 120 Edit VPN Rule: Advanced ................................................................................. 256
Figure 121 VPN Manual Setup ........................................................................................... 259
Figure 122 SA Monitor ........................................................................................................ 262
27
ZyWALL 35 User’s Guide
Figure 123 Global Setting ................................................................................................... 263
Figure 124 Telecommuters Sharing One VPN Rule Example ............................................. 264
Figure 125 Telecommuters Using Unique VPN Rules Example ......................................... 265
Figure 126 Certificate Configuration Overview ................................................................... 268
Figure 127 My Certificates .................................................................................................. 269
Figure 128 My Certificate Import ......................................................................................... 271
Figure 129 My Certificate Create ........................................................................................ 272
Figure 130 My Certificate Details ........................................................................................ 275
Figure 131 Trusted CAs ...................................................................................................... 278
Figure 132 Trusted CA Import ............................................................................................. 279
Figure 133 Trusted CA Details ............................................................................................ 281
Figure 134 Trusted Remote Hosts ...................................................................................... 284
Figure 135 Remote Host Certificates .................................................................................. 285
Figure 136 Certificate Details ............................................................................................. 286
Figure 137 Trusted Remote Host Import ............................................................................. 287
Figure 138 Trusted Remote Host Details ............................................................................ 288
Figure 139 Directory Servers .............................................................................................. 290
Figure 140 Directory Server Add ......................................................................................... 291
Figure 141 How NAT Works ................................................................................................ 295
Figure 142 NAT Application With IP Alias ........................................................................... 295
Figure 143 NAT Overview ................................................................................................... 298
Figure 144 Address Mapping .............................................................................................. 300
Figure 145 Address Mapping Edit ....................................................................................... 301
Figure 146 Multiple Servers Behind NAT Example ............................................................. 304
Figure 147 Port Translation Example .................................................................................. 305
Figure 148 Port Forwarding ................................................................................................ 306
Figure 149 Trigger Port Forwarding Process: Example ...................................................... 307
Figure 150 Port Triggering .................................................................................................. 308
Figure 151 Example of Static Routing Topology ................................................................. 311
Figure 152 IP Static Route .................................................................................................. 312
Figure 153 Edit IP Static Route ........................................................................................... 313
Figure 154 Policy Route Summary ..................................................................................... 316
Figure 155 Edit IP Policy Route .......................................................................................... 318
Figure 156 Application-based Bandwidth Management Example ....................................... 322
Figure 157 Subnet-based Bandwidth Management Example ............................................. 323
Figure 158 Application and Subnet-based Bandwidth Management Example ................... 323
Figure 159 Bandwidth Allotment Example .......................................................................... 325
Figure 160 Maximize Bandwidth Usage Example ............................................................... 326
Figure 161 Bandwidth Borrowing Example ......................................................................... 327
Figure 162 Bandwidth Manager: Summary ......................................................................... 328
Figure 163 Bandwidth Manager: Class Setup ..................................................................... 330
Figure 164 Bandwidth Manager: Edit Class ........................................................................ 331
Figure 165 Bandwidth Management Statistics .................................................................... 333
28
Loading...