The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Copyright3
ZyWALL 5/35/70 Series User’s Guide
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This device has been tested and found to comply with the limits for a Class B digital device
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial environment. This device generates,
uses, and can radiate radio frequency energy, and if not installed and used in accordance with
the instructions, may cause harmful interference to radio communications.
If this device does cause harmful interference to radio/television reception, which can be
determined by turning the device off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
Certifications
1 Reorient or relocate the receiving antenna.
2 Increase the separation between the equipment and the receiver.
3 Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
4 Consult the dealer or an experienced radio/TV technician for help.
Notices
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Viewing Certifications
1 Go to http://www.zyxel.com.
2 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
3 Select the certification you wish to view from this page.
4Certifications
ZyWALL 5/35/70 Series User’s Guide
Safety Warnings
For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device.
• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in
North America or 230V AC in Europe).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.
• If the power adaptor or cord is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.
• CAUTION: RISK OF EXPLOSION IF BATTER Y (on the motherboard) IS REPLACED
BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO
THE INSTRUCTIONS. Dispose them at the applicable co llect ion point for the recy cli ng
of electrical and electronic equipment. For detailed information about recycling of this
product, please contact your local city office, your household waste disposal service or
the store where you purchased the product.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
• Fuse Warning! Replace a fuse only with a fuse of the same type and rating.
Safety Warnings5
ZyWALL 5/35/70 Series User’s Guide
This product is recyclable. Dispose of it properly.
6Safety Warnings
ZyWALL 5/35/70 Series User’s Guide
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of fai lure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty
shall not apply if the product has been modified, misused, tampered with, damaged by an act
of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned pro du cts without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information
at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
ZyXEL Limited Warranty7
ZyWALL 5/35/70 Series User’s Guide
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Customer Support
METHOD
LOCATION
CORPORATE
HEADQUARTERS
(WORLDWIDE)
COSTA RICA
CZECH REPUBLIC
DENMARK
FINLAND
FRANCE
GERMANY
HUNGARY
KAZAKHSTAN
NORTH AMERICA
SUPPORT E-MAILTELEPHONEWEB SITE
SALES E-MAILFAXFTP SITE
support@zyxel.com.tw +886-3-578-3942www.zyxel.com
www.europe.zyxel.com
sales@zyxel.com.tw+886-3-578-2439ftp.zyxel.com
ftp.europe.zyxel.com
soporte@zyxel.co.cr+506-2017878www.zyxel.co.crZyXEL Costa Rica
sales@zyxel.co.cr+506-2015098ftp.zyxel.co.cr
Note: Register your product online to receive e-mail no tices of firmware upgrades and
information at www.zyxel.com
North American products.
Your ZyWALL is easy to install and configure.
About This User's Guide
This manual is designed to guide you through the configuration of your ZyWALL for its
various applications. The web configurator parts of this guide contain background information
on features configurable by web configurator. The SMT parts of this guide contain
background information solely on features not configurable by web configurator.
Note: Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your ZyWALL. Not all features can be
configured through all interfaces.
for global products, or at www.us.zyxel.com for
Related Documentation
• Supporting Disk
Refer to the included CD for support documents.
• Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. It contains
connection information and instructions on getting started.
Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary
information.
• ZyXEL Web Site
Please go to http://www.zyxel.com for product news, firmware, updated documents, and
other support materials.
User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for
improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing
Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park,
Hsinchu, 300, Taiwan. Thank you!
Preface53
ZyWALL 5/35/70 Series User’s Guide
Syntax Conventions
• “Enter” means for you to type one or more characters. “Select” or “Choose” means for
you to use one predefined choices.
• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field
choices are in Bold Arial font. Command and arrow keys are enclosed in square
brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key
and [SPACE BAR] means the Space Bar.
• Mouse action sequences are denoted using a comma. For example, “In Windows, click
Start, Settings and then Control Panel” means first click the Start button, then point
your mouse pointer to Settings and then click Control Panel.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
Graphics Icons Key
ZyWALLComputerNotebook computer
ServerDSLAMFirewall
TelephoneSwitchRouter
Wireless Signal
54Preface
ZyWALL 5/35/70 Series User’s Guide
CHAPTER1
Getting to Know Your ZyWALL
This chapter introduces the main features and applications of the ZyWALL.
1.1 ZyWALL Internet Security Appliance Overview
The ZyWALL is loaded with security features including VPN, firewall, content filtering, antispam, IDP (Intrusion Detection and Prevention), anti-virus and certificates. The ZyWALL’s
De-Militarized Zone (DMZ) increases LAN security by providing separate ports for
connecting publicly accessible servers. The ZyWALL 70 and ZyWALL 35 are designed for
small and medium sized business that need the increased throughput and reliability of dual
WAN ports and load balancing. The ZyWALL 35 and ZyWALL 5 provide the option to
change port roles from LAN to DMZ.
You can also deploy the ZyWALL as a transparent firewall in an existing network with
minimal configuration.
The ZyWALL provides bandwidth management, NAT, port forwarding, policy routing (not
available for the ZyWALL 5), DHCP server and many other powerful features.
You can add a IEEE 802.11b/g-compliant wireless LAN by either inserting a wireless LAN
card into the PCMCIA/CardBus slot or connecting an access point (AP) to an Ethernet port in
a WLAN port role. If you insert a wireless LAN card to add a WLAN, the ZyWALL offers
highly secured wireless connectivity to your wired network with IEEE 802.1x, WEP data
encryption, WPA (Wi-Fi Protected Access) and MAC address filtering. You can use the
wireless card as part of the LAN, DMZ or WLAN.
1.2 ZyWALL Features
The following table lists model specific features.
Note: See the product specifications in the appendix for detailed features and
standards support.
Table 1 ZyWALL Model Specific Features
MODEL #
FEATURE
Multiple WANOO
Load BalancingOO
Chapter 1 Getting to Know Your ZyWALL55
70355
ZyWALL 5/35/70 Series User’s Guide
Table 1 ZyWALL Model Specific Features
MODEL #
FEATURE
Changing Port Roles between the LAN and DMZOO
Policy RouteOO
Table Key: An O in a mode’s column shows that the device mode has the specified feature.
The information in this table was correct at the time of writing, although it may be subject to
change.
1.2.1 Physical Features
LAN Port
The 10/100 Mbps auto-negotiating Ethernet LAN port(s) allows the ZyWALL to detect the
speed of incoming transmissions and adjust appropriately without manual intervention. It
allows data transfers of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode
depending on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X)
meaning they automatically adjust to either a crossover or straight-through Ethernet cable.
DMZ Ports
70355
Public servers (Web, FTP, etc.) attached to a DeMilitarized Zone (DMZ) port are visible to the
outside world (while still being protected from DoS (Denial of Service) attacks such as SYN
flooding and Ping of Death) and can also be accessed from the secure LAN.
The 10/100 Mbps auto-negotiating Ethernet ports allow the ZyWALL to detect the speed of
incoming transmissions and adjust appropriately without manual intervention. They allow data
transfers of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending
on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they
automatically adjust to either a crossover or straight-through Ethernet cable.
WLAN Ports
You can set some of the Ethernet ports to a WLAN port role. This allows you to connect
wireless LAN Access Points (APs) to extend the ZyWALL’s wireless LAN coverage area.
Dual Auto-negotiating 10/100 Mbps Ethernet WAN (Single on the ZyWALL 5)
The Ethernet WAN ports connect to the Internet via broadband modem or router. You can use
a second connection for load sharing to increase overall network throughput or as a backup to
enhance network reliability.
56Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
The 10/100 Mbps auto-negotiating Ethernet ports allow the ZyWALL to detect the speed of
incoming transmissions and adjust appropriately without manual intervention. They allow data
transfers of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending
on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they
automatically adjust to either a crossover or straight-through Ethernet cable.
Dial Backup WAN
The dial backup port can be used in reserve as a traditional dial-up connection when/if ever the
WAN, (or WAN 1, 2) and traffic redirect connections fail.
Time and Date
The ZyWALL allows you to get the current time and date from an external server when you
turn on your ZyWALL. You can also set the time manually. The Real Time Chip (RTC) keeps
track of the time and date.
Reset Button
Use the reset button to restore the factory default password to 1234; IP address to 192.168.1.1,
subnet mask to 255.255.255.0 and DHCP server enabled with a pool of 32 IP addresses
starting at 192.168.1.33.
Dual PCMCIA and CardBus Slot
The dual PCMCIA and CardBus slot provides the option of a wireless LAN. You can
alternatively insert a ZyWALL Turbo Card to use the anti-virus and IDP features.
IEEE 802.11 b/g Wireless LAN
The optional wireless LAN card provides mobility and a fast network environment for small
and home offices. Users can connect to the local area network without any wiring efforts and
enjoy reliable high-speed connectivity .
1.2.2 Non-Physical Features
Load Balancing
The ZyWALL improves quality of service and maximizes bandwidth utilization by dividing
traffic loads between the two WAN interfaces (or ports).
Transparent Firewall
Transparent firewall is also known as a bridge firewall. The ZyWALL can act as a bridge and
still have the capability of filtering and inspecting the packets between a router and the LAN,
or two routers. You do not need to do any other changes to your existing network.
Chapter 1 Getting to Know Your ZyWALL57
ZyWALL 5/35/70 Series User’s Guide
SIP Passthrough
The ZyWALL includes a SIP Application Layer Gateway (ALG). It allows VoIP calls to pass
through NAT by examining and translating IP addresses embedded in the data stream.
STP (Spanning Tree Protocol) / RSTP (Rapid STP)
When the ZyWALL is set to bridge mode, (R)STP detects and breaks network loops and
provides backup links between switches, bridges or routers. It allows a bridge to interact with
other (R)STP -compliant bridges in your network to ensure that only one path exists between
any two stations on the network.
Bandwidth Management
Bandwidth management allows you to allocate network resources according to defined
policies. This policy-based bandwidth allocation helps your network to better handle real-time
applications such as Voice-over-IP (VoIP).
IPSec VPN Capability
Establish a Virtual Private Network (VPN) to connect with business partners and branch
offices using data encryption and the Internet to provide secure communications without the
expense of leased site-to-site lines. The ZyWALL VPN is based on the IPSec standard and is
fully interoperable with other IPSec-based VPN products.
X-Auth (Extended Authentication)
X-Auth provides added security for VPN by requiring each VPN client to use a username and
password.
Certificates
The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates
are based on public-private key pairs. Certificates provide a way to exchange public keys for
use in authentication.
SSH
The ZyWALL uses the SSH (Secure Shell) secure communication protocol to provide secure
encrypted communication between two hosts over an unsecured network.
HTTPS
HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol
that encrypts and decrypts web sessions. Use HTTPS for secure web configurator access to the
ZyWALL
58Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
Firewall
The ZyWALL is a stateful inspection firewall with DoS (Denial of Service) protection. By
default, when the firewall is activated, all incoming traffic from the WAN to the LAN is
blocked unless it is initiated from the LAN. The ZyWALL firewall supports TCP/UDP
inspection, DoS detection and prevention, real time alerts, reports and logs.
Content Filtering
The ZyWALL can block web features such as ActiveX controls, Java applets and cookies, as
well as disable web proxies. The ZyWALL can block or allow access to web sites that you
specify. The ZyWALL can also block access to web sites containing keywords that you
specify. You can define time periods and days during which content filtering is enabled and
include or exclude a range of users on the LAN from content filtering.
You can also subscribe to category-based content filtering that allows your ZyWALL to check
web sites against an external database of dynamically updated ratings of millions of web sites.
Anti-Spam
The ZyWALL’s anti-spam feature helps detect and mark or discard junk e-mail (spam). he
ZyWALL has a whitelist for identifying legitimate e-mail and a blacklist for identifying spam
email. You can also subscribe to an anti-spam external database service that checks e-mail
against more than a million know spam patterns.
Anti-Virus Scanner
With the anti-virus packet scanner , your ZyWALL scans files transmitting through the enabled
interfaces into the network. The ZyWALL helps stop threats at the network edge before they
reach the local host computers.
Intrusion Detection and Prevention (IDP)
IDP can detect and take actions on malicious or suspicious packets and traffic flows.
ZyWALL Turbo Card
ZyWALL Turbo Card is a co-processor accelerator that is used in conjunction with your
ZyWALL for fast, efficient IDP (Intrusion Detection and Prevention) and AV (Anti Virus)
traffic inspection.
Universal Plug and Play (UPnP)
Using the standard TCP/IP protocol, the ZyWALL and other UPnP-enabled devices can
dynamically join a network, obtain an IP address and convey its capabilities to other devices
on the network.
Chapter 1 Getting to Know Your ZyWALL59
ZyWALL 5/35/70 Series User’s Guide
RADIUS (RFC2138, 2139)
The ZyWALL can work with a RADIUS (Remote Authentication Dial In User Service) server
for user authentication, authorization and accounting.
IEEE 802.1x for Network Security
The ZyWALL supports the IEEE 802.1x standard that works with the IEEE 802.11 to enhance
user authentication. With the local user profile, the ZyWALL allows you to configure user
profiles without a network authentication server. In addition, centralized user and accounting
management is possible on an optional network authentication server.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.
Key differences between WPA and WEP are user authentication and improved data
encryption.
Wireless LAN MAC Address Filtering
Your ZyWALL can check the MAC addresses of wireless stations against a list of allowed or
denied MAC addresses.
WEP Encryption
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless
network to help keep network communications private.
Packet Filtering
The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.
Call Scheduling
Configure call time periods to restrict and allow access for users on remote nodes.
PPPoE
PPPoE facilitates the interaction of a host with an Internet modem to achieve access to highspeed data networks via a familiar "dial-up networking" user interface.
PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using a
TCP/IP-based network.
60Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
PPTP supports on-demand, multi-protocol and virtual private networking over public
networks, such as the Internet. The ZyWALL supports one PPTP server connection at any
given time.
Dynamic DNS Support
With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for
a dynamic IP address, allowing the host to be more easily accessible from various locations on
the Internet. You must register for this service with a Dynamic DNS service provider.
IP Multicast
Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group
Management Protocol) is the protocol used to support multicast groups. The latest version is
version 2 (see RFC 2236); the ZyWALL supports both versions 1 and 2.
IP Alias
IP Alias allows you to partition a physical network into logical networks over the same
Ethernet interface. The ZyWALL supports three logical LAN, WLAN and/or DMZ interfaces
via its single physical Ethernet LAN, WLAN and/or DMZ interface with the ZyWALL itself
as the gateway for each network.
IP Policy Routing
IP Policy Routing provides a mechanism to override the default routing behavior and alter
packet forwarding based on the policies defined by the network administrator.
Central Network Management
Central Network Management (CNM) allows an enterprise or service provider network
administrator to manage your ZyWALL. The enterprise or service provider network
administrator can configure your ZyWALL, perform firmware upgrades and do
troubleshooting for you.
SNMP
SNMP (Simple Network Management Protocol) is a protocol used for exchanging
management information between network devices. SNMP is a member of the TCP/IP
protocol suite. Your ZyWALL supports SNMP agent functionality, which allows a manager
station to manage and monitor the ZyWALL through the network. The ZyWALL supports
SNMP version one (SNMPv1).
Chapter 1 Getting to Know Your ZyWALL61
ZyWALL 5/35/70 Series User’s Guide
Network Address Translation (NAT
Network Address Translation (NAT) allows the translation of an Internet protocol address
used within one network (for example a private IP address used in a local network) to a
different IP address known within another network (for example a public IP address used on
the Internet).
T raffic Redirect
Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the ZyWALL
cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN
connection fails.
Port Forwarding
Use this feature to forward incoming service requests to a server on your local network. You
may enter a single port number or a range of port numbers to be forwarded, and the local IP
address of the desired server.
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to
obtain the TCP/IP configuration at start-up from a centralized DHCP server. The ZyWALL
has built-in DHCP server capability, enabled by default, which means it can assign IP
addresses, an IP default gateway and DNS servers to all systems that support the DHCP client.
The ZyWALL can also act as a surrogate DHCP server (DHCP Relay) where it relays IP
address assignment from the actual real DHCP server to the clients.
Full Network Management
The embedded web configurator is an all-platform web-based utility that allows you to easily
access the ZyWALL’s management settings and configure the firewall. Most functions of the
ZyWALL are also software configurable via the SMT (System Management Terminal)
interface. The SMT is a menu-driven interface that you can access from a terminal emulator
through the console port or over a telnet connection.
RoadRunner Support
In addition to standard cable modem services, the ZyWALL supports Time Warner’s
RoadRunner Service.
Logging and Tracing
Built-in message logging and packet tracing.
Syslog facility support.
62Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
Upgrade ZyWA LL Firmware via LAN
The firmware of the ZyWALL can be upgraded via the LAN.
Embedded FTP and TFTP Servers
The ZyWALL’s embedded FTP and TFTP Servers enable fast firmware upgrades as well as
configuration file backups and restoration.
1.3 Applications for the ZyWALL
Here are some examples of what you can do with your ZyWALL.
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem
You can connect a cable modem, DSL or wireless modem to the ZyWALL for broadband
Internet access via Ethernet or wireless port on the modem. The ZyW ALL guarantees not only
high speed Internet access, but secure internal network protection and traffic management as
well.
Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem
1.3.2 VPN Application
ZyWALL VPN is an ideal cost-effective way to connect branch offices, business partners and
telecommuters over the Internet without the need (and expense) for leased lines between sites.
Chapter 1 Getting to Know Your ZyWALL63
ZyWALL 5/35/70 Series User’s Guide
Figure 2 VPN Application
1.3.3 Front Panel Lights
Figure 3 ZyWALL 70 Front Panel
Figure 4 ZyWALL 35 Front Panel
Figure 5 ZyWALL 5 Front Panel
The following table describes the lights.
Table 2 Front Panel Lights
LEDCOLORSTATUSDESCRIPTION
PWROffThe ZyWALL is turned off.
GreenOnThe ZyWALL is turned on.
RedOnThe po wer to the ZyWALL is too low.
SYSGreenOffThe ZyWALL is not ready or has failed.
OnThe ZyWALL is ready and running.
FlashingThe ZyWALL is restarting.
ACTGreenOffThe backup port is not connected.
FlashingThe backup port is sending or receiving packets.
64Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
Table 2 Front Panel Lights (continued)
LEDCOLORSTATUSDESCRIPTION
CARDGreenOffThe wireless LAN is not ready, or has failed.
OnThe wireless LAN is ready.
FlashingThe wireless LAN is sending or receiving packets.
LAN 10/100
(ZyWALL 70
only)
WAN1/2 10/100
or
WAN 10/100
DMZ 10/100
(ZyWALL 70
only)
LAN/DMZ 10/
100
(ZyWALL 35
and ZyWALL 5)
GreenOnThe ZyWALL has a successful 10Mbps Ethernet connection.
OrangeOnThe ZyWALL has a successful 100Mbps Ethernet
GreenOnThe ZyWALL has a successful 10Mbps WAN connection.
OrangeOnThe ZyWALL has a successful 100Mbps WAN connection.
GreenOnThe ZyWALL has a successful 10Mbps Ethernet connection.
OrangeOnThe ZyWALL has a successful 100Mbps Ethernet
GreenOnThe ZyWALL has a successful 10Mbps Ethernet connection.
OrangeOnThe ZyWALL has a successful 100Mbps Ethernet
OffThe LAN/DMZ is not connected.
FlashingThe 10M LAN is sending or receiving packets.
connection.
FlashingThe 100M LAN is sending or receiving packets.
OffThe WAN connection is not ready, or has failed.
FlashingThe 10M WAN is sending or receiving packets.
FlashingThe 100M WAN is sending or receiving packets.
OffThe LAN/DMZ is not connected.
FlashingThe 10M LAN is sending or receiving packets.
connection.
FlashingThe 100M LAN is sending or receiving packets.
OffThe LAN/DMZ is not connected.
FlashingThe 10M LAN is sending or receiving packets.
connection.
FlashingThe 100M LAN is sending or receiving packets.
Chapter 1 Getting to Know Your ZyWALL65
ZyWALL 5/35/70 Series User’s Guide
66Chapter 1 Getting to Know Your ZyWALL
Introducing the Web
This chapter describes how to access the ZyWALL web configurator and provides an
overview of its screens.
2.1 Web Configurator Overview
The web configurator is an HTML-based management interface that allows easy ZyWALL
setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape
Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
ZyWALL 5/35/70 Series User’s Guide
CHAPTER2
Configurator
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by
default in Windows XP SP (Service Pack) 2.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
See the Troubleshooting chapter if you want to make sure these functions are allowed in
Internet Explorer or Netscape Navigator.
2.2 Accessing the ZyWALL Web Configurator
Note: By default, the packets from WLAN to WLAN/ZyWALL are dropped and users
cannot configure the ZyWALL wirelessly.
1 Make sure your ZyWALL hardware is properly connected and prepare your computer/
computer network to connect to the ZyWALL (refer to the Quick Start Guide).
2 Launch your web browser.
3 Type "192.168.1.1" as the URL.
4 Type "1234" (default) as the password and click Login. In some versions, the default
password appears automatically - if this is the case, click Login.
5 You should see a screen asking you to change your password (highly recommended) as
shown next. Type a new password (and retype it to confirm) and click Apply or click
Ignore.
Chapter 2 Introducing the Web Configurator67
ZyWALL 5/35/70 Series User’s Guide
Figure 6 Change Password Screen
6 Click Apply in the Replace Certificate screen to create a certificate using your
ZyWALL’s MAC address that will be specific to this device.
Note: If you do not replace the default certificate here or in the CERTIFICATES
screen, this screen displays every time you access the web configurator.
Figure 7 Replace Certificate Screen
7 You should now see the HOME screen (see Figure 10 on page 71).
Note: The management session automatically times out when the time period set in
the Administrator Inactivity Timer field expires (default five minutes). Simply
log back into the ZyWALL if this happens to you.
2.3 Resetting the ZyWALL
If you forget your password or cannot access the web configurator , you will need to reload the
factory-default configuration file or use the RESET button on the back of the ZyWALL.
Uploading this configuration file replaces the current configuration file with the factorydefault configuration file. This means that you will lose all configurations that you had
previously and the speed of the console port will be reset to the default of 9600bps with 8 data
bit, no parity, one stop bit and flow control set to none. The password will be reset to 1234,
also.
2.3.1 Procedure To Use The Reset Button
Make sure the SYS LED is on (not blinking) before you begin this procedure.
68Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
1 Press the RESET button for ten seconds, and then release it. If the SYS LED begins to
blink, the defaults have been restored and the ZyWALL restarts. Otherwise, go to step 2.
2 Turn the ZyWALL off.
3 While pressing the RESET button, turn the ZyWALL on.
4 Continue to hold the RESET button. The SYS LED will begin to blink andflicker very
quickly after about 20 seconds. This indicates that the defaults have been restored and the
ZyWALL is now restarting.
5 Release the RESETbutton and wait for the ZyWALL to finish restarting.
2.3.2 Uploading a Configuration File Via Console Port
1 Download the default configuration file from the ZyXEL FTP site, unzip it and save it in
a folder.
2 Turn off the ZyWALL, begin a terminal emulation software session and turn on the
ZyWALL again. When you see the message "Press Any key to enter Debug Mode within
3 seconds", press any key to enter debug mode.
3 Enter "y" at the prompt below to go into debug mode.
4 Enter "atlc" after "Enter Debug Mode" message.
5 Wait for "Starting XMODEM upload" message before activating Xmodem upload on
your terminal. This is an example Xmodem configuration upload using HyperTerminal.
Figure 8 Example Xmodem Upload
Type the configuration file’s location,
or click Browse to search for it.
Choose the Xmodem protocol.
Then click Send.
6 After successful firmware upload, enter "atgo" to restart the router.
2.4 Navigating the ZyWALL Web Configurator
The following summarizes how to navigate the web configurator from the HOME screen.
This guide uses the ZyWALL 70 screenshots as an example. The screens may vary slightly for
different ZyWALL models.
Chapter 2 Introducing the Web Configurator69
ZyWALL 5/35/70 Series User’s Guide
Figure 9 HOME Screen
A
B
C
As illustrated above, the main screen is divided into these parts:
• A - title bar
• B - navigation panel
• C - main window
• D - status bar
2.4.1 Title Bar
The title bar provides some icons in the upper right corner.
The icons provide the following functions.
Table 3 Title Bar: Web Configurator Icons
ICON DESCRIPTION
D
Wizards: Click this icon to open one of the web configurator wizards. See Chapter 3
on page 89 for more information.
Help: Click this icon to open the help page for the current screen.
70Chapter 2 Introducing the Web Configurator
2.4.2 Main Window
The main window shows the screen you select in the navigation panel. It is discussed in more
detail in the rest of this document.
Right after you log in, the HOME screen is displayed. The screen varies according to the
device mode you select in the MAINTENANCE > Device Mode screen.
2.4.3 HOME Screen: Router Mode
The following screen displays when the ZyWALL is set to router mode. This screen displays
general status information about the ZyWALL. The ZyWALL is set to router mode by default.
Not all fields are available on all models.
Figure 10 Web Configurator HOME Screen in Router Mode
ZyWALL 5/35/70 Series User’s Guide
The following table describes the labels in this screen.
Table 4 Web Configurator HOME Screen in Router Mode
LABELDESCRIPTION
Automatic Refresh
Interval
RefreshClick this button to update the status screen statistics immediately.
System Information
Chapter 2 Introducing the Web Configurator71
Select a number of seconds or None from the drop-down list box to update all
screen statistics automatically at the end of every time interval or to not update the
screen statistics.
ZyWALL 5/35/70 Series User’s Guide
Table 4 Web Configurator HOME Screen in Router Mode (continued)
LABELDESCRIPTION
System NameThis is the System Name you enter in the MAINTENANCE > General screen. It is
for identification purposes. Click the field label to go to the screen where you can
specify a name for this ZyWALL.
ModelThis is the model name of your ZyWALL.
Bootbase VersionThis is the bootbase version and the date created.
Firmware VersionThis is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's
Up TimeThis field displays how long the ZyW ALL has been running since it last started up.
System TimeThis field displays your ZyWALL’s presentdate (in yyyy-mm -dd format) and time
Device ModeThis displays whether the ZyWALL is functioning as a router or a bridge. Click the
FirewallThis displays whether or not the ZyWALL’s firewall is activated. Click the field
System Resources
FlashThe first number shows how many megabytes of the flash the ZyWALL is using.
MemoryThe first number shows how many megabytes of the heap memory the ZyWALL is
SessionsThe first number shows how many sessions are currently open on the ZyWALL.
CPUThis field displays what percentage of the ZyWALL’s processing ability is currently
InterfacesThis is the port type.
proprietary Network Operating System design. Click the field label to go to the
screen where you can upload a new firmware file.
The ZyWALL starts up when you turn it on, when you restart it (MAINTENANCE >
Restart), or when you reset it (seeSection 2.3 on page 68).
(in hh:mm:ss format) along with the difference from the Greenwich Mean Time
(GMT) zone. The difference from GMT is based on the time zone. It is also
adjusted for Daylight Saving Time if you set the ZyWALL to use it. Click the field
label to go to the screen where you can modify the ZyWALL’s date and time
settings.
field label to go to the screen where you can configure the ZyWALL as a router or
a bridge.
label to go to the screen where you can turn the firewall on or off.
using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL
Network Operating System) and is thus available for running processes like NAT,
VPN and the firewall.
The second number shows the ZyWALL's total heap memory (in megabytes).
The bar displays what percent of the ZyWALL's heap memory is in use. The bar
turns from green to red when the maximum is being approached.
This includes all sessions that are currently traversing the ZyWALL, terminating at
the ZyWALL or Initiated from the ZyWALL
The second number is the maximum number of sessions that can be open at one
time.
The bar displays what percent of the maximum number of sessions is in use. The
bar turns from green to red when the maximum is being approached.
used. When this percentage is close to 100%, the ZyWALL is running at full load,
and the throughput is not going to improve anymore. If you want some
applications to have more throughput, you should turn off other applications (for
example, using bandwidth management.
Click "+" to expand or "-" to collapse the IP alias drop-down lists.
Hold your cursor over an interface’s label to display the interface’s MAC Address.
Click an interface’s label to go to the screen where you can configure settings for
that interface.
72Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
Table 4 Web Configurator HOME Screen in Router Mode (continued)
LABELDESCRIPTION
StatusFor the LAN, DMZ and WLAN ports, this displays the port speed and duplex
setting. Ethernet port connections can be in half-duplex or full-duplex mode. Full-
duplex refers to a device's ability to send and receive simultaneously, while half-
duplex indicates that traffic can flow in only one direction at a time. The Ethernet
port must use the same speed or duplex mode setting as the peer Ethernet port in
order to connect.
For the WAN and Dial Backup ports, it displays the port speed and duplex setting
if you’re using Ethernet encapsulation and Down (line is down or not connected),
Idle (line (ppp) idle), Dial (starting to trigger a call) or Drop (dropping a call) if
you’re using PPPoE encapsulation.
For the WLAN card, it displays the transmission rate when a wireless LAN card is
inserted and WLAN is enabled or Down when a wireless LAN card is not inserted
or WLAN is disabled.
IP/NetmaskThis shows the port’s IP address and subnet mask.
IP Assignment For the WAN, if the ZyWALL gets its IP address automatically from an ISP, this
RenewIf you are using Ethernet encapsulation and the WAN port is configured to get the
Security Services
Turbo CardThis field displays whether or not a ZyWALL Turbo Card is installed.
displays DHCP client when you’re using Ethernet encapsulation and IPCP Client
when you’re using PPPoE or PPTP encapsulation. Static displays if the WAN port
is using a manually entered static (fixed) IP address.
For the LAN, WLAN or DMZ, DHCP server displays when the ZyWALL is set to
automatically give IP address information to the computers connected to the LAN.
DHCP relay displays when the ZyWALL is set to forward IP address assignment
requests to another DHCP server. Static displays if the LAN port is using a
manually entered static (fixed) IP address. In this case, you must have another
DHCP server on your LAN, or else the computers must be manually configured.
For the dial backup port, this shows N/A when dial backup is disabled and IPCP
client when dial backup is enabled.
IP address automatically from the ISP, click Renew to release the WAN port’s
dynamically assigned IP address and get the IP address afresh. Click Dial to dial
up the PPTP, PPPoE or dial backup connection. Click Drop to disconnect the
PPTP, PPPoE or dial backup connection.
Note: The ZyWALL must have a Turbo Card installed and a valid
service subscription to use the IDP and anti-virus features.
IDP/Anti-Virus
Definitions
IDP/Anti-Virus
Expiration Date
Anti-Spam
Expiration Date
Content Filter
Expiration Date
Intrusion DetectedThis displays how many intrusions the ZyWALL has detected since it last started
Chapter 2 Introducing the Web Configurator73
This is the version number of the signatures set that the ZyWALL is using and the
date and time that the set was released. Click the field label to go to the screen
where you can update the signatures. N/A displays when there is no Turbo Card
installed or the service subscription has expired.
This is the date the IDP/anti-virus service subscription expires. Click the field label
to go to the screen where you can update your service subscription.
This is the date the anti-spam service subscription expires. Click the field label to
go to the screen where you can update your service subscription.
This is the date the category-based content filtering service subscription expires.
Click the field label to go to the screen where you can update your service
subscription.
up. N/A displays when there is no Turbo Card installed or the service subscription
has expired.
ZyWALL 5/35/70 Series User’s Guide
Table 4 Web Configurator HOME Screen in Router Mode (continued)
LABELDESCRIPTION
Virus DetectedThis displays how many virus-infected files the ZyWALL has detected since it last
started up. It also displays the percentage of virus-infected files out of the total
number of files that the ZyWALL has scanned (since it last started up). N/A
displays when there is no Turbo Card installed or the service subscription has
expired.
Spam Mail
Detected
Web Site BlockedThis displays how many web site hits the ZyWALL has blocked since it last started
Top 5 Intrusion &
Virus Detections
Rank This is the ranking number of an intrusion or virus. This is an intrusion’s or virus’s
Intrusion DetectedThis is the name of a signature for which the ZyWALL has detected matching
Virus DetectedThis is the name of the virus that the ZyWALL has detected.
Latest Alerts This table displays the five most recent alerts recorded by the ZyWALL. You can
Date/TimeThis is the date and time the alert was recorded.
MessageThis is the reason for the alert.
System Status
Port StatisticsClick Port Statistics to see router performa nce statistics such as the number of
DHCP TableClick DHCP Table to show current DHCP client information.
VPNClick VPN to display the active VPN connections.
BandwidthClick Bandwidth to view the ZyWALL’s bandwidth usage and allotments.
This displays how many spam e-mails the ZyWALL has detected since it last
started up. It also displays the percentage of spam e-mail out of the total number
of e-mails that the ZyWALL has scanned (since it last started up). N/A displays
when the service subscription has expired.
up. N/A displays when the service subscription has expired.
The following is a list of the five intrusions or viruses that the ZyWALL has most
frequently detected since it last started up.
place in the list of most common intrusions or viruses.
packets. The number in brackets indicates how many times the signature has
been matched.
Click the hyperlink for more detailed information on the intrusion.
see more information in the View Log screen, such as the source and destination
IP addresses and port numbers of the incoming packets.
packets sent and number of packets received for each port.
2.4.4 HOME Screen: Bridge Mode
The following screen displays when the ZyWALL is set to bridge mode. In bridge mode, the
ZyWALL functions as a transparent firewall (also known as a bridge firewall). The ZyWALL
bridges traffic traveling between the ZyWALL's interfaces and still filters and inspects
packets. You do not need to change the configuration of your existing network.
In bridge mode, the ZyWALL cannot get an IP address from a DHCP server. The LAN, WAN,
DMZ and WLAN interfaces all have the same (static) IP address and subnet mask. You can
configure the ZyWALL's IP address in order to access the ZyWALL for management. If you
connect your computer directly to the ZyWALL, you also need to assign your computer a
static IP address in the same subnet as the ZyWALL's IP address in order to access the
ZyWALL.
74Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
You can use the firewall and VPN in bridge mode.
Figure 11 Web Configurator HOME Screen in Bridge Mode
The following table describes the labels in this screen.
Table 5 Web Configurator HOME Screen in Bridge Mode
LABELDESCRIPTION
Automatic
Refresh Interval
RefreshClick this button to update the screen’s statistics immediately.
System
Information
System NameThis is the System Name you enter in the MAINTENANCE > General screen. It is
ModelThis is the model name of your ZyWALL.
Bootbase Version This is the bootbase version and the date created.
Firmware Version Th is is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's
Up TimeThis field displays how long the ZyWALL has been running since it last started up.
Select a number of seconds or None from the drop-down list box to update all
screen statistics automatically at the end of every time interval or to not update the
screen statistics.
for identification purposes. Click the field label to go to the screen where you can
specify a name for this ZyWALL.
proprietary Network Operating System design. Click the field label to go to the
screen where you can upload a new firmware file.
The ZyWALL starts up when you turn it on, when you restart it (MAINTENANCE > Restart), or when you reset it (seeSection 2.3 on page 68).
Chapter 2 Introducing the Web Configurator75
ZyWALL 5/35/70 Series User’s Guide
Table 5 Web Configurator HOME Screen in Bridge Mode (continued)
LABELDESCRIPTION
System TimeThis field displays your ZyWALL’s presentdate (in yyyy-mm-dd format) and time (in
hh:mm:ss format) along with the difference from the Greenwich Mean Time (GMT)
zone. The difference from GMT is based on the time zone. It is also adjusted for
Daylight Saving Time if you set the ZyWALL t o use it. Click the field label to go to
the screen where you can modify the ZyWALL’s date and time settings.
Device ModeThis displays whether the ZyWALL is functioning as a router or a bridge. Click the
FirewallThis displays whether or not the ZyWALL’s firewall is activated. Click the field label
System
Resources
FlashThe first number shows how many megabytes of the flash the ZyWALL is using.
MemoryThe first number shows how many megabytes of the heap memory the ZyWALL is
SessionsThe first number shows how many sessions are currently open on the ZyWALL.
CPUThis field displays what percentage of the ZyWALL’s processing ability is currently
Network Status
IP/Netmask
Address
Gateway IP
Address
Rapid Spanning
Tree Protocol
Bridge PriorityThis is the bridge priority of the ZyWALL. The bridge (or switch) with the lowest
Bridge Hello Time This is the interval of BPDUs (Bridge Protocol Data Units) from the root bridge.
Bridge Max AgeThis is the predefined interval that a bridge waits to get a Hello message (BPDU)
Forward DelayThis is the forward delay interval.
Bridge PortThis is the port type. Port types are: WAN (or WAN1, WAN2), LAN, Wireless Card,
field label to go to the screen where you can configure the ZyWALL as a router or a
bridge.
to go to the screen where you can turn the firewall on or off.
using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL
Network Operating System) and is thus available for running processes like NAT,
VPN and the firewall.
The second number shows the ZyWALL's total heap memory (in megabytes).
The bar displays what percent of the ZyWALL's heap memory is in use. The bar
turns from green to red when the maximum is being approached.
This includes all sessions that are currently traversing the ZyWALL, terminating at
the ZyWALL or initiated from the ZyWALL
The second number is the maximum number of sessions that can be open at one
time.
The bar displays what percent of the maximum number of sessions is in use. The
bar turns from green to red when the maximum is being approached.
used. When this percentage is close to 100%, the ZyWALL is running at full load,
and the throughput is not going to improve anymore. If you want some applications
to have more throughput, you should turn off other applications (for example, using
bandwidth management.
This is the IP address and subnet mask of your ZyWALL in dotted decimal notation.
This is the gateway IP address.
This shows whether RSTP (Rapid Spanning Tree Protocol) is active or not. The
following labels or values relative to RSTP do not apply when RSTP is disabled.
bridge priority value in the network is the root bridge (the base of the spanning tree).
from the root bridge.
DMZ and WLAN Interface.
76Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
Table 5 Web Configurator HOME Screen in Bridge Mode (continued)
LABELDESCRIPTION
Port StatusFor the WAN, LAN, DMZ, and WLAN Interfaces, this displays the port speed and
duplex setting. For the WAN port, it displays Down when the link is not ready or has
failed. For the wireless card, it displays the transmission rate when a wireless LAN
card is inserted and WLAN is enabled or Down when a wireless LAN is not inserted
or WLAN is disabled.
RSTP StatusThis is the RSTP status of the corresponding port.
RSTP ActiveThis shows whether or not RSTP is active on the corresponding port.
RSTP PriorityThis is the RSTP priority of the corresponding port.
RSTP Path CostThis is the cost of transmitting a frame from the root bridge to the corresponding
Security Services
Turbo CardThis field displays whether or not a ZyWALL Turbo Card is installed.
port.
Note: The ZyWALL must have a Turbo Card installed and a valid
service subscription to use the IDP and anti-virus features.
IDP/Anti-Virus
Definitions
IDP/Anti-Virus
Expiration Date
Anti-Spam
Expiration Date
Content Filter
Expiration Date
Intrusion
Detected
Virus DetectedThis displays how many virus-infected files the ZyWALL has dete cted since it last
Spam Mail
Detected
Web Site Blocked This displays how many web site hits the ZyWALL has blocked since it last started
Top 5 Intrusion &
Virus Detections
Rank This is the ranking number of an intrusion or virus. This is an intrusion’s or virus’s
Intrusion
Detected
Virus DetectedThis is the name of the virus that the ZyWALL has detected.
This is the version number of the signatures set that the ZyWALL is using and the
date and time that the set was released. Click the field label to go to the screen
where you can update the signatures. N/A displays when there is no Turbo Card
installed or the service subscription has expired.
This is the date the IDP/anti-virus service subscription expires. Click th e field label
to go to the screen where you can update your service subscription.
This is the date the anti-spam service subscription expires. Click the field label to go
to the screen where you can update your service subscription.
This is the date the category-based content filtering service subscription expires.
Click the field label to go to the screen where you can update your service
subscription.
This displays how many intrusions the ZyWALL has detected since it last started
up. N/A displays when there is no Turbo Card installed or the service subscription
has expired.
started up. It also displays the percentage of virus-infected files out of the total
number of files that the ZyWALL has scanned (since it last started up). N/A displays
when there is no Turbo Card installed or the service subscription has expired.
This displays how many spam e-mails the ZyWALL has detected since it last
started up. It also displays the percentage of spam e-mail out of the total number of
e-mails that the ZyWALL has scanned (since it last started up). N/A displays when
the service subscription has expired.
up. N/A displays when the service subscription has expired.
The following is a list of the five intrusions or viruses that the ZyWALL has most
frequently detected since it last started up.
place in the list of most common intrusions or viruses.
This is the name of a signature for which the ZyWALL has detected matching
packets. The number in brackets indicates how many times the signature has been
matched.
Click the hyperlink for more detailed information on the intrusion.
Chapter 2 Introducing the Web Configurator77
ZyWALL 5/35/70 Series User’s Guide
Table 5 Web Configurator HOME Screen in Bridge Mode (continued)
LABELDESCRIPTION
Latest Alerts This table displays the five most recent alerts recorded by the ZyWALL. You can
see more information in the View Log screen, such as the source and destination
IP addresses and port numbers of the incoming packets.
Date/TimeThis is the date and time the alert was recorded.
MessageThis is the reason for the alert.
System Status
Port StatisticsClick Port Statistics to see router performance statistics such as the number of
packets sent and number of packets received for each port.
VPNClick VPN to display the active VPN connections.
BandwidthClick Bandwidth to view the ZyWALL’s bandwidth usage and allotments.
2.4.5 Navigation Panel
After you enter the password, use the sub-menus on the navigation panel to configure
ZyWALL features.
The following table lists the features available for each device mode. Not all ZyWALLs have
all features listed in this table.
Table 6 Bridge and Router Mode Features Comparison
Table Key: An O in a mode’s column shows that the device mode has the specified feature.
The information in this table was correct at the time of writing, although it may be subject to
change.
The following table describes the sub-menus.
Table 7 Screens Summary
LINKTABFUNCTION
HOMEThis screen shows the ZyWALL’s general device and network
status information. Use this screen to access the wizards, statistics
and DHCP table.
REGISTRATION RegistrationUse this screen to register your ZyWALL and activate the trial
service subscriptions.
ServiceUse this to manage and update the service status and license
NETWORK
LANLANUse this screen to configure LAN DHCP and TCP/IP settings.
Static DHCP Use this screen to assign fixed IP addresses on the LAN.
IP AliasUse this screen to partition your LAN interface into subnets.
Port Roles
(ZyWALL 5
and ZyWALL
35)
BRIDGEBridgeUse this screen to change the bridge settings on the ZyWALL.
Port Roles Use this screen to change the DMZ/WLAN port roles on the
information.
Use this screen to change the LAN/DMZ/WLAN port roles.
ZyWALL 70 or the LAN/DMZ/WLAN port roles on the ZyWALL 5 or
ZyWALL 35.
Chapter 2 Introducing the Web Configurator79
ZyWALL 5/35/70 Series User’s Guide
Table 7 Screens Summary (continued)
LINKTABFUNCTION
WANGeneralThis screen allows you to configure load balancing, route priority
Route
(ZyWALL 5
only)
WAN (ZyWALL
5 only)
WAN1
(ZyWALL 35
and ZyWALL
70)
WAN2
(ZyWALL 35
and ZyWALL
70)
Traffic Redirect Use this screen to configure your traffic redirect properties and
Dial BackupUse this screen to configure the backup WAN dial-up connection.
DMZDMZUse this screen to configure your DMZ connection.
Static DHCP Use this screen to assign fixed IP addresses on the DMZ.
IP AliasUse this screen to partition your DMZ interface into subnets.
Port RolesUse this screen to change the DMZ/WLAN port roles on the
WLANWLANUse this screen to configure your WLAN connection.
Static DHCP Use this screen to assign fixed IP addresses on the WLAN.
IP AliasUse this screen to partition your WLAN interface into subnets.
Port RolesUse this screen to change the DMZ/WLAN port roles on the
WIRELESS
CARD
SECURITY
FIREWALLDefault RuleUse this screen to activate/deactivate the firewall and the direction
Wireless CardUse this screen to configure the wireless LAN settings and WLAN
MAC FilterUse this screen to change MAC filter settings on the ZyWALL
Rule Summary This screen shows a summary of the firewall rules, and allows you
Anti-ProbingUse this screen to change your anti-probing settings.
ThresholdUse this screen to configure the threshold for DoS attacks.
ServiceUse this screen to configure custom services.
and traffic redirect properties.
This screen allows you to configure route priority.
Use this screen to configure the WAN port for internet access.
Use this screen to configure the WAN1 port for Internet access.
Use this screen to configure the WAN2 port for Internet access.
parameters.
ZyWALL 70 or the LAN/DMZ/WLAN port roles on the ZyWALL 5 or
ZyWALL 35.
ZyWALL 70 or the LAN/DMZ/WLAN port roles on the ZyWALL 5 or
ZyWALL 35.
authentication/security settings.
of network traffic to which to apply the rule
to edit/add a firewall rule.
80Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
Table 7 Screens Summary (continued)
LINKTABFUNCTION
IDPGeneralUse this screen to enable IDP on the ZyWALL and choose what
interface(s) you want to protect from intrusions.
SignatureUse these screens to view signatures by attack type or search for
signatures by signature name, ID, severity, target operating
system, action etc. You can also configure signature actions here.
UpdateUse this screen to download new signature downloads. It is
Backup &
Restore
ANTI-VIRUS GeneralUse this screen to activate AV scanning on the interface(s) and
SignatureUse these screens to search for signatures by signature name or
UpdateUse this screen to view the version number of the current
Backup &
Restore
ANTI-SPAM GeneralUse this screen to turn the anti-spam feature on or off and set how
External DBUse this screen to enable or disable the use of the anti-spam
ListsUse this screen to configure the whitelist to identify legitimate e-
CONTENT
FILTER
VPNVPN Rules
CERTIFICATESMy Certificates Use this screen to view a summary list of certificates and manage
GeneralThis screen allows you to enable content filtering and block certain
CategoriesUse this screen to select which categories of web pages to filter
CustomizationUse this screen to customize the content filter list.
CacheUse this screen to view and configure the ZyWALL’s URL caching.
(IKE)
VPN Rules
(Manual)
SA Monitor Use this screen to display and manage active VPN connections.
Global SettingUse this screen to configure the IPSec timer settings.
Trusted CAsUse this screen to view and manage the list of the trusted CAs.
Trusted
Remote Hosts
Directory
Servers
important to do this as new intrusions evolve.
Use this screen to back up, restore or revert to the default
signatures’ actions.
specify actions when a virus is detected.
attributes and configure how the ZyWALL uses them.
signatures and configure the signature update schedule.
Use this screen to back up, restore or revert to the default
signatures’ actions.
the ZyWALL treats spam.
external database.
mail and configure the blacklist to identify spam e-mail.
web features.
out, as well as to register for external database content filtering and
view reports.
Use this screen to configure VPN connections using IKE key
management and view the rule summary.
Use this screen to configure VPN connections using manual key
management and view the rule summary.
certificates and certification requests.
Use this screen to view and manage the certificates belonging to
the trusted remote hosts.
Use this screen to view and manage the list of the directory
servers.
Chapter 2 Introducing the Web Configurator81
ZyWALL 5/35/70 Series User’s Guide
Table 7 Screens Summary (continued)
LINKTABFUNCTION
AUTH SERVERLocal User
Database
RADIUSConfigure this screen to use an external server to authenticate
ADVANCED
NATNAT Overview Use this screen to enable NAT.
Address
Mapping
Port
Forwarding
Port Triggering Use this screen to change your ZyWALL’s port triggering settings.
STATIC ROUTE IP Static Route Use this screen to configure IP static routes.
POLICY ROUTE Policy Route
Summary
BW MGMTSummary Use this screen to enable bandwidth management on an interface.
Class SetupUse this screen to set up the bandwidth classes.
MonitorUse this screen to view the ZyWALL’s bandwidth usage and
DNSSystemUse this screen to configure the address and name server records.
CacheUse this screen to configure the DNS resolution cache.
DHCPUse this screen to configure LAN/DMZ/WLAN DNS information .
DDNSUse this screen to set up dynamic DNS.
REMOTE MGMT WWWUse this screen to configure through which interface(s) and from
SSHUse this screen to configure through which interface(s) and from
TELNETUse this screen to configure through which interface(s) and from
FTPUse this screen to configure through which interface(s) and from
SNMPUse this screen to configure your ZyWALL’s settings for Simple
DNSUse this screen to configure through which interface(s) and from
CNMUse this screen to configure and allow your ZyWALL to be
UPnPUPnPUse this screen to enable UPnP on the ZyWALL.
PortsUse this screen to view the NAT port mapping rules that UPnP
ALGALGUse this screen to allow certain applications to pass through the
REPORTS
Use this screen to configure the local user account(s) on the
ZyWALL.
wireless and/or VPN users.
Use this screen to configure network address translation mapping
rules.
Use this screen to configureservers behind the ZyWALL.
Use this screen to view a summary list of all the policies and
configure policies for use in IP policy routing.
allotments.
which IP address(es) users can use HTTPS or HTTP to manage
the ZyWALL.
which IP address(es) users can use Secure Shell to manage the
ZyWALL.
which IP address(es) users can use Telnet to manage the
ZyWALL.
which IP address(es) users can use FTP to access the ZyWALL.
Network Management Protocol management.
which IP address(es) users can send DNS queries to the ZyWALL.
managed by the Vantage CNM server.
creates on the ZyWALL.
ZyWALL.
82Chapter 2 Introducing the Web Configurator
Table 7 Screens Summary (continued)
LINKTABFUNCTION
ZyWALL 5/35/70 Series User’s Guide
SYSTEM
REPORTS
THREAT
REPORTS
LOGSView LogUse this screen to view the logs for the categories that you
LOGOUTClick this label to exit the web configurator.
ReportsUse this screen to have the ZyWALL record and display network
usage reports.
IDPUse this screen to collect and display statistics on the intrusions
that the ZyWALL has detected.
Anti-Virus Use this screen to collect and display statistics on the viruses that
the ZyWALL has detected.
Anti-Spam Use this screen to collect and display statistics on spam mail that
the ZyWALL has detected.
selected.
Log SettingsUse this screen to change your ZyWALL’s log settings.
PasswordUse this screen to change your password.
Time and Date Use this screen to change your ZyWALL’s time and date.
Device ModeUse this screen to configure and have your ZyWALL work as a
F/W UploadUse this screen to upload firmware to your ZyWALL
Backup &
Restore
RestartThis screen allows you to reboot the ZyWALL without turning the
router or a bridge.
Use this screen to backup and restore the configuration or reset
the factory defaults to your ZyWALL.
power off.
2.4.6 Port Statistics
Click PortStatistics in the HOME screen. Read-only information here includes port status
and packet specific statistics. The Poll Interval(s) field is configurable. Not all items
described are available on all models.
Figure 12 HOME > Show Statistics
Chapter 2 Introducing the Web Configurator83
ZyWALL 5/35/70 Series User’s Guide
The following table describes the labels in this screen.
Table 8 HOME > Show Statistics
LABEL DESCRIPTION
Click the icon to display the chart of throughput statistics.
PortThese are the ZyWALL’s interfaces.
StatusFor the WAN and dial backup ports, this displays the port speed and duplex setting if
you’re using Ethernet encapsulation and Down (line is down), Idle (line (ppp) idle),
Dial (starting to trigger a call) or Drop (dropping a call) if you’re using PPPoE
encapsulation. Dial backup is not available in bridge mode.
For the LAN, DMZ and WLAN ports, this displays the port speed and duplex setting.
For the WLAN card, this displays the transmission rate when a wireless LAN card is
inserted and WLAN is enabled or Down when a wireless LAN is not inserted or
WLAN is disabled.
TxPktsThis is the number of transmitted packets on this port.
RxPktsThis is the number of received packets on this port.
Tx B/sThis displays the transmission speed in bytes per second on this port.
Rx B/sThis displays the reception speed in bytes per second on this port.
Up TimeThis is the total amount of time the line has been up.
System Up Time This is the total time the ZyWALL has been on.
Automatic
Refresh Interval
RefreshClick this button to update the screen’s statistics immediately.
Select a number of seconds or None from the drop-down list box to update all
screen statistics automatically at the end of every time interval or to not update the
screen statistics.
2.4.7 Show Statistics: Line Chart
Click the icon in the Show Statistics screen. This screen shows you a line chart of each port’s
throughput statistics.
84Chapter 2 Introducing the Web Configurator
Figure 13 HOME > Show Statistics > Line Chart
The following table describes the labels in this screen.
Table 9 HOME > Show Statistics > Line Chart
ZyWALL 5/35/70 Series User’s Guide
LABEL DESCRIPTION
Click the icon to go back to the Show Statistics screen.
PortSelect the check box(es) to display the throughput statistics of the corresponding
B/sSpecify the direction of the traffic for which you want to show throughput statistics in
Throughput
Range
port(s).
this table.
Select Tx to display transmitted traffic throughput statistics and the amount of traffic
(in bytes). Select Rx to display received traffic throughput statistics and the amount
of traffic (in bytes).
Set the range of the throughput (in B/s, KB/s or MB/s) to display.
Click Set Range to save this setting back to the ZyWALL.
2.4.8 DHCP Table Screen
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual
clients to obtain TCP/IP configuration at start-up from a server. You can configure the
ZyWALL as a DHCP server or disable it. When configured as a server, the ZyWALL provides
the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another
DHCP server on your LAN, or else the computer must be manually configured.
Click ShowDHCP Table in the HOME screen when the ZyWALL is set to router mode.
Read-only information here relates to your DHCP status. The DHCP table shows current
DHCP client information (including IP Address, HostName and MAC Address) of all
network clients using the ZyWALL’s DHCP server.
Chapter 2 Introducing the Web Configurator85
ZyWALL 5/35/70 Series User’s Guide
Figure 14 HOME > DHCP Table
The following table describes the labels in this screen.
Table 10 HOME > DHCP Table
LABEL DESCRIPTION
InterfaceSelect LAN, DMZ or WLAN to show the current DHCP client information for the
specified interface.
# This is the index number of the host computer.
IP AddressThis field displays the IP address relative to the # field listed above.
Host Name This field displays the computer host name.
MAC AddressThe MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network)
is unique to your computer (six pairs of hexadecimal notation).
A network interface card such as an Ethernet adapter has a hardwired address that is
assigned at the factory. This address follows an industry standard that ensures no
other adapter has a similar address.
ReserveSelect the check box in the heading row to automatically select all check boxes or
select the check box(es) in each entry to have the ZyWALL always assign the
selected entry(ies)’s IP address(es) to the corresponding MAC address(es) (and host
name(s)). You can select up to 128 entries in this table. After you click Apply, the
MAC address and IP address also display in the corresponding LAN, DMZ or WLAN
Static DHCP screen (where you can edit them).
RefreshClick Refresh to reload the DHCP table.
2.4.9 VPN Status
Click VPN in the HOME screen when the ZyWALL is set to router mode. This screen
displays read-only information about the active VPN connections. The Poll Interval(s) field is
configurable. A Security Association (SA) is the group of security settings related to a specific
VPN tunnel.
86Chapter 2 Introducing the Web Configurator
Figure 15 HOME > VPN Status
The following table describes the labels in this screen.
ZyWALL 5/35/70 Series User’s Guide
Table 11 HOME > VPN Status
LABELDESCRIPTION
#This is the security association index number.
NameThis field displays the identification name for this VPN policy.
Local NetworkThis field displays the IP address of the computer using the VPN IPSec feature of
your ZyWALL.
Remote Network This field displays IP address (in a range) of computers on the remote network
behind the remote IPSec router.
EncapsulationThis field displays Tunnel or Transport mode.
IPSec AlgorithmThis field displays the security protocols used for an SA.
Both AH and ESP increase ZyWALL processing requirements and communications
latency (delay).
Automatic
Refresh Interval
RefreshClick this button to update the screen’s statistics immediately.
Select a number of seconds or None from the drop-down list box to update all
screen statistics automatically at the end of every time interval or to not update the
screen statistics.
2.4.10 Bandwidth Monitor
Click Bandwidth in the HOME screen to display the bandwidth monitor. This screen displays
the device’s bandwidth usage and allotments.
Chapter 2 Introducing the Web Configurator87
ZyWALL 5/35/70 Series User’s Guide
Figure 16 Home > Bandwidth Monitor
The following table describes the labels in this screen.
LABELDESCRIPTION
InterfaceSelect an interface from the drop-down list box to view the bandwidth usage of
its bandwidth classes.
ClassThis field displays the name of the bandwidth class.
A Default Class automatically displays for all the bandwidth in the Root Class that is not allocated to bandwidth classes. If you do not enable
maximize bandwidth usage on an interface, the ZyWALL uses the bandwidth
in this default class to send traffic that does not match any of the bandwidth
classes.
Budget (kbps)This field displays the amount of bandwidth allocated to the bandwidth class.
Current Usage (kbps)This field displays the amount of bandwidth that each bandwidth class is
using.
Automatic Refresh
Interval
RefreshClick this button to update the screen’s statistics immediately.
a.If you allocate all the root class’s bandwidth to the bandwidth classes, the default class still displays a
budget of 2 kbps (the minimum amount of bandwidth that can be assigned to a bandwidth class).
Select a number of seconds or None from the drop-down list box to update all
screen statistics automatically at the end of every time interval or to not update
the screen statistics.
a
88Chapter 2 Introducing the Web Configurator
This chapter provides information on the Wizard Setup screens in the web configurator. The
Internet access wizard is only applicable when the ZyWALL is in router mode.
3.1 Wizard Setup Overview
The web configurator's setup wizards help you co nfig ure Intern et and VPN co nn ection
settings.
ZyWALL 5/35/70 Series User’s Guide
CHAPTER3
Wizard Setup
In the HOME screen, click the Wizard icon
The following summarizes the wizards you can select:
• Internet Access Setup
Click this link to open a wizard to set up an Internet connection for WAN1 on a
ZyWALL with multiple WAN ports or the WAN port on a ZyWALL with a single WAN
port.
• VPN Setup
Use VPN SETUP to configure a VPN connection that uses a pre-shared key. If you want
to set the rule to use a certificate, please go to the VPN screens for configuration. See
Section 3.3 on page 99.
to open the Wizard Setup Welcome screen.
Chapter 3 Wizard Setup89
ZyWALL 5/35/70 Series User’s Guide
Figure 17 Wizard Setup Welcome
3.2 Internet Access
The Internet access wizard screen has three variations depending on what encapsulation type
you use. Refer to information provided by your ISP to know what to enter in each field. Leave
a field blank if you don’t have that information.
3.2.1 ISP Parameters
The ZyWALL offers three choices of encapsulation. They are Ethernet, PPTP or PPPoE.
The wizard screen varies according to the type of encapsulation that you select in the
Encapsulation field.
3.2.1.1 Ethernet
For ISPs (such as Telstra) that send UDP heartbeat packets to verify that the customer is still
online, please create a WAN-to-WAN/ZyWALL firewall rule for those packets. Contact your
ISP to find the correct port number.
Choose Ethernet when the WAN port is used as a regular Ethernet.
90Chapter 3 Wizard Setup
Figure 18 ISP Parameters: Ethernet Encapsulation
ZyWALL 5/35/70 Series User’s Guide
The following table describes the labels in this screen.
Table 12 ISP Parameters: Ethernet Encapsulation
LABELDESCRIPTION
ISP Parameters
for Internet
Access
EncapsulationYou must choose the Ethernet option when the WAN port is used as a regular
Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection.
WAN IP Address
Assignment
IP Address
Assignment
My WAN IP
Address
My WAN IP
Subnet Mask
Gateway IP
Address
First DNS Server
Second DNS
Server
Select Dynamic If your ISP did not assign you a fixed IP address. This is the
default selection.
Select Static If the ISP assigned a fixed IP address.
The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the IP subnet mask in this field.
Enter the gateway IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right.
Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order to
access it.
Chapter 3 Wizard Setup91
ZyWALL 5/35/70 Series User’s Guide
Table 12 ISP Parameters: Ethernet Encapsulation
LABELDESCRIPTION
BackClick Back to return to the previous wizard screen.
ApplyClick Apply to save your changes and go to the next screen.
3.2.1.2 PPPoE Encapsulation
Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an
IETF (Internet Engineering Task Force) standard specifying how a host personal computer
interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access
to high-speed data networks.
Figure 19 ISP Parameters: PPPoE Encapsulation
The following table describes the labels in this screen.
Table 13 ISP Parameters: PPPoE Encapsulation
LABELDESCRIPTION
ISP Parameter for
Internet Access
EncapsulationChoose an encapsulation method from the pull-down list box. PPP over Ethernet
Service Name Type the name of your service provider.
User NameType the user name given to you by your ISP.
Password Type the password associated with the user name above.
Retypeto Confirm Type your password again for confirmation.
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle TimeoutType the time in seconds that elapses before the router automatically disconnects
WAN IP Address
Assignment
IP Address
Assignment
My WAN IP
Address
First DNS Server
Second DNS
Server
BackClick Back to return to the previous wizard screen.
ApplyClick Apply to save your changes and go to the next screen.
from the PPPoE server. The default time is 100 seconds.
Select Dynamic If your ISP did not assign you a fixed IP address. This is the
default selection.
Select Static If the ISP assigned a fixed IP address.
The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right.
Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order to
access it.
3.2.1.3 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data
from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/
IP-based networks.
PPTP supports on-demand, multi-protocol, and virtual private networking over public
networks, such as the Internet.
Chapter 3 Wizard Setup93
ZyWALL 5/35/70 Series User’s Guide
Note: The ZyWALL supports one PPTP server connection at any given time.
Figure 20 ISP Parameters: PPTP Encapsulation
The following table describes the labels in this screen.
Table 14 ISP Parameters: PPTP Encapsulation
LABELDESCRIPTION
ISP Parameters for
Internet Access
EncapsulationSelect PPTP from the drop-down list box. To configure a PPTP client, you must
configure the User Name and Password fields for a PPP connection and the
PPTP parameters for a PPTP connection.
User NameType the user name given to you by your ISP.
PasswordType the password associated with the User Name above.
Retype to ConfirmType your password again for confirmation.
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle TimeoutType the time in seconds that elapses before the router automatically disconnects
94Chapter 3 Wizard Setup
from the PPTP server.
ZyWALL 5/35/70 Series User’s Guide
Table 14 ISP Parameters: PPTP Encapsulation
LABELDESCRIPTION
PPTP Configuration
My IP AddressType the (static) IP address assigned to you by your ISP .
My IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
Server IP AddressType the IP address of the PPTP server.
Connection ID/
Name
WAN IP Address
Assignment
IP Address
Assignment
My WAN IP
Address
First DNS Server
Second DNS
Server
BackClick Back to return to the previous wizard screen.
ApplyClick Apply to save your changes and go to the next screen.
Enter the connection ID or connection name in this field. It must follow the "c:id"
and "n:name" format. For example, C:12 or N:My ISP.
This field is optional and depends on the requirements of your xDSL modem.
Select Dynamic If your ISP did not assign you a fixed IP address. This is the
default selection.
Select Static If the ISP assigned a fixed IP address.
The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right.
Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do
not configure a DNS server, you must know the IP address of a machine in order
to access it.
3.2.2 Internet Access Wizard: Second Screen
Click Next to go to the screen where you can register your ZyWALL and activate the free
content filtering, anti-spam, anti-virus and IDP trial applications. Otherwise, click Skip to
display the congratulations screen and click Close to complete the Internet access setup.
Note: Make sure you have installed the ZyWALL Turbo Card before you activate the
IDP and anti-virus subscription services.
Turn the ZyWALL off before you install or remove the ZyWALL Turbo Card.
Chapter 3 Wizard Setup95
ZyWALL 5/35/70 Series User’s Guide
Figure 21 Internet Access Wizard: Second Screen
Figure 22 Internet Access Setup Complete
3.2.3 Internet Access Wizard: Registration
If you clicked Next in the previous screen (see Figure 21 on page 96), the following screen
displays.
Use this screen to register the ZyWALL with myZyXEL.com. You must register your
ZyWALL before you can activate trial applications of services like content filtering, antispam, anti-virus and IDP.
Note: If you want to activate a st andard service with your iCa rd’s PIN numb er (license
key), use the REGISTRATION > Service screen.
96Chapter 3 Wizard Setup
Figure 23 Internet Access Wizard: Registration
The following table describes the labels in this screen.
Table 15 Internet Access Wizard: Registration
ZyWALL 5/35/70 Series User’s Guide
LABELDESCRIPTION
Device RegistrationIf you sele ct Existing myZyXEL.com account, only the User Name and
Password fields are available.
New myZyXEL.com
account
Existing myZyXEL.com
account
User NameEnter a user name for your myZyXEL.com account. The name should be
CheckClick this button to check with the myZyXEL.com database to verify the user
PasswordEnter a password of between six and 20 alphanumeric characters (and the
Confirm PasswordEnter the password again for confirmation.
E-Mail AddressEnter your e-mail address. You can use up to 80 alphanumeric characters
CountrySelect your country from the drop-down box list.
BackClick Back to return to the previous screen.
NextClick Next to continue.
If you haven’t created an account at myZyXEL.com, select this option and
configure the following fields to create an account and register your ZyWALL.
If you already have an account at myZyXEL.com, select this option and enter
your user name and password in the fields below to register your ZyWALL.
from six to 20 alphanumeric characters (and the underscore). S paces are not
allowed.
name you entered has not been used.
underscore). Spaces are not allowed.
(periods and the underscore are also allowed) without spaces.
After you fill in the fields and click Next, the following screen shows indicating the
registration is in progress. Wait for the registration progress to finish.
Chapter 3 Wizard Setup97
ZyWALL 5/35/70 Series User’s Guide
Figure 24 Internet Access Wizard: Registration in Progress
Click Close to leave the wizard screen when the registration and activation are done.
Figure 25 Internet Access Wizard: Status
The following screen appears if the registration was not successful. Click Return to go back to
the Device Registration screen and check your settings.
98Chapter 3 Wizard Setup
ZyWALL 5/35/70 Series User’s Guide
Figure 26 Internet Access Wizard: Registration Failed
If the ZyWALL has been registered, the Device Registration screen is read-only and the
Service Activation screen appears indicating what trial applications are activated after you click Next.
Figure 27 Internet Access Wizard: Registered Device
Figure 28 Internet Access Wizard: Activated Services
3.3 VPN Wizard Gateway Setting
Use this screen to name the VPN gateway policy (IKE SA) and identify the IPSec routers at
either end of the VPN tunnel.
Chapter 3 Wizard Setup99
ZyWALL 5/35/70 Series User’s Guide
Click VPN Setup in the Wizard Setup Welcome screen (Figure 17 on page 90) to open the
VPN configuration wizard. The first screen displays as shown next.
Figure 29 VPN Wizard: Gateway Setting
The following table describes the labels in this screen.
Table 16 VPN Wizard: Gateway Setting
LABELDESCRIPTION
Gateway Policy
Property
NameType up to 32 characters to identify this VPN gateway policy. You may use any
character, including spaces, but the ZyWALL drops trailing spaces.
My ZyWALLWhen the ZyWALL is in router mode, enter the WAN IP address or the domain name
of your ZyWALL or leave the field set to 0.0.0.0.
For a ZyWALL with multiple WAN ports, the following applies if the My ZyWALL field
is configured as 0.0.0.0:
When the WAN port operation mode is set to Active/Passive, the ZyWALL uses the
IP address (static or dynamic) of the WAN port that is in use.
When the WAN port operation mode is set to Active/Active, the ZyWALL uses the IP
address (static or dynamic) of the primary (highest priority) WAN port to set up the
VPN tunnel as long as the corresponding WAN1 or WAN2 connection is up. If the
corresponding WAN1 or WAN2 connection goes down, the ZyWALL uses the IP
address of the other WAN port.
If both WAN connections go down, the ZyWALL uses the dial backup IP address for
the VPN tunnel when using dial backup or the LAN IP address when using traffic
redirect. See the chapter on WAN for details on dial backup and traffic redirect.
A ZyWALL with a single WAN port uses its current WAN IP address (static or
dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN
connection goes down, the ZyWALL uses the dial backup IP address for the VPN
tunnel when using dial backup or the LAN IP address when using traffic redirect.
The VPN tunnel has to be rebuilt if this IP address changes.
When the ZyWALL is in bridge mode, this field is read-only and displays the
ZyWALL’s IP address.
100Chapter 3 Wizard Setup
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.