ZyXEL 5 Series User Manual

ZyWALL 5/35/70 Series

Internet Security Appliance
User’s Guide
Version 4.01
7/2006
Edition 1
ZyWALL 5/35/70 Series User’s Guide
Copyright © 2006 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Copyright 3
ZyWALL 5/35/70 Series User’s Guide
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operations.
This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

Certifications

1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
4 Consult the dealer or an experienced radio/TV technician for help.
Notices
Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Viewing Certifications
1 Go to http://www.zyxel.com. 2 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
3 Select the certification you wish to view from this page.
4 Certifications
ZyWALL 5/35/70 Series User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device.
• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
• CAUTION: RISK OF EXPLOSION IF BATTER Y (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable co llect ion point for the recy cli ng of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
• Fuse Warning! Replace a fuse only with a fuse of the same type and rating.
Safety Warnings 5
ZyWALL 5/35/70 Series User’s Guide
This product is recyclable. Dispose of it properly.
6 Safety Warnings
ZyWALL 5/35/70 Series User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of fai lure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned pro du cts without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
ZyXEL Limited Warranty 7
ZyWALL 5/35/70 Series User’s Guide
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.

Customer Support

METHOD
LOCATION
CORPORATE HEADQUARTERS (WORLDWIDE)
COSTA RICA
CZECH REPUBLIC
DENMARK
FINLAND
FRANCE
GERMANY
HUNGARY
KAZAKHSTAN
NORTH AMERICA
SUPPORT E-MAIL TELEPHONE WEB SITE
SALES E-MAIL FAX FTP SITE
support@zyxel.com.tw +886-3-578-3942 www.zyxel.com
www.europe.zyxel.com
sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com
ftp.europe.zyxel.com soporte@zyxel.co.cr +506-2017878 www.zyxel.co.cr ZyXEL Costa Rica sales@zyxel.co.cr +506-2015098 ftp.zyxel.co.cr
info@cz.zyxel.com +420-241-091-350 www.zyxel.cz ZyXEL Communications info@cz.zyxel.com +420-241-091-359
support@zyxel.dk +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S sales@zyxel.dk +45-39-55-07-07
support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy sales@zyxel.fi +358-9-4780 8448
info@zyxel.fr +33-4-72-52-97-97 www.zyxel.fr ZyXEL France
+33-4-72-52-19-20
support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH. sales@zyxel.de +49-2405-6909-99
support@zyxel.hu +36-1-3361649 www.zyxel.hu ZyXEL Hungary info@zyxel.hu +36-1-3259100
http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan sales@zyxel.kz +7-3272-590-689
support@zyxel.com 1-800-255-4101
+1-714-632-0882
sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com
www.us.zyxel.com ZyXEL Communications Inc.
REGULAR MAIL
ZyXEL Communications Corp. 6 Innovation Road II
Science Park Hsinchu 300 Taiwan
Plaza Roble Escazú Etapa El Patio, Tercer Piso San José, Costa Rica
Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika
Columbusvej 2860 Soeborg Denmark
Malminkaari 10 00700 Helsinki Finland
1 rue des Vergers Bat. 1 / C 69760 Limonest France
Adenauerstr. 20/A2 D-52146 Wuerselen Germany
48, Zoldlomb Str. H-1025, Budapest Hungary
43, Dostyk ave.,Office 414 Dostyk Business Centre 050010, Almaty Republic of Kazakhstan
1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.
8 Customer Support
ZyWALL 5/35/70 Series User’s Guide
METHOD
LOCATION
NORWAY
POLAND
RUSSIA
SPAIN
SWEDEN
UKRAINE
UNITED KINGDOM
SUPPORT E-MAIL TELEPHONE WEB SITE
SALES E-MAIL FAX FTP SITE
support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S sales@zyxel.no +47-22-80-61-81
info@pl.zyxel.com +48 (22) 333 8250 www.pl.zyxel.com ZyXEL Communications
+48 (22) 333 8251
http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia sales@zyxel.ru +7-095-542-89-25
support@zyxel.es +34-902-195-420 www.zyxel.es ZyXEL Communications sales@zyxel.es +34-913-005-345
support@zyxel.se +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S sales@zyxel.se +46-31-744-7701
support@ua.zyxel.com +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine sales@ua.zyxel.com +380-44-494-49-32
support@zyxel.co.uk +44-1344 303044
08707 555779 (UK only)
sales@zyxel.co.uk +44-1344 303034 ftp.zyxel.co.uk
www.zyxel.co.uk ZyXEL Communications UK
REGULAR MAIL
Nils Hansens vei 13 0667 Oslo Norway
ul. Okrzei 1A 03-715 Warszawa Poland
Ostrovityanova 37a Str. Moscow, 117279 Russia
Arte, 21 5ª planta 28033 Madrid Spain
Sjöporten 4, 41764 Göteborg Sweden
13, Pimonenko Str. Kiev, 04050 Ukraine
Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)
+” is the (prefix) number you enter to make an international telephone call.
Customer Support 9
ZyWALL 5/35/70 Series User’s Guide
10 Customer Support
ZyWALL 5/35/70 Series User’s Guide

Table of Contents

Copyright ..................................................................................................................3
Certifications ............................................................................................................4
Safety Warnings.......................................................................................................5
ZyXEL Limited Warranty..........................................................................................7
Customer Support....................................................................................................8
Table of Contents ...................................................................................................11
List of Figures ........................................................................................................31
List of Tables ..........................................................................................................45
Preface ....................................................................................................................53
Chapter 1
Getting to Know Your ZyWALL.............................................................................55
1.1 ZyWALL Internet Security Appliance Overview ............................. ... ... ... ... .... ... ..55
1.2 ZyWALL Features .................................................. ... ... .... ... ... ... .... .....................55
1.2.1 Physical Features ............................................................ .... ... ... ... ............56
1.2.2 Non-Physical Features .............................................................................57
1.3 Applications for the ZyWALL ..................................... ... .... ... ... ............................63
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem .................63
1.3.2 VPN Application ...................................................... ... ... ... .... ... ..................63
1.3.3 Front Panel Lights ............................... .... ... ... ... .........................................64
Chapter 2
Introducing the Web Configurator........................................................................67
2.1 Web Configurator Overview ... ... ... ... .... ... .......................................................... ..67
2.2 Accessing the ZyWALL Web Configurator .........................................................67
2.3 Resetting the ZyWALL .......................................................................................68
2.3.1 Procedure To Use The Reset Button ........................................................68
2.3.2 Uploading a Configuration File Via Console Port .....................................69
2.4 Navigating the ZyWALL Web Configurator ........................................................69
2.4.1 Title Bar ........................... ... ... .... ... .......................................................... ..70
2.4.2 Main Window ................................................................ ... .... ... ..................71
2.4.3 HOME Screen: Router Mode .................................................................71
2.4.4 HOME Screen: Bridge Mode .......................................................... .... ... ..74
Table of Contents 11
ZyWALL 5/35/70 Series User’s Guide
2.4.5 Navigation Panel .......................................................................................78
2.4.6 Port Statistics ...........................................................................................83
2.4.7 Show Statistics: Line Chart............................................... .... ... ... ... ... .... ... ..84
2.4.8 DHCP Table Screen ................................................................................85
2.4.9 VPN Status....................................................... ... .... ... ...............................86
2.4.10 Bandwidth Monitor ..................................................................................87
Chapter 3
Wizard Setup ..........................................................................................................89
3.1 Wizard Setup Overview .....................................................................................89
3.2 Internet Access .................................................................................................90
3.2.1 ISP Parameters ...................................................................................... ..90
3.2.1.1 Ethernet ........... ........................................................... ... ... ... ... .... .....90
3.2.1.2 PPPoE Encapsulation .....................................................................92
3.2.1.3 PPTP Encapsulation ........................................... ... .... ... ... ... ... .... ... ..93
3.2.2 Internet Access Wizard: Second Screen ...................................................95
3.2.3 Internet Access Wizard: Registration.........................................................96
3.3 VPN Wizard Gateway Setting ............................................................................99
3.4 VPN Wizard Network Setting ...........................................................................101
3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) ...............................................103
3.6 VPN Wizard IPSec Setting (IKE Phase 2) .......................................................104
3.7 VPN Wizard Status Summary ................... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ...106
3.8 VPN Wizard Setup Complete ................................. .......................................... 109
Chapter 4
Tutorial ...................................................................................................................111
4.1 Security Settings for VPN Traffic ...................................................................... 111
4.1.1 IDP for From VPN Traffic Example .........................................................111
4.1.2 IDP for To VPN Traffic Example .............................................. ... ... ... .... ...113
4.2 Firewall Rule for VPN Example ................................................. .... ... ... ... ... .... ...114
4.2.1 Configuring the VPN Rule .......................................................................115
4.2.2 Configuring the Firewall Rules ................................................................118
4.2.2.1 Firewall Rule to Allow Access Example ................................. .... ...119
4.2.2.2 Default Firewall Rule to Block Other Access Example .. ... ... ... .... ...121
Chapter 5
Registration ..........................................................................................................123
5.1 myZyXEL.com overview .................. .... ... ... ... .... ... ... ... .......................................123
5.1.1 Subscription Services Available on the ZyWALL ....................................123
5.2 Registration ............ ... ... .......................................................... ... .... ... ... ... ... .......124
5.3 Service ...................................................... ... .... ................................................126
12 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
Chapter 6
LAN Screens.........................................................................................................129
6.1 LAN, WAN and the ZyWALL ............................................................................129
6.2 IP Address and Subnet Mask ...........................................................................129
6.2.1 Private IP Addresses ..............................................................................130
6.3 DHCP .............. ... .......................................................... .... ... ... ... .... ... ................131
6.3.1 IP Pool Setup ..........................................................................................131
6.4 RIP Setup ............................................ ... ... ... .... ... ... ... ... ....................................131
6.5 Multicast .......... .......................................................... ... .... ................................131
6.6 WINS ......................................... ... ... .... ... ... ... .................................................... 132
6.7 LAN ................................................. .... ... ... ... .... ... .............................................132
6.8 LAN Static DHCP ......... ... ... .... ... .......................................................... ... ... .... ...135
6.9 LAN IP Alias ...................................................................................................136
6.10 LAN Port Roles ..............................................................................................139
Chapter 7
Bridge Screens.....................................................................................................141
7.1 Bridge Loop ...................................................................................................... 141
7.2 Spanning Tree Protocol (STP) ............ .............................................................142
7.2.1 Rapid STP .................................... ... ... .... ... .............................................142
7.2.2 STP Terminology .......................... ... ... .... ... ... ... ... .... ................................142
7.2.3 How STP Works .....................................................................................142
7.2.4 STP Port States ......................... ... ... .......................................................143
7.3 Bridge .............................................. .... ... ... ... .... ... .............................................143
7.4 Bridge Port Roles ............................................................................................145
Chapter 8
WAN Screens........................................................................................................147
8.1 WAN Overview .......................................................................................... .... ...147
8.2 Multiple WAN ................................................ .... ... ... ... ... .... ... ... ... .......................147
8.3 Load Balancing Introduction ................... ... ....................................................... 148
8.4 Load Balancing Algorithms ....................... ... .... ... ... ... ... .... ... .............................148
8.4.1 Least Load First ......................................................................................148
8.4.1.1 Example 1 ................................................. .... ... ... ... .... ... ... ... ... .... ...149
8.4.1.2 Example 2 ................................................. .... ... ... ... .... ... ... ... ... .... ...149
8.4.2 Weighted Round Robin ........................... ... ... ... ... .... ... .............................150
8.4.3 Spillover ........................ ... ... ... .......................................................... .... ...150
8.5 TCP/IP Priority (Metric) ....................................................................................151
8.6 WAN General ............ ... ... ... .... ... .......................................................... ... ... .... ...151
8.7 Configuring Load Balancing ......... ... .... ... ... ... .... ... .............................................155
8.7.1 Least Load First ......................................................................................155
8.7.2 Weighted Round Robin ........................... ... ... ... ... .... ... .............................156
8.7.3 Spillover ........................ ... ... ... .......................................................... .... ...157
Table of Contents 13
ZyWALL 5/35/70 Series User’s Guide
8.8 WAN Route .................................................. .... ... ... ... .......................................157
8.9 WAN IP Address Assignment ................................................. ... .... ... ... ... ... .... ...159
8.10 DNS Server Address Assignment ................................................................159
8.11 WAN MAC Address ........................................................................................160
8.12 WAN .............................................................................................................160
8.12.1 WAN Ethernet Encapsulation ...............................................................160
8.12.2 PPPoE Encapsulation ...........................................................................163
8.12.3 PPTP Encapsulation .............................................................................166
8.13 Traffic Redirect ..........................................................................................170
8.14 Configuring Traffic Redirect ............................................................................170
8.15 Configuring Dial Backup .................................................................................171
8.16 Advanced Modem Setup ..............................................................................175
8.16.1 AT Command Strings ............................................................................175
8.16.2 DTR Signal ...........................................................................................175
8.16.3 Response Strings ..................................................................................175
8.17 Configuring Advanced Modem Setup ............................................................175
Chapter 9
DMZ Screens ........................................................................................................179
9.1 DMZ ...............................................................................................................179
9.2 Configuring DMZ ............. ... .... ... ... ... .................................................................179
9.3 DMZ Static DHCP ..........................................................................................182
9.4 DMZ IP Alias ..................................................................................................183
9.5 DMZ Public IP Address Example .....................................................................185
9.6 DMZ Private and Public IP Address Example .................................. ................186
9.7 DMZ Port Roles .......................... ... .... ... ..........................................................187
Chapter 10
Wireless LAN........................................................................................................189
10.1 Wireless LAN Introduction ..............................................................................189
10.1.1 Additional Installation Requirements for Using 802.1x .........................189
10.2 Configuring WLAN .......................................................................................189
10.3 WLAN Static DHCP ......................................................................................192
10.4 WLAN IP Alias ..............................................................................................193
10.5 WLAN Port Roles ..........................................................................................195
10.6 Wireless Security ...........................................................................................197
10.6.1 Encryption .............................................................................................198
10.6.2 Authentication .......................................................................................198
10.6.3 Restricted Access .................................................................................199
10.6.4 Hide ZyWALL Identity ...........................................................................199
10.7 Security Parameters Summary ......................................................................199
10.8 WEP Encryption .............................................................................................199
10.9 802.1x Overview ............................................................................................200
14 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
10.9.1 Introduction to RADIUS ........................................................................200
10.9.1.1 Types of RADIUS Messages .......................................................200
10.9.2 EAP Authentication Overview ............................... ................................ 201
10.10 Dynamic WEP Key Exchange ......................................................................202
10.11 Introduction to WPA ........ .... ... ... ... .... ... ... ... .... ... ... ... .......................................202
10.11.1 User Aut hent ication ................................................ ... ... .... ...................202
10.11.2 Enc ryption ....................................................... .... ... .............................202
10.12 WPA-PSK Application Example ...................................................................203
10.13 Introduction to RADIUS ................................................................................204
10.14 WPA with RADIUS Application Example ......................................................204
10.15 Wireless Client WPA Supplicants .................................................................205
10.16 Wireless Card .............................................................................................205
10.16.1 Static WEP ..........................................................................................207
10.16.2 WPA-PSK ...........................................................................................208
10.16.3 WPA ....................................................................................................210
10.16.4 IEEE 802.1x + Dynamic WEP ............................................................211
10.16.5 IEEE 802.1x + Static WEP ..................................................................212
10.16.6 IEEE 802.1x + No WEP ......................................................................214
10.16.7 No Access 802.1x + Static WEP .........................................................215
10.16.8 No Access 802.1x + No WEP .............................................................216
10.17 MAC Filter ...................................................................................................217
Chapter 11
Firewall..................................................................................................................219
11.1 Firewall Overview ..........................................................................................219
11.2 Packet Direction Matrix ..................................................................................220
11.3 Packet Direction Examples ............................................................................221
11.3.1 To VPN Packet Direction .......................................................................222
11.3.2 From VPN Packet Direction ..................................................................224
11.3.3 From VPN To VPN Packet Direction .................................................. ...225
11.4 Security Considerations .................................................................................226
11.5 Firewall Rules Example ..................................................................................227
11.6 Asymmetrical Routes .....................................................................................229
11.6.1 Asymmetrical Routes and IP Alias ........ ............................................. ...229
11.7 Firewall Default Rule (Router Mode) ..............................................................230
11.8 Firewall Default Rule (Bridge Mode) ............................................................232
11.9 Firewall Rule Summary .................................................................................234
11.9.1 Firewall Edit Rule ....................................................... .... ... ... .............235
11.10 Anti-Probing ..............................................................................................238
11.11 Firewall Thresholds ....................................................................................239
11.11.1 Threshold Values .................................................................................240
11.12 Threshold Screen ............................................... ... ... .... ... ... ... .... ... ... .............240
11.13 Service .............................. .......................................................... ... ... ... .... ...242
Table of Contents 15
ZyWALL 5/35/70 Series User’s Guide
11.13.1 Firew all Edit Custom Service .................................................... ... .... ...244
11.14 My Service Firewall Rule Example ..... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ...245
Chapter 12
Intrusion Detection and Prevention (IDP).......................................................... 251
12.1 Introduction to IDP ....................................................................................251
12.1.1 Firewalls and Intrusions ........................................ ................................251
12.1.2 IDS and IDP .........................................................................................252
12.1.3 Host IDP ..............................................................................................252
12.1.4 Network IDP .........................................................................................252
12.1.5 Example Intrusions ...............................................................................253
12.1.5.1 SQL Slammer Worm ...................................................................253
12.1.5.2 Blaster W32.Worm ......................................................................253
12.1.5.3 Nimda ..........................................................................................253
12.1.5.4 MyDoom ......................................................................................254
12.1.6 ZyWALL IDP .........................................................................................254
Chapter 13
Configuring IDP....................................................................................................255
13.1 Overview ........................................................................................................255
13.1.1 Interfaces ..............................................................................................255
13.2 General Setup ................................................................................................256
13.3 IDP Signatures ...............................................................................................257
13.3.1 Attack Types .........................................................................................257
13.3.2 Intrusion Severity ..................................................................................259
13.3.3 Signature Actions ..................................... ... ... .......................................259
13.3.4 Configuring IDP Signatures ..................................................................260
13.3.5 Query View ...........................................................................................262
13.3.5.1 Query Example 1 ........................................................................265
13.3.5.2 Query Example 2 ........................................................................266
13.4 Update ...........................................................................................................267
13.4.1 mySecurityZone ....................................................................................267
13.4.2 Configuring IDP Update ........................................................................268
13.5 Backup and Restore .......................................................................................269
Chapter 14
Anti-Virus..............................................................................................................271
14.1 Anti-Virus Overview .......................................................................................271
14.1.1 Types of Computer Viruses .......................................................... .... ...271
14.1.2 Computer Virus Infection and Prevention ................................ ... ... .... ...271
14.1.3 Types of Anti-Virus Scanner ................................................................272
14.2 Introduction to the ZyWALL Anti-Virus Scanner .............................................272
14.2.1 How the ZyWALL Anti-Virus Scanner Works .......................................273
16 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
14.2.2 Notes About the ZyWALL Anti-Virus .....................................................273
14.3 General Anti-Virus Setup ...............................................................................274
14.4 Signature Searching .......................................................................................276
14.4.1 Signature Search Example ................................... ... ... ... .... ... ................278
14.5 Signature Update .........................................................................................281
14.5.1 mySecurityZone ....................................................................................281
14.5.2 Configuring Anti-virus Update . ... ... ... .... ... .............................................281
14.6 Backup and Restore ......................................................................................283
Chapter 15
Anti-Spam .............................................................................................................285
15.1 Anti-Spam Overview ....................................................................................285
15.1.1 Anti-Spam External Database ...............................................................285
15.1.1.1 SpamBulk Engine ........................................................... .............286
15.1.1.2 SpamRepute Engine ...................................................................286
15.1.1.3 SpamContent Engine ..................................................................286
15.1.1.4 SpamTricks Engine .....................................................................287
15.1.2 Spam Threshold ................................................................. ......... .......... 287
15.1.3 Phishing ................................................................................................287
15.1.4 Whitelist ................................................................................................288
15.1.5 Blacklist .................................................................................................288
15.1.6 SMTP and POP3 ..................................................................................288
15.1.7 MIME Headers ......................................................................................289
15.2 Anti-Spam General Screen ............................................................................289
15.3 Anti-Spam External DB Screen .................................................................292
15.4 Anti-Spam Lists Screen .................................................................................294
15.5 Anti-Spam Lists Edit Screen .........................................................................296
Chapter 16
Content Filtering Screens ...................................................................................299
16.1 Content Filtering Overview .............................................................................299
16.1.1 Restrict Web Features ..........................................................................299
16.1.2 Create a Filter List ................................................................................299
16.1.3 Customize Web Site Access ................................................................299
16.2 Content Filter General Screen .....................................................................299
16.3 Content Filtering with an External Database ........................ ..........................302
16.4 Content Filter Categories ............................................................................303
16.5 Content Filter Customization .......................................................................310
16.6 Customizing Keyword Blocking URL Checking ................. ................... .......... 312
16.6.1 Domain Name or IP Address URL Checking ................. .......................312
16.6.2 Full Path URL Checking .......................................................................312
16.6.3 File Name URL Checking .....................................................................312
16.7 Content Filtering Cache ...............................................................................313
Table of Contents 17
ZyWALL 5/35/70 Series User’s Guide
Chapter 17
Content Filtering Reports....................................................................................315
17.1 Checking Content Filtering Activation ............................................................315
17.2 Viewing Content Filtering Reports ..................................................................315
17.3 Web Site Submission .....................................................................................320
Chapter 18
IPSec VPN.............................................................................................................323
18.1 IPSec VPN Overview ...................................................................................323
18.1.1 IKE SA Overview ..................................................................................324
18.1.1.1 IP Addresses of the ZyWALL and Remote IPSec Router ...........324
18.2 VPN Rules (IKE) ............................................................................................325
18.3 IKE SA Setup ................................................................................................327
18.3.1 IKE SA Proposal ...................................................................................327
18.3.1.1 Diffie-Hellman (DH) Key Exchange .............................................328
18.3.1.2 Authentication .............................................................................328
18.3.1.3 Extended Authentication .............................................................330
18.3.1.4 Negotiation Mode ........................................................................330
18.3.1.5 VPN, NAT, and NAT Traversal .....................................................331
18.4 Additional IPSec VPN Topics .........................................................................332
18.4.1 SA Life Time .. ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... ....................................332
18.4.2 IPSec High Availability ..........................................................................332
18.4.3 Encryption and Authentication Algorithms .................. ... .... ... ... .............333
18.5 VPN Rules (IKE) Gateway Policy Edit .............. ... ... ... .... ... .............................334
18.6 IPSec SA Overview ....................................................................................340
18.6.0.1 Local Network and Remote Network ...........................................340
18.6.0.2 Active Protocol ............................................................................340
18.6.0.3 Encapsulation ..............................................................................341
18.6.0.4 IPSec SA Proposal and Perfect Forward Secrecy ......................341
18.7 VPN Rules (IKE): Network Policy Edit ..........................................................342
18.8 VPN Rules (IKE): Network Policy Move .......................................................346
18.9 IPSec SA Using Manual Keys ....................................................................348
18.9.1 IPSec SA Proposal Using Manual Keys ...............................................348
18.9.2 Authentication and the Security Parameter Index (SPI) .......................348
18.10 VPN Rules (Manual) ....................................................................................348
18.11 VPN Rules (Manual): Edit .........................................................................350
18.12 VPN SA Monitor .........................................................................................353
18.13 VPN Global Setting .....................................................................................354
18.14 Telecommuter VPN/IPSec Examples ...........................................................355
18.14.1 Telecommuters Sharing One VPN Rule Example ..............................355
18.14.2 Telecommuters Using Unique VPN Rules Example ...........................356
18.15 VPN and Remote Management ...................................................................358
18.16 Hub-and-spoke VPN ....................................................................................358
18 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
18.16.1 Hub-and-spoke VPN Example ............................................................359
18.16.2 Hub-and-spoke Example VPN Rule Addresses .................................360
18.16.3 Hub-and-spoke VPN Requirements and Suggestions ........................361
Chapter 19
Certificates............................................................................................................363
19.1 Certificates Overview .....................................................................................363
19.1.1 Advantages of Certificates ....................................................................364
19.2 Self-signed Certificates ..................................................................................364
19.3 Verifying a Certificate .....................................................................................364
19.3.1 Checking the Fingerprint of a Certificate on Your Computer ................364
19.4 Configuration Summary .................................................................................365
19.5 My Certificates ..............................................................................................366
19.6 My Certificate Details ...................................................................................368
19.7 My Certificate Export ..................................................... ... ... ... .... ... ... ... ..........370
19.7.1 Certificate File Export Formats .............................................................370
19.8 My Certificate Import ....................................................................................371
19.8.1 Certificate File Formats .........................................................................372
19.9 My Certificate Create ...................................................................................374
19.10 Trusted CAs ...............................................................................................376
19.1 1 Trusted CA Details ......................................................................................378
19.12 Trusted CA Import ......................................................................................381
19.13 Trusted Remote Hosts ...............................................................................382
19.14 Trusted Remote Hosts Import ....................................................................384
19.15 Trusted Remote Host Certificate Details ....................................................385
19.16 Directory Servers ........................... ... ... ... .... ... ... ... ... .... ................................388
19.17 Directory Server Add or Edit ......................................................................389
Chapter 20
Authentication Server..........................................................................................391
20.1 Authentication Server Overview .....................................................................391
20.1.1 Local User Database ......................................................................... ...391
20.1.2 RADIUS ................................................................................................391
20.2 Local User Database ............................. ... .... ... .............................................391
20.3 RADIUS ........................................................................................................393
Chapter 21
Network Address Translation (NAT)...................................................................395
21.1 NAT Overview ..............................................................................................395
21.1.1 NAT Definitions .....................................................................................395
21.1.2 What NAT Does ....................................................................................396
21.1.3 How NAT Works ...................................................................................396
21.1.4 NAT Application ....................................................................................397
Table of Contents 19
ZyWALL 5/35/70 Series User’s Guide
21.1.5 Port Restricted Cone NAT ....................................................................398
21.1.6 NAT Mapping Types .............................................................................398
21.2 Using NAT ......................................................................................................399
21.2.1 SUA (Single User Account) Versus NAT ..............................................399
21.3 NAT Overview Screen ....................................................................................400
21.4 NAT Address Mapping .................................................................................401
21.4.1 NAT Address Mapping Edit ..................................................................403
21.5 Port Forwarding .............................................................................................404
21.5.1 Default Server IP Address ....................................................................405
21.5.2 Port Forwarding: Services and Port Numbers ......................................405
21.5.3 Configuring Servers Behind Port Forwarding (Example) ......................405
21.5.4 NAT and Multiple WAN .........................................................................406
21.5.5 Port Translation ....................................................................................406
21.6 Port Forwarding Screen .................................................................................407
21.7 Port Triggering ..............................................................................................409
Chapter 22
Static Route ..........................................................................................................413
22.1 IP Static Route ............................................................................................413
22.2 IP Static Route ...............................................................................................413
22.2.1 IP Static Route Edit ..............................................................................415
Chapter 23
Policy Route .........................................................................................................417
23.1 Policy Route ..................................................................................................417
23.2 Benefits ..........................................................................................................417
23.3 Routing Policy ................................................................................................417
23.4 IP Routing Policy Setup .................................................................................418
23.5 Policy Route Edit ...........................................................................................419
Chapter 24
Bandwidth Management......................................................................................423
24.1 Bandwidth Management Overview ...............................................................423
24.2 Bandwidth Classes and Filters .......................................................................423
24.3 Proportional Bandwidth Allocation .................................................................424
24.4 Application-based Bandwidth Management ...................................................424
24.5 Subnet-based Bandwidth Management ............ ... ... ... .... ... ... ..........................424
24.6 Application and Subnet-based Bandwidth Management ...............................425
24.7 Scheduler .......................................................................................................425
24.7.1 Priority-based Scheduler ......................................................................425
24.7.2 Fairness-based Scheduler ....................................................................425
24.7.3 Maximize Bandwidth Usage .................................... .............................425
24.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic ..................... ...426
20 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
24.7.5 Maximize Bandwidth Usage Example ..................................................426
24.7.5.1 Priority-based Allotment of Unused and Unbudgeted Bandwidth 427
24.7.5.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth ... 427
24.8 Bandwidth Borrowing .....................................................................................428
24.8.1 Bandwidth Borrowing Example .............................................................428
24.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................429
24.10 Over Allotment of Bandwidth .............................. ....................... ................... 429
24.11 Configuring Summary ...................................... ... ... ... .... ... ... ... .... ... ... ... ... .... ...430
24.12 Configuring Class Setup ............................................................................431
24.12.1 Bandwidth Manager Class Configuration ..........................................433
24.12.2 Bandwidth Management Statistics ...................................................436
24.13 Bandwidth Manager Monitor ......................................................................437
Chapter 25
DNS........................................................................................................................439
25.1 DNS Overview ..............................................................................................439
25.2 DNS Server Address Assignment ..................................................................439
25.3 DNS Servers ..................................................................................................439
25.4 Address Record .............................................................................................440
25.4.1 DNS Wildcard .......................................................................................440
25.5 Name Server Record .....................................................................................440
25.5.1 Private DNS Server ..............................................................................440
25.6 System Screen ...............................................................................................441
25.6.1 Adding an Address Record ..................................................................442
25.6.2 Inserting a Name Server Record .........................................................443
25.7 DNS Cache ..................................................................................................445
25.8 Configure DNS Cache .................................... ................... ................... ..........445
25.9 Configuring DNS DHCP ...............................................................................446
25.10 Dynamic DNS .............................................................................................448
25.10.1 DYNDNS Wildcard ..............................................................................448
25.10.2 High Availability ..................................................................................448
25.11 Configuring Dynamic DNS ........................... ... .............................................448
Chapter 26
Remote Management...........................................................................................451
26.1 Remote Management Overview .....................................................................451
26.1.1 Remote Management Limitations .........................................................451
26.1.2 System Timeout ....................................................................................452
26.2 WWW (HTTP and HTTPS) ...........................................................................452
26.3 WWW .............................................................................................................453
26.4 HTTPS Example ............................................................................................455
26.4.1 Internet Explorer Warning Messages ...................................................455
Table of Contents 21
ZyWALL 5/35/70 Series User’s Guide
26.4.2 Netscape Navigator Warning Messages ...............................................456
26.4.3 Avoiding the Browser Warning Messages ............................................457
26.4.4 Login Screen .........................................................................................457
26.5 SSH .............................................................................................................459
26.6 How SSH Works ............................................................................................460
26.7 SSH Implementation on the ZyWALL .............................................................461
26.7.1 Requirements for Using SSH ................................................................461
26.8 Configuring SSH ............................................................................................461
26.9 Secure Telnet Using SSH Examples ..............................................................462
26.9.1 Example 1: Microsoft Windows .............................................................462
26.9.2 Example 2: Linux ..................................................................................463
26.10 Secure FTP Using SSH Example ................................................................464
26.11 Telnet ................ ... ... .......................................................... ... .... ... ... ... ..........465
26.12 Configuring TELNET ....................................................................................465
26.13 FTP ............................................................................................................466
26.14 SNMP .........................................................................................................467
26.14.1 Supported MIBs .................................................................................469
26.14.2 SNMP Traps .......................................................................................469
26.14.3 REMOTE MANAGEMENT: SNMP ......................................................469
26.15 DNS ............................................................................................................471
26.16 Introducing Vantage CNM ...........................................................................471
26.17 Configuring CNM ..........................................................................................472
Chapter 27
UPnP......................................................................................................................475
27.1 Universal Plug and Play Overview ...............................................................475
27.1.1 How Do I Know If I'm Using UPnP? ...................................... ................475
27.1.2 NAT Traversal .......................................................................................475
27.1.3 Cautions with UPnP ..............................................................................475
27.1.4 UPnP and ZyXEL ..................................................................................476
27.2 Configuring UPnP ..........................................................................................476
27.3 Displaying UPnP Port Mapping ...................................................................477
27.4 Installing UPnP in Windows Example ............................................................478
27.4.1 Installing UPnP in Windows Me ............................................................479
27.4.2 Installing UPnP in Windows XP ............................................................480
27.5 Using UPnP in Windows XP Example ...........................................................480
27.5.1 Auto-discover Your UPnP-enabled Network Device .............................481
27.5.2 Web Configurator Easy Access ..................... ... .... ... ... ... .... ... ... ... ... .......482
Chapter 28
ALG Screen...........................................................................................................485
28.1 ALG Introduction ...........................................................................................485
28.1.1 ALG and NAT ........................................................................................485
22 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
28.1.2 ALG and the Firewall ............................................................................485
28.1.3 ALG and Multiple WAN .........................................................................485
28.2 FTP ................................................................................................................486
28.3 H.323 ..............................................................................................................486
28.4 RTP ................................................................................................................486
28.4.1 H.323 ALG Details ................................................................................486
28.5 SIP .................................................................................................................488
28.5.1 STUN ....................................................................................................488
28.5.2 SIP ALG Details ....................................................................................488
28.5.3 SIP Signaling Session Timeout ............................................................489
28.5.4 SIP Audio Session Timeout ..................................................................489
28.6 ALG Screen ....................................................................................................489
Chapter 29
Reports..................................................................................................................491
29.1 Configuring Reports .......................................................................................491
29.2 System Reports Screen ................................................................................491
29.2.1 Viewing Web Site Hits .............................................................. ... ... .... ...493
29.2.2 Viewing Host IP Address ......................................................................494
29.2.3 Viewing Protocol/Port ...........................................................................495
29.2.4 System Reports Specifications .............................................................496
29.3 IDP Threat Reports Screen ..........................................................................496
29.4 Anti-Virus Threat Reports Screen ...............................................................498
29.5 Anti-Spam Threat Reports Screen ................................................................500
Chapter 30
Logs Screens........................................................................................................503
30.1 Configuring View Log ....................................................................................503
30.2 Log Description Example ...............................................................................504
30.2.1 About the Certificate Not Trusted Log ..................................................505
30.3 Configuring Log Settings ...............................................................................506
30.3.1 Log Descriptions ...................................................................................509
30.4 Syslog Logs ....................................................................................................529
Chapter 31
Maintenance .........................................................................................................531
31.1 Maintenance Overview ...................................................................................531
31.2 General Setup and System Name ............. .... ... ... ... ... .... ... ... ... .......................531
31.2.1 General Setup .......................................................................................531
31.3 Configuring Password ...................................................................................532
31.4 Time and Date ...............................................................................................533
31.5 Pre-defined NTP Time Server Pools ..............................................................536
31.5.1 Resetting the Time ................................................................................536
Table of Contents 23
ZyWALL 5/35/70 Series User’s Guide
31.5.2 Time Server Synchronization ................................................................536
31.6 Introduction To Transparent Bridging .............................................................537
31.7 Transparent Firewalls .....................................................................................538
31.8 Configuring Device Mode (Router) ................................................................539
31.9 Configuring Device Mode (Bridge) ................................................................540
31.10 F/W Upload Screen ........................................................ ... ... .... ... ... ... ... .... ...542
31.11 Backup and Restore ............. ... ............................................................. .... ...544
31.11.1 Bac kup Configuration ................................................... .......................544
31.11.2 Res tore Configuration ......................................................... ... ... ... .... ...545
31.11.3 Back to Factory Defaults ....................................................................546
31.12 Restart Screen ............................................................................................546
Chapter 32
Introducing the SMT ............................................................................................549
32.1 Introduction to the SMT ..................................................................................549
32.2 Accessing the SMT via the Console Port .................................... ...................549
32.2.1 Initial Screen .........................................................................................549
32.2.2 Entering the Password ................................... ....... ...... ....... ...... ...... .......550
32.3 Navigating the SMT Interface .........................................................................550
32.3.1 Main Menu ............................................................................................551
32.3.2 SMT Menus Overview ..........................................................................553
32.4 Changing the System Password ....................................................................555
32.5 Resetting the ZyWALL ...................................................................................556
Chapter 33
SMT Menu 1 - General Setup...............................................................................557
33.1 Introduction to General Setup ........................................................................557
33.2 Configuring General Setup ................................ ................ ................ ............. 557
33.2.1 Configuring Dynamic DNS ....................................................................559
33.2.1.1 Editing DDNS Host ......................... ...................... ....................... 559
Chapter 34
WAN and Dial Backup Setup...............................................................................563
34.1 Introduction to WAN and Dial Backup Setup ..................................................563
34.2 WAN Setup .....................................................................................................563
34.3 Dial Backup ....................................................................................................564
34.4 Configuring Dial Backup in Menu 2 ................................................................564
34.5 Advanced WAN Setup ....................................................................................565
34.6 Remote Node Profile (Backup ISP) ............ .... ... .............................................567
34.7 Editing PPP Options .......................................................................................569
34.8 Editing TCP/IP Options ..................................................................................570
34.9 Editing Login Script ........................................................................................572
34.10 Remote Node Filter ......................................................................................574
24 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
Chapter 35
LAN Setup.............................................................................................................575
35.1 Introduction to LAN Setup ..............................................................................575
35.2 Accessing the LAN Menus ................... ..........................................................575
35.3 LAN Port Filter Setup .....................................................................................575
35.4 TCP/IP and DHCP Ethernet Setup Menu ......................................................576
35.4.1 IP Alias Setup .......................................................................................579
Chapter 36
Internet Access ....................................................................................................581
36.1 Introduction to Internet Access Setup ............................................................581
36.2 Ethernet Encapsulation ..................................................................................581
36.3 Configuring the PPTP Client ..........................................................................583
36.4 Configuring the PPPoE Client ........................................................................583
36.5 Basic Setup Complete ....................................................................................584
Chapter 37
DMZ Setup ............................................................................................................585
37.1 Configuring DMZ Setup ..................................................................................585
37.2 DMZ Port Filter Setup ....................................................................................585
37.3 TCP/IP Setup .................................................................................................585
37.3.1 IP Address ............................................................................................586
37.3.2 IP Alias Setup .......................................................................................587
Chapter 38
Route Setup..........................................................................................................589
38.1 Configuring Route Setup ................................... ............................................. 589
38.2 Route Assessment .........................................................................................589
38.3 Traffic Redirect ...............................................................................................590
38.4 Route Failover ................................................................................................591
Chapter 39
Wireless Setup .....................................................................................................593
39.1 Wireless LAN Setup .......................................................................................593
39.1.1 MAC Address Filter Setup ....................................................................595
39.2 TCP/IP Setup .................................................................................................596
39.2.1 IP Address ............................................................................................596
39.2.2 IP Alias Setup .......................................................................................597
Chapter 40
Remote Node Setup.............................................................................................599
40.1 Introduction to Remote Node Setup ...............................................................599
40.2 Remote Node Setup .......................................................................................599
Table of Contents 25
ZyWALL 5/35/70 Series User’s Guide
40.3 Remote Node Profile Setup .............. ... ... ... .... ................................................600
40.3.1 Ethernet Encapsulation ............................................ ............. ............. ...600
40.3.2 PPPoE Encapsulation ...........................................................................602
40.3.2.1 Outgoing Authentication Protocol ................................................602
40.3.2.2 Nailed-Up Connection .................................................................602
40.3.2.3 Metric ..........................................................................................603
40.3.3 PPTP Encapsulation .............................................................................603
40.4 Edit IP .............................................................................................................604
40.5 Remote Node Filter ........................................................................................606
40.6 Traffic Redirect ...............................................................................................607
Chapter 41
IP Static Route Setup...........................................................................................609
41.1 IP Static Route Setup .....................................................................................609
Chapter 42
Network Address Translation (NAT)...................................................................611
42.1 Using NAT ......................................................................................................611
42.1.1 SUA (Single User Account) Versus NAT ..............................................611
42.1.2 Applying NAT ........................................................................................611
42.2 NAT Setup ......................................................................................................613
42.2.1 Address Mapping Sets ..........................................................................614
42.2.1.1 SUA Address Mapping Set ..... .... ... ... ..........................................614
42.2.1.2 User-Defined Address Mapping Sets ..........................................615
42.2.1.3 Ordering Your Rules ....................................................................616
42.3 Configuring a Server behind NAT ..................................................................618
42.4 General NAT Examples ..................................................................................621
42.4.1 Internet Access Only .............................................................................621
42.4.2 Example 2: Internet Access with a Default Server ............. ... ... ... ... .... ...623
42.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............623
42.4.4 Example 4: NAT Unfriendly Application Programs ...............................627
42.5 Trigger Port Forwarding .................................................................................628
42.5.1 Two Point s To Remember About Trigger Ports .................. ... ... ... ... .... ...628
Chapter 43
Introducing the ZyWALL Firewall .......................................................................631
43.1 Using ZyWALL SMT Menus .............................................. .............................631
43.1.1 Activating the Firewall ................................. ....................................... ...631
Chapter 44
Filter Configuration..............................................................................................633
44.1 Introduction to Filters ......................................................................................633
44.1.1 The Filter Structure of the ZyWALL ......................................................634
26 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
44.2 Configuring a Filter Set ..................................................................................636
44.2.1 Configuring a Filter Rule ................................ ... .... ... ... ... .......................637
44.2.2 Configuring a TCP/IP Filter Rule ..........................................................638
44.2.3 Configuring a Generic Filter Rule ............................................ ... ... .......640
44.3 Example Filter ................................................................................................642
44.4 Filter Types and NAT .................. ... .... .............................................................644
44.5 Firewall Versus Filters ....................................................................................644
44.5.1 Packet Filtering: ....................................................................................645
44.5.1.1 When To Use Filtering .................................................................645
44.5.2 Firewall .................................................................................................645
44.5.2.1 When To Use The Firewall ..........................................................645
44.6 Applying a Filter ............................................................................................646
44.6.1 Applying LAN Filters .............................................................................646
44.6.2 Applying DMZ Filters ............................................................................646
44.6.3 Applying Remote Node Filters ..............................................................647
Chapter 45
SNMP Configuration ............................................................................................649
45.1 SNMP Configuration ......................................................................................649
45.2 SNMP Traps ...................................................................................................650
Chapter 46
System Information & Diagnosis........................................................................651
46.1 Introduction to System Status ........................................................................651
46.2 System Status ................................................................................................651
46.3 System Information and Console Port Speed ................................................653
46.3.1 System Information ............................... ................................... .............653
46.3.2 Console Port Speed ..............................................................................654
46.4 Log and Trace ............... ... .... ... ... ... .... ... ..........................................................655
46.4.1 Viewing Error Log .................................................................................655
46.4.2 Syslog Logging .....................................................................................656
46.4.3 Call-Triggering Packet ..........................................................................659
46.5 Diagnostic ......................................................................................................659
46.5.1 WAN DHCP ..........................................................................................660
Chapter 47
Firmware and Configuration File Maintenance.................................................663
47.1 Introduction ....................................................................................................663
47.2 Filename Conventions ...................................................................................663
47.3 Backup Configuration .....................................................................................664
47.3.1 Backup Configuration ...........................................................................664
47.3.2 Using the FTP Command from the Command Line ..............................665
47.3.3 Example of FTP Commands from the Command Line .........................666
Table of Contents 27
ZyWALL 5/35/70 Series User’s Guide
47.3.4 GUI-based FTP Clients .........................................................................666
47.3.5 File Maintenance Over WAN ................................................................666
47.3.6 Backup Configuration Using TFTP .......................................................667
47.3.7 TFTP Command Example ....................................................................667
47.3.8 GUI-based TFTP Clients ......................................................................668
47.3.9 Backup Via Console Port ......................................................................668
47.4 Restore Configuration ....................................................................................669
47.4.1 Restore Using FTP ...............................................................................669
47.4.2 Restore Using FTP Session Example ..................................................671
47.4.3 Restore Via Console Port .....................................................................671
47.5 Uploading Firmware and Configuration Files .................................................672
47.5.1 Firmware File Upload ............................ ...... ... ....... ...... ....... ...... ...... .......672
47.5.2 Configuration File Upload .....................................................................673
47.5.3 FTP File Upload Command from the DOS Prompt Example ................674
47.5.4 FTP Session Example of Firmware File Upload ................... ... ... ... .... ...674
47.5.5 TFTP File Upload ..................................................................................674
47.5.6 TFTP Upload Command Example ........................................................675
47.5.7 Uploading Via Console Port ..................................................................675
47.5.8 Uploading Firmware File Via Console Port ...........................................675
47.5.9 Example Xmodem Firmware Upload Using HyperTerminal ............... ...676
47.5.10 Uploading Configuration File Via Console Port ..................................676
47.5.11 Example Xmodem Configuration Upload Using HyperTerminal .........677
Chapter 48
System Maintenance Menus 8 to 10...................................................................679
48.1 Command Interpreter Mode ...........................................................................679
48.1.1 Command Syntax .................................................................................679
48.1.2 Command Usage ..................................................................................680
48.2 Call Control Support ................................................... .... ... ... ... .... ... ... ... ... .... ...681
48.2.1 Budget Management ............................................................................681
48.2.2 Call History ...........................................................................................682
48.3 Time and Date Setting ....................................................................................683
Chapter 49
Remote Management...........................................................................................687
49.1 Remote Management .....................................................................................687
49.1.1 Remote Management Limitations .........................................................689
Chapter 50
IP Policy Routing..................................................................................................691
50.1 IP Routing Policy Summary ...........................................................................691
50.2 IP Routing Policy Setup .................................................................................692
50.2.1 Applying Policy to Packets ....................................................................694
28 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
50.3 IP Policy Routing Example .............................................................................695
Chapter 51
Call Scheduling ....................................................................................................699
51.1 Introduction to Call Scheduling ......................................................................699
Chapter 52
Troubleshooting ...................................................................................................703
52.1 Problems Starting Up the ZyWALL .................................................................703
52.2 Problems with the LAN Interface .......................... ................... .................... ...703
52.3 Problems with the DMZ Interface ................... ................................................ 704
52.4 Problems with the WAN Interface ..................................................................704
52.5 Problems Accessing the ZyWALL ..................................................................705
52.5.1 Pop-up Windows, JavaScripts and Java Permissions ..........................705
52.5.1.1 Internet Explorer Pop-up Blockers ..............................................706
52.5.1.2 JavaScripts ..................................................................................709
52.5.1.3 Java Permissions ........................................................................ 711
52.6 Packet Flow ....................................................................................................713
Appendix A
Product Specifications ........................................................................................715
Appendix B
Hardware Installation...........................................................................................723
Appendix C
Removing and Installing a Fuse ........................................................................727
Appendix D
Setting up Your Computer’s IP Address............................................................729
Appendix E
IP Addresses and Subnetting.............................................................................745
Appendix F
Common Services...............................................................................................753
Appendix G
Wireless LANs......................................................................................................757
Appendix H
Windows 98 SE/Me Requirements for Anti-Virus Message Display................771
Appendix I
VPN Setup.............................................................................................................775
Appendix J
Table of Contents 29
ZyWALL 5/35/70 Series User’s Guide
Importing Certificates..........................................................................................787
Appendix K
Command Interpreter...........................................................................................799
Appendix L
Firewall Commands .............................................................................................807
Appendix M
NetBIOS Filter Commands ..................................................................................813
Appendix N
Certificates Commands.......................................................................................817
Appendix O
Brute-Force Password Guessing Protection.....................................................821
Appendix P
Boot Commands ..................................................................................................823
Index...................................................................................................................... 825
30 Table of Contents
ZyWALL 5/35/70 Series User’s Guide

List of Figures

Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ................................ 63
Figure 2 VPN Application .................................................................................................... 64
Figure 3 ZyWALL 70 Front Panel ........................................................................................ 64
Figure 4 ZyWALL 35 Front Panel ........................................................................................ 64
Figure 5 ZyWALL 5 Front Panel .......................................................................................... 64
Figure 6 Change Password Screen .................................................................................... 68
Figure 7 Replace Certificate Screen ................................................................................... 68
Figure 8 Example Xmodem Upload .................................................................................... 69
Figure 9 HOME Screen ....................................................................................................... 70
Figure 10 Web Configurator HOME Screen in Router Mode .............................................. 71
Figure 11 Web Configurator HOME Screen in Bridge Mode ............................................... 75
Figure 12 HOME > Show Statistics ..................................................................................... 83
Figure 13 HOME > Show Statistics > Line Chart ................................................................ 85
Figure 14 HOME > DHCP Table ......................................................................................... 86
Figure 15 HOME > VPN Status ........................................................................................... 87
Figure 16 Home > Bandwidth Monitor .................................... ...... ....... ... ...... ....... ...... ....... ... 88
Figure 17 Wizard Setup Welcome ...................................................................................... 90
Figure 18 ISP Parameters: Ethernet Encapsulation ........................................................... 91
Figure 19 ISP Parameters: PPPoE Encapsulation ............................................................. 92
Figure 20 ISP Parameters: PPTP Encapsulation ............................ .... ... ... ... .... ... ... ... ... .... ... 94
Figure 21 Internet Access Wizard: Second Screen ............................................................ 96
Figure 22 Internet Access Setup Complete ........................................................................ 96
Figure 23 Internet Access Wizard: Registration .................. ......................................... ....... 97
Figure 24 Internet Access Wizard: Registration in Progress ............................................... 98
Figure 25 Internet Access Wizard: Status ........................................................................... 98
Figure 26 Internet Access Wizard: Registration Failed ....................................................... 99
Figure 27 Internet Access Wizard: Registered Device .............. ... ... .... ... ... ... .... ... ................ 99
Figure 28 Internet Access Wizard: Activated Services ....................................................... 99
Figure 29 VPN Wizard: Gateway Setting ............................................................................ 100
Figure 30 VPN Wizard: Network Setting ............................................................................. 102
Figure 31 VPN Wizard: IKE Tunnel Setting ......................................................................... 103
Figure 32 VPN Wizard: IPSec Setting ....................... ............. ............. ............. ............ ....... 105
Figure 33 VPN Wizard: VPN Status .................................................................................... 107
Figure 34 VPN Wizard Setup Complete ....................................... ............. ............. ............. 109
Figure 35 IDP for From VPN Traffic .................................................................................... 112
Figure 36 IDP Configuration for Traffic From VPN ..............................................................112
Figure 37 IDP for To VPN Traffic ............................................................................... ... .... ... 113
Figure 38 IDP Configuration for To VPN Traffic .................................................................. 114
List of Figures 31
ZyWALL 5/35/70 Series User’s Guide
Figure 39 Firewall Rule for VPN ................................... ............. ............. ............. ............. ... 115
Figure 40 SECURITY > VPN > VPN Rules (IKE) ..............................................................115
Figure 41 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy ......................... 116
Figure 42 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example ............ 117
Figure 43 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy ........................... 118
Figure 44 SECURITY > FIREWALL > Rule Summary ..................................... ................... 119
Figure 45 SECURITY > FIREWALL > Rule Summary > Edit: Allow .................................. 120
Figure 46 SECURITY > FIREWALL > Rule Summary: Allow ................................... ... .... ... 121
Figure 47 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN ................... 121
Figure 48 REGISTRATION ................................................................................................. 124
Figure 49 REGISTRATION: Registered Device .................................................................. 126
Figure 50 REGISTRATION > Service ................................................................................. 126
Figure 51 LAN and WAN .................................................................................................... 129
Figure 52 NETWORK > LAN .............................................................................................. 133
Figure 53 NETWORK > LAN > Static DHCP ...................................................................... 136
Figure 54 Physical Network & Partitioned Logical Networks .............................................. 137
Figure 55 NETWORK > LAN > IP Alias .............................................................................. 138
Figure 56 NETWORK > LAN > Port Roles .......................................................................... 140
Figure 57 Port Roles Change Complete ............................................................................. 140
Figure 58 Bridge Loop: Bridge Connected to Wired LAN ............................ .... ... ... ... ... .... ... 141
Figure 59 NETWORK > Bridge ........................................................................................... 144
Figure 60 NETWORK > Bridge > Port Roles ...................................................................... 146
Figure 61 Port Roles Change Complete ............................................................................. 146
Figure 62 Least Load First Example .................................................................................. 149
Figure 63 Weighted Round Robin Algorithm Example ........................................................ 150
Figure 64 Spillover Algorithm Example ............................................................................... 151
Figure 65 NETWORK > WAN (General) ............................................................................ 152
Figure 66 Load Balancing: Least Load First .......................................... ... ... .... ... ... ... ... .... ... 155
Figure 67 Load Balancing: Weighted Round Robin ........................ .... ... ... ... .... ... ... ... ... .... ... 156
Figure 68 Load Balancing: Spillover ................................................................. ... ... ... ... .... ... 157
Figure 69 NETWORK > WAN (Route) ................................................................................ 158
Figure 70 NETWORK > WAN > WAN (Ethernet Encapsulation) ..................................... 161
Figure 71 NETWORK > WAN > WAN (PPPoE Encap s ulation) ......................................... 164
Figure 72 NETWORK > WAN > WAN (PPTP Encapsulation) ............................................ 167
Figure 73 Traffic Redirect WAN Setup ................................................................................ 170
Figure 74 Traffic Redirect LAN Setup .............................................................. ... ... ... ... .... ... 170
Figure 75 NETWORK > WAN > Traffic Redirect ................................................................. 171
Figure 76 NETWORK > WAN > Dial Backup .................................................................... 172
Figure 77 NETWORK > WAN > Dial Backup > Edit .......................................................... 176
Figure 78 NETWORK > DMZ ............................................................................................. 180
Figure 79 NETWORK > DMZ > Static DHCP .................................................................... 183
Figure 80 NETWORK > DMZ > IP Alias ............................................................................ 184
Figure 81 DMZ Public Address Example ............................................................................ 186
32 List of Figures
ZyWALL 5/35/70 Series User’s Guide
Figure 82 DMZ Private and Public Address Example ..................... .... ... ... ... .... ................... 187
Figure 83 NETWORK > DMZ > Port Roles ........................................................................ 188
Figure 84 NETWORK > WLAN .......................................................................................... 190
Figure 85 NETWORK > WLAN > Static DHCP .................................................................. 193
Figure 86 NETWORK > WLAN > IP Alias .......................................................................... 194
Figure 87 WLAN Port Role Example .................................................................................. 196
Figure 88 NETWORK > WLAN > Port Roles ..................................................................... 196
Figure 89 NETWORK > WLAN > Port Roles: Change Complete .......................................197
Figure 90 ZyWALL Wireless Security Levels ...................................................................... 198
Figure 91 EAP Authentication ............................................................................................. 201
Figure 92 WPA-PSK Authentication .................................................................................... 204
Figure 93 WPA with RADIUS Application Example ............................................................ 205
Figure 94 NETWORK > WIRELESS CARD: No Security ................................................... 206
Figure 95 NETWORK > WIRELESS CARD: Static WEP .................................................... 208
Figure 96 NETWORK > WIRELESS CARD: WPA-PSK .....................................................209
Figure 97 NETWORK > WIRELESS CARD: WPA .............................................................. 210
Figure 98 NETWORK > WIRELESS CARD: 802.1x + Dynamic WEP ................................211
Figure 99 NETWORK > WIRELESS CARD: 802.1x + Static WEP .....................................213
Figure 100 NETWORK > WIRELESS CARD: 802.1x + No WEP ....................................... 214
Figure 101 NETWORK > WIRELESS CARD: No Access 802.1x + Static WEP .................216
Figure 102 NETWORK > WIRELESS CARD: MAC Address Filter ..................................... 217
Figure 103 Default Firewall Action ...................................................................................... 219
Figure 104 SECURITY > FIREWALL > Default Rule (Router Mode) .................................. 220
Figure 105 Default Block Traffic From WAN1 to DMZ Example ...................................... 221
Figure 106 From LAN to VPN Example ............................................................................. 223
Figure 107 Block DMZ to VPN Traffic by Default Example .............................................. 223
Figure 108 From VPN to LAN Example ............................................................................. 224
Figure 109 Block VPN to LAN Traffic by Default Example .............................................. 225
Figure 110 From VPN to VPN Example ............................................................................. 226
Figure 111 Block VPN to VPN Traffic by Default Example .............................................. 226
Figure 112 Blocking All LAN to WAN IRC Traffic Example ................................................ 227
Figure 113 Limited LAN to WAN IRC Traffic Example ........................................................ 228
Figure 114 Using IP Alias to Solve the Triangle Route Problem ......................................... 230
Figure 115 SECURITY > FIREWALL > Default Rule (Router Mode) .................................. 230
Figure 116 SECURITY > FIREWALL > Default Rule (Bridge Mode) ................................. 232
Figure 117 SECURITY > FIREWALL > Rule Summary ...................................................... 234
Figure 118 SECURITY > FIREWALL > Rule Summary > Edit .................... .... ... ... ... ... .... ... 236
Figure 119 SECURITY > FIREWALL > Anti-Probing .......................................................... 238
Figure 120 Three-Way Handshake ..................................................................................... 239
Figure 121 SECURITY > FIREWALL > Threshold ........................................................... 240
Figure 122 SECURITY > FIREWALL > Service .................................................................. 243
Figure 123 Firewall Edit Custom Service ............................................................................ 244
Figure 124 My Service Firewall Rule Example: Service .................................................... 245
List of Figures 33
ZyWALL 5/35/70 Series User’s Guide
Figure 125 My Service Firewall Rule Example: Edit Custom Service ................................ 246
Figure 126 My Service Firewall Rule Example: Rule Summary .......................................... 246
Figure 127 My Service Firewall Rule Example: Rule Edit ............................... ... ................ 247
Figure 128 My Service Firewall Rule Example: Rule Configuration .... ... ... ... .... ................... 248
Figure 129 My Service Firewall Rule Example: Rule Summary .......................................... 249
Figure 130 Network Intrusions ........................................................................................... 251
Figure 131 Applying IDP to Interfaces ................................................................................ 255
Figure 132 SECURITY > IDP > General ............................................................................. 256
Figure 133 SECURITY > IDP > Signatures: Attack Types .................................................. 258
Figure 134 SECURITY > IDP > Signature: Actions ............................................................ 260
Figure 135 SECURITY > IDP > Signature: Group View ..................................................... 261
Figure 136 SECURITY > IDP > Signature: Query View ...................................................... 263
Figure 137 SECURITY > IDP > Signature: Query by Partial Name .................................... 265
Figure 138 SECURITY > IDP > Signature: Query by Complete ID ..................................... 266
Figure 139 Signature Query by Attribute. ............................................................................ 267
Figure 140 SECURITY > IDP > Update .............................................................................. 268
Figure 141 SECURITY > IDP > Backup & Restore ............................................................. 270
Figure 142 ZyWALL Anti-virus Example .......................................................................... 273
Figure 143 SECURITY > ANTI-VIRUS > General ............................................................. 275
Figure 144 SECURITY > ANTI-VIRUS > Signature: Query View ....................................... 277
Figure 145 Query Example Search Criteria ........................................................................ 279
Figure 146 Query Example Search Results ........................................................................ 280
Figure 147 SECURITY > ANTI-VIRUS > Update ................................................................ 282
Figure 148 SECURITY > ANTI-VIRUS > Backup and Restore ........................................... 283
Figure 149 Anti-spam External Database Example ............................................................ 287
Figure 150 SECURITY > ANTI-SPAM > General ............................................................... 290
Figure 151 SECURITY > ANTI-SPAM > External DB ......................................................... 292
Figure 152 SECURITY > ANTI-SPAM > Lists .....................................................................295
Figure 153 SECURITY > ANTI-SPAM > Lists > Edit .......................................................... 297
Figure 154 SECURITY > CONTENT FILTER > General .................................................... 300
Figure 155 Content Filtering Lookup Procedure ................................................................. 302
Figure 156 SECURITY > CONTENT FILTER > Categories ................................................ 304
Figure 157 SECURITY > CONTENT FILTER > Customization .......................................... 310
Figure 158 SECURITY > CONTENT FILTER > Cache ....................................................... 313
Figure 159 myZyXEL.com: Login ........................................................................................ 316
Figure 160 myZyXEL.com: Welcome .................................................................................. 316
Figure 161 myZyXEL.com: Service Management ............................................................... 317
Figure 162 Blue Coat: Login ...............................................................................................317
Figure 163 Content Filtering Reports Main Screen ............................................................. 318
Figure 164 Blue Coat: Report Home ................................................................................... 318
Figure 165 Global Report Screen Example ........................................................................ 319
Figure 166 Requested URLs Example ................................................................................ 320
Figure 167 Web Page Review Process Screen .................................................................. 321
34 List of Figures
ZyWALL 5/35/70 Series User’s Guide
Figure 168 VPN: Example ................................................................................................... 323
Figure 169 VPN: IKE SA and IPSec SA ............................................................................. 324
Figure 170 Gateway and Network Policies ........................................................ ................ 325
Figure 171 IPSec Fields Summary ...................................................................................325
Figure 172 SECURITY > VPN > VPN Rules (IKE) ............................................................ 326
Figure 173 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal ....................... 327
Figure 174 IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange ..................... 328
Figure 175 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication ........................... 328
Figure 176 VPN/NAT Example ............................................................................................ 331
Figure 177 IPSec High Availability ...................................................................................... 333
Figure 178 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy ....................... 335
Figure 179 VPN: Transport and Tunnel Mode Encapsulation ............................................. 341
Figure 180 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy ......................... 343
Figure 181 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy ....................... 347
Figure 182 SECURITY > VPN > VPN Rules (Manual) ...................................................... 349
Figure 183 SECURITY > VPN > VPN Rules (Manual) > Edit ............................................ 350
Figure 184 SECURITY > VPN > SA Monitor .................................................................... 353
Figure 185 SECURITY > VPN > Global Setting ............ .......... ............. ............. ............. ... 354
Figure 186 Telecommuters Sharing One VPN Rule Example ............................................. 356
Figure 187 Telecommuters Using Unique VPN Rules Example ......................................... 357
Figure 188 VPN for Remote Management Example ........................... ................................ 358
Figure 189 VPN Topologies ................................................................................................ 359
Figure 190 Hub-and-spoke VPN Example .......................................................................... 360
Figure 191 Certificates on Your Computer .......................................................................... 364
Figure 192 Certificate Details ............................................................................................. 365
Figure 193 Certificate Configuration Overview ...................................................................365
Figure 194 SECURITY > CERTIFICATES > My Certificates ............................................. 366
Figure 195 SECURITY > CERTIFICATES > My Certificates > Details ............................... 368
Figure 196 SECURITY > CERTIFICATES > My Certificates > Export ................................ 371
Figure 197 SECURITY > CERTIFICATES > My Certificates > Import ................................ 373
Figure 198 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 ..............373
Figure 199 SECURITY > CERTIFICATES > My Certificates > Create ............................... 374
Figure 200 SECURITY > CERTIFICATES > Trusted CAs .................................................. 377
Figure 201 SECURITY > CERTIFICATES > Trusted CAs > Details ................................... 379
Figure 202 SECURITY > CERTIFICATES > Trusted CAs > Import .................................... 382
Figure 203 SECURITY > CERTIFICATES > Trusted Remote Hosts .................................. 383
Figure 204 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import .................... 384
Figure 205 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details ................... 386
Figure 206 SECURITY > CERTIFICATES > Directory Servers .......................................... 388
Figure 207 SECURITY > CERTIFICATES > Directory Server > Add ................................. 389
Figure 208 SECURITY > AUTH SERVER > Local User Database ..................................... 392
Figure 209 SECURITY > AUTH SERVER > RADIUS ........................................................ 393
Figure 210 How NAT Works ................................................................................................ 396
List of Figures 35
ZyWALL 5/35/70 Series User’s Guide
Figure 211 NAT Application With IP Alias ........................................................................... 397
Figure 212 Port Restricted Cone NAT Example .................................................................. 398
Figure 213 ADVANCED > NAT > NAT Overview ................................................................ 400
Figure 214 ADVANCED > NAT > Address Mapping ........................................................... 402
Figure 215 ADVANCED > NAT > Address Mapping > Edit ................................................. 403
Figure 216 Multiple Servers Behind NAT Example ............................................. ... ... ... ....... 406
Figure 217 Port Translation Example .................................................................................. 407
Figure 218 ADVANCED > NAT > Port Forwarding .............................................................. 408
Figure 219 Trigger Port Forwarding Process: Example ...................................................... 409
Figure 220 ADVANCED > NAT > Port Triggering ............................................................... 410
Figure 221 Example of Static Routing Topology ................................................................. 413
Figure 222 ADVANCED > STATIC ROUTE > IP S tatic Route ............................................ 414
Figure 223 ADVANCED > STATIC ROUTE > IP Static Route > Edit .................................. 415
Figure 224 ADVANCED > POLICY ROUTE > Policy Route Summary ............................... 418
Figure 225 Edit IP Policy Route .......................................................................................... 420
Figure 226 Subnet-based Bandwidth Management Example ............................................. 424
Figure 227 ADVANCED > BW MGMT > Summary ............................................................. 430
Figure 228 ADVANCED > BW MGMT > Class Setup ......................................................... 432
Figure 229 ADVANCED > BW MGMT > Class Setup > Add Sub-Class ............................. 434
Figure 230 ADVANCED > BW MGMT > Class Setup > Statistics ....................................... 437
Figure 231 ADVANCED > BW MGMT > Monitor ............................................................... 438
Figure 232 Private DNS Server Example ............................................................................ 441
Figure 233 ADVANCED > DNS > System DNS .................................................................. 441
Figure 234 ADVANCED > DNS > Add (Address Record) ................................................... 443
Figure 235 ADVANCED > DNS > Insert (Name Server Record) ........................................ 444
Figure 236 ADVANCED > DNS > Cache ............................................................................ 445
Figure 237 ADVANCED > DNS > DHCP ............................................................................ 447
Figure 238 ADVANCED > DNS > DDNS ............................................................................ 449
Figure 239 HTTPS Implementation ........................................ ................... ................... ....... 453
Figure 240 ADVANCED > REMOTE MGMT > WWW ........................................................ 454
Figure 241 Security Alert Dialog Box (Internet Explorer) .................................................... 455
Figure 242 Security Certificate 1 (Netscape) ...................................................................... 456
Figure 243 Security Certificate 2 (Netscape) ...................................................................... 456
Figure 244 Example: Lock Denoting a Secure Connection ................................................ 458
Figure 245 Replace Certificate ............................................................................................ 458
Figure 246 Device-specific Certificate ................................................................................. 459
Figure 247 Common ZyWALL Certificate ............................................................................ 459
Figure 248 SSH Communication Example .......................................................................... 460
Figure 249 How SSH Works ............................................................................................... 460
Figure 250 ADVANCED > REMOTE MGMT > SSH ........................................................... 462
Figure 251 SSH Example 1: Store Host Key ....................................................................... 463
Figure 252 SSH Example 2: Test ....................................................................................... 463
Figure 253 SSH Example 2: Log in ..................................................................................... 464
36 List of Figures
ZyWALL 5/35/70 Series User’s Guide
Figure 254 Secure FTP: Firmware Upload Example .......................................................... 465
Figure 255 Telnet Configuration on a TCP/IP Network ....................................................... 465
Figure 256 ADVANCED > REMOTE MGMT > Telnet ......................................................... 466
Figure 257 ADVANCED > REMOTE MGMT > FTP ............................................................ 467
Figure 258 SNMP Management Model ............................................................................... 468
Figure 259 ADVANCED > REMOTE MGMT > SNMP ........................................................ 470
Figure 260 ADVANCED > REMOTE MGMT > DNS ........................................................... 471
Figure 261 ADVANCED > REMOTE MGMT > CNM .......................................................... 472
Figure 262 ADVANCED > UPnP .........................................................................................476
Figure 263 ADVANCED > UPnP > Ports ............................................................................ 477
Figure 264 H.323 ALG Example ........................................................................................ 487
Figure 265 H.323 with Multiple WAN IP Addresses Figure 266 H.323 Calls from the WAN
Figure 267 SIP ALG Example ............................................................................................ 489
Figure 268 ADVANCED > ALG .......................................................................................... 490
Figure 269 REPORTS > SYSTEM REPORTS ................................................................... 492
Figure 270 REPORTS > SYSTEM REPORTS: Web Site Hits Example ............................. 493
Figure 271 REPORTS > SYSTEM REPORTS: Host IP Address Example ........................ 494
Figure 272 REPORTS > SYSTEM REPORTS: Protocol/Port Example .............................. 495
Figure 273 REPORTS > THREAT REPOR TS > IDP ......................................................... 496
Figure 274 REPORTS > THREAT REPORTS > IDP > Source ......................................... 498
Figure 275 REPORTS > THREAT REPORTS > IDP > Destination ................................... 498
Figure 276 REPORTS > THREAT REPORTS > Anti-Virus .............................................. 498
Figure 277 REPORTS > THREAT REPORTS > Anti-Virus > Source ................................ 499
Figure 278 REPORTS > THREAT REPORTS > Anti-Virus > Destination ......................... 500
Figure 279 REPORTS > THREAT REPORTS > Anti-Spam ............................................. 500
Figure 280 REPORTS > THREAT REPORTS > Anti-Spam > Source ............................... 502
Figure 281 REPORTS > THREAT REPORTS > Anti-Spam > Score Distribution .............. 502
Figure 282 LOGS > View Log ......................................................................................... 503
Figure 283 myZyXEL.com: Download Center ..................................................................... 505
Figure 284 myZyXEL.com: Certificate Download ............................................................... 506
Figure 285 LOGS > Log Settings ........................................................................................ 507
Figure 286 MAINTENANCE > General Setup .................................................................... 532
Figure 287 MAINTENANCE > Password ........................................................................... 533
Figure 288 MAINTENANCE > Time and Date ....................................................................534
Figure 289 Synchronization in Process ..................... ............. ............. ............. ............ ....... 536
Figure 290 Synchronization is Successful .......................................................................... 537
Figure 291 Synchronization Fail .......................................................................................... 537
Figure 292 MAINTENANCE > Device Mode (Router Mode) ........................ .... ... ... ............. 539
Figure 293 MAINTENANCE > Device Mode (Bridge Mode) ............................................... 541
Figure 294 MAINTENANCE > Firmware Upload ................................................................ 542
Figure 295 Firmware Upload In Process ............................................................................. 543
Figure 296 Network Temporarily Disconnected .................................................................. 543
with Multiple Outgoing Calls .................................. 488
.................................... ....................... 487
List of Figures 37
ZyWALL 5/35/70 Series User’s Guide
Figure 297 Firmware Upload Error ...................................................................................... 543
Figure 298 MAINTENANCE > Backup and Restore ........................................................... 544
Figure 299 Configuration Upload Successful ...................................................................... 545
Figure 300 Network Temporarily Disconnected .................................................................. 545
Figure 301 Configuration Upload Error ............................................................................... 546
Figure 302 Reset Warning Message ................................................... ................................ 546
Figure 303 MAINTENANCE > Restart ............................................................................... 547
Figure 304 Initial Screen ..................................................................................................... 550
Figure 305 Password Screen ............................................................................................. 550
Figure 306 Main Menu (Router Mode) ................................................................................ 552
Figure 307 Main Menu (Bridge Mode) ................................................................................ 552
Figure 308 Menu 23: System Password ............................................................................. 556
Figure 309 Menu 1: General Setup (Router Mode) ............................................................. 557
Figure 310 Menu 1: General Setup (Bridge Mode) ............................................................. 558
Figure 311 Menu 1.1: Configure Dynamic DNS .................................................................. 559
Figure 312 Menu 1.1.1: DDNS Host Summary ................................................................... 560
Figure 313 Menu 1.1.1: DDNS Edit Host ............................................................................ 561
Figure 314 MAC Address Cloning in WAN Setup ............................................................... 563
Figure 315 Menu 2: Dial Backup Setup ............................................................................565
Figure 316 Menu 2.1: Advanced WAN Setup .............................................................. .... ... 566
Figure 317 Menu 11.3: Remote Node Profile (Backup ISP) ........................................ .... ... 568
Figure 318 Menu 11.3.1: Remote Node PPP Options ........................................................ 570
Figure 319 Menu 11.3.2: Remote Node Network Layer Options ........................................ 571
Figure 320 Menu 11.3.3: Remote Node Script .................................................................... 573
Figure 321 Menu 11.3.4: Remote Node Filter ..................................................................... 574
Figure 322 Menu 3: LAN Setup ........................................................................................... 575
Figure 323 Menu 3.1: LAN Port Filter Setup ....................................................................... 576
Figure 324 Menu 3: TCP/IP and DHCP Setup ................................................................... 576
Figure 325 Menu 3.2: TCP/IP and DHCP Ethernet Setup .................................................. 577
Figure 326 Menu 3.2.1: IP Alias Setup ............................................................................... 579
Figure 327 Menu 4: Internet Access Setup (Ethernet) ........................................................ 581
Figure 328 Internet Access Setup (PPTP) .......................................................................... 583
Figure 329 Internet Access Setup (PPPoE) ........................................................................ 584
Figure 330 Menu 5: DMZ Setup ......................................................................................... 585
Figure 331 Menu 5.1: DMZ Port Filter Setup ...................................................................... 585
Figure 332 Menu 5: DMZ Setup .......................................................................................... 586
Figure 333 Menu 5.2: TCP/IP and DHCP Ethernet Setup .................................................. 586
Figure 334 Menu 5.2.1: IP Alias Setup ............................................................................... 587
Figure 335 Menu 6: Route Setup ........................................................................................ 589
Figure 336 Menu 6.1: Route Assessment ........................................................................... 589
Figure 337 Menu 6.2: Traffic Redirect ................................................................................. 590
Figure 338 Menu 6.3: Route Failover .................................................................................. 591
Figure 339 Menu 7.1: Wireless Setup ................................................................................. 593
38 List of Figures
ZyWALL 5/35/70 Series User’s Guide
Figure 340 Menu 7.1.1: WLAN MAC Address Filter ........................................................... 595
Figure 341 Menu 7: WLAN Setup ....................................................................................... 596
Figure 342 Menu 7.2: TCP/IP and DHCP Ethernet Setup .................................................. 597
Figure 343 Menu 7.2.1: IP Alias Setup ............................................................................... 598
Figure 344 Menu 11: Remote Node Setup .......................................................................... 600
Figure 345 Menu 11.1: Remote Node Profile for Ethernet Encapsulation ........................... 600
Figure 346 Menu 11.1: Remote Node Profile for PPPoE Encapsulation .............................602
Figure 347 Menu 11.1: Remote Node Profile for PPTP Encapsulation ............................... 604
Figure 348 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulation
605
Figure 349 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation) ............................. 607
Figure 350 Menu 11.1.4: Remote Node Filter (PPPoE or PPTP Encapsulation) ................ 607
Figure 351 Menu 11.1.5: Traffic Redirect Setup ........ ... ... .... ... ... ... ... .... ... ... .......................... 608
Figure 352 Menu 12: IP Static Route Setup ....................................................................... 609
Figure 353 Menu 12. 1: Edit IP Static Route ....................................................................... 610
Figure 354 Menu 4: Applying NAT for Internet Access ....... ... ... ... ... .... ... ... .......................... 612
Figure 355 Menu 11.1.2: Applying NAT to the Remote Node ............................................. 612
Figure 356 Menu 15: NAT Setup ......................................................................................... 613
Figure 357 Menu 15.1: Address Mapping Sets ................................................ ... ... ... ... .... ... 614
Figure 358 Menu 15.1.255: SUA Address Mapping Rules ................................................. 614
Figure 359 Menu 15.1.1: First Set ....................................................................................... 616
Figure 360 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set ........................ 617
Figure 361 Menu 15.2: NAT Server Sets ............................................................................ 618
Figure 362 Menu 15.2.1: NAT Server Sets ......................................................................... 619
Figure 363 15.2.1.2: NAT Server Configuration .................................................................. 620
Figure 364 Menu 15.2.1: NAT Server Setup ...................................................................... 621
Figure 365 Server Behind NAT Example ............................................................................ 621
Figure 366 NAT Example 1 ................................................................................................. 622
Figure 367 Menu 4: Internet Access & NAT Example ......................................................... 622
Figure 368 NAT Example 2 ................................................................................................. 623
Figure 369 Menu 15.2.1: Specifying an Inside Server ........................................................ 623
Figure 370 NAT Example 3 ................................................................................................. 624
Figure 371 Example 3: Menu 11.1.2 ................................................................................... 625
Figure 372 Example 3: Menu 15.1.1.1 ................................................................................ 625
Figure 373 Example 3: Final Menu 15.1.1 .......................................................................... 626
Figure 374 Example 3: Menu 15.2.1 ................................................................................... 626
Figure 375 NAT Example 4 ................................................................................................. 627
Figure 376 Example 4: Menu 15.1.1.1: Address Mapping Rule .......................................... 627
Figure 377 Example 4: Menu 15.1.1: Address Mapping Rules ........................................... 628
Figure 378 Menu 15.3.1: Trigger Port Setup ....................................................................... 629
Figure 379 Menu 21: Filter and Firewall Setup ................................................................... 631
Figure 380 Menu 21.2: Firewall Setup ................................................................................ 632
Figure 381 Outgoing Packet Filtering Process .................................................................... 633
List of Figures 39
ZyWALL 5/35/70 Series User’s Guide
Figure 382 Filter Rule Process ............................... ............. ............ ............. ............. .......... 635
Figure 383 Menu 21: Filter and Firewall Setup ................................................................... 636
Figure 384 Menu 21.1: Filter Set Configuration .................................................................. 636
Figure 385 Menu 21.1.1.1: TCP/IP Filter Rule .................................................................... 638
Figure 386 Executing an IP Filter ........................................................................................ 640
Figure 387 Menu 21.1.1.1: Generic Filter Rule ......................... .......................................... 641
Figure 388 Telnet Filter Example ........................................................................................ 642
Figure 389 Example Filter: Menu 21.1.3.1 .......................................................................... 643
Figure 390 Example Filter Rules Summary: Menu 21.1.3 .................................................. 643
Figure 391 Protocol and Device Filter Sets ......................................................................... 644
Figure 392 Filtering LAN Traffic .......................................................................................... 646
Figure 393 Filtering DMZ Traffic .......................................................................................... 647
Figure 394 Filtering Remote Node Traffic ........................................................................... 647
Figure 395 Menu 22: SNMP Configuration ......................................................................... 649
Figure 396 Menu 24: System Maintenance ........................................................................ 651
Figure 397 Menu 24.1: System Maintenance: Status ........................................................652
Figure 398 Menu 24.2: System Information and Console Port Speed ................................ 653
Figure 399 Menu 24.2.1: System Maintenance: Information ............................................ 654
Figure 400 Menu 24.2.2: System Maintenance: Change Console Port Speed ................... 655
Figure 401 Menu 24.3: System Maintenance: Log and Trace ............................................ 655
Figure 402 Examples of Error and Information Messages .................................................. 656
Figure 403 Menu 24.3.2: System Maintenance: Syslog Logging ........................................ 656
Figure 404 Call-Triggering Packet Example ........................................................................ 659
Figure 405 Menu 24.4: System Maintenance: Diagnostic ................................................... 660
Figure 406 WAN & LAN DHCP ........................................................................................... 660
Figure 407 Telnet into Menu 24.5 ........................................................................................ 665
Figure 408 FTP Session Example ...................................................................................... 666
Figure 409 System Maintenance: Backup Configuration .................................................... 668
Figure 410 System Maintenance: Starting Xmodem Download Screen ............................. 668
Figure 411 Backup Configuration Example ......................................................................... 669
Figure 412 Successful Backup Confirmation Screen .......................................................... 669
Figure 413 Telnet into Menu 24.6 ........................................................................................ 670
Figure 414 Restore Using FTP Session Example ............................................................... 671
Figure 415 System Maintenance: Restore Configuration ................................................... 671
Figure 416 System Maintenance: Starting Xmodem Download Screen ............................. 671
Figure 417 Restore Configuration Example ........................................................................ 671
Figure 418 Successful Restoration Confirmation Screen ............... .... ................................ 672
Figure 419 Telnet Into Menu 24.7.1: Upload System Firmware ...... .... ... ... ... .... ... ... ... ... .... ... 673
Figure 420 Telnet Into Menu 24.7.2: System Maintenance ................................... ... ... ....... 673
Figure 421 FTP Session Example of Firmware File Upload ............................................... 674
Figure 422 Menu 24.7.1 As Seen Using the Console Port ................................................. 676
Figure 423 Example Xmodem Upload ................................................................................ 676
Figure 424 Menu 24.7.2 As Seen Using the Console Port ................................................ 677
40 List of Figures
ZyWALL 5/35/70 Series User’s Guide
Figure 425 Example Xmodem Upload ................................................................................ 677
Figure 426 Command Mode in Menu 24 ............................................................................. 679
Figure 427 Valid Commands ............................................................................................... 680
Figure 428 Call Control ....................................................................................................... 681
Figure 429 Budget Management ......................................................................................... 682
Figure 430 Call History ........................................................................................................683
Figure 431 Menu 24: System Maintenance ........................................................................ 684
Figure 432 Menu 24.10 System Maintenance: Time and Date Setting ............................... 684
Figure 433 Menu 24.11 – Remote Management Control .................................................... 688
Figure 434 Menu 25: Sample IP Routing Policy Summary ................................................. 691
Figure 435 Menu 25.1: IP Routing Policy Setup ................................................................. 693
Figure 436 Menu 25.1.1: IP Routing Policy Setup .............................................................. 695
Figure 437 Example of IP Policy Routing ............................................................................ 696
Figure 438 IP Routing Policy Example 1 ............................................................................. 697
Figure 439 IP Routing Policy Example 2 ............................................................................. 698
Figure 440 Schedule Setup ................................................................................................. 699
Figure 441 Schedule Set Setup .......................................................................................... 700
Figure 442 Applying Schedule Set(s) to a Remote Node (PPPoE) .................................... 701
Figure 443 Applying Schedule Set(s) to a Remote Node (PPTP) ............. ... .... ... ... ... ... .... ... 702
Figure 444 Pop-up Blocker ................................................................................................. 706
Figure 445 Internet Options: Privacy ................................................................................... 707
Figure 446 Internet Options: Privacy ................................................................................... 708
Figure 447 Pop-up Blocker Settings ................................................................................... 709
Figure 448 Internet Options: Security ................................................................................. 710
Figure 449 Security Settings - Java Scripting ..................................................................... 711
Figure 450 Security Settings - Java .................................................................................... 712
Figure 451 Java (Sun) ......................................................................................................... 713
Figure 452 WLAN Card Installation ................................. .................... ................... ............. 720
Figure 453 Console/Dial Backup Port Pin Layout ........... .... ... ... ... ... .... ... ... .......................... 720
Figure 454 Ethernet Cable Pin Assignments ...................................................................... 721
Figure 455 Attaching Rubber Feet .................................................................................... 724
Figure 456 Attaching Mounting Brackets and Screws ........................................................ 725
Figure 457 Rack Mounting .................................................................................................. 725
Figure 458 WIndows 95/98/Me: Network: Configuration ........... ............. ............. ............. ... 730
Figure 459 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 731
Figure 460 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 732
Figure 461 Windows XP: Start Menu .................................................................................. 733
Figure 462 Windows XP: Control Panel .............................................................................. 733
Figure 463 Windows XP: Control Panel: Network Connections: Properties ....................... 734
Figure 464 Windows XP: Local Area Connection Properties ....... ....................................... 734
Figure 465 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 735
Figure 466 Windows XP: Advanced TCP/IP Properties ......... ............. ............. ............ ....... 736
Figure 467 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 737
List of Figures 41
ZyWALL 5/35/70 Series User’s Guide
Figure 468 Macintosh OS 8/9: Apple Menu ........................................................................ 738
Figure 469 Macintosh OS 8/9: TCP/IP ................................................................................ 738
Figure 470 Macintosh OS X: Apple Menu ........................................................................... 739
Figure 471 Macintosh OS X: Network ................................................................................. 740
Figure 472 Red Hat 9.0: KDE: Network Configuration: Devices ........................................ 741
Figure 473 Red Hat 9.0: KDE: Ethernet Device: General . ... ... ... ... .... ... ... ... .... ... ... ... .......... 741
Figure 474 Red Hat 9.0: KDE: Network Configuration: DNS ............................................. 742
Figure 475 Red Hat 9.0: KDE: Network Configuration: Activate .......................... ............. 742
Figure 476 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 .............................. 743
Figure 477 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 .................................. 743
Figure 478 Red Hat 9.0: DNS Settings in resolv.conf ...................................................... 743
Figure 479 Red Hat 9.0: Restart Ethernet Card ................................................................ 744
Figure 480 Red Hat 9.0: Checking TCP/IP Properties ...................................................... 744
Figure 481 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 757
Figure 482 Basic Service Set .............................................................................................. 758
Figure 483 Infrastructure WLAN ......................................................................................... 759
Figure 484 RTS/CTS ........................................................................................................... 760
Figure 485 EAP Authentication ........................................................................................... 763
Figure 486 WEP Authentication Steps ................................................................................ 766
Figure 487 Roaming Example ............................................................................................. 769
Figure 488 Windows 98 SE: WinPopup ............................................................................ 771
Figure 489 WIndows 98 SE: Program Task Bar ............ .......... ............. ............. ............. ... 771
Figure 490 Windows 98 SE: Task Bar Properties .......................................................... 772
Figure 491 Windows 98 SE: StartUp ................................................................................. 772
Figure 492 Windows 98 SE: Startup: Create Shortcut ..................................................... 773
Figure 493 Windows 98 SE: Startup: Select a Title for the Program ................................ 773
Figure 494 Windows 98 SE: Startup: Shortcut .................................................................. 774
Figure 495 VPN Rules ........................................................................................................ 776
Figure 496 Headquarters Gateway Policy Edit ...................................................... ... ... .... ... 777
Figure 497 Branch Office Gateway Policy Edit ................................................... ... ... ... .... ... 778
Figure 498 Headquarters VPN Rule ................................................................................... 779
Figure 499 Branch Office VPN Rule ................................................................................... 779
Figure 500 Headquarters Network Policy Edit .................................................................... 780
Figure 501 Branch Office Network Policy Edit .................................................................... 781
Figure 502 VPN Rule Configured ........................... ......... ....... ......... .......... .......... ......... ....... 782
Figure 503 VPN Dial ........................................................................................................... 782
Figure 504 VPN Tunnel Established ................................................................................... 782
Figure 505 VPN Log Example ............................................................................................ 784
Figure 506 IKE/IPSec Debug Example ..............................................................................785
Figure 507 Security Certificate ............................................................................................ 787
Figure 508 Login Screen ..................................................................................................... 788
Figure 509 Certificate General Information before Import ................................................... 788
Figure 510 Certificate Import Wizard 1 ............................................................................... 789
42 List of Figures
ZyWALL 5/35/70 Series User’s Guide
Figure 511 Certificate Import Wizard 2 ................................................................................ 789
Figure 512 Certificate Import Wizard 3 ............................................................................... 790
Figure 513 Root Certificate Store ........................................................................................ 790
Figure 514 Certificate General Information after Import ...................................................... 791
Figure 515 ZyWALL Trusted CA Screen ............................................................................. 792
Figure 516 CA Certificate Example ..................................................................................... 793
Figure 517 Personal Certificate Import Wizard 1 ................................................................ 794
Figure 518 Personal Certificate Import Wizard 2 ................................................................ 794
Figure 519 Personal Certificate Import Wizard 3 ................................................................ 795
Figure 520 Personal Certificate Import Wizard 4 ................................................................ 795
Figure 521 Personal Certificate Import Wizard 5 ................................................................ 796
Figure 522 Personal Certificate Import Wizard 6 ................................................................ 796
Figure 523 Access the ZyWALL Via HTTPS ....................................................................... 796
Figure 524 SSL Client Authentication ................................................................................. 797
Figure 525 ZyWALL Secure Login Screen .......................................................................... 797
Figure 526 Displaying Log Categories Example ................................................................. 800
Figure 527 Displaying Log Parameters Example ................................................................ 800
Figure 528 Routing Command Example ............................................................................. 802
Figure 529 Backup Gateway ............................................................................................... 803
Figure 530 Managing the Bandwidth of an IPSec SA ......................................................... 804
Figure 531 Managing the Bandwidth of an IKE SA ......................... .................................... 804
Figure 532 Routing Command Example ............................................................................. 805
Figure 533 Option to Enter Debug Mode ............................................................................ 823
Figure 534 Boot Module Commands ..................................................................................824
List of Figures 43
ZyWALL 5/35/70 Series User’s Guide
44 List of Figures
ZyWALL 5/35/70 Series User’s Guide

List of Tables

Table 1 ZyWALL Model Specific Features ......................................................................... 55
Table 2 Front Panel Lights ................................................................................................. 64
Table 3 Title Bar: Web Configurator Icons .......................................................................... 70
Table 4 Web Configurator HOME Screen in Router Mode ................................................. 71
Table 5 Web Configurator HOME Screen in Bridge Mode ................................................. 75
Table 6 Bridge and Router Mode Features Comparison .......................................... ... .... ... 78
Table 7 Screens Summary ................................................................................................. 79
Table 8 HOME > Show Statistics ....................................................................................... 84
Table 9 HOME > Show Statistics > Line Chart ................................................................... 85
Table 10 HOME > DHCP Table .......................................................................................... 86
Table 11 HOME > VPN Status ............................................................................................ 87
Table 12 ISP Parameters: Ethernet Encapsulation ............................................................ 91
Table 13 ISP Parameters: PPPoE Encapsulation .............................................................. 92
Table 14 ISP Parameters: PPTP Encapsulation ................................................................ 94
Table 15 Internet Access Wizard: Registration .................................................................. 97
Table 16 VPN Wizard: Gateway Setting ............................................................................. 100
Table 17 VPN Wizard: Network Setting .............................................................................. 102
Table 18 VPN Wizard: IKE Tunnel Setting ......................................................................... 104
Table 19 VPN Wizard: IPSec Setting ................................................................................. 105
Table 20 VPN Wizard: VPN Status ..................................................................................... 107
Table 21 REGISTRATION .................................................................................................. 125
Table 22 REGISTRATION > Service .................................................................................. 127
Table 23 NETWORK > LAN ............................................................................................... 133
Table 24 NETWORK > LAN > Static DHCP ....................................................................... 136
Table 25 NETWORK > LAN > IP Alias ............................................................................... 138
Table 26 NETWORK > LAN > Port Roles .......................................................................... 140
Table 27 STP Path Costs ................................................................................................... 142
Table 28 STP Port States ................................................................................................... 143
Table 29 NETWORK > Bridge ............................................................................................ 144
Table 30 NETWORK > Bridge > Port Roles ....................................................................... 146
Table 31 Least Load First: Example 1 ................................................................................ 149
Table 32 Least Load First: Example 2 ................................................................................ 149
Table 33 NETWORK > WAN (General) .............................................................................. 153
Table 34 Load Balancing: Least Load First ........................................................................ 155
Table 35 Load Balancing: Weighted Round Robin ............................. ... ... ... .... ... ... ... ... .... ... 156
Table 36 Load Balancing: Spillover .......................... ... ... .... ... ... ... ... .... ... ... ... ....................... 157
Table 37 NETWORK > WAN (Route) ................................................................................. 158
Table 38 Private IP Address Ranges ................................................................................. 159
List of Tables 45
ZyWALL 5/35/70 Series User’s Guide
Table 39 Example of Network Properties for LAN Servers with Fixed IP Addresses ......... 160
Table 40 NETWORK > WAN > WAN (Ethernet Encapsulation) ......................................... 161
Table 41 NETWORK > WAN > WAN (PPPoE Encapsulation) ........................................... 165
Table 42 NETWORK > WAN > WAN (PPTP Encapsulation) ............................................. 168
Table 43 NETWORK > WAN > Traffic Redirect .................................................................. 171
Table 44 NETWORK > WAN > Dial Backup ....................................................... ................ 173
Table 45 NETWORK > WAN > Dial Backup > Edit ............................................................ 176
Table 46 NETWORK > DMZ .............................................................................................. 180
Table 47 NETWORK > DMZ > Static DHCP ...................................................................... 183
Table 48 NETWORK > DMZ > IP Alias .............................................................................. 184
Table 49 NETWORK > DMZ > Port Roles ......................................................................... 188
Table 50 NETWORK > WLAN ............................................................................................ 190
Table 51 NETWORK > WLAN > Static DHCP .................................................................... 193
Table 52 NETWORK > WLAN > IP Alias ........................................................................... 194
Table 53 NETWORK > WLAN > Port Roles ....................................................................... 197
Table 54 Wireless Security Relational Matrix ..................... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... 199
Table 55 NETWORK > WIRELESS CARD: No Security .................................................... 206
Table 56 NETWORK > WIRELESS CARD: Static WEP .................................................... 208
Table 57 NETWORK > WIRELESS CARD: WPA-PSK ......................................................209
Table 58 NETWORK > WIRELESS CARD: WPA .............................................................. 210
Table 59 NETWORK > WIRELESS CARD: 802.1x + Dynamic WEP ................................ 212
Table 60 NETWORK > WIRELESS CARD: 802.1x + Static WEP ..................................... 213
Table 61 NETWORK > WIRELESS CARD: 802.1x + No WEP .......................................... 215
Table 62 NETWORK > WIRELESS CARD: No Access 802.1x + Static WEP ...................216
Table 63 NETWORK > WIRELESS CARD: MAC Address Filter ....................................... 217
Table 64 Blocking All LAN to WAN IRC Traffic Example .................................................... 227
Table 65 Limited LAN to WAN IRC Traffic Example ........................................................... 228
Table 66 SECURITY > FIREWALL > Default Rule (Router Mode) .................................... 231
Table 67 SECURITY > FIREWALL > Default Rule (Bridge Mode) ..................................... 233
Table 68 SECURITY > FIREWALL > Rule Summary ......................................................... 234
Table 69 SECURITY > FIREWALL > Rule Summary > Edit ..............................................237
Table 70 SECURITY > FIREWALL > Anti-Probing ............................................................. 239
Table 71 SECURITY > FIREWALL > Threshold ................................................................ 241
Table 72 SECURITY > FIREWALL > Service .................................................................... 243
Table 73 SECURITY > FIREWALL > Service > Add .......................................................... 244
Table 74 SECURITY > IDP > General Setup ..................................................................... 256
Table 75 SECURITY > IDP > Signature: Attack Types ...................................................... 258
Table 76 SECURITY > IDP > Signature: Intrusion Severity ............................................... 259
Table 77 SECURITY > IDP > Signature: Actions ............................................................... 260
Table 78 SECURITY > IDP > Signature: Group View ........................................................ 261
Table 79 SECURITY > IDP > Signature: Query View ........................................................ 263
Table 80 SECURITY > IDP > Update ................................................................................. 268
Table 81 Common Computer Virus Types ......................................................................... 271
46 List of Tables
ZyWALL 5/35/70 Series User’s Guide
Table 82 SECURITY > ANTI-VIRUS > General ................................................................. 275
Table 83 SECURITY > ANTI-VIRUS > Signature: Query View .......................................... 277
Table 84 SECURITY > ANTI-SPAM > General .................................................................. 290
Table 85 SECURITY > ANTI-SPAM > External DB ............................................................ 293
Table 86 SECURITY > ANTI-SPAM > Lists ........................................................................ 295
Table 87 SECURITY > ANTI-SPAM > Lists > Edit ............................................................. 297
Table 88 SECURITY > CONTENT FILTER > General ....................................................... 300
Table 89 SECURITY > CONTENT FILTER > Categories .................................................. 304
Table 90 SECURITY > CONTENT FILTER > Customization ............................................. 311
Table 91 SECURITY > CONTENT FILTER > Cache ......................................................... 314
Table 92 SECURITY > VPN > VPN Rules (IKE) ................................................................ 326
Table 93 VPN Example: Matching ID Type and Content .................................................... 329
Table 94 VPN Example: Mismatching ID Type and Content .............................................. 329
Table 95 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy ............................ 336
Table 96 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy ............................. 344
Table 97 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy .......................... 347
Table 98 SECURITY > VPN > VPN Rules (Manual) .......................................................... 349
Table 99 SECURITY > VPN > VPN Rules (Manual) > Edit ................................................ 351
Table 100 SECURITY > VPN > SA Monitor ....................................................................... 353
Table 101 SECURITY > VPN > Global Setting .................................................................. 354
Table 102 Telecommuters Sharing One VPN Rule Example ............................................. 356
Table 103 Telecommuters Using Unique VPN Rules Example .......................................... 357
Table 104 SECURITY > CERTIFICATES > My Certificates ............................................... 366
Table 105 SECURITY > CERTIFICATES > My Certificates > Details ................................ 369
Table 106 SECURITY > CERTIFICATES > My Certificates > Export ................................ 371
Table 107 SECURITY > CERTIFICATES > My Certificates > Import ................................ 373
Table 108 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 ............... 374
Table 109 SECURITY > CERTIFICATES > My Certificates > Create ................................ 375
Table 110 SECURITY > CERTIFICATES > Trusted CAs ................................................... 377
Table 111 SECURITY > CERTIFICATES > Trusted CAs > Details .................................... 379
Table 112 SECURITY > CERTIFICATES > Trusted CAs Import ........................................ 382
Table 113 SECURITY > CERTIFICATES > Trusted Remote Hosts ................................... 383
Table 114 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import ..................... 385
Table 115 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details .................... 386
Table 116 SECURITY > CERTIFICATES > Directory Servers ........................................... 389
Table 117 SECURITY > CERTIFICATES > Directory Server > Add .................................. 390
Table 118 SECURITY > AUTH SERVER > Local User Database ..................................... 393
Table 119 SECURITY > AUTH SERVER > RADIUS ......................................................... 394
Table 120 NAT Definitions .................................................................................................. 395
Table 121 NAT Mapping Types .......................................................................................... 399
Table 122 ADVANCED > NAT > NAT Overview .................................................................400
Table 123 ADVANCED > NAT > Address Mapping ............................................................ 402
Table 124 ADVANCED > NAT > Address Mapping > Edit ................................................. 404
List of Tables 47
ZyWALL 5/35/70 Series User’s Guide
Table 125 Services and Port Numbers ............................................................................... 405
Table 126 ADVANCED > NAT > Port Forwarding .............................................................. 408
Table 127 ADVANCED > NAT > Port Triggering ................................................................ 410
Table 128 ADVANCED > STATIC ROUTE > IP Static Route ............................................. 414
Table 129 ADVANCED > STATIC ROUTE > IP Static Route > Edit ................................... 415
Table 130 ADVANCED > POLICY ROUTE > Policy Route Summary ............................... 419
Table 131 ADVANCED > POLICY ROUTE > Edit .............................................................. 420
Table 132 Application and Subnet-based Bandwidth Management Example .................... 425
Table 133 Maximize Bandwidth Usage Example ............................................................... 426
Table 134 Priority-based Allotment of Unused and Unbudgeted Bandwidth Example ....... 427
Table 135 Fairness-based Allotment of Unused and Unbudgeted Bandwidth Example .... 427
Table 136 Bandwidth Borrowing Example .......................................................................... 428
Table 137 Over Allotment of Bandwidth Example .............................................................. 429
Table 138 ADVANCED > BW MGMT > Summary ............................................................. 430
Table 139 ADVANCED > BW MGMT > Class Setup ......................................................... 432
Table 140 ADVANCED > BW MGMT > Class Setup > Add Sub-Class ............................. 434
Table 141 Services and Port Numbers ............................................................................... 436
Table 142 ADVANCED > DNS > Add (Address Record) ................................................... 443
Table 143 ADVANCED > REMOTE MGMT > WWW ......................................................... 454
Table 144 ADVANCED > REMOTE MGMT > SSH ............................................................ 462
Table 145 ADVANCED > REMOTE MGMT > Telnet .......................................................... 466
Table 146 ADVANCED > REMOTE MGMT > FTP ............................................................ 467
Table 147 SNMP Traps ...................................................................................................... 469
Table 148 ADVANCED > REMOTE MGMT > SNMP ......................................................... 470
Table 149 ADVANCED > REMOTE MGMT > DNS ............................................................ 471
Table 150 ADVANCED > REMOTE MGMT > CNM ........................................................... 472
Table 151 ADVANCED > UPnP ......................................................................................... 476
Table 152 ADVANCED > UPnP > Ports ............................................................................. 478
Table 153 ADVANCED > ALG ............................................................................................ 490
Table 154 REPORTS > SYSTEM REPORTS .................................................................... 492
Table 155 REPORTS > SYSTEM REPORTS: Web Site Hits Report ................................. 493
Table 156 REPORTS > SYSTEM REPORTS: Host IP Address ........................................ 494
Table 157 REPORTS > SYSTEM REPORTS: Protocol/ Port ............................................ 495
Table 158 Report Specifications ......................................................................................... 496
Table 159 REPORTS > THREAT REPORTS > IDP ........................................................... 497
Table 160 REPORTS > THREAT REPORTS > Anti-Virus .................................................499
Table 161 REPORTS > THREAT REPORTS > Anti-Spam ................................................ 500
Table 162 LOGS > View Log .............................................................................................. 504
Table 163 Log Description Example ................................................................................... 504
Table 164 LOGS > Log Settings ........................................................................................ 508
Table 165 System Maintenance Logs ................................................................................ 509
Table 166 System Error Logs ............................................................................................. 511
Table 167 Access Control Logs .......................................................................................... 511
48 List of Tables
ZyWALL 5/35/70 Series User’s Guide
Table 168 TCP Reset Logs ................................................................................................ 512
Table 169 Packet Filter Logs .............................................................................................. 513
Table 170 ICMP Logs ......................................................................................................... 513
Table 171 CDR Logs .......................................................................................................... 513
Table 172 PPP Logs ........................................................................................................... 514
Table 173 UPnP Logs ........................................................................................................ 514
Table 174 Content Filtering Logs ....................................................................................... 514
Table 175 Attack Logs ........................................................................................................ 515
Table 176 Remote Management Logs ............................................................................... 516
Table 177 Wireless Logs .................................................................................................... 517
Table 178 IPSec Logs ........................................................................................................ 517
Table 179 IKE Logs ............................................................................................................518
Table 180 PKI Logs ............................................................................................................521
Table 181 802.1X Logs ...................................................................................................... 522
Table 182 ACL Setting Notes ............................................................................................. 523
Table 183 ICMP Notes ....................................................................................................... 524
Table 184 IDP Logs ............................................................................................................525
Table 185 AV Logs .............................................................................................................526
Table 186 AS Logs .............................................................................................................527
Table 187 Syslog Logs ....................................................................................................... 529
Table 188 RFC-2408 ISAKMP Payload Types ................................................................... 530
Table 189 MAINTENANCE > General Setup ..................................................................... 532
Table 190 MAINTENANCE > Password ............................................................................ 533
Table 191 MAINTENANCE > Time and Date ..................................................................... 534
Table 192 MAC-address-to-port Mapping Table ................................................................. 537
Table 193 MAINTENANCE > Device Mode (Router Mode) ............................................... 539
Table 194 MAINTENANCE > Device Mode (Bridge Mode) ............................................... 541
Table 195 MAINTENANCE > Firmware Upload ................................................................. 542
Table 196 Restore Configuration ........................................................................................ 545
Table 197 Main Menu Commands .............................. ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... 550
Table 198 Main Menu Summary .............................. ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... 552
Table 199 SMT Menus Overview ....................................................................................... 553
Table 200 Menu 1: General Setup (Router Mode) ............................................................. 557
Table 201 Menu 1: General Setup (Bridge Mode) ................. ............. ............. ............ ....... 558
Table 202 Menu 1.1: Configure Dynamic DNS .................................................................. 559
Table 203 Menu 1.1.1: DDNS Host Summary ....................................................................560
Table 204 Menu 1.1.1: DDNS Edit Host ............................................................................. 561
Table 205 MAC Address Cloning in WAN Setup ................................................................ 564
Table 206 Menu 2: Dial Backup Setup ............................................................................... 565
Table 207 Advanced WAN Port Setup: AT Commands Fields ........................................... 566
Table 208 Advanced WAN Port Setup: Call Control Parameters ....................................... 567
Table 209 Menu 11.3: Remote Node Profile (Backup ISP) ... ... ... ... .................................... 568
Table 210 Menu 11.3.1: Remote Node PPP Options ......................................................... 570
List of Tables 49
ZyWALL 5/35/70 Series User’s Guide
Table 211 Menu 11.3.2: Remote Node Network Layer Options ......................................... 571
Table 212 Menu 11.3.3: Remote Node Script .................................................................... 574
Table 213 Menu 3.2: DHCP Ethernet Setup Fields ............................................................ 577
Table 214 Menu 3.2: LAN TCP/IP Setup Fields ................................................................. 578
Table 215 Menu 3.2.1: IP Alias Setup ................................................................................ 579
Table 216 Menu 4: Internet Access Setup (Ethernet) ....................................................... 582
Table 217 New Fields in Menu 4 (PPTP) Screen ............................................................... 583
Table 218 New Fields in Menu 4 (PPPoE) screen ............................................................. 584
Table 219 Menu 6.1: Route Assessment ........................................................................... 590
Table 220 Menu 6.2: Traffic Redirect ................................................................................. 590
Table 221 Menu 6.3: Route Failover .................................................................................. 591
Table 222 Menu 7.1: Wireless Setup ................................................................................. 594
Table 223 Menu 7.1.1: WLAN MAC Address Filter ............................................................ 595
Table 224 Menu 11.1: Remote Node Profile for Ethernet Encapsulation ........................... 601
Table 225 Fields in Menu 11.1 (PPPoE Encapsulation Specific) .......................................603
Table 226 Menu 11.1: Remote Node Profile for PPTP Encapsulation ............................... 604
Table 227 Remote Node Network Layer Options Menu Fields .......................................... 605
Table 228 Menu 11.1.5: Traffic Redirect Setup .................................................................. 608
Table 229 Menu 12. 1: Edit IP Static Route ........................................................................ 610
Table 230 Applying NAT in Menus 4 & 11.1.2 .................................................................... 613
Table 231 SUA Address Mapping Rules ............................................................................ 615
Table 232 Fields in Menu 15.1.1 ........................................................................................ 616
Table 233 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set ........................ 617
Table 234 15.2.1.2: NAT Server Configuration ................................................................... 620
Table 235 Menu 15.3.1: Trigger Port Setup ....................................................................... 629
Table 236 Abbreviations Used in the Filter Rules Summary Menu .................................... 637
Table 237 Rule Abbreviations Used ................................................................................... 637
Table 238 Menu 21.1.1.1: TCP/IP Filter Rule ..................................................................... 638
Table 239 Generic Filter Rule Menu Fields ........................................................................ 641
Table 240 SNMP Configuration Menu Fields ..................................................................... 649
Table 241 SNMP Traps ...................................................................................................... 650
Table 242 System Maintenance: Status Menu Fields ........................................................ 652
Table 243 Fields in System Maintenance: Information ....................................................... 654
Table 244 System Maintenance Menu Syslog Parameters ................................................ 656
Table 245 System Maintenance Menu Diagnostic ............................................................. 661
Table 246 Filename Conventions ....................................................................................... 664
Table 247 General Commands for GUI-based FTP Clients ............................................... 666
Table 248 General Commands for GUI-based TFTP Clients ............................................. 668
Table 249 Valid Commands ............................................................................................... 680
Table 250 Budget Management ......................................................................................... 682
Table 251 Call History ........................................................................................................683
Table 252 Menu 24.10 System Maintenance: Time and Date Setting ............................... 685
Table 253 Menu 24.11 – Remote Management Control ..................................................... 688
50 List of Tables
ZyWALL 5/35/70 Series User’s Guide
Table 254 Menu 25: Sample IP Routing Policy Summary .................................................. 691
Table 255 IP Routing Policy Setup ..................................................................................... 692
Table 256 Menu 25.1: IP Routing Policy Setup .................................................................. 693
Table 257 Menu 25.1.1: IP Routing Policy Setup ............................................................... 695
Table 258 Schedule Set Setup ........................................................................................... 700
Table 259 Troubleshooting the Start-Up of Your ZyWALL .................................................. 703
Table 260 Troubleshooting the LAN Interface .................................................................... 703
Table 261 Troubleshooting the DMZ Interface ................................................................... 704
Table 262 Troubleshooting the WAN Interface ................................................................... 704
Table 263 Troubleshooting Accessing the ZyWALL ........................................................... 705
Table 264 Device Specifications ......................................................................................... 715
Table 265 Performance ...................................................................................................... 716
Table 266 Firmware Features ............................................................................................ 716
Table 267 Feature Specifications ....................................................................................... 718
Table 268 Compatible ZyXEL WLAN Cards and Security Features .................................. 719
Table 269 Console/Dial Backup Port Pin Assignments ...................................................... 721
Table 270 Classes of IP Addresses ................................................................................... 746
Table 271 Allowed IP Address Range By Class .................................................................746
Table 272 “Natural” Masks ................................................................................................ 747
Table 273 Alternative Subnet Mask Notation ..................................................................... 747
Table 274 Two Subnets Example ....................................................................................... 748
Table 275 Subnet 1 ............................................................................................................748
Table 276 Subnet 2 ............................................................................................................749
Table 277 Subnet 1 ............................................................................................................749
Table 278 Subnet 2 ............................................................................................................750
Table 279 Subnet 3 ............................................................................................................750
Table 280 Subnet 4 ............................................................................................................750
Table 281 Eight Subnets .................................................................................................... 751
Table 282 Class C Subnet Planning ................................................................................... 751
Table 283 Class B Subnet Planning ................................................................................... 752
Table 284 Commonly Used Services ....................................................... ... .... ... ... ... ... .... ... 753
Table 285 IEEE802.11g ...................................................................................................... 761
Table 286 Comparison of EAP Authentication Types ......................................................... 767
Table 287 Wireless Security Relational Matrix ................................................................... 768
Table 288 Firewall Commands ........................................................................................... 807
Table 289 NetBIOS Filter Default Settings ......................................................................... 814
Table 290 Certificates Commands ..................................................................................... 817
Table 291 Brute-Force Password Guessing Protection Commands .................................. 821
List of Tables 51
ZyWALL 5/35/70 Series User’s Guide
52 List of Tables
ZyWALL 5/35/70 Series User’s Guide

Preface

Congratulations on your purchase of the ZyWALL.
Note: Register your product online to receive e-mail no tices of firmware upgrades and
information at www.zyxel.com North American products.
Your ZyWALL is easy to install and configure.
About This User's Guide
This manual is designed to guide you through the configuration of your ZyWALL for its various applications. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator.
Note: Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your ZyWALL. Not all features can be configured through all interfaces.
for global products, or at www.us.zyxel.com for
Related Documentation
• Supporting Disk Refer to the included CD for support documents.
• Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains
connection information and instructions on getting started. Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary
information.
• ZyXEL Web Site Please go to http://www.zyxel.com for product news, firmware, updated documents, and
other support materials.
User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you!
Preface 53
ZyWALL 5/35/70 Series User’s Guide
Syntax Conventions
• “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices.
• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.
• Mouse action sequences are denoted using a comma. For example, “In Windows, click Start, Settings and then Control Panel” means first click the Start button, then point your mouse pointer to Settings and then click Control Panel.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
Graphics Icons Key
ZyWALL Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
Wireless Signal
54 Preface
ZyWALL 5/35/70 Series User’s Guide
CHAPTER 1

Getting to Know Your ZyWALL

This chapter introduces the main features and applications of the ZyWALL.

1.1 ZyWALL Internet Security Appliance Overview

The ZyWALL is loaded with security features including VPN, firewall, content filtering, anti­spam, IDP (Intrusion Detection and Prevention), anti-virus and certificates. The ZyWALL’s De-Militarized Zone (DMZ) increases LAN security by providing separate ports for connecting publicly accessible servers. The ZyWALL 70 and ZyWALL 35 are designed for small and medium sized business that need the increased throughput and reliability of dual WAN ports and load balancing. The ZyWALL 35 and ZyWALL 5 provide the option to change port roles from LAN to DMZ.
You can also deploy the ZyWALL as a transparent firewall in an existing network with minimal configuration.
The ZyWALL provides bandwidth management, NAT, port forwarding, policy routing (not available for the ZyWALL 5), DHCP server and many other powerful features.
You can add a IEEE 802.11b/g-compliant wireless LAN by either inserting a wireless LAN card into the PCMCIA/CardBus slot or connecting an access point (AP) to an Ethernet port in a WLAN port role. If you insert a wireless LAN card to add a WLAN, the ZyWALL offers highly secured wireless connectivity to your wired network with IEEE 802.1x, WEP data encryption, WPA (Wi-Fi Protected Access) and MAC address filtering. You can use the wireless card as part of the LAN, DMZ or WLAN.

1.2 ZyWALL Features

The following table lists model specific features.
Note: See the product specifications in the appendix for detailed features and
standards support.
Table 1 ZyWALL Model Specific Features
MODEL # FEATURE
Multiple WAN O O Load Balancing O O
Chapter 1 Getting to Know Your ZyWALL 55
70 35 5
ZyWALL 5/35/70 Series User’s Guide
Table 1 ZyWALL Model Specific Features
MODEL # FEATURE
Changing Port Roles between the LAN and DMZ O O Policy Route O O
Table Key: An O in a mode’s column shows that the device mode has the specified feature. The information in this table was correct at the time of writing, although it may be subject to change.

1.2.1 Physical Features

LAN Port
The 10/100 Mbps auto-negotiating Ethernet LAN port(s) allows the ZyWALL to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfers of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they automatically adjust to either a crossover or straight-through Ethernet cable.
DMZ Ports
70 35 5
Public servers (Web, FTP, etc.) attached to a DeMilitarized Zone (DMZ) port are visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death) and can also be accessed from the secure LAN.
The 10/100 Mbps auto-negotiating Ethernet ports allow the ZyWALL to detect the speed of incoming transmissions and adjust appropriately without manual intervention. They allow data transfers of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they automatically adjust to either a crossover or straight-through Ethernet cable.
WLAN Ports
You can set some of the Ethernet ports to a WLAN port role. This allows you to connect wireless LAN Access Points (APs) to extend the ZyWALL’s wireless LAN coverage area.
Dual Auto-negotiating 10/100 Mbps Ethernet WAN (Single on the ZyWALL 5)
The Ethernet WAN ports connect to the Internet via broadband modem or router. You can use a second connection for load sharing to increase overall network throughput or as a backup to enhance network reliability.
56 Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
The 10/100 Mbps auto-negotiating Ethernet ports allow the ZyWALL to detect the speed of incoming transmissions and adjust appropriately without manual intervention. They allow data transfers of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they automatically adjust to either a crossover or straight-through Ethernet cable.
Dial Backup WAN
The dial backup port can be used in reserve as a traditional dial-up connection when/if ever the WAN, (or WAN 1, 2) and traffic redirect connections fail.
Time and Date
The ZyWALL allows you to get the current time and date from an external server when you turn on your ZyWALL. You can also set the time manually. The Real Time Chip (RTC) keeps track of the time and date.
Reset Button
Use the reset button to restore the factory default password to 1234; IP address to 192.168.1.1, subnet mask to 255.255.255.0 and DHCP server enabled with a pool of 32 IP addresses starting at 192.168.1.33.
Dual PCMCIA and CardBus Slot
The dual PCMCIA and CardBus slot provides the option of a wireless LAN. You can alternatively insert a ZyWALL Turbo Card to use the anti-virus and IDP features.
IEEE 802.11 b/g Wireless LAN
The optional wireless LAN card provides mobility and a fast network environment for small and home offices. Users can connect to the local area network without any wiring efforts and enjoy reliable high-speed connectivity .

1.2.2 Non-Physical Features

Load Balancing
The ZyWALL improves quality of service and maximizes bandwidth utilization by dividing traffic loads between the two WAN interfaces (or ports).
Transparent Firewall
Transparent firewall is also known as a bridge firewall. The ZyWALL can act as a bridge and still have the capability of filtering and inspecting the packets between a router and the LAN, or two routers. You do not need to do any other changes to your existing network.
Chapter 1 Getting to Know Your ZyWALL 57
ZyWALL 5/35/70 Series User’s Guide
SIP Passthrough
The ZyWALL includes a SIP Application Layer Gateway (ALG). It allows VoIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream.
STP (Spanning Tree Protocol) / RSTP (Rapid STP)
When the ZyWALL is set to bridge mode, (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a bridge to interact with other (R)STP -compliant bridges in your network to ensure that only one path exists between any two stations on the network.
Bandwidth Management
Bandwidth management allows you to allocate network resources according to defined policies. This policy-based bandwidth allocation helps your network to better handle real-time applications such as Voice-over-IP (VoIP).
IPSec VPN Capability
Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The ZyWALL VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.
X-Auth (Extended Authentication)
X-Auth provides added security for VPN by requiring each VPN client to use a username and password.
Certificates
The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. Certificates provide a way to exchange public keys for use in authentication.
SSH
The ZyWALL uses the SSH (Secure Shell) secure communication protocol to provide secure encrypted communication between two hosts over an unsecured network.
HTTPS
HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol that encrypts and decrypts web sessions. Use HTTPS for secure web configurator access to the ZyWALL
58 Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
Firewall
The ZyWALL is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The ZyWALL firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.
Content Filtering
The ZyWALL can block web features such as ActiveX controls, Java applets and cookies, as well as disable web proxies. The ZyWALL can block or allow access to web sites that you specify. The ZyWALL can also block access to web sites containing keywords that you specify. You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering.
You can also subscribe to category-based content filtering that allows your ZyWALL to check web sites against an external database of dynamically updated ratings of millions of web sites.
Anti-Spam
The ZyWALL’s anti-spam feature helps detect and mark or discard junk e-mail (spam). he ZyWALL has a whitelist for identifying legitimate e-mail and a blacklist for identifying spam email. You can also subscribe to an anti-spam external database service that checks e-mail against more than a million know spam patterns.
Anti-Virus Scanner
With the anti-virus packet scanner , your ZyWALL scans files transmitting through the enabled interfaces into the network. The ZyWALL helps stop threats at the network edge before they reach the local host computers.
Intrusion Detection and Prevention (IDP)
IDP can detect and take actions on malicious or suspicious packets and traffic flows.
ZyWALL Turbo Card
ZyWALL Turbo Card is a co-processor accelerator that is used in conjunction with your ZyWALL for fast, efficient IDP (Intrusion Detection and Prevention) and AV (Anti Virus) traffic inspection.
Universal Plug and Play (UPnP)
Using the standard TCP/IP protocol, the ZyWALL and other UPnP-enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
Chapter 1 Getting to Know Your ZyWALL 59
ZyWALL 5/35/70 Series User’s Guide
RADIUS (RFC2138, 2139)
The ZyWALL can work with a RADIUS (Remote Authentication Dial In User Service) server for user authentication, authorization and accounting.
IEEE 802.1x for Network Security
The ZyWALL supports the IEEE 802.1x standard that works with the IEEE 802.11 to enhance user authentication. With the local user profile, the ZyWALL allows you to configure user profiles without a network authentication server. In addition, centralized user and accounting management is possible on an optional network authentication server.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption.
Wireless LAN MAC Address Filtering
Your ZyWALL can check the MAC addresses of wireless stations against a list of allowed or denied MAC addresses.
WEP Encryption
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private.
Packet Filtering
The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.
Call Scheduling
Configure call time periods to restrict and allow access for users on remote nodes.
PPPoE
PPPoE facilitates the interaction of a host with an Internet modem to achieve access to high­speed data networks via a familiar "dial-up networking" user interface.
PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network.
60 Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. The ZyWALL supports one PPTP server connection at any given time.
Dynamic DNS Support
With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.
IP Multicast
Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest version is version 2 (see RFC 2236); the ZyWALL supports both versions 1 and 2.
IP Alias
IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The ZyWALL supports three logical LAN, WLAN and/or DMZ interfaces via its single physical Ethernet LAN, WLAN and/or DMZ interface with the ZyWALL itself as the gateway for each network.
IP Policy Routing
IP Policy Routing provides a mechanism to override the default routing behavior and alter packet forwarding based on the policies defined by the network administrator.
Central Network Management
Central Network Management (CNM) allows an enterprise or service provider network administrator to manage your ZyWALL. The enterprise or service provider network administrator can configure your ZyWALL, perform firmware upgrades and do troubleshooting for you.
SNMP
SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyWALL supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyWALL through the network. The ZyWALL supports SNMP version one (SNMPv1).
Chapter 1 Getting to Know Your ZyWALL 61
ZyWALL 5/35/70 Series User’s Guide
Network Address Translation (NAT
Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
T raffic Redirect
Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the ZyWALL cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN connection fails.
Port Forwarding
Use this feature to forward incoming service requests to a server on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The ZyWALL has built-in DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS servers to all systems that support the DHCP client. The ZyWALL can also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients.
Full Network Management
The embedded web configurator is an all-platform web-based utility that allows you to easily access the ZyWALL’s management settings and configure the firewall. Most functions of the ZyWALL are also software configurable via the SMT (System Management Terminal) interface. The SMT is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.
RoadRunner Support
In addition to standard cable modem services, the ZyWALL supports Time Warner’s RoadRunner Service.
Logging and Tracing
Built-in message logging and packet tracing.
Syslog facility support.
62 Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
Upgrade ZyWA LL Firmware via LAN
The firmware of the ZyWALL can be upgraded via the LAN.
Embedded FTP and TFTP Servers
The ZyWALL’s embedded FTP and TFTP Servers enable fast firmware upgrades as well as configuration file backups and restoration.

1.3 Applications for the ZyWALL

Here are some examples of what you can do with your ZyWALL.

1.3.1 Secure Broadband Internet Access via Cable or DSL Modem

You can connect a cable modem, DSL or wireless modem to the ZyWALL for broadband Internet access via Ethernet or wireless port on the modem. The ZyW ALL guarantees not only high speed Internet access, but secure internal network protection and traffic management as well.
Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem

1.3.2 VPN Application

ZyWALL VPN is an ideal cost-effective way to connect branch offices, business partners and telecommuters over the Internet without the need (and expense) for leased lines between sites.
Chapter 1 Getting to Know Your ZyWALL 63
ZyWALL 5/35/70 Series User’s Guide
Figure 2 VPN Application

1.3.3 Front Panel Lights

Figure 3 ZyWALL 70 Front Panel
Figure 4 ZyWALL 35 Front Panel
Figure 5 ZyWALL 5 Front Panel
The following table describes the lights.
Table 2 Front Panel Lights
LED COLOR STATUS DESCRIPTION PWR Off The ZyWALL is turned off.
Green On The ZyWALL is turned on. Red On The po wer to the ZyWALL is too low.
SYS Green Off The ZyWALL is not ready or has failed.
On The ZyWALL is ready and running. Flashing The ZyWALL is restarting.
ACT Green Off The backup port is not connected.
Flashing The backup port is sending or receiving packets.
64 Chapter 1 Getting to Know Your ZyWALL
ZyWALL 5/35/70 Series User’s Guide
Table 2 Front Panel Lights (continued)
LED COLOR STATUS DESCRIPTION CARD Green Off The wireless LAN is not ready, or has failed.
On The wireless LAN is ready. Flashing The wireless LAN is sending or receiving packets.
LAN 10/100
(ZyWALL 70 only)
WAN1/2 10/100
or
WAN 10/100
DMZ 10/100
(ZyWALL 70 only)
LAN/DMZ 10/ 100
(ZyWALL 35 and ZyWALL 5)
Green On The ZyWALL has a successful 10Mbps Ethernet connection.
Orange On The ZyWALL has a successful 100Mbps Ethernet
Green On The ZyWALL has a successful 10Mbps WAN connection.
Orange On The ZyWALL has a successful 100Mbps WAN connection.
Green On The ZyWALL has a successful 10Mbps Ethernet connection.
Orange On The ZyWALL has a successful 100Mbps Ethernet
Green On The ZyWALL has a successful 10Mbps Ethernet connection.
Orange On The ZyWALL has a successful 100Mbps Ethernet
Off The LAN/DMZ is not connected.
Flashing The 10M LAN is sending or receiving packets.
connection. Flashing The 100M LAN is sending or receiving packets. Off The WAN connection is not ready, or has failed.
Flashing The 10M WAN is sending or receiving packets.
Flashing The 100M WAN is sending or receiving packets. Off The LAN/DMZ is not connected.
Flashing The 10M LAN is sending or receiving packets.
connection. Flashing The 100M LAN is sending or receiving packets. Off The LAN/DMZ is not connected.
Flashing The 10M LAN is sending or receiving packets.
connection. Flashing The 100M LAN is sending or receiving packets.
Chapter 1 Getting to Know Your ZyWALL 65
ZyWALL 5/35/70 Series User’s Guide
66 Chapter 1 Getting to Know Your ZyWALL
Introducing the Web
This chapter describes how to access the ZyWALL web configurator and provides an overview of its screens.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy ZyWALL setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
ZyWALL 5/35/70 Series User’s Guide
CHAPTER 2
Configurator
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
See the Troubleshooting chapter if you want to make sure these functions are allowed in Internet Explorer or Netscape Navigator.

2.2 Accessing the ZyWALL Web Configurator

Note: By default, the packets from WLAN to WLAN/ZyWALL are dropped and users
cannot configure the ZyWALL wirelessly.
1 Make sure your ZyWALL hardware is properly connected and prepare your computer/
computer network to connect to the ZyWALL (refer to the Quick Start Guide).
2 Launch your web browser. 3 Type "192.168.1.1" as the URL. 4 Type "1234" (default) as the password and click Login. In some versions, the default
password appears automatically - if this is the case, click Login.
5 You should see a screen asking you to change your password (highly recommended) as
shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.
Chapter 2 Introducing the Web Configurator 67
ZyWALL 5/35/70 Series User’s Guide
Figure 6 Change Password Screen
6 Click Apply in the Replace Certificate screen to create a certificate using your
ZyWALL’s MAC address that will be specific to this device.
Note: If you do not replace the default certificate here or in the CERTIFICATES
screen, this screen displays every time you access the web configurator.
Figure 7 Replace Certificate Screen
7 You should now see the HOME screen (see Figure 10 on page 71).
Note: The management session automatically times out when the time period set in
the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyWALL if this happens to you.

2.3 Resetting the ZyWALL

If you forget your password or cannot access the web configurator , you will need to reload the factory-default configuration file or use the RESET button on the back of the ZyWALL. Uploading this configuration file replaces the current configuration file with the factory­default configuration file. This means that you will lose all configurations that you had previously and the speed of the console port will be reset to the default of 9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will be reset to 1234, also.

2.3.1 Procedure To Use The Reset Button

Make sure the SYS LED is on (not blinking) before you begin this procedure.
68 Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
1 Press the RESET button for ten seconds, and then release it. If the SYS LED begins to
blink, the defaults have been restored and the ZyWALL restarts. Otherwise, go to step 2.
2 Turn the ZyWALL off. 3 While pressing the RESET button, turn the ZyWALL on. 4 Continue to hold the RESET button. The SYS LED will begin to blink and flicker very
quickly after about 20 seconds. This indicates that the defaults have been restored and the ZyWALL is now restarting.
5 Release the RESET button and wait for the ZyWALL to finish restarting.

2.3.2 Uploading a Configuration File Via Console Port

1 Download the default configuration file from the ZyXEL FTP site, unzip it and save it in
a folder.
2 Turn off the ZyWALL, begin a terminal emulation software session and turn on the
ZyWALL again. When you see the message "Press Any key to enter Debug Mode within 3 seconds", press any key to enter debug mode.
3 Enter "y" at the prompt below to go into debug mode. 4 Enter "atlc" after "Enter Debug Mode" message. 5 Wait for "Starting XMODEM upload" message before activating Xmodem upload on
your terminal. This is an example Xmodem configuration upload using HyperTerminal.
Figure 8 Example Xmodem Upload
Type the configuration file’s location, or click Browse to search for it.
Choose the Xmodem protocol.
Then click Send.
6 After successful firmware upload, enter "atgo" to restart the router.

2.4 Navigating the ZyWALL Web Configurator

The following summarizes how to navigate the web configurator from the HOME screen. This guide uses the ZyWALL 70 screenshots as an example. The screens may vary slightly for different ZyWALL models.
Chapter 2 Introducing the Web Configurator 69
ZyWALL 5/35/70 Series User’s Guide
Figure 9 HOME Screen
A
B
C
As illustrated above, the main screen is divided into these parts:
A - title bar
B - navigation panel
C - main window
D - status bar

2.4.1 Title Bar

The title bar provides some icons in the upper right corner.
The icons provide the following functions.
Table 3 Title Bar: Web Configurator Icons
ICON DESCRIPTION
D
Wizards: Click this icon to open one of the web configurator wizards. See Chapter 3
on page 89 for more information.
Help: Click this icon to open the help page for the current screen.
70 Chapter 2 Introducing the Web Configurator

2.4.2 Main Window

The main window shows the screen you select in the navigation panel. It is discussed in more detail in the rest of this document.
Right after you log in, the HOME screen is displayed. The screen varies according to the device mode you select in the MAINTENANCE > Device Mode screen.

2.4.3 HOME Screen: Router Mode

The following screen displays when the ZyWALL is set to router mode. This screen displays general status information about the ZyWALL. The ZyWALL is set to router mode by default. Not all fields are available on all models.
Figure 10 Web Configurator HOME Screen in Router Mode
ZyWALL 5/35/70 Series User’s Guide
The following table describes the labels in this screen.
Table 4 Web Configurator HOME Screen in Router Mode
LABEL DESCRIPTION
Automatic Refresh Interval
Refresh Click this button to update the status screen statistics immediately. System Information
Chapter 2 Introducing the Web Configurator 71
Select a number of seconds or None from the drop-down list box to update all screen statistics automatically at the end of every time interval or to not update the screen statistics.
ZyWALL 5/35/70 Series User’s Guide
Table 4 Web Configurator HOME Screen in Router Mode (continued)
LABEL DESCRIPTION
System Name This is the System Name you enter in the MAINTENANCE > General screen. It is
for identification purposes. Click the field label to go to the screen where you can
specify a name for this ZyWALL. Model This is the model name of your ZyWALL. Bootbase Version This is the bootbase version and the date created. Firmware Version This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's
Up Time This field displays how long the ZyW ALL has been running since it last started up.
System Time This field displays your ZyWALL’s present date (in yyyy-mm -dd format) and time
Device Mode This displays whether the ZyWALL is functioning as a router or a bridge. Click the
Firewall This displays whether or not the ZyWALL’s firewall is activated. Click the field
System Resources Flash The first number shows how many megabytes of the flash the ZyWALL is using. Memory The first number shows how many megabytes of the heap memory the ZyWALL is
Sessions The first number shows how many sessions are currently open on the ZyWALL.
CPU This field displays what percentage of the ZyWALL’s processing ability is currently
Interfaces This is the port type.
proprietary Network Operating System design. Click the field label to go to the
screen where you can upload a new firmware file.
The ZyWALL starts up when you turn it on, when you restart it (MAINTENANCE >
Restart), or when you reset it (see Section 2.3 on page 68).
(in hh:mm:ss format) along with the difference from the Greenwich Mean Time
(GMT) zone. The difference from GMT is based on the time zone. It is also
adjusted for Daylight Saving Time if you set the ZyWALL to use it. Click the field
label to go to the screen where you can modify the ZyWALL’s date and time
settings.
field label to go to the screen where you can configure the ZyWALL as a router or
a bridge.
label to go to the screen where you can turn the firewall on or off.
using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL
Network Operating System) and is thus available for running processes like NAT,
VPN and the firewall.
The second number shows the ZyWALL's total heap memory (in megabytes).
The bar displays what percent of the ZyWALL's heap memory is in use. The bar
turns from green to red when the maximum is being approached.
This includes all sessions that are currently traversing the ZyWALL, terminating at
the ZyWALL or Initiated from the ZyWALL
The second number is the maximum number of sessions that can be open at one
time.
The bar displays what percent of the maximum number of sessions is in use. The
bar turns from green to red when the maximum is being approached.
used. When this percentage is close to 100%, the ZyWALL is running at full load,
and the throughput is not going to improve anymore. If you want some
applications to have more throughput, you should turn off other applications (for
example, using bandwidth management.
Click "+" to expand or "-" to collapse the IP alias drop-down lists.
Hold your cursor over an interface’s label to display the interface’s MAC Address.
Click an interface’s label to go to the screen where you can configure settings for
that interface.
72 Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
Table 4 Web Configurator HOME Screen in Router Mode (continued)
LABEL DESCRIPTION
Status For the LAN, DMZ and WLAN ports, this displays the port speed and duplex
setting. Ethernet port connections can be in half-duplex or full-duplex mode. Full-
duplex refers to a device's ability to send and receive simultaneously, while half-
duplex indicates that traffic can flow in only one direction at a time. The Ethernet
port must use the same speed or duplex mode setting as the peer Ethernet port in
order to connect.
For the WAN and Dial Backup ports, it displays the port speed and duplex setting
if you’re using Ethernet encapsulation and Down (line is down or not connected),
Idle (line (ppp) idle), Dial (starting to trigger a call) or Drop (dropping a call) if
you’re using PPPoE encapsulation.
For the WLAN card, it displays the transmission rate when a wireless LAN card is
inserted and WLAN is enabled or Down when a wireless LAN card is not inserted
or WLAN is disabled. IP/Netmask This shows the port’s IP address and subnet mask. IP Assignment For the WAN, if the ZyWALL gets its IP address automatically from an ISP, this
Renew If you are using Ethernet encapsulation and the WAN port is configured to get the
Security Services Turbo Card This field displays whether or not a ZyWALL Turbo Card is installed.
displays DHCP client when you’re using Ethernet encapsulation and IPCP Client
when you’re using PPPoE or PPTP encapsulation. Static displays if the WAN port
is using a manually entered static (fixed) IP address.
For the LAN, WLAN or DMZ, DHCP server displays when the ZyWALL is set to
automatically give IP address information to the computers connected to the LAN.
DHCP relay displays when the ZyWALL is set to forward IP address assignment
requests to another DHCP server. Static displays if the LAN port is using a
manually entered static (fixed) IP address. In this case, you must have another
DHCP server on your LAN, or else the computers must be manually configured.
For the dial backup port, this shows N/A when dial backup is disabled and IPCP
client when dial backup is enabled.
IP address automatically from the ISP, click Renew to release the WAN port’s
dynamically assigned IP address and get the IP address afresh. Click Dial to dial
up the PPTP, PPPoE or dial backup connection. Click Drop to disconnect the
PPTP, PPPoE or dial backup connection.
Note: The ZyWALL must have a Turbo Card installed and a valid
service subscription to use the IDP and anti-virus features.
IDP/Anti-Virus Definitions
IDP/Anti-Virus Expiration Date
Anti-Spam Expiration Date
Content Filter Expiration Date
Intrusion Detected This displays how many intrusions the ZyWALL has detected since it last started
Chapter 2 Introducing the Web Configurator 73
This is the version number of the signatures set that the ZyWALL is using and the
date and time that the set was released. Click the field label to go to the screen
where you can update the signatures. N/A displays when there is no Turbo Card
installed or the service subscription has expired.
This is the date the IDP/anti-virus service subscription expires. Click the field label
to go to the screen where you can update your service subscription.
This is the date the anti-spam service subscription expires. Click the field label to
go to the screen where you can update your service subscription.
This is the date the category-based content filtering service subscription expires.
Click the field label to go to the screen where you can update your service
subscription.
up. N/A displays when there is no Turbo Card installed or the service subscription
has expired.
ZyWALL 5/35/70 Series User’s Guide
Table 4 Web Configurator HOME Screen in Router Mode (continued)
LABEL DESCRIPTION
Virus Detected This displays how many virus-infected files the ZyWALL has detected since it last
started up. It also displays the percentage of virus-infected files out of the total
number of files that the ZyWALL has scanned (since it last started up). N/A
displays when there is no Turbo Card installed or the service subscription has
expired. Spam Mail
Detected
Web Site Blocked This displays how many web site hits the ZyWALL has blocked since it last started
Top 5 Intrusion & Virus Detections
Rank This is the ranking number of an intrusion or virus. This is an intrusion’s or virus’s
Intrusion Detected This is the name of a signature for which the ZyWALL has detected matching
Virus Detected This is the name of the virus that the ZyWALL has detected. Latest Alerts This table displays the five most recent alerts recorded by the ZyWALL. You can
Date/Time This is the date and time the alert was recorded. Message This is the reason for the alert. System Status Port Statistics Click Port Statistics to see router performa nce statistics such as the number of
DHCP Table Click DHCP Table to show current DHCP client information. VPN Click VPN to display the active VPN connections. Bandwidth Click Bandwidth to view the ZyWALL’s bandwidth usage and allotments.
This displays how many spam e-mails the ZyWALL has detected since it last
started up. It also displays the percentage of spam e-mail out of the total number
of e-mails that the ZyWALL has scanned (since it last started up). N/A displays
when the service subscription has expired.
up. N/A displays when the service subscription has expired.
The following is a list of the five intrusions or viruses that the ZyWALL has most
frequently detected since it last started up.
place in the list of most common intrusions or viruses.
packets. The number in brackets indicates how many times the signature has
been matched.
Click the hyperlink for more detailed information on the intrusion.
see more information in the View Log screen, such as the source and destination
IP addresses and port numbers of the incoming packets.
packets sent and number of packets received for each port.

2.4.4 HOME Screen: Bridge Mode

The following screen displays when the ZyWALL is set to bridge mode. In bridge mode, the ZyWALL functions as a transparent firewall (also known as a bridge firewall). The ZyWALL bridges traffic traveling between the ZyWALL's interfaces and still filters and inspects packets. You do not need to change the configuration of your existing network.
In bridge mode, the ZyWALL cannot get an IP address from a DHCP server. The LAN, WAN, DMZ and WLAN interfaces all have the same (static) IP address and subnet mask. You can configure the ZyWALL's IP address in order to access the ZyWALL for management. If you connect your computer directly to the ZyWALL, you also need to assign your computer a static IP address in the same subnet as the ZyWALL's IP address in order to access the ZyWALL.
74 Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
You can use the firewall and VPN in bridge mode.
Figure 11 Web Configurator HOME Screen in Bridge Mode
The following table describes the labels in this screen.
Table 5 Web Configurator HOME Screen in Bridge Mode
LABEL DESCRIPTION
Automatic Refresh Interval
Refresh Click this button to update the screen’s statistics immediately. System
Information System Name This is the System Name you enter in the MAINTENANCE > General screen. It is
Model This is the model name of your ZyWALL. Bootbase Version This is the bootbase version and the date created. Firmware Version Th is is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's
Up Time This field displays how long the ZyWALL has been running since it last started up.
Select a number of seconds or None from the drop-down list box to update all screen statistics automatically at the end of every time interval or to not update the screen statistics.
for identification purposes. Click the field label to go to the screen where you can specify a name for this ZyWALL.
proprietary Network Operating System design. Click the field label to go to the screen where you can upload a new firmware file.
The ZyWALL starts up when you turn it on, when you restart it (MAINTENANCE > Restart), or when you reset it (see Section 2.3 on page 68).
Chapter 2 Introducing the Web Configurator 75
ZyWALL 5/35/70 Series User’s Guide
Table 5 Web Configurator HOME Screen in Bridge Mode (continued)
LABEL DESCRIPTION
System Time This field displays your ZyWALL’s present date (in yyyy-mm-dd format) and time (in
hh:mm:ss format) along with the difference from the Greenwich Mean Time (GMT) zone. The difference from GMT is based on the time zone. It is also adjusted for Daylight Saving Time if you set the ZyWALL t o use it. Click the field label to go to the screen where you can modify the ZyWALL’s date and time settings.
Device Mode This displays whether the ZyWALL is functioning as a router or a bridge. Click the
Firewall This displays whether or not the ZyWALL’s firewall is activated. Click the field label
System Resources
Flash The first number shows how many megabytes of the flash the ZyWALL is using. Memory The first number shows how many megabytes of the heap memory the ZyWALL is
Sessions The first number shows how many sessions are currently open on the ZyWALL.
CPU This field displays what percentage of the ZyWALL’s processing ability is currently
Network Status IP/Netmask
Address Gateway IP
Address Rapid Spanning
Tree Protocol Bridge Priority This is the bridge priority of the ZyWALL. The bridge (or switch) with the lowest
Bridge Hello Time This is the interval of BPDUs (Bridge Protocol Data Units) from the root bridge. Bridge Max Age This is the predefined interval that a bridge waits to get a Hello message (BPDU)
Forward Delay This is the forward delay interval. Bridge Port This is the port type. Port types are: WAN (or WAN1, WAN2), LAN, Wireless Card,
field label to go to the screen where you can configure the ZyWALL as a router or a bridge.
to go to the screen where you can turn the firewall on or off.
using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT, VPN and the firewall.
The second number shows the ZyWALL's total heap memory (in megabytes). The bar displays what percent of the ZyWALL's heap memory is in use. The bar
turns from green to red when the maximum is being approached.
This includes all sessions that are currently traversing the ZyWALL, terminating at the ZyWALL or initiated from the ZyWALL
The second number is the maximum number of sessions that can be open at one time.
The bar displays what percent of the maximum number of sessions is in use. The bar turns from green to red when the maximum is being approached.
used. When this percentage is close to 100%, the ZyWALL is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications (for example, using bandwidth management.
This is the IP address and subnet mask of your ZyWALL in dotted decimal notation.
This is the gateway IP address.
This shows whether RSTP (Rapid Spanning Tree Protocol) is active or not. The following labels or values relative to RSTP do not apply when RSTP is disabled.
bridge priority value in the network is the root bridge (the base of the spanning tree).
from the root bridge.
DMZ and WLAN Interface.
76 Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
Table 5 Web Configurator HOME Screen in Bridge Mode (continued)
LABEL DESCRIPTION
Port Status For the WAN, LAN, DMZ, and WLAN Interfaces, this displays the port speed and
duplex setting. For the WAN port, it displays Down when the link is not ready or has failed. For the wireless card, it displays the transmission rate when a wireless LAN card is inserted and WLAN is enabled or Down when a wireless LAN is not inserted
or WLAN is disabled. RSTP Status This is the RSTP status of the corresponding port. RSTP Active This shows whether or not RSTP is active on the corresponding port. RSTP Priority This is the RSTP priority of the corresponding port. RSTP Path Cost This is the cost of transmitting a frame from the root bridge to the corresponding
Security Services Turbo Card This field displays whether or not a ZyWALL Turbo Card is installed.
port.
Note: The ZyWALL must have a Turbo Card installed and a valid
service subscription to use the IDP and anti-virus features.
IDP/Anti-Virus Definitions
IDP/Anti-Virus Expiration Date
Anti-Spam Expiration Date
Content Filter Expiration Date
Intrusion Detected
Virus Detected This displays how many virus-infected files the ZyWALL has dete cted since it last
Spam Mail Detected
Web Site Blocked This displays how many web site hits the ZyWALL has blocked since it last started
Top 5 Intrusion & Virus Detections
Rank This is the ranking number of an intrusion or virus. This is an intrusion’s or virus’s
Intrusion Detected
Virus Detected This is the name of the virus that the ZyWALL has detected.
This is the version number of the signatures set that the ZyWALL is using and the
date and time that the set was released. Click the field label to go to the screen
where you can update the signatures. N/A displays when there is no Turbo Card
installed or the service subscription has expired.
This is the date the IDP/anti-virus service subscription expires. Click th e field label
to go to the screen where you can update your service subscription.
This is the date the anti-spam service subscription expires. Click the field label to go
to the screen where you can update your service subscription.
This is the date the category-based content filtering service subscription expires.
Click the field label to go to the screen where you can update your service
subscription.
This displays how many intrusions the ZyWALL has detected since it last started
up. N/A displays when there is no Turbo Card installed or the service subscription
has expired.
started up. It also displays the percentage of virus-infected files out of the total
number of files that the ZyWALL has scanned (since it last started up). N/A displays
when there is no Turbo Card installed or the service subscription has expired.
This displays how many spam e-mails the ZyWALL has detected since it last
started up. It also displays the percentage of spam e-mail out of the total number of
e-mails that the ZyWALL has scanned (since it last started up). N/A displays when
the service subscription has expired.
up. N/A displays when the service subscription has expired.
The following is a list of the five intrusions or viruses that the ZyWALL has most
frequently detected since it last started up.
place in the list of most common intrusions or viruses.
This is the name of a signature for which the ZyWALL has detected matching
packets. The number in brackets indicates how many times the signature has been
matched.
Click the hyperlink for more detailed information on the intrusion.
Chapter 2 Introducing the Web Configurator 77
ZyWALL 5/35/70 Series User’s Guide
Table 5 Web Configurator HOME Screen in Bridge Mode (continued)
LABEL DESCRIPTION
Latest Alerts This table displays the five most recent alerts recorded by the ZyWALL. You can
see more information in the View Log screen, such as the source and destination
IP addresses and port numbers of the incoming packets. Date/Time This is the date and time the alert was recorded. Message This is the reason for the alert. System Status Port Statistics Click Port Statistics to see router performance statistics such as the number of
packets sent and number of packets received for each port. VPN Click VPN to display the active VPN connections. Bandwidth Click Bandwidth to view the ZyWALL’s bandwidth usage and allotments.

2.4.5 Navigation Panel

After you enter the password, use the sub-menus on the navigation panel to configure ZyWALL features.
The following table lists the features available for each device mode. Not all ZyWALLs have all features listed in this table.
Table 6 Bridge and Router Mode Features Comparison
FEATURE BRIDGE MODE ROUTER MODE
Internet Access Wizard O VPN Wizard O O DHCP Table O System Statistics O O Registration O O LAN O WAN O DMZ O Bridge O WLAN O Wireless Card O O Firewall O O IDP O O Anti-Virus O O Anti-Spam O O Content Filter O O VPN O O Certificates O O Authentication Server O O
78 Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
Table 6 Bridge and Router Mode Features Comparison
FEATURE BRIDGE MODE ROUTER MODE
NAT O Static Route O Policy Route O Bandwidth Management O O DNS O Remote Management O O UPnP O ALG O O Logs O O Maintenance O O
Table Key: An O in a mode’s column shows that the device mode has the specified feature. The information in this table was correct at the time of writing, although it may be subject to change.
The following table describes the sub-menus.
Table 7 Screens Summary
LINK TAB FUNCTION
HOME This screen shows the ZyWALL’s general device and network
status information. Use this screen to access the wizards, statistics and DHCP table.
REGISTRATION Registration Use this screen to register your ZyWALL and activate the trial
service subscriptions.
Service Use this to manage and update the service status and license
NETWORK LAN LAN Use this screen to configure LAN DHCP and TCP/IP settings.
Static DHCP Use this screen to assign fixed IP addresses on the LAN. IP Alias Use this screen to partition your LAN interface into subnets. Port Roles
(ZyWALL 5 and ZyWALL
35)
BRIDGE Bridge Use this screen to change the bridge settings on the ZyWALL.
Port Roles Use this screen to change the DMZ/WLAN port roles on the
information.
Use this screen to change the LAN/DMZ/WLAN port roles.
ZyWALL 70 or the LAN/DMZ/WLAN port roles on the ZyWALL 5 or ZyWALL 35.
Chapter 2 Introducing the Web Configurator 79
ZyWALL 5/35/70 Series User’s Guide
Table 7 Screens Summary (continued)
LINK TAB FUNCTION
WAN General This screen allows you to configure load balancing, route priority
Route (ZyWALL 5 only)
WAN (ZyWALL 5 only)
WAN1 (ZyWALL 35 and ZyWALL
70) WAN2
(ZyWALL 35 and ZyWALL
70) Traffic Redirect Use this screen to configure your traffic redirect properties and
Dial Backup Use this screen to configure the backup WAN dial-up connection.
DMZ DMZ Use this screen to configure your DMZ connection.
Static DHCP Use this screen to assign fixed IP addresses on the DMZ. IP Alias Use this screen to partition your DMZ interface into subnets. Port Roles Use this screen to change the DMZ/WLAN port roles on the
WLAN WLAN Use this screen to configure your WLAN connection.
Static DHCP Use this screen to assign fixed IP addresses on the WLAN. IP Alias Use this screen to partition your WLAN interface into subnets. Port Roles Use this screen to change the DMZ/WLAN port roles on the
WIRELESS CARD
SECURITY FIREWALL Default Rule Use this screen to activate/deactivate the firewall and the direction
Wireless Card Use this screen to configure the wireless LAN settings and WLAN
MAC Filter Use this screen to change MAC filter settings on the ZyWALL
Rule Summary This screen shows a summary of the firewall rules, and allows you
Anti-Probing Use this screen to change your anti-probing settings. Threshold Use this screen to configure the threshold for DoS attacks. Service Use this screen to configure custom services.
and traffic redirect properties. This screen allows you to configure route priority.
Use this screen to configure the WAN port for internet access.
Use this screen to configure the WAN1 port for Internet access.
Use this screen to configure the WAN2 port for Internet access.
parameters.
ZyWALL 70 or the LAN/DMZ/WLAN port roles on the ZyWALL 5 or ZyWALL 35.
ZyWALL 70 or the LAN/DMZ/WLAN port roles on the ZyWALL 5 or ZyWALL 35.
authentication/security settings.
of network traffic to which to apply the rule
to edit/add a firewall rule.
80 Chapter 2 Introducing the Web Configurator
ZyWALL 5/35/70 Series User’s Guide
Table 7 Screens Summary (continued)
LINK TAB FUNCTION
IDP General Use this screen to enable IDP on the ZyWALL and choose what
interface(s) you want to protect from intrusions.
Signature Use these screens to view signatures by attack type or search for
signatures by signature name, ID, severity, target operating system, action etc. You can also configure signature actions here.
Update Use this screen to download new signature downloads. It is
Backup & Restore
ANTI-VIRUS General Use this screen to activate AV scanning on the interface(s) and
Signature Use these screens to search for signatures by signature name or
Update Use this screen to view the version number of the current
Backup & Restore
ANTI-SPAM General Use this screen to turn the anti-spam feature on or off and set how
External DB Use this screen to enable or disable the use of the anti-spam
Lists Use this screen to configure the whitelist to identify legitimate e-
CONTENT FILTER
VPN VPN Rules
CERTIFICATES My Certificates Use this screen to view a summary list of certificates and manage
General This screen allows you to enable content filtering and block certain
Categories Use this screen to select which categories of web pages to filter
Customization Use this screen to customize the content filter list. Cache Use this screen to view and configure the ZyWALL’s URL caching.
(IKE) VPN Rules
(Manual) SA Monitor Use this screen to display and manage active VPN connections. Global Setting Use this screen to configure the IPSec timer settings.
Trusted CAs Use this screen to view and manage the list of the trusted CAs. Trusted
Remote Hosts Directory
Servers
important to do this as new intrusions evolve. Use this screen to back up, restore or revert to the default
signatures’ actions.
specify actions when a virus is detected.
attributes and configure how the ZyWALL uses them.
signatures and configure the signature update schedule. Use this screen to back up, restore or revert to the default
signatures’ actions.
the ZyWALL treats spam.
external database.
mail and configure the blacklist to identify spam e-mail.
web features.
out, as well as to register for external database content filtering and view reports.
Use this screen to configure VPN connections using IKE key management and view the rule summary.
Use this screen to configure VPN connections using manual key management and view the rule summary.
certificates and certification requests.
Use this screen to view and manage the certificates belonging to the trusted remote hosts.
Use this screen to view and manage the list of the directory servers.
Chapter 2 Introducing the Web Configurator 81
ZyWALL 5/35/70 Series User’s Guide
Table 7 Screens Summary (continued)
LINK TAB FUNCTION
AUTH SERVER Local User
Database RADIUS Configure this screen to use an external server to authenticate
ADVANCED NAT NAT Overview Use this screen to enable NAT.
Address Mapping
Port Forwarding
Port Triggering Use this screen to change your ZyWALL’s port triggering settings. STATIC ROUTE IP Static Route Use this screen to configure IP static routes. POLICY ROUTE Policy Route
Summary BW MGMT Summary Use this screen to enable bandwidth management on an interface.
Class Setup Use this screen to set up the bandwidth classes.
Monitor Use this screen to view the ZyWALL’s bandwidth usage and
DNS System Use this screen to configure the address and name server records.
Cache Use this screen to configure the DNS resolution cache.
DHCP Use this screen to configure LAN/DMZ/WLAN DNS information .
DDNS Use this screen to set up dynamic DNS. REMOTE MGMT WWW Use this screen to configure through which interface(s) and from
SSH Use this screen to configure through which interface(s) and from
TELNET Use this screen to configure through which interface(s) and from
FTP Use this screen to configure through which interface(s) and from
SNMP Use this screen to configure your ZyWALL’s settings for Simple
DNS Use this screen to configure through which interface(s) and from
CNM Use this screen to configure and allow your ZyWALL to be
UPnP UPnP Use this screen to enable UPnP on the ZyWALL.
Ports Use this screen to view the NAT port mapping rules that UPnP
ALG ALG Use this screen to allow certain applications to pass through the
REPORTS
Use this screen to configure the local user account(s) on the ZyWALL.
wireless and/or VPN users.
Use this screen to configure network address translation mapping rules.
Use this screen to configure servers behind the ZyWALL.
Use this screen to view a summary list of all the policies and configure policies for use in IP policy routing.
allotments.
which IP address(es) users can use HTTPS or HTTP to manage the ZyWALL.
which IP address(es) users can use Secure Shell to manage the ZyWALL.
which IP address(es) users can use Telnet to manage the ZyWALL.
which IP address(es) users can use FTP to access the ZyWALL.
Network Management Protocol management.
which IP address(es) users can send DNS queries to the ZyWALL.
managed by the Vantage CNM server.
creates on the ZyWALL.
ZyWALL.
82 Chapter 2 Introducing the Web Configurator
Table 7 Screens Summary (continued)
LINK TAB FUNCTION
ZyWALL 5/35/70 Series User’s Guide
SYSTEM REPORTS
THREAT REPORTS
LOGS View Log Use this screen to view the logs for the categories that you
MAINTENANCE General This screen contains administrative.
LOGOUT Click this label to exit the web configurator.
Reports Use this screen to have the ZyWALL record and display network
usage reports.
IDP Use this screen to collect and display statistics on the intrusions
that the ZyWALL has detected.
Anti-Virus Use this screen to collect and display statistics on the viruses that
the ZyWALL has detected.
Anti-Spam Use this screen to collect and display statistics on spam mail that
the ZyWALL has detected.
selected.
Log Settings Use this screen to change your ZyWALL’s log settings.
Password Use this screen to change your password.
Time and Date Use this screen to change your ZyWALL’s time and date.
Device Mode Use this screen to configure and have your ZyWALL work as a
F/W Upload Use this screen to upload firmware to your ZyWALL
Backup &
Restore
Restart This screen allows you to reboot the ZyWALL without turning the
router or a bridge.
Use this screen to backup and restore the configuration or reset the factory defaults to your ZyWALL.
power off.

2.4.6 Port Statistics

Click Port Statistics in the HOME screen. Read-only information here includes port status and packet specific statistics. The Poll Interval(s) field is configurable. Not all items described are available on all models.
Figure 12 HOME > Show Statistics
Chapter 2 Introducing the Web Configurator 83
ZyWALL 5/35/70 Series User’s Guide
The following table describes the labels in this screen.
Table 8 HOME > Show Statistics
LABEL DESCRIPTION
Click the icon to display the chart of throughput statistics. Port These are the ZyWALL’s interfaces.
Status For the WAN and dial backup ports, this displays the port speed and duplex setting if
you’re using Ethernet encapsulation and Down (line is down), Idle (line (ppp) idle),
Dial (starting to trigger a call) or Drop (dropping a call) if you’re using PPPoE
encapsulation. Dial backup is not available in bridge mode.
For the LAN, DMZ and WLAN ports, this displays the port speed and duplex setting.
For the WLAN card, this displays the transmission rate when a wireless LAN card is
inserted and WLAN is enabled or Down when a wireless LAN is not inserted or
WLAN is disabled. TxPkts This is the number of transmitted packets on this port. RxPkts This is the number of received packets on this port. Tx B/s This displays the transmission speed in bytes per second on this port. Rx B/s This displays the reception speed in bytes per second on this port. Up Time This is the total amount of time the line has been up. System Up Time This is the total time the ZyWALL has been on. Automatic
Refresh Interval
Refresh Click this button to update the screen’s statistics immediately.
Select a number of seconds or None from the drop-down list box to update all
screen statistics automatically at the end of every time interval or to not update the
screen statistics.

2.4.7 Show Statistics: Line Chart

Click the icon in the Show Statistics screen. This screen shows you a line chart of each port’s throughput statistics.
84 Chapter 2 Introducing the Web Configurator
Figure 13 HOME > Show Statistics > Line Chart
The following table describes the labels in this screen.
Table 9 HOME > Show Statistics > Line Chart
ZyWALL 5/35/70 Series User’s Guide
LABEL DESCRIPTION
Click the icon to go back to the Show Statistics screen.
Port Select the check box(es) to display the throughput statistics of the corresponding
B/s Specify the direction of the traffic for which you want to show throughput statistics in
Throughput Range
port(s).
this table.
Select Tx to display transmitted traffic throughput statistics and the amount of traffic
(in bytes). Select Rx to display received traffic throughput statistics and the amount
of traffic (in bytes).
Set the range of the throughput (in B/s, KB/s or MB/s) to display.
Click Set Range to save this setting back to the ZyWALL.

2.4.8 DHCP Table Screen

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyWALL as a DHCP server or disable it. When configured as a server, the ZyWALL provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Click Show DHCP Table in the HOME screen when the ZyWALL is set to router mode. Read-only information here relates to your DHCP status. The DHCP table shows current DHCP client information (including IP Address, Host Name and MAC Address) of all network clients using the ZyWALL’s DHCP server.
Chapter 2 Introducing the Web Configurator 85
ZyWALL 5/35/70 Series User’s Guide
Figure 14 HOME > DHCP Table
The following table describes the labels in this screen.
Table 10 HOME > DHCP Table
LABEL DESCRIPTION
Interface Select LAN, DMZ or WLAN to show the current DHCP client information for the
specified interface. # This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above. Host Name This field displays the computer host name. MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network)
is unique to your computer (six pairs of hexadecimal notation).
A network interface card such as an Ethernet adapter has a hardwired address that is
assigned at the factory. This address follows an industry standard that ensures no
other adapter has a similar address. Reserve Select the check box in the heading row to automatically select all check boxes or
select the check box(es) in each entry to have the ZyWALL always assign the
selected entry(ies)’s IP address(es) to the corresponding MAC address(es) (and host
name(s)). You can select up to 128 entries in this table. After you click Apply, the
MAC address and IP address also display in the corresponding LAN, DMZ or WLAN
Static DHCP screen (where you can edit them). Refresh Click Refresh to reload the DHCP table.

2.4.9 VPN Status

Click VPN in the HOME screen when the ZyWALL is set to router mode. This screen displays read-only information about the active VPN connections. The Poll Interval(s) field is configurable. A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
86 Chapter 2 Introducing the Web Configurator
Figure 15 HOME > VPN Status
The following table describes the labels in this screen.
ZyWALL 5/35/70 Series User’s Guide
Table 11 HOME > VPN Status
LABEL DESCRIPTION
# This is the security association index number. Name This field displays the identification name for this VPN policy. Local Network This field displays the IP address of the computer using the VPN IPSec feature of
your ZyWALL.
Remote Network This field displays IP address (in a range) of computers on the remote network
behind the remote IPSec router. Encapsulation This field displays Tunnel or Transport mode. IPSec Algorithm This field displays the security protocols used for an SA.
Both AH and ESP increase ZyWALL processing requirements and communications
latency (delay). Automatic
Refresh Interval
Refresh Click this button to update the screen’s statistics immediately.
Select a number of seconds or None from the drop-down list box to update all
screen statistics automatically at the end of every time interval or to not update the
screen statistics.

2.4.10 Bandwidth Monitor

Click Bandwidth in the HOME screen to display the bandwidth monitor. This screen displays the device’s bandwidth usage and allotments.
Chapter 2 Introducing the Web Configurator 87
ZyWALL 5/35/70 Series User’s Guide
Figure 16 Home > Bandwidth Monitor
The following table describes the labels in this screen.
LABEL DESCRIPTION
Interface Select an interface from the drop-down list box to view the bandwidth usage of
its bandwidth classes.
Class This field displays the name of the bandwidth class.
A Default Class automatically displays for all the bandwidth in the Root Class that is not allocated to bandwidth classes. If you do not enable maximize bandwidth usage on an interface, the ZyWALL uses the bandwidth in this default class to send traffic that does not match any of the bandwidth
classes. Budget (kbps) This field displays the amount of bandwidth allocated to the bandwidth class. Current Usage (kbps) This field displays the amount of bandwidth that each bandwidth class is
using. Automatic Refresh
Interval
Refresh Click this button to update the screen’s statistics immediately.
a.If you allocate all the root class’s bandwidth to the bandwidth classes, the default class still displays a budget of 2 kbps (the minimum amount of bandwidth that can be assigned to a bandwidth class).
Select a number of seconds or None from the drop-down list box to update all
screen statistics automatically at the end of every time interval or to not update
the screen statistics.
a
88 Chapter 2 Introducing the Web Configurator
This chapter provides information on the Wizard Setup screens in the web configurator. The Internet access wizard is only applicable when the ZyWALL is in router mode.

3.1 Wizard Setup Overview

The web configurator's setup wizards help you co nfig ure Intern et and VPN co nn ection settings.
ZyWALL 5/35/70 Series User’s Guide
CHAPTER 3

Wizard Setup

In the HOME screen, click the Wizard icon The following summarizes the wizards you can select:
• Internet Access Setup
Click this link to open a wizard to set up an Internet connection for WAN1 on a ZyWALL with multiple WAN ports or the WAN port on a ZyWALL with a single WAN port.
• VPN Setup
Use VPN SETUP to configure a VPN connection that uses a pre-shared key. If you want to set the rule to use a certificate, please go to the VPN screens for configuration. See
Section 3.3 on page 99.
to open the Wizard Setup Welcome screen.
Chapter 3 Wizard Setup 89
ZyWALL 5/35/70 Series User’s Guide
Figure 17 Wizard Setup Welcome

3.2 Internet Access

The Internet access wizard screen has three variations depending on what encapsulation type you use. Refer to information provided by your ISP to know what to enter in each field. Leave a field blank if you don’t have that information.

3.2.1 ISP Parameters

The ZyWALL offers three choices of encapsulation. They are Ethernet, PPTP or PPPoE.
The wizard screen varies according to the type of encapsulation that you select in the Encapsulation field.
3.2.1.1 Ethernet
For ISPs (such as Telstra) that send UDP heartbeat packets to verify that the customer is still online, please create a WAN-to-WAN/ZyWALL firewall rule for those packets. Contact your ISP to find the correct port number.
Choose Ethernet when the WAN port is used as a regular Ethernet.
90 Chapter 3 Wizard Setup
Figure 18 ISP Parameters: Ethernet Encapsulation
ZyWALL 5/35/70 Series User’s Guide
The following table describes the labels in this screen.
Table 12 ISP Parameters: Ethernet Encapsulation
LABEL DESCRIPTION
ISP Parameters for Internet Access
Encapsulation You must choose the Ethernet option when the WAN port is used as a regular
Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection.
WAN IP Address Assignment
IP Address Assignment
My WAN IP Address
My WAN IP Subnet Mask
Gateway IP Address
First DNS Server Second DNS
Server
Select Dynamic If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static If the ISP assigned a fixed IP address. The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the IP subnet mask in this field.
Enter the gateway IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order to access it.
Chapter 3 Wizard Setup 91
ZyWALL 5/35/70 Series User’s Guide
Table 12 ISP Parameters: Ethernet Encapsulation
LABEL DESCRIPTION
Back Click Back to return to the previous wizard screen. Apply Click Apply to save your changes and go to the next screen.
3.2.1.2 PPPoE Encapsulation
Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks.
Figure 19 ISP Parameters: PPPoE Encapsulation
The following table describes the labels in this screen.
Table 13 ISP Parameters: PPPoE Encapsulation
LABEL DESCRIPTION
ISP Parameter for Internet Access
Encapsulation Choose an encapsulation method from the pull-down list box. PPP over Ethernet
92 Chapter 3 Wizard Setup
forms a dial-up connection.
ZyWALL 5/35/70 Series User’s Guide
Table 13 ISP Parameters: PPPoE Encapsulation (continued)
LABEL DESCRIPTION
Service Name Type the name of your service provider. User Name Type the user name given to you by your ISP. Password Type the password associated with the user name above. Retype to Confirm Type your password again for confirmation. Nailed-Up Select Nailed-Up if you do not want the connection to time out. Idle Timeout Type the time in seconds that elapses before the router automatically disconnects
WAN IP Address Assignment
IP Address Assignment
My WAN IP Address
First DNS Server Second DNS
Server
Back Click Back to return to the previous wizard screen. Apply Click Apply to save your changes and go to the next screen.
from the PPPoE server. The default time is 100 seconds.
Select Dynamic If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static If the ISP assigned a fixed IP address. The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order to access it.
3.2.1.3 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/ IP-based networks.
PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet.
Chapter 3 Wizard Setup 93
ZyWALL 5/35/70 Series User’s Guide
Note: The ZyWALL supports one PPTP server connection at any given time.
Figure 20 ISP Parameters: PPTP Encapsulation
The following table describes the labels in this screen.
Table 14 ISP Parameters: PPTP Encapsulation
LABEL DESCRIPTION
ISP Parameters for Internet Access
Encapsulation Select PPTP from the drop-down list box. To configure a PPTP client, you must
configure the User Name and Password fields for a PPP connection and the
PPTP parameters for a PPTP connection. User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above. Retype to Confirm Type your password again for confirmation. Nailed-Up Select Nailed-Up if you do not want the connection to time out. Idle Timeout Type the time in seconds that elapses before the router automatically disconnects
94 Chapter 3 Wizard Setup
from the PPTP server.
ZyWALL 5/35/70 Series User’s Guide
Table 14 ISP Parameters: PPTP Encapsulation
LABEL DESCRIPTION
PPTP Configuration My IP Address Type the (static) IP address assigned to you by your ISP . My IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given). Server IP Address Type the IP address of the PPTP server. Connection ID/
Name
WAN IP Address Assignment
IP Address Assignment
My WAN IP Address
First DNS Server Second DNS
Server
Back Click Back to return to the previous wizard screen. Apply Click Apply to save your changes and go to the next screen.
Enter the connection ID or connection name in this field. It must follow the "c:id"
and "n:name" format. For example, C:12 or N:My ISP.
This field is optional and depends on the requirements of your xDSL modem.
Select Dynamic If your ISP did not assign you a fixed IP address. This is the
default selection.
Select Static If the ISP assigned a fixed IP address.
The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right.
Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do
not configure a DNS server, you must know the IP address of a machine in order
to access it.

3.2.2 Internet Access Wizard: Second Screen

Click Next to go to the screen where you can register your ZyWALL and activate the free content filtering, anti-spam, anti-virus and IDP trial applications. Otherwise, click Skip to display the congratulations screen and click Close to complete the Internet access setup.
Note: Make sure you have installed the ZyWALL Turbo Card before you activate the
IDP and anti-virus subscription services. Turn the ZyWALL off before you install or remove the ZyWALL Turbo Card.
Chapter 3 Wizard Setup 95
ZyWALL 5/35/70 Series User’s Guide
Figure 21 Internet Access Wizard: Second Screen
Figure 22 Internet Access Setup Complete

3.2.3 Internet Access Wizard: Registration

If you clicked Next in the previous screen (see Figure 21 on page 96), the following screen displays.
Use this screen to register the ZyWALL with myZyXEL.com. You must register your ZyWALL before you can activate trial applications of services like content filtering, anti­spam, anti-virus and IDP.
Note: If you want to activate a st andard service with your iCa rd’s PIN numb er (license
key), use the REGISTRATION > Service screen.
96 Chapter 3 Wizard Setup
Figure 23 Internet Access Wizard: Registration
The following table describes the labels in this screen.
Table 15 Internet Access Wizard: Registration
ZyWALL 5/35/70 Series User’s Guide
LABEL DESCRIPTION Device Registration If you sele ct Existing myZyXEL.com account, only the User Name and
Password fields are available.
New myZyXEL.com account
Existing myZyXEL.com account
User Name Enter a user name for your myZyXEL.com account. The name should be
Check Click this button to check with the myZyXEL.com database to verify the user
Password Enter a password of between six and 20 alphanumeric characters (and the
Confirm Password Enter the password again for confirmation. E-Mail Address Enter your e-mail address. You can use up to 80 alphanumeric characters
Country Select your country from the drop-down box list. Back Click Back to return to the previous screen. Next Click Next to continue.
If you haven’t created an account at myZyXEL.com, select this option and configure the following fields to create an account and register your ZyWALL.
If you already have an account at myZyXEL.com, select this option and enter your user name and password in the fields below to register your ZyWALL.
from six to 20 alphanumeric characters (and the underscore). S paces are not allowed.
name you entered has not been used.
underscore). Spaces are not allowed.
(periods and the underscore are also allowed) without spaces.
After you fill in the fields and click Next, the following screen shows indicating the registration is in progress. Wait for the registration progress to finish.
Chapter 3 Wizard Setup 97
ZyWALL 5/35/70 Series User’s Guide
Figure 24 Internet Access Wizard: Registration in Progress
Click Close to leave the wizard screen when the registration and activation are done.
Figure 25 Internet Access Wizard: Status
The following screen appears if the registration was not successful. Click Return to go back to the Device Registration screen and check your settings.
98 Chapter 3 Wizard Setup
ZyWALL 5/35/70 Series User’s Guide
Figure 26 Internet Access Wizard: Registration Failed
If the ZyWALL has been registered, the Device Registration screen is read-only and the Service Activation screen appears indicating what trial applications are activated after you click Next.
Figure 27 Internet Access Wizard: Registered Device
Figure 28 Internet Access Wizard: Activated Services

3.3 VPN Wizard Gateway Setting

Use this screen to name the VPN gateway policy (IKE SA) and identify the IPSec routers at either end of the VPN tunnel.
Chapter 3 Wizard Setup 99
ZyWALL 5/35/70 Series User’s Guide
Click VPN Setup in the Wizard Setup Welcome screen (Figure 17 on page 90) to open the VPN configuration wizard. The first screen displays as shown next.
Figure 29 VPN Wizard: Gateway Setting
The following table describes the labels in this screen.
Table 16 VPN Wizard: Gateway Setting
LABEL DESCRIPTION
Gateway Policy Property
Name Type up to 32 characters to identify this VPN gateway policy. You may use any
character, including spaces, but the ZyWALL drops trailing spaces.
My ZyWALL When the ZyWALL is in router mode, enter the WAN IP address or the domain name
of your ZyWALL or leave the field set to 0.0.0.0. For a ZyWALL with multiple WAN ports, the following applies if the My ZyWALL field
is configured as 0.0.0.0: When the WAN port operation mode is set to Active/Passive, the ZyWALL uses the
IP address (static or dynamic) of the WAN port that is in use. When the WAN port operation mode is set to Active/Active, the ZyWALL uses the IP
address (static or dynamic) of the primary (highest priority) WAN port to set up the VPN tunnel as long as the corresponding WAN1 or WAN2 connection is up. If the corresponding WAN1 or WAN2 connection goes down, the ZyWALL uses the IP address of the other WAN port.
If both WAN connections go down, the ZyWALL uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. See the chapter on WAN for details on dial backup and traffic redirect.
A ZyWALL with a single WAN port uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down, the ZyWALL uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect.
The VPN tunnel has to be rebuilt if this IP address changes. When the ZyWALL is in bridge mode, this field is read-only and displays the
ZyWALL’s IP address.
100 Chapter 3 Wizard Setup
Loading...