ZyXEL 5 Series User Manual

ZyWALL 5/35/70 Series

Internet Security Appliance

User’s Guide

Version 4.01

7/2006

Edition 1

ZyWALL 5/35/70 Series User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

ZyWALL 5/35/70 Series User’s Guide

Federal Communications Commission (FCC) Interference Statement

The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

Certifications

1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver

is connected.

4 Consult the dealer or an experienced radio/TV technician for help.

Notices

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

Viewing Certifications

1 Go to http://www.zyxel.com. 2 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

3 Select the certification you wish to view from this page.

4 Certifications

ZyWALL 5/35/70 Series User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device.

• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.

• If the power adaptor or cord is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.

• CAUTION: RISK OF EXPLOSION IF BATTER Y (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable co llect ion point for the recy cli ng of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

• Fuse Warning! Replace a fuse only with a fuse of the same type and rating.

Safety Warnings 5

ZyWALL 5/35/70 Series User’s Guide

This product is recyclable. Dispose of it properly.

6 Safety Warnings

ZyWALL 5/35/70 Series User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of fai lure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned pro du cts without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Registration

Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.

ZyXEL Limited Warranty 7

ZyWALL 5/35/70 Series User’s Guide

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Customer Support

METHOD

LOCATION

CORPORATE HEADQUARTERS (WORLDWIDE)

COSTA RICA

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

HUNGARY

KAZAKHSTAN

NORTH AMERICA

SUPPORT E-MAIL TELEPHONE WEB SITE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

www.europe.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

ftp.europe.zyxel.com soporte@zyxel.co.cr +506-2017878 www.zyxel.co.cr ZyXEL Costa Rica sales@zyxel.co.cr +506-2015098 ftp.zyxel.co.cr

info@cz.zyxel.com +420-241-091-350 www.zyxel.cz ZyXEL Communications info@cz.zyxel.com +420-241-091-359

support@zyxel.dk +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S sales@zyxel.dk +45-39-55-07-07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy sales@zyxel.fi +358-9-4780 8448

info@zyxel.fr +33-4-72-52-97-97 www.zyxel.fr ZyXEL France

+33-4-72-52-19-20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH. sales@zyxel.de +49-2405-6909-99

support@zyxel.hu +36-1-3361649 www.zyxel.hu ZyXEL Hungary info@zyxel.hu +36-1-3259100

http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan sales@zyxel.kz +7-3272-590-689

support@zyxel.com 1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II

Science Park Hsinchu 300 Taiwan

Plaza Roble Escazú Etapa El Patio, Tercer Piso San José, Costa Rica

Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika

Columbusvej 2860 Soeborg Denmark

Malminkaari 10 00700 Helsinki Finland

1 rue des Vergers Bat. 1 / C 69760 Limonest France

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

48, Zoldlomb Str. H-1025, Budapest Hungary

43, Dostyk ave.,Office 414 Dostyk Business Centre 050010, Almaty Republic of Kazakhstan

1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.

8 Customer Support

ZyWALL 5/35/70 Series User’s Guide

METHOD

LOCATION

NORWAY

POLAND

RUSSIA

SPAIN

SWEDEN

UKRAINE

UNITED KINGDOM

SUPPORT E-MAIL TELEPHONE WEB SITE

SALES E-MAIL FAX FTP SITE

support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S sales@zyxel.no +47-22-80-61-81

info@pl.zyxel.com +48 (22) 333 8250 www.pl.zyxel.com ZyXEL Communications

+48 (22) 333 8251

http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia sales@zyxel.ru +7-095-542-89-25

support@zyxel.es +34-902-195-420 www.zyxel.es ZyXEL Communications sales@zyxel.es +34-913-005-345

support@zyxel.se +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S sales@zyxel.se +46-31-744-7701

support@ua.zyxel.com +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine sales@ua.zyxel.com +380-44-494-49-32

support@zyxel.co.uk +44-1344 303044

08707 555779 (UK only)

sales@zyxel.co.uk +44-1344 303034 ftp.zyxel.co.uk

www.zyxel.co.uk ZyXEL Communications UK

REGULAR MAIL

Nils Hansens vei 13 0667 Oslo Norway

ul. Okrzei 1A 03-715 Warszawa Poland

Ostrovityanova 37a Str. Moscow, 117279 Russia

Arte, 21 5ª planta 28033 Madrid Spain

Sjöporten 4, 41764 Göteborg Sweden

13, Pimonenko Str. Kiev, 04050 Ukraine

Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)

+” is the (prefix) number you enter to make an international telephone call.

Customer Support 9

ZyWALL 5/35/70 Series User’s Guide

10 Customer Support

ZyWALL 5/35/70 Series User’s Guide

Copyright ..................................................................................................................3

Certifications ............................................................................................................4

Safety Warnings.......................................................................................................5

ZyXEL Limited Warranty..........................................................................................7

Customer Support....................................................................................................8

Table of Contents ...................................................................................................11

List of Figures ........................................................................................................31

List of Tables ..........................................................................................................45

Preface ....................................................................................................................53

Chapter 1

Getting to Know Your ZyWALL.............................................................................55

1.1 ZyWALL Internet Security Appliance Overview ............................. ... ... ... ... .... ... ..55

1.2 ZyWALL Features .................................................. ... ... .... ... ... ... .... .....................55

1.2.1 Physical Features ............................................................ .... ... ... ... ............56

1.2.2 Non-Physical Features .............................................................................57

1.3 Applications for the ZyWALL ..................................... ... .... ... ... ............................63

1.3.1 Secure Broadband Internet Access via Cable or DSL Modem .................63

1.3.2 VPN Application ...................................................... ... ... ... .... ... ..................63

1.3.3 Front Panel Lights ............................... .... ... ... ... .........................................64

Chapter 2

Introducing the Web Configurator........................................................................67

2.1 Web Configurator Overview ... ... ... ... .... ... .......................................................... ..67

2.2 Accessing the ZyWALL Web Configurator .........................................................67

2.3 Resetting the ZyWALL .......................................................................................68

2.3.1 Procedure To Use The Reset Button ........................................................68

2.3.2 Uploading a Configuration File Via Console Port .....................................69

2.4 Navigating the ZyWALL Web Configurator ........................................................69

2.4.1 Title Bar ........................... ... ... .... ... .......................................................... ..70

2.4.2 Main Window ................................................................ ... .... ... ..................71

2.4.3 HOME Screen: Router Mode .................................................................71

2.4.4 HOME Screen: Bridge Mode .......................................................... .... ... ..74

Table of Contents 11

ZyWALL 5/35/70 Series User’s Guide

2.4.5 Navigation Panel .......................................................................................78

2.4.6 Port Statistics ...........................................................................................83

2.4.7 Show Statistics: Line Chart............................................... .... ... ... ... ... .... ... ..84

2.4.8 DHCP Table Screen ................................................................................85

2.4.9 VPN Status....................................................... ... .... ... ...............................86

2.4.10 Bandwidth Monitor ..................................................................................87

Chapter 3

Wizard Setup ..........................................................................................................89

3.1 Wizard Setup Overview .....................................................................................89

3.2 Internet Access .................................................................................................90

3.2.1 ISP Parameters ...................................................................................... ..90

3.2.1.1 Ethernet ........... ........................................................... ... ... ... ... .... .....90

3.2.1.2 PPPoE Encapsulation .....................................................................92

3.2.1.3 PPTP Encapsulation ........................................... ... .... ... ... ... ... .... ... ..93

3.2.2 Internet Access Wizard: Second Screen ...................................................95

3.2.3 Internet Access Wizard: Registration.........................................................96

3.3 VPN Wizard Gateway Setting ............................................................................99

3.4 VPN Wizard Network Setting ...........................................................................101

3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) ...............................................103

3.6 VPN Wizard IPSec Setting (IKE Phase 2) .......................................................104

3.7 VPN Wizard Status Summary ................... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ...106

3.8 VPN Wizard Setup Complete ................................. .......................................... 109

Chapter 4

Tutorial ...................................................................................................................111

4.1 Security Settings for VPN Traffic ...................................................................... 111

4.1.1 IDP for From VPN Traffic Example .........................................................111

4.1.2 IDP for To VPN Traffic Example .............................................. ... ... ... .... ...113

4.2 Firewall Rule for VPN Example ................................................. .... ... ... ... ... .... ...114

4.2.1 Configuring the VPN Rule .......................................................................115

4.2.2 Configuring the Firewall Rules ................................................................118

4.2.2.1 Firewall Rule to Allow Access Example ................................. .... ...119

4.2.2.2 Default Firewall Rule to Block Other Access Example .. ... ... ... .... ...121

Chapter 5

Registration ..........................................................................................................123

5.1 myZyXEL.com overview .................. .... ... ... ... .... ... ... ... .......................................123

5.1.1 Subscription Services Available on the ZyWALL ....................................123

5.2 Registration ............ ... ... .......................................................... ... .... ... ... ... ... .......124

5.3 Service ...................................................... ... .... ................................................126

12 Table of Contents

ZyWALL 5/35/70 Series User’s Guide

Chapter 6

LAN Screens.........................................................................................................129

6.1 LAN, WAN and the ZyWALL ............................................................................129

6.2 IP Address and Subnet Mask ...........................................................................129

6.2.1 Private IP Addresses ..............................................................................130

6.3 DHCP .............. ... .......................................................... .... ... ... ... .... ... ................131

6.3.1 IP Pool Setup ..........................................................................................131

6.4 RIP Setup ............................................ ... ... ... .... ... ... ... ... ....................................131

6.5 Multicast .......... .......................................................... ... .... ................................131

6.6 WINS ......................................... ... ... .... ... ... ... .................................................... 132

6.7 LAN ................................................. .... ... ... ... .... ... .............................................132

6.8 LAN Static DHCP ......... ... ... .... ... .......................................................... ... ... .... ...135

6.9 LAN IP Alias ...................................................................................................136

6.10 LAN Port Roles ..............................................................................................139

Chapter 7

Bridge Screens.....................................................................................................141

7.1 Bridge Loop ...................................................................................................... 141

7.2 Spanning Tree Protocol (STP) ............ .............................................................142

7.2.1 Rapid STP .................................... ... ... .... ... .............................................142

7.2.2 STP Terminology .......................... ... ... .... ... ... ... ... .... ................................142

7.2.3 How STP Works .....................................................................................142

7.2.4 STP Port States ......................... ... ... .......................................................143

7.3 Bridge .............................................. .... ... ... ... .... ... .............................................143

7.4 Bridge Port Roles ............................................................................................145

Chapter 8

WAN Screens........................................................................................................147

8.1 WAN Overview .......................................................................................... .... ...147

8.2 Multiple WAN ................................................ .... ... ... ... ... .... ... ... ... .......................147

8.3 Load Balancing Introduction ................... ... ....................................................... 148

8.4 Load Balancing Algorithms ....................... ... .... ... ... ... ... .... ... .............................148

8.4.1 Least Load First ......................................................................................148

8.4.1.1 Example 1 ................................................. .... ... ... ... .... ... ... ... ... .... ...149

8.4.1.2 Example 2 ................................................. .... ... ... ... .... ... ... ... ... .... ...149

8.4.2 Weighted Round Robin ........................... ... ... ... ... .... ... .............................150

8.4.3 Spillover ........................ ... ... ... .......................................................... .... ...150

8.5 TCP/IP Priority (Metric) ....................................................................................151

8.6 WAN General ............ ... ... ... .... ... .......................................................... ... ... .... ...151

8.7 Configuring Load Balancing ......... ... .... ... ... ... .... ... .............................................155

8.7.1 Least Load First ......................................................................................155

8.7.2 Weighted Round Robin ........................... ... ... ... ... .... ... .............................156

8.7.3 Spillover ........................ ... ... ... .......................................................... .... ...157

Table of Contents 13

ZyWALL 5/35/70 Series User’s Guide

8.8 WAN Route .................................................. .... ... ... ... .......................................157

8.9 WAN IP Address Assignment ................................................. ... .... ... ... ... ... .... ...159

8.10 DNS Server Address Assignment ................................................................159

8.11 WAN MAC Address ........................................................................................160

8.12 WAN .............................................................................................................160

8.12.1 WAN Ethernet Encapsulation ...............................................................160

8.12.2 PPPoE Encapsulation ...........................................................................163

8.12.3 PPTP Encapsulation .............................................................................166

8.13 Traffic Redirect ..........................................................................................170

8.14 Configuring Traffic Redirect ............................................................................170

8.15 Configuring Dial Backup .................................................................................171

8.16 Advanced Modem Setup ..............................................................................175

8.16.1 AT Command Strings ............................................................................175

8.16.2 DTR Signal ...........................................................................................175

8.16.3 Response Strings ..................................................................................175

8.17 Configuring Advanced Modem Setup ............................................................175

Chapter 9

DMZ Screens ........................................................................................................179

9.1 DMZ ...............................................................................................................179

9.2 Configuring DMZ ............. ... .... ... ... ... .................................................................179

9.3 DMZ Static DHCP ..........................................................................................182

9.4 DMZ IP Alias ..................................................................................................183

9.5 DMZ Public IP Address Example .....................................................................185

9.6 DMZ Private and Public IP Address Example .................................. ................186

9.7 DMZ Port Roles .......................... ... .... ... ..........................................................187

Chapter 10

Wireless LAN........................................................................................................189

10.1 Wireless LAN Introduction ..............................................................................189

10.1.1 Additional Installation Requirements for Using 802.1x .........................189

10.2 Configuring WLAN .......................................................................................189

10.3 WLAN Static DHCP ......................................................................................192

10.4 WLAN IP Alias ..............................................................................................193

10.5 WLAN Port Roles ..........................................................................................195

10.6 Wireless Security ...........................................................................................197

10.6.1 Encryption .............................................................................................198

10.6.2 Authentication .......................................................................................198

10.6.3 Restricted Access .................................................................................199

10.6.4 Hide ZyWALL Identity ...........................................................................199

10.7 Security Parameters Summary ......................................................................199

10.8 WEP Encryption .............................................................................................199

10.9 802.1x Overview ............................................................................................200

14 Table of Contents

ZyWALL 5/35/70 Series User’s Guide

10.9.1 Introduction to RADIUS ........................................................................200

10.9.1.1 Types of RADIUS Messages .......................................................200

10.9.2 EAP Authentication Overview ............................... ................................ 201

10.10 Dynamic WEP Key Exchange ......................................................................202

10.11 Introduction to WPA ........ .... ... ... ... .... ... ... ... .... ... ... ... .......................................202

10.11.1 User Aut hent ication ................................................ ... ... .... ...................202

10.11.2 Enc ryption ....................................................... .... ... .............................202

10.12 WPA-PSK Application Example ...................................................................203

10.13 Introduction to RADIUS ................................................................................204

10.14 WPA with RADIUS Application Example ......................................................204

10.15 Wireless Client WPA Supplicants .................................................................205

10.16 Wireless Card .............................................................................................205

10.16.1 Static WEP ..........................................................................................207

10.16.2 WPA-PSK ...........................................................................................208

10.16.3 WPA ....................................................................................................210

10.16.4 IEEE 802.1x + Dynamic WEP ............................................................211

10.16.5 IEEE 802.1x + Static WEP ..................................................................212

10.16.6 IEEE 802.1x + No WEP ......................................................................214

10.16.7 No Access 802.1x + Static WEP .........................................................215

10.16.8 No Access 802.1x + No WEP .............................................................216

10.17 MAC Filter ...................................................................................................217

Chapter 11

Firewall..................................................................................................................219

11.1 Firewall Overview ..........................................................................................219

11.2 Packet Direction Matrix ..................................................................................220

11.3 Packet Direction Examples ............................................................................221

11.3.1 To VPN Packet Direction .......................................................................222

11.3.2 From VPN Packet Direction ..................................................................224

11.3.3 From VPN To VPN Packet Direction .................................................. ...225

11.4 Security Considerations .................................................................................226

11.5 Firewall Rules Example ..................................................................................227

11.6 Asymmetrical Routes .....................................................................................229

11.6.1 Asymmetrical Routes and IP Alias ........ ............................................. ...229

11.7 Firewall Default Rule (Router Mode) ..............................................................230

11.8 Firewall Default Rule (Bridge Mode) ............................................................232

11.9 Firewall Rule Summary .................................................................................234

11.9.1 Firewall Edit Rule ....................................................... .... ... ... .............235

11.10 Anti-Probing ..............................................................................................238

11.11 Firewall Thresholds ....................................................................................239

11.11.1 Threshold Values .................................................................................240

11.12 Threshold Screen ............................................... ... ... .... ... ... ... .... ... ... .............240

11.13 Service .............................. .......................................................... ... ... ... .... ...242

Table of Contents 15

ZyWALL 5/35/70 Series User’s Guide

11.13.1 Firew all Edit Custom Service .................................................... ... .... ...244

11.14 My Service Firewall Rule Example ..... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ...245

Chapter 12

Intrusion Detection and Prevention (IDP).......................................................... 251

12.1 Introduction to IDP ....................................................................................251

12.1.1 Firewalls and Intrusions ........................................ ................................251

12.1.2 IDS and IDP .........................................................................................252

12.1.3 Host IDP ..............................................................................................252

12.1.4 Network IDP .........................................................................................252

12.1.5 Example Intrusions ...............................................................................253

12.1.5.1 SQL Slammer Worm ...................................................................253

12.1.5.2 Blaster W32.Worm ......................................................................253

12.1.5.3 Nimda ..........................................................................................253

12.1.5.4 MyDoom ......................................................................................254

12.1.6 ZyWALL IDP .........................................................................................254

Chapter 13

Configuring IDP....................................................................................................255

13.1 Overview ........................................................................................................255

13.1.1 Interfaces ..............................................................................................255

13.2 General Setup ................................................................................................256

13.3 IDP Signatures ...............................................................................................257

13.3.1 Attack Types .........................................................................................257

13.3.2 Intrusion Severity ..................................................................................259

13.3.3 Signature Actions ..................................... ... ... .......................................259

13.3.4 Configuring IDP Signatures ..................................................................260

13.3.5 Query View ...........................................................................................262

13.3.5.1 Query Example 1 ........................................................................265

13.3.5.2 Query Example 2 ........................................................................266

13.4 Update ...........................................................................................................267

13.4.1 mySecurityZone ....................................................................................267

13.4.2 Configuring IDP Update ........................................................................268

13.5 Backup and Restore .......................................................................................269

Chapter 14

Anti-Virus..............................................................................................................271

14.1 Anti-Virus Overview .......................................................................................271

14.1.1 Types of Computer Viruses .......................................................... .... ...271

14.1.2 Computer Virus Infection and Prevention ................................ ... ... .... ...271

14.1.3 Types of Anti-Virus Scanner ................................................................272

14.2 Introduction to the ZyWALL Anti-Virus Scanner .............................................272

14.2.1 How the ZyWALL Anti-Virus Scanner Works .......................................273

16 Table of Contents

ZyWALL 5/35/70 Series User’s Guide

14.2.2 Notes About the ZyWALL Anti-Virus .....................................................273

14.3 General Anti-Virus Setup ...............................................................................274

14.4 Signature Searching .......................................................................................276

14.4.1 Signature Search Example ................................... ... ... ... .... ... ................278

14.5 Signature Update .........................................................................................281

14.5.1 mySecurityZone ....................................................................................281

14.5.2 Configuring Anti-virus Update . ... ... ... .... ... .............................................281

14.6 Backup and Restore ......................................................................................283

Chapter 15

Anti-Spam .............................................................................................................285

15.1 Anti-Spam Overview ....................................................................................285

15.1.1 Anti-Spam External Database ...............................................................285

15.1.1.1 SpamBulk Engine ........................................................... .............286

15.1.1.2 SpamRepute Engine ...................................................................286

15.1.1.3 SpamContent Engine ..................................................................286

15.1.1.4 SpamTricks Engine .....................................................................287

15.1.2 Spam Threshold ................................................................. ......... .......... 287

15.1.3 Phishing ................................................................................................287

15.1.4 Whitelist ................................................................................................288

15.1.5 Blacklist .................................................................................................288

15.1.6 SMTP and POP3 ..................................................................................288

15.1.7 MIME Headers ......................................................................................289

15.2 Anti-Spam General Screen ............................................................................289

15.3 Anti-Spam External DB Screen .................................................................292

15.4 Anti-Spam Lists Screen .................................................................................294

15.5 Anti-Spam Lists Edit Screen .........................................................................296

Chapter 16

Content Filtering Screens ...................................................................................299

16.1 Content Filtering Overview .............................................................................299

16.1.1 Restrict Web Features ..........................................................................299

16.1.2 Create a Filter List ................................................................................299

16.1.3 Customize Web Site Access ................................................................299

16.2 Content Filter General Screen .....................................................................299

16.3 Content Filtering with an External Database ........................ ..........................302

16.4 Content Filter Categories ............................................................................303

16.5 Content Filter Customization .......................................................................310

16.6 Customizing Keyword Blocking URL Checking ................. ................... .......... 312

16.6.1 Domain Name or IP Address URL Checking ................. .......................312

16.6.2 Full Path URL Checking .......................................................................312

16.6.3 File Name URL Checking .....................................................................312

16.7 Content Filtering Cache ...............................................................................313

Table of Contents 17

ZyWALL 5/35/70 Series User’s Guide

Chapter 17

Content Filtering Reports....................................................................................315

17.1 Checking Content Filtering Activation ............................................................315

17.2 Viewing Content Filtering Reports ..................................................................315

17.3 Web Site Submission .....................................................................................320

Chapter 18

IPSec VPN.............................................................................................................323

18.1 IPSec VPN Overview ...................................................................................323

18.1.1 IKE SA Overview ..................................................................................324

18.1.1.1 IP Addresses of the ZyWALL and Remote IPSec Router ...........324

18.2 VPN Rules (IKE) ............................................................................................325

18.3 IKE SA Setup ................................................................................................327

18.3.1 IKE SA Proposal ...................................................................................327

18.3.1.1 Diffie-Hellman (DH) Key Exchange .............................................328

18.3.1.2 Authentication .............................................................................328

18.3.1.3 Extended Authentication .............................................................330

18.3.1.4 Negotiation Mode ........................................................................330

18.3.1.5 VPN, NAT, and NAT Traversal .....................................................331

18.4 Additional IPSec VPN Topics .........................................................................332

18.4.1 SA Life Time .. ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... ....................................332

18.4.2 IPSec High Availability ..........................................................................332

18.4.3 Encryption and Authentication Algorithms .................. ... .... ... ... .............333

18.5 VPN Rules (IKE) Gateway Policy Edit .............. ... ... ... .... ... .............................334

18.6 IPSec SA Overview ....................................................................................340

18.6.0.1 Local Network and Remote Network ...........................................340

18.6.0.2 Active Protocol ............................................................................340

18.6.0.3 Encapsulation ..............................................................................341

18.6.0.4 IPSec SA Proposal and Perfect Forward Secrecy ......................341

18.7 VPN Rules (IKE): Network Policy Edit ..........................................................342

18.8 VPN Rules (IKE): Network Policy Move .......................................................346

18.9 IPSec SA Using Manual Keys ....................................................................348

18.9.1 IPSec SA Proposal Using Manual Keys ...............................................348

18.9.2 Authentication and the Security Parameter Index (SPI) .......................348

18.10 VPN Rules (Manual) ....................................................................................348

18.11 VPN Rules (Manual): Edit .........................................................................350

18.12 VPN SA Monitor .........................................................................................353

18.13 VPN Global Setting .....................................................................................354

18.14 Telecommuter VPN/IPSec Examples ...........................................................355

18.14.1 Telecommuters Sharing One VPN Rule Example ..............................355

18.14.2 Telecommuters Using Unique VPN Rules Example ...........................356

18.15 VPN and Remote Management ...................................................................358

18.16 Hub-and-spoke VPN ....................................................................................358

18 Table of Contents

ZyWALL 5/35/70 Series User’s Guide

18.16.1 Hub-and-spoke VPN Example ............................................................359

18.16.2 Hub-and-spoke Example VPN Rule Addresses .................................360

18.16.3 Hub-and-spoke VPN Requirements and Suggestions ........................361

Chapter 19

Certificates............................................................................................................363

19.1 Certificates Overview .....................................................................................363

19.1.1 Advantages of Certificates ....................................................................364

19.2 Self-signed Certificates ..................................................................................364

19.3 Verifying a Certificate .....................................................................................364

19.3.1 Checking the Fingerprint of a Certificate on Your Computer ................364

19.4 Configuration Summary .................................................................................365

19.5 My Certificates ..............................................................................................366

19.6 My Certificate Details ...................................................................................368

19.7 My Certificate Export ..................................................... ... ... ... .... ... ... ... ..........370

19.7.1 Certificate File Export Formats .............................................................370

19.8 My Certificate Import ....................................................................................371

19.8.1 Certificate File Formats .........................................................................372

19.9 My Certificate Create ...................................................................................374

19.10 Trusted CAs ...............................................................................................376

19.1 1 Trusted CA Details ......................................................................................378

19.12 Trusted CA Import ......................................................................................381

19.13 Trusted Remote Hosts ...............................................................................382

19.14 Trusted Remote Hosts Import ....................................................................384

19.15 Trusted Remote Host Certificate Details ....................................................385

19.16 Directory Servers ........................... ... ... ... .... ... ... ... ... .... ................................388

19.17 Directory Server Add or Edit ......................................................................389

Chapter 20

Authentication Server..........................................................................................391

20.1 Authentication Server Overview .....................................................................391

20.1.1 Local User Database ......................................................................... ...391

20.1.2 RADIUS ................................................................................................391

20.2 Local User Database ............................. ... .... ... .............................................391

20.3 RADIUS ........................................................................................................393

Chapter 21

Network Address Translation (NAT)...................................................................395

21.1 NAT Overview ..............................................................................................395

21.1.1 NAT Definitions .....................................................................................395

21.1.2 What NAT Does ....................................................................................396

21.1.3 How NAT Works ...................................................................................396

21.1.4 NAT Application ....................................................................................397

Table of Contents 19

ZyWALL 5/35/70 Series User’s Guide

21.1.5 Port Restricted Cone NAT ....................................................................398

21.1.6 NAT Mapping Types .............................................................................398

21.2 Using NAT ......................................................................................................399

21.2.1 SUA (Single User Account) Versus NAT ..............................................399

21.3 NAT Overview Screen ....................................................................................400

21.4 NAT Address Mapping .................................................................................401

21.4.1 NAT Address Mapping Edit ..................................................................403

21.5 Port Forwarding .............................................................................................404

21.5.1 Default Server IP Address ....................................................................405

21.5.2 Port Forwarding: Services and Port Numbers ......................................405

21.5.3 Configuring Servers Behind Port Forwarding (Example) ......................405

21.5.4 NAT and Multiple WAN .........................................................................406

21.5.5 Port Translation ....................................................................................406

21.6 Port Forwarding Screen .................................................................................407

21.7 Port Triggering ..............................................................................................409

Chapter 22

Static Route ..........................................................................................................413

22.1 IP Static Route ............................................................................................413

22.2 IP Static Route ...............................................................................................413

22.2.1 IP Static Route Edit ..............................................................................415

Chapter 23

Policy Route .........................................................................................................417

23.1 Policy Route ..................................................................................................417

23.2 Benefits ..........................................................................................................417

23.3 Routing Policy ................................................................................................417

23.4 IP Routing Policy Setup .................................................................................418

23.5 Policy Route Edit ...........................................................................................419

Chapter 24

Bandwidth Management......................................................................................423

24.1 Bandwidth Management Overview ...............................................................423

24.2 Bandwidth Classes and Filters .......................................................................423

24.3 Proportional Bandwidth Allocation .................................................................424

24.4 Application-based Bandwidth Management ...................................................424

24.5 Subnet-based Bandwidth Management ............ ... ... ... .... ... ... ..........................424

24.6 Application and Subnet-based Bandwidth Management ...............................425

24.7 Scheduler .......................................................................................................425

24.7.1 Priority-based Scheduler ......................................................................425

24.7.2 Fairness-based Scheduler ....................................................................425

24.7.3 Maximize Bandwidth Usage .................................... .............................425

24.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic ..................... ...426

20 Table of Contents

ZyWALL 5/35/70 Series User’s Guide

24.7.5 Maximize Bandwidth Usage Example ..................................................426

24.7.5.1 Priority-based Allotment of Unused and Unbudgeted Bandwidth 427

24.7.5.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth ... 427

24.8 Bandwidth Borrowing .....................................................................................428

24.8.1 Bandwidth Borrowing Example .............................................................428

24.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................429

24.10 Over Allotment of Bandwidth .............................. ....................... ................... 429

24.11 Configuring Summary ...................................... ... ... ... .... ... ... ... .... ... ... ... ... .... ...430

24.12 Configuring Class Setup ............................................................................431

24.12.1 Bandwidth Manager Class Configuration ..........................................433

24.12.2 Bandwidth Management Statistics ...................................................436

24.13 Bandwidth Manager Monitor ......................................................................437

Chapter 25

DNS........................................................................................................................439

25.1 DNS Overview ..............................................................................................439

25.2 DNS Server Address Assignment ..................................................................439

25.3 DNS Servers ..................................................................................................439

25.4 Address Record .............................................................................................440

25.4.1 DNS Wildcard .......................................................................................440

25.5 Name Server Record .....................................................................................440

25.5.1 Private DNS Server ..............................................................................440

25.6 System Screen ...............................................................................................441

25.6.1 Adding an Address Record ..................................................................442

25.6.2 Inserting a Name Server Record .........................................................443

25.7 DNS Cache ..................................................................................................445

25.8 Configure DNS Cache .................................... ................... ................... ..........445

25.9 Configuring DNS DHCP ...............................................................................446

25.10 Dynamic DNS .............................................................................................448

25.10.1 DYNDNS Wildcard ..............................................................................448

25.10.2 High Availability ..................................................................................448

25.11 Configuring Dynamic DNS ........................... ... .............................................448

Chapter 26

Remote Management...........................................................................................451

26.1 Remote Management Overview .....................................................................451

26.1.1 Remote Management Limitations .........................................................451

26.1.2 System Timeout ....................................................................................452

26.2 WWW (HTTP and HTTPS) ...........................................................................452

26.3 WWW .............................................................................................................453

26.4 HTTPS Example ............................................................................................455

26.4.1 Internet Explorer Warning Messages ...................................................455

Table of Contents 21

ZyWALL 5/35/70 Series User’s Guide

26.4.2 Netscape Navigator Warning Messages ...............................................456

26.4.3 Avoiding the Browser Warning Messages ............................................457

26.4.4 Login Screen .........................................................................................457

26.5 SSH .............................................................................................................459

26.6 How SSH Works ............................................................................................460

26.7 SSH Implementation on the ZyWALL .............................................................461

26.7.1 Requirements for Using SSH ................................................................461

26.8 Configuring SSH ............................................................................................461

26.9 Secure Telnet Using SSH Examples ..............................................................462

26.9.1 Example 1: Microsoft Windows .............................................................462

26.9.2 Example 2: Linux ..................................................................................463

26.10 Secure FTP Using SSH Example ................................................................464

26.11 Telnet ................ ... ... .......................................................... ... .... ... ... ... ..........465

26.12 Configuring TELNET ....................................................................................465

26.13 FTP ............................................................................................................466

26.14 SNMP .........................................................................................................467

26.14.1 Supported MIBs .................................................................................469

26.14.2 SNMP Traps .......................................................................................469

26.14.3 REMOTE MANAGEMENT: SNMP ......................................................469

26.15 DNS ............................................................................................................471

26.16 Introducing Vantage CNM ...........................................................................471

26.17 Configuring CNM ..........................................................................................472

Chapter 27

UPnP......................................................................................................................475

27.1 Universal Plug and Play Overview ...............................................................475

27.1.1 How Do I Know If I'm Using UPnP? ...................................... ................475

27.1.2 NAT Traversal .......................................................................................475

27.1.3 Cautions with UPnP ..............................................................................475

27.1.4 UPnP and ZyXEL ..................................................................................476

27.2 Configuring UPnP ..........................................................................................476

27.3 Displaying UPnP Port Mapping ...................................................................477

27.4 Installing UPnP in Windows Example ............................................................478

27.4.1 Installing UPnP in Windows Me ............................................................479

27.4.2 Installing UPnP in Windows XP ............................................................480

27.5 Using UPnP in Windows XP Example ...........................................................480

27.5.1 Auto-discover Your UPnP-enabled Network Device .............................481

27.5.2 Web Configurator Easy Access ..................... ... .... ... ... ... .... ... ... ... ... .......482

Chapter 28

ALG Screen...........................................................................................................485

28.1 ALG Introduction ...........................................................................................485

28.1.1 ALG and NAT ........................................................................................485

22 Table of Contents

ZyWALL 5/35/70 Series User’s Guide

28.1.2 ALG and the Firewall ............................................................................485

28.1.3 ALG and Multiple WAN .........................................................................485

28.2 FTP ................................................................................................................486

28.3 H.323 ..............................................................................................................486

28.4 RTP ................................................................................................................486

28.4.1 H.323 ALG Details ................................................................................486

28.5 SIP .................................................................................................................488

28.5.1 STUN ....................................................................................................488

28.5.2 SIP ALG Details ....................................................................................488

28.5.3 SIP Signaling Session Timeout ............................................................489

28.5.4 SIP Audio Session Timeout ..................................................................489

28.6 ALG Screen ....................................................................................................489

Chapter 29

Reports..................................................................................................................491

29.1 Configuring Reports .......................................................................................491

29.2 System Reports Screen ................................................................................491

29.2.1 Viewing Web Site Hits .............................................................. ... ... .... ...493

29.2.2 Viewing Host IP Address ......................................................................494

29.2.3 Viewing Protocol/Port ...........................................................................495

29.2.4 System Reports Specifications .............................................................496

29.3 IDP Threat Reports Screen ..........................................................................496

29.4 Anti-Virus Threat Reports Screen ...............................................................498

29.5 Anti-Spam Threat Reports Screen ................................................................500

Chapter 30

Logs Screens........................................................................................................503

30.1 Configuring View Log ....................................................................................503

30.2 Log Description Example ...............................................................................504

30.2.1 About the Certificate Not Trusted Log ..................................................505

30.3 Configuring Log Settings ...............................................................................506

30.3.1 Log Descriptions ...................................................................................509

30.4 Syslog Logs ....................................................................................................529

Chapter 31

Maintenance .........................................................................................................531

31.1 Maintenance Overview ...................................................................................531

31.2 General Setup and System Name ............. .... ... ... ... ... .... ... ... ... .......................531

31.2.1 General Setup .......................................................................................531

31.3 Configuring Password ...................................................................................532

31.4 Time and Date ...............................................................................................533

31.5 Pre-defined NTP Time Server Pools ..............................................................536

31.5.1 Resetting the Time ................................................................................536

Table of Contents 23

ZyWALL 5/35/70 Series User’s Guide

31.5.2 Time Server Synchronization ................................................................536

31.6 Introduction To Transparent Bridging .............................................................537

31.7 Transparent Firewalls .....................................................................................538

31.8 Configuring Device Mode (Router) ................................................................539

31.9 Configuring Device Mode (Bridge) ................................................................540

31.10 F/W Upload Screen ........................................................ ... ... .... ... ... ... ... .... ...542

31.11 Backup and Restore ............. ... ............................................................. .... ...544

31.11.1 Bac kup Configuration ................................................... .......................544

31.11.2 Res tore Configuration ......................................................... ... ... ... .... ...545

31.11.3 Back to Factory Defaults ....................................................................546

31.12 Restart Screen ............................................................................................546

Chapter 32

Introducing the SMT ............................................................................................549

32.1 Introduction to the SMT ..................................................................................549

32.2 Accessing the SMT via the Console Port .................................... ...................549

32.2.1 Initial Screen .........................................................................................549

32.2.2 Entering the Password ................................... ....... ...... ....... ...... ...... .......550

32.3 Navigating the SMT Interface .........................................................................550

32.3.1 Main Menu ............................................................................................551

32.3.2 SMT Menus Overview ..........................................................................553

32.4 Changing the System Password ....................................................................555

32.5 Resetting the ZyWALL ...................................................................................556

Chapter 33

SMT Menu 1 - General Setup...............................................................................557

33.1 Introduction to General Setup ........................................................................557

33.2 Configuring General Setup ................................ ................ ................ ............. 557

33.2.1 Configuring Dynamic DNS ....................................................................559

33.2.1.1 Editing DDNS Host ......................... ...................... ....................... 559

Chapter 34

WAN and Dial Backup Setup...............................................................................563

34.1 Introduction to WAN and Dial Backup Setup ..................................................563

34.2 WAN Setup .....................................................................................................563

34.3 Dial Backup ....................................................................................................564

34.4 Configuring Dial Backup in Menu 2 ................................................................564

34.5 Advanced WAN Setup ....................................................................................565

34.6 Remote Node Profile (Backup ISP) ............ .... ... .............................................567

34.7 Editing PPP Options .......................................................................................569

34.8 Editing TCP/IP Options ..................................................................................570

34.9 Editing Login Script ........................................................................................572

34.10 Remote Node Filter ......................................................................................574

24 Table of Contents

ZyWALL 5/35/70 Series User’s Guide

Chapter 35

LAN Setup.............................................................................................................575

35.1 Introduction to LAN Setup ..............................................................................575

35.2 Accessing the LAN Menus ................... ..........................................................575

35.3 LAN Port Filter Setup .....................................................................................575

35.4 TCP/IP and DHCP Ethernet Setup Menu ......................................................576

35.4.1 IP Alias Setup .......................................................................................579

Chapter 36

Internet Access ....................................................................................................581

36.1 Introduction to Internet Access Setup ............................................................581

36.2 Ethernet Encapsulation ..................................................................................581

36.3 Configuring the PPTP Client ..........................................................................583

36.4 Configuring the PPPoE Client ........................................................................583

36.5 Basic Setup Complete ....................................................................................584

Chapter 37

DMZ Setup ............................................................................................................585

37.1 Configuring DMZ Setup ..................................................................................585

37.2 DMZ Port Filter Setup ....................................................................................585

37.3 TCP/IP Setup .................................................................................................585

37.3.1 IP Address ............................................................................................586

37.3.2 IP Alias Setup .......................................................................................587

Chapter 38

Route Setup..........................................................................................................589

38.1 Configuring Route Setup ................................... ............................................. 589

38.2 Route Assessment .........................................................................................589

38.3 Traffic Redirect ...............................................................................................590

38.4 Route Failover ................................................................................................591

Chapter 39

Wireless Setup .....................................................................................................593

39.1 Wireless LAN Setup .......................................................................................593

39.1.1 MAC Address Filter Setup ....................................................................595

39.2 TCP/IP Setup .................................................................................................596

39.2.1 IP Address ............................................................................................596

39.2.2 IP Alias Setup .......................................................................................597

Chapter 40

Remote Node Setup.............................................................................................599

40.1 Introduction to Remote Node Setup ...............................................................599

40.2 Remote Node Setup .......................................................................................599

Table of Contents 25

ZyWALL 5/35/70 Series User’s Guide

40.3 Remote Node Profile Setup .............. ... ... ... .... ................................................600

40.3.1 Ethernet Encapsulation ............................................ ............. ............. ...600

40.3.2 PPPoE Encapsulation ...........................................................................602

40.3.2.1 Outgoing Authentication Protocol ................................................602

40.3.2.2 Nailed-Up Connection .................................................................602

40.3.2.3 Metric ..........................................................................................603

40.3.3 PPTP Encapsulation .............................................................................603

40.4 Edit IP .............................................................................................................604

40.5 Remote Node Filter ........................................................................................606

40.6 Traffic Redirect ...............................................................................................607

Chapter 41

IP Static Route Setup...........................................................................................609

41.1 IP Static Route Setup .....................................................................................609

Chapter 42

Network Address Translation (NAT)...................................................................611

42.1 Using NAT ......................................................................................................611

42.1.1 SUA (Single User Account) Versus NAT ..............................................611

42.1.2 Applying NAT ........................................................................................611

42.2 NAT Setup ......................................................................................................613

42.2.1 Address Mapping Sets ..........................................................................614

42.2.1.1 SUA Address Mapping Set ..... .... ... ... ..........................................614

42.2.1.2 User-Defined Address Mapping Sets ..........................................615

42.2.1.3 Ordering Your Rules ....................................................................616

42.3 Configuring a Server behind NAT ..................................................................618

42.4 General NAT Examples ..................................................................................621

42.4.1 Internet Access Only .............................................................................621

42.4.2 Example 2: Internet Access with a Default Server ............. ... ... ... ... .... ...623

42.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............623

42.4.4 Example 4: NAT Unfriendly Application Programs ...............................627

42.5 Trigger Port Forwarding .................................................................................628

42.5.1 Two Point s To Remember About Trigger Ports .................. ... ... ... ... .... ...628

Chapter 43

Introducing the ZyWALL Firewall .......................................................................631

43.1 Using ZyWALL SMT Menus .............................................. .............................631

43.1.1 Activating the Firewall ................................. ....................................... ...631

Chapter 44

Filter Configuration..............................................................................................633

44.1 Introduction to Filters ......................................................................................633

44.1.1 The Filter Structure of the ZyWALL ......................................................634

26 Table of Contents

ZyWALL 5/35/70 Series User’s Guide

44.2 Configuring a Filter Set ..................................................................................636

44.2.1 Configuring a Filter Rule ................................ ... .... ... ... ... .......................637

44.2.2 Configuring a TCP/IP Filter Rule ..........................................................638

44.2.3 Configuring a Generic Filter Rule ............................................ ... ... .......640

44.3 Example Filter ................................................................................................642

44.4 Filter Types and NAT .................. ... .... .............................................................644

44.5 Firewall Versus Filters ....................................................................................644

44.5.1 Packet Filtering: ....................................................................................645

44.5.1.1 When To Use Filtering .................................................................645

44.5.2 Firewall .................................................................................................645

44.5.2.1 When To Use The Firewall ..........................................................645

44.6 Applying a Filter ............................................................................................646

44.6.1 Applying LAN Filters .............................................................................646

44.6.2 Applying DMZ Filters ............................................................................646

44.6.3 Applying Remote Node Filters ..............................................................647

Chapter 45

SNMP Configuration ............................................................................................649

45.1 SNMP Configuration ......................................................................................649

45.2 SNMP Traps ...................................................................................................650

Chapter 46

System Information & Diagnosis........................................................................651

46.1 Introduction to System Status ........................................................................651

46.2 System Status ................................................................................................651

46.3 System Information and Console Port Speed ................................................653

46.3.1 System Information ............................... ................................... .............653

46.3.2 Console Port Speed ..............................................................................654

46.4 Log and Trace ............... ... .... ... ... ... .... ... ..........................................................655

46.4.1 Viewing Error Log .................................................................................655

46.4.2 Syslog Logging .....................................................................................656

46.4.3 Call-Triggering Packet ..........................................................................659

46.5 Diagnostic ......................................................................................................659

46.5.1 WAN DHCP ..........................................................................................660

Chapter 47

Firmware and Configuration File Maintenance.................................................663

47.1 Introduction ....................................................................................................663

47.2 Filename Conventions ...................................................................................663

47.3 Backup Configuration .....................................................................................664

47.3.1 Backup Configuration ...........................................................................664

47.3.2 Using the FTP Command from the Command Line ..............................665

47.3.3 Example of FTP Commands from the Command Line .........................666

Table of Contents 27

ZyWALL 5/35/70 Series User’s Guide

47.3.4 GUI-based FTP Clients .........................................................................666

47.3.5 File Maintenance Over WAN ................................................................666

47.3.6 Backup Configuration Using TFTP .......................................................667

47.3.7 TFTP Command Example ....................................................................667

47.3.8 GUI-based TFTP Clients ......................................................................668

47.3.9 Backup Via Console Port ......................................................................668

47.4 Restore Configuration ....................................................................................669

47.4.1 Restore Using FTP ...............................................................................669

47.4.2 Restore Using FTP Session Example ..................................................671

47.4.3 Restore Via Console Port .....................................................................671

47.5 Uploading Firmware and Configuration Files .................................................672

47.5.1 Firmware File Upload ............................ ...... ... ....... ...... ....... ...... ...... .......672

47.5.2 Configuration File Upload .....................................................................673

47.5.3 FTP File Upload Command from the DOS Prompt Example ................674

47.5.4 FTP Session Example of Firmware File Upload ................... ... ... ... .... ...674

47.5.5 TFTP File Upload ..................................................................................674

47.5.6 TFTP Upload Command Example ........................................................675

47.5.7 Uploading Via Console Port ..................................................................675

47.5.8 Uploading Firmware File Via Console Port ...........................................675

47.5.9 Example Xmodem Firmware Upload Using HyperTerminal ............... ...676

47.5.10 Uploading Configuration File Via Console Port ..................................676

47.5.11 Example Xmodem Configuration Upload Using HyperTerminal .........677

Chapter 48

System Maintenance Menus 8 to 10...................................................................679

48.1 Command Interpreter Mode ...........................................................................679

48.1.1 Command Syntax .................................................................................679

48.1.2 Command Usage ..................................................................................680

48.2 Call Control Support ................................................... .... ... ... ... .... ... ... ... ... .... ...681

48.2.1 Budget Management ............................................................................681

48.2.2 Call History ...........................................................................................682

48.3 Time and Date Setting ....................................................................................683

Chapter 49

Remote Management...........................................................................................687

49.1 Remote Management .....................................................................................687

49.1.1 Remote Management Limitations .........................................................689

Chapter 50

IP Policy Routing..................................................................................................691

50.1 IP Routing Policy Summary ...........................................................................691

50.2 IP Routing Policy Setup .................................................................................692

50.2.1 Applying Policy to Packets ....................................................................694

28 Table of Contents

ZyWALL 5/35/70 Series User’s Guide

50.3 IP Policy Routing Example .............................................................................695

Chapter 51

Call Scheduling ....................................................................................................699

51.1 Introduction to Call Scheduling ......................................................................699

Chapter 52

Troubleshooting ...................................................................................................703

52.1 Problems Starting Up the ZyWALL .................................................................703

52.2 Problems with the LAN Interface .......................... ................... .................... ...703

52.3 Problems with the DMZ Interface ................... ................................................ 704

52.4 Problems with the WAN Interface ..................................................................704

52.5 Problems Accessing the ZyWALL ..................................................................705

52.5.1 Pop-up Windows, JavaScripts and Java Permissions ..........................705

52.5.1.1 Internet Explorer Pop-up Blockers ..............................................706

52.5.1.2 JavaScripts ..................................................................................709

52.5.1.3 Java Permissions ........................................................................ 711

52.6 Packet Flow ....................................................................................................713

Appendix A

Product Specifications ........................................................................................715

Appendix B

Hardware Installation...........................................................................................723

Appendix C

Removing and Installing a Fuse ........................................................................727

Appendix D

Setting up Your Computer’s IP Address............................................................729

Appendix E

IP Addresses and Subnetting.............................................................................745

Appendix F

Common Services...............................................................................................753

Appendix G

Wireless LANs......................................................................................................757

Appendix H

Windows 98 SE/Me Requirements for Anti-Virus Message Display................771

Appendix I

VPN Setup.............................................................................................................775

Appendix J

Table of Contents 29

ZyWALL 5/35/70 Series User’s Guide

Importing Certificates..........................................................................................787

Appendix K

Command Interpreter...........................................................................................799

Appendix L

Firewall Commands .............................................................................................807

Appendix M

NetBIOS Filter Commands ..................................................................................813

Appendix N

Certificates Commands.......................................................................................817

Appendix O

Brute-Force Password Guessing Protection.....................................................821

Appendix P

Boot Commands ..................................................................................................823

Index...................................................................................................................... 825

30 Table of Contents

+ 805 hidden pages