Internet Security Appliance
User’s Guide
Version 4.01
7/2006
Edition 1
ZyWALL 5/35/70 Series User’s Guide
Copyright © 2006 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Copyright |
3 |
ZyWALL 5/35/70 Series User’s Guide
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
•This device may not cause harmful interference.
•This device must accept any interference received, including interference that may cause undesired operations.
This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
1Reorient or relocate the receiving antenna.
2Increase the separation between the equipment and the receiver.
3Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
4Consult the dealer or an experienced radio/TV technician for help.
Notices
Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Viewing Certifications
1Go to http://www.zyxel.com.
2Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.
3Select the certification you wish to view from this page.
4 |
Certifications |
ZyWALL 5/35/70 Series User’s Guide
For your safety, be sure to read and follow all warning notices and instructions.
•Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
•Do NOT expose your device to dampness, dust or corrosive liquids.
•Do NOT store things on the device.
•Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
•Connect ONLY suitable accessories to the device.
•Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
•Make sure to connect the cables to the correct ports.
•Place connecting cables carefully so that no one will step on them or stumble over them.
•Always disconnect all cables from this device before servicing or disassembling.
•Use ONLY an appropriate power adaptor or cord for your device.
•Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
•Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
•Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
•If the power adaptor or cord is damaged, remove it from the power outlet.
•Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
•Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
•CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.
•Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
•Fuse Warning! Replace a fuse only with a fuse of the same type and rating.
Safety Warnings |
5 |
ZyWALL 5/35/70 Series User’s Guide
This product is recyclable. Dispose of it properly.
6 |
Safety Warnings |
ZyWALL 5/35/70 Series User’s Guide
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
ZyXEL Limited Warranty |
7 |
ZyWALL 5/35/70 Series User’s Guide
Please have the following information ready when you contact customer support.
•Product model and serial number.
•Warranty Information.
•Date that you received your device.
•Brief description of the problem and the steps you took to solve it.
METHOD |
SUPPORT E-MAIL |
TELEPHONE |
WEB SITE |
REGULAR MAIL |
|
|
|
|
|
||
LOCATION |
SALES E-MAIL |
FAX |
FTP SITE |
||
|
|||||
|
|
|
|
|
|
CORPORATE |
support@zyxel.com.tw |
+886-3-578-3942 |
www.zyxel.com |
ZyXEL Communications Corp. |
|
|
|
www.europe.zyxel.com |
6 Innovation Road II |
||
HEADQUARTERS |
|
|
|
Science Park |
|
sales@zyxel.com.tw |
+886-3-578-2439 |
ftp.zyxel.com |
|||
(WORLDWIDE) |
Hsinchu 300 |
||||
|
|
|
ftp.europe.zyxel.com |
Taiwan |
|
|
soporte@zyxel.co.cr |
+506-2017878 |
www.zyxel.co.cr |
ZyXEL Costa Rica |
|
COSTA RICA |
|
|
|
Plaza Roble Escazú |
|
sales@zyxel.co.cr |
+506-2015098 |
ftp.zyxel.co.cr |
|||
Etapa El Patio, Tercer Piso |
|||||
|
|
|
|
San José, Costa Rica |
|
|
info@cz.zyxel.com |
+420-241-091-350 |
www.zyxel.cz |
ZyXEL Communications |
|
|
|
|
|
Czech s.r.o. |
|
CZECH REPUBLIC |
info@cz.zyxel.com |
+420-241-091-359 |
|
||
|
Modranská 621 |
||||
|
|
|
|
143 01 Praha 4 - Modrany |
|
|
|
|
|
Ceská Republika |
|
|
support@zyxel.dk |
+45-39-55-07-00 |
www.zyxel.dk |
ZyXEL Communications A/S |
|
DENMARK |
|
|
|
Columbusvej |
|
sales@zyxel.dk |
+45-39-55-07-07 |
|
|||
|
2860 Soeborg |
||||
|
|
|
|
Denmark |
|
|
support@zyxel.fi |
+358-9-4780-8411 |
www.zyxel.fi |
ZyXEL Communications Oy |
|
FINLAND |
|
|
|
Malminkaari 10 |
|
sales@zyxel.fi |
+358-9-4780 8448 |
|
|||
|
00700 Helsinki |
||||
|
|
|
|
Finland |
|
|
info@zyxel.fr |
+33-4-72-52-97-97 |
www.zyxel.fr |
ZyXEL France |
|
|
|
|
|
1 rue des Vergers |
|
FRANCE |
|
+33-4-72-52-19-20 |
|
||
|
|
Bat. 1 / C |
|||
|
|
|
|
69760 Limonest |
|
|
|
|
|
France |
|
|
support@zyxel.de |
+49-2405-6909-0 |
www.zyxel.de |
ZyXEL Deutschland GmbH. |
|
GERMANY |
|
|
|
Adenauerstr. 20/A2 D-52146 |
|
sales@zyxel.de |
+49-2405-6909-99 |
|
|||
|
Wuerselen |
||||
|
|
|
|
Germany |
|
|
support@zyxel.hu |
+36-1-3361649 |
www.zyxel.hu |
ZyXEL Hungary |
|
HUNGARY |
|
|
|
48, Zoldlomb Str. |
|
info@zyxel.hu |
+36-1-3259100 |
|
|||
|
H-1025, Budapest |
||||
|
|
|
|
Hungary |
|
|
http://zyxel.kz/support |
+7-3272-590-698 |
www.zyxel.kz |
ZyXEL Kazakhstan |
|
|
|
|
|
43, Dostyk ave.,Office 414 |
|
KAZAKHSTAN |
sales@zyxel.kz |
+7-3272-590-689 |
|
||
|
Dostyk Business Centre |
||||
|
|
|
|
050010, Almaty |
|
|
|
|
|
Republic of Kazakhstan |
|
|
support@zyxel.com |
1-800-255-4101 |
www.us.zyxel.com |
ZyXEL Communications Inc. |
|
|
|
+1-714-632-0882 |
|
1130 N. Miller St. |
|
NORTH AMERICA |
|
|
|
Anaheim |
|
|
sales@zyxel.com |
+1-714-632-0858 |
ftp.us.zyxel.com |
CA 92806-2001 |
|
|
|
|
|
U.S.A. |
8 |
Customer Support |
ZyWALL 5/35/70 Series User’s Guide
METHOD |
SUPPORT E-MAIL |
TELEPHONE |
WEB SITE |
REGULAR MAIL |
|
|
|
|
|
||
LOCATION |
SALES E-MAIL |
FAX |
FTP SITE |
||
|
|||||
|
|
|
|
|
|
|
support@zyxel.no |
+47-22-80-61-80 |
www.zyxel.no |
ZyXEL Communications A/S |
|
NORWAY |
|
|
|
Nils Hansens vei 13 |
|
sales@zyxel.no |
+47-22-80-61-81 |
|
|||
|
0667 Oslo |
||||
|
|
|
|
Norway |
|
|
info@pl.zyxel.com |
+48 (22) 333 8250 |
www.pl.zyxel.com |
ZyXEL Communications |
|
POLAND |
|
|
|
ul. Okrzei 1A |
|
|
+48 (22) 333 8251 |
|
|||
|
|
03-715 Warszawa |
|||
|
|
|
|
Poland |
|
|
http://zyxel.ru/support |
+7-095-542-89-29 |
www.zyxel.ru |
ZyXEL Russia |
|
RUSSIA |
|
|
|
Ostrovityanova 37a Str. |
|
sales@zyxel.ru |
+7-095-542-89-25 |
|
|||
|
Moscow, 117279 |
||||
|
|
|
|
Russia |
|
|
support@zyxel.es |
+34-902-195-420 |
www.zyxel.es |
ZyXEL Communications |
|
SPAIN |
|
|
|
Arte, 21 5ª planta |
|
sales@zyxel.es |
+34-913-005-345 |
|
|||
|
28033 Madrid |
||||
|
|
|
|
Spain |
|
|
support@zyxel.se |
+46-31-744-7700 |
www.zyxel.se |
ZyXEL Communications A/S |
|
SWEDEN |
|
|
|
Sjöporten 4, 41764 Göteborg |
|
sales@zyxel.se |
+46-31-744-7701 |
|
|||
|
|
Sweden |
|||
|
|
|
|
|
|
|
support@ua.zyxel.com |
+380-44-247-69-78 |
www.ua.zyxel.com |
ZyXEL Ukraine |
|
UKRAINE |
|
|
|
13, Pimonenko Str. |
|
sales@ua.zyxel.com |
+380-44-494-49-32 |
|
|||
|
Kiev, 04050 |
||||
|
|
|
|
Ukraine |
|
|
support@zyxel.co.uk |
+44-1344 303044 |
www.zyxel.co.uk |
ZyXEL Communications UK |
|
|
|
08707 555779 (UK only) |
|
Ltd.,11 The Courtyard, |
|
UNITED KINGDOM |
|
|
|
Eastern Road, Bracknell, |
|
|
sales@zyxel.co.uk |
+44-1344 303034 |
ftp.zyxel.co.uk |
Berkshire, RG12 2XB, |
|
|
|
|
|
United Kingdom (UK) |
+” is the (prefix) number you enter to make an international telephone call.
Customer Support |
9 |
ZyWALL 5/35/70 Series User’s Guide
10 |
Customer Support |
ZyWALL 5/35/70 Series User’s Guide
Copyright |
.................................................................................................................. |
3 |
Certifications ............................................................................................................ |
4 |
|
Safety Warnings ....................................................................................................... |
5 |
|
ZyXEL Limited Warranty.......................................................................................... |
7 |
|
Customer Support.................................................................................................... |
8 |
|
Table of Contents ................................................................................................... |
11 |
|
List of Figures ........................................................................................................ |
31 |
|
List of Tables .......................................................................................................... |
45 |
|
Preface .................................................................................................................... |
|
53 |
Chapter 1 |
|
|
Getting to Know Your ZyWALL ............................................................................. |
55 |
|
1.1 |
ZyWALL Internet Security Appliance Overview .................................................. |
55 |
1.2 |
ZyWALL Features .............................................................................................. |
55 |
|
1.2.1 Physical Features ..................................................................................... |
56 |
|
1.2.2 Non-Physical Features ............................................................................. |
57 |
1.3 |
Applications for the ZyWALL .............................................................................. |
63 |
|
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem ................. |
63 |
|
1.3.2 VPN Application ........................................................................................ |
63 |
|
1.3.3 Front Panel Lights ..................................................................................... |
64 |
Chapter 2 |
|
|
Introducing the Web Configurator........................................................................ |
67 |
|
2.1 |
Web Configurator Overview ............................................................................... |
67 |
2.2 |
Accessing the ZyWALL Web Configurator ......................................................... |
67 |
2.3 |
Resetting the ZyWALL ....................................................................................... |
68 |
|
2.3.1 Procedure To Use The Reset Button ........................................................ |
68 |
|
2.3.2 Uploading a Configuration File Via Console Port ..................................... |
69 |
2.4 |
Navigating the ZyWALL Web Configurator ........................................................ |
69 |
|
2.4.1 Title Bar .................................................................................................... |
70 |
|
2.4.2 Main Window ............................................................................................ |
71 |
|
2.4.3 HOME Screen: Router Mode ................................................................. |
71 |
|
2.4.4 HOME Screen: Bridge Mode ................................................................... |
74 |
Table of Contents |
11 |
ZyWALL 5/35/70 Series User’s Guide
|
2.4.5 Navigation Panel ....................................................................................... |
78 |
|
2.4.6 Port Statistics ........................................................................................... |
83 |
|
2.4.7 Show Statistics: Line Chart ........................................................................ |
84 |
|
2.4.8 DHCP Table Screen ................................................................................ |
85 |
|
2.4.9 VPN Status ................................................................................................ |
86 |
|
2.4.10 Bandwidth Monitor .................................................................................. |
87 |
Chapter 3 |
|
|
Wizard Setup .......................................................................................................... |
89 |
|
3.1 |
Wizard Setup Overview ..................................................................................... |
89 |
3.2 |
Internet Access ................................................................................................. |
90 |
|
3.2.1 ISP Parameters ........................................................................................ |
90 |
|
3.2.1.1 Ethernet ........................................................................................... |
90 |
|
3.2.1.2 PPPoE Encapsulation ..................................................................... |
92 |
|
3.2.1.3 PPTP Encapsulation ....................................................................... |
93 |
|
3.2.2 Internet Access Wizard: Second Screen ................................................... |
95 |
|
3.2.3 Internet Access Wizard: Registration......................................................... |
96 |
3.3 |
VPN Wizard Gateway Setting ............................................................................ |
99 |
3.4 |
VPN Wizard Network Setting ........................................................................... |
101 |
3.5 |
VPN Wizard IKE Tunnel Setting (IKE Phase 1) ............................................... |
103 |
3.6 |
VPN Wizard IPSec Setting (IKE Phase 2) ....................................................... |
104 |
3.7 |
VPN Wizard Status Summary .......................................................................... |
106 |
3.8 |
VPN Wizard Setup Complete ........................................................................... |
109 |
Chapter 4 |
|
|
Tutorial ................................................................................................................... |
|
111 |
4.1 |
Security Settings for VPN Traffic ...................................................................... |
111 |
|
4.1.1 IDP for From VPN Traffic Example ......................................................... |
111 |
|
4.1.2 IDP for To VPN Traffic Example .............................................................. |
113 |
4.2 |
Firewall Rule for VPN Example ........................................................................ |
114 |
|
4.2.1 Configuring the VPN Rule ....................................................................... |
115 |
|
4.2.2 Configuring the Firewall Rules ................................................................ |
118 |
|
4.2.2.1 Firewall Rule to Allow Access Example ........................................ |
119 |
|
4.2.2.2 Default Firewall Rule to Block Other Access Example .................. |
121 |
Chapter 5 |
|
|
Registration .......................................................................................................... |
123 |
|
5.1 myZyXEL.com overview ................................................................................... |
123 |
|
|
5.1.1 Subscription Services Available on the ZyWALL .................................... |
123 |
5.2 |
Registration ...................................................................................................... |
124 |
5.3 |
Service ............................................................................................................. |
126 |
12 |
Table of Contents |
|
|
ZyWALL 5/35/70 Series User’s Guide |
Chapter 6 |
|
|
LAN Screens......................................................................................................... |
129 |
|
6.1 LAN, WAN and the ZyWALL ............................................................................ |
129 |
|
6.2 |
IP Address and Subnet Mask ........................................................................... |
129 |
|
6.2.1 Private IP Addresses .............................................................................. |
130 |
6.3 DHCP ............................................................................................................... |
131 |
|
|
6.3.1 IP Pool Setup .......................................................................................... |
131 |
6.4 |
RIP Setup ......................................................................................................... |
131 |
6.5 |
Multicast ........................................................................................................... |
131 |
6.6 WINS ................................................................................................................ |
132 |
|
6.7 |
LAN .................................................................................................................. |
132 |
6.8 |
LAN Static DHCP ............................................................................................. |
135 |
6.9 |
LAN IP Alias ................................................................................................... |
136 |
6.10 LAN Port Roles .............................................................................................. |
139 |
|
Chapter 7 |
|
|
Bridge Screens..................................................................................................... |
141 |
|
7.1 |
Bridge Loop ...................................................................................................... |
141 |
7.2 |
Spanning Tree Protocol (STP) ......................................................................... |
142 |
|
7.2.1 Rapid STP .............................................................................................. |
142 |
|
7.2.2 STP Terminology .................................................................................... |
142 |
|
7.2.3 How STP Works ..................................................................................... |
142 |
|
7.2.4 STP Port States ...................................................................................... |
143 |
7.3 |
Bridge ............................................................................................................... |
143 |
7.4 |
Bridge Port Roles ............................................................................................ |
145 |
Chapter 8 |
|
|
WAN Screens........................................................................................................ |
147 |
|
8.1 |
WAN Overview ................................................................................................. |
147 |
8.2 |
Multiple WAN .................................................................................................... |
147 |
8.3 |
Load Balancing Introduction ............................................................................. |
148 |
8.4 |
Load Balancing Algorithms .............................................................................. |
148 |
|
8.4.1 Least Load First ...................................................................................... |
148 |
|
8.4.1.1 Example 1 ..................................................................................... |
149 |
|
8.4.1.2 Example 2 ..................................................................................... |
149 |
|
8.4.2 Weighted Round Robin ........................................................................... |
150 |
|
8.4.3 Spillover .................................................................................................. |
150 |
8.5 |
TCP/IP Priority (Metric) .................................................................................... |
151 |
8.6 |
WAN General ................................................................................................... |
151 |
8.7 |
Configuring Load Balancing ............................................................................. |
155 |
|
8.7.1 Least Load First ...................................................................................... |
155 |
|
8.7.2 Weighted Round Robin ........................................................................... |
156 |
|
8.7.3 Spillover .................................................................................................. |
157 |
Table of Contents |
13 |
ZyWALL 5/35/70 Series User’s Guide
8.8 WAN Route ...................................................................................................... |
157 |
|
8.9 WAN IP Address Assignment ........................................................................... |
159 |
|
8.10 |
DNS Server Address Assignment ................................................................ |
159 |
8.11 WAN MAC Address ........................................................................................ |
160 |
|
8.12 WAN ............................................................................................................. |
160 |
|
8.12.1 WAN Ethernet Encapsulation ............................................................... |
160 |
|
8.12.2 PPPoE Encapsulation ........................................................................... |
163 |
|
8.12.3 PPTP Encapsulation ............................................................................. |
166 |
|
8.13 |
Traffic Redirect .......................................................................................... |
170 |
8.14 |
Configuring Traffic Redirect ............................................................................ |
170 |
8.15 |
Configuring Dial Backup ................................................................................. |
171 |
8.16 Advanced Modem Setup .............................................................................. |
175 |
|
8.16.1 AT Command Strings ............................................................................ |
175 |
|
8.16.2 DTR Signal ........................................................................................... |
175 |
|
8.16.3 Response Strings .................................................................................. |
175 |
|
8.17 |
Configuring Advanced Modem Setup ............................................................ |
175 |
Chapter 9 |
|
|
DMZ Screens ........................................................................................................ |
179 |
|
9.1 DMZ ............................................................................................................... |
179 |
|
9.2 Configuring DMZ .............................................................................................. |
179 |
|
9.3 DMZ Static DHCP .......................................................................................... |
182 |
|
9.4 DMZ IP Alias .................................................................................................. |
183 |
|
9.5 DMZ Public IP Address Example ..................................................................... |
185 |
|
9.6 DMZ Private and Public IP Address Example .................................................. |
186 |
|
9.7 DMZ Port Roles .............................................................................................. |
187 |
|
Chapter 10 |
|
|
Wireless LAN ........................................................................................................ |
189 |
|
10.1 |
Wireless LAN Introduction .............................................................................. |
189 |
10.1.1 Additional Installation Requirements for Using 802.1x ......................... |
189 |
|
10.2 |
Configuring WLAN ....................................................................................... |
189 |
10.3 WLAN Static DHCP ...................................................................................... |
192 |
|
10.4 |
WLAN IP Alias .............................................................................................. |
193 |
10.5 |
WLAN Port Roles .......................................................................................... |
195 |
10.6 |
Wireless Security ........................................................................................... |
197 |
10.6.1 Encryption ............................................................................................. |
198 |
|
10.6.2 Authentication ....................................................................................... |
198 |
|
10.6.3 Restricted Access ................................................................................. |
199 |
|
10.6.4 Hide ZyWALL Identity ........................................................................... |
199 |
|
10.7 |
Security Parameters Summary ...................................................................... |
199 |
10.8 |
WEP Encryption ............................................................................................. |
199 |
10.9 |
802.1x Overview ............................................................................................ |
200 |
14 |
Table of Contents |
|
|
ZyWALL 5/35/70 Series User’s Guide |
10.9.1 Introduction to RADIUS ........................................................................ |
200 |
|
|
10.9.1.1 Types of RADIUS Messages ....................................................... |
200 |
10.9.2 EAP Authentication Overview ............................................................... |
201 |
|
10.10 Dynamic WEP Key Exchange ...................................................................... |
202 |
|
10.11 Introduction to WPA ...................................................................................... |
202 |
|
10.11.1 User Authentication ............................................................................. |
202 |
|
10.11.2 Encryption ........................................................................................... |
202 |
|
10.12 WPA-PSK Application Example ................................................................... |
203 |
|
10.13 Introduction to RADIUS ................................................................................ |
204 |
|
10.14 WPA with RADIUS Application Example ...................................................... |
204 |
|
10.15 Wireless Client WPA Supplicants ................................................................. |
205 |
|
10.16 Wireless Card ............................................................................................. |
205 |
|
10.16.1 Static WEP .......................................................................................... |
207 |
|
10.16.2 WPA-PSK ........................................................................................... |
208 |
|
10.16.3 WPA .................................................................................................... |
210 |
|
10.16.4 IEEE 802.1x + Dynamic WEP ............................................................ |
211 |
|
10.16.5 IEEE 802.1x + Static WEP .................................................................. |
212 |
|
10.16.6 IEEE 802.1x + No WEP ...................................................................... |
214 |
|
10.16.7 No Access 802.1x + Static WEP ......................................................... |
215 |
|
10.16.8 No Access 802.1x + No WEP ............................................................. |
216 |
|
10.17 MAC Filter ................................................................................................... |
217 |
|
Chapter 11 |
|
|
Firewall.................................................................................................................. |
|
219 |
11.1 |
Firewall Overview .......................................................................................... |
219 |
11.2 |
Packet Direction Matrix .................................................................................. |
220 |
11.3 |
Packet Direction Examples ............................................................................ |
221 |
11.3.1 To VPN Packet Direction ....................................................................... |
222 |
|
11.3.2 From VPN Packet Direction .................................................................. |
224 |
|
11.3.3 From VPN To VPN Packet Direction ..................................................... |
225 |
|
11.4 |
Security Considerations ................................................................................. |
226 |
11.5 |
Firewall Rules Example .................................................................................. |
227 |
11.6 |
Asymmetrical Routes ..................................................................................... |
229 |
11.6.1 Asymmetrical Routes and IP Alias ........................................................ |
229 |
|
11.7 |
Firewall Default Rule (Router Mode) .............................................................. |
230 |
11.8 |
Firewall Default Rule (Bridge Mode) ............................................................ |
232 |
11.9 |
Firewall Rule Summary ................................................................................. |
234 |
11.9.1 Firewall Edit Rule .............................................................................. |
235 |
|
11.10 Anti-Probing .............................................................................................. |
238 |
|
11.11 Firewall Thresholds .................................................................................... |
239 |
|
11.11.1 Threshold Values ................................................................................. |
240 |
|
11.12 Threshold Screen ......................................................................................... |
240 |
|
11.13 Service ........................................................................................................ |
242 |
Table of Contents |
15 |
ZyWALL 5/35/70 Series User’s Guide
11.13.1 Firewall Edit Custom Service .............................................................. |
244 |
11.14 My Service Firewall Rule Example ............................................................... |
245 |
Chapter 12 |
|
Intrusion Detection and Prevention (IDP) .......................................................... |
251 |
12.1 Introduction to IDP .................................................................................... |
251 |
12.1.1 Firewalls and Intrusions ........................................................................ |
251 |
12.1.2 IDS and IDP ......................................................................................... |
252 |
12.1.3 Host IDP .............................................................................................. |
252 |
12.1.4 Network IDP ......................................................................................... |
252 |
12.1.5 Example Intrusions ............................................................................... |
253 |
12.1.5.1 SQL Slammer Worm ................................................................... |
253 |
12.1.5.2 Blaster W32.Worm ...................................................................... |
253 |
12.1.5.3 Nimda .......................................................................................... |
253 |
12.1.5.4 MyDoom ...................................................................................... |
254 |
12.1.6 ZyWALL IDP ......................................................................................... |
254 |
Chapter 13 |
|
Configuring IDP.................................................................................................... |
255 |
13.1 Overview ........................................................................................................ |
255 |
13.1.1 Interfaces .............................................................................................. |
255 |
13.2 General Setup ................................................................................................ |
256 |
13.3 IDP Signatures ............................................................................................... |
257 |
13.3.1 Attack Types ......................................................................................... |
257 |
13.3.2 Intrusion Severity .................................................................................. |
259 |
13.3.3 Signature Actions .................................................................................. |
259 |
13.3.4 Configuring IDP Signatures .................................................................. |
260 |
13.3.5 Query View ........................................................................................... |
262 |
13.3.5.1 Query Example 1 ........................................................................ |
265 |
13.3.5.2 Query Example 2 ........................................................................ |
266 |
13.4 Update ........................................................................................................... |
267 |
13.4.1 mySecurityZone .................................................................................... |
267 |
13.4.2 Configuring IDP Update ........................................................................ |
268 |
13.5 Backup and Restore ....................................................................................... |
269 |
Chapter 14 |
|
Anti-Virus .............................................................................................................. |
271 |
14.1 Anti-Virus Overview ....................................................................................... |
271 |
14.1.1 Types of Computer Viruses ................................................................. |
271 |
14.1.2 Computer Virus Infection and Prevention ............................................. |
271 |
14.1.3 Types of Anti-Virus Scanner ................................................................ |
272 |
14.2 Introduction to the ZyWALL Anti-Virus Scanner ............................................. |
272 |
14.2.1 How the ZyWALL Anti-Virus Scanner Works ....................................... |
273 |
16 |
Table of Contents |
|
ZyWALL 5/35/70 Series User’s Guide |
14.2.2 Notes About the ZyWALL Anti-Virus ..................................................... |
273 |
14.3 |
274 |
14.4 |
276 |
14.4.1 Signature Search Example ................................................................... |
278 |
14.5 |
281 |
14.5.1 mySecurityZone .................................................................................... |
281 |
14.5.2 Configuring Anti-virus Update .............................................................. |
281 |
14.6 |
283 |
Chapter 15 |
|
Anti-Spam |
285 |
15.1 |
285 |
15.1.1 ...............................................................Anti-Spam External Database |
285 |
........................................................................ |
286 |
................................................................... |
286 |
.................................................................. |
286 |
..................................................................... |
287 |
15.1.2 ....................................................................................Spam Threshold |
287 |
15.1.3 ................................................................................................Phishing |
287 |
15.1.4 ................................................................................................Whitelist |
288 |
15.1.5 .................................................................................................Blacklist |
288 |
15.1.6 ..................................................................................SMTP and POP3 |
288 |
15.1.7 ......................................................................................MIME Headers |
289 |
15.2 ............................................................................ |
289 |
15.3 ................................................................. |
292 |
15.4 ................................................................................. |
294 |
15.5 ......................................................................... |
296 |
Chapter 16 |
|
Content Filtering ...................................................................................Screens |
299 |
16.1 ............................................................................. |
299 |
16.1.1 ..........................................................................Restrict Web Features |
299 |
16.1.2 ................................................................................Create a Filter List |
299 |
16.1.3 ................................................................Customize Web Site Access |
299 |
16.2 ..................................................................... |
299 |
16.3 .................................................. |
302 |
16.4 ............................................................................ |
303 |
16.5 ....................................................................... |
310 |
16.6 .............................................. |
312 |
16.6.1 ........................................Domain Name or IP Address URL Checking |
312 |
16.6.2 .......................................................................Full Path URL Checking |
312 |
16.6.3 .....................................................................File Name URL Checking |
312 |
16.7 ............................................................................... |
313 |
Table of Contents |
17 |
ZyWALL 5/35/70 Series User’s Guide
Chapter 17 |
|
|
Content Filtering Reports .................................................................................... |
315 |
|
17.1 |
Checking Content Filtering Activation ............................................................ |
315 |
17.2 |
Viewing Content Filtering Reports .................................................................. |
315 |
17.3 |
Web Site Submission ..................................................................................... |
320 |
Chapter 18 |
|
|
IPSec VPN |
............................................................................................................. |
323 |
18.1 |
IPSec VPN Overview ................................................................................... |
323 |
18.1.1 ..................................................................................IKE SA Overview |
324 |
|
........... |
18.1.1.1 IP Addresses of the ZyWALL and Remote IPSec Router |
324 |
18.2 ............................................................................................ |
VPN Rules (IKE) |
325 |
18.3 ................................................................................................ |
IKE SA Setup |
327 |
18.3.1 ...................................................................................IKE SA Proposal |
327 |
|
............................................. |
18.3.1.1 Diffie - Hellman (DH) Key Exchange |
328 |
............................................................................. |
18.3.1.2 Authentication |
328 |
............................................................. |
18.3.1.3 Extended Authentication |
330 |
........................................................................ |
18.3.1.4 Negotiation Mode |
330 |
..................................................... |
18.3.1.5 VPN, NAT, and NAT Traversal |
331 |
18.4 ......................................................................... |
Additional IPSec VPN Topics |
332 |
18.4.1 .........................................................................................SA Life Time |
332 |
|
18.4.2 ..........................................................................IPSec High Availability |
332 |
|
18.4.3 ............................................Encryption and Authentication Algorithms |
333 |
|
18.5 ........................................................... |
VPN Rules (IKE) Gateway Policy Edit |
334 |
18.6 .................................................................................... |
IPSec SA Overview |
340 |
........................................... |
18.6.0.1 Local Network and Remote Network |
340 |
............................................................................ |
18.6.0.2 Active Protocol |
340 |
.............................................................................. |
18.6.0.3 Encapsulation |
341 |
...................... |
18.6.0.4 IPSec SA Proposal and Perfect Forward Secrecy |
341 |
18.7 .......................................................... |
VPN Rules (IKE): Network Policy Edit |
342 |
18.8 ....................................................... |
VPN Rules (IKE): Network Policy Move |
346 |
18.9 .................................................................... |
IPSec SA Using Manual Keys |
348 |
18.9.1 ...............................................IPSec SA Proposal Using Manual Keys |
348 |
|
18.9.2 .......................Authentication and the Security Parameter Index (SPI) |
348 |
|
18.10 ....................................................................................VPN Rules (Manual) |
348 |
|
18.11 .........................................................................VPN Rules (Manual): Edit |
350 |
|
18.12 .........................................................................................VPN SA Monitor |
353 |
|
18.13 .....................................................................................VPN Global Setting |
354 |
|
18.14 ...........................................................Telecommuter VPN/IPSec Examples |
355 |
|
18.14.1 ..............................Telecommuters Sharing One VPN Rule Example |
355 |
|
18.14.2 ...........................Telecommuters Using Unique VPN Rules Example |
356 |
|
18.15 ...................................................................VPN and Remote Management |
358 |
|
18.16 ....................................................................................Hub-and-spoke VPN |
358 |
18 |
Table of Contents |
|
ZyWALL 5/35/70 Series User’s Guide |
|
18.16.1 Hub-and-spoke VPN Example ............................................................ |
359 |
|
18.16.2 Hub-and-spoke Example VPN Rule Addresses ................................. |
360 |
|
18.16.3 Hub-and-spoke VPN Requirements and Suggestions ........................ |
361 |
|
Chapter 19 |
|
|
Certificates............................................................................................................ |
363 |
|
19.1 |
Certificates Overview ..................................................................................... |
363 |
19.1.1 Advantages of Certificates .................................................................... |
364 |
|
19.2 |
Self-signed Certificates .................................................................................. |
364 |
19.3 |
Verifying a Certificate ..................................................................................... |
364 |
19.3.1 Checking the Fingerprint of a Certificate on Your Computer ................ |
364 |
|
19.4 |
Configuration Summary ................................................................................. |
365 |
19.5 |
My Certificates .............................................................................................. |
366 |
19.6 |
My Certificate Details ................................................................................... |
368 |
19.7 |
My Certificate Export ..................................................................................... |
370 |
19.7.1 Certificate File Export Formats ............................................................. |
370 |
|
19.8 |
My Certificate Import .................................................................................... |
371 |
19.8.1 Certificate File Formats ......................................................................... |
372 |
|
19.9 |
My Certificate Create ................................................................................... |
374 |
19.10 Trusted CAs ............................................................................................... |
376 |
|
19.11 Trusted CA Details ...................................................................................... |
378 |
|
19.12 Trusted CA Import ...................................................................................... |
381 |
|
19.13 Trusted Remote Hosts ............................................................................... |
382 |
|
19.14 Trusted Remote Hosts Import .................................................................... |
384 |
|
19.15 Trusted Remote Host Certificate Details .................................................... |
385 |
|
19.16 Directory Servers ........................................................................................ |
388 |
|
19.17 Directory Server Add or Edit ...................................................................... |
389 |
|
Chapter 20 |
|
|
Authentication Server.......................................................................................... |
391 |
|
20.1 |
Authentication Server Overview ..................................................................... |
391 |
20.1.1 Local User Database ............................................................................ |
391 |
|
20.1.2 RADIUS ................................................................................................ |
391 |
|
20.2 |
Local User Database .................................................................................... |
391 |
20.3 RADIUS ........................................................................................................ |
393 |
|
Chapter 21 |
|
|
Network Address Translation (NAT) ................................................................... |
395 |
|
21.1 |
NAT Overview .............................................................................................. |
395 |
21.1.1 NAT Definitions ..................................................................................... |
395 |
|
21.1.2 What NAT Does .................................................................................... |
396 |
|
21.1.3 How NAT Works ................................................................................... |
396 |
|
21.1.4 NAT Application .................................................................................... |
397 |
Table of Contents |
19 |
ZyWALL 5/35/70 Series User’s Guide
21.1.5 Port Restricted Cone NAT .................................................................... |
398 |
|
21.1.6 NAT Mapping Types ............................................................................. |
398 |
|
21.2 |
Using NAT ...................................................................................................... |
399 |
21.2.1 SUA (Single User Account) Versus NAT .............................................. |
399 |
|
21.3 |
NAT Overview Screen .................................................................................... |
400 |
21.4 |
NAT Address Mapping ................................................................................. |
401 |
21.4.1 NAT Address Mapping Edit .................................................................. |
403 |
|
21.5 |
Port Forwarding ............................................................................................. |
404 |
21.5.1 Default Server IP Address .................................................................... |
405 |
|
21.5.2 Port Forwarding: Services and Port Numbers ...................................... |
405 |
|
21.5.3 Configuring Servers Behind Port Forwarding (Example) ...................... |
405 |
|
21.5.4 NAT and Multiple WAN ......................................................................... |
406 |
|
21.5.5 Port Translation .................................................................................... |
406 |
|
21.6 |
Port Forwarding Screen ................................................................................. |
407 |
21.7 |
Port Triggering .............................................................................................. |
409 |
Chapter 22 |
|
|
Static Route .......................................................................................................... |
413 |
|
22.1 |
IP Static Route ............................................................................................ |
413 |
22.2 |
IP Static Route ............................................................................................... |
413 |
22.2.1 IP Static Route Edit .............................................................................. |
415 |
|
Chapter 23 |
|
|
Policy Route ......................................................................................................... |
417 |
|
23.1 |
Policy Route .................................................................................................. |
417 |
23.2 |
Benefits .......................................................................................................... |
417 |
23.3 |
Routing Policy ................................................................................................ |
417 |
23.4 |
IP Routing Policy Setup ................................................................................. |
418 |
23.5 |
Policy Route Edit ........................................................................................... |
419 |
Chapter 24 |
|
|
Bandwidth Management ...................................................................................... |
423 |
|
24.1 |
Bandwidth Management Overview ............................................................... |
423 |
24.2 |
Bandwidth Classes and Filters ....................................................................... |
423 |
24.3 |
Proportional Bandwidth Allocation ................................................................. |
424 |
24.4 |
Application-based Bandwidth Management ................................................... |
424 |
24.5 |
Subnet-based Bandwidth Management ......................................................... |
424 |
24.6 |
Application and Subnet-based Bandwidth Management ............................... |
425 |
24.7 |
Scheduler ....................................................................................................... |
425 |
24.7.1 Priority-based Scheduler ...................................................................... |
425 |
|
24.7.2 Fairness-based Scheduler .................................................................... |
425 |
|
24.7.3 Maximize Bandwidth Usage ................................................................. |
425 |
|
24.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................ |
426 |
20 |
Table of Contents |
ZyWALL 5/35/70 Series User’s Guide
24.7.5 Maximize Bandwidth Usage Example .................................................. |
426 |
24.7.5.1Priority-based Allotment of Unused and Unbudgeted Bandwidth 427
24.7.5.2Fairness-based Allotment of Unused and Unbudgeted Bandwidth ...
427
24.8 |
Bandwidth Borrowing ..................................................................................... |
428 |
24.8.1 Bandwidth Borrowing Example ............................................................. |
428 |
|
24.9 |
Maximize Bandwidth Usage With Bandwidth Borrowing ................................ |
429 |
24.10 Over Allotment of Bandwidth ........................................................................ |
429 |
|
24.11 Configuring Summary ................................................................................... |
430 |
|
24.12 Configuring Class Setup ............................................................................ |
431 |
|
24.12.1 Bandwidth Manager Class Configuration .......................................... |
433 |
|
24.12.2 Bandwidth Management Statistics ................................................... |
436 |
|
24.13 Bandwidth Manager Monitor ...................................................................... |
437 |
|
Chapter 25 |
|
|
DNS........................................................................................................................ |
|
439 |
25.1 |
DNS Overview .............................................................................................. |
439 |
25.2 |
DNS Server Address Assignment .................................................................. |
439 |
25.3 |
DNS Servers .................................................................................................. |
439 |
25.4 |
Address Record ............................................................................................. |
440 |
25.4.1 DNS Wildcard ....................................................................................... |
440 |
|
25.5 |
Name Server Record ..................................................................................... |
440 |
25.5.1 Private DNS Server .............................................................................. |
440 |
|
25.6 |
System Screen ............................................................................................... |
441 |
25.6.1 Adding an Address Record .................................................................. |
442 |
|
25.6.2 Inserting a Name Server Record ......................................................... |
443 |
|
25.7 DNS Cache .................................................................................................. |
445 |
|
25.8 |
Configure DNS Cache .................................................................................... |
445 |
25.9 |
Configuring DNS DHCP ............................................................................... |
446 |
25.10 Dynamic DNS ............................................................................................. |
448 |
|
25.10.1 DYNDNS Wildcard .............................................................................. |
448 |
|
25.10.2 High Availability .................................................................................. |
448 |
|
25.11 Configuring Dynamic DNS ........................................................................... |
448 |
|
Chapter 26 |
|
|
Remote Management ........................................................................................... |
451 |
|
26.1 |
Remote Management Overview ..................................................................... |
451 |
26.1.1 Remote Management Limitations ......................................................... |
451 |
|
26.1.2 System Timeout .................................................................................... |
452 |
|
26.2 WWW (HTTP and HTTPS) ........................................................................... |
452 |
|
26.3 WWW ............................................................................................................. |
453 |
|
26.4 HTTPS Example ............................................................................................ |
455 |
|
26.4.1 Internet Explorer Warning Messages ................................................... |
455 |
Table of Contents |
21 |
ZyWALL 5/35/70 Series User’s Guide
26.4.2 Netscape Navigator Warning Messages ............................................... |
456 |
|
26.4.3 Avoiding the Browser Warning Messages ............................................ |
457 |
|
26.4.4 Login Screen ......................................................................................... |
457 |
|
26.5 |
SSH ............................................................................................................. |
459 |
26.6 How SSH Works ............................................................................................ |
460 |
|
26.7 |
SSH Implementation on the ZyWALL ............................................................. |
461 |
26.7.1 Requirements for Using SSH ................................................................ |
461 |
|
26.8 |
Configuring SSH ............................................................................................ |
461 |
26.9 |
Secure Telnet Using SSH Examples .............................................................. |
462 |
26.9.1 Example 1: Microsoft Windows ............................................................. |
462 |
|
26.9.2 Example 2: Linux .................................................................................. |
463 |
|
26.10 Secure FTP Using SSH Example ................................................................ |
464 |
|
26.11 Telnet .......................................................................................................... |
465 |
|
26.12 Configuring TELNET .................................................................................... |
465 |
|
26.13 FTP ............................................................................................................ |
466 |
|
26.14 SNMP ......................................................................................................... |
467 |
|
26.14.1 Supported MIBs ................................................................................. |
469 |
|
26.14.2 SNMP Traps ....................................................................................... |
469 |
|
26.14.3 REMOTE MANAGEMENT: SNMP ...................................................... |
469 |
|
26.15 DNS ............................................................................................................ |
471 |
|
26.16 Introducing Vantage CNM ........................................................................... |
471 |
|
26.17 Configuring CNM .......................................................................................... |
472 |
|
Chapter 27 |
|
|
UPnP...................................................................................................................... |
|
475 |
27.1 |
Universal Plug and Play Overview ............................................................... |
475 |
27.1.1 How Do I Know If I'm Using UPnP? ...................................................... |
475 |
|
27.1.2 NAT Traversal ....................................................................................... |
475 |
|
27.1.3 Cautions with UPnP .............................................................................. |
475 |
|
27.1.4 UPnP and ZyXEL .................................................................................. |
476 |
|
27.2 |
Configuring UPnP .......................................................................................... |
476 |
27.3 |
Displaying UPnP Port Mapping ................................................................... |
477 |
27.4 |
Installing UPnP in Windows Example ............................................................ |
478 |
27.4.1 Installing UPnP in Windows Me ............................................................ |
479 |
|
27.4.2 Installing UPnP in Windows XP ............................................................ |
480 |
|
27.5 |
Using UPnP in Windows XP Example ........................................................... |
480 |
27.5.1 Auto-discover Your UPnP-enabled Network Device ............................. |
481 |
|
27.5.2 Web Configurator Easy Access ............................................................ |
482 |
|
Chapter 28 |
|
|
ALG Screen........................................................................................................... |
485 |
|
28.1 |
ALG Introduction ........................................................................................... |
485 |
28.1.1 ALG and NAT ........................................................................................ |
485 |
22 |
Table of Contents |
|
ZyWALL 5/35/70 Series User’s Guide |
|
28.1.2 ALG and the Firewall ............................................................................ |
485 |
|
28.1.3 ALG and Multiple WAN ......................................................................... |
485 |
|
28.2 |
FTP ................................................................................................................ |
486 |
28.3 |
H.323 .............................................................................................................. |
486 |
28.4 RTP ................................................................................................................ |
486 |
|
28.4.1 H.323 ALG Details ................................................................................ |
486 |
|
28.5 |
SIP ................................................................................................................. |
488 |
28.5.1 STUN .................................................................................................... |
488 |
|
28.5.2 SIP ALG Details .................................................................................... |
488 |
|
28.5.3 SIP Signaling Session Timeout ............................................................ |
489 |
|
28.5.4 SIP Audio Session Timeout .................................................................. |
489 |
|
28.6 |
ALG Screen .................................................................................................... |
489 |
Chapter 29 |
|
|
Reports.................................................................................................................. |
|
491 |
29.1 |
Configuring Reports ....................................................................................... |
491 |
29.2 |
System Reports Screen ................................................................................ |
491 |
29.2.1 Viewing Web Site Hits ........................................................................... |
493 |
|
29.2.2 Viewing Host IP Address ...................................................................... |
494 |
|
29.2.3 Viewing Protocol/Port ........................................................................... |
495 |
|
29.2.4 System Reports Specifications ............................................................. |
496 |
|
29.3 |
IDP Threat Reports Screen .......................................................................... |
496 |
29.4 |
Anti-Virus Threat Reports Screen ............................................................... |
498 |
29.5 |
Anti-Spam Threat Reports Screen ................................................................ |
500 |
Chapter 30 |
|
|
Logs Screens........................................................................................................ |
503 |
|
30.1 |
Configuring View Log .................................................................................... |
503 |
30.2 |
Log Description Example ............................................................................... |
504 |
30.2.1 About the Certificate Not Trusted Log .................................................. |
505 |
|
30.3 |
Configuring Log Settings ............................................................................... |
506 |
30.3.1 Log Descriptions ................................................................................... |
509 |
|
30.4 |
Syslog Logs .................................................................................................... |
529 |
Chapter 31 |
|
|
Maintenance ......................................................................................................... |
531 |
|
31.1 |
Maintenance Overview ................................................................................... |
531 |
31.2 |
General Setup and System Name ................................................................. |
531 |
31.2.1 General Setup ....................................................................................... |
531 |
|
31.3 |
Configuring Password ................................................................................... |
532 |
31.4 |
Time and Date ............................................................................................... |
533 |
31.5 |
Pre-defined NTP Time Server Pools .............................................................. |
536 |
31.5.1 Resetting the Time ................................................................................ |
536 |
Table of Contents |
23 |
ZyWALL 5/35/70 Series User’s Guide
31.5.2 Time Server Synchronization ................................................................ |
536 |
|
31.6 |
Introduction To Transparent Bridging ............................................................. |
537 |
31.7 |
Transparent Firewalls ..................................................................................... |
538 |
31.8 |
Configuring Device Mode (Router) ................................................................ |
539 |
31.9 |
Configuring Device Mode (Bridge) ................................................................ |
540 |
31.10 F/W Upload Screen ..................................................................................... |
542 |
|
31.11 Backup and Restore .................................................................................... |
544 |
|
31.11.1 Backup Configuration .......................................................................... |
544 |
|
31.11.2 Restore Configuration ......................................................................... |
545 |
|
31.11.3 Back to Factory Defaults .................................................................... |
546 |
|
31.12 Restart Screen ............................................................................................ |
546 |
|
Chapter 32 |
|
|
Introducing the SMT ............................................................................................ |
549 |
|
32.1 |
Introduction to the SMT .................................................................................. |
549 |
32.2 |
Accessing the SMT via the Console Port ....................................................... |
549 |
32.2.1 Initial Screen ......................................................................................... |
549 |
|
32.2.2 Entering the Password .......................................................................... |
550 |
|
32.3 |
Navigating the SMT Interface ......................................................................... |
550 |
32.3.1 Main Menu ............................................................................................ |
551 |
|
32.3.2 SMT Menus Overview .......................................................................... |
553 |
|
32.4 |
Changing the System Password .................................................................... |
555 |
32.5 |
Resetting the ZyWALL ................................................................................... |
556 |
Chapter 33 |
|
|
SMT Menu 1 - General Setup............................................................................... |
557 |
|
33.1 |
Introduction to General Setup ........................................................................ |
557 |
33.2 |
Configuring General Setup ............................................................................. |
557 |
33.2.1 Configuring Dynamic DNS .................................................................... |
559 |
|
|
33.2.1.1 Editing DDNS Host ...................................................................... |
559 |
Chapter 34 |
|
|
WAN and Dial Backup Setup............................................................................... |
563 |
|
34.1 |
Introduction to WAN and Dial Backup Setup .................................................. |
563 |
34.2 WAN Setup ..................................................................................................... |
563 |
|
34.3 |
Dial Backup .................................................................................................... |
564 |
34.4 |
Configuring Dial Backup in Menu 2 ................................................................ |
564 |
34.5 Advanced WAN Setup .................................................................................... |
565 |
|
34.6 |
Remote Node Profile (Backup ISP) ................................................................ |
567 |
34.7 |
Editing PPP Options ....................................................................................... |
569 |
34.8 |
Editing TCP/IP Options .................................................................................. |
570 |
34.9 |
Editing Login Script ........................................................................................ |
572 |
34.10 Remote Node Filter ...................................................................................... |
574 |
24 |
Table of Contents |
|
|
ZyWALL 5/35/70 Series User’s Guide |
Chapter 35 |
|
|
LAN Setup............................................................................................................. |
|
575 |
35.1 |
Introduction to LAN Setup .............................................................................. |
575 |
35.2 |
Accessing the LAN Menus ............................................................................. |
575 |
35.3 |
LAN Port Filter Setup ..................................................................................... |
575 |
35.4 |
TCP/IP and DHCP Ethernet Setup Menu ...................................................... |
576 |
35.4.1 IP Alias Setup ....................................................................................... |
579 |
|
Chapter 36 |
|
|
Internet Access .................................................................................................... |
581 |
|
36.1 |
Introduction to Internet Access Setup ............................................................ |
581 |
36.2 |
Ethernet Encapsulation .................................................................................. |
581 |
36.3 |
Configuring the PPTP Client .......................................................................... |
583 |
36.4 |
Configuring the PPPoE Client ........................................................................ |
583 |
36.5 |
Basic Setup Complete .................................................................................... |
584 |
Chapter 37 |
|
|
DMZ Setup |
............................................................................................................ |
585 |
37.1 |
Configuring DMZ Setup .................................................................................. |
585 |
37.2 |
DMZ Port Filter Setup .................................................................................... |
585 |
37.3 |
TCP/IP Setup ................................................................................................. |
585 |
37.3.1 IP Address ............................................................................................ |
586 |
|
37.3.2 IP Alias Setup ....................................................................................... |
587 |
|
Chapter 38 |
|
|
Route Setup .......................................................................................................... |
589 |
|
38.1 |
Configuring Route Setup ................................................................................ |
589 |
38.2 |
Route Assessment ......................................................................................... |
589 |
38.3 |
Traffic Redirect ............................................................................................... |
590 |
38.4 |
Route Failover ................................................................................................ |
591 |
Chapter 39 |
|
|
Wireless Setup ..................................................................................................... |
593 |
|
39.1 |
Wireless LAN Setup ....................................................................................... |
593 |
39.1.1 MAC Address Filter Setup .................................................................... |
595 |
|
39.2 |
TCP/IP Setup ................................................................................................. |
596 |
39.2.1 IP Address ............................................................................................ |
596 |
|
39.2.2 IP Alias Setup ....................................................................................... |
597 |
|
Chapter 40 |
|
|
Remote Node Setup ............................................................................................. |
599 |
|
40.1 |
Introduction to Remote Node Setup ............................................................... |
599 |
40.2 |
Remote Node Setup ....................................................................................... |
599 |
Table of Contents |
25 |
ZyWALL 5/35/70 Series User’s Guide
40.3 |
Remote Node Profile Setup ........................................................................... |
600 |
40.3.1 Ethernet Encapsulation ......................................................................... |
600 |
|
40.3.2 PPPoE Encapsulation ........................................................................... |
602 |
|
|
40.3.2.1 Outgoing Authentication Protocol ................................................ |
602 |
|
40.3.2.2 Nailed-Up Connection ................................................................. |
602 |
|
40.3.2.3 Metric .......................................................................................... |
603 |
40.3.3 PPTP Encapsulation ............................................................................. |
603 |
|
40.4 |
Edit IP ............................................................................................................. |
604 |
40.5 |
Remote Node Filter ........................................................................................ |
606 |
40.6 |
Traffic Redirect ............................................................................................... |
607 |
Chapter 41 |
|
|
IP Static Route Setup ........................................................................................... |
609 |
|
41.1 |
IP Static Route Setup ..................................................................................... |
609 |
Chapter 42 |
|
|
Network Address Translation (NAT) ................................................................... |
611 |
|
42.1 |
Using NAT ...................................................................................................... |
611 |
42.1.1 SUA (Single User Account) Versus NAT .............................................. |
611 |
|
42.1.2 Applying NAT ........................................................................................ |
611 |
|
42.2 |
NAT Setup ...................................................................................................... |
613 |
42.2.1 Address Mapping Sets .......................................................................... |
614 |
|
|
42.2.1.1 SUA Address Mapping Set ......................................................... |
614 |
|
42.2.1.2 User-Defined Address Mapping Sets .......................................... |
615 |
|
42.2.1.3 Ordering Your Rules .................................................................... |
616 |
42.3 |
Configuring a Server behind NAT .................................................................. |
618 |
42.4 |
General NAT Examples .................................................................................. |
621 |
42.4.1 Internet Access Only ............................................................................. |
621 |
|
42.4.2 Example 2: Internet Access with a Default Server ................................ |
623 |
|
42.4.3 Example 3: Multiple Public IP Addresses With Inside Servers ............. |
623 |
|
42.4.4 Example 4: NAT Unfriendly Application Programs ............................... |
627 |
|
42.5 |
Trigger Port Forwarding ................................................................................. |
628 |
42.5.1 Two Points To Remember About Trigger Ports ..................................... |
628 |
|
Chapter 43 |
|
|
Introducing the ZyWALL Firewall ....................................................................... |
631 |
|
43.1 Using ZyWALL SMT Menus ........................................................................... |
631 |
|
43.1.1 Activating the Firewall ........................................................................... |
631 |
|
Chapter 44 |
|
|
Filter Configuration.............................................................................................. |
633 |
|
44.1 |
Introduction to Filters ...................................................................................... |
633 |
44.1.1 The Filter Structure of the ZyWALL ...................................................... |
634 |
26 |
Table of Contents |
|
ZyWALL 5/35/70 Series User’s Guide |
|
44.2 |
Configuring a Filter Set .................................................................................. |
636 |
44.2.1 Configuring a Filter Rule ....................................................................... |
637 |
|
44.2.2 Configuring a TCP/IP Filter Rule .......................................................... |
638 |
|
44.2.3 Configuring a Generic Filter Rule ......................................................... |
640 |
|
44.3 |
Example Filter ................................................................................................ |
642 |
44.4 |
Filter Types and NAT ...................................................................................... |
644 |
44.5 |
Firewall Versus Filters .................................................................................... |
644 |
44.5.1 Packet Filtering: .................................................................................... |
645 |
|
|
44.5.1.1 When To Use Filtering ................................................................. |
645 |
44.5.2 Firewall ................................................................................................. |
645 |
|
|
44.5.2.1 When To Use The Firewall .......................................................... |
645 |
44.6 |
Applying a Filter ............................................................................................ |
646 |
44.6.1 Applying LAN Filters ............................................................................. |
646 |
|
44.6.2 Applying DMZ Filters ............................................................................ |
646 |
|
44.6.3 Applying Remote Node Filters .............................................................. |
647 |
|
Chapter 45 |
|
|
SNMP Configuration ............................................................................................ |
649 |
|
45.1 |
SNMP Configuration ...................................................................................... |
649 |
45.2 SNMP Traps ................................................................................................... |
650 |
|
Chapter 46 |
|
|
System Information & Diagnosis........................................................................ |
651 |
|
46.1 |
Introduction to System Status ........................................................................ |
651 |
46.2 |
System Status ................................................................................................ |
651 |
46.3 |
System Information and Console Port Speed ................................................ |
653 |
46.3.1 System Information ............................................................................... |
653 |
|
46.3.2 Console Port Speed .............................................................................. |
654 |
|
46.4 |
Log and Trace ................................................................................................ |
655 |
46.4.1 Viewing Error Log ................................................................................. |
655 |
|
46.4.2 Syslog Logging ..................................................................................... |
656 |
|
46.4.3 Call-Triggering Packet .......................................................................... |
659 |
|
46.5 |
Diagnostic ...................................................................................................... |
659 |
46.5.1 WAN DHCP .......................................................................................... |
660 |
|
Chapter 47 |
|
|
Firmware and Configuration File Maintenance ................................................. |
663 |
|
47.1 |
Introduction .................................................................................................... |
663 |
47.2 |
Filename Conventions ................................................................................... |
663 |
47.3 |
Backup Configuration ..................................................................................... |
664 |
47.3.1 Backup Configuration ........................................................................... |
664 |
|
47.3.2 Using the FTP Command from the Command Line .............................. |
665 |
|
47.3.3 Example of FTP Commands from the Command Line ......................... |
666 |
Table of Contents |
27 |
ZyWALL 5/35/70 Series User’s Guide
47.3.4 GUI-based FTP Clients ......................................................................... |
666 |
47.3.5 File Maintenance Over WAN ................................................................ |
666 |
47.3.6 Backup Configuration Using TFTP ....................................................... |
667 |
47.3.7 TFTP Command Example .................................................................... |
667 |
47.3.8 GUI-based TFTP Clients ...................................................................... |
668 |
47.3.9 Backup Via Console Port ...................................................................... |
668 |
47.4 Restore Configuration .................................................................................... |
669 |
47.4.1 Restore Using FTP ............................................................................... |
669 |
47.4.2 Restore Using FTP Session Example .................................................. |
671 |
47.4.3 Restore Via Console Port ..................................................................... |
671 |
47.5 Uploading Firmware and Configuration Files ................................................. |
672 |
47.5.1 Firmware File Upload ............................................................................ |
672 |
47.5.2 Configuration File Upload ..................................................................... |
673 |
47.5.3 FTP File Upload Command from the DOS Prompt Example ................ |
674 |
47.5.4 FTP Session Example of Firmware File Upload ................................... |
674 |
47.5.5 TFTP File Upload .................................................................................. |
674 |
47.5.6 TFTP Upload Command Example ........................................................ |
675 |
47.5.7 Uploading Via Console Port .................................................................. |
675 |
47.5.8 Uploading Firmware File Via Console Port ........................................... |
675 |
47.5.9 Example Xmodem Firmware Upload Using HyperTerminal .................. |
676 |
47.5.10 Uploading Configuration File Via Console Port .................................. |
676 |
47.5.11 Example Xmodem Configuration Upload Using HyperTerminal ......... |
677 |
Chapter 48 |
|
System Maintenance Menus 8 to 10................................................................... |
679 |
48.1 Command Interpreter Mode ........................................................................... |
679 |
48.1.1 Command Syntax ................................................................................. |
679 |
48.1.2 Command Usage .................................................................................. |
680 |
48.2 Call Control Support ....................................................................................... |
681 |
48.2.1 Budget Management ............................................................................ |
681 |
48.2.2 Call History ........................................................................................... |
682 |
48.3 Time and Date Setting .................................................................................... |
683 |
Chapter 49 |
|
Remote Management ........................................................................................... |
687 |
49.1 Remote Management ..................................................................................... |
687 |
49.1.1 Remote Management Limitations ......................................................... |
689 |
Chapter 50 |
|
IP Policy Routing.................................................................................................. |
691 |
50.1 IP Routing Policy Summary ........................................................................... |
691 |
50.2 IP Routing Policy Setup ................................................................................. |
692 |
50.2.1 Applying Policy to Packets .................................................................... |
694 |
28 |
Table of Contents |
|
ZyWALL 5/35/70 Series User’s Guide |
|
50.3 |
IP Policy Routing Example ............................................................................. |
695 |
Chapter 51 |
|
|
Call Scheduling .................................................................................................... |
699 |
|
51.1 |
Introduction to Call Scheduling ...................................................................... |
699 |
Chapter 52 |
|
|
Troubleshooting ................................................................................................... |
703 |
|
52.1 |
Problems Starting Up the ZyWALL ................................................................. |
703 |
52.2 |
Problems with the LAN Interface .................................................................... |
703 |
52.3 |
Problems with the DMZ Interface ................................................................... |
704 |
52.4 |
Problems with the WAN Interface .................................................................. |
704 |
52.5 |
Problems Accessing the ZyWALL .................................................................. |
705 |
52.5.1 Pop-up Windows, JavaScripts and Java Permissions .......................... |
705 |
|
|
52.5.1.1 Internet Explorer Pop-up Blockers .............................................. |
706 |
|
52.5.1.2 JavaScripts .................................................................................. |
709 |
|
52.5.1.3 Java Permissions ........................................................................ |
711 |
52.6 |
Packet Flow .................................................................................................... |
713 |
Appendix A |
|
|
Product Specifications ........................................................................................ |
715 |
|
Appendix B |
|
|
Hardware Installation........................................................................................... |
723 |
|
Appendix C |
|
|
Removing and Installing a Fuse ........................................................................ |
727 |
|
Appendix D |
|
|
Setting up Your Computer’s IP Address............................................................ |
729 |
|
Appendix E |
|
|
IP Addresses and Subnetting ............................................................................. |
745 |
|
Appendix F |
|
|
Common Services............................................................................................... |
753 |
|
Appendix G |
|
|
Wireless LANs ...................................................................................................... |
757 |
|
Appendix H |
|
|
Windows 98 SE/Me Requirements for Anti-Virus Message Display................ |
771 |
|
Appendix I |
|
|
VPN Setup |
............................................................................................................. |
775 |
Appendix J |
|
Table of Contents |
29 |
ZyWALL 5/35/70 Series User’s Guide
Importing Certificates .......................................................................................... |
787 |
Appendix K |
|
Command Interpreter........................................................................................... |
799 |
Appendix L |
|
Firewall Commands ............................................................................................. |
807 |
Appendix M |
|
NetBIOS Filter Commands .................................................................................. |
813 |
Appendix N |
|
Certificates Commands ....................................................................................... |
817 |
Appendix O |
|
Brute-Force Password Guessing Protection..................................................... |
821 |
Appendix P |
|
Boot Commands .................................................................................................. |
823 |
Index...................................................................................................................... |
825 |
30 |
Table of Contents |