ZyXEL 5 Series User Manual

ZyWALL 5/35/70 Series

Internet Security Appliance

User’s Guide

Version 4.01

7/2006

Edition 1

ZyWALL 5/35/70 Series User’s Guide

Copyright

Copyright © 2006 by ZyXEL Communications Corporation.

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Published by ZyXEL Communications Corporation. All rights reserved.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

Copyright

3

ZyWALL 5/35/70 Series User’s Guide

Certifications

Federal Communications Commission (FCC) Interference Statement

The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

•This device may not cause harmful interference.

•This device must accept any interference received, including interference that may cause undesired operations.

This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

1Reorient or relocate the receiving antenna.

2Increase the separation between the equipment and the receiver.

3Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

4Consult the dealer or an experienced radio/TV technician for help.

Notices

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

Viewing Certifications

1Go to http://www.zyxel.com.

2Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.

3Select the certification you wish to view from this page.

4	Certifications

ZyWALL 5/35/70 Series User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

•Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

•Do NOT expose your device to dampness, dust or corrosive liquids.

•Do NOT store things on the device.

•Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.

•Connect ONLY suitable accessories to the device.

•Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.

•Make sure to connect the cables to the correct ports.

•Place connecting cables carefully so that no one will step on them or stumble over them.

•Always disconnect all cables from this device before servicing or disassembling.

•Use ONLY an appropriate power adaptor or cord for your device.

•Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).

•Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.

•Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.

•If the power adaptor or cord is damaged, remove it from the power outlet.

•Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.

•Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.

•CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.

•Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

•Fuse Warning! Replace a fuse only with a fuse of the same type and rating.

Safety Warnings

5

ZyWALL 5/35/70 Series User’s Guide

This product is recyclable. Dispose of it properly.

6	Safety Warnings

ZyWALL 5/35/70 Series User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Registration

Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.

ZyXEL Limited Warranty

7

ZyWALL 5/35/70 Series User’s Guide

Customer Support

Please have the following information ready when you contact customer support.

•Product model and serial number.

•Warranty Information.

•Date that you received your device.

•Brief description of the problem and the steps you took to solve it.

	METHOD	SUPPORT E-MAIL	TELEPHONE	WEB SITE	REGULAR MAIL
	LOCATION	SALES E-MAIL	FAX	FTP SITE
	CORPORATE	support@zyxel.com.tw	+886-3-578-3942	www.zyxel.com	ZyXEL Communications Corp.
				www.europe.zyxel.com	6 Innovation Road II
	HEADQUARTERS				Science Park
		sales@zyxel.com.tw	+886-3-578-2439	ftp.zyxel.com
	(WORLDWIDE)				Hsinchu 300
				ftp.europe.zyxel.com	Taiwan
		soporte@zyxel.co.cr	+506-2017878	www.zyxel.co.cr	ZyXEL Costa Rica
	COSTA RICA				Plaza Roble Escazú
		sales@zyxel.co.cr	+506-2015098	ftp.zyxel.co.cr
					Etapa El Patio, Tercer Piso
					San José, Costa Rica
		info@cz.zyxel.com	+420-241-091-350	www.zyxel.cz	ZyXEL Communications
					Czech s.r.o.
	CZECH REPUBLIC	info@cz.zyxel.com	+420-241-091-359
					Modranská 621
					143 01 Praha 4 - Modrany
					Ceská Republika
		support@zyxel.dk	+45-39-55-07-00	www.zyxel.dk	ZyXEL Communications A/S
	DENMARK				Columbusvej
		sales@zyxel.dk	+45-39-55-07-07
					2860 Soeborg
					Denmark
		support@zyxel.fi	+358-9-4780-8411	www.zyxel.fi	ZyXEL Communications Oy
	FINLAND				Malminkaari 10
		sales@zyxel.fi	+358-9-4780 8448
					00700 Helsinki
					Finland
		info@zyxel.fr	+33-4-72-52-97-97	www.zyxel.fr	ZyXEL France
					1 rue des Vergers
	FRANCE		+33-4-72-52-19-20
					Bat. 1 / C
					69760 Limonest
					France
		support@zyxel.de	+49-2405-6909-0	www.zyxel.de	ZyXEL Deutschland GmbH.
	GERMANY				Adenauerstr. 20/A2 D-52146
		sales@zyxel.de	+49-2405-6909-99
					Wuerselen
					Germany
		support@zyxel.hu	+36-1-3361649	www.zyxel.hu	ZyXEL Hungary
	HUNGARY				48, Zoldlomb Str.
		info@zyxel.hu	+36-1-3259100
					H-1025, Budapest
					Hungary
		http://zyxel.kz/support	+7-3272-590-698	www.zyxel.kz	ZyXEL Kazakhstan
					43, Dostyk ave.,Office 414
	KAZAKHSTAN	sales@zyxel.kz	+7-3272-590-689
					Dostyk Business Centre
					050010, Almaty
					Republic of Kazakhstan
		support@zyxel.com	1-800-255-4101	www.us.zyxel.com	ZyXEL Communications Inc.
			+1-714-632-0882		1130 N. Miller St.
	NORTH AMERICA				Anaheim
		sales@zyxel.com	+1-714-632-0858	ftp.us.zyxel.com	CA 92806-2001
					U.S.A.

8	Customer Support

ZyWALL 5/35/70 Series User’s Guide

	METHOD	SUPPORT E-MAIL	TELEPHONE	WEB SITE	REGULAR MAIL
	LOCATION	SALES E-MAIL	FAX	FTP SITE
		support@zyxel.no	+47-22-80-61-80	www.zyxel.no	ZyXEL Communications A/S
	NORWAY				Nils Hansens vei 13
		sales@zyxel.no	+47-22-80-61-81
					0667 Oslo
					Norway
		info@pl.zyxel.com	+48 (22) 333 8250	www.pl.zyxel.com	ZyXEL Communications
	POLAND				ul. Okrzei 1A
			+48 (22) 333 8251
					03-715 Warszawa
					Poland
		http://zyxel.ru/support	+7-095-542-89-29	www.zyxel.ru	ZyXEL Russia
	RUSSIA				Ostrovityanova 37a Str.
		sales@zyxel.ru	+7-095-542-89-25
					Moscow, 117279
					Russia
		support@zyxel.es	+34-902-195-420	www.zyxel.es	ZyXEL Communications
	SPAIN				Arte, 21 5ª planta
		sales@zyxel.es	+34-913-005-345
					28033 Madrid
					Spain
		support@zyxel.se	+46-31-744-7700	www.zyxel.se	ZyXEL Communications A/S
	SWEDEN				Sjöporten 4, 41764 Göteborg
		sales@zyxel.se	+46-31-744-7701
					Sweden
		support@ua.zyxel.com	+380-44-247-69-78	www.ua.zyxel.com	ZyXEL Ukraine
	UKRAINE				13, Pimonenko Str.
		sales@ua.zyxel.com	+380-44-494-49-32
					Kiev, 04050
					Ukraine
		support@zyxel.co.uk	+44-1344 303044	www.zyxel.co.uk	ZyXEL Communications UK
			08707 555779 (UK only)		Ltd.,11 The Courtyard,
	UNITED KINGDOM				Eastern Road, Bracknell,
		sales@zyxel.co.uk	+44-1344 303034	ftp.zyxel.co.uk	Berkshire, RG12 2XB,
					United Kingdom (UK)

+” is the (prefix) number you enter to make an international telephone call.

Customer Support

9

ZyWALL 5/35/70 Series User’s Guide

10	Customer Support

ZyWALL 5/35/70 Series User’s Guide

Table of Contents

Copyright	..................................................................................................................	3
Certifications ............................................................................................................		4
Safety Warnings .......................................................................................................		5
ZyXEL Limited Warranty..........................................................................................		7
Customer Support....................................................................................................		8
Table of Contents ...................................................................................................		11
List of Figures ........................................................................................................		31
List of Tables ..........................................................................................................		45
Preface ....................................................................................................................		53
Chapter 1
Getting to Know Your ZyWALL .............................................................................		55
1.1	ZyWALL Internet Security Appliance Overview ..................................................	55
1.2	ZyWALL Features ..............................................................................................	55
	1.2.1 Physical Features .....................................................................................	56
	1.2.2 Non-Physical Features .............................................................................	57
1.3	Applications for the ZyWALL ..............................................................................	63
	1.3.1 Secure Broadband Internet Access via Cable or DSL Modem .................	63
	1.3.2 VPN Application ........................................................................................	63
	1.3.3 Front Panel Lights .....................................................................................	64
Chapter 2
Introducing the Web Configurator........................................................................		67
2.1	Web Configurator Overview ...............................................................................	67
2.2	Accessing the ZyWALL Web Configurator .........................................................	67
2.3	Resetting the ZyWALL .......................................................................................	68
	2.3.1 Procedure To Use The Reset Button ........................................................	68
	2.3.2 Uploading a Configuration File Via Console Port .....................................	69
2.4	Navigating the ZyWALL Web Configurator ........................................................	69
	2.4.1 Title Bar ....................................................................................................	70
	2.4.2 Main Window ............................................................................................	71
	2.4.3 HOME Screen: Router Mode .................................................................	71
	2.4.4 HOME Screen: Bridge Mode ...................................................................	74

Table of Contents

11

ZyWALL 5/35/70 Series User’s Guide

	2.4.5 Navigation Panel .......................................................................................	78
	2.4.6 Port Statistics ...........................................................................................	83
	2.4.7 Show Statistics: Line Chart ........................................................................	84
	2.4.8 DHCP Table Screen ................................................................................	85
	2.4.9 VPN Status ................................................................................................	86
	2.4.10 Bandwidth Monitor ..................................................................................	87
Chapter 3
Wizard Setup ..........................................................................................................		89
3.1	Wizard Setup Overview .....................................................................................	89
3.2	Internet Access .................................................................................................	90
	3.2.1 ISP Parameters ........................................................................................	90
	3.2.1.1 Ethernet ...........................................................................................	90
	3.2.1.2 PPPoE Encapsulation .....................................................................	92
	3.2.1.3 PPTP Encapsulation .......................................................................	93
	3.2.2 Internet Access Wizard: Second Screen ...................................................	95
	3.2.3 Internet Access Wizard: Registration.........................................................	96
3.3	VPN Wizard Gateway Setting ............................................................................	99
3.4	VPN Wizard Network Setting ...........................................................................	101
3.5	VPN Wizard IKE Tunnel Setting (IKE Phase 1) ...............................................	103
3.6	VPN Wizard IPSec Setting (IKE Phase 2) .......................................................	104
3.7	VPN Wizard Status Summary ..........................................................................	106
3.8	VPN Wizard Setup Complete ...........................................................................	109
Chapter 4
Tutorial ...................................................................................................................		111
4.1	Security Settings for VPN Traffic ......................................................................	111
	4.1.1 IDP for From VPN Traffic Example .........................................................	111
	4.1.2 IDP for To VPN Traffic Example ..............................................................	113
4.2	Firewall Rule for VPN Example ........................................................................	114
	4.2.1 Configuring the VPN Rule .......................................................................	115
	4.2.2 Configuring the Firewall Rules ................................................................	118
	4.2.2.1 Firewall Rule to Allow Access Example ........................................	119
	4.2.2.2 Default Firewall Rule to Block Other Access Example ..................	121
Chapter 5
Registration ..........................................................................................................		123
5.1 myZyXEL.com overview ...................................................................................		123
	5.1.1 Subscription Services Available on the ZyWALL ....................................	123
5.2	Registration ......................................................................................................	124
5.3	Service .............................................................................................................	126

12	Table of Contents

		ZyWALL 5/35/70 Series User’s Guide
Chapter 6
LAN Screens.........................................................................................................		129
6.1 LAN, WAN and the ZyWALL ............................................................................		129
6.2	IP Address and Subnet Mask ...........................................................................	129
	6.2.1 Private IP Addresses ..............................................................................	130
6.3 DHCP ...............................................................................................................		131
	6.3.1 IP Pool Setup ..........................................................................................	131
6.4	RIP Setup .........................................................................................................	131
6.5	Multicast ...........................................................................................................	131
6.6 WINS ................................................................................................................		132
6.7	LAN ..................................................................................................................	132
6.8	LAN Static DHCP .............................................................................................	135
6.9	LAN IP Alias ...................................................................................................	136
6.10 LAN Port Roles ..............................................................................................		139
Chapter 7
Bridge Screens.....................................................................................................		141
7.1	Bridge Loop ......................................................................................................	141
7.2	Spanning Tree Protocol (STP) .........................................................................	142
	7.2.1 Rapid STP ..............................................................................................	142
	7.2.2 STP Terminology ....................................................................................	142
	7.2.3 How STP Works .....................................................................................	142
	7.2.4 STP Port States ......................................................................................	143
7.3	Bridge ...............................................................................................................	143
7.4	Bridge Port Roles ............................................................................................	145
Chapter 8
WAN Screens........................................................................................................		147
8.1	WAN Overview .................................................................................................	147
8.2	Multiple WAN ....................................................................................................	147
8.3	Load Balancing Introduction .............................................................................	148
8.4	Load Balancing Algorithms ..............................................................................	148
	8.4.1 Least Load First ......................................................................................	148
	8.4.1.1 Example 1 .....................................................................................	149
	8.4.1.2 Example 2 .....................................................................................	149
	8.4.2 Weighted Round Robin ...........................................................................	150
	8.4.3 Spillover ..................................................................................................	150
8.5	TCP/IP Priority (Metric) ....................................................................................	151
8.6	WAN General ...................................................................................................	151
8.7	Configuring Load Balancing .............................................................................	155
	8.7.1 Least Load First ......................................................................................	155
	8.7.2 Weighted Round Robin ...........................................................................	156
	8.7.3 Spillover ..................................................................................................	157

Table of Contents

13

ZyWALL 5/35/70 Series User’s Guide

8.8 WAN Route ......................................................................................................		157
8.9 WAN IP Address Assignment ...........................................................................		159
8.10	DNS Server Address Assignment ................................................................	159
8.11 WAN MAC Address ........................................................................................		160
8.12 WAN .............................................................................................................		160
8.12.1 WAN Ethernet Encapsulation ...............................................................		160
8.12.2 PPPoE Encapsulation ...........................................................................		163
8.12.3 PPTP Encapsulation .............................................................................		166
8.13	Traffic Redirect ..........................................................................................	170
8.14	Configuring Traffic Redirect ............................................................................	170
8.15	Configuring Dial Backup .................................................................................	171
8.16 Advanced Modem Setup ..............................................................................		175
8.16.1 AT Command Strings ............................................................................		175
8.16.2 DTR Signal ...........................................................................................		175
8.16.3 Response Strings ..................................................................................		175
8.17	Configuring Advanced Modem Setup ............................................................	175
Chapter 9
DMZ Screens ........................................................................................................		179
9.1 DMZ ...............................................................................................................		179
9.2 Configuring DMZ ..............................................................................................		179
9.3 DMZ Static DHCP ..........................................................................................		182
9.4 DMZ IP Alias ..................................................................................................		183
9.5 DMZ Public IP Address Example .....................................................................		185
9.6 DMZ Private and Public IP Address Example ..................................................		186
9.7 DMZ Port Roles ..............................................................................................		187
Chapter 10
Wireless LAN ........................................................................................................		189
10.1	Wireless LAN Introduction ..............................................................................	189
10.1.1 Additional Installation Requirements for Using 802.1x .........................		189
10.2	Configuring WLAN .......................................................................................	189
10.3 WLAN Static DHCP ......................................................................................		192
10.4	WLAN IP Alias ..............................................................................................	193
10.5	WLAN Port Roles ..........................................................................................	195
10.6	Wireless Security ...........................................................................................	197
10.6.1 Encryption .............................................................................................		198
10.6.2 Authentication .......................................................................................		198
10.6.3 Restricted Access .................................................................................		199
10.6.4 Hide ZyWALL Identity ...........................................................................		199
10.7	Security Parameters Summary ......................................................................	199
10.8	WEP Encryption .............................................................................................	199
10.9	802.1x Overview ............................................................................................	200

14	Table of Contents

		ZyWALL 5/35/70 Series User’s Guide
10.9.1 Introduction to RADIUS ........................................................................		200
	10.9.1.1 Types of RADIUS Messages .......................................................	200
10.9.2 EAP Authentication Overview ...............................................................		201
10.10 Dynamic WEP Key Exchange ......................................................................		202
10.11 Introduction to WPA ......................................................................................		202
10.11.1 User Authentication .............................................................................		202
10.11.2 Encryption ...........................................................................................		202
10.12 WPA-PSK Application Example ...................................................................		203
10.13 Introduction to RADIUS ................................................................................		204
10.14 WPA with RADIUS Application Example ......................................................		204
10.15 Wireless Client WPA Supplicants .................................................................		205
10.16 Wireless Card .............................................................................................		205
10.16.1 Static WEP ..........................................................................................		207
10.16.2 WPA-PSK ...........................................................................................		208
10.16.3 WPA ....................................................................................................		210
10.16.4 IEEE 802.1x + Dynamic WEP ............................................................		211
10.16.5 IEEE 802.1x + Static WEP ..................................................................		212
10.16.6 IEEE 802.1x + No WEP ......................................................................		214
10.16.7 No Access 802.1x + Static WEP .........................................................		215
10.16.8 No Access 802.1x + No WEP .............................................................		216
10.17 MAC Filter ...................................................................................................		217
Chapter 11
Firewall..................................................................................................................		219
11.1	Firewall Overview ..........................................................................................	219
11.2	Packet Direction Matrix ..................................................................................	220
11.3	Packet Direction Examples ............................................................................	221
11.3.1 To VPN Packet Direction .......................................................................		222
11.3.2 From VPN Packet Direction ..................................................................		224
11.3.3 From VPN To VPN Packet Direction .....................................................		225
11.4	Security Considerations .................................................................................	226
11.5	Firewall Rules Example ..................................................................................	227
11.6	Asymmetrical Routes .....................................................................................	229
11.6.1 Asymmetrical Routes and IP Alias ........................................................		229
11.7	Firewall Default Rule (Router Mode) ..............................................................	230
11.8	Firewall Default Rule (Bridge Mode) ............................................................	232
11.9	Firewall Rule Summary .................................................................................	234
11.9.1 Firewall Edit Rule ..............................................................................		235
11.10 Anti-Probing ..............................................................................................		238
11.11 Firewall Thresholds ....................................................................................		239
11.11.1 Threshold Values .................................................................................		240
11.12 Threshold Screen .........................................................................................		240
11.13 Service ........................................................................................................		242

Table of Contents

15

ZyWALL 5/35/70 Series User’s Guide

11.13.1 Firewall Edit Custom Service ..............................................................	244
11.14 My Service Firewall Rule Example ...............................................................	245
Chapter 12
Intrusion Detection and Prevention (IDP) ..........................................................	251
12.1 Introduction to IDP ....................................................................................	251
12.1.1 Firewalls and Intrusions ........................................................................	251
12.1.2 IDS and IDP .........................................................................................	252
12.1.3 Host IDP ..............................................................................................	252
12.1.4 Network IDP .........................................................................................	252
12.1.5 Example Intrusions ...............................................................................	253
12.1.5.1 SQL Slammer Worm ...................................................................	253
12.1.5.2 Blaster W32.Worm ......................................................................	253
12.1.5.3 Nimda ..........................................................................................	253
12.1.5.4 MyDoom ......................................................................................	254
12.1.6 ZyWALL IDP .........................................................................................	254
Chapter 13
Configuring IDP....................................................................................................	255
13.1 Overview ........................................................................................................	255
13.1.1 Interfaces ..............................................................................................	255
13.2 General Setup ................................................................................................	256
13.3 IDP Signatures ...............................................................................................	257
13.3.1 Attack Types .........................................................................................	257
13.3.2 Intrusion Severity ..................................................................................	259
13.3.3 Signature Actions ..................................................................................	259
13.3.4 Configuring IDP Signatures ..................................................................	260
13.3.5 Query View ...........................................................................................	262
13.3.5.1 Query Example 1 ........................................................................	265
13.3.5.2 Query Example 2 ........................................................................	266
13.4 Update ...........................................................................................................	267
13.4.1 mySecurityZone ....................................................................................	267
13.4.2 Configuring IDP Update ........................................................................	268
13.5 Backup and Restore .......................................................................................	269
Chapter 14
Anti-Virus ..............................................................................................................	271
14.1 Anti-Virus Overview .......................................................................................	271
14.1.1 Types of Computer Viruses .................................................................	271
14.1.2 Computer Virus Infection and Prevention .............................................	271
14.1.3 Types of Anti-Virus Scanner ................................................................	272
14.2 Introduction to the ZyWALL Anti-Virus Scanner .............................................	272
14.2.1 How the ZyWALL Anti-Virus Scanner Works .......................................	273

16	Table of Contents

	ZyWALL 5/35/70 Series User’s Guide
14.2.2 Notes About the ZyWALL Anti-Virus .....................................................	273
14.3	274
14.4	276
14.4.1 Signature Search Example ...................................................................	278
14.5	281
14.5.1 mySecurityZone ....................................................................................	281
14.5.2 Configuring Anti-virus Update ..............................................................	281
14.6	283
Chapter 15
Anti-Spam	285
15.1	285
15.1.1 ...............................................................Anti-Spam External Database	285
........................................................................	286
...................................................................	286
..................................................................	286
.....................................................................	287
15.1.2 ....................................................................................Spam Threshold	287
15.1.3 ................................................................................................Phishing	287
15.1.4 ................................................................................................Whitelist	288
15.1.5 .................................................................................................Blacklist	288
15.1.6 ..................................................................................SMTP and POP3	288
15.1.7 ......................................................................................MIME Headers	289
15.2 ............................................................................	289
15.3 .................................................................	292
15.4 .................................................................................	294
15.5 .........................................................................	296
Chapter 16
Content Filtering ...................................................................................Screens	299
16.1 .............................................................................	299
16.1.1 ..........................................................................Restrict Web Features	299
16.1.2 ................................................................................Create a Filter List	299
16.1.3 ................................................................Customize Web Site Access	299
16.2 .....................................................................	299
16.3 ..................................................	302
16.4 ............................................................................	303
16.5 .......................................................................	310
16.6 ..............................................	312
16.6.1 ........................................Domain Name or IP Address URL Checking	312
16.6.2 .......................................................................Full Path URL Checking	312
16.6.3 .....................................................................File Name URL Checking	312
16.7 ...............................................................................	313

Table of Contents

17

ZyWALL 5/35/70 Series User’s Guide

Chapter 17
Content Filtering Reports ....................................................................................		315
17.1	Checking Content Filtering Activation ............................................................	315
17.2	Viewing Content Filtering Reports ..................................................................	315
17.3	Web Site Submission .....................................................................................	320
Chapter 18
IPSec VPN	.............................................................................................................	323
18.1	IPSec VPN Overview ...................................................................................	323
18.1.1 ..................................................................................IKE SA Overview		324
...........	18.1.1.1 IP Addresses of the ZyWALL and Remote IPSec Router	324
18.2 ............................................................................................	VPN Rules (IKE)	325
18.3 ................................................................................................	IKE SA Setup	327
18.3.1 ...................................................................................IKE SA Proposal		327
.............................................	18.3.1.1 Diffie - Hellman (DH) Key Exchange	328
.............................................................................	18.3.1.2 Authentication	328
.............................................................	18.3.1.3 Extended Authentication	330
........................................................................	18.3.1.4 Negotiation Mode	330
.....................................................	18.3.1.5 VPN, NAT, and NAT Traversal	331
18.4 .........................................................................	Additional IPSec VPN Topics	332
18.4.1 .........................................................................................SA Life Time		332
18.4.2 ..........................................................................IPSec High Availability		332
18.4.3 ............................................Encryption and Authentication Algorithms		333
18.5 ...........................................................	VPN Rules (IKE) Gateway Policy Edit	334
18.6 ....................................................................................	IPSec SA Overview	340
...........................................	18.6.0.1 Local Network and Remote Network	340
............................................................................	18.6.0.2 Active Protocol	340
..............................................................................	18.6.0.3 Encapsulation	341
......................	18.6.0.4 IPSec SA Proposal and Perfect Forward Secrecy	341
18.7 ..........................................................	VPN Rules (IKE): Network Policy Edit	342
18.8 .......................................................	VPN Rules (IKE): Network Policy Move	346
18.9 ....................................................................	IPSec SA Using Manual Keys	348
18.9.1 ...............................................IPSec SA Proposal Using Manual Keys		348
18.9.2 .......................Authentication and the Security Parameter Index (SPI)		348
18.10 ....................................................................................VPN Rules (Manual)		348
18.11 .........................................................................VPN Rules (Manual): Edit		350
18.12 .........................................................................................VPN SA Monitor		353
18.13 .....................................................................................VPN Global Setting		354
18.14 ...........................................................Telecommuter VPN/IPSec Examples		355
18.14.1 ..............................Telecommuters Sharing One VPN Rule Example		355
18.14.2 ...........................Telecommuters Using Unique VPN Rules Example		356
18.15 ...................................................................VPN and Remote Management		358
18.16 ....................................................................................Hub-and-spoke VPN		358

18	Table of Contents

	ZyWALL 5/35/70 Series User’s Guide
18.16.1 Hub-and-spoke VPN Example ............................................................		359
18.16.2 Hub-and-spoke Example VPN Rule Addresses .................................		360
18.16.3 Hub-and-spoke VPN Requirements and Suggestions ........................		361
Chapter 19
Certificates............................................................................................................		363
19.1	Certificates Overview .....................................................................................	363
19.1.1 Advantages of Certificates ....................................................................		364
19.2	Self-signed Certificates ..................................................................................	364
19.3	Verifying a Certificate .....................................................................................	364
19.3.1 Checking the Fingerprint of a Certificate on Your Computer ................		364
19.4	Configuration Summary .................................................................................	365
19.5	My Certificates ..............................................................................................	366
19.6	My Certificate Details ...................................................................................	368
19.7	My Certificate Export .....................................................................................	370
19.7.1 Certificate File Export Formats .............................................................		370
19.8	My Certificate Import ....................................................................................	371
19.8.1 Certificate File Formats .........................................................................		372
19.9	My Certificate Create ...................................................................................	374
19.10 Trusted CAs ...............................................................................................		376
19.11 Trusted CA Details ......................................................................................		378
19.12 Trusted CA Import ......................................................................................		381
19.13 Trusted Remote Hosts ...............................................................................		382
19.14 Trusted Remote Hosts Import ....................................................................		384
19.15 Trusted Remote Host Certificate Details ....................................................		385
19.16 Directory Servers ........................................................................................		388
19.17 Directory Server Add or Edit ......................................................................		389
Chapter 20
Authentication Server..........................................................................................		391
20.1	Authentication Server Overview .....................................................................	391
20.1.1 Local User Database ............................................................................		391
20.1.2 RADIUS ................................................................................................		391
20.2	Local User Database ....................................................................................	391
20.3 RADIUS ........................................................................................................		393
Chapter 21
Network Address Translation (NAT) ...................................................................		395
21.1	NAT Overview ..............................................................................................	395
21.1.1 NAT Definitions .....................................................................................		395
21.1.2 What NAT Does ....................................................................................		396
21.1.3 How NAT Works ...................................................................................		396
21.1.4 NAT Application ....................................................................................		397

Table of Contents

19

ZyWALL 5/35/70 Series User’s Guide

21.1.5 Port Restricted Cone NAT ....................................................................		398
21.1.6 NAT Mapping Types .............................................................................		398
21.2	Using NAT ......................................................................................................	399
21.2.1 SUA (Single User Account) Versus NAT ..............................................		399
21.3	NAT Overview Screen ....................................................................................	400
21.4	NAT Address Mapping .................................................................................	401
21.4.1 NAT Address Mapping Edit ..................................................................		403
21.5	Port Forwarding .............................................................................................	404
21.5.1 Default Server IP Address ....................................................................		405
21.5.2 Port Forwarding: Services and Port Numbers ......................................		405
21.5.3 Configuring Servers Behind Port Forwarding (Example) ......................		405
21.5.4 NAT and Multiple WAN .........................................................................		406
21.5.5 Port Translation ....................................................................................		406
21.6	Port Forwarding Screen .................................................................................	407
21.7	Port Triggering ..............................................................................................	409
Chapter 22
Static Route ..........................................................................................................		413
22.1	IP Static Route ............................................................................................	413
22.2	IP Static Route ...............................................................................................	413
22.2.1 IP Static Route Edit ..............................................................................		415
Chapter 23
Policy Route .........................................................................................................		417
23.1	Policy Route ..................................................................................................	417
23.2	Benefits ..........................................................................................................	417
23.3	Routing Policy ................................................................................................	417
23.4	IP Routing Policy Setup .................................................................................	418
23.5	Policy Route Edit ...........................................................................................	419
Chapter 24
Bandwidth Management ......................................................................................		423
24.1	Bandwidth Management Overview ...............................................................	423
24.2	Bandwidth Classes and Filters .......................................................................	423
24.3	Proportional Bandwidth Allocation .................................................................	424
24.4	Application-based Bandwidth Management ...................................................	424
24.5	Subnet-based Bandwidth Management .........................................................	424
24.6	Application and Subnet-based Bandwidth Management ...............................	425
24.7	Scheduler .......................................................................................................	425
24.7.1 Priority-based Scheduler ......................................................................		425
24.7.2 Fairness-based Scheduler ....................................................................		425
24.7.3 Maximize Bandwidth Usage .................................................................		425
24.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................		426

20	Table of Contents

ZyWALL 5/35/70 Series User’s Guide

24.7.5 Maximize Bandwidth Usage Example ..................................................

426

24.7.5.1Priority-based Allotment of Unused and Unbudgeted Bandwidth 427

24.7.5.2Fairness-based Allotment of Unused and Unbudgeted Bandwidth ...

427

24.8	Bandwidth Borrowing .....................................................................................	428
24.8.1 Bandwidth Borrowing Example .............................................................		428
24.9	Maximize Bandwidth Usage With Bandwidth Borrowing ................................	429
24.10 Over Allotment of Bandwidth ........................................................................		429
24.11 Configuring Summary ...................................................................................		430
24.12 Configuring Class Setup ............................................................................		431
24.12.1 Bandwidth Manager Class Configuration ..........................................		433
24.12.2 Bandwidth Management Statistics ...................................................		436
24.13 Bandwidth Manager Monitor ......................................................................		437
Chapter 25
DNS........................................................................................................................		439
25.1	DNS Overview ..............................................................................................	439
25.2	DNS Server Address Assignment ..................................................................	439
25.3	DNS Servers ..................................................................................................	439
25.4	Address Record .............................................................................................	440
25.4.1 DNS Wildcard .......................................................................................		440
25.5	Name Server Record .....................................................................................	440
25.5.1 Private DNS Server ..............................................................................		440
25.6	System Screen ...............................................................................................	441
25.6.1 Adding an Address Record ..................................................................		442
25.6.2 Inserting a Name Server Record .........................................................		443
25.7 DNS Cache ..................................................................................................		445
25.8	Configure DNS Cache ....................................................................................	445
25.9	Configuring DNS DHCP ...............................................................................	446
25.10 Dynamic DNS .............................................................................................		448
25.10.1 DYNDNS Wildcard ..............................................................................		448
25.10.2 High Availability ..................................................................................		448
25.11 Configuring Dynamic DNS ...........................................................................		448
Chapter 26
Remote Management ...........................................................................................		451
26.1	Remote Management Overview .....................................................................	451
26.1.1 Remote Management Limitations .........................................................		451
26.1.2 System Timeout ....................................................................................		452
26.2 WWW (HTTP and HTTPS) ...........................................................................		452
26.3 WWW .............................................................................................................		453
26.4 HTTPS Example ............................................................................................		455
26.4.1 Internet Explorer Warning Messages ...................................................		455

Table of Contents

21

ZyWALL 5/35/70 Series User’s Guide

26.4.2 Netscape Navigator Warning Messages ...............................................		456
26.4.3 Avoiding the Browser Warning Messages ............................................		457
26.4.4 Login Screen .........................................................................................		457
26.5	SSH .............................................................................................................	459
26.6 How SSH Works ............................................................................................		460
26.7	SSH Implementation on the ZyWALL .............................................................	461
26.7.1 Requirements for Using SSH ................................................................		461
26.8	Configuring SSH ............................................................................................	461
26.9	Secure Telnet Using SSH Examples ..............................................................	462
26.9.1 Example 1: Microsoft Windows .............................................................		462
26.9.2 Example 2: Linux ..................................................................................		463
26.10 Secure FTP Using SSH Example ................................................................		464
26.11 Telnet ..........................................................................................................		465
26.12 Configuring TELNET ....................................................................................		465
26.13 FTP ............................................................................................................		466
26.14 SNMP .........................................................................................................		467
26.14.1 Supported MIBs .................................................................................		469
26.14.2 SNMP Traps .......................................................................................		469
26.14.3 REMOTE MANAGEMENT: SNMP ......................................................		469
26.15 DNS ............................................................................................................		471
26.16 Introducing Vantage CNM ...........................................................................		471
26.17 Configuring CNM ..........................................................................................		472
Chapter 27
UPnP......................................................................................................................		475
27.1	Universal Plug and Play Overview ...............................................................	475
27.1.1 How Do I Know If I'm Using UPnP? ......................................................		475
27.1.2 NAT Traversal .......................................................................................		475
27.1.3 Cautions with UPnP ..............................................................................		475
27.1.4 UPnP and ZyXEL ..................................................................................		476
27.2	Configuring UPnP ..........................................................................................	476
27.3	Displaying UPnP Port Mapping ...................................................................	477
27.4	Installing UPnP in Windows Example ............................................................	478
27.4.1 Installing UPnP in Windows Me ............................................................		479
27.4.2 Installing UPnP in Windows XP ............................................................		480
27.5	Using UPnP in Windows XP Example ...........................................................	480
27.5.1 Auto-discover Your UPnP-enabled Network Device .............................		481
27.5.2 Web Configurator Easy Access ............................................................		482
Chapter 28
ALG Screen...........................................................................................................		485
28.1	ALG Introduction ...........................................................................................	485
28.1.1 ALG and NAT ........................................................................................		485

22	Table of Contents

	ZyWALL 5/35/70 Series User’s Guide
28.1.2 ALG and the Firewall ............................................................................		485
28.1.3 ALG and Multiple WAN .........................................................................		485
28.2	FTP ................................................................................................................	486
28.3	H.323 ..............................................................................................................	486
28.4 RTP ................................................................................................................		486
28.4.1 H.323 ALG Details ................................................................................		486
28.5	SIP .................................................................................................................	488
28.5.1 STUN ....................................................................................................		488
28.5.2 SIP ALG Details ....................................................................................		488
28.5.3 SIP Signaling Session Timeout ............................................................		489
28.5.4 SIP Audio Session Timeout ..................................................................		489
28.6	ALG Screen ....................................................................................................	489
Chapter 29
Reports..................................................................................................................		491
29.1	Configuring Reports .......................................................................................	491
29.2	System Reports Screen ................................................................................	491
29.2.1 Viewing Web Site Hits ...........................................................................		493
29.2.2 Viewing Host IP Address ......................................................................		494
29.2.3 Viewing Protocol/Port ...........................................................................		495
29.2.4 System Reports Specifications .............................................................		496
29.3	IDP Threat Reports Screen ..........................................................................	496
29.4	Anti-Virus Threat Reports Screen ...............................................................	498
29.5	Anti-Spam Threat Reports Screen ................................................................	500
Chapter 30
Logs Screens........................................................................................................		503
30.1	Configuring View Log ....................................................................................	503
30.2	Log Description Example ...............................................................................	504
30.2.1 About the Certificate Not Trusted Log ..................................................		505
30.3	Configuring Log Settings ...............................................................................	506
30.3.1 Log Descriptions ...................................................................................		509
30.4	Syslog Logs ....................................................................................................	529
Chapter 31
Maintenance .........................................................................................................		531
31.1	Maintenance Overview ...................................................................................	531
31.2	General Setup and System Name .................................................................	531
31.2.1 General Setup .......................................................................................		531
31.3	Configuring Password ...................................................................................	532
31.4	Time and Date ...............................................................................................	533
31.5	Pre-defined NTP Time Server Pools ..............................................................	536
31.5.1 Resetting the Time ................................................................................		536

Table of Contents

23

ZyWALL 5/35/70 Series User’s Guide

31.5.2 Time Server Synchronization ................................................................		536
31.6	Introduction To Transparent Bridging .............................................................	537
31.7	Transparent Firewalls .....................................................................................	538
31.8	Configuring Device Mode (Router) ................................................................	539
31.9	Configuring Device Mode (Bridge) ................................................................	540
31.10 F/W Upload Screen .....................................................................................		542
31.11 Backup and Restore ....................................................................................		544
31.11.1 Backup Configuration ..........................................................................		544
31.11.2 Restore Configuration .........................................................................		545
31.11.3 Back to Factory Defaults ....................................................................		546
31.12 Restart Screen ............................................................................................		546
Chapter 32
Introducing the SMT ............................................................................................		549
32.1	Introduction to the SMT ..................................................................................	549
32.2	Accessing the SMT via the Console Port .......................................................	549
32.2.1 Initial Screen .........................................................................................		549
32.2.2 Entering the Password ..........................................................................		550
32.3	Navigating the SMT Interface .........................................................................	550
32.3.1 Main Menu ............................................................................................		551
32.3.2 SMT Menus Overview ..........................................................................		553
32.4	Changing the System Password ....................................................................	555
32.5	Resetting the ZyWALL ...................................................................................	556
Chapter 33
SMT Menu 1 - General Setup...............................................................................		557
33.1	Introduction to General Setup ........................................................................	557
33.2	Configuring General Setup .............................................................................	557
33.2.1 Configuring Dynamic DNS ....................................................................		559
	33.2.1.1 Editing DDNS Host ......................................................................	559
Chapter 34
WAN and Dial Backup Setup...............................................................................		563
34.1	Introduction to WAN and Dial Backup Setup ..................................................	563
34.2 WAN Setup .....................................................................................................		563
34.3	Dial Backup ....................................................................................................	564
34.4	Configuring Dial Backup in Menu 2 ................................................................	564
34.5 Advanced WAN Setup ....................................................................................		565
34.6	Remote Node Profile (Backup ISP) ................................................................	567
34.7	Editing PPP Options .......................................................................................	569
34.8	Editing TCP/IP Options ..................................................................................	570
34.9	Editing Login Script ........................................................................................	572
34.10 Remote Node Filter ......................................................................................		574

24	Table of Contents

		ZyWALL 5/35/70 Series User’s Guide
Chapter 35
LAN Setup.............................................................................................................		575
35.1	Introduction to LAN Setup ..............................................................................	575
35.2	Accessing the LAN Menus .............................................................................	575
35.3	LAN Port Filter Setup .....................................................................................	575
35.4	TCP/IP and DHCP Ethernet Setup Menu ......................................................	576
35.4.1 IP Alias Setup .......................................................................................		579
Chapter 36
Internet Access ....................................................................................................		581
36.1	Introduction to Internet Access Setup ............................................................	581
36.2	Ethernet Encapsulation ..................................................................................	581
36.3	Configuring the PPTP Client ..........................................................................	583
36.4	Configuring the PPPoE Client ........................................................................	583
36.5	Basic Setup Complete ....................................................................................	584
Chapter 37
DMZ Setup	............................................................................................................	585
37.1	Configuring DMZ Setup ..................................................................................	585
37.2	DMZ Port Filter Setup ....................................................................................	585
37.3	TCP/IP Setup .................................................................................................	585
37.3.1 IP Address ............................................................................................		586
37.3.2 IP Alias Setup .......................................................................................		587
Chapter 38
Route Setup ..........................................................................................................		589
38.1	Configuring Route Setup ................................................................................	589
38.2	Route Assessment .........................................................................................	589
38.3	Traffic Redirect ...............................................................................................	590
38.4	Route Failover ................................................................................................	591
Chapter 39
Wireless Setup .....................................................................................................		593
39.1	Wireless LAN Setup .......................................................................................	593
39.1.1 MAC Address Filter Setup ....................................................................		595
39.2	TCP/IP Setup .................................................................................................	596
39.2.1 IP Address ............................................................................................		596
39.2.2 IP Alias Setup .......................................................................................		597
Chapter 40
Remote Node Setup .............................................................................................		599
40.1	Introduction to Remote Node Setup ...............................................................	599
40.2	Remote Node Setup .......................................................................................	599

Table of Contents

25

ZyWALL 5/35/70 Series User’s Guide

40.3	Remote Node Profile Setup ...........................................................................	600
40.3.1 Ethernet Encapsulation .........................................................................		600
40.3.2 PPPoE Encapsulation ...........................................................................		602
	40.3.2.1 Outgoing Authentication Protocol ................................................	602
	40.3.2.2 Nailed-Up Connection .................................................................	602
	40.3.2.3 Metric ..........................................................................................	603
40.3.3 PPTP Encapsulation .............................................................................		603
40.4	Edit IP .............................................................................................................	604
40.5	Remote Node Filter ........................................................................................	606
40.6	Traffic Redirect ...............................................................................................	607
Chapter 41
IP Static Route Setup ...........................................................................................		609
41.1	IP Static Route Setup .....................................................................................	609
Chapter 42
Network Address Translation (NAT) ...................................................................		611
42.1	Using NAT ......................................................................................................	611
42.1.1 SUA (Single User Account) Versus NAT ..............................................		611
42.1.2 Applying NAT ........................................................................................		611
42.2	NAT Setup ......................................................................................................	613
42.2.1 Address Mapping Sets ..........................................................................		614
	42.2.1.1 SUA Address Mapping Set .........................................................	614
	42.2.1.2 User-Defined Address Mapping Sets ..........................................	615
	42.2.1.3 Ordering Your Rules ....................................................................	616
42.3	Configuring a Server behind NAT ..................................................................	618
42.4	General NAT Examples ..................................................................................	621
42.4.1 Internet Access Only .............................................................................		621
42.4.2 Example 2: Internet Access with a Default Server ................................		623
42.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............		623
42.4.4 Example 4: NAT Unfriendly Application Programs ...............................		627
42.5	Trigger Port Forwarding .................................................................................	628
42.5.1 Two Points To Remember About Trigger Ports .....................................		628
Chapter 43
Introducing the ZyWALL Firewall .......................................................................		631
43.1 Using ZyWALL SMT Menus ...........................................................................		631
43.1.1 Activating the Firewall ...........................................................................		631
Chapter 44
Filter Configuration..............................................................................................		633
44.1	Introduction to Filters ......................................................................................	633
44.1.1 The Filter Structure of the ZyWALL ......................................................		634

26	Table of Contents

	ZyWALL 5/35/70 Series User’s Guide
44.2	Configuring a Filter Set ..................................................................................	636
44.2.1 Configuring a Filter Rule .......................................................................		637
44.2.2 Configuring a TCP/IP Filter Rule ..........................................................		638
44.2.3 Configuring a Generic Filter Rule .........................................................		640
44.3	Example Filter ................................................................................................	642
44.4	Filter Types and NAT ......................................................................................	644
44.5	Firewall Versus Filters ....................................................................................	644
44.5.1 Packet Filtering: ....................................................................................		645
	44.5.1.1 When To Use Filtering .................................................................	645
44.5.2 Firewall .................................................................................................		645
	44.5.2.1 When To Use The Firewall ..........................................................	645
44.6	Applying a Filter ............................................................................................	646
44.6.1 Applying LAN Filters .............................................................................		646
44.6.2 Applying DMZ Filters ............................................................................		646
44.6.3 Applying Remote Node Filters ..............................................................		647
Chapter 45
SNMP Configuration ............................................................................................		649
45.1	SNMP Configuration ......................................................................................	649
45.2 SNMP Traps ...................................................................................................		650
Chapter 46
System Information & Diagnosis........................................................................		651
46.1	Introduction to System Status ........................................................................	651
46.2	System Status ................................................................................................	651
46.3	System Information and Console Port Speed ................................................	653
46.3.1 System Information ...............................................................................		653
46.3.2 Console Port Speed ..............................................................................		654
46.4	Log and Trace ................................................................................................	655
46.4.1 Viewing Error Log .................................................................................		655
46.4.2 Syslog Logging .....................................................................................		656
46.4.3 Call-Triggering Packet ..........................................................................		659
46.5	Diagnostic ......................................................................................................	659
46.5.1 WAN DHCP ..........................................................................................		660
Chapter 47
Firmware and Configuration File Maintenance .................................................		663
47.1	Introduction ....................................................................................................	663
47.2	Filename Conventions ...................................................................................	663
47.3	Backup Configuration .....................................................................................	664
47.3.1 Backup Configuration ...........................................................................		664
47.3.2 Using the FTP Command from the Command Line ..............................		665
47.3.3 Example of FTP Commands from the Command Line .........................		666

Table of Contents

27

ZyWALL 5/35/70 Series User’s Guide

47.3.4 GUI-based FTP Clients .........................................................................	666
47.3.5 File Maintenance Over WAN ................................................................	666
47.3.6 Backup Configuration Using TFTP .......................................................	667
47.3.7 TFTP Command Example ....................................................................	667
47.3.8 GUI-based TFTP Clients ......................................................................	668
47.3.9 Backup Via Console Port ......................................................................	668
47.4 Restore Configuration ....................................................................................	669
47.4.1 Restore Using FTP ...............................................................................	669
47.4.2 Restore Using FTP Session Example ..................................................	671
47.4.3 Restore Via Console Port .....................................................................	671
47.5 Uploading Firmware and Configuration Files .................................................	672
47.5.1 Firmware File Upload ............................................................................	672
47.5.2 Configuration File Upload .....................................................................	673
47.5.3 FTP File Upload Command from the DOS Prompt Example ................	674
47.5.4 FTP Session Example of Firmware File Upload ...................................	674
47.5.5 TFTP File Upload ..................................................................................	674
47.5.6 TFTP Upload Command Example ........................................................	675
47.5.7 Uploading Via Console Port ..................................................................	675
47.5.8 Uploading Firmware File Via Console Port ...........................................	675
47.5.9 Example Xmodem Firmware Upload Using HyperTerminal ..................	676
47.5.10 Uploading Configuration File Via Console Port ..................................	676
47.5.11 Example Xmodem Configuration Upload Using HyperTerminal .........	677
Chapter 48
System Maintenance Menus 8 to 10...................................................................	679
48.1 Command Interpreter Mode ...........................................................................	679
48.1.1 Command Syntax .................................................................................	679
48.1.2 Command Usage ..................................................................................	680
48.2 Call Control Support .......................................................................................	681
48.2.1 Budget Management ............................................................................	681
48.2.2 Call History ...........................................................................................	682
48.3 Time and Date Setting ....................................................................................	683
Chapter 49
Remote Management ...........................................................................................	687
49.1 Remote Management .....................................................................................	687
49.1.1 Remote Management Limitations .........................................................	689
Chapter 50
IP Policy Routing..................................................................................................	691
50.1 IP Routing Policy Summary ...........................................................................	691
50.2 IP Routing Policy Setup .................................................................................	692
50.2.1 Applying Policy to Packets ....................................................................	694

28	Table of Contents

	ZyWALL 5/35/70 Series User’s Guide
50.3	IP Policy Routing Example .............................................................................	695
Chapter 51
Call Scheduling ....................................................................................................		699
51.1	Introduction to Call Scheduling ......................................................................	699
Chapter 52
Troubleshooting ...................................................................................................		703
52.1	Problems Starting Up the ZyWALL .................................................................	703
52.2	Problems with the LAN Interface ....................................................................	703
52.3	Problems with the DMZ Interface ...................................................................	704
52.4	Problems with the WAN Interface ..................................................................	704
52.5	Problems Accessing the ZyWALL ..................................................................	705
52.5.1 Pop-up Windows, JavaScripts and Java Permissions ..........................		705
	52.5.1.1 Internet Explorer Pop-up Blockers ..............................................	706
	52.5.1.2 JavaScripts ..................................................................................	709
	52.5.1.3 Java Permissions ........................................................................	711
52.6	Packet Flow ....................................................................................................	713
Appendix A
Product Specifications ........................................................................................		715
Appendix B
Hardware Installation...........................................................................................		723
Appendix C
Removing and Installing a Fuse ........................................................................		727
Appendix D
Setting up Your Computer’s IP Address............................................................		729
Appendix E
IP Addresses and Subnetting .............................................................................		745
Appendix F
Common Services...............................................................................................		753
Appendix G
Wireless LANs ......................................................................................................		757
Appendix H
Windows 98 SE/Me Requirements for Anti-Virus Message Display................		771
Appendix I
VPN Setup	.............................................................................................................	775
Appendix J

Table of Contents

29

ZyWALL 5/35/70 Series User’s Guide

Importing Certificates ..........................................................................................	787
Appendix K
Command Interpreter...........................................................................................	799
Appendix L
Firewall Commands .............................................................................................	807
Appendix M
NetBIOS Filter Commands ..................................................................................	813
Appendix N
Certificates Commands .......................................................................................	817
Appendix O
Brute-Force Password Guessing Protection.....................................................	821
Appendix P
Boot Commands ..................................................................................................	823
Index......................................................................................................................	825

30	Table of Contents