ZyXEL IDP 10 User Manual

ZyWALL IDP 10

Intrusion Detection Prevention Appliance

User’s Guide

Version 1 July 2004

ZyWALL IDP10 User’s Guide

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.

This publication is subject to change without notice.

Trademarks

Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

ii Copyright

ZyWALL IDP10 User’s Guide

Federal Communications Commission (FCC)

Interference Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

This device may not cause harmful interference.

This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a CLASS B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

Reorient or relocate the receiving antenna.

Increase the separation between the equipment and the receiver.

Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Certifications

1. Go to www.zyxel.com.

2. Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.

3. Select the certification you wish to view from this page.

FCC Statement iii

ZyWALL IDP10 User’s Guide

Information for Canadian Users

The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction.

Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. In some cases, the company's inside wiring associated with a single line individual service may be extended by means of a certified connector assembly. The customer should be aware that the compliance with the above conditions may not prevent degradation of service in some situations.

Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.

For their own protection, users should ensure that the electrical ground connections of the power utility, telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.

Caution

Users should not attempt to make such connections themselves, but should contact the appropriate electrical inspection authority, or electrician, as appropriate.

Note

This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus set out in the radio interference regulations of Industry Canada.

iv Information for Canadian Users

ZyWALL IDP10 User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

NOTE

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an outdated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Online Registration

www.zyxel.com

for global products, or at www.us.zyxel.com for North American products.

ZyXEL Limited Warranty v

ZyWALL IDP10 User’s Guide

Customer Support

When you contact your customer support representative please have the following information ready:

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan

ZyXEL Communications Inc. 1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.

ZyXEL Deutschland GmbH. Adenauerstr. 20/A2 D-52146 Wuerselen Germany

1 rue des Vergers Bat. 1 / C 69760 Limonest France

Alejandro Villegas 33 1º, 28043 Madrid Spain

ZyXEL Communications A/S Columbusvej 5 2860 Soeborg Denmark

ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway

ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden

ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland

LOCATION

WORLDWIDE

AMERICA

SUPPORT E-MAIL TELEPHONE1 WEB SITE METHOD

SALES E-MAIL FAX1 FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw

support@zyxel.com +1-800-255-4101

sales@zyxel.com

support@zyxel.de +49-2405-6909-0 www.zyxel.de GERMANY

sales@zyxel.de

support@zyxel.es +34 902 195 420 SPAIN

sales@zyxel.es

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk DENMARK

sales@zyxel.dk

support@zyxel.no +47 22 80 61 80 www.zyxel.no NORWAY

sales@zyxel.no

support@zyxel.se +46 31 744 7700 www.zyxel.se SWEDEN

sales@zyxel.se

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi FINLAND

sales@zyxel.fi

+886-3-578-2439 ftp.zyxel.com

+1-714-632-0882

+1-714-632-0858 ftp.us.zyxel.com

+49-2405-6909-99

+33 (0)4 72 52 97 97 FRANCE info@zyxel.fr

+33 (0)4 72 52 19 20

+34 913 005 345

+45 39 55 07 07

+47 22 80 61 81

+46 31 744 7701

+358-9-4780 8448

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com NORTH

www.zyxel.fr ZyXEL France

www.zyxel.es

ZyXEL Communications

“+” is the (prefix) number you enter to make an international telephone call.

vi Customer Support

ZyWALL IDP10 User’s Guide

Table of Contents

Copyright......................................................................................................................................... ii

Federal Communications Commission (FCC) Interference Statement.......................................... iii

Information for Canadian Users..................................................................................................... iv

ZyXEL Limited Warranty .................................................................................................................v

Customer Support.......................................................................................................................... vi

Preface.......................................................................................................................................... xii

Getting Started ...................................................................................................................................I

Chapter 1 Introducing the ZyWALL IDP 10..................................................................................1-1

1.1 Introduction ......................................................................................................................1-1

1.2 Features ...........................................................................................................................1-2

1.3 Application Examples.......................................................................................................1-3

Chapter 2 Introducing the Web Configurator..............................................................................2-1

2.1 Web Configurator Overview.............................................................................................2-1

2.2 Accessing the ZyWALL Web Configurator.......................................................................2-1

2.3 Navigating the ZyWALL Web Configurator ......................................................................2-3

2.4 Example Configuration Settings.......................................................................................2-6

General, Interface, and Remote Management................................................................................ II

Chapter 3 General Settings...........................................................................................................3-1

3.1 Device ..............................................................................................................................3-1

3.2 Introduction to VLANs ......................................................................................................3-2

3.3 Configuring VLAN on the ZyWALL ..................................................................................3-3

Chapter 4 Interface Screens .........................................................................................................4-1

4.1 10/100M Auto-Sensing Ethernet Ports.............................................................................4-1

4.2 Configuring Link ...............................................................................................................4-1

4.3 Stealth ..............................................................................................................................4-2

4.4 Policy Check ....................................................................................................................4-3

Chapter 5 Remote Management ...................................................................................................5-1

5.1 Remote Management Overview ......................................................................................5-1

5.2 Configuring WWW ...........................................................................................................5-1

5.3 SNMP...............................................................................................................................5-2

5.4 SSH Overview..................................................................................................................5-4

5.5 SSH (Secure Shell) Configuration ...................................................................................5-5

IDP .....................................................................................................................................................III

Chapter 6 IDP Policies...................................................................................................................6-1

6.1 IDP Overview ...................................................................................................................6-1

Table of Contents vii

ZyWALL IDP10 User’s Guide

6.2 mySecurity Zone ............................................................................................................. 6-1

6.3 Signature Categories ...................................................................................................... 6-2

6.4 Configuring Pre-defined Policies................................................................................... 6-13

6.5 Update........................................................................................................................... 6-19

6.6 User-defined Policies .................................................................................................... 6-20

6.7 Registering your ZyWALL ............................................................................................. 6-28

Log and Report................................................................................................................................ IV

Chapter 7 Log and Report............................................................................................................ 7-1

7.1 Logs................................................................................................................................. 7-1

7.2 Report.............................................................................................................................. 7-2

7.3 Alarm Schedule ............................................................................................................... 7-4

Maintenance & CLI ........................................................................................................................... V

Chapter 8 Maintenance................................................................................................................. 8-1

8.1 Maintenance Overview.................................................................................................... 8-1

8.2 Password......................................................................................................................... 8-1

8.3 Time and Date................................................................................................................. 8-2

8.4 Firmware Upload............................................................................................................. 8-6

8.5 Configuration................................................................................................................. 8-10

8.6 Restart........................................................................................................................... 8-12

Chapter 9 Command Line Interface Overview ........................................................................... 9-1

9.1 Command Syntax Conventions....................................................................................... 9-1

9.2 Login................................................................................................................................ 9-2

9.3 Commands ...................................................................................................................... 9-2

Appendices & Index........................................................................................................................ VI

Appendix A Introduction to Intrusions .......................................................................................A-1

A.1 Introduction to Ports ........................................................................................................A-1

A.2 Introduction to Denial of Service .....................................................................................A-1

A.3 DoS Examples.................................................................................................................A-1

A.4 Scanning .........................................................................................................................A-3

A.5 Malicious Programs......................................................................................................... A-4

A.6 Example Intrusions.......................................................................................................... A-4

Appendix B Intrusion Protection.................................................................................................B-1

B.1 Firewalls and Intrusions ..................................................................................................B-1

B.2 Intrusion Detection and Prevention (IDP) .......................................................................B-1

B.3 Detection Methods .......................................................................................................... B-2

Appendix C Index..........................................................................................................................C-1

viii Table of Contents

ZyWALL IDP10 User’s Guide

List of Figures

Figure 1-1 ZyWALL............................................................................................................................................ 1-1

Figure 1-2 Installation Example 1........................................................................................................................ 1-3

Figure 1-3 Installation Example 2........................................................................................................................ 1-4

Figure 1-4 Installation Example 3........................................................................................................................ 1-5

Figure 1-5 Installation Example 4........................................................................................................................ 1-6

Figure 2-1 Default Web Configurator IP Address................................................................................................ 2-1

Figure 2-2 Login Screen ...................................................................................................................................... 2-2

Figure 2-3 Change Password Screen ................................................................................................................... 2-2

Figure 2-4 Web Configurator HOME Screen....................................................................................................... 2-3

Figure 3-1 General: Device.................................................................................................................................. 3-1

Figure 3-2 General: VLAN.................................................................................................................................. 3-3

Figure 3-3 General: State..................................................................................................................................... 3-4

Figure 4-1 Interface: Link.................................................................................................................................... 4-1

Figure 4-2 Interface: Stealth ................................................................................................................................ 4-2

Figure 4-3 ZyWALL Policy Check...................................................................................................................... 4-3

Figure 4-4 Interface: Policy Check ...................................................................................................................... 4-4

Figure 5-1 Remote Management: WWW ............................................................................................................ 5-1

Figure 5-2 SNMP Management Model................................................................................................................ 5-2

Figure 5-3 Remote Management: SNMP............................................................................................................. 5-4

Figure 5-4 SSH Communication Example........................................................................................................... 5-5

Figure 5-5 How SSH Works ................................................................................................................................ 5-5

Figure 5-6 Remote Management: SSH ................................................................................................................ 5-6

Figure 5-7 PuTTY settings................................................................................................................................... 5-7

Figure 5-8 PuTTY Security Alert......................................................................................................................... 5-7

Figure 5-9 ZyWALL Command Interface Login Screen ..................................................................................... 5-8

Figure 6-1 P2P Signatures.................................................................................................................................... 6-2

Figure 6-2 IM (Chat) Signatures.......................................................................................................................... 6-3

Figure 6-3 Spam Signatures................................................................................................................................. 6-4

Figure 6-4 DoS/DDoS Signatures........................................................................................................................ 6-4

Figure 6-5 Scan Signatures .................................................................................................................................. 6-5

Figure 6-6 Buffer Overflow Signatures ............................................................................................................... 6-6

Figure 6-7 Worm/Virus Signatures ...................................................................................................................... 6-7

Figure 6-8 Backdoor/Trojan Signatures............................................................................................................... 6-8

Figure 6-9 Access Control Signatures.................................................................................................................. 6-9

Figure 6-10 Web Attack Signatures ................................................................................................................... 6-10

List of Figures ix

ZyWALL IDP10 User’s Guide

Figure 6-11 Porn Signatures ...............................................................................................................................6-11

Figure 6-12 Others Signatures............................................................................................................................6-12

Figure 6-13 Pre-defined IDP Policies Summary.................................................................................................6-14

Figure 6-14 Search Example ..............................................................................................................................6-17

Figure 6-15 Query Example ...............................................................................................................................6-17

Figure 6-16 Pre-defined Policies: Modify ..........................................................................................................6-18

Figure 6-17 Update Policies ...............................................................................................................................6-19

Figure 6-18 User-defined Policies......................................................................................................................6-21

Figure 6-19 Configuring a User-defined IDP Policy..........................................................................................6-24

Figure 6-20 Registering ZyWALL......................................................................................................................6-29

Figure 7-1 View Log.............................................................................................................................................7-1

Figure 7-2 Report: E-Mail ....................................................................................................................................7-3

Figure 7-3 Report: syslog .....................................................................................................................................7-4

Figure 7-4 Alarm ..................................................................................................................................................7-5

Figure 8-1 Maintenance: Password.......................................................................................................................8-1

Figure 8-2 Debug Mode Reset Example...............................................................................................................8-2

Figure 8-3 Maintenance: Time Setting .................................................................................................................8-4

Figure 8-4 Synchronization in Process.................................................................................................................8-6

Figure 8-5 Synchronization is Successful.............................................................................................................8-6

Figure 8-6 Synchronization Fail ...........................................................................................................................8-6

Figure 8-7 Maintenance: F/W Upload ..................................................................................................................8-7

Figure 8-8 Firmware Upload in Progress .............................................................................................................8-9

Figure 8-9 Network Temporarily Disconnected ...................................................................................................8-9

Figure 8-10 Firmware Upload Error...................................................................................................................8-10

Figure 8-11 Maintenance: Configuration............................................................................................................8-11

Figure 8-12 Maintenance: Restart ......................................................................................................................8-12

Figure A-1 Three-Way Handshake ......................................................................................................................A-2

Figure A-2 SYN Flood ........................................................................................................................................A-2

Figure A-3 Smurf Attack .....................................................................................................................................A-3

x List of Figures

ZyWALL IDP10 User’s Guide

List of Tables

Table 2-1 Web Configurator HOME Screen........................................................................................................ 2-4

Table 2-2 Screens Summary ................................................................................................................................ 2-5

Table 2-3 Example Configuration Settings.......................................................................................................... 2-6

Table 3-1 General: Device ................................................................................................................................... 3-2

Table 3-2 General: VLAN.................................................................................................................................... 3-3

Table 3-3 General: State....................................................................................................................................... 3-4

Table 4-1 Interface: Link...................................................................................................................................... 4-2

Table 4-2 Interface: Stealth.................................................................................................................................. 4-3

Table 4-3 Interface: Policy Check........................................................................................................................ 4-4

Table 5-1 Remote Management: WWW.............................................................................................................. 5-2

Table 5-2 SNMP Traps......................................................................................................................................... 5-3

Table 5-3 Remote Management: SNMP .............................................................................................................. 5-4

Table 5-4 Remote Management: SSH.................................................................................................................. 5-6

Table 6-1 Policy Severity................................................................................................................................... 6-12

Table 6-2 Policy Actions.................................................................................................................................... 6-13

Table 6-3 Selecting Pre-defined Policies ........................................................................................................... 6-15

Table 6-4 Pre-defined IDP Policies.................................................................................................................... 6-18

Table 6-5 Update Policies .................................................................................................................................. 6-20

Table 6-6 User-defined Policies......................................................................................................................... 6-21

Table 6-7 Configuring a User-defined IDP Policy............................................................................................. 6-25

Table 6-8 Registering ZyWALL ........................................................................................................................ 6-29

Table 7-1 View Log.............................................................................................................................................. 7-2

Table 7-2 Report: E-Mail ..................................................................................................................................... 7-3

Table 7-3 Report: syslog ...................................................................................................................................... 7-4

Table 7-4 Alarm ................................................................................................................................................... 7-5

Table 8-1 Maintenance: Password ....................................................................................................................... 8-1

Table 8-2 Default Time Servers ........................................................................................................................... 8-3

Table 8-3 Time and Date...................................................................................................................................... 8-4

Table 8-4 Maintenance: F/W Upload................................................................................................................... 8-7

Table 8-5 Restore Configuration........................................................................................................................ 8-11

Table 9-1 Commands Summary........................................................................................................................... 9-2

Table A-1 Common IP Ports ............................................................................................................................... A-1

Table A-2 Common Malicious Programs............................................................................................................ A-4

List of Tables xi

ZyWALL IDP10 User’s Guide

Preface

About This User's Manual

Congratulations on your purchase of the ZyWALL IDP 10 Intrusion Detection Prevention Appliance . This manual is designed to guide you through the configuration of your ZyWALL for its various applications.

Related Documentation

 Support Disk

Refer to the included CD for support documents.

 Quick Start Guide

The Quick Start Guide is designed to help you get up and running right away. It contains hardware (connection) information, basic troubleshooting and shows you how to configure the device using the wizard.

 Web Configurator Online Help

Embedded web help for descriptions of individual screens and supplementary information.

 Packing List Card

The Packing List Card lists all items that should have come in the package.

 Certifications

Refer to the product page at www.zyxel.com

 ZyXEL Glossary and Web Site

Please refer to www.zyxel.com

support documentation.

for an online glossary of networking terms and additional

for information on product certifications.

Syntax Conventions

• This manual will refer to the ZyWALL IDP 10 Intrusion Detection Prevention Appliance simply as the ZyWALL.

• The version number on the title page is the latest firmware version that is documented in this User’s Guide. Earlier versions may also be included.

• “Enter” means for you to type one or more characters and press the carriage return. “Select” or “Choose” means for you to use one of the predefined choices.

• The choices of a menu item are in Bold Arial font.

• Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control

Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem.

• For brevity’s sake, we will use “e.g.” as a shorthand for “for instance” and “i.e.” for “that is” or “in other words” throughout this manual.

xii Preface

ZyWALL IDP10 User’s Guide

User’s Guide Feedback

Help us help you. E-mail all User’s Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.

Graphics Icon Key

ZyWALL IDP

Computer

Firewall

Intrusion source

Blocked intrusion

Modem

Server

Router

Notebook Computer

Switch

Security hole

Preface xiii

Getting Started

PPaarrtt II::

Getting Started

This part introduces intrusions, ZyWALL features, applications and the web configurator.

ZyWALL IDP10 User’s Guide

Chapter 1

Introducing the ZyWALL IDP 10

This chapter introduces the main features and applications of the ZyWALL.

1.1 Introduction

An IDP system can detect malicious or suspicious packets and respond instantaneously. It can detect anomaly detections based on violations of protocol standards (RFCs – Requests for Comments) or traffic flows and abnormal flows such as port scans. The rules that define how to identify and respond to intrusions are called “signatures”.

 See the appendices for more detailed information on intrusions,

intrusion examples and detection types.

The ZyWALL is an Intrusion Detection and Prevention (IDP) Appliance designed to protect against network-based intrusions. The ZyWALL functions as a transparent plug and play bridge designed to protect networks from intrusions while allowing safe Internet access.

The ZyWALL comes with a built-in signature set that can be regularly updated. Regular updates are vital as new intrusions evolve.

For people with knowledge of packet header types and OSI (Open System Interconnection), the IDP allows you to create your own rules.

You can configure the ZyWALL using the friendly, embedded web configurator or the command-line interface you access via the console port.

Figure 1-1 ZyWALL

Introducing the ZyWALL IDP 10 1-1

ZyWALL IDP10 User’s Guide

1.2 Features

LAN, WAN and Management Ports

You can also manage the ZyWALL via the LAN or WAN port, but the MGMT port is dedicated for management. If you manage the ZyWALL via the LAN or WAN port then the ZyWALL itself may be susceptible to being compromised.

Intrusion Detection & Prevention (IDP)

 Real-time detection & prevention system at structure

 Inline, Monitor, Bypass modes

 Automatic signature update

 Protect against:

o DoS and DDoS attacks

o Buffer overflow

o Network and port scans

o Trojan Horse attacks

o Back Door attacks

o Worms

 Detection Methods:

o Heuristic Analysis based on exceeding statistical thresholds such as abnormal port scan

probes.

o Pattern Matching where a signature database identifies malicious code strings in packets.

o Protocol Anomaly Detection based on RFC protocol violations.

o Traffic flow anomalies where certain applications such as peer-to-peer applications for

example are defined as “abnormal” and therefore an “intrusion”.

o Stateful pattern matching based on reassembling TCP screams to make the complete string

available to the detection engine.

 User-defined rules allow:

o Multiple Attack Pattern Detection

o Multiple string match

o IP/TCP/UDP/ICMP and IGMP packets filters that block suspect attack sources.

Firmware Upgrade

 Automatically schedule download and upgrade

Logs & Reports

 Automatically schedule reports sent by E-mail.

 Alarms are urgent notification of attacks.

1-2 Introducing the ZyWALL IDP 10

ZyWALL IDP10 User’s Guide

System Management

 Console (RS-232)

 Web-based GUI (HTTP)

 Command line interface

 SNMP v2c

1.3 Application Examples

You can install a ZyWALL either between the firewall (or switch) and Internet (see Figure 1-2) to protect your local networks and firewall (or switch) from intrusions from the Internet, behind the firewall (or switch) to protect the DMZ servers from intrusions from the local network (due to an infected LAN computer, for example), or ideally, install one in front of the firewall and two others behind the firewall.

In installation example 1 (Figure 1-2) the ZyWALL (A) protects the firewall/router (B), DMZ servers and LAN computers from network intrusions from the Internet. However, it does not protect the DMZ servers from intrusions from the LAN (and vice versa), and the ZyWALL itself is vulnerable, as it does not receive firewall protection.

Figure 1-2 Installation Example 1

Introducing the ZyWALL IDP 10 1-3

ZyWALL IDP10 User’s Guide

In installation example 2 (see Figure 1-3) the ZyWALL (A) protects the LAN from intrusions from the Internet and the DMZ servers from intrusions from the LAN (and vice versa). The ZyWALL itself receives firewall protection too. However, it does not protect the firewall (B) nor the DMZ servers from intrusions from the Internet.

Figure 1-3 Installation Example 2

1-4 Introducing the ZyWALL IDP 10

ZyWALL IDP10 User’s Guide

In installation example 3 (see Figure 1-4) the ZyWALL (A) protects the DMZ servers from intrusions from the Internet and also from intrusions from the LAN (and vice versa). The ZyWALL itself receives firewall protection too. However, it does not protect the LAN computers nor the firewall (B) from intrusions from the Internet.

Figure 1-4 Installation Example 3

Introducing the ZyWALL IDP 10 1-5

ZyWALL IDP10 User’s Guide

In installation example 4 (see Figure 1-5) ZyWALLs (A1 and A3) protect the LAN and DMZ from intrusions from the Internet and from each other. ZyWALLs (A1 and A3) also receive firewall protection.

ZyWALL (A2) protects the firewall (B), DMZ servers (and LAN). However, ZyWALL (A2) does not receive firewall protection.

Figure 1-5 Installation Example 4

1-6 Introducing the ZyWALL IDP 10

ZyWALL IDP10 User’s Guide

Chapter 2

Introducing the Web Configurator

This chapter describes how to access the ZyWALL web configurator and provides an

overview of its screens.

2.1 Web Configurator Overview

The embedded web configurator (eWC) allows you to manage the ZyWALL from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. It is recommended that you set your screen resolution to 1024 by 768 pixels. The screens you see in the web configurator may vary somewhat from the ones shown in this document due to differences between individual firmware versions.

2.2 Accessing the ZyWALL Web Configurator

1. Make sure your ZyWALL hardware is properly connected and prepare your computer/computer

network to connect to the ZyWALL (refer to the Quick Start Guide).

2. Launch your web browser and type "192.168.1.3" as the URL.

Figure 2-1 Default Web Configurator IP Address

Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login.

Introducing the Web Configurator 2-1

ZyWALL IDP10 User’s Guide

Figure 2-2 Login Screen

You should see a screen asking you to change your password (highly recommended) as shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.

Figure 2-3 Change Password Screen

You should now see the HOME screen (see Figure 2-4).

2-2 Introducing the Web Configurator

ZyWALL IDP10 User’s Guide

 The management session automatically times out when the

time period set in the Administrator Inactivity Timer field expires. Simply log back into the ZyWALL if this happens to you.

2.3 Navigating the ZyWALL Web Configurator

The following summarizes how to navigate the web configurator from the HOME screen.

 Click the help icon (located in the top right corner of most

screens) to view online help.

You can configure the ZyWALL’s IP address in order to access it for management. All LAN, WAN, DNZ and WLAN ports act as a hub and share the same IP address.

Use submenus to configure ZyWALL features.

Click LOGOUT at any time to exit the web configurator.

Click MAINTENANCE to view information about your ZyWALL or upgrade configuration/firmware files. Maintenance includes Password, Time Setting, F/W (firmware)

Upload, Configuration (Backup, Restore, Default), and Restart.

Figure 2-4 Web Configurator HOME Screen

The following table describes the labels in this screen.

Introducing the Web Configurator 2-3

ZyWALL IDP10 User’s Guide

Table 2-1 Web Configurator HOME Screen

LABEL DESCRIPTION

Wizard…

Quick Setup

Device Information System Name The system name identifies your device type. The system name should also be on a

Firmware Version This is the firmware version number and the date created.

Policy Version This field displays the intrusion signature set version number and the date updated

Current Time This field displays the present time as configured on the device.

Current Date This field displays the present date as configured on the device.

Up Time This field displays the total time in seconds since the ZyWALL was last turned on.

Memory The first number shows how many kilobytes of the heap memory the ZyWALL is using.

Flash Usage The first number shows the amount of flash (non-volatile) memory used by the ZyWALL.

Current TCP Session

Policy Number This field displays the number of signature “rules” for the displayed policy version.

IP Address This shows the ZyWALL’s IP address. The LAN, WAN and MGMT ports all use the same

Netmask This shows the ZyWALL’s subnet mask.

Gateway This field displays the IP address of the gateway. The gateway is an immediate neighbor

State

Link Mode This field displays whether each port is up or down, the speed (10M or 100M), the

Click Quick Setup to start the ZyWALL setup wizard.

sticker on your device. If you are uploading firmware, be sure to upload firmware for this exact system name.

Heap memory refers to the memory that is used by the ZYWALL operating system. The second number shows the ZyWALL's total heap memory (in kilobytes). The bar displays what percent of the ZyWALL's heap memory is in use. The bar is green when less than 70% is in use and red when more than 70% is in use.

The bar displays what percentage of disk space is in use. The bar is green when less than 70% is in use and red when more than 70% is in use. The second number shows the total available disk space (in megabytes).

This field displays number of TCP sessions currently established.

IP address.

of your ZyWALL that will forward the packet to the destination. The gateway must be on the same segment as your ZyWALL. The gateway and DNS settings are only relevant to the internal functions (SNMP, e-mail, syslog) of the ZyWALL.

This field displays whether the ZyWALL is Inline (configure an action for suspicious packets), Monitor (send out alerts only for suspicious packets) or Bypass (all traffic can pass through the ZyWALL without inspection).

duplex mode (full or half) and whether stealth is enabled.

2.3.1 Navigation Panel

After you enter the password, use the sub-menus on the navigation panel to configure ZyWALL features.

The following table describes the sub-menus.

2-4 Introducing the Web Configurator

ZyWALL IDP10 User’s Guide

Table 2-2 Screens Summary

LINK TAB FUNCTION

HOME This screen shows the ZyWALL’s general device information. Use this

screen to access the setup wizard.

SYSTEM

GENERAL Device Use this screen to configure device TCP/IP settings and TCP idle

VLAN Use this screen to configure the VLAN tag and VLAN ID.

State

INTERFACE Link Use this screen to set each port’s speed and duplex mode.

Stealth Use this screen to enable/disable stealth on the LAN or WAN ports.

Policy Check Policy check determines the interface on which traffic will be checked

REMOTE MGMT WWW Use this screen to configure through which interface(s) and from which

SNMP Use this screen to configure Simple Network Management Protocol

SSH Use this screen to configure through which interface(s) and from which

IDP Pre-defined All pre-defined IDP policies are already stored in the ZyWALL by

Update Use this screen to set the IP address of the update server and to

User-defined Use screen to create your own intrusion protection policies.

Registration Use this screen to register for IDP update server downloads.

LOG & REPORT

LOGS View Log Use this screen to view the logs for the categories that you selected.

REPORT E-Mail Use this screen to configure and schedule e-mailed log reports.

syslog A syslog server is an external logging server used to store and parse

ALARM ALARM Use this screen to configure and set the frequency of (e-mailed) alarms.

MAINTENANCE Password Use this screen to change your password.

Time Setting Use this screen to set your ZyWALL’s time and date.

F/W Upload Use this screen to configure and schedule firmware uploads to your

Configuration Use this screen to back up, restore ZyWALL configuration settings or

Access the GENERAL, INTERFACE and REMOTE MGMT links from here.

timeout.

Use this screen to set the intrusion operating state (Inline, Monitor or Bypass).

against the ZyWALL policy rules (both pre-defined and user-defined). By selecting LAN port, then only traffic coming into the LAN and out through the WAN will be checked. Similarly, by selecting WAN port, then only traffic coming into the WAN and out through the LAN will be checked.

IP address(es) users can use HTTP to manage the ZyWALL.

(SNMP) ZyWALL management.

IP address(es) users can use Secure Shell to manage the ZyWALL.

default. Use this screen to see all pre-defined policies or search fro specific ones.

schedule automatic downloading.

Access the LOGS, REPORT and ALARM links from here.

logs.

ZyWALL.

reset them to the factory defaults.

Introducing the Web Configurator 2-5

ZyWALL IDP10 User’s Guide

Table 2-2 Screens Summary

LINK TAB FUNCTION

Restart This screen allows you to reboot the ZyWALL without turning the power

off.

LOGOUT Click this link to log out of and exit the web configurator. For security

reasons, you should do this after each management session.

 See the Quick Start Guide for information on using the wizard

to configure the ZyWALL for the first time.

2.4 Example Configuration Settings

The following table shows an example setup for your ZyWALL. In this setup, the ZyWALL is behind a NAT router (or firewall) and is given a private IP address. The gateway is also in a private network. The LAN and WAN ports are both in stealth mode and remote management is only allowed from the MGMT port.

Table 2-3 Example Configuration Settings

ZyWALL Settings

IP Address 10. 10. 1.1 (private IP address)

Subnet Mask 255.255.255. 0

Gateway 10. 10. 1.254 (switch or router on LAN or DMZ)

State INLINE

Ports Settings

Port Link Status Stealth

WAN Auto 10M/Half UP ON

LAN Auto 100M/Full UP ON

MGMT Auto 100M/Full UP OFF

Remote Management:

WWW Server Access MGMT only

SNMP Server Access MGMT only

SSH Server Access MGMT only

2-6 Introducing the Web Configurator

General, Interface, and Remote Management

PPaarrtt IIII::

General, Interface, and Remote Management

This part covers configuration of the General, Interface, and Remote Management screens.

ZyWALL IDP 10 User’s Guide

Chapter 3

General Settings

This chapter describes how to configure the ZyWALL’s TCP, VLAN and State settings.

3.1 Device

Enter the ZyWALL IP address, subnet mask, gateway IP address and DNS server IP address in the next screen. The gateway and DNS entries relate to the e-mail, syslog and SNMP functions of the ZyWALL.

The DNS server maps a domain name to its corresponding IP address and vice versa. If you configure a DNS server, you can enter an IP address or domain name for e-mail, syslog, etc. servers.

If you change the ZyWALL IP address, you will need to access it again using the new IP address. To change your ZyWALL’s network settings click GENERAL, then the Device tab.

Figure 3-1 General: Device

The following table describes the fields in this screen.

General Settings 3-1

ZyWALL IDP 10 User’s Guide

Table 3-1 General: Device

LABEL DESCRIPTION

System Name Enter a descriptive name of up to 128 single-Byte or double-Byte characters for

identification purposes.

Administrator Inactivity Timer

Device Setup

IP Address Type the IP address of your ZyWALL. If you change the ZyWALL IP address, you will

Subnet Mask Type the IP subnet mask of your ZyWALL.

Gateway Type the IP address of the gateway. The gateway and DNS entries relate to the e-mail,

DNS Server The DNS server maps a domain name to its corresponding IP address and vice versa. If

Apply Click this button to save your changes back to the ZyWALL.

Reset Click this button to begin configuring this screen afresh.

Type how many minutes a management session (either via the web configurator or SSH) can be left idle before the session times out. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).

need to access it again using the new IP address.

syslog and SNMP functions of the ZyWALL.

you configure a DNS server, you can enter an IP address or domain name for e-mail, syslog, etc. servers.

3.2 Introduction to VLANs

A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same group(s); the traffic must first go through a router.

VLAN increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain.

3.2.1 Tagged VLANs (IEEE 802.1Q)

This section gives some technical background information on tagged VLANs. Skip to section 3.3 to see how to configure VLAN tagging on the ZyWALL. When a device receives a frame from a workstation, the VLAN from whence it came must be known so the device may respond, if necessary, to the source of the frame. This is accomplished by tagging.

IEEE 802.1Q tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across devices - tagged VLANs are not confined to the device on which they were created.

The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame across the network. A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID (Tag Protocol Identifier, residing within the type/length field of the Ethernet frame) and two bytes of TCI (Tag Control Information, a tagged header starts after the source address field of the Ethernet frame).

3-2 General Settings

+ 81 hidden pages