ZyXEL P1 User Manual

ZyWALL P1

Internet Security Appliance

User’s Guide

Version 3.64

8/2005

ZyWALL P1 User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

ZyWALL P1 User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Certifications

1 Go to www.zyxel.com

2 Select your product from the drop-down list box on the ZyXEL

home page to go to that product's page.

3 Select the certification you wish to view from this page

2 Federal Communications Commission (FCC) Interference Statement

ZyWALL P1 User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.

• Use ONLY the dedicated power supply for your device. Connect the power cord or power adaptor to the right supply voltage (110V AC in North America or 230V AC in Europe).

• Do NOT use the device if the power supply is damaged as it might cause electrocution.

• If the power supply is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power supply. Contact your local vendor to order a new power supply.

• Place connecting cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.

• If you wall mount your device, make sure that no electrical, gas or water pipes will be damaged.

• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Make sure to connect the cables to the correct ports.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

• Do NOT store things on the device.

• Connect ONLY suitable accessories to the device.

Safety Warnings 3

ZyWALL P1 User’s Guide

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

ZyXEL Limited Warranty

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.

• Use ONLY the dedicated power supply for your device. Connect the power cord or power adaptor to the right supply voltage (110V AC in North America or 230V AC in Europe).

• Do NOT use the device if the power supply is damaged as it might cause electrocution.

• If the power supply is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power supply. Contact your local vendor to order a new power supply.

4 ZyXEL Limited Warranty

ZyWALL P1 User’s Guide

• If you wall mount your device, make sure that no electrical, gas or water pipes will be damaged.

• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Make sure to connect the cables to the correct ports.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

• Do NOT store things on the device.

• Connect ONLY suitable accessories to the device.

ZyXEL Limited Warranty 5

ZyWALL P1 User’s Guide

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it. .

Customer Support

METHOD

LOCATION

CORPORATE HEADQUARTERS (WORLDWIDE)

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

NORTH AMERICA

NORWAY

SPAIN

SWEDEN

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

info@cz.zyxel.com +420 241 091 350 www.zyxel.cz ZyXEL Communications

info@cz.zyxel.com +420 241 091 359

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk ZyXEL Communications A/S

sales@zyxel.dk +45 39 55 07 07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy

sales@zyxel.fi +358-9-4780 8448

i nf o @z y xe l .f r + 33 (0 ) 4 7 2 5 2 9 7 9 7 w ww .z y xe l . fr Z yX E L F r an c e

+33 (0)4 72 52 19 20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

support@zyxel.com +1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.no +47 22 80 61 80 www.zyxel.no ZyXEL Communications A/S

sales@zyxel.no +47 22 80 61 81

support@zyxel.es +34 902 195 420 www.zyxel.es ZyXEL Communications

sales@zyxel.es +34 913 005 345

support@zyxel.se +46 31 744 7700 www.zyxel.se ZyXEL Communications A/S

sales@zyxel.se +46 31 744 7701

WEB SITE

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II

Sc ien ce P ar k Hsinchu 300 Ta iw a n

Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika

Col um bu sv ej 5 2860 Soeborg Denmark

Mal mi nk aa ri 10 00700 Helsinki Finland

1 ru e d e s V er ge r s Ba t. 1 / C 69760 Limonest France

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

1130 N. Miller St. Anaheim

CA 92806-2001 U.S.A.

Ni ls H ans en s ve i 13 0667 Oslo Norway

Alejandro Villegas 33 1º, 28043 Madrid Spain

Sjöporten 4, 41764 Göteborg Sweden

6 Customer Support

ZyWALL P1 User’s Guide

METHOD

LOCATION

UNITED KINGDOM

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.co.uk +44 (0) 1344 303044

08707 555779 (UK only)

sales@zyxel.co.uk +44 (0) 1344 303034 ftp.zyxel.co.uk

WEB SITE

www.zyxel.co.uk ZyXEL Communications UK

a. “+” is the (prefix) number you enter to make an international telephone call.

REGULAR MAIL

Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)

Customer Support 7

ZyWALL P1 User’s Guide

8 Customer Support

ZyWALL P1 User’s Guide

Copyright ..................................................................................................................1

Federal Communications Commission (FCC) Interference Statement ............... 2

Safety Warnings ....................................................................................................... 3

ZyXEL Limited Warranty.......................................................................................... 4

Customer Support.................................................................................................... 6

Preface ....................................................................................................................29

Chapter 1

Getting to Know Your ZyWALL ............................................................................. 31

1.1 Overview ............................................................................................................31

1.2 ZyWALL Features ..............................................................................................31

1.2.1 Physical Features .....................................................................................31

1.2.2 Non-Physical Features .............................................................................32

1.3 Applications ........................................................................................................35

1.3.1 Secure Network Access for Telecommuters .............................................35

1.3.2 LAN Network Protection ..........................................................................35

1.4 ZyWALL Hardware Connection ..........................................................................36

1.5 Front Panel LED .................................................................................................36

Chapter 2

Introducing the Web Configurator........................................................................ 39

2.1 Overview ............................................................................................................39

2.2 Accessing the Web Configurator ........................................................................39

2.3 Resetting the ZyWALL .......................................................................................41

2.3.1 Procedure to Use the Reset Button ..........................................................42

2.4 Navigating the Web Configurator .......................................................................42

2.4.1 The HOME Screen ...................................................................................42

2.4.2 Navigation Panel .......................................................................................44

2.4.3 System Statistics .......................................................................................46

2.4.4 DHCP Table Screen .................................................................................47

2.4.5 VPN Status ...............................................................................................48

Table of Contents 9

ZyWALL P1 User’s Guide

Chapter 3

Wizard Setup .......................................................................................................... 51

3.1 Overview ............................................................................................................51

3.2 Internet Access Wizard Setup ...........................................................................51

3.3 VPN Wizard Setup .............................................................................................58

3.4 IPSec Algorithms ................................................................................................64

3.2.1 ISP Parameters ........................................................................................51

3.2.2 WAN and DNS ..........................................................................................51

3.2.2.1 WAN IP Address Assignment ..........................................................51

3.2.2.2 IP Address and Subnet Mask ..........................................................52

3.2.2.3 DNS Server Address Assignment ...................................................52

3.2.2.4 Ethernet ...........................................................................................53

3.2.2.5 PPPoE Encapsulation .....................................................................54

3.2.2.6 PPTP Encapsulation .......................................................................56

3.2.3 Internet Access Wizard Setup Complete ..................................................58

3.3.1 IPSec ........................................................................................................59

3.3.2 Security Association .................................................................................59

3.3.3 My IP Address ..........................................................................................59

3.3.4 Secure Gateway Address .........................................................................59

3.3.4.1 Dynamic Secure Gateway Address ................................................59

3.3.5 VPN Wizard: Gateway Policy Setting .......................................................59

3.3.6 VPN Wizard: Network Setting ...................................................................60

3.3.7 IKE Phases ...............................................................................................62

3.3.7.1 Negotiation Mode ............................................................................63

3.3.7.2 Pre-Shared Key ...............................................................................63

3.3.7.3 Diffie-Hellman (DH) Key Groups .....................................................63

3.3.7.4 Perfect Forward Secrecy (PFS) .....................................................64

3.4.1 AH (Authentication Header) Protocol ........................................................64

3.4.2 ESP (Encapsulating Security Payload) Protocol ......................................64

3.4.3 IKE Tunnel Setting (IKE Phase 1) ............................................................66

3.4.4 IPSec Setting (IKE Phase 2) .....................................................................67

3.4.5 VPN Status Summary ...............................................................................68

3.4.6 VPN Wizard Setup Complete ...................................................................70

Chapter 4

LAN Screens........................................................................................................... 73

4.1 LAN Overview ....................................................................................................73

4.2 DHCP Setup .......................................................................................................73

4.2.1 IP Pool Setup ............................................................................................73

4.2.2 DNS Servers .............................................................................................73

4.3 LAN TCP/IP ........................................................................................................74

4.3.1 Factory LAN Defaults ................................................................................74

4.3.2 IP Address and Subnet Mask ...................................................................74

10 Table of Contents

ZyWALL P1 User’s Guide

4.3.3 RIP Setup .................................................................................................74

4.3.4 Multicast ....................................................................................................75

4.4 Configuring LAN .................................................................................................75

4.5 Configuring Static DHCP ....................................................................................77

Chapter 5

WAN Screens.......................................................................................................... 79

5.1 WAN Overview ...................................................................................................79

5.1.1 TCP/IP Priority (Metric) .............................................................................79

5.1.2 WAN MAC Address ..................................................................................79

5.2 WAN Route Setup ..............................................................................................79

5.3 Configuring WAN Setup .....................................................................................80

5.3.1 Ethernet Encapsulation .............................................................................80

5.3.2 PPPoE Encapsulation ...............................................................................83

5.3.3 PPTP Encapsulation .................................................................................85

5.4 Dynamic DNS .....................................................................................................87

5.4.1 DYNDNS Wildcard ....................................................................................87

5.4.2 Configuring Dynamic DNS ........................................................................88

Chapter 6

Firewalls.................................................................................................................. 91

6.1 Firewall Overview ...............................................................................................91

6.2 Types of Firewalls ..............................................................................................91

6.2.1 Packet Filtering Firewalls ..........................................................................91

6.2.2 Application-level Firewalls ........................................................................91

6.2.3 Stateful Inspection Firewalls .....................................................................92

6.3 Introduction to ZyXEL’s Firewall .........................................................................92

6.4 Denial of Service ................................................................................................93

6.4.1 Basics .......................................................................................................93

6.4.2 Types of DoS Attacks ...............................................................................94

6.4.2.1 ICMP Vulnerability ..........................................................................96

6.4.2.2 Illegal Commands (NetBIOS and SMTP) ........................................96

6.4.2.3 Traceroute .......................................................................................97

6.5 Stateful Inspection ..............................................................................................97

6.5.1 Stateful Inspection Process ......................................................................98

6.5.2 Stateful Inspection and the ZyWALL .........................................................99

6.5.3 TCP Security .............................................................................................99

6.5.4 UDP/ICMP Security ................................................................................100

6.5.5 Upper Layer Protocols ............................................................................100

6.6 Guidelines For Enhancing Security With Your Firewall ....................................101

6.7 Packet Filtering Vs Firewall ..............................................................................101

6.7.1 Packet Filtering: ......................................................................................101

6.7.1.1 When To Use Filtering ...................................................................101

Table of Contents 11

ZyWALL P1 User’s Guide

Chapter 7

Firewall Screens................................................................................................... 103

7.1 Access Methods ...............................................................................................103

7.2 Firewall Policies Overview ...............................................................................103

7.3 Rule Logic Overview ........................................................................................104

7.4 Connection Direction Examples .......................................................................105

7.5 Alerts ................................................................................................................106

7.6 Configuring Firewall .........................................................................................107

7.7 Example Firewall Rule ..................................................................................... 112

7.8 Predefined Services .........................................................................................116

7.9 Anti-Probing ..................................................................................................... 118

7.10 Configuring Attack Alert ................................................................................. 119

6.7.2 Firewall ...................................................................................................102

6.7.2.1 When To Use The Firewall ............................................................102

7.3.1 Rule Checklist .........................................................................................104

7.3.2 Security Ramifications ............................................................................104

7.3.3 Key Fields For Configuring Rules ...........................................................105

7.3.3.1 Action ............................................................................................105

7.3.3.2 Service ..........................................................................................105

7.3.3.3 Source Address .............................................................................105

7.3.3.4 Destination Address ......................................................................105

7.4.1 LAN To WAN Rules ................................................................................106

7.4.2 WAN To LAN Rules ................................................................................106

7.6.1 Rule Summary ........................................................................................107

7.6.2 Configuring Firewall Rules ......................................................................109

7.6.3 Configuring Custom Services ................................................................. 112

7.10.1 Threshold Values ..................................................................................120

7.10.2 Half-Open Sessions ..............................................................................120

7.10.2.1 TCP Maximum Incomplete and Blocking Time ...........................120

Chapter 8

Introduction to IPSec ........................................................................................... 123

8.1 VPN Overview ..................................................................................................123

8.1.1 IPSec ......................................................................................................123

8.1.2 Security Association ...............................................................................123

8.1.3 Other Terminology ..................................................................................123

8.1.3.1 Encryption .....................................................................................123

8.1.3.2 Data Confidentiality .......................................................................124

8.1.3.3 Data Integrity .................................................................................124

8.1.3.4 Data Origin Authentication ............................................................124

8.1.4 VPN Applications ....................................................................................124

8.1.4.1 Linking Two or More Private Networks Together ...........................124

12 Table of Contents

ZyWALL P1 User’s Guide

8.1.4.2 Accessing Network Resources When NAT Is Enabled .................124

8.1.4.3 Unsupported IP Applications .........................................................124

8.2 IPSec Architecture ...........................................................................................125

8.2.1 IPSec Algorithms ....................................................................................125

8.2.2 Key Management ....................................................................................125

8.3 Encapsulation ...................................................................................................125

8.3.1 Transport Mode ......................................................................................126

8.3.2 Tunnel Mode ...........................................................................................126

8.4 IPSec and NAT .................................................................................................126

Chapter 9

VPN Screens......................................................................................................... 129

9.1 VPN/IPSec Overview .......................................................................................129

9.2 IPSec Algorithms ..............................................................................................129

9.2.1 AH (Authentication Header) Protocol ......................................................129

9.2.2 ESP (Encapsulating Security Payload) Protocol ....................................129

9.3 My ZyWALL ......................................................................................................130

9.4 Secure Gateway Address ................................................................................130

9.4.1 Dynamic Secure Gateway Address ........................................................131

9.4.2 Nailed Up ................................................................................................131

9.5 NAT Traversal ..................................................................................................131

9.5.1 NAT Traversal Configuration ...................................................................132

9.5.2 X-Auth (Extended Authentication) ..........................................................132

9.5.3 Authentication Server .............................................................................132

9.6 ID Type and Content ........................................................................................133

9.6.1 ID Type and Content Examples ..............................................................134

9.7 Pre-Shared Key ................................................................................................134

9.8 IKE VPN Rule Summary Screen ......................................................................135

9.8.1 Configurign an IKE VPN Rule .................................................................135

9.8.2 Configuring an IKE VPN Policy ...............................................................140

9.8.2.1 Activating a VPN Connection ........................................................144

9.9 Viewing SA Monitor ..........................................................................................144

9.10 Configuring Global Setting .............................................................................145

9.11 Telecommuter VPN/IPSec Examples .............................................................146

9.11.1 Telecommuters Sharing One VPN Rule Example .................................147

9.11.2 Telecommuters Using Unique VPN Rules Example .............................147

9.12 VPN and Remote Management .....................................................................149

Chapter 10

Certificates............................................................................................................ 151

10.1 Certificates Overview .....................................................................................151

10.1.1 Advantages of Certificates ....................................................................152

10.2 Self-signed Certificates ..................................................................................152

Table of Contents 13

ZyWALL P1 User’s Guide

10.3 Configuration Summary .................................................................................152

10.4 My Certificates ...............................................................................................152

10.5 Certificate File Formats ..................................................................................154

10.6 Importing a Certificate ....................................................................................155

10.7 Creating a Certificate .....................................................................................156

10.8 My Certificate Details .....................................................................................158

10.9 Trusted CAs ...................................................................................................161

10.10 Importing a Trusted CA’s Certificate .............................................................163

10.11 Trusted CA Certificate Details ......................................................................164

10.12 Trusted Remote Hosts .................................................................................167

10.13 Verifying a Trusted Remote Host’s Certificate ..............................................169

10.14 Importing a Trusted Remote Host’s Certificate ............................................170

10.15 Trusted Remote Host Certificate Details ......................................................171

10.16 Directory Servers .........................................................................................174

10.17 Add or Edit a Directory Server .....................................................................175

Chapter 11

Network Address Translation (NAT) ................................................................... 177

10.13.1 Trusted Remote Host Certificate Fingerprints .....................................169

11.1 NAT Overview .................................................................................................177

11.1.1 NAT Definitions .....................................................................................177

11.1.2 What NAT Does ....................................................................................178

11.1.3 How NAT Works ....................................................................................178

11.1.4 NAT Mapping Types ..............................................................................178

11.2 Using NAT ......................................................................................................179

11.2.1 SUA (Single User Account) Versus NAT ...............................................180

11.3 Configuring NAT Overview .............................................................................180

11.4 Port Forwarding ..............................................................................................181

11.4.1 Default Server IP Address ....................................................................181

11.4.2 Port Forwarding: Services and Port Numbers ......................................181

11.4.3 Configuring Servers Behind Port Forwarding (Example) ......................182

11.4.4 Port Translation .....................................................................................183

11.5 Configuring Port Forwarding .........................................................................183

11.6 Configuring Trigger Port .................................................................................185

Chapter 12

Static Route .......................................................................................................... 187

12.1 Static Route Overview ....................................................................................187

12.2 Configuring IP Static Route ............................................................................187

12.2.1 Configuring a Static Route Entry ...........................................................188

14 Table of Contents

ZyWALL P1 User’s Guide

Chapter 13

Remote Management ........................................................................................... 191

13.1 Remote Management Overview .....................................................................191

13.1.1 Remote Management Limitations .........................................................191

13.1.2 Remote Management and NAT ............................................................192

13.1.3 System Timeout ...................................................................................192

13.2 Introduction to HTTPS ....................................................................................192

13.3 Configuring WWW ..........................................................................................193

13.4 HTTPS Example ............................................................................................194

13.4.1 Internet Explorer Warning Messages ...................................................195

13.4.2 Netscape Navigator Warning Messages ...............................................195

13.4.3 Avoiding the Browser Warning Messages ............................................196

13.4.4 Login Screen .........................................................................................197

13.5 SSH Overview ................................................................................................200

13.6 How SSH works .............................................................................................200

13.7 SSH Implementation on the ZyWALL .............................................................201

13.7.1 Requirements for Using SSH ................................................................202

13.8 Configuring SSH ............................................................................................202

13.9 Secure Telnet Using SSH Examples ..............................................................203

13.9.1 Example 1: Microsoft Windows .............................................................203

13.9.2 Example 2: Linux ..................................................................................203

13.10 Secure FTP Using SSH Example ................................................................204

13.11 Telnet ............................................................................................................205

13.12 Configuring TELNET ....................................................................................205

13.13 Configuring FTP ...........................................................................................206

13.14 Configuring SNMP .......................................................................................207

13.14.1 Supported MIBs .................................................................................209

13.14.2 SNMP Traps .......................................................................................209

13.14.3 REMOTE MANAGEMENT: SNMP ......................................................209

13.15 Configuring DNS ..........................................................................................211

13.16 Introducing Vantage CNM ............................................................................211

13.17 Configuring CNM ..........................................................................................212

Chapter 14

UPnP...................................................................................................................... 215

14.1 Universal Plug and Play Overview .................................................................215

14.1.1 How Do I Know If I'm Using UPnP? ......................................................215

14.1.2 NAT Traversal .......................................................................................215

14.1.3 Cautions with UPnP ..............................................................................215

14.2 UPnP and ZyXEL ...........................................................................................216

14.3 Configuring UPnP ..........................................................................................216

14.4 Displaying UPnP Port Mapping ......................................................................217

14.5 Installing UPnP in Windows Example ............................................................218

Table of Contents 15

ZyWALL P1 User’s Guide

14.6 Using UPnP in Windows XP Example ...........................................................220

Chapter 15

Logs Screens........................................................................................................ 225

15.1 Configuring View Log .....................................................................................225

15.2 Log Description Example ...............................................................................226

15.3 Configuring Log Settings ................................................................................227

15.4 Configuring Reports .......................................................................................230

Chapter 16

Maintenance ......................................................................................................... 235

14.5.1 Installing UPnP in Windows Me ............................................................219

14.5.2 Installing UPnP in Windows XP ............................................................220

14.6.1 Auto-discover Your UPnP-enabled Network Device .............................221

14.6.2 Web Configurator Easy Access ............................................................223

15.4.1 Viewing Web Site Hits ...........................................................................232

15.4.2 Viewing Protocol/Port ...........................................................................232

15.4.3 Viewing LAN IP Address .......................................................................233

15.4.4 Reports Specifications ..........................................................................234

16.1 Maintenance Overview ...................................................................................235

16.1.1 General Setup and System Name ........................................................235

16.1.2 Domain Name .......................................................................................235

16.2 Configuring Password ....................................................................................236

16.3 Pre-defined NTP Time Servers List ................................................................237

16.4 Configuring Time and Date ............................................................................238

16.4.1 Time Server Synchronization ................................................................240

16.5 F/W Upload Screen ........................................................................................241

16.6 Configuration Screen .....................................................................................243

16.6.1 Backup Configuration ...........................................................................244

16.6.2 Restore Configuration ..........................................................................244

16.6.3 Back to Factory Defaults .......................................................................246

16.7 Restart Screen ...............................................................................................246

Chapter 17

Firmware and Configuration File Maintenance ................................................. 249

17.1 Introduction ....................................................................................................249

17.2 Filename Conventions ...................................................................................249

17.3 Backup Configuration .....................................................................................250

17.3.1 Using the FTP Command from the Command Line ..............................250

17.3.2 GUI-based FTP Clients .........................................................................251

17.3.3 File Maintenance Over WAN ................................................................251

17.3.4 Backup Configuration Using TFTP .......................................................252

17.3.5 TFTP Command Example ....................................................................252

16 Table of Contents

ZyWALL P1 User’s Guide

17.3.6 GUI-based TFTP Clients ......................................................................253

17.4 Restore Configuration ....................................................................................253

17.4.1 Restore Using FTP ...............................................................................253

17.4.2 Restore Using FTP Session Example ..................................................254

17.5 Uploading Firmware and Configuration Files .................................................254

17.5.1 Firmware File Upload ............................................................................254

17.5.2 FTP File Upload Command from the Command Prompt Example .......254

17.5.3 FTP Session Example of Firmware File Upload ...................................255

17.5.4 TFTP File Upload ..................................................................................255

17.5.5 TFTP Upload Command Example ........................................................256

Chapter 18

Troubleshooting ................................................................................................... 257

18.1 Problems Starting Up the ZyWALL .................................................................257

18.2 Problems Accessing the ZyWALL ..................................................................258

18.2.1 Pop-up Windows, JavaScripts and Java Permissions ..........................258

18.2.1.1 Internet Explorer Pop-up Blockers ..............................................258

18.2.1.2 JavaScripts ..................................................................................261

18.2.1.3 Java Permissions ........................................................................263

18.3 Problems with the LAN Interface ....................................................................265

18.4 Problems with the WAN Interface ..................................................................266

18.5 Problems with Internet Access .......................................................................266

18.6 Problems with the Password ..........................................................................266

18.7 Problems with Remote Management .............................................................267

Appendix A

Setting up Your Computer’s IP Address............................................................ 269

Appendix B

IP Subnetting ........................................................................................................ 281

Appendix C

PPPoE ................................................................................................................... 289

Appendix D

PPTP......................................................................................................................291

Appendix E

Triangle Route ...................................................................................................... 295

Appendix F

SIP Passthrough .................................................................................................. 299

Appendix G

VPN Setup............................................................................................................. 305

Table of Contents 17

ZyWALL P1 User’s Guide

Appendix H

Importing Certificates .......................................................................................... 317

Appendix I

Command Interpreter........................................................................................... 329

Appendix J

Firewall Commands ............................................................................................. 331

Appendix K

NetBIOS Filter Commands .................................................................................. 337

Appendix L

Certificates Commands ....................................................................................... 341

Appendix M

Brute-Force Password Guessing Protection..................................................... 345

Appendix N

Log Descriptions.................................................................................................. 347

Index...................................................................................................................... 363

18 Table of Contents

ZyWALL P1 User’s Guide

List of Figures

Figure 1 Application: Telecommuters ................................................................................ 35

Figure 2 Application: LAN Network Protection ................................................................... 36

Figure 3 Front Panel: LEDs ................................................................................................ 36

Figure 4 Web Configurator: Initial Screen .......................................................................... 40

Figure 5 Web Configurator: Login Screen ........................................................................... 40

Figure 6 Change Password Screen .................................................................................... 41

Figure 7 Replace Certificate Screen ................................................................................... 41

Figure 8 Web Configurator: HOME ................................................................................... 43

Figure 9 Home : Show Statistics ......................................................................................... 47

Figure 10 Home: DHCP Table ............................................................................................. 48

Figure 11 Home : VPN Status ............................................................................................. 49

Figure 12 Internet Access Wizard: Ethernet Encapsulation ................................................ 53

Figure 13 Internet Access Wizard: PPPoE Encapsulation .................................................. 55

Figure 14 Internet Access Wizard: PPTP Encapsulation .................................................... 57

Figure 15 Internet Access Wizard: Complete ...................................................................... 58

Figure 16 VPN Wizard: Gateway Policy Setting ................................................................. 60

Figure 17 VPN Wizard: Network Setting ............................................................................. 61

Figure 18 Two Phases to Set Up the IPSec SA .................................................................. 62

Figure 19 VPN Wizard: IKE Tunnel Setting ......................................................................... 66

Figure 20 VPN Wizard: IPSec Setting ................................................................................. 67

Figure 21 VPN Wizard: VPN Status .................................................................................... 69

Figure 22 VPN Wizard: Complete ....................................................................................... 71

Figure 23 LAN: LAN ............................................................................................................ 75

Figure 24 LAN: Static DHCP ............................................................................................... 78

Figure 25 WAN: Route ...................................................................................................... 80

Figure 26 WAN: WAN: Ethernet ....................................................................................... 81

Figure 27 WAN: WAN: PPPoE ......................................................................................... 84

Figure 28 WAN: WAN: PPTP ............................................................................................. 86

Figure 29 WAN: DDNS ........................................................................................................ 88

Figure 30 ZyWALL Firewall Application .............................................................................. 93

Figure 31 Three-Way Handshake ....................................................................................... 94

Figure 32 SYN Flood ........................................................................................................... 95

Figure 33 Smurf Attack ....................................................................................................... 96

Figure 34 Stateful Inspection ............................................................................................... 98

Figure 35 LAN to WAN Traffic ............................................................................................. 106

Figure 36 WAN to LAN Traffic ............................................................................................. 106

List of Figures 19

ZyWALL P1 User’s Guide

Figure 37 Firewall: Default Rule ......................................................................................... 107

Figure 38 Firewall: Rule Summary ...................................................................................... 108

Figure 39 Firewall: Creating/Editing A Firewall Rule ........................................................... 110

Figure 40 Firewall: Creating/Editing A Custom Service ...................................................... 112

Figure 41 Firewall Example: Rule Summary ....................................................................... 113

Figure 42 Firewall Example: Rule Edit .............................................................................. 113

Figure 43 Firewall Example: Edit Custom Service ............................................................. 114

Figure 44 Firewall Example: My Service Rule Configuration .............................................. 115

Figure 45 Firewall Example: My Service Example Rule Summary ..................................... 116

Figure 46 Firewall: Anti-Probing .......................................................................................... 119

Figure 47 Firewall: Threshold .............................................................................................. 121

Figure 48 Encryption and Decryption .................................................................................. 124

Figure 49 IPSec Architecture .............................................................................................. 125

Figure 50 Transport and Tunnel Mode IPSec Encapsulation .............................................. 126

Figure 51 NAT Router Between IPSec Routers .................................................................. 132

Figure 52 IPSec Summary Fields ....................................................................................... 135

Figure 53 VPN Rules (IKE) ................................................................................................. 135

Figure 54 VPN Rules (IKE): Gateway Policy .................................................................... 136

Figure 55 VPN Rules (IKE): Network Policy ...................................................................... 141

Figure 56 VPN Rule (IKE): VPN Activation ....................................................................... 144

Figure 57 VPN: SA Monitor ................................................................................................. 145

Figure 58 VPN: Global Setting ............................................................................................ 146

Figure 59 Telecommuters Sharing One VPN Rule Example ............................................... 147

Figure 60 Telecommuters Using Unique VPN Rules Example ......................................... 148

Figure 61 Certificate Configuration Overview ..................................................................... 152

Figure 62 VPN: My Certificates ........................................................................................... 153

Figure 63 Certificate: My Certificate: Import ...................................................................... 155

Figure 64 Certificate: My Certificate: Create ....................................................................... 156

Figure 65 Certificate: My Certificate: Details ...................................................................... 159

Figure 66 Certificates: Trusted CAs .................................................................................... 162

Figure 67 Trusted CA Import ............................................................................................... 163

Figure 68 Certificates: Trusted CA: Details ......................................................................... 165

Figure 69 Certificates: Trusted Remote Hosts .................................................................... 168

Figure 70 Remote Host Certificates .................................................................................... 169

Figure 71 Certificate Details ............................................................................................... 170

Figure 72 Certificates: Trusted Remote Host: Import .......................................................... 171

Figure 73 Certificates: Trusted Remote Host: Details ......................................................... 172

Figure 74 Certificates: Directory Servers ............................................................................ 174

Figure 75 Certificates: Directory Server: Add ...................................................................... 175

Figure 76 How NAT Works .................................................................................................. 178

Figure 77 NAT Overview ..................................................................................................... 180

Figure 78 Multiple Servers Behind NAT Example ............................................................... 182

Figure 79 Port Translation Example .................................................................................... 183

20 List of Figures

ZyWALL P1 User’s Guide

Figure 80 NAT: Port Forwarding .......................................................................................... 184

Figure 81 Trigger Port Forwarding Process: Example ........................................................ 185

Figure 82 NAT: Port Triggering ............................................................................................ 186

Figure 83 Example of Static Routing Topology ................................................................... 187

Figure 84 Static Route .........................................................................................................188

Figure 85 Static Route: Edit .............................................................................................. 189

Figure 86 HTTPS Implementation ....................................................................................... 193

Figure 87 WWW ..................................................................................................................193

Figure 88 Security Alert Dialog Box (Internet Explorer) ...................................................... 195

Figure 89 Security Certificate 1 (Netscape) ........................................................................ 196

Figure 90 Security Certificate 2 (Netscape) ........................................................................ 196

Figure 91 Login Screen (Internet Explorer) ......................................................................... 198

Figure 92 Login Screen (Netscape) .................................................................................... 198

Figure 93 Replace Certificate .............................................................................................. 199

Figure 94 Device-specific Certificate ................................................................................... 199

Figure 95 Common ZyWALL Certificate .............................................................................. 200

Figure 96 SSH Communication Example ............................................................................ 200

Figure 97 How SSH Works ................................................................................................. 201

Figure 98 SSH ..................................................................................................................... 202

Figure 99 SSH Example 1: Store Host Key ......................................................................... 203

Figure 100 SSH Example 2: Test ....................................................................................... 204

Figure 101 SSH Example 2: Log in ..................................................................................... 204

Figure 102 Secure FTP: Firmware Upload Example .......................................................... 205

Figure 103 Telnet Configuration on a TCP/IP Network ....................................................... 205

Figure 104 Telnet ................................................................................................................ 206

Figure 105 FTP ................................................................................................................... 207

Figure 106 SNMP Management Model ............................................................................... 208

Figure 107 SNMP ................................................................................................................210

Figure 108 DNS .................................................................................................................. 211

Figure 109 CNM .................................................................................................................. 212

Figure 110 Configuring UPnP ............................................................................................. 216

Figure 111 UPnP Ports ........................................................................................................ 217

Figure 112 View Log ........................................................................................................... 225

Figure 113 Log Example ................................................................................................... 226

Figure 114 Log Settings ...................................................................................................... 228

Figure 115 Reports .............................................................................................................. 231

Figure 116 Web Site Hits Report Example .......................................................................... 232

Figure 117 Protocol/Port Report Example ........................................................................... 233

Figure 118 LAN IP Address Report Example ...................................................................... 234

Figure 119 General ............................................................................................................236

Figure 120 Password ......................................................................................................... 237

Figure 121 Time and Date ................................................................................................... 238

Figure 122 Synchronization in Process ............................................................................... 240

List of Figures 21

ZyWALL P1 User’s Guide

Figure 123 Synchronization is Successful .......................................................................... 241

Figure 124 Synchronization Fail .......................................................................................... 241

Figure 125 Firmware Upload ............................................................................................... 242

Figure 126 Firmware Upload In Process ............................................................................. 242

Figure 127 Network Temporarily Disconnected .................................................................. 243

Figure 128 Firmware Upload Error ...................................................................................... 243

Figure 129 Configuration ..................................................................................................... 244

Figure 130 Configuration Upload Successful ...................................................................... 245

Figure 131 Network Temporarily Disconnected .................................................................. 245

Figure 132 Configuration Upload Error ............................................................................... 246

Figure 133 Reset Warning Message ................................................................................... 246

Figure 134 Restart Screen .................................................................................................. 247

Figure 135 FTP Session Example ...................................................................................... 251

Figure 136 Restore Using FTP Session Example ............................................................... 254

Figure 137 FTP Session Example of Firmware File Upload ............................................... 255

Figure 138 Pop-up Blocker ................................................................................................. 259

Figure 139 Internet Options ............................................................................................... 259

Figure 140 Internet Options ................................................................................................ 260

Figure 141 Pop-up Blocker Settings ................................................................................... 261

Figure 142 Internet Options ................................................................................................ 262

Figure 143 Security Settings - Java Scripting ..................................................................... 263

Figure 144 Security Settings - Java .................................................................................... 264

Figure 145 Java (Sun) ......................................................................................................... 265

Figure 146 WIndows 95/98/Me: Network: Configuration ..................................................... 270

Figure 147 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 271

Figure 148 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 272

Figure 149 Windows XP: Start Menu .................................................................................. 273

Figure 150 Windows XP: Control Panel .............................................................................. 273

Figure 151 Windows XP: Control Panel: Network Connections: Properties ....................... 274

Figure 152 Windows XP: Local Area Connection Properties .............................................. 274

Figure 153 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 275

Figure 154 Windows XP: Advanced TCP/IP Properties ...................................................... 276

Figure 155 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 277

Figure 156 Macintosh OS 8/9: Apple Menu ........................................................................ 278

Figure 157 Macintosh OS 8/9: TCP/IP ................................................................................ 278

Figure 158 Macintosh OS X: Apple Menu ........................................................................... 279

Figure 159 Macintosh OS X: Network ................................................................................. 280

Figure 160 Single-Computer per Router Hardware Configuration ...................................... 290

Figure 161 ZyWALL as a PPPoE Client .............................................................................. 290

Figure 162 Transport PPP frames over Ethernet ............................................................... 291

Figure 163 PPTP Protocol Overview .................................................................................. 292

Figure 164 Example Message Exchange between Computer and an ANT ........................ 293

Figure 165 Ideal Setup ........................................................................................................ 295

22 List of Figures

ZyWALL P1 User’s Guide

Figure 166 “Triangle Route” Problem .................................................................................. 296

Figure 167 IP Alias .............................................................................................................. 297

Figure 168 Gateways on the WAN Side .............................................................................. 297

Figure 169 SIP User Agent Server ...................................................................................... 300

Figure 170 SIP Proxy Server .............................................................................................. 301

Figure 171 SIP Redirect Server .......................................................................................... 302

Figure 172 ZyWALL SIP ALG ............................................................................................. 303

Figure 173 VPN Rules ........................................................................................................ 306

Figure 174 Headquarters VPN Rule Edit ............................................................................ 307

Figure 175 Branch Office VPN Rule Edit ............................................................................ 308

Figure 176 VPN Rule Configured ........................................................................................ 309

Figure 177 VPN Dial ........................................................................................................... 309

Figure 178 VPN Tunnel Established ................................................................................... 310

Figure 179 Menu 27: VPN/IPSec Setup .............................................................................. 310

Figure 180 Menu 27.1: IPSec Summary ............................................................................. 311

Figure 181 Headquarters Menu 27.1.1: IPSec Setup ......................................................... 311

Figure 182 Branch Office Menu 27.1.1: IPSec Setup ......................................................... 312

Figure 183 Menu 27.1.1.1: IKE Setup ................................................................................. 313

Figure 184 VPN Log Example ............................................................................................ 314

Figure 185 IKE/IPSec Debug Example .............................................................................. 315

Figure 186 Security Certificate ............................................................................................ 317

Figure 187 Login Screen ..................................................................................................... 318

Figure 188 Certificate General Information before Import ................................................... 318

Figure 189 Certificate Import Wizard 1 ............................................................................... 319

Figure 190 Certificate Import Wizard 2 ............................................................................... 319

Figure 191 Certificate Import Wizard 3 ............................................................................... 320

Figure 192 Root Certificate Store ........................................................................................ 320

Figure 193 Certificate General Information after Import ..................................................... 321

Figure 194 ZyWALL Trusted CA Screen ............................................................................. 322

Figure 195 CA Certificate Example ..................................................................................... 323

Figure 196 Personal Certificate Import Wizard 1 ................................................................ 324

Figure 197 Personal Certificate Import Wizard 2 ................................................................ 324

Figure 198 Personal Certificate Import Wizard 3 ................................................................ 325

Figure 199 Personal Certificate Import Wizard 4 ................................................................ 325

Figure 200 Personal Certificate Import Wizard 5 ................................................................ 326

Figure 201 Personal Certificate Import Wizard 6 ................................................................ 326

Figure 202 Access the ZyWALL Via HTTPS ....................................................................... 326

Figure 203 SSL Client Authentication ................................................................................. 327

Figure 204 ZyWALL Secure Login Screen .......................................................................... 327

Figure 205 Displaying Log Categories Example ................................................................. 361

Figure 206 Displaying Log Parameters Example ................................................................ 361

List of Figures 23

ZyWALL P1 User’s Guide

24 List of Figures

ZyWALL P1 User’s Guide

List of Tables

Table 1 Feature Specifications ........................................................................................... 31

Table 2 Front Panel LEDs .................................................................................................. 37

Table 3 Web Configurator: HOME ...................................................................................... 43

Table 4 Navigation Panel: Menu Summary ........................................................................ 45

Table 5 Home: Show Statistics ........................................................................................... 47

Table 6 Home: DHCP Table ............................................................................................... 48

Table 7 Home: VPN Status ................................................................................................. 49

Table 8 Private IP Address Ranges ................................................................................... 51

Table 9 Internet Access Wizard: Ethernet Encapsulation .................................................. 54

Table 10 Internet Access Wizard: PPPoE Encapsulation .................................................. 55

Table 11 Internet Access Wizard: PPTP Encapsulation ..................................................... 57

Table 12 VPN Wizard: Gateway Policy Setting .................................................................. 60

Table 13 VPN Wizard: Network Setting .............................................................................. 61

Table 14 ESP and AH ........................................................................................................ 65

Table 15 VPN Wizard: IKE Tunnel Setting ......................................................................... 66

Table 16 VPN Wizard: IPSec Setting ................................................................................. 67

Table 17 VPN Wizard: VPN Status ..................................................................................... 69

Table 18 LAN: LAN .............................................................................................................76

Table 19 LAN: Static DHCP ................................................................................................ 78

Table 20 Example of Network Properties for LAN Servers with Fixed IP Addresses ......... 79

Table 21 WAN: Route ......................................................................................................... 80

Table 22 WAN: WAN: Ethernet .......................................................................................... 81

Table 23 WAN: WAN: PPPoE ............................................................................................ 84

Table 24 WAN: WAN: PPTP ............................................................................................... 86

Table 25 WAN: DDNS ........................................................................................................ 88

Table 26 Common IP Ports ................................................................................................ 93

Table 27 ICMP Commands That Trigger Alerts .................................................................. 96

Table 28 Legal NetBIOS Commands ................................................................................. 96

Table 29 Legal SMTP Commands ..................................................................................... 97

Table 30 Firewall: Default Rule .......................................................................................... 107

Table 31 Firewall: Rule Summary ...................................................................................... 108

Table 32 Firewall: Creating/Editing A Firewall Rule ........................................................... 111

Table 33 Firewall: Creating/Editing A Custom Service ....................................................... 112

Table 34 Predefined Services ............................................................................................ 116

Table 35 Firewall: Anti-Probing .......................................................................................... 119

Table 36 Firewall: Threshold .............................................................................................. 121

List of Tables 25

ZyWALL P1 User’s Guide

Table 37 VPN and NAT ...................................................................................................... 127

Table 38 ESP and AH ........................................................................................................ 130

Table 39 Local ID Type and Content Fields ....................................................................... 133

Table 40 Peer ID Type and Content Fields ........................................................................ 133

Table 41 Matching ID Type and Content Configuration Example ....................................... 134

Table 42 Mismatching ID Type and Content Configuration Example ................................. 134

Table 43 VPN Rules (IKE): Gateway Policy ....................................................................... 136

Table 44 VPN Rules (IKE): Add Policy ............................................................................... 141

Table 45 VPN Rule (IKE): VPN Activation .......................................................................... 144

Table 46 SA Monitor ...........................................................................................................145

Table 47 VPN: Global Setting ............................................................................................. 146

Table 48 Telecommuters Sharing One VPN Rule Example ............................................... 147

Table 49 Telecommuters Using Unique VPN Rules Example ............................................ 148

Table 50 Certificate: My Certificates ................................................................................... 153

Table 51 Certificate: My Certificate: Import ........................................................................ 155

Table 52 Certificate: My Certificate: Create ........................................................................ 156

Table 53 Certificate: My Certificate: Details ....................................................................... 160

Table 54 Certificates: Trusted CAs ..................................................................................... 162

Table 55 Certificates: Trusted CA: Import .......................................................................... 164

Table 56 Certificates: Trusted CA: Details .......................................................................... 165

Table 57 Certificates: Trusted Remote Hosts ..................................................................... 168

Table 58 Certificates: Trusted Remote Host: Import .......................................................... 171

Table 59 Certificates: Trusted Remote Host: Details .......................................................... 172

Table 60 Certificates: Directory Servers ............................................................................. 175

Table 61 Certificates: Directory Server: Add ...................................................................... 176

Table 62 NAT Definitions .................................................................................................... 177

Table 63 NAT Mapping Types ..................................................................................... 179

Table 64 NAT Overview ...................................................................................................... 180

Table 65 Services and Port Numbers ................................................................................. 182

Table 66 NAT: Port Forwarding .......................................................................................... 184

Table 67 NAT: Port Triggering ............................................................................................ 186

Table 68 Static Route .........................................................................................................188

Table 69 Static Route: Edit ................................................................................................. 189

Table 70 WWW ..................................................................................................................194

Table 71 SSH ..................................................................................................................... 202

Table 72 Telnet ................................................................................................................... 206

Table 73 FTP ...................................................................................................................... 207

Table 74 SNMP Traps ........................................................................................................ 209

Table 75 SNMP .................................................................................................................. 210

Table 76 DNS ..................................................................................................................... 211

Table 77 CNM .................................................................................................................... 212

Table 78 Configuring UPnP ................................................................................................ 216

Table 79 UPnP Ports .......................................................................................................... 217

26 List of Tables

ZyWALL P1 User’s Guide

Table 80 View Log .............................................................................................................. 226

Table 81 Example Log Description ..................................................................................... 226

Table 82 Log Settings .........................................................................................................229

Table 83 Reports ................................................................................................................ 231

Table 84 Web Site Hits Report ........................................................................................... 232

Table 85 Protocol/ Port Report ........................................................................................... 233

Table 86 LAN IP Address Report ....................................................................................... 234

Table 87 Report Specifications ........................................................................................... 234

Table 88 General ................................................................................................................ 236

Table 89 Password .............................................................................................................237

Table 90 Default Time Servers ........................................................................................... 237

Table 91 Time and Date ..................................................................................................... 239

Table 92 Firmware Upload ................................................................................................. 242

Table 93 Restore Configuration .......................................................................................... 244

Table 94 Filename Conventions ......................................................................................... 250

Table 95 General Commands for GUI-based FTP Clients ................................................. 251

Table 96 General Commands for GUI-based TFTP Clients ............................................... 253

Table 97 Troubleshooting the Start-Up of Your ZyWALL .................................................... 257

Table 98 Troubleshooting Accessing the ZyWALL ............................................................. 258

Table 99 Troubleshooting the LAN Interface ...................................................................... 265

Table 100 Troubleshooting the WAN Interface ................................................................... 266

Table 101 Troubleshooting Internet Access ....................................................................... 266

Table 102 Troubleshooting the Password .......................................................................... 266

Table 103 Troubleshooting Telnet ...................................................................................... 267

Table 104 Classes of IP Addresses ................................................................................... 281

Table 105 Allowed IP Address Range By Class ................................................................. 282

Table 106 “Natural” Masks ................................................................................................ 282

Table 107 Alternative Subnet Mask Notation ..................................................................... 283

Table 108 Two Subnets Example ....................................................................................... 283

Table 109 Subnet 1 ............................................................................................................284

Table 110 Subnet 2 ............................................................................................................284

Table 111 Subnet 1 ............................................................................................................. 285

Table 112 Subnet 2 ............................................................................................................285

Table 113 Subnet 3 ............................................................................................................285

Table 114 Subnet 4 ............................................................................................................286

Table 115 Eight Subnets .................................................................................................... 286

Table 116 Class C Subnet Planning ................................................................................... 286

Table 117 Class B Subnet Planning ................................................................................... 287

Table 118 SIP Call Progression .......................................................................................... 299

Table 119 Firewall Commands ........................................................................................... 331

Table 120 NetBIOS Filter Default Settings ......................................................................... 338

Table 121 Certificates Commands ..................................................................................... 341

Table 122 Brute-Force Password Guessing Protection Commands .................................. 345

List of Tables 27

ZyWALL P1 User’s Guide

Table 123 System Maintenance Logs ................................................................................ 347

Table 124 System Error Logs ............................................................................................. 348

Table 125 Access Control Logs .......................................................................................... 348

Table 126 TCP Reset Logs ................................................................................................ 349

Table 127 Packet Filter Logs .............................................................................................. 349

Table 128 ICMP Logs ......................................................................................................... 350

Table 129 CDR Logs .......................................................................................................... 350

Table 130 PPP Logs ........................................................................................................... 350

Table 131 UPnP Logs ........................................................................................................ 351

Table 132 Content Filtering Logs ....................................................................................... 351

Table 133 Attack Logs ........................................................................................................ 352

Table 134 IPSec Logs ........................................................................................................ 353

Table 135 IKE Logs ............................................................................................................353

Table 136 PKI Logs ............................................................................................................356

Table 137 Certificate Path Verification Failure Reason Codes ........................................... 357

Table 138 802.1X Logs ...................................................................................................... 358

Table 139 ACL Setting Notes ............................................................................................. 359

Table 140 ICMP Notes ....................................................................................................... 359

Table 141 Syslog Logs ....................................................................................................... 360

Table 142 RFC-2408 ISAKMP Payload Types ................................................................... 360

28 List of Tables

ZyWALL P1 User’s Guide

Preface

Congratulations on your purchase of the ZyWALL.

Note: Register your product online to receive e-mail notices of firmware upgrades and

information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.

Your ZyWALL is easy to install and configure.

About This User's Guide

This manual is designed to guide you through the configuration of your ZyWALL for its various applications.

Note: Use the web configurator or command interpreter interface (CLI) to configure

your ZyWALL. Not all features can be configured through all interfaces.