ZyXEL ZyWALL User Guide 3.60
ZyWALL 1
User's Guide
Version 3.60
April 2003
ZyWALL 1
Copyright
Copyright © 2003 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a
retrieval system, translated into any language, or transmitted in any form or by any means, electronic,
mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software
described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
ZyXEL further reserves the right to make changes in any products described herein without notice. This
publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc.
Other trademarks mentioned in this publication are used for identification purposes only and may be
properties of their respective owners.
Copyright i
ZyWALL 1
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or
workmanship for a period of up to one year from the date of purchase. During the warranty period, and upon
proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials,
ZyXEL will, at its discretion, repair or replace the defective products or components without charge for
either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to
proper operating condition. Any replacement will consist of a new or re-manufactured functionally
equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to
abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This
warranty is in lieu of all other warranties, express or implied, including any implied warranty of
merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect
or consequential damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material
Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be
insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty
will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor.
All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage
Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country
to country.
Online Registration
Don't forget to register your ZyXEL product (fast, easy online registration at www.zyxel.com) for free future
product updates and information.
ii ZyXEL Limited Warranty
Customer Support
Please have the following information ready when you contact customer support.
Product model and serial number.
Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve it.
ZyWALL 1
METHOD
LOCATION
WORLDWIDE
AMERICA
E-MAIL
SUPPORT/SALES
support@zyxel.com.tw
sales@zyxel.com.tw
support@zyxel.com +1-714-632-0882
sales@zyxel.com
support@zyxel.dk +45-3955-0700 www.zyxel.dk SCANDINAVIA
sales@zyxel.dk
support@zyxel.de +49-2405-6909-0 www.zyxel.de GERMANY
sales@zyxel.de
+886-3-578-2439 ftp.europe.zyxel.com
+1-714-632-0858 ftp.zyxel.com
+45-3955-0707 ftp.zyxel.dk
+49-2405-6909-99
TELEPHONE/FAX WEB SITE/ FTP SITE REGULAR MAIL
+886-3-578-3942 www.zyxel.com
www.europe.zyxel.com
www.zyxel.com NORTH
800-255-4101
ZyXEL Communications Corp.,
6 Innovation Road II, ScienceBased Industrial Park, Hsinchu
300, Taiwan
ZyXEL Communications Inc.,
1650 Miraloma Avenue,
Placentia, CA 92870, U.S.A.
ZyXEL Communications A/S,
Columbusvej 5, 2860 Soeborg,
Denmark
ZyXEL Deutschland GmbH.
Adenauerstr. 20/A2 D-52146
Wuerselen, Germany
Customer Support iii
ZyWALL 1
Table of Contents
Copyright........................................................................................................................................................ i
ZyXEL Limited Warranty .............................................................................................................................ii
Customer Support ......................................................................................................................................... iii
List of Figures.............................................................................................................................................viii
List of Tables ................................................................................................................................................ xi
List of Charts ..............................................................................................................................................xiii
List of Diagrams ......................................................................................................................................... xiv
Preface ......................................................................................................................................................... xv
Getting Started....................................................................................................................................................I
Chapter 1 Getting to Know Your ZyWALL...............................................................................................1-1
1.1 The ZyWALL Internet Security Gateway...................................................................................1-1
1.2 Features of the ZyWALL............................................................................................................1-1
1.3 ZyWALL Application.................................................................................................................1-3
Chapter 2 Hardware Installation .................................................................................................................2-1
2.1 ZyWALL Front Panel.................................................................................................................2-1
2.2 ZyWALL Rear Panel and Connections.......................................................................................2-2
2.3 Additional Installation Requirements .........................................................................................2-3
2.4 Turning on Your ZyWALL ........................................................................................................2-4
2.5 ZyWALL Configuration .............................................................................................................2-4
Chapter 3 Introducing the Web Configurator .............................................................................................3-1
3.1 Accessing the ZyWALL Web Configurator ...............................................................................3-1
3.2 Navigating the ZyWALL Web Configurator..............................................................................3-1
3.3 Overview of the ZyWALL Web Configurator............................................................................3-2
Chapter 4 Wizard Setup..............................................................................................................................4-1
4.1 Introduction to Wizard Screens...................................................................................................4-1
4.2 Wizard Setup: Screen 2...............................................................................................................4-2
iv Table of Contents
ZyWALL 1
4.3 Wizard Setup: Screen 3.............................................................................................................. 4-8
4.4 Basic Setup Complete .............................................................................................................. 4-12
Advanced .......................................................................................................................................................... II
Chapter 5 System ....................................................................................................................................... 5-1
5.1 About System Setup................................................................................................................... 5-1
5.2 General Setup............................................................................................................................. 5-1
5.3 Dynamic DNS ............................................................................................................................ 5-2
5.4 Password .................................................................................................................................... 5-4
5.5 Time Zone.................................................................................................................................. 5-5
Chapter 6 LAN and WAN.......................................................................................................................... 6-1
6.1 DHCP Setup............................................................................................................................... 6-1
6.2 LAN TCP/IP .............................................................................................................................. 6-1
6.3 WAN Setup ................................................................................................................................ 6-5
Chapter 7 SUA/NAT.................................................................................................................................. 7-1
7.1 The SUA/NAT Screen ............................................................................................................... 7-1
Chapter 8 Static Route ............................................................................................................................... 8-1
8.1 General Information About Static Routes .................................................................................. 8-1
8.2 IP Static Route Summary ........................................................................................................... 8-1
Chapter 9 UPnP.......................................................................................................................................... 9-1
9.1 Introducing Universal Plug and Play.......................................................................................... 9-1
9.2 UPnP and ZyXEL ...................................................................................................................... 9-2
9.3 Installing UPnP in Windows Example....................................................................................... 9-3
9.4 Using UPnP in Windows XP Example ...................................................................................... 9-5
Chapter 10 SNMP .................................................................................................................................... 10-1
10.1 About SNMP............................................................................................................................ 10-1
10.2 Supported MIBs ....................................................................................................................... 10-2
10.3 SNMP Configuration ............................................................................................................... 10-2
Table of Contents v
ZyWALL 1
10.4 SNMP Traps .............................................................................................................................10-3
Advanced Management ................................................................................................................................... III
Chapter 11 Firewall ..................................................................................................................................11-1
11.1 Introduction...............................................................................................................................11-1
11.2 The Firewall and NAT..............................................................................................................11-3
11.3 Firewall Settings .......................................................................................................................11-4
11.4 Filter..........................................................................................................................................11-6
11.5 Services.....................................................................................................................................11-8
Chapter 12 VPN/IPSec .............................................................................................................................12-1
12.1 Introduction...............................................................................................................................12-1
12.2 IPSec Architecture .................................................................................................................... 12-2
12.3 IPSec and NAT ......................................................................................................................... 12-3
12.4 ZyWALL 1 VPN ......................................................................................................................12-4
12.5 VPN/IPSec Screen 1: VPN/IPSec Setup Tab............................................................................12-4
12.6 VPN/IPSec Setup: IKE ...........................................................................................................12-12
12.7 VPN/IPSec Setup: Manual......................................................................................................12-16
12.8 Advanced VPN Setup .............................................................................................................12-19
12.9 The VPN/IPSec Screen: SA Monitor Tab...............................................................................12-29
12.10 Configuring Global Setting................................................................................................. 12-31
Chapter 13 Centralized Logs ....................................................................................................................13-1
13.1 View Log ..................................................................................................................................13-1
13.2 Log Settings .............................................................................................................................. 13-3
Maintenance.....................................................................................................................................................IV
Chapter 14 Maintenance ........................................................................................................................... 14-1
14.1 Maintenance Overview ............................................................................................................. 14-1
14.2 Status Screen.............................................................................................................................14-1
14.3 DHCP Table Screen.................................................................................................................. 14-4
vi Table of Contents
ZyWALL 1
14.4 F/W Upload Screen.................................................................................................................. 14-5
14.5 Configuration Screen ............................................................................................................... 14-7
Chapter 15 Firmware and Configuration File Maintenance Commands.................................................. 15-1
15.1 Filename Conventions.............................................................................................................. 15-1
15.2 Backup Configuration .............................................................................................................. 15-2
15.3 Restore or Upload a Configuration File ................................................................................... 15-4
15.4 Uploading a Firmware File ...................................................................................................... 15-5
Chapter 16 Troubleshooting..................................................................................................................... 16-1
16.1 Problems Starting Up the ZyWALL ........................................................................................ 16-1
16.2 Problems with the Password .................................................................................................... 16-1
16.3 Problems with the LAN Interface ............................................................................................ 16-2
16.4 Problems with the WAN Interface........................................................................................... 16-2
16.5 Problems with Internet Access................................................................................................. 16-3
16.6 Problems with the Firewall ......................................................................................................16-3
Appendices and Index....................................................................................................................................... V
Appendix A PPPoE....................................................................................................................................... A
Appendix B PPTP......................................................................................................................................... C
Appendix C IP Subnetting ............................................................................................................................G
Appendix D Power Adapter Specifications...................................................................................................O
Appendix E Setting up Your Computer’s IP Address................................................................................... Q
Appendix F Log Descriptions.................................................................................................................... CC
Appendix G Brute-Force Password Guessing Protection ........................................................................... SS
Index ..........................................................................................................................................................UU
Table of Contents vii
ZyWALL 1
List of Figures
Figure 1-1 Internet Access Application ..........................................................................................................1-4
Figure 2-1 Front Panel ....................................................................................................................................2-1
Figure 2-2 Rear Panel .....................................................................................................................................2-2
Figure 3-1 Change Password Screen ..............................................................................................................3-1
Figure 3-2 The MAIN MENU Screen of the Web Configurator....................................................................3-2
Figure 3-3 Overview of the ZyWALL Web Configurator..............................................................................3-3
Figure 4-1 Wizard 1........................................................................................................................................4-2
Figure 4-2 Wizard 2: PPTP Encapsulation .....................................................................................................4-5
Figure 4-3 Wizard2: PPPoE Encapsulation ....................................................................................................4-7
Figure 4-4 Wizard 3...................................................................................................................................... 4-11
Figure 5-1 System General Setup ...................................................................................................................5-1
Figure 5-2 System DDNS...............................................................................................................................5-3
Figure 5-3 System Password...........................................................................................................................5-4
Figure 5-4 System Time/Date.........................................................................................................................5-5
Figure 6-1 LAN Setup ....................................................................................................................................6-3
Figure 6-2 Ethernet Encapsulation..................................................................................................................6-5
Figure 6-3 PPPoE Encapsulation....................................................................................................................6-6
Figure 6-4 PPTP Encapsulation......................................................................................................................6-8
Figure 6-5 IP Setup.......................................................................................................................................6-10
Figure 6-6 MAC Setup .................................................................................................................................6-13
Figure 7-1 Multiple Servers Behind NAT Example .......................................................................................7-2
Figure 7-2 SUA/NAT Setup ...........................................................................................................................7-3
Figure 8-1 Example of Static Routing Topology............................................................................................8-1
Figure 8-2 IP Static Route Summary..............................................................................................................8-2
Figure 8-3 Edit IP Static Route....................................................................................................................... 8-3
List of Figures viii
ZyWALL 1
Figure 9-1 Configuring UPnP ........................................................................................................................ 9-2
Figure 10-1 SNMP Management Model...................................................................................................... 10-1
Figure 10-2 SNMP Configuration................................................................................................................ 10-3
Figure 11-1 Firewall Rule Directions........................................................................................................... 11-3
Figure 11-2 Firewall Settings....................................................................................................................... 11-5
Figure 11-3 Firewall Filter........................................................................................................................... 11-7
Figure 11-4 Firewall Service........................................................................................................................ 11-9
Figure 12-1 Encryption and Decryption....................................................................................................... 12-2
Figure 12-2 IPSec Architecture.................................................................................................................... 12-3
Figure 12-3 NAT Router Between IPSec Routers ....................................................................................... 12-5
Figure 12-4 Telecommuter's ZyWALL Configuration ................................................................................ 12-8
Figure 12-5 Transport and Tunnel Mode IPSec Encapsulation ................................................................... 12-9
Figure 12-6 VPN/IPSec Setup: IKE........................................................................................................... 12-12
Figure 12-7 VPN/IPSec Setup: Manual ..................................................................................................... 12-16
Figure 12-8 Two Phases to set up the IPSec SA........................................................................................ 12-20
Figure 12-9 The ZyWALL, the Secure Remote Gateway and IKE Fields................................................. 12-21
Figure 12-10 Advanced VPN/IPSec Configuration ...................................................................................12-24
Figure 12-11 SA Monitor........................................................................................................................... 12-30
Figure 12-12 Global Setting....................................................................................................................... 12-31
Figure 13-1 View Log.................................................................................................................................. 13-2
Figure 13-2 Log Settings.............................................................................................................................. 13-4
Figure 14-1 System Status ........................................................................................................................... 14-1
Figure 14-2 System Status: Show Statistics................................................................................................. 14-3
Figure 14-3 DHCP Table ............................................................................................................................. 14-4
Figure 14-4 Firmware Upgrade.................................................................................................................... 14-5
Figure 14-5 Firmware Upgrade.................................................................................................................... 14-6
Figure 14-6 Firmware Upload In Process .................................................................................................... 14-6
List of Figures ix
ZyWALL 1
Figure 14-7 Network Temporarily Disconnected ......................................................................................... 14-6
Figure 14-8 Firmware Upload Error.............................................................................................................14-7
Figure 14-9 Configuration ............................................................................................................................14-8
Figure 14-10 Reset Warning Message..........................................................................................................14-9
Figure 14-11 Configuration Upload Successful..........................................................................................14-10
Figure 14-12 Network Temporarily Disconnected .....................................................................................14-10
Figure 14-13 Configuration Upload Error ..................................................................................................14-11
Figure 15-1 FTP Session Example ...............................................................................................................15-2
Figure 15-2 Restore Using FTP Session Example........................................................................................15-5
Figure 15-3 FTP Session Example of Firmware File Upload .......................................................................15-6
List of Figures x
ZyWALL 1
List of Tables
Table 4-1 Wizard 2: Ethernet Encapsulation ................................................................................................. 4-3
Table 4-2 Ethernet Encapsulation.................................................................................................................. 4-3
Table 4-3 PPTP Encapsulation....................................................................................................................... 4-5
Table 4-4 PPPoE Encapsulation..................................................................................................................... 4-7
Table 4-5 Private IP Address Ranges............................................................................................................. 4-8
Table 4-6 Example of Network Properties for LAN Servers with Fixed IP Addresses ............................... 4-10
Table 4-7 WAN Setup.................................................................................................................................. 4-11
Table 5-1 System General Setup.................................................................................................................... 5-1
Table 5-2 System DDNS................................................................................................................................ 5-3
Table 5-3 System Password ........................................................................................................................... 5-5
Table 5-4 System Time/Date ......................................................................................................................... 5-6
Table 6-1 LAN Setup..................................................................................................................................... 6-3
Table 6-2 Ethernet Encapsulation.................................................................................................................. 6-5
Table 6-3 PPPoE Encapsulation..................................................................................................................... 6-7
Table 6-4 PPTP Encapsulation....................................................................................................................... 6-8
Table 6-5 IP Setup........................................................................................................................................ 6-10
Table 7-1 Services and Port Numbers............................................................................................................ 7-2
Table 7-2 SUA/NAT Setup............................................................................................................................ 7-4
Table 8-1 IP Static Route Summary............................................................................................................... 8-2
Table 8-2 Edit IP Static Route ....................................................................................................................... 8-3
Table 9-1 Configuring UPnP ......................................................................................................................... 9-3
Table 10-1 SNMP Requests/Responses ....................................................................................................... 10-2
Table 10-2 SNMP Configuration Menu Fields............................................................................................ 10-3
Table 10-3 SNMP Traps .............................................................................................................................. 10-4
Table 11-1 Firewall Settings ........................................................................................................................ 11-5
Table 11-2 Firewall Filter ............................................................................................................................ 11-7
List of Tables, Charts and Diagrams xi
ZyWALL 1
Table 11-3 Firewall Service..........................................................................................................................11-9
Table 12-1 VPN and NAT............................................................................................................................12-4
Table 12-2 Local ID Type and Content Fields .............................................................................................12-6
Table 12-3 Peer ID Type and Content Fields ...............................................................................................12-7
Table 12-4 Matching ID Type and Content Configuration Example............................................................12-7
Table 12-5 Mismatching ID Type and Content Configuration Example...................................................... 12-7
Table 12-6Telecommuter and Headquarters Configuration Example ..........................................................12-8
Table 12-7 AH AND ESP...........................................................................................................................12-10
Table 12-8 VPN/IPSec Setup: IKE.............................................................................................................12-12
Table 12-9 VPN/IPSec Setup: Manual .......................................................................................................12-17
Table 12-10 The ZyWALL and the Secure Remote Gateway: IKE Fields.................................................12-21
Table 12-11 Advanced VPN Extra Configuration Fields ...........................................................................12-22
Table 12-12 Advanced VPN/IPSec Configuration.....................................................................................12-25
Table 12-13 SA Monitor Tab Fields...........................................................................................................12-30
Table 12-14 SA Monitor.............................................................................................................................12-31
Table 13-1 View Log.................................................................................................................................... 13-2
Table 13-2 Log Settings................................................................................................................................13-5
Table 14-1 System Status .............................................................................................................................14-2
Table 14-2 System Status: Show Statistics...................................................................................................14-3
Table 14-3 DHCP Table ...............................................................................................................................14-4
Table 14-4 Restore Configuration ................................................................................................................14-9
Table 15-1 Filename Conventions................................................................................................................ 15-2
Table 15-2 General Commands for GUI-based FTP Clients ........................................................................15-3
Table 15-3 General Commands for GUI-based TFTP Clients......................................................................15-4
Table 16-1 Troubleshooting the Start-Up of Your ZyWALL.......................................................................16-1
Table 16-2 Troubleshooting the Password....................................................................................................16-1
Table 16-3 Troubleshooting the LAN Interface ...........................................................................................16-2
xii List of Tables, Charts and Diagrams
ZyWALL 1
Table 16-4 Troubleshooting the WAN Interface ......................................................................................... 16-2
Table 16-5 Troubleshooting Internet Access ............................................................................................... 16-3
Table 16-6 Troubleshooting the Firewall..................................................................................................... 16-3
List of Charts
Chart 1 Classes of IP Addresses........................................................................................................................G
Chart 2 Allowed IP Address Range By Class ................................................................................................... H
Chart 3 “Natural” Masks...................................................................................................................................H
Chart 4 Alternative Subnet Mask Notation ........................................................................................................ I
Chart 5 Subnet 1................................................................................................................................................. J
Chart 6 Subnet 2................................................................................................................................................. J
Chart 7 Subnet 1................................................................................................................................................K
Chart 8 Subnet 2................................................................................................................................................K
Chart 9 Subnet 3................................................................................................................................................K
Chart 10 Subnet 4.............................................................................................................................................. K
Chart 11 Eight Subnets ..................................................................................................................................... L
Chart 12 Class C Subnet Planning ................................................................................................................... M
Chart 13 Class B Subnet Planning ................................................................................................................... M
Chart 14 System Error Logs........................................................................................................................... CC
Chart 15 System Maintenance Logs............................................................................................................... CC
Chart 16 UPnP Logs ......................................................................................................................................DD
Chart 17 Content Filtering Logs ....................................................................................................................DD
Chart 18 Attack Logs ...................................................................................................................................... EE
Chart 19 Access Logs ....................................................................................................................................HH
Chart 20 ACL Setting Notes .......................................................................................................................... KK
Chart 21 ICMP Notes...................................................................................................................................... LL
List of Tables, Charts and Diagrams xiii
ZyWALL 1
Chart 22 Sample IKE Key Exchange Logs.................................................................................................... NN
Chart 23 Sample IPSec Logs During Packet Transmission.............................................................................PP
Chart 24 RFC-2408 ISAKMP Payload Types ............................................................................................... QQ
Chart 25 Brute-Force Password Guessing Protection Commands...................................................................SS
List of Diagrams
Diagram 1 Single-PC per Modem Hardware Configuration............................................................................. A
Diagram 2 ZyWALL as a PPPoE Client........................................................................................................... B
Diagram 3 Transport PPP frames over Ethernet............................................................................................... C
Diagram 4 PPTP Protocol Overview................................................................................................................ D
Diagram 5 Example Message Exchange between PC and an ANT .................................................................. D
Diagram 6 Example VPN Initiator IPSec Log.............................................................................................. MM
Diagram 7 Example VPN Responder IPSec Log........................................................................................... NN
xiv List of Tables, Charts and Diagrams
ZyWALL 1
Preface
ZyWALL
Congratulations on your purchase of the ZyWALL.
The ZyWALL is an integrated firewall solution that features Virtual Private Networking (VPN). By
integrating Network Address Translation (NAT) and International Computer Security Association (ICSA)
certified firewall capability, ZyXEL’s ZyWALL provides not Internet access, but also a complete security
solution.
Your ZyWALL is easy to install and to configure. The embedded web configurator is a convenient platform
independent GUI (Graphical User Interface) that allows you to access and configure the ZyWALL's
management settings.
About This User's Guide
This user's guide helps you connect your ZyWALL hardware, explains how to access and use the web
configurator, as well as background information on the features of your ZyWALL. Advanced users may use
the CI commands listed in the support notes.
Screen specific help (embedded help) is included with the web configurator and
will guide you through the configuration of your ZyWALL.
Related Documentation
ZyXEL Glossary and Web Site
Please refer to www.zyxel.com for an online glossary of networking terms and additional support
documentation.
Syntax Conventions
Mouse action sequences are denoted using a comma. For example, click Start, Settings, Control
Panel, Network means first you click Start, move the mouse pointer over Settings, then move the
mouse pointer over Control Panel and finally click Network.
“Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one
of the predefined choices.
Menu titles, field choices and labels are in Bold Times New Roman font.
A single keystroke is in Arial font and enclosed in square brackets, for instance, [ENTER] means the
Enter, or carriage return, key; [ESC] means the Escape key.
For brevity’s sake, we will use “e.g.” as a shorthand for “for instance”, and “i.e.” as a shorthand for
“that is” or “in other words” throughout this manual.
Preface xv
ZyWALL 1
The ZyWALL may also be referred to as the device in this guide.
xvi Preface
Getting Started
Part I:
Getting Started
This part covers Getting to Know Your ZyWALL, Hardware Installation, Introducing the Web
Configurator and Wizard Setup.
I
ZyWALL 1
Chapter 1
Getting to Know Your ZyWALL
This chapter introduces the main features and applications of the ZyWALL.
1.1 The ZyWALL Internet Security Gateway
The ZyWALL is an integrated firewall solution that features one Virtual Private Network (VPN) tunnel. The
auto-negotiating 10/100Mbps Ethernet ports are available for direct LAN access. By integrating Network
Address Translation (NAT) and International Computer Security Association (ICSA) certified firewall
capability, ZyWALL 1 provides not only the ease of installation and Internet access, but also a complete
security solution for network environments.
1.2 Features of the ZyWALL
The following are the main features of the ZyWALL.
IPSec VPN Capability
Establish a Virtual Private Network (VPN) tunnel to connect one (home) office computer to your company
network using data encryption and the Internet thus providing secure communications without the expense of
leased site-to-site lines. The ZyWALL’s VPN is based on the IPSec standard and is fully interoperable with
other IPSec-based VPN products.
Firewall
The ZyWALL uses a stateful inspection firewall with DoS (Denial of Service) protection. By default, when
the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from
the LAN. The ZyWALL firewall supports TCP/UDP inspection, DoS detection and protection, real time
alerts, NETBIOS packet filtering, and logs.
4-Port Switch
A combination of switch and router makes your ZyWALL a cost-effective and viable network solution. You
can add up to four computers to the ZyWALL without the cost of a hub. Add more than four computers to
your LAN by using a hub.
Auto-negotiating LAN 10/100M Ethernet/Fast LAN Interface
A bandwidth-sensitive 10/100Mbps switch provides greater network efficiency than traditional hubs because
the bandwidth is dedicated and not shared. This auto-negotiation feature allows the ZyWALL to detect the
speed of incoming transmissions and adjust appropriately without manual intervention. It allows data
transfers of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your
Ethernet network.
Getting to Know Your ZyWALL 1-1
ZyWALL 1
Content Filtering
The ZyWALL can block web features such as ActiveX controls, Java applets and cookies, as well as disable
web proxies. The ZyWALL can also block specific URLs by using the keyword feature.
Brute-Force Password Guessing Protection
The ZyWALL has a special protection mechanism to discourage brute-force password guessing attacks on
the ZyWALL’s management interfaces. You can specify a wait-time that must expire before entering a fourth
password after three incorrect passwords have been entered. Please see the appendices for details about this
feature.
Web Configurator
Your ZyWALL includes an intuitive web configurator that makes setup and configuration easy. Included
with the web configurator is embedded help designed to assist you during setup/configuration.
NAT (Network Address Translation)/SUA (Single User Account)
NAT (RFC 1631) or SUA allows the translation of an Internet Protocol address used within one network to a
different IP address known within another network. NAT/SUA allows you to direct traffic to individual
computers on your LAN, or to a designated default server computer, based on the port number request of
incoming traffic. You may enter a single port number or a range of port numbers to be forwarded, and the
local IP address of the desired server.
SNMP
SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information
between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyWALL supports SNMP
agent functionality, which allows a manager station to manage and monitor the ZyWALL through the
network. The ZyWALL supports SNMP version one (SNMPv1).
DHCP Support
DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the
TCP/IP configuration at start-up from a centralized DHCP server. The ZyWALL has built-in DHCP server
capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS
servers to Windows 9X, Windows NT and other systems that support the DHCP client. The ZyWALL can
also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the real
DHCP server to the clients.
Dynamic DNS Support
With Dynamic DNS support, you can have a static host name alias for a dynamic IP address, allowing the
host to be more easily accessible from various locations on the Internet. You must register for this service
with a Dynamic DNS provider.
1-2 Getting to Know Your ZyWALL
ZyWALL 1
IP Multicast
Traditionally, IP packets are transmitted in two ways - unicast or broadcast. Multicast is a third way to
deliver IP packets to a group of hosts. IGMP (Internet Group Management Protocol) is the protocol used to
support multicast groups. The latest version is version 2 (see RFC 2236). The ZyWALL supports versions 1
and 2.
PPPoE Support
PPPoE facilitates the interaction of a host with a broadband modem to achieve access to high-speed data
networks via a familiar "dial-up networking" user interface.
PPTP Support
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a
remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network.
PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the
Internet. Use PPTP to connect to a broadband modem to achieve access to high-speed data networks via a
familiar "dial-up networking" user interface.
Full Network Management
Your ZyWALL has a convenient web configurator and also supports an FTP (File Transfer Protocol) server
for remote management and TFTP (Trivial FTP). Advanced users can also use FTP/TFTP and CI commands
for configuration and management.
Logging and Tracing
The ZyWALL has built-in message logging and packet tracing.
Embedded FTP and TFTP Services
The ZyWALL's embedded FTP and TFTP services enable fast firmware upgrades as well as configuration
file backups and restoration.
1.3 ZyWALL Application
Connect the ZyWALL to the Internet via a broadband modem. A typical Internet access application is shown
next. One computer on the LAN can use a VPN tunnel from the ZyWALL to a remote IPSec router.
Getting to Know Your ZyWALL 1-3
ZyWALL 1
Figure 1-1 Internet Access Application
1-4 Getting to Know Your ZyWALL
Hardware Installation
This chapter shows you how to connect hardware and perform the initial setup.
2.1 ZyWALL Front Panel
The LEDs on the front panel indicate the operational status of the ZyWALL.
Figure 2-1 Front Panel
The following table describes ZyWALL LED functions.
LED COLOR STATUS DESCRIPTION
PWR Green On The ZyWALL is on and receiving power.
Off The ZyWALL is not receiving power.
Flashing The ZyWALL is performing a self-test.
WAN Green On The WAN link is connected.
Off The WAN link is not ready, or has failed.
Flashing The 10M WAN link is sending/receiving packets.
LAN 1-4 Green On The ZyWALL is connected to a 10M LAN.
Off The 10M LAN is not connected.
Flashing The 10M LAN is sending/receiving packets.
Orange On The ZyWALL is connected to a 100Mbps LAN.
Off The 100M LAN is not connected.
Flashing The 100M LAN is sending/receiving packets.
ZyWALL 1
Chapter 2
Hardware Installation 2-1
ZyWALL 1
2.2 ZyWALL Rear Panel and Connections
The following figure shows the rear panel of your ZyWALL.
Figure 2-2 Rear Panel
2.2.1 WAN 10M Port
The WAN connection cable should be STP (Shielded Twisted Pair).
Connecting the ZyWALL to a Cable Modem
Connect the WAN 10M port on the ZyWALL to the Ethernet port on your cable modem using the Ethernet
cable that came with your cable modem. The Ethernet port on a cable modem is sometimes labeled "PC" or
"Workstation".
Connecting the ZyWALL to a DSL Modem
Connect the WAN 10M port on the ZyWALL to the Ethernet port on your DSL modem using the Ethernet
cable that came with your DSL modem.
2-2 Hardware Installation
ZyWALL 1
2.2.2 LAN 10/100M 1-4 Ports
You can connect up to four computers directly to the ZyWALL. For each computer, connect a 10/100M LAN
port on the ZyWALL to the Network Adapter on the computer using a straight-through Ethernet cable.
If you want to connect more than three computers to your ZyWALL, you must use an external hub. Connect
a 10/100M LAN port on the ZyWALL to a port on the hub using a crossover Ethernet cable.
When the ZyWALL is on and correctly connected to a computer or hub, the corresponding LAN LED on the
front panel will turn on.
2.2.3 POWER 5VDC Port
Connect the round end of the power adapter to the port labeled POWER 5VDC on the rear
panel of your ZyWALL.
To avoid damage to the ZyWALL, make sure you use the correct power adapter.
Refer to the Power Adapter Specification Appendix for this information.
2.2.4 RESET Button
If you have forgotten your password or cannot access the ZyWALL you will need to use the RESET button
on the rear panel of the ZyWALL to reload the factory-default configuration file. Uploading the
configuration file replaces the current configuration file with the default configuration file and deletes all
previous ZyWALL configurations. The following are the factory defaults for the ZyWALL.
• IP address: 192.168.1.1
• Password: 1234
2.2.5 Procedure To Use The RESET Button
Step 1. Use a pen or pointed object to press the RESET button for 5-10 seconds, then release it.
Step 2. If the LAN LEDs flash within 30 seconds, the factory defaults have been restored and the
ZyWALL restarts. Otherwise, go to step 3.
Step 3. Turn the ZyWALL off.
Step 4. While pressing the RESET button, turn the ZyWALL on.
Step 5. Continue to hold the RESET button for about 30 seconds. The ZyWALL restarts.
Step 6. Release the RESET button and wait for the ZyWALL to finish restarting.
2.3 Additional Installation Requirements
1. A computer(s) with an installed Ethernet NIC (Network Interface Card).
Hardware Installation 2-3
ZyWALL 1
2. A cable/xDSL modem and an ISP account.
2.4 Turning on Your ZyWALL
At this point, you should have connected the LAN port(s), the WAN port and the POWER port to the
appropriate devices or lines. Plug the power adapter into an appropriate power source.
The PWR LED turns on. The WAN LED and the LAN LED (s) turn on after the system tests are complete if
proper connections have been made to the LAN and WAN ports.
2.5 ZyWALL Configuration
2.5.1 Using the Web Configurator
The quickest and easiest way to configure the ZyWALL is via the web configurator. Some configuration
options are available using FTP/TFTP (for example, you can use FTP to upload firmware) and CI commands,
but the web configurator is by far the most comprehensive and user-friendly way to configure your
ZyWALL.
2.5.2 Using FTP/TFTP
Refer to the Firmware and Configuration File Maintenance Commands chapter to learn how to upload
firmware and configuration files using FTP/TFTP.
2.5.3 Using CI Commands
CI commands are recommended for advanced users only. Refer to the support notes for a list of CI
commands.
2-4 Hardware Installation
ZyWALL 1
Chapter 3
Introducing the Web Configurator
This chapter describes how to access the ZyWALL web configurator and provides an overview of
its screens.
3.1 Accessing the ZyWALL Web Configurator
Step 1. Make sure your ZyWALL hardware is properly connected (refer to instructions in Chapter 2).
Step 2. Prepare your computer/computer network to connect to the ZyWALL (refer to the Quick Start
Guide).
Step 3. Launch your web browser.
Step 4. Type "192.168.1.1" as the URL.
Step 5. Type "1234" (default) as the password and click Login. In some versions, the default password
appears automatically - if this is the case, click Login.
Step 6. You should see a screen asking you to change your password (highly recommended) as shown
next. Type a new password (and retype it to confirm) and click Apply or click Ignore.
Figure 3-1 Change Password Screen
Step 7. You should now see the MAIN MENU screen.
The ZyWALL automatically times out after five minutes of inactivity. Simply log
back into the ZyWALL if this happens to you.
3.2 Navigating the ZyWALL Web Configurator
Introducing the Web Configurator 3-1
ZyWALL 1
A
The following summarizes how to navigate the web configurator from the MAIN MENU screen.
Click WIZARD for initial
configuration including general
setup, ISP parameters for Internet
ccess and WAN IP/DNS
Server/MAC address assignment.
Use these links to configure features such as SYSTEM (General Setup,
Dynamic DNS, Password, Time Zone), LAN (DHCP Setup, TCP/IP Setup),
WAN (ISP, IP, MAC), SUA/NAT, STATIC ROUTE (Route Entry), UPNP,
SNMP, FIREWALL (Firewall Settings, Content Filtering, Service Blocking)
VPN/IPSec (Setup, Monitor) and Logs (View Log, Log settings).
Click LOGOUT at
any time to exit the
web configurator.
Click MAINTENANCE to view information about your ZyWALL or upgrade
configuration/firmware files. Maintenance includes SYSTEM STATUS (Statistics), DHCP
TABLE, F/W (firmware) UPGRADE and CONFIGURATION (Backup, Restore Default).
Figure 3-2 The MAIN MENU Screen of the Web Configurator
Follow the instructions you see in the MAIN MENU screen or click the
(located in the top right corner of most screens) to view embedded help.
The
icon does not appear in the MAIN MENU screen.
If you forget your password, refer to section 2.2.4 to reset the default configuration file.
3.3 Overview of the ZyWALL Web Configurator
The following figure illustrates an overview of the features of the web configurator.
icon
3-2 Introducing the Web Configurator
Loading...