ZyXEL ZyWALL 1 User Guide 3.50

ZyWALL 1

Internet Security Gateway

User's Guide

Version 3.50

December 2001

ZyWALL 1 Internet Security Gateway

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

ii Copyright

ZyWALL 1 Internet Security Gateway

Federal Communications Commission (FCC)

Interference Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired

operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

1. Reorient or relocate the receiving antenna.

2. Increase the separation between the equipment and the receiver.

3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

4. Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Certifications

Refer to the product page at www.zyxel.com.

FCC iii

ZyWALL 1 Internet Security Gateway

Information for Canadian Users

The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective operation and safety requirements. The Industry Canada label does not guarantee that the equipment will operate to a user's satisfaction.

Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. In some cases, the company's inside wiring associated with a single line individual service may be extended by means of a certified connector assembly. The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations.

Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.

For their own protection, users should ensure that the electrical ground connections of the power utility, telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.

Caution

Users should not attempt to make such connections themselves, but should contact the appropriate electrical inspection authority, or electrician, as appropriate.

Note

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the radio interference regulations of Industry Canada.

iv Information for Canadian Users

ZyWALL 1 Internet Security Gateway

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to one year from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Online Registration

Don't forget to register your ZyXEL product (fast, easy online registration at www.zyxel.com) for free future product updates and information.

ZyXEL Limited Warranty v

ZyWALL 1 Internet Security Gateway

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

METHOD

LOCATION

WORLDWIDE

NORTH AMERICA

SCANDINAVIA

AUSTRIA

GERMANY

MALAYSIA

E-MAIL

SUPPORT/SALES

support@zyxel.com.tw

support@europe.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.europe.zyxel.com

support@zyxel.com +1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.zyxel.com

support@zyxel.dk +45-3955-0700 www.zyxel.dk

sales@zyxel.dk +45-3955-0707 ftp.zyxel.dk

support@zyxel.at +43-1-4948677-0 www.zyxel.at

sales@zyxel.at +43-1-4948678 ftp.zyxel.at

support@zyxel.de +49-2405-6909-0 www.zyxel.de

sales@zyxel.de +49-2405-6909-99

support@zyxel.com.my +603-795-44-688 www.zyxel.com.my

sales@zyxel.com.my +603-795-34-407

TELEPHONE/FAX WEB SITE/ FTP SITE REGULAR MAIL

+886-3-578-3942 www.zyxel.com

www.europe.zyxel.com

www.zyxel.com

800-255-4101

ZyXEL Communications Corp., 6 Innovation Road II, ScienceBased Industrial Park, HsinChu, Taiwan 300, R.O.C.

ZyXEL Communications Inc., 1650 Miraloma Avenue, Placentia, CA 92870, U.S.A.

ZyXEL Communications A/S, Columbusvej 5, 2860 Soeborg, Denmark.

ZyXEL Communications Services GmbH. Thaliastrasse 125a/2/2/4 A-1160 Vienna, Austria

ZyXEL Deutschland GmbH. Adenauerstr. 20/A4 D-52146 Wuerselen, Germany

Lot B2-06, PJ Industrial Park, Section 13, Jalan Kemajuan, 46200 Petaling Jaya Selangor Darul Ehasn, Malaysia

vi Customer Support

ZyWALL 1 Internet Security Gateway

Copyright...................................................................................................................................................... ii

Federal Communications Commission (FCC) Interference Statement ................................................. iii

Information for Canadian Users ................................................................................................................iv

ZyXEL Limited Warranty ...........................................................................................................................v

Customer Support .......................................................................................................................................vi

List of Figures...............................................................................................................................................xi

List of Tables ...............................................................................................................................................xii

List of Diagrams........................................................................................................................................ xiii

Preface ........................................................................................................................................................xiv

GETTING STARTED ..................................................................................................................................... I

Chapter 1 Getting to Know Your ZyWALL ...........................................................................................1-1

1.1 The ZyWALL 1 Internet Security Gateway............................................................................... 1-1

1.2 Features of the ZyWALL 1 ........................................................................................................ 1-1

1.3 ZyWALL VPN Application .......................................................................................................1-3

Chapter 2 Hardware Installation ............................................................................................................ 2-1

2.1 ZyWALL Front and Rear Panels................................................................................................ 2-1

2.1.1 Front Panel LEDs............................................................................................................... 2-1

2.2 ZyWALL Rear Panel and Connections...................................................................................... 2-2

2.2.1 WAN 10M Port .................................................................................................................. 2-3

2.2.2 LAN 10/100M Ports........................................................................................................... 2-3

2.2.3 UPLINK Button ................................................................................................................. 2-3

2.2.4 LAN 10/100M Connections/Uplink Button Usage at a Glance ......................................... 2-4

2.2.5 POWER 5VDC Port........................................................................................................... 2-4

2.2.6 RESET Button.................................................................................................................... 2-4

2.3 Additional Installation Requirements.........................................................................................2-4

2.4 Turning on Your ZyWALL........................................................................................................ 2-4

2.5 Resetting the ZyWALL.............................................................................................................. 2-5

2.5.1 Procedure To Use The RESET Button............................................................................... 2-5

2.6 ZyWALL Configuration ............................................................................................................ 2-5

2.6.1 Using the Web Configurator .............................................................................................. 2-5

2.6.2 Using FTP/TFTP................................................................................................................ 2-5

2.6.3 Using CI Commands..........................................................................................................2-5

THE WEB CONFIGURATOR SCREENS ..................................................................................................II

Chapter 3 Introducing the Web Configurator ....................................................................................... 3-1

3.1 Accessing the ZyWALL Web Configurator............................................................................... 3-1

3.2 Navigating the ZyWALL Web Configurator ............................................................................. 3-1

3.3 Overview of the ZyWALL Web Configurator........................................................................... 3-2

Chapter 4 The Wizard Setup Screens..................................................................................................... 4-1

4.1 Wizard Setup – Screen 1 ............................................................................................................ 4-1

Table of Contents vii

ZyWALL 1 Internet Security Gateway

4.1.1 General Setup and System Name........................................................................................ 4-1

4.1.2 Domain Name ..................................................................................................................... 4-1

4.2 Wizard Setup - Screen 2 .............................................................................................................4-1

4.2.1 Ethernet...............................................................................................................................4-1

4.2.2 PPTP Encapsulation............................................................................................................ 4-2

4.2.3 PPPoE Encapsulation..........................................................................................................4-2

4.3 Wizard Setup – Screen 3.............................................................................................................4-2

4.3.1 WAN IP Address Assignment ............................................................................................4-2

4.3.2 IP Address and Subnet Mask ..............................................................................................4-3

4.3.3 DNS Server Address Assignment .......................................................................................4-4

4.3.4 WAN Setup.........................................................................................................................4-4

4.4 Basic Setup Complete.................................................................................................................4-4

Chapter 5 The Advanced Screens ............................................................................................................5-1

5.1 The System Screen......................................................................................................................5-1

5.1.1 General Setup...................................................................................................................... 5-1

5.1.2 Dynamic DNS.....................................................................................................................5-1

5.1.3 Password .............................................................................................................................5-1

5.1.4 Time Zone........................................................................................................................... 5-2

5.2 The LAN Screen .........................................................................................................................5-2

5.2.1 DHCP Setup........................................................................................................................ 5-2

5.2.2 LAN TCP/IP .......................................................................................................................5-2

5.3 The WAN Screen........................................................................................................................ 5-3

5.4 The SUA/NAT Screen ................................................................................................................5-4

5.4.1 Introduction.........................................................................................................................5-4

5.4.2 The SUA Server Screen ......................................................................................................5-4

5.4.3 Services and Port Numbers.................................................................................................5-4

5.4.4 Configuring Servers Behind SUA (Example).....................................................................5-5

5.5 The Static Route Screen.............................................................................................................. 5-7

5.5.1 General Information About Static Routes........................................................................... 5-7

5.5.2 IP Static Route Setup ..........................................................................................................5-8

5.6 The Firewall Screen ....................................................................................................................5-8

5.6.1 Introduction.........................................................................................................................5-8

5.6.2 Tabs in the Firewall Screen...............................................................................................5-11

5.7 About VPN/IPSec ..................................................................................................................... 5-11

5.7.1 VPN ..................................................................................................................................5-11

5.7.2 IPSec .................................................................................................................................5-12

5.7.3 Security Association .........................................................................................................5-12

5.7.4 Other Terminology............................................................................................................5-12

5.8 IPSec Architecture ....................................................................................................................5-13

5.8.1 IPSec Algorithms..............................................................................................................5-13

5.9 IPSec and NAT .........................................................................................................................5-14

viii Table of Contents

ZyWALL 1 Internet Security Gateway

5.10 The VPN/IPSec Screen - Fields in the VPN/IPSec Setup Tab................................................. 5-14

5.10.1 Active Field...................................................................................................................... 5-14

5.10.2 IPSec Keying Mode Field ................................................................................................ 5-15

5.10.3 Negotiation Mode Field....................................................................................................5-15

5.10.4 Source Address Field ....................................................................................................... 5-16

5.10.5 Destination Address Start Field........................................................................................ 5-16

5.10.6 Destination Address End Field......................................................................................... 5-16

5.10.7 My IP Address Field ........................................................................................................ 5-16

5.10.8 Secure Gateway IP Address Field.................................................................................... 5-16

5.10.9 Encapsulation Mode Field................................................................................................ 5-17

5.10.10 IPSec Protocol Field.....................................................................................................5-18

5.10.11 Pre-Shared Key Field ................................................................................................... 5-19

5.10.12 Encryption Algorithm Field ......................................................................................... 5-19

5.10.13 Authentication Algorithm Field ................................................................................... 5-20

5.11 The VPN/IPSec Screen - Fields in the SA Monitor Tab .......................................................... 5-20

5.12 The VPN/IPSec Screen - Fields in the View IPSec Log Tab................................................... 5-21

5.12.1 Example Logs................................................................................................................... 5-21

5.12.2 Example Log Messages.................................................................................................... 5-23

Chapter 6 The Maintenance Screens ...................................................................................................... 6-1

6.1 Introduction................................................................................................................................ 6-1

6.2 The System Status Screen .......................................................................................................... 6-1

6.2.1 System Status ..................................................................................................................... 6-1

6.3 The DHCP Table Screen............................................................................................................ 6-1

6.4 The F/W (Firmware) Upgrade Screen........................................................................................ 6-1

6.5 The Configuration Screen .......................................................................................................... 6-1

6.5.1 Backup................................................................................................................................ 6-2

6.5.2 Restore................................................................................................................................ 6-2

6.5.3 Default................................................................................................................................ 6-2

ADVANCED MANAGEMENT USING FTP/TFTP ................................................................................. III

Chapter 7 Firmware and Configuration File Maintenance .................................................................. 7-1

7.1 Filename Conventions................................................................................................................ 7-1

7.2 Backup Configuration ................................................................................................................ 7-2

7.2.1 Using the FTP Command from the Command Line........................................................... 7-2

7.2.2 Example of FTP Commands from the Command Line...................................................... 7-3

7.2.3 GUI-based FTP Clients ......................................................................................................7-3

7.2.4 Backup Configuration Using TFTP ................................................................................... 7-3

7.2.5 TFTP Command Example.................................................................................................. 7-4

7.2.6 GUI-based TFTP Clients.................................................................................................... 7-4

7.3 Restore or Upload a Configuration File ..................................................................................... 7-5

7.3.1 Restore Using FTP ............................................................................................................. 7-5

7.3.2 Restore Using FTP Session Example................................................................................. 7-6

Table of Contents ix

ZyWALL 1 Internet Security Gateway

7.4 Uploading a Firmware File .........................................................................................................7-6

7.4.1 Firmware File Upload .........................................................................................................7-6

7.4.2 FTP File Upload Command from the DOS Prompt Example............................................. 7-6

7.4.3 FTP Session Example of Firmware File Upload.................................................................7-7

7.4.4 TFTP File Upload ...............................................................................................................7-7

7.4.5 TFTP Upload Command Example......................................................................................7-7

TROUBLESHOOTING AND ADDITIONAL INFORMATION .............................................................IV

Chapter 8 Troubleshooting .......................................................................................................................8-1

8.1 Problems Starting Up the ZyWALL ........................................................................................... 8-1

8.2 Problems with the Password ....................................................................................................... 8-1

8.3 Problems with the LAN Interface ............................................................................................... 8-2

8.4 Problems with the WAN Interface..............................................................................................8-2

8.5 Problems with Internet Access....................................................................................................8-3

8.6 Problems with the Firewall .........................................................................................................8-3

Appendix A PPPoE...................................................................................................................................... A

Appendix B PPTP........................................................................................................................................ C

Appendix C Power Adapter Specifications ................................................................................................F

Glossary........................................................................................................................................................ G

Index ...........................................................................................................................................................Q

x Table of Contents

ZyWALL 1 Internet Security Gateway

List of Figures

Figure 1-1 Internet Access Application ......................................................................................................... 1-4

Figure 2-1 Front Panel ................................................................................................................................... 2-1

Figure 2-2 ZyWALL 1 Rear Panel Connections............................................................................................ 2-2

Figure 3-1 The MAIN MENU Screen of the Web Configurator .................................................................. 3-2

Figure 3-2 Overview of the ZyWALL Web Configurator ............................................................................. 3-3

Figure 5-1 Multiple Servers Behind NAT Example....................................................................................... 5-6

Figure 5-2 SUA/NAT Web Configurator Screen........................................................................................... 5-7

Figure 5-3 Example of Static Routing Topology ........................................................................................... 5-8

Figure 5-4 Encryption and Decryption......................................................................................................... 5-12

Figure 5-5 IPSec Architecture...................................................................................................................... 5-13

Figure 5-6 Two Phases to set up the IPSec SA............................................................................................ 5-15

Figure 5-7 Telecommuter’s ZyWALL Configuration..................................................................................5-17

Figure 5-8 Transport and Tunnel Mode IPSec Encapsulation ..................................................................... 5-17

Figure 5-9 Example VPN Initiator IPSec Log ............................................................................................. 5-22

Figure 5-10 Example VPN Responder IPSec Log....................................................................................... 5-23

Figure 7-1 FTP Session Example................................................................................................................... 7-3

Figure 7-2 Restore Using FTP Session Example........................................................................................... 7-6

Figure 7-3 FTP Session Example of Firmware File Upload..........................................................................7-7

List of Figures xi

ZyWALL 1 Internet Security Gateway

List of Tables

Table 2-1 LED Descriptions...........................................................................................................................2-1

Table 2-2 Ethernet Cable Requirements for LAN 10/100M Port Connections ..............................................2-4

Table 4-1 Private IP Address Ranges .............................................................................................................4-3

Table 4-2 Example of Network Properties for LAN Servers with Fixed IP Addresses..................................4-4

Table 5-1 Services and Port Numbers.............................................................................................................5-5

Table 5-2 VPN and NAT..............................................................................................................................5-14

Table 5-3 Telecommuter and Headquarters Configuration Example ...........................................................5-16

Table 5-4 AH and ESP..................................................................................................................................5-19

Table 5-5 SA Monitor Tab Fields.................................................................................................................5-20

Table 5-6 View IPSec Log Tab Fields..........................................................................................................5-21

Table 5-7 Sample IKE Key Exchange Logs.................................................................................................5-24

Table 5-8 Sample IPSec Logs During Packet Transmission.........................................................................5-25

Table 5-9 RFC-2408 ISAKMP Payload Types.............................................................................................5-26

Table 7-1 Filename Conventions....................................................................................................................7-2

Table 7-2 General Commands for GUI-based FTP Clients............................................................................7-3

Table 7-3 General Commands for GUI-based TFTP Clients..........................................................................7-4

Table 8-1 Troubleshooting the Start-Up of your ZyWALL............................................................................8-1

Table 8-2 Troubleshooting the Password........................................................................................................8-1

Table 8-3 Troubleshooting the LAN Interface................................................................................................8-2

Table 8-4 Troubleshooting the WAN Interface..............................................................................................8-2

Table 8-5 Troubleshooting Internet Access....................................................................................................8-3

Table 8-6 Troubleshooting the Firewall..........................................................................................................8-3

xii List of Tables

ZyWALL 1 Internet Security Gateway

List of Diagrams

Diagram 1 Single-PC per Modem Hardware Configuration ............................................................................. A

Diagram 2 ZyWALL as a PPPoE Client........................................................................................................... B

Diagram 3 Transport PPP frames over Ethernet ............................................................................................... C

Diagram 4 PPTP Protocol Overview ................................................................................................................D

Diagram 5 Example Message Exchange between PC and an ANT .................................................................. D

List of Diagrams xiii

ZyWALL 1 Internet Security Gateway

Preface

About Your Gateway

Congratulations on your purchase of the ZyWALL 1 Internet Security Gateway.

The ZyWALL 1 is a dual Ethernet broadband Internet security gateway integrated with an ICSA certified firewall and network management features designed for telecommuters or home offices and small businesses to access the Internet via cable/xDSL modem.

Your ZyWALL 1 is easy to install and to configure. The embedded web configurator is a convenient platform-independent GUI (Graphical User Interface) that allows you to access the ZyWALL's management settings. Use the web configurator for actual configuration of your ZyWALL.

About This User's Guide

This user's guide helps you connect your ZyWALL hardware, explains how to access the web configurator, gives you more detail about the features of your ZyWALL and provides some instruction on how to use FTP/TFTP for a limited number of functions. Advanced users may use the CI commands listed in the support notes.

Screen specific help (embedded help) is included with the web configurator and

will guide you through ZyWALL configuration.

Getting to Know Your ZyWALL

This chapter introduces the main features and applications of the ZyWALL as well as a checklist

for fast Internet access.

1.1 The ZyWALL 1 Internet Security Gateway

The ZyWALL 1 is a dual Ethernet Internet Security Gateway with an integrated 4-port switch and robust network management features for Internet access via external cable/xDSL modem. Equipped with a 10Mbps Ethernet WAN port, four auto-negotiating 10/100Mbps Ethernet LAN ports and the Network Address Translation (NAT) feature, the ZyWALL is uniquely suited as a broadband Internet access sharing gateway for telecommuters and home offices.

1.2 Features of the ZyWALL 1

The following are the main features of the ZyWALL 1.

IPSec VPN Capability

Establish a Virtual Private Network (VPN) to connect to your (home) office using data encryption and the Internet to provide secure communications without the expense of leased site-to site lines. The ZyWALL 1 VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products. The ZyWALL 1 supports 1 SA (Security Association).

Firewall

The ZyWALL uses a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The ZyWALL firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.

4-Port Switch

A combination of switch and router makes your ZyWALL a cost-effective and viable network solution. You can add up to four computers to the ZyWALL without the cost of a hub. Add more than four computers to your LAN by using a hub.

Auto-negotiating LAN 10/100M Ethernet/Fast LAN Interface

A bandwidth-sensitive 10/100Mbps switch provides greater network efficiency than traditional hubs because the bandwidth is dedicated and not shared. This auto-negotiation feature allows the ZyWALL to detect the

Getting to Know Your ZyWALL 1-1

ZyWALL 1 Internet Security Gateway

speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

Content Filtering

The ZyWALL can block web features such as ActiveX controls, Java applets and cookies, as well as disable web proxies. The ZyWALL can also block specific URLs by using the keyword feature.

Web Configurator

Your ZyWALL includes an intuitive web configurator that makes setup and configuration easy. Included with the web configurator is embedded help designed to assist you during setup/configuration.

NAT (Network Address Translation)/SUA (Single User Account)

NAT (RFC 1631) or SUA allows the translation of an Internet Protocol address used within one network to a different IP address known within another network. NAT/SUA allows you to direct traffic to individual computers on your LAN, or to a designated default server computer, based on the port number request of incoming traffic. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.

SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyWALL supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyWALL through the network. The ZyWALL supports SNMP version one (SNMPv1).

DHCP Support

DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The ZyWALL has built-in DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS servers to Windows 9X, Windows NT and other systems that support the DHCP client. The ZyWALL can also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients.

Dynamic DNS Support

With Dynamic DNS support, you can have a static host name alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS client.

IP Multicast

Traditionally, IP packets are transmitted in two ways - unicast or broadcast. Multicast is a third way to deliver IP packets to a group of hosts. IGMP (Internet Group Management Protocol) is the protocol used to

1-2 Getting to Know Your ZyWALL

ZyWALL 1 Internet Security Gateway

support multicast groups. The latest version is version 2 (see RFC 2236). The ZyWALL supports versions 1 and 2.

PPPoE Support

PPPoE facilitates the interaction of a host with a broadband modem to achieve access to high-speed data networks via a familiar "dial-up networking" user interface.

PPTP Support

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. Use PPTP to connect to a broadband modem to achieve access to high-speed data networks via a familiar "dial-up networking" user interface.

Full Network Management

Your ZyWALL has a convenient web configurator and also supports an FTP (File Transfer Protocol) server for remote management and TFTP (Trivial FTP). Advanced users can also use FTP/TFTP and CI commands for configuration and management.

RoadRunner Support

In addition to standard cable modem services, the ZyWALL supports Time Warner's RoadRunner Service.

Time and Date

The ZyWALL gets the current time and date from an external server when you turn it on. The real time is then displayed in the web configurator and logs.

Logging and Tracing

Built-in message logging and packet tracing.

Embedded FTP and TFTP Servers

The ZyWALL's embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration.

1.3 ZyWALL VPN Application

A cable or DSL modem can connect to the ZyWALL for broadband Internet access via Ethernet port on the modem. It provides not only high speed Internet access, but also management features and protection for your internal network. A typical Internet access application is shown next.

Getting to Know Your ZyWALL 1-3

ZyWALL 1 Internet Security Gateway

Figure 1-1 Internet Access Application

1-4 Getting to Know Your ZyWALL

ZyWALL 1 Internet Security Gateway

Hardware Installation

This chapter shows you how to connect hardware and perform the initial setup.

2.1 ZyWALL Front and Rear Panels

2.1.1 Front Panel LEDs

The LEDs on the front panel indicate the operational status of the ZyWALL.

Figure 2-1 Front Panel

Chapter 2

The following table describes ZyWALL LED functions.

Table 2-1 LED Descriptions

LED COLOR STATUS DESCRIPTION

SYS Green On The ZyWALL is on and receiving power.

Off The ZyWALL is not receiving power.

Flashing The ZyWALL is performing a self-test.

WAN Green On The WAN link is connected.

Off The WAN link is not ready, or has failed.

Flashing The 10M WAN link is sending/receiving packets.

LAN 1-4 Green On The ZyWALL is connected to a 10M LAN.

Off The 10M LAN is not connected.

Hardware Installation 2-1

ZyWALL 1 Internet Security Gateway

LED COLOR STATUS DESCRIPTION

Flashing The 10M LAN is sending/receiving packets.

Orange On The ZyWALL is connected to a 100Mbps LAN.

Off The 100M LAN is not connected.

Flashing The 100M LAN is sending/receiving packets.

2.2 ZyWALL Rear Panel and Connections

The following figure shows the rear panel of your ZyWALL 1 and related connections.

Figure 2-2 ZyWALL 1 Rear Panel Connections

2-2 Hardware Installation

ZyWALL 1 Internet Security Gateway

2.2.1 WAN 10M Port

Connecting the ZyWALL to a Cable Modem

1. Connect the WAN 10M port on the ZyWALL to the Ethernet port on your cable modem using the

Ethernet cable that came with your cable modem. The Ethernet port on a cable modem is sometimes labeled "PC" or "Workstation".

Connecting the ZyWALL to a DSL Modem

Connect the WAN 10M port on the ZyWALL to the Ethernet port on your DSL modem using the Ethernet cable that came with your DSL modem.

2.2.2 LAN 10/100M Ports

You can connect up to four computers directly to the ZyWALL. For each computer, connect a 10/100M LAN port on the ZyWALL to the Network Adapter on the computer using a straight-through Ehternet cable.

If you want to connect more than four computers to your ZyWALL, you must use an external hub. Connect a 10/100M LAN port on the ZyWALL to a port on the hub using a crossover Ethernet cable.

When the ZyWALL is on and correctly connected to a computer or hub, the

corresponding LAN LED on the front panel will turn on.

2.2.3 UPLINK Button

Pushing the UPLINK button in ("on") lets you connect LAN 10/100M port 4 on the ZyWALL directly to a computer using a straight-through Ethernet cable. If the UPLINK button is off “not on", you must use a crossover Ethernet cable for this connection.

When connecting the ZyWALL LAN 10/100M port 4 to a hub, press the UPLINK button in (“on”) order to use a crossover Ethernet cable instead of a straight-through cable.

Hardware Installation 2-3

ZyWALL 1 Internet Security Gateway

2.2.4 LAN 10/100M Connections/Uplink Button Usage at a Glance

Table 2-2 Ethernet Cable Requirements for LAN 10/100M Port Connections

LAN 10/100M

PORT NUMBER

1 straight-through crossover

2 straight-through crossover

3 straight-through crossover

UPLINK

UPLINK button “off”

button “on”

straight-through crossover

crossover straight-through

TYPE OF ETHERNET CABLE FOR

CONNECTING THE ZYWALL TO A …

COMPUTER HUB

2.2.5 POWER 5VDC Port

Connect the female end of the power adapter to the port labeled POWER 5VDC on the rear panel of your ZyWALL.

To avoid damage to the ZyWALL, make sure you use the correct power adapter.

Refer to the Power Adapter Specification Appendix for this information.

2.2.6 RESET Button

Refer to section 2.5 for information on the RESET button.

2.3 Additional Installation Requirements

1. A computer(s) with an installed Ethernet NIC (Network Interface Card).

2. A cable/xDSL modem and an ISP account.

2.4 Turning on Your ZyWALL

At this point, you should have connected the LAN port(s), the WAN port and the POWER port to the appropriate devices or lines. Plug the power adapter into an appropriate power source.

The SYS LED turns on. The WAN LED and the LAN LED (s) turn on after the system tests are complete if proper connections have been made to the LAN and WAN ports.

2-4 Hardware Installation

ZyWALL 1 Internet Security Gateway

2.5 Resetting the ZyWALL

If you have forgotten your password or cannot access the ZyWALL you will need to use the RESET button on the rear panel of the ZyWALL to reload the factory-default configuration file. Uploading the configuration file replaces the current configuration file with the default configuration file and deletes all previous ZyWALL configurations. The following are ZyWALL factory defaults.

• IP address: 192.168.1.1

• Password: 1234

2.5.1 Procedure To Use The RESET Button

Step 1. Use a pen or pointed object to press the RESET button for 5-10 seconds, then release it.

Step 2. If the LAN LEDs flash within 30 seconds, the factory defaults have been restored and the

ZyWALL restarts. Otherwise, go to step 3.

Step 3. Turn the ZyWALL off.

Step 4. While pressing the RESET button, turn the ZyWALL on.

Step 5. Continue to hold the RESET button for about 30 seconds. The ZyWALL restarts.

Step 6. Release the RESET button and wait for the ZyWALL to finish restarting.

2.6 ZyWALL Configuration

2.6.1 Using the Web Configurator

The quickest and easiest way to configure the ZyWALL is via the web configurator. Some configuration options are available using FTP/TFTP (for example, you can use FTP to upload firmware) and CI commands, but the web configurator is by far the most comprehensive and user-friendly way to configure your ZyWALL. Find out how to access the web configurator by reading Chapter 3 or referring to the Quick Start Guide.

2.6.2 Using FTP/TFTP

Refer to Chapter 7 to learn how to upload firmware and configuration files using FTP/TFTP.

2.6.3 Using CI Commands

CI commands are recommended for advanced users only. Refer to the support notes for a list of CI commands.

Hardware Installation 2-5

The Web Configurator Screens

PPaarrtt IIII:

The Web Configurator Screens

This section introduces and describes the ZyWALL web configurator screens including MAIN

MENU, WIZARD SETUP, ADVANCED and MAINTENANCE.

+ 72 hidden pages