ZyXEL ZyWALL 2 Compact Guide

ZyWALL 2

Internet Security Gateway

Compact Guide

Version 3.62

April 2004

ZyWALL 2

Table of Contents

1 Introducing the ZyWALL ............................................................................................................. 4

2 Hardware ........................................................................................................................................ 4

2.1 Rear Panel ................................................................................................................................. 5

2.2 The Front Panel LEDs............................................................................................................... 5

3 Setting Up Your Computer’s IP Address..................................................................................... 7

3.1 Windows 2000/NT/XP.............................................................................................................. 7

4 Configuring Your ZyWALL ......................................................................................................... 9

4.1 Accessing Your ZyWALL Via Web Configurator.................................................................... 9

4.2 Internet Access Using the Wizard ........................................................................................... 11

4.3 Test Your Internet Connection ................................................................................................ 14

4.4 Check Your WAN Setup......................................................................................................... 15

4.5 Common Screen Command Buttons ....................................................................................... 15

5 Advanced Configuration.............................................................................................................. 16

5.1 Network Address Translation Overview ................................................................................. 16

5.2 Configuring SUA Server......................................................................................................... 16

5.3 Firewall Overview................................................................................................................... 18

5.4 Configuring Firewall............................................................................................................... 19

5.5 Procedure for Configuring Firewall Rules .............................................................................. 21

5.6 Configuring Source and Destination Addresses ...................................................................... 23

5.7 Content Filtering Overview..................................................................................................... 24

5.7.1 Restrict Web Features.................................................................................................... 24

5.7.2 Create a Filter List......................................................................................................... 24

5.7.3 Customize Web Site Access.......................................................................................... 25

5.7.4 General Content Filter Configuration............................................................................ 25

5.8 Content Filtering with an External Server............................................................................... 26

5.9 A Procedure to Enable External Database Content Filtering................................................... 26

5.10 Registering and Configuring for Category-based Filtering ....Error! Bookmark not defined.

5.11 Configuring Customization ................................................................................................... 28

5.12 VPN Overview ...................................................................................................................... 29

5.13 Summary Screen.................................................................................................................... 30

ZyWALL 2

5.14 Configuring VPN Policies..................................................................................................... 32

5.14.1 X-Auth (Extended Authentication)................................................................................ 32

5.14.2 Certificates..................................................................................................................... 32

5.15 Viewing SA Monitor............................................................................................................. 40

5.16 Remote Management............................................................................................................. 40

5.16.1 HTTPS...........................................................................................................................41

5.16.2 SSH................................................................................................................................ 41

5.17 UPnP Overview..................................................................................................................... 41

5.18 Configuring UPnP ................................................................................................................. 41

6 Troubleshooting............................................................................................................................ 43

ZyWALL 2

1 Introducing the ZyWALL

The ZyWALL 2 is the ideal secure gateway for all data passing between the Internet and the LAN. By integrating NAT, firewall and VPN capability, ZyXEL’s ZyWALL 2 is a complete security solution that protects your Intranet and efficiently manages data traffic on your network. The embedded web configurator is easy to operate and totally independent of the operating system platform you use.

You should have an Internet account already set up and have been given most of the following information.

Internet Account Information

Your device’s WAN IP Address (if given): __________________

DNS Server IP Address (if given): Primary __________________, Secondary _________________

Encapsulation:

 Ethernet

 PPTP

 PPPoE (PPPoE) Service Name: ____________

Service Type: _______________________

User Name: ____________ Password: ____________

Your WAN IP Address: ____________ PPTP Server IP Address: ___________

Connection ID (if required): ____________

User Name: ____________ Password: ____________

2 Hardware

This section provides details on hardware specifications.

ZyWALL 2

2.1 Rear Panel

LABEL DESCRIPTION

1. LAN 10/100M 1-4 Connect a computer to one of these ports with an Ethernet cable. These ports are auto-

2. WAN 10/100M Connect your cable/DSL modem to this port with the cable that came with your modem.

3. POWER 12 VDC

After you’ve made the connections, connect the power cable to a power supply and look at the front panel LEDs.

CON/AUX switch CON/AUX port

RESET You only need to use this button if you’ve forgotten the ZyWALL’s password. It returns

negotiating (can connect at 10 or 100Mbps) and auto-sensing (automatically adjust to the type of Ethernet cable you use (straight-through or crossover).

Connect the included power adaptor (use only this adapter) to this power socket.

Only connect this port if you want to configure the ZyWALL using the SMT via console port or set up a backup WAN connection; see your User’s Guide for details.

Set this switch to the “CON” side to use the CON/AUX port as a console port for local device configuration and management. Connect the 9-pin male end of the console cable to the console port of the ZyWALL and the other end to a serial port (COM1, COM2 or other COM port) on your computer. Your computer should have a terminal emulation communications program (such as HyperTerminal) set to VT100 terminal emulation, no parity, 8 data bits, 1 stop bit, no flow control and 9600 bps port speed.

Set this switch to the “AUX” side to use the CON/AUX port as an auxiliary dial-up WAN connection. Use the included CON/AUX converter, with the console cable to connect the CON/AUX port to your modem or TA.

the ZyWALL to the factory defaults (password is 1234, LAN IP address 192.168.1.1, terminal emulation settings as described above etc.; see your User’s Guide for details).

2.2 The Front Panel LEDs

The PWR LED turns on when you connect the power. The SYS LED blinks while performing system testing and then stays on if the testing is successful. The CON/AUX, LAN, and WAN LEDs turn on if the ports are properly connected.

ZyWALL 2

LED COLOR STATUS MEANING

On The ZyWALL is turned on. PWR Green

Off The ZyWALL is turned off.

SYS Green Off The ZyWALL is not ready or failed.

LAN 10/100M 1-4

10/100M WAN

CON/AUX Off The CON/AUX link is not ready, or has failed.

Orange Off The CON/AUX link is not ready, or has failed.

On The CON/AUX switch is set to AUX and the CON/AUX port has an

Flashing The CON/AUX switch is set to AUX and the CON/AUX port is

On The ZyWALL is ready and running.

Flashing The ZyWALL is rebooting.

Red On The power to the ZyWALL is too low.

Green Orange

Green

On On Flashing Off

On The CON/AUX switch is set to CON and the CON/AUX port is

The ZyWALL has a LAN connection of 10Mbps. The ZyWALL has a LAN connection of 100Mbps. The ZyWALL is sending/receiving packets. The ZyWALL does not have an Ethernet connection.

The WAN link is connected at 10Mbps. The WAN link is connected at 100Mbps. The WAN link is sending/receiving packets. The WAN link is not ready, or has failed.

connected to a management computer.

Internet connection through a dial-up modem.

sending or receiving data through a dial-up modem.

ZyWALL 2

3 Setting Up Your Computer’s IP Address

Skip this section if your computer is already set up to accept a dynamic IP

address. This is the default for most new computers.

The ZyWALL is already set up to assign your computer an IP address. Use this section to set up your computer to receive an IP address or assign it a static IP address in the 192.168.1.2 to

192.168.1.254 range with a subnet mask of 255.255.255.0. This is necessary to ensure that your computer can communicate with your ZyWALL.

Your computer must have an Ethernet card and TCP/IP installed. TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later operating systems.

3.1 Windows 2000/NT/XP

1. In Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel.

2. In Windows XP, click Network Connections.

In Windows 2000/NT, click Network and Dial-up Connections.

3. Right-click Local Area Connection and then click Properties.

4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties.

ZyWALL 2

5. The Internet Protocol TCP/IP Properties screen opens (the General tab in Windows XP).

- To have your computer assigned a dynamic IP address, click Obtain an IP address automatically.

-To configure a static IP address, click Use the following IP Address and fill in the IP address (choose one from192.168.1.2 to 192.168.1.254), Subnet mask (255.255.255.0), and Default gateway (192.168.1.1) fields.

6. Click Advanced. Remove any previously installed gateways in the IP Settings tab and click OK to go back to the Internet Protocol TCP/IP Properties screen.

7. Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).

If you know your DNS server IP address(es), click Use the

following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.

If you have more than two DNS servers, click Advanced, the DNS tab and then configure them using Add.

8. Click OK to close the Internet Protocol (TCP/IP) Properties window.

9. Click OK to close the Local Area Connection Properties window.

ZyWALL 2

Checking Your Computer’s IP Address

1. In the computer, click Start, (All) Programs, Accessories and then Command Prompt.

2. In the Command Prompt window, type "ipconfig" and then press ENTER. Your computer’s IP address must be in the correct range (192.168.1.2 to 192.168.1.254) with subnet mask 255.255.255.0 in order to communicate with the ZyWALL.

Refer to your User’s Guide for detailed IP address configuration for other Windows and Macintosh computer operating systems.

4 Configuring Your ZyWALL

This Compact Guide shows you how to use the web configurator wizard

only. See your User’s Guide for background information on all ZyWALL

features and System Management Terminal (SMT) configuration.

 Web Configurator

4.1 Accessing Your ZyWALL Via Web Configurator

Step 1. Make sure your ZyWALL hardware is properly connected and prepare your

computer/computer network to connect to the ZyWALL (refer to the Quick Start Guide).

Step 2. Launch your web browser.

Step 3. Type "192.168.1.1" as the URL.

Step 4. Type "1234" (default) as the password and click Login. In some versions, the default

password appears automatically - if this is the case, click Login.

Step 5. You should see a screen asking you to change your password (highly recommended)

as shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.

ZyWALL 2

Step 6. Click Apply in the Replace Certificate screen to create a certificate using your

ZyWALL’s MAC address that will be specific to this device. This feature is not available on the ZyWALL 2WE.

Step 7. You should now see the web configurator MAIN MENU screen.

 Click WIZARD to begin a series of screens to help you configure your ZyWALL for the

first time.

 Click MAINTENANCE in the navigation panel to see ZyWALL performance statistics,

upload firmware and back up, restore or upload a configuration file.

 Click LOGOUT when you have finished a ZyWALL management session. The ZyWALL

automatically logs you out if it is left idle for five minutes; press ENTER to display the Login screen again and then log back in.

ZyWALL 2

Click WIZARD for initial configuration including general setup, ISP Parameters for Internet Access and WAN IP/DNS/MAC Address Assignment.

Use the submenus to configure ZyWALL features.

Click LOGOUT at any time to exit the web configurator.

Click MAINTENANCE to view information about your ZyWALL or upgrade configuration/firmware files. Maintenance includes Status (Statistics), DHCP Table, F/W (firmware) Upload, Configuration (Backup, Restore Default) and Restart.

4.2 Internet Access Using the Wizard

Step 1. Click Wizard Setup in the main menu to display the first wizard screen.

ZyWALL 2

System Name is for identification purposes. Enter your computer's "Computer Name".

The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used.

Click Next to continue.

Step 2. The second wizard screen has three variations depending on what encapsulation type you

use. Use the information in Internet Account Information to fill in fields.

Choose Ethernet when the WAN port is used as a regular Ethernet. Choose from Standard or a RoadRunner version. You’ll need

User Name, Password and Login Server IP Address for some

Roadrunner versions.

Click Next to continue.

ZyWALL 2

Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. Therefore you’ll also need a username and password and possibly the PPPoE service name. Your ISP will give you all needed information.

Select Nailed Up Connection if you do not want the connection to the PPPoE server to time out. Otherwise, enter the number of seconds to elapse before the ZyWALL disconnects from the server in the Idle Timeout field. The default value is 100 seconds. Enter “0” to prevent the connection from timing out.

Click Next to continue.

Choose PPTP if your service provider uses a DSL terminator with PPTP login. The ZyWALL must have a static IP address (My IP Address) in this case, and possibly a subnet mask (My IP Subnet Mask) if provided by your ISP.

You’ll also need a username, associated password, and the DSL terminator IP address (Server IP Address). If your ISP has provided a connection ID name, enter it in the Connection ID/Name field.

See the PPPoE encapsulation above for information on the

Nailed Up Connection and Idle Timeout fields.

Click Next to continue.

Step 3. Fill in the fields and click Finish to save and complete the wizard setup.

+ 30 hidden pages