Zyxel ZYWALL 2 PLUS installation guide
ZyWALL 2 Plus
Internet Security Appliance
Quick Start Guide
Version 4.00
4/2006
Edition 1
Table of Contents
ENGLISH 2
DEUTSCH 16
ESPAÑOL 32
FRANÇAIS 46
ITALIANO 60
РУССКИЙ 74
SVENSKA 90
繁體中文 104
ENGLISH
ENGLISH
Overview
The ZyWALL 2 Plus is a firewall with VPN, bandwidth management, content filtering and many other features.
You can use it as a transparent firewall and not reconfigure your network nor configure the ZyWALL’s routing
features. This guide covers the initial connections and configuration needed to start using the ZyWALL in your
network.
See the User’s Guide for more information on all features.
You may need your Internet access information.
This guide is divided into the following sections.
1 Hardware Connections
2 Accessing the Web Configurator
3 Bridge Mode
4 Internet Access Setup and Product Registration
5 NAT
6 Firewall
7 VPN Rule Setup
8 Troubleshooting
1 Hardware Connections
You need the following.
ZyWALL Computer Ethernet Cables
2
Power Adaptor
ENGLISH
Do the following to make hardware connections for initial setup.
1 Use an Ethernet cable to connect a LAN port to a computer.
2 Use another Ethernet cable to connect the WAN port to an Ethernet jack with Internet access.
Note: Use the blue console cable if you want to connect the CONSOLE port to your computer. Use the
black dial backup cable if you want to connect the DIAL BACKUP port to an analog modem.
3
ENGLISH
3 Use the included power adaptor to connect the power socket (on the rear panel) to a power outlet.
4 Look at the front panel. The PWR LED turns on.
corresponding connections are properly made.
The ACT, LAN and WAN LEDs turn on and stay on if the
2 Accessing the Web Configurator
Use this section to configure the WAN interface for Internet access.
1 Launch your web browser. Enter 192.168.1.1 (the
ZyWALL’s default IP address) as the address.
If the login screen does not display, see Section
7.1 to set your computer’s IP address.
3 Change the login password by entering a new
password and clicking Apply.
2 Click Login (the default password 1234 is already
entered).
4 Click Apply to replace the ZyWALL’s default
digital certificate.
4
ENGLISH
5 The HOME screen opens.
The ZyWALL is in router mode by default. Continue to the next step if you want to use routing features
such as NAT, DHCP and VPN.
Go to Section 3 if you prefer to use the ZyWALL as a transparent firewall.
6 Check the Network
Status table. If the
WAN status is not
Down and there is an
IP address, go to
Section 5.
If the WAN status is
Down (or there is not
an IP address), click
Internet Access and
use Section 4 to
configure WAN.
3 Bridge Mode
When you set the ZyWALL to bridge mode, it functions as a transparent firewall. Do the following to set the
ZyWALL to bridge mode.
5
ENGLISH
1 Click MAINTENANCE in the
navigation panel and then
Device Mode.
2 Select Bridge and configure a
(static) IP address, subnet
mask and gateway IP
address. These apply to the
ZyWALL’s LAN and WAN
interfaces.
3 Click Apply. The ZyWALL
restarts.
4 Internet Access Setup and Product Registration
1 Click Internet Access in the HOME screen to open the Internet access wizard.
Enter the Internet access information exactly as given to you.
If you were given an IP address to use, select Static in the IP Address Assignment drop-down list box and
enter the information provided.
Note: The fields vary depending on what you select in the Encapsulation field. Fill them in with the
information provided by the ISP or network administrator.
Click Apply when you are done.
6
ENGLISH
• Ethernet Encapsulation
Configure a Roadrunner service in the
NETWORK WAN screens (use the WAN tab).
• PPP over Ethernet or PPTP Encapsulation
Select Nailed-Up when you want your connection up all the time (this could be expensive if your ISP bills you
for Internet usage time instead of a flat monthly fee).
To not have the connection up all the time, specify an idle time-out period (in seconds) in Idle Timeout.
7
2 Click Next to display the screen where you
can register your ZyWALL with myZyXEL.com
(ZyXEL’s online services center) and activate
the free content filtering trial application.
Otherwise, click Skip and then Close to
complete Internet access setup.
3 If you already have an account at
myZyXEL.com, select Existing
myZyXEL.com account and enter account
information. Otherwise, select New
myZyXEL.com account and fill in the
fields below to create a new account and
register your ZyWALL. Click Next.
4 Wait for the registration progress to finish.
ENGLISH
5 The following screen displays if the registration
was not successful. Click Return to go back to
the Device Registration screen and check your
settings.
8
ENGLISH
6 Click Close to leave the wizard screen when
the registration and activation are done.
Note: If you want to activate a standard
service with your iCard’s PIN number
(license key), use the
REGISTRATION Service screen.
See the user’s guide for details.
5 Firewall
You can use the ZyWALL without configuring the firewall.
The ZyWALL’s firewall is pre-configured to protect your LAN from attacks from the Internet. By default, no
traffic can enter your LAN unless a request was generated on the LAN first.
If you are using the ZyWALL in router mode, continue with the next section. For bridge mode, skip to Section
7.
6 VPN Rule Setup
A VPN (Virtual Private
Network) tunnel gives you a
secure connection to another
computer or network.
A gateway policy identifies the
IPSec routers at either end of a
VPN tunnel.
A network policy specifies
which devices (behind the
IPSec routers) can use the
VPN tunnel.
9
ENGLISH
This figure helps explain the main fields in the wizard screens.
1 Click VPN in the HOME screen (you may need to scroll up to see the link) to open the VPN wizard.
Note: Your settings are not saved when you click Back.
2 Use this screen to configure the gateway policy.
Name: Enter a name to identify the gateway policy.
Remote Gateway Address: Enter the IP address or
domain name of the remote IPSec router.
3 Use this screen to configure the network policy.
Leave the Active check box selected.
Name: Enter a name to identify the network policy.
Select Single and enter an IP address for a single IP
address.
Select Range IP and enter starting and ending IP
addresses for a specific range of IP addresses.
Select Subnet and enter an IP address and subnet
mask to specify IP addresses on a network by their
subnet mask.
10
ENGLISH
Note: Make sure that the remote IPSec router uses the same security settings that you configure in
the next two screens.
Negotiation Mode: Select Main Mode for identity protection. Select Aggressive Mode to allow more
incoming connections from dynamic IP addresses to use separate passwords.
Note: Multiple SAs (security associations) connecting through a secure gateway must have the same
negotiation mode.
Encryption Algorithm: Select 3DES or AES for stronger (and slower) encryption.
Authentication Algorithm: Select MD5 for minimal security or SHA-1 for higher security.
Key Group: Select DH2 for higher security.
SA Life Time: Set how often the ZyWALL renegotiates the IKE SA (minimum 180 seconds). A short SA life
time increases security, but renegotiation temporarily disconnects the VPN tunnel.
Pre-Shared Key: Use 8 to 31 case-sensitive ASCII characters or 16 to 62 hexadecimal ("0-9", "A-F")
characters. Precede a hexadecimal key with a "0x” (zero x), which is not counted as part of the 16 to 62
character range for the key.
Encapsulation Mode: Tunnel is compatible with NAT, Transport is not.
IPSec Protocol: ESP is compatible with NAT, AH is not.
Perfect Forward Secrecy (PFS): None allows faster IPSec setup, but DH1 and DH2 are more secure.
4 Use this screen to configure IKE (Internet Key
Exchange) tunnel settings.
5 Use this screen to configure IPSec settings.
11
ENGLISH
6 Check your VPN settings. Click Finish to save the
settings.
7 Click Close in the final screen to complete the
VPN wizard setup. Continue with the next section
to activate the VPN rule and establish a VPN
connection.
6.1 Using the VPN Connection
Use VPN tunnels to securely send and retrieve files, and allow remote access to corporate networks, web
servers and e-mail. Services work as if you were at the office instead of connected through the Internet.
For example, the “test” VPN rule allows secure
access to an web server on a remote corporate
LAN. Enter the server’s IP address (10.0.0.23 in
this example) as your browser’s URL. The
ZyWALL automatically builds the VPN tunnel
when you attempt to use it.
Click SECURITY, VPN in the navigation panel
and then the SA Monitor tab to display a list of
connected VPN tunnels (the “test” VPN tunnel is
up here).
12
7 Troubleshooting
Problem Corrective Action
None of the LEDs
turn on.
Cannot access
the ZyWALL from
the LAN.
Cannot access
the Internet.
Cannot establish
a VPN connection
Make sure that you have the power adaptor connected to the ZyWALL and plugged in to an
appropriate power source. Check all cable connections.
If the LEDs still do not turn on, you may have a hardware problem. In this case, you should
contact your local vendor.
Check the cable connection between the ZyWALL and your computer or hub. Refer to
Section 1 for details.
Ping the ZyWALL from a LAN computer. Make sure your computer’s Ethernet card is
installed and functioning properly.
In the computer, click Start, (All) Programs, Accessories and then Command Prompt. In
the Command Prompt window, type "ping" followed by the ZyWALL’s LAN IP address
(192.168.1.1 is the default) and then press [ENTER]. The ZyWALL should reply. Otherwise,
refer to Section 7.1.
If you’ve forgotten the ZyWALL’s password, use the RESET button. Press the button in for
about 10 seconds (or until the PWR LED starts to blink), then release it. It returns the
ZyWALL to the factory defaults (password is 1234, LAN IP address 192.168.1.1 etc.; see
your User’s Guide for details).
If you’ve forgotten the ZyWALL’s LAN or WAN IP address, you can check the IP address in
the SMT via the console port. Connect your computer to the CONSOLE port using a console
cable. Your computer should have a terminal emulation communications program (such as
HyperTerminal) set to VT100 terminal emulation, no parity, 8 data bits, 1 stop bit, no flow
control and 9600 bps port speed.
Check the ZyWALL’s connection to the Ethernet jack with Internet access. Make sure the
Internet gateway device (such as a DSL modem) is working properly.
Click WAN in the navigation panel to verify your settings.
Make sure the ZyWALL and the remote IPSec router use the same VPN settings. Click VPN
in the navigation panel to configure advanced settings.
Access a web site to check that you have a successful Internet connection.
ENGLISH
7.1 Set Up Your Computer’s IP Address
This section shows you how to set up your computer to receive an IP address in Windows 2000, Windows NT
and Windows XP. This is ensures that your computer can communicate with your ZyWALL.
1 In Windows XP, click Start, Control Panel.
In Windows 2000/NT, click Start, Settings, Control Panel.
2 In Windows XP, click Network Connections.
In Windows 2000/NT, click Network and Dial-up Connections.
13
ENGLISH
3 Right-click Local Area Connection and then click Properties.
4 Select Internet Protocol (TCP/IP) (under the General tab in Windows XP) and click Properties.
5 The Internet Protocol TCP/IP Properties screen
opens (the General tab in Windows XP). Select the
Obtain an IP address automatically and Obtain DNS
server address automatically options.
6 Click OK to close the Internet Protocol (TCP/IP)
Properties window.
7 Click Close (OK in Windows 2000/NT) to close the
Local Area Connection Properties window.
8 Close the Network Connections screen.
Procedure to View a Product’s Certification(s)
1 Go to www.zyxel.com.
2 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.
3 Select the certification you wish to view from this page.
14
ENGLISH
15
DEUTSCH
DEUTSCH
Übersicht
Die ZyWALL 2 Plus ist eine Firewall mit VPN, Bandbreitenmanagement, Content Filtering und vielen anderen
Funktionen. Sie können sie als transparente Firewall verwenden, ohne das Netzwerk neu zu konfigurieren
oder die ZyWALL 2 Plus im Routing Modus betreiben. In dieser Anleitung finden Sie eine Beschreibung der
Anschlüsse und der Konfiguration, die notwendig sind, damit Sie die ZyWALL in Ihrem Netzwerk verwenden
können.
Eine ausführliche Beschreibung aller Funktionen finden Sie im Benutzerhandbuch.
Bitte halten Sie die Daten für Ihren Internetzugang bereit.
Diese Anleitung ist in die folgenden Abschnitte aufgeteilt.
1 Anschließen der Hardware
2 Zugriff auf den Web-Konfigurator
3 Bridge Mode
4 Einrichten des Internetzugriffs und
Produktregistrierung
5 Firewall
6 Einstellen der VPN-Regeln
7 Problembeseitigung
1 Anschließen der Hardware
Sie benötigen folgendes:
ZyWALL Computer Ethernetkabel
16
Netzteil
DEUTSCH
Wenn Sie das Gerät installieren, müssen Sie die Hardwaregeräte folgendermaßen anschließen.
1 Verbinden Sie den LAN-Anschluss mit einem Ethernet-Kabel mit einem Computer.
2 Schließen Sie mit einem anderen Ethernet-Kabel den WAN-Port an Ihr ADSL Modem oder Ihren Router.
Hinweis: Schließen Sie falls benötigt, den Konsolenanschluss (CONSOLE) mit dem blauen
Konsolenkabel an den Computer an. Verbinden Sie, falls benötigt, den Anschluß für DIAL
BACKUP mit Ihrem externen Modem oder Ihrem ISDN Adapter.
17
DEUTSCH
3 Schliessen Sie den Netzanschluss des Geräts (an der Rückseite) mit dem mitgelieferten Netzteil an eine
Netzsteckdose an.
4 Sehen Sie sich das vordere Bedienfeld an. Die PWR-LED beginnt zu leuchten. Die LEDs ACT, LAN und
WAN beginnen zu leuchten und bleiben an, wenn die entsprechenden Verbindungen richtig hergestellt
wurden.
2 Zugriff auf den Web-Konfigurator
In diesem Abschnitt wird beschrieben, wie die WAN-Schnittstelle für den Internetzugriff konfiguriert wird.
1 Starten Sie Ihren Internetbrowser. Geben Sie als
Adresse 192.168.1.1 (die IP-Standardadresse
des ZyWALL) ein.
Wenn das Loginfenster nicht angezeigt wird, lesen
Sie in Abschnitt 7.1 nach, wie Sie die IP-Adresse
Ihres Computers einstellen können.
2 Klicken Sie auf Login (Einloggen) (das
Standardpasswort 1234 ist bereits vorgegeben).
18
Loading...