ZyXEL ZyWall 10W, ZyWall 30W, ZyWall 100, ZyWall 50 User Manual
ZyWALL 10W/30W/50/100
Internet Security Gateway
User’s Guide
Version 3.62
January 2004
ZyWALL Series Internet Security Gateway
Copyright
Copyright © 2004 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a
retrieval system, translated into any language, or transmitted in any form or by any means, electronic,
mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software
described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
ZyXEL further reserves the right to make changes in any products described herein without notice.
This publication is subject to change without notice.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of
their respective owners.
ii Copyright
ZyWALL Series Internet Security Gateway
Federal Communications Commission (FCC)
Interference Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
This device may not cause harmful interference.
This device must accept any interference received, including interference that may cause undesired
operations.
This equipment has been tested and found to comply with the limits for a CLASS B digital device pursuant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy, and if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of
the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and the receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate the equipment.
Certifications
1. Go to www.zyxel.com.
2. Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.
3. Select the certification you wish to view from this page.
FCC iii
ZyWALL Series Internet Security Gateway
Information for Canadian Users
The Industry Canada label identifies certified equipment. This certification means that the equipment meets
certain telecommunications network protective, operation, and safety requirements. The Industry Canada
does not guarantee that the equipment will operate to a user's satisfaction.
Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of
the local telecommunications company. The equipment must also be installed using an acceptable method of
connection. In some cases, the company's inside wiring associated with a single line individual service may
be extended by means of a certified connector assembly. The customer should be aware that the compliance
with the above conditions may not prevent degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by
the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may
give the telecommunications company cause to request the user to disconnect the equipment.
For their own protection, users should ensure that the electrical ground connections of the power utility,
telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution
may be particularly important in rural areas.
Caution
Users should not attempt to make such connections themselves, but should contact the appropriate electrical
inspection authority, or electrician, as appropriate.
Note
This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus set
out in the radio interference regulations of Industry Canada.
iv Information for Canadian Users
ZyWALL Series Internet Security Gateway
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or
workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon
proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials,
ZyXEL will, at its discretion, repair or replace the defective products or components without charge for
either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to
proper operating condition. Any replacement will consist of a new or re-manufactured functionally
equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to
abnormal working conditions.
NOTE
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This
warranty is in lieu of all other warranties, express or implied, including any implied warranty of
merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect
or consequential damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material
Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be
insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty
will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor.
All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage
Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country
to country.
Online Registration
Register your product online for free future product updates and information at www.zyxel.com
products, or at www.us.zyxel.com for North American products.
Warranty v
for global
ZyWALL Series Internet Security Gateway
Customer Support
When you contact your customer support representative please have the following information ready:
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Information in Menu 24.2.1 – System Information.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
METHOD
LOCATION
E-MAIL
SUPPORT/SALES
TELEPHONE/FAX WEB SITE/ FTP SITE REGULAR MAIL
WORLDWIDE
AMERICA
support@zyxel.com.tw +886-3-578-3942 www.zyxel.com
sales@zyxel.com.tw
support@zyxel.com +1-800-255-4101 www.us.zyxel.com NORTH
sales@zyxel.com
support@zyxel.dk +45-3955-0700 www.zyxel.dk SCANDINAVIA
sales@zyxel.dk
support@zyxel.de +49-2405-6909-0 www.zyxel.de GERMANY
sales@zyxel.de
+886-3-578-2439 ftp.zyxel.com
ftp.us.zyxel.com
+45-3955-0707 ftp.zyxel.dk
+49-2405-6909-99
www.europe.zyxel.com
ftp.europe.zyxel.com
ZyXEL Communications Corp.,
6 Innovation Road II, ScienceBased Industrial Park, Hsinchu
300, Taiwan
ZyXEL Communications Inc.,
1130 N. Miller St.
Anaheim, CA 92806, U.S.A.
ZyXEL Communications A/S,
Columbusvej 5, 2860 Soeborg,
Denmark
ZyXEL Deutschland GmbH.
Adenauerstr. 20/A2 D-52146
Wuerselen, Germany
vi Customer Support
ZyWALL Series Internet Security Gateway
Table of Contents
Copyright......................................................................................................................................................ii
Federal Communications Commission (FCC) Interference Statement................................................. iii
Information for Canadian Users ...............................................................................................................iv
ZyXEL Limited Warranty ..........................................................................................................................v
Customer Support ......................................................................................................................................vi
List of Figures ............................................................................................................................................xv
List of Tables .......................................................................................................................................... xxiii
Preface ....................................................................................................................................................xxvii
Getting Started ................................................................................................................................................. I
Chapter 1 Getting to Know Your ZyWALL .......................................................................................... 1-1
1.1 ZyWALL Internet Security Gateway Overview ........................................................................ 1-1
1.2 ZyWALL Features ..................................................................................................................... 1-1
1.3 Applications for the ZyWALL................................................................................................... 1-9
Chapter 2 Introducing the Web Configurator ......................................................................................2-1
2.1 Web Configurator Overview...................................................................................................... 2-1
2.2 Accessing the ZyWALL Web Configurator............................................................................... 2-1
2.3 Resetting the ZyWALL.............................................................................................................. 2-2
2.4 Navigating the ZyWALL Web Configurator ............................................................................. 2-4
Chapter 3 Wizard Setup.......................................................................................................................... 3-1
3.1 Wizard Setup Overview ............................................................................................................. 3-1
3.2 Wizard Setup: General Setup and System Name ....................................................................... 3-1
3.3 Wizard Setup: Screen 2.............................................................................................................. 3-2
3.4 Wizard Setup: Screen 3.............................................................................................................. 3-8
3.5 Basic Setup Complete .............................................................................................................. 3-12
System, LAN and Wireless LAN ....................................................................................................................II
Chapter 4 System Screens ....................................................................................................................... 4-1
4.1 System Overview ....................................................................................................................... 4-1
4.2 DNS Overview........................................................................................................................... 4-1
4.3 Configuring General Setup......................................................................................................... 4-1
4.4 Dynamic DNS ............................................................................................................................ 4-3
4.5 Configuring Dynamic DNS........................................................................................................ 4-3
4.6 Configuring Password................................................................................................................ 4-5
4.7 Configuring Time Setting........................................................................................................... 4-6
Chapter 5 LAN Screens........................................................................................................................... 5-1
5.1 LAN Overview........................................................................................................................... 5-1
5.2 DHCP Setup............................................................................................................................... 5-1
5.3 LAN TCP/IP .............................................................................................................................. 5-1
5.4 Configuring IP............................................................................................................................ 5-3
5.5 Configuring Static DHCP........................................................................................................... 5-6
Table of Contents vii
ZyWALL Series Internet Security Gateway
5.6 Configuring IP Alias ...................................................................................................................5-7
Chapter 6 Wireless LAN Screens ............................................................................................................6-1
6.1 Wireless LAN Overview.............................................................................................................6-1
6.2 Wireless LAN Basics..................................................................................................................6-1
6.3 Wireless Security ........................................................................................................................6-3
6.4 Configuring Wireless LAN.........................................................................................................6-4
6.5 Configuring MAC Filter .............................................................................................................6-6
6.6 802.1x Overview.........................................................................................................................6-8
6.7 Configuring 802.1X ....................................................................................................................6-8
DMZ and WAN ............................................................................................................................................. III
Chapter 7 DMZ Screens...........................................................................................................................7-1
7.1 DMZ Overview...........................................................................................................................7-1
7.2 DMZ Addresses ..........................................................................................................................7-1
7.3 Configuring DMZ .......................................................................................................................7-1
Chapter 8 WAN Screens...........................................................................................................................8-1
8.1 WAN Overview ..........................................................................................................................8-1
8.2 TCP/IP Priority (Metric) .............................................................................................................8-1
8.3 Configuring Route ......................................................................................................................8-1
8.4 Configuring WAN ISP................................................................................................................8-2
8.5 Configuring WAN IP..................................................................................................................8-8
8.6 Configuring WAN MAC ..........................................................................................................8-11
8.7 Traffic Redirect.........................................................................................................................8-12
8.8 Configuring Traffic Redirect ....................................................................................................8-13
8.9 Configuring Dial Backup..........................................................................................................8-15
8.10 Advanced Modem Setup.......................................................................................................8-20
8.11 Configuring Advanced Modem Setup ..................................................................................8-21
NAT and Static Route....................................................................................................................................IV
Chapter 9 Network Address Translation (NAT) Screens ......................................................................9-1
9.1 NAT Overview ...........................................................................................................................9-1
9.2 Using NAT..................................................................................................................................9-5
9.3 SUA Server.................................................................................................................................9-6
9.4 Configuring SUA Server.............................................................................................................9-8
9.5 Configuring Address Mapping..................................................................................................9-10
9.6 Trigger Port Forwarding ...........................................................................................................9-13
9.7 Configuring Trigger Port Forwarding.......................................................................................9-14
Chapter 10 Static Route Screens ...........................................................................................................10-1
10.1 Static Route Overview ..........................................................................................................10-1
10.2 Configuring IP Static Route.................................................................................................. 10-1
Firewall and Content Filtering ...................................................................................................................... V
Chapter 11 Firewalls ..............................................................................................................................11-1
11.1 Firewall Overview ................................................................................................................11-1
11.2 Types of Firewalls.................................................................................................................11-1
viii Table of Contents
ZyWALL Series Internet Security Gateway
11.3 Introduction to ZyXEL’s Firewall........................................................................................ 11-2
11.4 Denial of Service.................................................................................................................. 11-3
11.5 Stateful Inspection................................................................................................................ 11-7
11.6 Guidelines For Enhancing Security With Your Firewall ................................................... 11-11
11.7 Packet Filtering Vs Firewall............................................................................................... 11-12
Chapter 12 Firewall Screens ................................................................................................................. 12-1
12.1 Access Methods ................................................................................................................... 12-1
12.2 Firewall Policies Overview .................................................................................................. 12-1
12.3 Rule Logic Overview ........................................................................................................... 12-2
12.4 Connection Direction Examples........................................................................................... 12-4
12.5 Bandwidth Management - Lite............................................................................................. 12-5
12.6 Bandwidth Management Usage Examples........................................................................... 12-5
12.7 Alerts.................................................................................................................................... 12-7
12.8 Configuring Firewall............................................................................................................12-7
12.9 Example Firewall Rule....................................................................................................... 12-17
12.10 Predefined Services............................................................................................................ 12-21
12.11 Configuring Attack Alert ................................................................................................... 12-24
Chapter 13 Content Filtering Screens.................................................................................................. 13-1
13.1 Content Filtering Overview.................................................................................................. 13-1
13.2 General Content Filter Configuration................................................................................... 13-1
13.3 Content Filtering with an External Server............................................................................ 13-4
13.4 A Procedure to Enable External Database Content Filtering ............................................... 13-5
13.5 Configuring Categories ........................................................................................................ 13-6
13.6 Configuring Customization................................................................................................ 13-13
VPN/IPSec ..................................................................................................................................................... VI
Chapter 14 Introduction to IPSec......................................................................................................... 14-1
14.1 VPN Overview..................................................................................................................... 14-1
14.2 IPSec Architecture ............................................................................................................... 14-2
14.3 Encapsulation ....................................................................................................................... 14-3
14.4 IPSec and NAT .................................................................................................................... 14-4
Chapter 15 VPN Screens ....................................................................................................................... 15-1
15.1 VPN/IPSec Overview........................................................................................................... 15-1
15.2 IPSec Algorithms ................................................................................................................. 15-1
15.3 My IP Address...................................................................................................................... 15-2
15.4 Secure Gateway Address...................................................................................................... 15-2
15.5 VPN Rules Screen................................................................................................................15-3
15.6 Keep Alive ........................................................................................................................... 15-6
15.7 NAT Traversal ..................................................................................................................... 15-6
15.8 ID Type and Content............................................................................................................ 15-8
15.9 Pre-Shared Key ..................................................................................................................15-10
15.10 Certificates ......................................................................................................................... 15-10
15.11 Editing VPN Policies ......................................................................................................... 15-10
Table of Contents ix
ZyWALL Series Internet Security Gateway
15.12 IKE Phases..........................................................................................................................15-19
15.13 Configuring Advanced IKE Settings ..................................................................................15-21
15.14 Manual Key Setup...............................................................................................................15-24
15.15 Configuring Manual Key ....................................................................................................15-24
15.16 Viewing SA Monitor...........................................................................................................15-28
15.17 Configuring Global Setting.................................................................................................15-30
15.18 Telecommuter VPN/IPSec Examples ................................................................................. 15-31
15.19 VPN and Remote Management...........................................................................................15-34
Certificates ................................................................................................................................................... VII
Chapter 16 Certificates ..........................................................................................................................16-1
16.1 Certificates Overview ...........................................................................................................16-1
16.2 Self-signed Certificates.........................................................................................................16-2
16.3 Configuration Summary........................................................................................................16-2
16.4 My Certificates .....................................................................................................................16-3
16.5 Certificate File Formats ........................................................................................................16-6
16.6 Importing a Certificate..........................................................................................................16-7
16.7 Creating a Certificate ............................................................................................................16-8
16.8 My Certificate Details.........................................................................................................16-12
16.9 Trusted CAs ........................................................................................................................ 16-16
16.10 Importing a Trusted CA’s Certificate .................................................................................16-18
16.11 Trusted CA Certificate Details............................................................................................16-19
16.12 Trusted Remote Hosts......................................................................................................... 16-23
16.13 Verifying a Trusted Remote Host’s Certificate...................................................................16-25
16.14 Importing a Trusted Remote Host’s Certificate .................................................................. 16-27
16.15 Trusted Remote Host Certificate Details ............................................................................16-28
16.16 Directory Servers ................................................................................................................16-32
16.17 Add or Edit a Directory Server ...........................................................................................16-33
Authentication Server, Remote Management and UPnP ........................................................................VIII
Chapter 17 Authentication Server ........................................................................................................17-1
17.1 Authentication Server Overview...........................................................................................17-1
17.2 Local User Database .............................................................................................................17-1
17.3 Configuring Local User Database......................................................................................... 17-1
17.4 Configuring RADIUS ........................................................................................................... 17-5
Chapter 18 Remote Management Screens............................................................................................18-1
18.1 Remote Management Overview............................................................................................18-1
18.2 Introduction to HTTPS .........................................................................................................18-2
18.3 Configuring WWW...............................................................................................................18-4
18.4 HTTPS Login Example.........................................................................................................18-6
18.5 SSH Overview ....................................................................................................................18-14
18.6 How SSH works..................................................................................................................18-15
18.7 SSH Implementation on the ZyWALL ...............................................................................18-16
18.8 Configuring SSH.................................................................................................................18-16
x Table of Contents
ZyWALL Series Internet Security Gateway
18.9 Secure Telnet Using SSH Examples .................................................................................. 18-17
18.10 Secure FTP Using SSH Example ....................................................................................... 18-19
18.11 Telnet ................................................................................................................................. 18-20
18.12 Configuring TELNET ........................................................................................................ 18-21
18.13 Configuring FTP ................................................................................................................ 18-22
18.14 Configuring SNMP ............................................................................................................ 18-23
18.15 Configuring DNS ............................................................................................................... 18-27
18.16 Configuring Security.......................................................................................................... 18-28
Chapter 19 UPnP................................................................................................................................... 19-1
19.1 Universal Plug and Play Overview ...................................................................................... 19-1
19.2 UPnP and ZyXEL ................................................................................................................ 19-2
19.3 Configuring UPnP................................................................................................................19-2
19.4 Displaying UPnP Port Mapping........................................................................................... 19-4
19.5 Installing UPnP in Windows Example................................................................................. 19-5
19.6 Using UPnP in Windows XP Example ................................................................................ 19-7
Logs ................................................................................................................................................................ IX
Chapter 20 Logs Screens ....................................................................................................................... 20-1
20.1 Configuring View Log ......................................................................................................... 20-1
20.2 Configuring Log Settings ..................................................................................................... 20-3
20.3 Configuring Reports.............................................................................................................20-6
Maintenance ....................................................................................................................................................X
Chapter 21 Maintenance....................................................................................................................... 21-1
21.1 Maintenance Overview ........................................................................................................ 21-1
21.2 Status Screen ........................................................................................................................ 21-1
21.3 DHCP Table Screen ............................................................................................................. 21-4
21.4 F/W Upload Screen .............................................................................................................. 21-5
21.5 Configuration Screen............................................................................................................21-7
21.6 Restart Screen..................................................................................................................... 21-11
SMT General Configuration ........................................................................................................................ XI
Chapter 22 Introducing the SMT ......................................................................................................... 22-1
22.1 Introduction to the SMT....................................................................................................... 22-1
22.2 Accessing the SMT via the Console Port............................................................................. 22-1
22.3 Navigating the SMT Interface.............................................................................................. 22-2
22.4 Changing the System Password ........................................................................................... 22-7
22.5 Resetting the ZyWALL........................................................................................................ 22-8
Chapter 23 SMT Menu 1 - General Setup...........................................................................................23-1
23.1 Introduction to General Setup .............................................................................................. 23-1
23.2 Configuring General Setup................................................................................................... 23-1
Chapter 24 WAN and Dial Backup Setup............................................................................................24-1
24.1 Introduction to WAN and Dial Backup Setup...................................................................... 24-1
24.2 WAN Setup .......................................................................................................................... 24-1
24.3 Dial Backup.......................................................................................................................... 24-2
Table of Contents xi
ZyWALL Series Internet Security Gateway
24.4 Configuring Dial Backup in Menu 2.....................................................................................24-2
24.5 Advanced WAN Setup..........................................................................................................24-4
24.6 Remote Node Profile (Backup ISP)......................................................................................24-6
24.7 Editing PPP Options .............................................................................................................24-8
24.8 Editing TCP/IP Options ........................................................................................................24-9
24.9 Editing Login Script............................................................................................................24-11
24.10 Remote Node Filter.............................................................................................................24-13
Chapter 25 LAN Setup...........................................................................................................................25-1
25.1 Introduction to LAN Setup ...................................................................................................25-1
25.2 Accessing the LAN Menus ...................................................................................................25-1
25.3 LAN Port Filter Setup...........................................................................................................25-1
25.4 TCP/IP and DHCP Ethernet Setup Menu .............................................................................25-2
25.5 Wireless LAN Setup .............................................................................................................25-7
Chapter 26 DMZ Setup..........................................................................................................................26-1
26.1 Configuring DMZ Setup .......................................................................................................26-1
26.2 DMZ Port Filter Setup ..........................................................................................................26-1
26.3 TCP/IP Setup ........................................................................................................................26-2
Chapter 27 Internet Access....................................................................................................................27-1
27.1 Introduction to Internet Access Setup...................................................................................27-1
27.2 Ethernet Encapsulation .........................................................................................................27-1
27.3 Configuring the PPTP Client ................................................................................................27-3
27.4 Configuring the PPPoE Client ..............................................................................................27-4
27.5 Basic Setup Complete ...........................................................................................................27-5
SMT Advanced Applications....................................................................................................................... XII
Chapter 28 Remote Node Setup ............................................................................................................28-1
28.1 Introduction to Remote Node Setup......................................................................................28-1
28.2 Remote Node Setup ..............................................................................................................28-1
28.3 Remote Node Profile Setup...................................................................................................28-2
28.4 Edit IP ...................................................................................................................................28-8
28.5 Remote Node Filter............................................................................................................. 28-10
Chapter 29 IP Static Route Setup..........................................................................................................29-1
29.1 IP Static Route Setup ............................................................................................................29-1
Chapter 30 Network Address Translation (NAT) ................................................................................ 30-1
30.1 Using NAT............................................................................................................................30-1
30.2 NAT Setup ............................................................................................................................ 30-4
30.3 Configuring a Server behind NAT........................................................................................ 30-9
30.4 General NAT Examples......................................................................................................30-10
30.5 Configuring Trigger Port Forwarding................................................................................. 30-18
Chapter 31 Introducing the ZyWALL Firewall ...................................................................................31-1
31.1 Using ZyWALL SMT Menus...............................................................................................31-1
Chapter 32 Filter Configuration ...........................................................................................................32-1
32.1 Introduction to Filters ...........................................................................................................32-1
xii Table of Contents
ZyWALL Series Internet Security Gateway
32.2 Configuring a Filter Set........................................................................................................32-4
32.3 Example Filter.................................................................................................................... 32-13
32.4 Filter Types and NAT ........................................................................................................ 32-15
32.5 Firewall Versus Filters ....................................................................................................... 32-16
32.6 Applying a Filter ................................................................................................................ 32-16
Chapter 33 SNMP Configuration ......................................................................................................... 33-1
33.1 SNMP Configuration............................................................................................................ 33-1
33.2 SNMP Traps......................................................................................................................... 33-2
SMT System Maintenance......................................................................................................................... XIII
Chapter 34 System Information & Diagnosis...................................................................................... 34-1
34.1 Introduction to System Status .............................................................................................. 34-1
34.2 System Status ....................................................................................................................... 34-1
34.3 System Information and Console Port Speed....................................................................... 34-3
34.4 Log and Trace ...................................................................................................................... 34-5
34.5 Diagnostic .......................................................................................................................... 34-11
Chapter 35 Firmware and Configuration File Maintenance ............................................................. 35-1
35.1 Introduction.......................................................................................................................... 35-1
35.2 Filename Conventions.......................................................................................................... 35-1
35.3 Backup Configuration .......................................................................................................... 35-2
35.4 Restore Configuration .......................................................................................................... 35-8
35.5 Uploading Firmware and Configuration Files.................................................................... 35-11
Chapter 36 System Maintenance Menus 8 to 10 ................................................................................. 36-1
36.1 Command Interpreter Mode................................................................................................. 36-1
36.2 Call Control Support ............................................................................................................36-3
36.3 Time and Date Setting.......................................................................................................... 36-6
Chapter 37 Remote Management......................................................................................................... 37-1
37.1 Remote Management............................................................................................................ 37-1
SMT Advanced Management.................................................................................................................... XIV
Chapter 38 IP Policy Routing ............................................................................................................... 38-1
38.1 Introduction to IP Policy Routing ........................................................................................ 38-1
38.2 Benefits ................................................................................................................................ 38-1
38.3 Routing Policy...................................................................................................................... 38-1
38.4 IP Routing Policy Setup....................................................................................................... 38-2
38.5 Applying an IP Policy .......................................................................................................... 38-6
38.6 IP Policy Routing Example .................................................................................................. 38-6
Chapter 39 Call Scheduling .................................................................................................................. 39-1
39.1 Introduction to Call Scheduling ........................................................................................... 39-1
Chapter 40 VPN/IPSec Setup ............................................................................................................... 40-1
40.1 Introduction.......................................................................................................................... 40-1
40.2 IPSec Summary Screen........................................................................................................ 40-2
40.3 IPSec Setup .......................................................................................................................... 40-5
40.4 IKE Setup........................................................................................................................... 40-12
Table of Contents xiii
ZyWALL Series Internet Security Gateway
40.5 Manual Setup ......................................................................................................................40-14
Chapter 41 SA Monitor..........................................................................................................................41-1
41.1 Introduction...........................................................................................................................41-1
41.2 Using SA Monitor................................................................................................................. 41-1
Troubleshooting and Hardware Appendices ............................................................................................. XV
Appendix A Troubleshooting ..................................................................................................................A-1
Appendix B Hardware Specifications.................................................................................................... B-1
Appendix C Safety Warnings and Instructions ....................................................................................C-1
Appendix D Removing and Installing a ZyWALL 100 Fuse................................................................ D-1
General Appendices....................................................................................................................................XVI
Appendix E Setting up Your Computer’s IP Address...........................................................................E-1
Appendix F Triangle Route..................................................................................................................... F-1
Appendix G The Big Picture...................................................................................................................G-1
Appendix H Wireless LAN and IEEE 802.11........................................................................................H-1
Appendix I Wireless LAN With IEEE 802.1x ........................................................................................I-1
Appendix J Types of EAP Authentication ..............................................................................................J-1
Appendix K PPPoE .................................................................................................................................K-1
Appendix L PPTP .................................................................................................................................... L-1
Appendix M IP Subnetting ....................................................................................................................M-1
Command, Log, Content Filtering and Certificates Appendices and Index ........................................ XVII
Appendix N Command Interpreter .......................................................................................................N-1
Appendix O Firewall Commands...........................................................................................................O-1
Appendix P NetBIOS Filter Commands................................................................................................ P-1
Appendix Q Certificate Commands.......................................................................................................Q-1
Appendix R Boot Commands................................................................................................................. R-1
Appendix S Log Descriptions ..................................................................................................................S-1
Appendix T Brute-Force Password Guessing Protection..................................................................... T-1
Appendix U Importing Certificates ....................................................................................................... U-1
Appendix V Index.................................................................................................................................... V-1
xiv Table of Contents
ZyWALL Series Internet Security Gateway
List of Figures
Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem ........................................................ 1-9
Figure 1-2 VPN Application ........................................................................................................................ 1-10
Figure 2-1 Change Password Screen.............................................................................................................. 2-1
Figure 2-2 Replace Certificate Screen ........................................................................................................... 2-2
Figure 2-3 Example Xmodem Upload ........................................................................................................... 2-3
Figure 2-4 Web Configurator MAIN MENU Screen..................................................................................... 2-4
Figure 3-1 Wizard 1 ....................................................................................................................................... 3-2
Figure 3-2 Wizard 2: Ethernet Encapsulation ................................................................................................ 3-3
Figure 3-3 Wizard2: PPPoE Encapsulation.................................................................................................... 3-5
Figure 3-4 Wizard 2: PPTP Encapsulation..................................................................................................... 3-7
Figure 3-5 Wizard 3 ..................................................................................................................................... 3-10
Figure 4-1 System General Setup .................................................................................................................. 4-2
Figure 4-2 DDNS........................................................................................................................................... 4-4
Figure 4-3 Password....................................................................................................................................... 4-5
Figure 4-4 Time Setting ................................................................................................................................. 4-6
Figure 5-1 IP .................................................................................................................................................. 5-3
Figure 5-2 Static DHCP ................................................................................................................................. 5-6
Figure 5-3 Physical Network Figure 5-4 Partitioned Logical Networks ...................................... 5-7
Figure 5-5 IP Alias ......................................................................................................................................... 5-8
Figure 6-1 RTS Threshold.............................................................................................................................. 6-2
Figure 6-2 ZyWALL Wireless Security Levels .............................................................................................. 6-3
Figure 6-3 Wireless ........................................................................................................................................ 6-4
Figure 6-4 MAC Address Filter ..................................................................................................................... 6-7
Figure 6-5 802.1X Authentication.................................................................................................................. 6-8
Figure 7-1 DMZ (ZyWALL 100) ................................................................................................................... 7-2
Figure 8-1 WAN Setup: Route ....................................................................................................................... 8-2
Figure 8-2 Ethernet Encapsulation................................................................................................................. 8-3
Figure 8-3 PPPoE Encapsulation ................................................................................................................... 8-5
Figure 8-4 PPTP Encapsulation ..................................................................................................................... 8-7
Figure 8-5 IP Setup ........................................................................................................................................ 8-9
Figure 8-6 MAC Setup................................................................................................................................. 8-12
Figure 8-7 Traffic Redirect WAN Setup....................................................................................................... 8-12
Figure 8-8 Traffic Redirect LAN Setup ....................................................................................................... 8-13
Figure 8-9 Traffic Redirect........................................................................................................................... 8-14
Figure 8-10 Dial Backup Setup.................................................................................................................... 8-16
Figure 8-11 Advanced Setup ........................................................................................................................ 8-21
Figure 9-1 How NAT Works .......................................................................................................................... 9-3
Figure 9-2 NAT Application With IP Alias .................................................................................................... 9-4
Figure 9-3 Multiple Servers Behind NAT Example ....................................................................................... 9-8
List of Figures xv
ZyWALL Series Internet Security Gateway
Figure 9-4 SUA Server ...................................................................................................................................9-9
Figure 9-5 Address Mapping ........................................................................................................................9-10
Figure 9-6Address Mapping Edit..................................................................................................................9-12
Figure 9-7 Trigger Port Forwarding Process: Example ................................................................................9-14
Figure 9-8 Trigger Port.................................................................................................................................9-15
Figure 10-1 Example of Static Routing Topology ........................................................................................10-1
Figure 10-2 IP Static Route...........................................................................................................................10-2
Figure 10-3 Edit IP Static Route ...................................................................................................................10-3
Figure 11-1 ZyWALL Firewall Application..................................................................................................11-3
Figure 11-2 Three-Way Handshake ..............................................................................................................11-5
Figure 11-3 SYN Flood ................................................................................................................................11-5
Figure 11-4 Smurf Attack .............................................................................................................................11-6
Figure 11-5 Stateful Inspection ..................................................................................................................... 11-8
Figure 12-1 LAN to WAN Traffic.................................................................................................................12-4
Figure 12-2 WAN to LAN Traffic.................................................................................................................12-5
Figure 12-3 Application-based Bandwidth Management Example ..............................................................12-6
Figure 12-4 Subnet-based Bandwidth Management Example ......................................................................12-6
Figure 12-5 Application and Subnet-based Bandwidth Management Example............................................12-7
Figure 12-6 Firewall Summary.....................................................................................................................12-8
Figure 12-7 Firewall Edit Rule ...................................................................................................................12-11
Figure 12-8 Source and Destination Addresses Add/Edit...........................................................................12-14
Figure 12-9 Custom Port Create/Edit .........................................................................................................12-15
Figure 12-10 BM Global Setting ................................................................................................................12-16
Figure 12-11 Firewall Edit Rule Screen......................................................................................................12-18
Figure 12-12 Firewall Rule Edit IP Example..............................................................................................12-18
Figure 12-13 Edit Custom Port Example....................................................................................................12-19
Figure 12-14 My Service Rule Configuration ............................................................................................12-20
Figure 12-15 My Service Example Rule Summary....................................................................................12-21
Figure 12-16 Attack Alert...........................................................................................................................12-26
Figure 13-1 Content Filtering General..........................................................................................................13-2
Figure 13-2 Content Filtering Lookup Procedure......................................................................................... 13-5
Figure 13-3 Content Filtering Categories .....................................................................................................13-6
Figure 13-4 Content Filtering Customization .............................................................................................13-14
Figure 14-1 Encryption and Decryption .......................................................................................................14-2
Figure 14-2 IPSec Architecture.....................................................................................................................14-3
Figure 14-3 Transport and Tunnel Mode IPSec Encapsulation.....................................................................14-4
Figure 15-1 IPSec VPN Rules Fields............................................................................................................15-3
Figure 15-2 VPN Rules.................................................................................................................................15-4
Figure 15-3 NAT Router Between IPSec Routers.........................................................................................15-6
Figure 15-4 VPN Host using Intranet DNS Server Example........................................................................15-8
Figure 15-5 VPN IKE.................................................................................................................................15-11
Figure 15-6 Two Phases to Set Up the IPSec SA........................................................................................15-19
xvi List of Figures
ZyWALL Series Internet Security Gateway
Figure 15-7 VPN IKE: Advanced .............................................................................................................. 15-21
Figure 15-8 VPN Manual Key ................................................................................................................... 15-25
Figure 15-9 SA Monitor (ZyWALL 100) ................................................................................................... 15-29
Figure 15-10 Global Setting....................................................................................................................... 15-30
Figure 15-11 Telecommuters Sharing One VPN Rule Example ................................................................ 15-31
Figure 15-12 Telecommuters Using Unique VPN Rules Example ............................................................ 15-32
Figure 16-1 Certificate Configuration Overview ......................................................................................... 16-3
Figure 16-2 My Certificates......................................................................................................................... 16-4
Figure 16-3 My Certificate Import............................................................................................................... 16-7
Figure 16-4 My Certificate Create ............................................................................................................... 16-9
Figure 16-5 My Certificate Details ............................................................................................................ 16-13
Figure 16-6 Trusted Cas............................................................................................................................. 16-17
Figure 16-7 Trusted CA Import.................................................................................................................. 16-19
Figure 16-8 Trusted CA Import.................................................................................................................. 16-19
Figure 16-9 Trusted CA Details ................................................................................................................. 16-20
Figure 16-10 Trusted Remote Hosts .......................................................................................................... 16-24
Figure 16-11 Remote Host Certificates...................................................................................................... 16-26
Figure 16-12 Certificate Details................................................................................................................. 16-26
Figure 16-13 Trusted Remote Host Import ................................................................................................ 16-27
Figure 16-14 Trusted Remote Host Details................................................................................................ 16-29
Figure 16-15 Directory Servers.................................................................................................................. 16-32
Figure 16-16 Directory Server Add............................................................................................................ 16-34
Figure 17-1 Local User Database................................................................................................................. 17-2
Figure 17-2 EAP Authentication .................................................................................................................. 17-5
Figure 17-3 RADIUS................................................................................................................................... 17-6
Figure 18-1 HTTPS Implementation............................................................................................................ 18-3
Figure 18-2 WWW....................................................................................................................................... 18-4
Figure 18-3 Security Alert Dialog Box (Internet Explorer) ......................................................................... 18-6
Figure 18-4 Security Certificate Example (Netscape) ................................................................................. 18-7
Figure 18-5 Security Certificate 2 Example (Netscape)............................................................................... 18-8
Figure 18-6 Login Screen Example (Internet Explorer)............................................................................. 18-10
Figure 18-7 Login Screen Example (Netscape) ..........................................................................................18-11
Figure 18-8 Replace Certificate ................................................................................................................. 18-12
Figure 18-9 Device-specific Certificate ..................................................................................................... 18-13
Figure 18-10 Common ZyWALL Certificate ............................................................................................. 18-14
Figure 18-11 SSH Communication Example ............................................................................................. 18-15
Figure 18-12How SSH Works.................................................................................................................... 18-15
Figure 18-13 Remote Management: SSH .................................................................................................. 18-16
Figure 18-14 SSH Example 1: Store Host Key .......................................................................................... 18-18
Figure 18-15 SSH Example 2: Test............................................................................................................ 18-18
Figure 18-16 SSH Example 2: Log in........................................................................................................ 18-19
Figure 18-17 Secure FTP: Firmware Upload Example .............................................................................. 18-20
List of Figures xvii
ZyWALL Series Internet Security Gateway
Figure 18-18 Telnet Configuration on a TCP/IP Network ..........................................................................18-21
Figure 18-19 Telnet.....................................................................................................................................18-21
Figure 18-20 FTP........................................................................................................................................18-23
Figure 18-21 SNMP Management Model...................................................................................................18-24
Figure 18-22 SNMP.................................................................................................................................... 18-26
Figure 18-23 DNS.......................................................................................................................................18-28
Figure 18-24 Security .................................................................................................................................18-29
Figure 19-1 Configuring UPnP.....................................................................................................................19-3
Figure 19-2 UPnP Ports ................................................................................................................................19-4
Figure 20-1 View Log...................................................................................................................................20-2
Figure 20-2 Log Settings ..............................................................................................................................20-4
Figure 20-3 Reports ......................................................................................................................................20-7
Figure 20-4 Web Site Hits Report Example..................................................................................................20-8
Figure 20-5 Protocol/Port Report Example ..................................................................................................20-9
Figure 20-6 LAN IP Address Report Example ...........................................................................................20-10
Figure 21-1 System Status............................................................................................................................21-1
Figure 21-2 System Status: Show Statistics..................................................................................................21-3
Figure 21-3 DHCP Table ..............................................................................................................................21-4
Figure 21-4 Firmware Upload ......................................................................................................................21-5
Figure 21-5 Firmware Upload ......................................................................................................................21-6
Figure 21-6 Firmware Upload In Process..................................................................................................... 21-6
Figure 21-7 Network Temporarily Disconnected..........................................................................................21-6
Figure 21-8 Firmware Upload Error.............................................................................................................21-7
Figure 21-9 Configuration ............................................................................................................................21-8
Figure 21-10 Configuration Upload Successful............................................................................................21-9
Figure 21-11 Network Temporarily Disconnected........................................................................................21-9
Figure 21-12 Configuration Upload Error ..................................................................................................21-10
Figure 21-13 Reset Warning Message ........................................................................................................ 21-11
Figure 21-14 Restart Screen .......................................................................................................................21-11
Figure 22-1 Initial Screen .............................................................................................................................22-1
Figure 22-2 Password Screen .......................................................................................................................22-2
Figure 22-3 Main Menu (ZyWALL 100)......................................................................................................22-3
Figure 22-4 Getting Started and Advanced Applications SMT Menus ......................................................... 22-5
Figure 22-5 Advanced Management SMT Menus ........................................................................................ 22-6
Figure 22-6 Schedule Setup and IPSec VPN Configuration SMT Menus....................................................22-7
Figure 22-7 Menu 23: System Password ......................................................................................................22-7
Figure 23-1 Menu 1: General Setup (ZyWALL 10W)..................................................................................23-1
Figure 23-2 Configure Dynamic DNS..........................................................................................................23-3
Figure 24-1 MAC Address Cloning in WAN Setup......................................................................................24-1
Figure 24-2 Menu 2: Dial Backup Setup .....................................................................................................24-3
Figure 24-3 Menu 2.1 Advanced WAN Setup ..............................................................................................24-4
Figure 24-4 Menu 11.1 Remote Node Profile (Backup ISP) ........................................................................24-6
xviii List of Figures
ZyWALL Series Internet Security Gateway
Figure 24-5 Menu 11.2: Remote Node PPP Options.................................................................................... 24-9
Figure 24-6 Menu 11.3: Remote Node Network Layer Options .................................................................. 24-9
Figure 24-7 Menu 11.4: Remote Node Setup Script .................................................................................. 24-12
Figure 24-8 Menu 11.5: Dial Backup Remote Node Filter ........................................................................ 24-13
Figure 25-1 Menu 3: LAN Setup ................................................................................................................. 25-1
Figure 25-2 Menu 3.1: LAN Port Filter Setup ............................................................................................. 25-2
Figure 25-3 Menu 3: TCP/IP and DHCP Setup............................................................................................ 25-2
Figure 25-4 Menu 3.2: TCP/IP and DHCP Ethernet Setup .......................................................................... 25-3
Figure 25-5 Menu 3.2.1: IP Alias Setup....................................................................................................... 25-6
Figure 25-6 Menu 3.5 – Wireless LAN Setup.............................................................................................. 25-7
Figure 25-7 Menu 3.5.1: WLAN MAC Address Filter .............................................................................. 25-10
Figure 26-1 Menu 5: DMZ Setup................................................................................................................ 26-1
Figure 26-2 Menu 5.1: DMZ Port Filter Setup ............................................................................................ 26-1
Figure 26-3 Menu 5: TCP/IP Setup.............................................................................................................. 26-2
Figure 26-4 Menu 5.2: TCP/IP Setup........................................................................................................... 26-2
Figure 26-5 Menu 5.2.1: IP Alias Setup....................................................................................................... 26-3
Figure 27-1 Menu 4: Internet Access Setup (Ethernet) ................................................................................ 27-1
Figure 27-2 Internet Access Setup (PPTP)................................................................................................... 27-4
Figure 27-3 Internet Access Setup (PPPoE)................................................................................................. 27-5
Figure 28-1 Menu 11 Remote Node Setup................................................................................................... 28-2
Figure 28-2 Menu 11.1: Remote Node Profile for Ethernet Encapsulation ................................................. 28-3
Figure 28-3 Menu 11.1: Remote Node Profile for PPPoE Encapsulation.................................................... 28-5
Figure 28-4 Menu 11.1: Remote Node Profile for PPTP Encapsulation...................................................... 28-7
Figure 28-5 Menu 11.3: Remote Node Network Layer Options for Ethernet Encapsulation ...................... 28-8
Figure 28-6 Menu 11.5: Remote Node Filter (Ethernet Encapsulation)......................................................28-11
Figure 28-7 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation)..........................................28-11
Figure 28-8 Menu 11.1: Remote Node Profile ........................................................................................... 28-12
Figure 28-9 Menu 11.6: Traffic Redirect Setup ......................................................................................... 28-13
Figure 29-1 Menu 12: IP Static Route Setup................................................................................................ 29-1
Figure 29-2 Menu 12. 1: Edit IP Static Route .............................................................................................. 29-2
Figure 30-1 Menu 4: Applying NAT for Internet Access............................................................................. 30-2
Figure 30-2 Menu 11.3: Applying NAT to the Remote Node ...................................................................... 30-3
Figure 30-3 Menu 15: NAT Setup................................................................................................................ 30-4
Figure 30-4 Menu 15.1: Address Mapping Sets........................................................................................... 30-5
Figure 30-5 Menu 15.1.255: SUA Address Mapping Rules......................................................................... 30-5
Figure 30-6 Menu 15.1.1: First Set .............................................................................................................. 30-7
Figure 30-7 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set............................................. 30-8
Figure 30-8 Menu 15.2: NAT Server Setup (ZyWALL 10W).................................................................... 30-10
Figure 30-9 Server Behind NAT Example ................................................................................................. 30-10
Figure 30-10 NAT Example 1 .....................................................................................................................30-11
Figure 30-11 Menu 4: Internet Access & NAT Example ............................................................................30-11
Figure 30-12 NAT Example 2 .................................................................................................................... 30-12
List of Figures xix
ZyWALL Series Internet Security Gateway
Figure 30-13 Menu 15.2: Specifying an Inside Server ...............................................................................30-12
Figure 30-14 NAT Example 3.....................................................................................................................30-13
Figure 30-15 Example 3: Menu 11.3 .......................................................................................................... 30-14
Figure 30-16 Example 3: Menu 15.1.1.1 ....................................................................................................30-15
Figure 30-17 Example 3: Final Menu 15.1.1..............................................................................................30-15
Figure 30-18 Example 3: Menu 15.2 .......................................................................................................... 30-16
Figure 30-19 NAT Example 4.....................................................................................................................30-16
Figure 30-20 Example 4: Menu 15.1.1.1: Address Mapping Rule .............................................................30-17
Figure 30-21 Example 4: Menu 15.1.1: Address Mapping Rules...............................................................30-18
Figure 30-22 Menu 15.3: Trigger Port Setup..............................................................................................30-19
Figure 31-1 Menu 21: Filter and Firewall Setup...........................................................................................31-1
Figure 31-2 Menu 21.2: Firewall Setup........................................................................................................31-2
Figure 32-1 Outgoing Packet Filtering Process ............................................................................................ 32-2
Figure 32-2 Filter Rule Process ....................................................................................................................32-3
Figure 32-4 Menu 21: Filter and Firewall Setup...........................................................................................32-4
Figure 32-5 Menu 21.1: Filter Set Configuration .........................................................................................32-4
Figure 32-6 Menu 21.1.1.1: TCP/IP Filter Rule ...........................................................................................32-7
Figure 32-7 Executing an IP Filter..............................................................................................................32-10
Figure 32-8 Menu 21.1.4.1: Generic Filter Rule.........................................................................................32-11
Figure 32-9 Telnet Filter Example ..............................................................................................................32-13
Figure 32-10 Example Filter: Menu 21.1.3.1..............................................................................................32-14
Figure 32-11 Example Filter Rules Summary: Menu 21.1.3 ...................................................................... 32-15
Figure 32-12 Protocol and Device Filter Sets.............................................................................................32-16
Figure 32-13 Filtering LAN Traffic ............................................................................................................32-17
Figure 32-14Filtering DMZ Traffic ............................................................................................................32-18
Figure 32-15 Filtering Remote Node Traffic ..............................................................................................32-18
Figure 33-1 Menu 22: SNMP Configuration ................................................................................................33-1
Figure 34-1 Menu 24: System Maintenance.................................................................................................34-1
Figure 34-2 Menu 24.1: System Maintenance: Status (ZyWALL 100) .......................................................34-2
Figure 34-3 Menu 24.2: System Information and Console Port Speed.........................................................34-4
Figure 34-4 Menu 24.2.1: System Maintenance: Information (ZyWALL 10W) ..........................................34-4
Figure 34-5 Menu 24.2.2: System Maintenance: Change Console Port Speed.............................................34-5
Figure 34-6 Menu 24.3: System Maintenance: Log and Trace ..................................................................... 34-6
Figure 34-7 Examples of Error and Information Messages ..........................................................................34-7
Figure 34-8 Menu 24.3.2: System Maintenance: Syslog Logging................................................................34-7
Figure 34-9 Call-Triggering Packet Example.............................................................................................34-11
Figure 34-10 Menu 24.4: System Maintenance: Diagnostic.......................................................................34-12
Figure 34-11 LAN & WAN DHCP .............................................................................................................34-13
Figure 35-1 Telnet into Menu 24.5 ...............................................................................................................35-3
Figure 35-2 FTP Session Example................................................................................................................35-4
Figure 35-3 System Maintenance: Backup Configuration............................................................................35-7
Figure 35-4 System Maintenance: Starting Xmodem Download Screen......................................................35-7
xx List of Figures
ZyWALL Series Internet Security Gateway
Figure 35-5 Backup Configuration Example ............................................................................................... 35-7
Figure 35-6 Successful Backup Confirmation Screen.................................................................................. 35-8
Figure 35-7 Telnet into Menu 24.6............................................................................................................... 35-9
Figure 35-8 Restore Using FTP Session Example ..................................................................................... 35-10
Figure 35-9 System Maintenance: Restore Configuration......................................................................... 35-10
Figure 35-10 System Maintenance: Starting Xmodem Download Screen ................................................. 35-10
Figure 35-11 Restore Configuration Example ............................................................................................35-11
Figure 35-12 Successful Restoration Confirmation Screen ........................................................................35-11
Figure 35-13 Telnet Into Menu 24.7.1: Upload System Firmware............................................................. 35-12
Figure 35-14 Telnet Into Menu 24.7.2: System Maintenance .................................................................... 35-13
Figure 35-15 FTP Session Example of Firmware File Upload .................................................................. 35-14
Figure 35-16 Menu 24.7.1 As Seen Using the Console Port...................................................................... 35-16
Figure 35-17 Example Xmodem Upload ................................................................................................... 35-17
Figure 35-18 Menu 24.7.2 As Seen Using the Console Port...................................................................... 35-18
Figure 35-19 Example Xmodem Upload ................................................................................................... 35-19
Figure 36-1 Command Mode in Menu 24.................................................................................................... 36-1
Figure 36-2 Valid Commands ...................................................................................................................... 36-2
Figure 36-3 Call Control.............................................................................................................................. 36-3
Figure 36-4 Budget Management................................................................................................................. 36-4
Figure 36-5 Call History .............................................................................................................................. 36-5
Figure 36-6 Menu 24: System Maintenance ................................................................................................ 36-6
Figure 36-7 Menu 24.10 System Maintenance: Time and Date Setting....................................................... 36-7
Figure 37-1 Menu 24.11 – Remote Management Control............................................................................ 37-2
Figure 38-1 IP Routing Policy Setup ........................................................................................................... 38-2
Figure 38-3 Menu 25.1: Sample IP Routing Policy Setup ...........................................................................38-3
Figure 38-4 IP Routing Policy ..................................................................................................................... 38-4
Figure 38-5 Menu 3.2: TCP/IP and DHCP Ethernet Setup .......................................................................... 38-6
Figure 38-6 Example of IP Policy Routing .................................................................................................. 38-7
Figure 38-7 IP Routing Policy Example ...................................................................................................... 38-8
Figure 38-8 IP Routing Policy ..................................................................................................................... 38-9
Figure 38-9 Applying IP Policies ............................................................................................................... 38-10
Figure 39-1 Schedule Setup ......................................................................................................................... 39-1
Figure 39-2 Schedule Set Setup ................................................................................................................... 39-2
Figure 39-3 Applying Schedule Set(s) to a Remote Node (PPPoE)............................................................. 39-4
Figure 39-4 Applying Schedule Set(s) to a Remote Node (PPTP)............................................................... 39-5
Figure 40-1 VPN SMT Menu Tree............................................................................................................... 40-1
Figure 40-2 Menu 27: VPN/IPSec Setup ..................................................................................................... 40-2
Figure 40-3 Menu 27.1: IPSec Summary..................................................................................................... 40-2
Figure 40-4 Menu 27.1.1: IPSec Setup ........................................................................................................ 40-6
Figure 40-5 Menu 27.1.1.1: IKE Setup...................................................................................................... 40-12
Figure 40-6 Menu 27.1.1.2: Manual Setup ................................................................................................ 40-15
Figure 41-1 Menu 27.2: SA Monitor............................................................................................................ 41-1
List of Figures xxi
ZyWALL Series Internet Security Gateway
xxii List of Figures
ZyWALL Series Internet Security Gateway
List of Tables
Table 1-1 Model Specific Features................................................................................................................. 1-7
Table 2-1Web Configurator Screens Summary .............................................................................................. 2-4
Table 3-1 Ethernet Encapsulation .................................................................................................................. 3-3
Table 3-2 PPPoE Encapsulation..................................................................................................................... 3-5
Table 3-3 PPTP Encapsulation ....................................................................................................................... 3-7
Table 3-4 Private IP Address Ranges ............................................................................................................. 3-8
Table 3-5 Example of Network Properties for LAN Servers with Fixed IP Addresses................................ 3-10
Table 3-6 WAN Setup ...................................................................................................................................3-11
Table 4-1 System General Setup .................................................................................................................... 4-2
Table 4-2 DDNS............................................................................................................................................. 4-4
Table 4-3 Password ........................................................................................................................................ 4-6
Table 4-4 Time Setting................................................................................................................................... 4-7
Table 5-1 IP .................................................................................................................................................... 5-3
Table 5-2 Static DHCP................................................................................................................................... 5-6
Table 5-3 IP Alias........................................................................................................................................... 5-8
Table 6-1 Wireless.......................................................................................................................................... 6-5
Table 6-2 MAC Address Filter....................................................................................................................... 6-7
Table 6-3 802.1X Authentication ................................................................................................................... 6-8
Table 7-1 DMZ............................................................................................................................................... 7-2
Table 8-1 WAN Setup: Route......................................................................................................................... 8-2
Table 8-2 Ethernet Encapsulation .................................................................................................................. 8-3
Table 8-3 PPPoE Encapsulation..................................................................................................................... 8-5
Table 8-4 PPTP Encapsulation ....................................................................................................................... 8-7
Table 8-5 IP Setup.......................................................................................................................................... 8-9
Table 8-6 Traffic Redirect ............................................................................................................................ 8-14
Table 8-7Dial Backup Setup ........................................................................................................................ 8-17
Table 8-8 Advanced Setup ........................................................................................................................... 8-22
Table 9-1 NAT Definitions............................................................................................................................. 9-1
Table 9-2 NAT Table Example ....................................................................................................................... 9-2
Table 9-3 NAT Mapping Types...................................................................................................................... 9-5
Table 9-4 Services and Port Numbers ............................................................................................................ 9-6
Table 9-5 SUA Server .................................................................................................................................... 9-9
Table 9-6 Address Mapping ..........................................................................................................................9-11
Table 9-7 Address Mapping Edit.................................................................................................................. 9-12
Table 9-8 Trigger Port.................................................................................................................................. 9-15
Table 10-1 IP Static Route............................................................................................................................ 10-2
Table 10-2 Edit IP Static Route.................................................................................................................... 10-3
Table 11-1 Common IP Ports........................................................................................................................11-4
Table 11-2 ICMP Commands That Trigger Alerts.........................................................................................11-6
List of Tables xxiii
ZyWALL Series Internet Security Gateway
Table 11-3 Legal NetBIOS Commands ........................................................................................................11-7
Table 11-4 Legal SMTP Commands............................................................................................................. 11-7
Table 12-1 Application and Subnet-based Bandwidth Management Example .............................................12-6
Table 12-2 Firewall Summary ......................................................................................................................12-8
Table 12-3 Firewall Edit Rule..................................................................................................................... 12-11
Table 12-4 Source and Destination Addresses Add/Edit.............................................................................12-14
Table 12-5 Custom Port Create/Edit ...........................................................................................................12-15
Table 12-6 BM Global Setting .................................................................................................................... 12-16
Table 12-7 Predefined Services ..................................................................................................................12-22
Table 12-8 Attack Alert...............................................................................................................................12-26
Table 13-1 Content Filtering General ...........................................................................................................13-2
Table 13-2 Content Filtering Categories ....................................................................................................... 13-7
Table 13-3 Content Filtering Customization...............................................................................................13-14
Table 14-1 VPN and NAT.............................................................................................................................14-5
Table 15-1 AH and ESP................................................................................................................................15-2
Table 15-2 VPN Rules ..................................................................................................................................15-4
Table 15-3 Local ID Type and Content Fields ..............................................................................................15-9
Table 15-4 Peer ID Type and Content Fields ................................................................................................15-9
Table 15-5 Matching ID Type and Content Configuration Example ............................................................15-9
Table 15-6 Mismatching ID Type and Content Configuration Example.....................................................15-10
Table 15-7 VPN IKE...................................................................................................................................15-12
Table 15-8 VPN IKE: Advanced.................................................................................................................15-22
Table 15-9 VPN Manual Key .....................................................................................................................15-25
Table 15-10 SA Monitor .............................................................................................................................15-29
Table 15-11 Global Setting .........................................................................................................................15-30
Table 15-12 Telecommuters Sharing One VPN Rule Example ..................................................................15-31
Table 15-13 Telecommuters Using Unique VPN Rules Example...............................................................15-33
Table 16-1 My Certificates ...........................................................................................................................16-4
Table 16-2 My Certificate Import .................................................................................................................16-8
Table 16-3 My Certificate Create .................................................................................................................16-9
Table 16-4 My Certificate Details............................................................................................................... 16-14
Table 16-5 Trusted CAs .............................................................................................................................. 16-17
Table 16-6 Trusted CA Details....................................................................................................................16-21
Table 16-7 Trusted Remote Hosts...............................................................................................................16-24
Table 16-8Trusted Remote Host Import .....................................................................................................16-27
Table 16-9 Trusted Remote Host Details .................................................................................................... 16-30
Table 16-10 Directory Servers ....................................................................................................................16-33
Table 16-11 Directory Server Add ..............................................................................................................16-34
Table 17-1 Local User Database ...................................................................................................................17-3
Table 17-2 RADIUS .....................................................................................................................................17-6
Table 18-1 WWW.........................................................................................................................................18-4
Table 18-2 SSH...........................................................................................................................................18-17
xxiv List of Tables
ZyWALL Series Internet Security Gateway
Table 18-3 Telnet........................................................................................................................................ 18-22
Table 18-4 FTP........................................................................................................................................... 18-23
Table 18-5 SNMP Traps............................................................................................................................. 18-25
Table 18-6 SNMP....................................................................................................................................... 18-26
Table 18-7 DNS ......................................................................................................................................... 18-28
Table 18-8 Security .................................................................................................................................... 18-29
Table 19-1 Configuring UPnP...................................................................................................................... 19-3
Table 19-2 UPnP Ports ................................................................................................................................. 19-4
Table 20-1 View Log.................................................................................................................................... 20-2
Table 20-2 Log Settings Screen ................................................................................................................... 20-5
Table 20-3 Reports ....................................................................................................................................... 20-7
Table 20-4 Web Site Hits Report.................................................................................................................. 20-8
Table 20-5 Protocol/ Port Report ................................................................................................................. 20-9
Table 20-6 LAN IP Address Report ........................................................................................................... 20-10
Table 20-7 Report Specifications ................................................................................................................20-11
Table 21-1 System Status ............................................................................................................................. 21-2
Table 21-2 System Status: Show Statistics................................................................................................... 21-3
Table 21-3 DHCP Table ............................................................................................................................... 21-4
Table 21-4 Restore Configuration ................................................................................................................ 21-9
Table 22-1 Main Menu Commands.............................................................................................................. 22-2
Table 22-2 Main Menu Summary ................................................................................................................ 22-4
Table 23-1 General Setup Menu Field ......................................................................................................... 23-2
Table 23-2 Configure Dynamic DNS........................................................................................................... 23-3
Table 24-1 MAC Address Cloning in WAN Setup....................................................................................... 24-1
Table 24-2 Menu 2: Dial Backup Setup ....................................................................................................... 24-3
Table 24-3 Advanced WAN Port Setup: AT Commands Fields ................................................................... 24-4
Table 24-4 Advanced WAN Port Setup: Call Control Parameters ............................................................... 24-5
Table 24-5 Fields in Menu 11.1 Remote Node Profile (Backup ISP) .......................................................... 24-6
Table 24-6 Remote Node PPP Options Menu Fields ................................................................................... 24-9
Table 24-7 Remote Node Network Layer Options Menu Fields................................................................ 24-10
Table 24-8 Menu 11.4: Remote Node Script Menu Fields......................................................................... 24-13
Table 25-1 DHCP Ethernet Setup Menu Fields............................................................................................ 25-3
Table 25-2 LAN TCP/IP Setup Menu Fields................................................................................................ 25-4
Table 25-3 IP Alias Setup Menu Fields ........................................................................................................ 25-6
Table 25-4 Wireless LAN Setup Menu Fields.............................................................................................. 25-7
Table 25-5 Menu 3.5.1: WLAN MAC Address Filter................................................................................ 25-10
Table 27-1 Menu 4: Internet Access Setup Menu Fields.............................................................................. 27-1
Table 27-2 New Fields in Menu 4 (PPTP) Screen ....................................................................................... 27-4
Table 27-3 New Fields in Menu 4 (PPPoE) screen ...................................................................................... 27-5
Table 28-1 Fields in Menu 11.1.................................................................................................................... 28-3
Table 28-2 Fields in Menu 11.1 (PPPoE Encapsulation Specific) ............................................................... 28-6
Table 28-3 Fields in Menu 11.1 (PPTP Encapsulation)................................................................................ 28-7
List of Tables xxv
ZyWALL Series Internet Security Gateway
Table 28-4 Remote Node Network Layer Options Menu Fields...................................................................28-8
Table 28-5 Menu 11.1: Remote Node Profile (Traffic Redirect Field) .......................................................28-12
Table 28-6 Menu 11.6: Traffic Redirect Setup............................................................................................28-13
Table 29-1 IP Static Route Menu Fields .......................................................................................................29-2
Table 30-1 Applying NAT in Menus 4 & 11.3..............................................................................................30-3
Table 30-2 SUA Address Mapping Rules .....................................................................................................30-6
Table 30-3 Fields in Menu 15.1.1 .................................................................................................................30-7
Table 30-4 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set ...............................................30-9
Table 30-5 Menu 15.3: Trigger Port Setup Description.............................................................................. 30-19
Table 32-1 Abbreviations Used in the Filter Rules Summary Menu ............................................................32-5
Table 32-2 Rule Abbreviations Used............................................................................................................32-6
Table 32-3 TCP/IP Filter Rule Menu Fields .................................................................................................32-7
Table 32-4 Generic Filter Rule Menu Fields .............................................................................................. 32-11
Table 33-1 SNMP Configuration Menu Fields .............................................................................................33-1
Table 33-2 SNMP Traps................................................................................................................................33-2
Table 34-1 System Maintenance: Status Menu Fields ..................................................................................34-2
Table 34-2 Fields in System Maintenance: Information ............................................................................... 34-4
Table 34-3 System Maintenance Menu Syslog Logging ..............................................................................34-8
Table 34-4 System Maintenance Menu Diagnostic ....................................................................................34-13
Table 35-1 Filename Conventions ................................................................................................................35-2
Table 35-2 General Commands for GUI-based FTP Clients ........................................................................35-4
Table 35-3 General Commands for GUI-based TFTP Clients......................................................................35-6
Table 36-1 Valid Commands.........................................................................................................................36-2
Table 36-2 Budget Management...................................................................................................................36-4
Table 36-3 Call History Fields ...................................................................................................................... 36-5
Table 36-4 Time and Date Setting Fields......................................................................................................36-7
Table 37-1 Menu 24.11 – Remote Management Control..............................................................................37-2
Table 38-1 IP Routing Policy Setup..............................................................................................................38-3
Table 38-2 IP Routing Policy........................................................................................................................38-4
Table 39-1Schedule Set Setup Fields............................................................................................................39-2
Table 40-1 Menu 27.1: IPSec Summary .......................................................................................................40-2
Table 40-2 Menu 27.1.1: IPSec Setup...........................................................................................................40-6
Table 40-3 Menu 27.1.1.1: IKE Setup ........................................................................................................40-13
Table 40-4 Active Protocol: Encapsulation and Security Protocol .............................................................40-15
Table 40-5 Menu 27.1.1.2: Manual Setup................................................................................................... 40-15
Table 41-1 Menu 27.2: SA Monitor..............................................................................................................41-2
xxvi List of Tables
ZyWALL Series Internet Security Gateway
Preface
About This User's Manual
Congratulations on your purchase of the ZyWALL Internet Security Gateway. This manual is designed to
guide you through the configuration of your ZyWALL for its various applications.
Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your ZyWALL. Not all features can be configured
through all interfaces.
The web configurator parts of this guide contain background information on features configurable by the web
configurator and the SMT. The SMT parts of this guide contain background information solely on features
not configurable by the web configurator.
This manual may refer to the ZyWALL Internet Security Gateway as the ZyWALL.
This manual covers the ZyWALL 10W, 30W, 50 and 100 models. Supported features
and the details of the features, vary from model to model. Not every feature applies
to every model; refer to Table 1:1 Model Specific Features to see what features are
specific to your ZyWALL model.
Related Documentation
Support Disk
Refer to the included CD for support documents.
Read Me First or Quick Start Guide
The Read Me First or Quick Start Guide is designed to help you get up and running right away. It
contains a detailed easy-to-follow connection diagram, default settings, handy checklists and
information on setting up your network and configuring for Internet access.
Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary information.
Packing List Card
The Packing List Card lists all items that should have come in the package.
Certifications
Refer to the product page at www.zyxel.com
ZyXEL Glossary and Web Site
Please refer to www.zyxel.com
documentation.
for an online glossary of networking terms and additional support
for information on product certifications.
User’s Guide Feedback
Preface xxvii
ZyWALL Series Internet Security Gateway
Help us help you. E-mail all User’s Guide-related comments, questions or suggestions for improvement to
techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications
Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Syntax Conventions
• The version number on the title page is the latest firmware version that is documented in this User’s
Guide. Earlier versions may also be included.
• “Enter” means for you to type one or more characters and press the carriage return. “Select” or
“Choose” means for you to use one of the predefined choices.
• The SMT menu titles and labels are in Bold Times New Roman font. Command and arrow keys are
enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape
key and [SPACE BAR] means the Space Bar.
• The choices of a menu item are in Bold Arial font.
• Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control
Panels and Modem” means first click the Apple icon, then point your mouse pointer to Control Panels
and then click Modem.
• For brevity’s sake, we will use “e.g.” as a shorthand for “for instance” and “i.e.” for “that is” or “in other
words” throughout this manual.
Graphics Icons Key
ZyWALL
Server
Firewall
Wireless Signal
Computer
Modem
Router
Notebook Computer
DSLAM (Digital Subscriber
Line Access Multiplexer)
Switch
xxviii Preface
Getting Started
Part I:
Getting Started
This part helps you get to know your ZyWALL, introduces the web configurator and covers how to
configure the Wizard Setup screens.
I
Loading...