Zyxel ZYWALL 5 User Manual

Page 1
ZyWALL 5
Internet Security Appliance
Quick Start Guide
Version 3.62 (XD.0)
May 2004
Page 2
ZyWALL 5 Internet Security Appliance
Introducing the ZyWALL
The ZyWALL 5 is the ideal secure gateway for all data passing between the Internet and the LAN. By integrating NAT, firewall, content filtering, certificates and VPN capability, ZyXEL’s ZyWALL 5 is a complete security solution that protects your Intranet and efficiently manages data traffic on your network. The ZyWALL increases network security by adding up to four De-Militarized Zone (DMZ) ports for use with publicly accessible servers. Dial backup and traffic redirect enhance reliability.
The PCMCIA/CardBus slot allows you to add a 802.11b/g-compliant wireless LAN. The embedded web configurator is easy to operate and totally independent of the operating system platform you use. You can deploy the ZyWALL as a transparent firewall in an existing network with minimal configuration.
You should have an Internet account already set up and have been given most of the following information.
Internet Account Information
Your device’s WAN IP Address (if given): __________________
Your device’s WAN Default Gateway (if given): __________________
Your device’s WAN Net Mask (if given): __________________
DNS Server IP Address (if given): Primary _______________, Secondary _______________, Third _______________
Encapsulation: (choose one below)
Ethernet
User Name: ____________ Password: ____________
PPTP
Your WAN IP Address: ____________ PPTP Server IP Address: ___________
PPPoE
Service Type: _______________________
Login Server IP Address: ______________
User Name: ____________ Password: ____________
Connection ID (if required): ____________
(PPPoE) Service Name: ____________
User Name: ____________ Password: ____________
Procedure to View a Product’s Certification(s)
1. Go to www.zyxel.com.
2. Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.
3. Select the certification you wish to view from this page.
Page 3
ZyWALL 5 Internet Security Appliance
1 Hardware Connections
1.1 Front Panel and Connectors
Refer to section 1.3 on how to setup your ZyWALL.
LABEL DESCRIPTION
RESET You only need to use this button if you’ve forgotten the ZyWALL’s password. It
returns the ZyWALL to the factory defaults (password is 1234, LAN IP address
192.168.1.1, terminal emulation settings as described below etc.; see your User’s Guide for details).
WAN 10/100 This port is auto-negotiating (can connect at 10 or 100Mbps) and auto-crossover
(automatically adjust to straight-through or crossover Ethernet cable).
LAN/DMZ 10/100 1-4
These ports are auto-negotiating (can connect at 10 or 100Mbps) and auto­crossover (automatically adjust to straight-through or crossover Ethernet cable).
1.2 Rear Panel and Connectors
LABEL DESCRIPTION
DIAL BACKUP Only connect this port if you want to set up a backup WAN connection; see your
User’s Guide for details.
CONSOLE Only connect this port if you want to configure the ZyWALL using the SMT
(System Management Terminal) via console port; see your User’s Guide for details.
Your computer should have a terminal emulation communications program (such as HyperTerminal) set to VT100 terminal emulation, no parity, 8 data bits, 1 stop bit, no flow control and 9600 bps port speed.
Page 4
ZyWALL 5 Internet Security Appliance
LABEL DESCRIPTION
EXTENSION CARD SLOT
POWER Connect the included power adaptor (use only this adaptor) to this power socket.
Turn off the ZyWALL before inserting or removing an 802.11b/g-compliant wireless LAN PCMCIA or CardBus card (to avoid damage).
1.3 Setting Up Your ZyWALL
The example figures in this section are for a ZyWALL in router mode. The ZyWALL is set to router mode by default. To have the ZyWALL function as a bridge, select Bridge and click Apply in the MAINTENANCE Device Mode screen.
1. Router Mode: Connect your cable/DSL modem to WAN port with the Ethernet cable that came
with your modem.
Bridge Mode: Connect a router to WAN port with an Ethernet cable..
2. Router Mode: Connect computers or switches to LAN ports with Ethernet cables.
If you configure these ports as DMZ ports in the LAN or DMZ screen through the Web configurator, connect publicly accessible servers (Web, FTP, etc.) to these ports to make the servers visible to the outside world.
Bridge Mode: Connect computers or switches to LAN/DMZ ports with Ethernet cables.
2.
1.
Page 5
ZyWALL 5 Internet Security Appliance
Do not insert or remove a card with the ZyWALL turned on.
3. Slide the 64-pin connector end of the PCMCIA or CardBus wireless LAN card into the
extension card slot if you want to add a 802.11b/g-compliant wireless LAN.
Do not force, bend or twist the wireless LAN card.
4. Router Mode: If you want to set up a backup WAN connection, connect the 9-pin female end of
your modem or Terminal Adaptor (TA) cable to DIAL BACKUP port and the other end to your modem or TA.
Bridge Mode: There is no backup WAN connection for the ZyWALL in bridge mode.
5. If you want to configure the ZyWALL using the SMT (System Management Terminal) via
CONSOLE port, connect the 9-pin male end of the console cable to the console port of the ZyWALL and the other end to a serial port (COM1, COM2 or other COM port) on your computer.
6. After you’ve made the connections, connect the included power adaptor to the power socket and
connect the power adaptor to a power supply (outlet).
The PWR LED turns on green when you connect the power. The SYS LED blinks for about 30 seconds while performing system testing and then stays on if the testing is successful. The ACT, CARD, WAN and LAN/DMZ LEDs turn on if the corresponding connections are properly made. Please see section 1.4 for detailed LED descriptions.
4.
3.
5.
6.
Page 6
ZyWALL 5 Internet Security Appliance
1.4 Front Panel LEDs
LED COLOR STATUS DESCRIPTION
PWR
SYS Green
CARD Green
WAN 10/100
LAN/DMZ 10/100
Off The ZyWALL is turned off.
Green On The ZyWALL is turned on.
Red On The power to the ZyWALL is too low.
Off The ZyWALL is not ready or has failed.
On The ZyWALL is ready and running.
Flashing The ZyWALL is restarting.
Off The backup port is not connected. ACT Green
Flashing The backup port is sending or receiving packets.
Off The wireless LAN is not ready, or has failed.
On The wireless LAN is ready.
Flashing The wireless LAN is sending or receiving packets.
Off The WAN connection is not ready, or has failed.
On The ZyWALL has a successful 10Mbps WAN connection. Green
Flashing The 10M WAN is sending or receiving packets.
Orange
Off The LAN/DMZ is not connected.
Orange
On The ZyWALL has a successful 100Mbps WAN connection.
Flashing The 100M WAN is sending or receiving packets.
On The ZyWALL has a successful 10Mbps Ethernet connection. Green
Flashing The 10M LAN is sending or receiving packets.
On The ZyWALL has a successful 100Mbps Ethernet
connection.
Flashing The 100M LAN is sending or receiving packets.
Page 7
ZyWALL 5 Internet Security Appliance
2 Setting Up Your Computer’s IP Address
Skip this section if your computer is already set up to accept a dynamic IP
address. This is the default for most new computers.
The ZyWALL is already set up to assign your computer an IP address. If you set the ZyWALL to router mode, use this section to set up your computer to receive an IP address or assign it a static IP address in the 192.168.1.2 to 192.168.1.254 range with a subnet mask of 255.255.255.0. This is necessary to ensure that your computer can communicate with your ZyWALL.
Your computer must have an Ethernet card and TCP/IP installed. TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later operating systems.
Windows 2000/NT/XP
1. In Windows XP, click Start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel.
2. In Windows XP, click Network Connections.
In Windows 2000/NT, click Network and Dial-up Connections.
3. Right-click Local Area Connection and then click Properties.
4. Select Internet Protocol (TCP/IP) (under the General tab in Windows XP) and click Properties.
5. The Internet Protocol TCP/IP Properties screen opens (the General tab in Windows XP).
- To have your computer assigned a dynamic IP address, click Obtain an IP address automatically.
-To configure a static IP address, click Use the following IP Address and fill in the IP address (choose one from192.168.1.2 to 192.168.1.254), Subnet mask (255.255.255.0), and Default gateway (192.168.1.1) fields.
Page 8
ZyWALL 5 Internet Security Appliance
6. Click Advanced. Remove any previously installed gateways in the IP Settings tab and click OK to go back to the Internet Protocol TCP/IP Properties screen.
7. Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
If you know your DNS server IP address(es), click Use the
following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
If you have more than two DNS servers, click Advanced, the DNS tab and then configure them using Add.
8. Click OK to close the Internet Protocol (TCP/IP) Properties window.
9. Click OK to close the Local Area Connection Properties window.
Checking Your Computer’s IP Address
1. In the computer, click Start, (All) Programs, Accessories and then Command Prompt.
2. In the Command Prompt window, type "ipconfig" and then press ENTER. Your computer’s IP address must be in the correct range (192.168.1.2 to 192.168.1.254) with subnet mask 255.255.255.0 in order to communicate with the ZyWALL.
Refer to your User’s Guide for detailed IP address configuration for other Windows and Macintosh computer operating systems.
3 Configuring Your ZyWALL
Choose one of these methods to access and configure the ZyWALL. This
Quick Start Guide shows you how to use the web configurator wizards only.
See your User’s Guide for background information on all ZyWALL features
and SMT configuration. Click the web configurator online help for screen-
specific web help.
Web Configurator
SMT (System Management Terminal). Access the SMT via:
o Console port using terminal emulation software
o LAN, WLAN, DMZ or WAN using Telnet
Page 9
ZyWALL 5 Internet Security Appliance
3.1 Accessing Your ZyWALL Via Web Configurator
1. Launch your web browser. When your ZyWALL is in router mode, enter “192.168.1.1” (default)
as the web site address. If you set the ZyWALL to bridge mode, use the IP address you configured to access it.
Web site address.
2. The default password (“1234”) is already in the password field (in non-readable format). Click
Login to proceed to a screen asking you to change your password. Click Reset to revert to the default password in the password field.
Default password.
3. It is highly recommended you change the default password! Enter a new password, retype it to
confirm and click Apply; alternatively click Ignore if you do not want to change the password now.
Change default password.
4. Click Apply in the Replace Certificate screen to create a certificate using your ZyWALL’s
MAC address that will be specific to this device.
Loading...