ZyXEL Communications 2 Plus User Manual

ZyWALL 2 Plus
Internet Security Appliance

User’s Guide

Version 4.02 3/2007 Edition 1
www.zyxel.com
About This User's Guide
Intended Audience
This manual is intended for people who want to configure the ZyWALL using the web configurator or System Management Terminal (SMT). You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Related Documentation
• Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains
information on setting up your network and configuring for Internet access.
• Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary
information.
" It is recommended you use the web configurator to configure the ZyWALL.
• Supporting Disk Refer to the included CD for support documents.
• ZyXEL Web Site Please refer to www.zyxel.com
certifications.
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
for additional support documentation and product
ZyWALL 2 Plus User’s Guide
3

Document Conventions

Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The ZyWALL 2 Plus may be referred to as the “ZyWALL”, the “device” or the “system” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
4
ZyWALL 2 Plus User’s Guide
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device.
ZyWALL Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
ZyWALL 2 Plus User’s Guide
5

Safety Warnings

Safety Warnings
1 For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device.
• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
6
This product is recyclable. Dispose of it properly.
ZyWALL 2 Plus User’s Guide

Contents Overview

Contents Overview
Introduction and Registration ...............................................................................................43
Getting to Know Your ZyWALL .................................................................................................. 45
Introducing the Web Configurator .............................................................................................. 49
Wizard Setup ............................................................................................................................. 67
Tutorial ....................................................................................................................................... 85
Registration ..............................................................................................................................117
Network ................................................................................................................................. 121
LAN Screens ........................................................................................................................... 123
Bridge Screens ........................................................................................................................ 135
WAN Screens .......................................................................................................................... 141
DMZ Screens ........................................................................................................................... 161
Wireless LAN ........................................................................................................................... 171
Security ................................................................................................................................. 179
Firewall .................................................................................................................................... 181
Content Filtering Screens .........................................................................................................211
Content Filtering Reports ......................................................................................................... 227
IPSec VPN ............................................................................................................................... 235
Certificates ............................................................................................................................... 275
Authentication Server .............................................................................................................. 301
Advanced .............................................................................................................................. 307
Network Address Translation (NAT) ........................................................................................ 309
Static Route ............................................................................................................................. 325
Bandwidth Management .......................................................................................................... 329
DNS ......................................................................................................................................... 343
Remote Management ..............................................................................................................355
UPnP ....................................................................................................................................... 377
ALG Screen ............................................................................................................................. 387
Logs and Maintenance ........................................................................................................ 393
Logs Screens ........................................................................................................................... 395
Maintenance ............................................................................................................................ 427
SMT and Troubleshooting ...................................................................................................443
Introducing the SMT ................................................................................................................ 445
ZyWALL 2 Plus User’s Guide
7
Contents Overview
SMT Menu 1 - General Setup .................................................................................................. 453
WAN and Dial Backup Setup ................................................................................................... 459
LAN Setup ............................................................................................................................... 469
Internet Access ........................................................................................................................ 475
DMZ Setup .............................................................................................................................. 479
Wireless Setup ........................................................................................................................ 483
Remote Node Setup ................................................................................................................ 487
IP Static Route Setup .............................................................................................................. 497
Network Address Translation (NAT) ........................................................................................ 499
Introducing the ZyWALL Firewall ............................................................................................. 517
Filter Configuration .................................................................................................................. 519
SNMP Configuration ................................................................................................................ 535
System Information & Diagnosis ............................................................................................. 537
Firmware and Configuration File Maintenance ........................................................................ 549
System Maintenance Menus 8 to 10 ....................................................................................... 563
Remote Management ..............................................................................................................571
Call Scheduling ........................................................................................................................ 575
Troubleshooting ....................................................................................................................... 579
Appendices and Index ......................................................................................................... 587
8
ZyWALL 2 Plus User’s Guide

Table of Contents

Table of Contents
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................4
Safety Warnings........................................................................................................................ 6
Contents Overview ...................................................................................................................7
Table of Contents...................................................................................................................... 9
List of Figures ......................................................................................................................... 25
List of Tables...........................................................................................................................37
Part I: Introduction and Registration ................................................... 43
Chapter 1
Getting to Know Your ZyWALL.............................................................................................. 45
1.1 ZyWALL Internet Security Appliance Overview ................................................................... 45
1.2 Applications for the ZyWALL ............................................................................................... 45
1.2.1 Secure Broadband Internet Access via Cable or DSL Modem .................................. 45
1.2.2 VPN Application ......................................................................................................... 46
1.3 Ways to Manage the ZyWALL ............................................................................................. 46
1.4 Good Habits for Managing the ZyWALL .............................................................................. 47
1.5 LEDs .................................................................................................................................... 47
Chapter 2
Introducing the Web Configurator ........................................................................................49
2.1 Web Configurator Overview ................................................................................................. 49
2.2 Accessing the ZyWALL Web Configurator .......................................................................... 49
2.3 Resetting the ZyWALL ......................................................................................................... 51
2.3.1 Procedure To Use The Reset Button ......................................................................... 51
2.3.2 Uploading a Configuration File Via Console Port ....................................................... 51
2.4 Navigating the ZyWALL Web Configurator .......................................................................... 52
2.4.1 Title Bar ...................................................................................................................... 52
2.4.2 Main Window ..............................................................................................................53
2.4.3 HOME Screen: Router Mode ................................................................................. 53
2.4.4 HOME Screen: Bridge Mode .................................................................................... 55
2.4.5 Navigation Panel ........................................................................................................ 58
ZyWALL 2 Plus User’s Guide
9
Table of Contents
2.4.6 Port Statistics ........................................................................................................... 62
2.4.7 DHCP Table Screen ................................................................................................ 63
2.4.8 VPN Status ................................................................................................................. 64
2.4.9 Bandwidth Monitor .................................................................................................... 65
Chapter 3
Wizard Setup ...........................................................................................................................67
3.1 Wizard Setup Overview ...................................................................................................... 67
3.2 Internet Access ................................................................................................................... 67
3.2.1 ISP Parameters .......................................................................................................... 68
3.2.2 Internet Access Wizard: Second Screen .................................................................... 72
3.2.3 Internet Access Wizard: Registration ......................................................................... 73
3.3 VPN Wizard Gateway Setting .............................................................................................. 76
3.4 VPN Wizard Network Setting ............................................................................................... 77
3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) ................................................................... 79
3.6 VPN Wizard IPSec Setting (IKE Phase 2) ........................................................................... 80
3.7 VPN Wizard Status Summary .............................................................................................. 82
3.8 VPN Wizard Setup Complete .............................................................................................. 84
Chapter 4
Tutorial ..................................................................................................................................... 85
4.1 Security Settings for VPN Traffic ......................................................................................... 85
4.1.1 Firewall Rule for VPN Example .................................................................................. 85
4.1.2 Configuring the VPN Rule .......................................................................................... 86
4.1.3 Configuring the Firewall Rules ................................................................................... 89
4.2 Using NAT with Multiple Public IP Addresses ...................................................................... 92
4.2.1 Example Parameters and Scenario ........................................................................... 93
4.2.2 Configuring the WAN Connection with a Static IP Address ........................................ 94
4.2.3 Public IP Address Mapping ........................................................................................ 97
4.2.4 Forwarding Traffic from the WAN to a Local Computer ............................................ 102
4.2.5 Allow WAN-to-LAN Traffic through the Firewall ........................................................ 103
4.2.6 Testing the Connections ........................................................................................... 109
4.3 Using NAT with Multiple Game Players ............................................................................. 109
4.4 How to Manage the ZyWALL’s Bandwidth ..........................................................................110
4.4.1 Example Parameters and Scenario ..........................................................................111
4.4.2 Configuring Bandwidth Management Rules ..............................................................111
Chapter 5
Registration........................................................................................................................... 117
10
5.1 myZyXEL.com overview .....................................................................................................117
5.1.1 Content Filtering Subscription Service ......................................................................117
5.2 Registration ........................................................................................................................118
5.3 Service ................................................................................................................................119
ZyWALL 2 Plus User’s Guide
Table of Contents
Part II: Network..................................................................................... 121
Chapter 6
LAN Screens.......................................................................................................................... 123
6.1 LAN, WAN and the ZyWALL .............................................................................................. 123
6.2 IP Address and Subnet Mask ............................................................................................ 123
6.2.1 Private IP Addresses ................................................................................................ 124
6.3 DHCP ................................................................................................................................ 125
6.3.1 IP Pool Setup ........................................................................................................... 125
6.4 RIP Setup .......................................................................................................................... 125
6.5 Multicast ............................................................................................................................ 125
6.6 WINS ................................................................................................................................. 126
6.7 LAN .................................................................................................................................... 126
6.8 LAN Static DHCP ............................................................................................................... 129
6.9 LAN IP Alias .................................................................................................................... 130
6.10 LAN Port Roles ................................................................................................................ 132
Chapter 7
Bridge Screens...................................................................................................................... 135
7.1 Bridge Loop ....................................................................................................................... 135
7.2 Spanning Tree Protocol (STP) ........................................................................................... 136
7.2.1 Rapid STP ................................................................................................................136
7.2.2 STP Terminology ...................................................................................................... 136
7.2.3 How STP Works ....................................................................................................... 136
7.2.4 STP Port States ........................................................................................................ 137
7.3 Bridge ................................................................................................................................ 137
7.4 Bridge Port Roles ............................................................................................................. 139
Chapter 8
WAN Screens......................................................................................................................... 141
8.1 WAN Overview .................................................................................................................. 141
8.2 TCP/IP Priority (Metric) ...................................................................................................... 141
8.3 WAN Route ........................................................................................................................ 141
8.4 WAN IP Address Assignment ............................................................................................ 143
8.5 DNS Server Address Assignment ................................................................................... 143
8.6 WAN MAC Address ........................................................................................................... 144
8.7 WAN ................................................................................................................................ 144
8.7.1 WAN Ethernet Encapsulation ................................................................................... 144
8.7.2 PPPoE Encapsulation .............................................................................................. 147
8.7.3 PPTP Encapsulation ................................................................................................ 150
8.8 Traffic Redirect ............................................................................................................. 153
8.9 Configuring Traffic Redirect ...............................................................................................154
8.10 Configuring Dial Backup .................................................................................................. 155
ZyWALL 2 Plus User’s Guide
11
Table of Contents
8.11 Advanced Modem Setup ................................................................................................ 158
8.11.1 AT Command Strings ............................................................................................. 158
8.11.2 DTR Signal ............................................................................................................. 159
8.11.3 Response Strings ................................................................................................... 159
8.12 Configuring Advanced Modem Setup .............................................................................. 159
Chapter 9
DMZ Screens ......................................................................................................................... 161
9.1 DMZ ................................................................................................................................. 161
9.2 Configuring DMZ ............................................................................................................... 161
9.3 DMZ Static DHCP ............................................................................................................ 164
9.4 DMZ IP Alias .................................................................................................................... 165
9.5 DMZ Public IP Address Example ...................................................................................... 167
9.6 DMZ Private and Public IP Address Example ................................................................... 167
9.7 DMZ Port Roles ............................................................................................................... 168
Chapter 10
Wireless LAN.........................................................................................................................171
10.1 Wireless LAN Introduction ............................................................................................... 171
10.2 Configuring WLAN ......................................................................................................... 171
10.3 WLAN Static DHCP ....................................................................................................... 174
10.4 WLAN IP Alias ............................................................................................................... 175
10.5 WLAN Port Roles ........................................................................................................... 177
Part III: Security.................................................................................... 179
Chapter 11
Firewall................................................................................................................................... 181
11.1 Firewall Overview ............................................................................................................ 181
11.2 Packet Direction Matrix .................................................................................................... 182
11.3 Packet Direction Examples .............................................................................................. 183
11.3.1 To VPN Packet Direction ........................................................................................ 184
11.3.2 From VPN Packet Direction ................................................................................... 185
11.3.3 From VPN To VPN Packet Direction ...................................................................... 187
11.4 Security Considerations ...................................................................................................188
11.5 Firewall Rules Example ................................................................................................... 188
11.6 Asymmetrical Routes .......................................................................................................190
11.6.1 Asymmetrical Routes and IP Alias ......................................................................... 190
11.7 Firewall Default Rule (Router Mode) ................................................................................ 191
11.8 Firewall Default Rule (Bridge Mode) .............................................................................. 193
11.9 Firewall Rule Summary ................................................................................................... 194
12
ZyWALL 2 Plus User’s Guide
Table of Contents
11.9.1 Firewall Edit Rule .............................................................................................. 196
11.10 Anti-Probing ............................................................................................................... 199
11.11 Firewall Thresholds ..................................................................................................... 200
11.11.1 Threshold Values .................................................................................................. 201
11.12 Threshold Screen ........................................................................................................... 201
11.13 Service .......................................................................................................................... 203
11.13.1 Firewall Edit Custom Service .............................................................................. 204
11.14 My Service Firewall Rule Example ................................................................................ 205
Chapter 12
Content Filtering Screens .................................................................................................... 211
12.1 Content Filtering Overview ...............................................................................................211
12.1.1 Restrict Web Features ............................................................................................211
12.1.2 Create a Filter List ...................................................................................................211
12.1.3 Customize Web Site Access ..................................................................................211
12.2 Content Filter General Screen .........................................................................................211
12.3 Content Filtering with an External Database ................................................................... 214
12.4 Content Filter Categories ..............................................................................................214
12.5 Content Filter Customization ........................................................................................ 221
12.6 Customizing Keyword Blocking URL Checking ............................................................... 223
12.6.1 Domain Name or IP Address URL Checking ......................................................... 223
12.6.2 Full Path URL Checking ......................................................................................... 224
12.6.3 File Name URL Checking ....................................................................................... 224
12.7 Content Filtering Cache .................................................................................................224
Chapter 13
Content Filtering Reports.....................................................................................................227
13.1 Checking Content Filtering Activation .............................................................................. 227
13.2 Viewing Content Filtering Reports ................................................................................... 227
13.3 Web Site Submission .......................................................................................................232
Chapter 14
IPSec VPN.............................................................................................................................. 235
14.1 IPSec VPN Overview ..................................................................................................... 235
14.1.1 IKE SA Overview .................................................................................................... 236
14.2 VPN Rules (IKE) .............................................................................................................. 237
14.3 IKE SA Setup .................................................................................................................. 239
14.3.1 IKE SA Proposal .................................................................................................... 239
14.4 Additional IPSec VPN Topics ........................................................................................... 243
14.4.1 SA Life Time ........................................................................................................... 243
14.4.2 IPSec High Availability ........................................................................................... 244
14.4.3 Encryption and Authentication Algorithms ............................................................. 245
14.5 VPN Rules (IKE) Gateway Policy Edit ............................................................................. 245
ZyWALL 2 Plus User’s Guide
13
Table of Contents
14.6 IPSec SA Overview .....................................................................................................251
14.6.1 Local Network and Remote Network ...................................................................... 251
14.6.2 Virtual Address Mapping ........................................................................................ 252
14.6.3 Active Protocol ....................................................................................................... 253
14.6.4 Encapsulation ......................................................................................................... 253
14.6.5 IPSec SA Proposal and Perfect Forward Secrecy ................................................. 254
14.7 VPN Rules (IKE): Network Policy Edit ............................................................................ 255
14.8 VPN Rules (IKE): Network Policy Edit: Port Forwarding .............................................. 259
14.9 VPN Rules (IKE): Network Policy Move ........................................................................ 261
14.10 IPSec SA Using Manual Keys ................................................................................... 262
14.10.1 IPSec SA Proposal Using Manual Keys ............................................................... 262
14.10.2 Authentication and the Security Parameter Index (SPI) ....................................... 262
14.11 VPN Rules (Manual) ...................................................................................................... 262
14.12 VPN Rules (Manual): Edit ........................................................................................... 264
14.13 VPN SA Monitor .......................................................................................................... 266
14.14 VPN Global Setting ....................................................................................................... 267
14.15 Telecommuter VPN/IPSec Examples ............................................................................ 269
14.15.1 Telecommuters Sharing One VPN Rule Example ................................................ 269
14.15.2 Telecommuters Using Unique VPN Rules Example ............................................. 269
14.16 VPN and Remote Management ..................................................................................... 271
14.17 Hub-and-spoke VPN ...................................................................................................... 271
14.17.1 Hub-and-spoke VPN Example ............................................................................. 272
14.17.2 Hub-and-spoke Example VPN Rule Addresses ................................................... 273
14.17.3 Hub-and-spoke VPN Requirements and Suggestions ......................................... 273
Chapter 15
Certificates ............................................................................................................................275
15.1 Certificates Overview ....................................................................................................... 275
15.1.1 Advantages of Certificates ..................................................................................... 276
15.2 Self-signed Certificates .................................................................................................... 276
15.3 Verifying a Certificate ....................................................................................................... 276
15.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 276
15.4 Configuration Summary ................................................................................................... 277
15.5 My Certificates ................................................................................................................ 278
15.6 My Certificate Details ..................................................................................................... 279
15.7 My Certificate Export ...................................................................................................... 282
15.7.1 Certificate File Export Formats ............................................................................... 282
15.8 My Certificate Import ..................................................................................................... 283
15.8.1 Certificate File Formats .......................................................................................... 284
15.9 My Certificate Create ..................................................................................................... 285
15.10 Trusted CAs ................................................................................................................. 288
15.11 Trusted CA Details ........................................................................................................ 289
15.12 Trusted CA Import ....................................................................................................... 292
14
ZyWALL 2 Plus User’s Guide
Table of Contents
15.13 Trusted Remote Hosts ................................................................................................. 293
15.14 Trusted Remote Host Certificate Details ..................................................................... 294
15.15 Trusted Remote Hosts Import ...................................................................................... 297
15.16 Directory Servers .......................................................................................................... 298
15.17 Directory Server Add or Edit ........................................................................................ 299
Chapter 16
Authentication Server...........................................................................................................301
16.1 Authentication Server Overview ...................................................................................... 301
16.1.1 Local User Database .............................................................................................. 301
16.1.2 RADIUS ..................................................................................................................301
16.1.3 Types of RADIUS Messages .................................................................................. 301
16.2 Local User Database .....................................................................................................302
16.3 RADIUS ......................................................................................................................... 304
Part IV: Advanced ................................................................................ 307
Chapter 17
Network Address Translation (NAT).................................................................................... 309
17.1 NAT Overview ................................................................................................................ 309
17.1.1 NAT Definitions ...................................................................................................... 309
17.1.2 What NAT Does ..................................................................................................... 310
17.1.3 How NAT Works ..................................................................................................... 310
17.1.4 NAT Application .......................................................................................................311
17.1.5 Port Restricted Cone NAT .......................................................................................311
17.1.6 NAT Mapping Types ............................................................................................... 312
17.2 Using NAT ........................................................................................................................ 313
17.2.1 SUA (Single User Account) Versus NAT ................................................................ 313
17.3 NAT Overview Screen ..................................................................................................... 313
17.4 NAT Address Mapping ................................................................................................... 315
17.4.1 What NAT Does ..................................................................................................... 315
17.4.2 NAT Address Mapping Edit .................................................................................. 316
17.5 Port Forwarding .............................................................................................................. 317
17.5.1 Default Server IP Address ...................................................................................... 318
17.5.2 Port Forwarding: Services and Port Numbers ........................................................ 318
17.5.3 Configuring Servers Behind Port Forwarding (Example) ....................................... 318
17.5.4 Port Translation ...................................................................................................... 319
17.6 Port Forwarding Screen ................................................................................................... 320
17.7 Port Triggering ............................................................................................................... 321
Chapter 18
Static Route ........................................................................................................................... 325
ZyWALL 2 Plus User’s Guide
15
Table of Contents
18.1 IP Static Route .............................................................................................................. 325
18.2 IP Static Route ................................................................................................................. 325
18.2.1 IP Static Route Edit .............................................................................................. 326
Chapter 19
Bandwidth Management.......................................................................................................329
19.1 Bandwidth Management Overview ................................................................................. 329
19.2 Bandwidth Classes and Filters ........................................................................................ 329
19.3 Proportional Bandwidth Allocation ................................................................................... 330
19.4 Application-based Bandwidth Management .................................................................... 330
19.5 Subnet-based Bandwidth Management .......................................................................... 330
19.6 Application and Subnet-based Bandwidth Management ................................................. 330
19.7 Scheduler ........................................................................................................................ 331
19.7.1 Priority-based Scheduler ........................................................................................ 331
19.7.2 Fairness-based Scheduler ..................................................................................... 331
19.7.3 Maximize Bandwidth Usage ................................................................................... 331
19.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic .......................................... 331
19.7.5 Maximize Bandwidth Usage Example .................................................................... 332
19.8 Bandwidth Borrowing .......................................................................................................333
19.8.1 Bandwidth Borrowing Example .............................................................................. 333
19.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................................. 334
19.10 Over Allotment of Bandwidth ......................................................................................... 334
19.11 Configuring Summary .................................................................................................... 335
19.12 Configuring Class Setup .............................................................................................. 336
19.12.1 Bandwidth Manager Class Configuration ........................................................... 337
19.12.2 Bandwidth Management Statistics ................................................................... 340
19.13 Bandwidth Manager Monitor ........................................................................................ 341
Chapter 20
DNS ........................................................................................................................................ 343
20.1 DNS Overview ............................................................................................................... 343
20.2 DNS Server Address Assignment ................................................................................... 343
20.3 DNS Servers .................................................................................................................... 343
20.4 Address Record ............................................................................................................... 344
20.4.1 DNS Wildcard ......................................................................................................... 344
20.5 Name Server Record ....................................................................................................... 344
20.5.1 Private DNS Server ................................................................................................ 344
20.6 System Screen ................................................................................................................ 345
20.6.1 Adding an Address Record .................................................................................. 346
20.6.2 Inserting a Name Server Record .......................................................................... 347
20.7 DNS Cache .................................................................................................................... 349
20.8 Configure DNS Cache ..................................................................................................... 349
20.9 Configuring DNS DHCP ................................................................................................ 350
16
ZyWALL 2 Plus User’s Guide
Table of Contents
20.10 Dynamic DNS .............................................................................................................. 351
20.10.1 DYNDNS Wildcard ............................................................................................... 352
20.11 Configuring Dynamic DNS ............................................................................................. 352
Chapter 21
Remote Management............................................................................................................ 355
21.1 Remote Management Overview ...................................................................................... 355
21.1.1 Remote Management Limitations .......................................................................... 356
21.1.2 System Timeout ..................................................................................................... 356
21.2 WWW (HTTP and HTTPS) ............................................................................................. 356
21.3 WWW Configuration ........................................................................................................ 357
21.4 HTTPS Example .............................................................................................................. 358
21.4.1 Internet Explorer Warning Messages ..................................................................... 359
21.4.2 Netscape Navigator Warning Messages ................................................................ 359
21.4.3 Avoiding the Browser Warning Messages .............................................................. 360
21.4.4 Login Screen .......................................................................................................... 361
21.5 SSH .............................................................................................................................. 363
21.6 How SSH Works .............................................................................................................. 363
21.7 SSH Implementation on the ZyWALL .............................................................................. 364
21.7.1 Requirements for Using SSH ................................................................................. 364
21.8 Configuring SSH .............................................................................................................. 364
21.9 Secure Telnet Using SSH Examples ............................................................................... 365
21.9.1 Example 1: Microsoft Windows .............................................................................. 365
21.9.2 Example 2: Linux .................................................................................................... 366
21.10 Secure FTP Using SSH Example .................................................................................. 367
21.11 Telnet ........................................................................................................................... 368
21.12 Configuring TELNET ..................................................................................................... 368
21.13 FTP .............................................................................................................................. 369
21.14 SNMP .......................................................................................................................... 370
21.14.1 Supported MIBs ................................................................................................... 371
21.14.2 SNMP Traps ......................................................................................................... 371
21.14.3 REMOTE MANAGEMENT: SNMP ....................................................................... 371
21.15 DNS ............................................................................................................................. 373
21.16 Introducing Vantage CNM ............................................................................................. 373
21.17 Configuring CNM ........................................................................................................... 374
Chapter 22
UPnP ...................................................................................................................................... 377
22.1 Universal Plug and Play Overview ................................................................................ 377
22.1.1 How Do I Know If I'm Using UPnP? ....................................................................... 377
22.1.2 NAT Traversal ........................................................................................................ 377
22.1.3 Cautions with UPnP ............................................................................................... 377
22.1.4 UPnP and ZyXEL ................................................................................................... 378
ZyWALL 2 Plus User’s Guide
17
Table of Contents
22.2 Configuring UPnP ............................................................................................................ 378
22.3 Displaying UPnP Port Mapping .................................................................................... 379
22.4 Installing UPnP in Windows Example .............................................................................. 380
22.4.1 Installing UPnP in Windows Me ............................................................................. 381
22.4.2 Installing UPnP in Windows XP ............................................................................. 382
22.5 Using UPnP in Windows XP Example ............................................................................. 382
22.5.1 Auto-discover Your UPnP-enabled Network Device .............................................. 383
22.5.2 Web Configurator Easy Access ............................................................................. 384
Chapter 23
ALG Screen ........................................................................................................................... 387
23.1 ALG Introduction ............................................................................................................. 387
23.1.1 ALG and NAT ......................................................................................................... 387
23.1.2 ALG and the Firewall .............................................................................................. 387
23.2 FTP .................................................................................................................................. 388
23.3 H.323 ............................................................................................................................... 388
23.4 RTP .................................................................................................................................. 388
23.4.1 H.323 ALG Details ................................................................................................. 388
23.5 SIP ................................................................................................................................... 389
23.5.1 STUN ..................................................................................................................... 389
23.5.2 SIP ALG Details ..................................................................................................... 389
23.5.3 SIP Signaling Session Timeout .............................................................................. 390
23.5.4 SIP Audio Session Timeout .................................................................................... 390
23.6 ALG Screen ..................................................................................................................... 390
Part V: Logs and Maintenance ............................................................ 393
Chapter 24
Logs Screens ........................................................................................................................395
24.1 Configuring View Log ...................................................................................................... 395
24.2 Log Description Example ................................................................................................. 396
24.2.1 About the Certificate Not Trusted Log .................................................................... 397
24.3 Configuring Log Settings ................................................................................................ 398
24.4 Configuring Reports ....................................................................................................... 401
24.4.1 Viewing Web Site Hits ............................................................................................ 403
24.4.2 Viewing Host IP Address ........................................................................................ 403
24.4.3 Viewing Protocol/Port ............................................................................................. 404
24.4.4 System Reports Specifications ............................................................................... 406
24.5 Log Descriptions .............................................................................................................. 406
24.6 Syslog Logs ..................................................................................................................... 424
18
ZyWALL 2 Plus User’s Guide
Table of Contents
Chapter 25
Maintenance ..........................................................................................................................427
25.1 Maintenance Overview .................................................................................................... 427
25.2 General Setup and System Name ................................................................................... 427
25.2.1 General Setup ....................................................................................................... 427
25.3 Configuring Password .................................................................................................... 428
25.4 Time and Date ................................................................................................................ 429
25.5 Pre-defined NTP Time Server Pools ............................................................................... 432
25.5.1 Resetting the Time ................................................................................................. 432
25.5.2 Time Server Synchronization ................................................................................. 432
25.6 Introduction To Transparent Bridging ............................................................................... 433
25.7 Transparent Firewalls ...................................................................................................... 434
25.8 Configuring Device Mode (Router) ................................................................................. 434
25.9 Configuring Device Mode (Bridge) ................................................................................. 436
25.10 F/W Upload Screen ...................................................................................................... 437
25.11 Backup and Restore ..................................................................................................... 439
25.11.1 Backup Configuration ........................................................................................... 440
25.11.2 Restore Configuration .......................................................................................... 440
25.11.3 Back to Factory Defaults ..................................................................................... 441
25.12 Restart Screen .............................................................................................................. 442
Part VI: SMT and Troubleshooting ..................................................... 443
Chapter 26
Introducing the SMT .............................................................................................................445
26.1 Introduction to the SMT ...................................................................................................445
26.2 Accessing the SMT via the Console Port ........................................................................ 445
26.2.1 Initial Screen ..........................................................................................................445
26.2.2 Entering the Password ........................................................................................... 446
26.3 Navigating the SMT Interface .......................................................................................... 446
26.3.1 Main Menu ............................................................................................................. 447
26.3.2 SMT Menus Overview ............................................................................................ 449
26.4 Changing the System Password ..................................................................................... 450
26.5 Resetting the ZyWALL ..................................................................................................... 451
Chapter 27
SMT Menu 1 - General Setup ............................................................................................... 453
27.1 Introduction to General Setup .......................................................................................... 453
27.2 Configuring General Setup .............................................................................................. 453
27.2.1 Configuring Dynamic DNS ..................................................................................... 454
ZyWALL 2 Plus User’s Guide
19
Table of Contents
Chapter 28
WAN and Dial Backup Setup................................................................................................ 459
28.1 Introduction to WAN and Dial Backup Setup ................................................................... 459
28.2 WAN Setup ...................................................................................................................... 459
28.3 Dial Backup ..................................................................................................................... 460
28.4 Configuring Dial Backup in Menu 2 ................................................................................. 460
28.5 Advanced WAN Setup ..................................................................................................... 461
28.6 Remote Node Profile (Backup ISP) ................................................................................. 463
28.7 Editing TCP/IP Options ....................................................................................................465
28.8 Editing Login Script .......................................................................................................... 466
28.9 Remote Node Filter ......................................................................................................... 467
Chapter 29
LAN Setup.............................................................................................................................. 469
29.1 Introduction to LAN Setup ............................................................................................... 469
29.2 Accessing the LAN Menus .............................................................................................. 469
29.3 LAN Port Filter Setup ....................................................................................................... 469
29.4 TCP/IP and DHCP Ethernet Setup Menu ........................................................................ 470
29.4.1 IP Alias Setup ......................................................................................................... 473
Chapter 30
Internet Access .....................................................................................................................475
30.1 Introduction to Internet Access Setup .............................................................................. 475
30.2 Ethernet Encapsulation ................................................................................................... 475
30.3 Configuring the PPTP Client ............................................................................................ 477
30.4 Configuring the PPPoE Client ......................................................................................... 477
30.5 Basic Setup Complete ..................................................................................................... 478
Chapter 31
DMZ Setup .............................................................................................................................479
31.1 Configuring DMZ Setup ................................................................................................... 479
31.2 DMZ Port Filter Setup ...................................................................................................... 479
31.3 TCP/IP Setup ................................................................................................................... 480
31.3.1 IP Address ..............................................................................................................480
31.3.2 IP Alias Setup ......................................................................................................... 481
Chapter 32
Wireless Setup ...................................................................................................................... 483
32.1 TCP/IP Setup ................................................................................................................... 483
32.1.1 IP Address ..............................................................................................................483
32.1.2 IP Alias Setup ......................................................................................................... 484
20
ZyWALL 2 Plus User’s Guide
Table of Contents
Chapter 33
Remote Node Setup..............................................................................................................487
33.1 Introduction to Remote Node Setup ................................................................................ 487
33.2 Remote Node Setup ........................................................................................................ 487
33.3 Remote Node Profile Setup ............................................................................................. 487
33.3.1 Ethernet Encapsulation .......................................................................................... 488
33.3.2 PPPoE Encapsulation ............................................................................................ 489
33.3.3 PPTP Encapsulation .............................................................................................. 491
33.4 Edit IP .............................................................................................................................. 492
33.5 Remote Node Filter ......................................................................................................... 494
33.6 Traffic Redirect ................................................................................................................ 495
Chapter 34
IP Static Route Setup............................................................................................................ 497
34.1 IP Static Route Setup ...................................................................................................... 497
Chapter 35
Network Address Translation (NAT).................................................................................... 499
35.1 Using NAT ........................................................................................................................ 499
35.1.1 SUA (Single User Account) Versus NAT ................................................................ 499
35.1.2 Applying NAT ......................................................................................................... 499
35.2 NAT Setup ....................................................................................................................... 501
35.2.1 Address Mapping Sets ........................................................................................... 501
35.3 Configuring a Server behind NAT .................................................................................... 506
35.4 General NAT Examples ................................................................................................... 508
35.4.1 Internet Access Only .............................................................................................. 508
35.4.2 Example 2: Internet Access with a Default Server ................................................. 510
35.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............................. 510
35.4.4 Example 4: NAT Unfriendly Application Programs ................................................. 513
35.5 Trigger Port Forwarding ...................................................................................................515
35.5.1 Two Points To Remember About Trigger Ports ...................................................... 515
Chapter 36
Introducing the ZyWALL Firewall ........................................................................................517
36.1 Using ZyWALL SMT Menus ............................................................................................ 517
36.1.1 Activating the Firewall ............................................................................................ 517
Chapter 37
Filter Configuration............................................................................................................... 519
37.1 Introduction to Filters ....................................................................................................... 519
37.1.1 The Filter Structure of the ZyWALL ........................................................................ 520
37.2 Configuring a Filter Set .................................................................................................... 522
37.2.1 Configuring a Filter Rule ........................................................................................ 524
ZyWALL 2 Plus User’s Guide
21
Table of Contents
37.2.2 Configuring a TCP/IP Filter Rule ............................................................................ 524
37.2.3 Configuring a Generic Filter Rule ........................................................................... 527
37.3 Example Filter .................................................................................................................. 528
37.4 Filter Types and NAT ....................................................................................................... 530
37.5 Firewall Versus Filters ..................................................................................................... 530
37.5.1 Packet Filtering: ..................................................................................................... 530
37.5.2 Firewall ................................................................................................................... 531
37.6 Applying a Filter .............................................................................................................. 531
37.6.1 Applying LAN Filters ............................................................................................... 532
37.6.2 Applying DMZ Filters .............................................................................................. 532
37.6.3 Applying Remote Node Filters ............................................................................... 533
Chapter 38
SNMP Configuration.............................................................................................................535
38.1 SNMP Configuration ........................................................................................................535
38.2 SNMP Traps .................................................................................................................... 536
Chapter 39
System Information & Diagnosis.........................................................................................537
39.1 Introduction to System Status .......................................................................................... 537
39.2 System Status .................................................................................................................. 537
39.3 System Information and Console Port Speed .................................................................. 539
39.3.1 System Information ................................................................................................ 539
39.3.2 Console Port Speed ............................................................................................... 540
39.4 Log and Trace .................................................................................................................. 540
39.4.1 Viewing Error Log ................................................................................................... 540
39.4.2 Syslog Logging ....................................................................................................... 541
39.4.3 Call-Triggering Packet ............................................................................................ 544
39.5 Diagnostic ........................................................................................................................ 545
39.5.1 WAN DHCP ............................................................................................................ 546
Chapter 40
Firmware and Configuration File Maintenance..................................................................549
40.1 Introduction ...................................................................................................................... 549
40.2 Filename Conventions ..................................................................................................... 549
40.3 Backup Configuration ......................................................................................................550
40.3.1 Backup Configuration ............................................................................................. 550
40.3.2 Using the FTP Command from the Command Line ............................................... 551
40.3.3 Example of FTP Commands from the Command Line .......................................... 552
40.3.4 GUI-based FTP Clients .......................................................................................... 552
40.3.5 File Maintenance Over WAN .................................................................................. 552
40.3.6 Backup Configuration Using TFTP ......................................................................... 553
40.3.7 TFTP Command Example ...................................................................................... 553
22
ZyWALL 2 Plus User’s Guide
Table of Contents
40.3.8 GUI-based TFTP Clients ........................................................................................ 553
40.3.9 Backup Via Console Port ....................................................................................... 554
40.4 Restore Configuration ...................................................................................................... 555
40.4.1 Restore Using FTP ................................................................................................. 555
40.4.2 Restore Using FTP Session Example .................................................................... 556
40.4.3 Restore Via Console Port ....................................................................................... 556
40.5 Uploading Firmware and Configuration Files .................................................................. 557
40.5.1 Firmware File Upload ............................................................................................. 557
40.5.2 Configuration File Upload ....................................................................................... 558
40.5.3 FTP File Upload Command from the DOS Prompt Example ................................. 559
40.5.4 FTP Session Example of Firmware File Upload .................................................... 559
40.5.5 TFTP File Upload ................................................................................................... 559
40.5.6 TFTP Upload Command Example ......................................................................... 560
40.5.7 Uploading Via Console Port ................................................................................... 560
40.5.8 Uploading Firmware File Via Console Port ............................................................ 560
40.5.9 Example Xmodem Firmware Upload Using HyperTerminal ................................... 561
40.5.10 Uploading Configuration File Via Console Port .................................................... 561
40.5.11 Example Xmodem Configuration Upload Using HyperTerminal ........................... 562
Chapter 41
System Maintenance Menus 8 to 10....................................................................................563
41.1 Command Interpreter Mode ............................................................................................ 563
41.1.1 Command Syntax ................................................................................................... 564
41.1.2 Command Usage ................................................................................................... 564
41.2 Call Control Support ........................................................................................................ 565
41.2.1 Budget Management .............................................................................................. 565
41.2.2 Call History ............................................................................................................. 566
41.3 Time and Date Setting .....................................................................................................567
Chapter 42
Remote Management............................................................................................................ 571
42.1 Remote Management ...................................................................................................... 571
42.1.1 Remote Management Limitations .......................................................................... 573
Chapter 43
Call Scheduling..................................................................................................................... 575
43.1 Introduction to Call Scheduling ........................................................................................ 575
Chapter 44
Troubleshooting....................................................................................................................579
44.1 Power, Hardware Connections, and LEDs ...................................................................... 579
44.2 ZyWALL Access and Login .............................................................................................. 580
44.3 Internet Access ................................................................................................................ 582
ZyWALL 2 Plus User’s Guide
23
Table of Contents
44.4 Wireless Router/AP Troubleshooting ............................................................................... 584
44.5 UPnP ............................................................................................................................... 584
Part VII: Appendices and Index .......................................................... 587
Appendix A Product Specifications.......................................................................................589
Appendix B Setting up Your Computer’s IP Address............................................................ 593
Appendix C Pop-up Windows, JavaScripts and Java Permissions ...................................... 609
Appendix D IP Addresses and Subnetting ........................................................................... 615
Appendix E .......................................................................................................................... 623
Appendix E Common Services............................................................................................ 623
Appendix F Importing Certificates ........................................................................................ 627
Appendix G Command Interpreter .......................................................................................639
Appendix H Firewall Commands ..........................................................................................647
Appendix I NetBIOS Filter Commands .................................................................................653
Appendix J Certificates Commands ..................................................................................... 655
Appendix K Brute-Force Password Guessing Protection.....................................................659
Appendix L Boot Commands................................................................................................ 661
Appendix M Legal Information.............................................................................................. 663
Appendix N Customer Support............................................................................................. 667
Index....................................................................................................................................... 671
24
ZyWALL 2 Plus User’s Guide

List of Figures

List of Figures
Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ................................................... 46
Figure 2 VPN Application ....................................................................................................................... 46
Figure 3 Front Panel .............................................................................................................................. 47
Figure 4 Change Password Screen ........................................................................................................ 50
Figure 5 Replace Certificate Screen ....................................................................................................... 50
Figure 6 Example Xmodem Upload ........................................................................................................ 51
Figure 7 HOME Screen .......................................................................................................................... 52
Figure 8 Web Configurator HOME Screen in Router Mode ................................................................... 53
Figure 9 Web Configurator HOME Screen in Bridge Mode .................................................................... 56
Figure 10 HOME > Show Statistics ........................................................................................................ 62
Figure 11 HOME > DHCP Table ............................................................................................................. 63
Figure 12 HOME > VPN Status .............................................................................................................. 64
Figure 13 Home > Bandwidth Monitor .................................................................................................... 65
Figure 14 Wizard Setup Welcome .......................................................................................................... 67
Figure 15 ISP Parameters: Ethernet Encapsulation ...............................................................................68
Figure 16 ISP Parameters: PPPoE Encapsulation ................................................................................. 69
Figure 17 ISP Parameters: PPTP Encapsulation ...................................................................................71
Figure 18 Internet Access Wizard: Second Screen ................................................................................72
Figure 19 Internet Access Setup Complete ............................................................................................ 73
Figure 20 Internet Access Wizard: Registration ..................................................................................... 74
Figure 21 Internet Access Wizard: Registration in Progress .................................................................. 75
Figure 22 Internet Access Wizard: Status .............................................................................................. 75
Figure 23 Internet Access Wizard: Registration Failed ..........................................................................75
Figure 24 Internet Access Wizard: Registered Device ........................................................................... 76
Figure 25 Internet Access Wizard: Activated Services ...........................................................................76
Figure 26 VPN Wizard: Gateway Setting ............................................................................................... 77
Figure 27 VPN Wizard: Network Setting ................................................................................................ 78
Figure 28 VPN Wizard: IKE Tunnel Setting ............................................................................................ 79
Figure 29 VPN Wizard: IPSec Setting .................................................................................................... 81
Figure 30 VPN Wizard: VPN Status ....................................................................................................... 82
Figure 31 VPN Wizard Setup Complete ................................................................................................. 84
Figure 32 Firewall Rule for VPN ............................................................................................................. 86
Figure 33 SECURITY > VPN > VPN Rules (IKE) .................................................................................. 86
Figure 34 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy ............................................. 87
Figure 35 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example ................................ 88
Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy ............................................... 89
Figure 37 SECURITY > FIREWALL > Rule Summary ........................................................................... 90
Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow ..................................................... 91
ZyWALL 2 Plus User’s Guide
25
List of Figures
Figure 39 SECURITY > FIREWALL > Rule Summary: Allow ................................................................. 92
Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN ...................................... 92
Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses ............................................... 93
Figure 42 Tutorial Example: WAN Connection with a Static Public IP Address ..................................... 94
Figure 43 Tutorial Example: WAN Screen ............................................................................................. 95
Figure 44 Tutorial Example: DNS > System ........................................................................................... 95
Figure 45 Tutorial Example: DNS > System Edit-1 ...............................................................................96
Figure 46 Tutorial Example: DNS > System Edit-2 ...............................................................................96
Figure 47 Tutorial Example: DNS > System: Done ............................................................................... 97
Figure 48 Tutorial Example: Status ......................................................................................................... 97
Figure 49 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers .......................... 98
Figure 50 Tutorial Example: NAT > NAT Overview ................................................................................99
Figure 51 Tutorial Example: NAT > Address Mapping ............................................................................ 99
Figure 52 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) .......................................... 100
Figure 53 Tutorial Example: NAT Address Mapping Edit: One-to-One (2) .......................................... 100
Figure 54 Tutorial Example: NAT Address Mapping Edit: Many-to-One ............................................. 101
Figure 55 Tutorial Example: NAT Address Mapping Done ................................................................. 101
Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... 102
Figure 57 Tutorial Example: NAT Address Mapping Edit: Server ....................................................... 102
Figure 58 Tutorial Example: NAT Port Forwarding ............................................................................... 103
Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... 103
Figure 60 Tutorial Example: Firewall Default Rule .............................................................................. 104
Figure 61 Tutorial Example: Firewall Rule: WAN to LAN .................................................................... 104
Figure 62 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server ...................... 105
Figure 63 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server ....................... 105
Figure 64 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server ....................... 106
Figure 65 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server ........................ 107
Figure 66 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server ....................... 108
Figure 67 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server ........................ 108
Figure 68 Tutorial Example: Firewall Rule Summary ........................................................................... 109
Figure 69 Tutorial Example: NAT Address Mapping Done: Game Playing .........................................110
Figure 70 Tutorial Example: Bandwidth Management ...........................................................................111
Figure 71 Tutorial Example: Bandwidth Management Summary .........................................................112
Figure 72 Tutorial Example: Bandwidth Management Class Setup ......................................................112
Figure 73 Tutorial Example: Bandwidth Management Class Setup: VoIP .............................................113
Figure 74 Tutorial Example: Bandwidth Management Class Setup: FTP .............................................113
Figure 75 Tutorial Example: Bandwidth Management Class Setup: WWW .........................................114
Figure 76 Tutorial Example: Bandwidth Management Class Setup Done .............................................114
Figure 77 Tutorial Example: Bandwidth Management Monitor ..............................................................115
Figure 78 REGISTRATION ....................................................................................................................118
Figure 79 REGISTRATION: Registered Device ....................................................................................119
Figure 80 REGISTRATION > Service ................................................................................................... 120
Figure 81 LAN and WAN ..................................................................................................................... 123
26
ZyWALL 2 Plus User’s Guide
List of Figures
Figure 82 NETWORK > LAN ................................................................................................................ 127
Figure 83 NETWORK > LAN > Static DHCP ........................................................................................ 129
Figure 84 Physical Network & Partitioned Logical Networks ................................................................ 130
Figure 85 NETWORK > LAN > IP Alias ................................................................................................ 131
Figure 86 NETWORK > LAN > Port Roles ...........................................................................................132
Figure 87 Port Roles Change Complete ............................................................................................... 133
Figure 88 Bridge Loop: Bridge Connected to Wired LAN ..................................................................... 135
Figure 89 NETWORK > Bridge ............................................................................................................. 138
Figure 90 NETWORK > Bridge > Port Roles ........................................................................................140
Figure 91 Port Roles Change Complete ............................................................................................... 140
Figure 92 NETWORK > WAN Route ................................................................................................... 142
Figure 93 NETWORK > WAN > WAN (Ethernet Encapsulation) ....................................................... 145
Figure 94 NETWORK > WAN > WAN (PPPoE Encapsulation) ........................................................... 148
Figure 95 NETWORK > WAN > WAN (PPTP Encapsulation) ............................................................. 151
Figure 96 Traffic Redirect WAN Setup .................................................................................................. 154
Figure 97 Traffic Redirect LAN Setup ................................................................................................... 154
Figure 98 NETWORK > WAN > Traffic Redirect .................................................................................. 154
Figure 99 NETWORK > WAN > Dial Backup ..................................................................................... 156
Figure 100 NETWORK > WAN > Dial Backup > Edit ......................................................................... 159
Figure 101 NETWORK > DMZ ............................................................................................................ 162
Figure 102 NETWORK > DMZ > Static DHCP ................................................................................... 164
Figure 103 NETWORK > DMZ > IP Alias ............................................................................................ 166
Figure 104 DMZ Public Address Example ............................................................................................ 167
Figure 105 DMZ Private and Public Address Example ........................................................................ 168
Figure 106 NETWORK > DMZ > Port Roles ....................................................................................... 169
Figure 107 NETWORK > WLAN .......................................................................................................... 172
Figure 108 NETWORK > WLAN > Static DHCP ................................................................................. 174
Figure 109 NETWORK > WLAN > IP Alias ......................................................................................... 176
Figure 110 WLAN Port Role Example ................................................................................................. 177
Figure 111 NETWORK > WLAN > Port Roles ..................................................................................... 178
Figure 112 NETWORK > WLAN > Port Roles: Change Complete ....................................................... 178
Figure 113 Default Firewall Action ........................................................................................................ 181
Figure 114 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 182
Figure 115 Default Block Traffic From WAN to DMZ Example ......................................................... 183
Figure 116 From LAN to VPN Example ............................................................................................... 185
Figure 117 Block DMZ to VPN Traffic by Default Example ................................................................ 185
Figure 118 From VPN to LAN Example ............................................................................................... 186
Figure 119 Block VPN to LAN Traffic by Default Example ............................................................... 186
Figure 120 From VPN to VPN Example .............................................................................................. 187
Figure 121 Block VPN to VPN Traffic by Default Example ............................................................... 187
Figure 122 Blocking All LAN to WAN IRC Traffic Example .................................................................. 188
Figure 123 Limited LAN to WAN IRC Traffic Example .......................................................................... 189
Figure 124 Using IP Alias to Solve the Triangle Route Problem .......................................................... 191
ZyWALL 2 Plus User’s Guide
27
List of Figures
Figure 125 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 191
Figure 126 SECURITY > FIREWALL > Default Rule (Bridge Mode) .................................................... 193
Figure 127 SECURITY > FIREWALL > Rule Summary ....................................................................... 195
Figure 128 SECURITY > FIREWALL > Rule Summary > Edit ............................................................ 197
Figure 129 SECURITY > FIREWALL > Anti-Probing ........................................................................... 199
Figure 130 Three-Way Handshake ....................................................................................................... 200
Figure 131 SECURITY > FIREWALL > Threshold ............................................................................ 201
Figure 132 SECURITY > FIREWALL > Service ................................................................................... 203
Figure 133 Firewall Edit Custom Service ............................................................................................. 204
Figure 134 My Service Firewall Rule Example: Service ...................................................................... 205
Figure 135 My Service Firewall Rule Example: Edit Custom Service ................................................. 205
Figure 136 My Service Firewall Rule Example: Rule Summary ........................................................... 206
Figure 137 My Service Firewall Rule Example: Rule Edit ................................................................... 206
Figure 138 My Service Firewall Rule Example: Rule Configuration ..................................................... 208
Figure 139 My Service Firewall Rule Example: Rule Summary ........................................................... 209
Figure 140 SECURITY > CONTENT FILTER > General ...................................................................... 212
Figure 141 Content Filtering Lookup Procedure ................................................................................... 214
Figure 142 SECURITY > CONTENT FILTER > Categories ................................................................. 215
Figure 143 SECURITY > CONTENT FILTER > Customization ............................................................ 222
Figure 144 SECURITY > CONTENT FILTER > Cache ........................................................................ 225
Figure 145 myZyXEL.com: Login ......................................................................................................... 228
Figure 146 myZyXEL.com: Welcome ................................................................................................... 228
Figure 147 myZyXEL.com: Service Management ................................................................................ 229
Figure 148 Blue Coat: Login ................................................................................................................. 229
Figure 149 Content Filtering Reports Main Screen .............................................................................. 230
Figure 150 Blue Coat: Report Home .................................................................................................... 230
Figure 151 Global Report Screen Example .......................................................................................... 231
Figure 152 Requested URLs Example ................................................................................................. 232
Figure 153 Web Page Review Process Screen ................................................................................... 233
Figure 154 VPN: Example .................................................................................................................... 235
Figure 155 VPN: IKE SA and IPSec SA .............................................................................................. 236
Figure 156 Gateway and Network Policies .......................................................................................... 237
Figure 157 IPSec Fields Summary ..................................................................................................... 237
Figure 158 SECURITY > VPN > VPN Rules (IKE) .............................................................................. 238
Figure 159 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal ......................................... 239
Figure 160 IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange ...................................... 240
Figure 161 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication ............................................. 240
Figure 162 VPN/NAT Example ............................................................................................................. 243
Figure 163 IPSec High Availability ....................................................................................................... 244
Figure 164 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy ......................................... 246
Figure 165 Local and Remote Network IP Address Overlap ................................................................ 252
Figure 166 Virtual Mapping of Local and Remote Network IP Addresses ............................................ 253
Figure 167 VPN: Transport and Tunnel Mode Encapsulation .............................................................. 254
28
ZyWALL 2 Plus User’s Guide
List of Figures
Figure 168 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy ........................................... 255
Figure 169 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding ............. 260
Figure 170 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy ........................................ 261
Figure 171 SECURITY > VPN > VPN Rules (Manual) ........................................................................ 263
Figure 172 SECURITY > VPN > VPN Rules (Manual) > Edit .............................................................. 264
Figure 173 SECURITY > VPN > SA Monitor ...................................................................................... 267
Figure 174 SECURITY > VPN > Global Setting ................................................................................. 267
Figure 175 Telecommuters Sharing One VPN Rule Example .............................................................. 269
Figure 176 Telecommuters Using Unique VPN Rules Example ........................................................... 270
Figure 177 VPN for Remote Management Example ............................................................................ 271
Figure 178 VPN Topologies .................................................................................................................. 272
Figure 179 Hub-and-spoke VPN Example ...........................................................................................273
Figure 180 Certificates on Your Computer ........................................................................................... 276
Figure 181 Certificate Details .............................................................................................................. 277
Figure 182 Certificate Configuration Overview ..................................................................................... 277
Figure 183 SECURITY > CERTIFICATES > My Certificates ............................................................... 278
Figure 184 SECURITY > CERTIFICATES > My Certificates > Details ................................................. 280
Figure 185 SECURITY > CERTIFICATES > My Certificates > Export ................................................. 283
Figure 186 SECURITY > CERTIFICATES > My Certificates > Import ................................................. 284
Figure 187 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 ............................... 285
Figure 188 SECURITY > CERTIFICATES > My Certificates > Create ................................................. 286
Figure 189 SECURITY > CERTIFICATES > Trusted CAs ................................................................... 288
Figure 190 SECURITY > CERTIFICATES > Trusted CAs > Details .................................................... 290
Figure 191 SECURITY > CERTIFICATES > Trusted CAs > Import ..................................................... 292
Figure 192 SECURITY > CERTIFICATES > Trusted Remote Hosts .................................................... 293
Figure 193 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details ..................................... 295
Figure 194 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import ..................................... 297
Figure 195 SECURITY > CERTIFICATES > Directory Servers ............................................................ 298
Figure 196 SECURITY > CERTIFICATES > Directory Server > Add ................................................... 299
Figure 197 SECURITY > AUTH SERVER > Local User Database ...................................................... 303
Figure 198 SECURITY > AUTH SERVER > RADIUS .......................................................................... 304
Figure 199 How NAT Works ................................................................................................................. 310
Figure 200 NAT Application With IP Alias .............................................................................................311
Figure 201 Port Restricted Cone NAT Example ................................................................................... 312
Figure 202 ADVANCED > NAT > NAT Overview .................................................................................. 314
Figure 203 ADVANCED > NAT > Address Mapping ............................................................................. 315
Figure 204 ADVANCED > NAT > Address Mapping > Edit .................................................................. 317
Figure 205 Multiple Servers Behind NAT Example .............................................................................. 319
Figure 206 Port Translation Example ................................................................................................... 319
Figure 207 ADVANCED > NAT > Port Forwarding ............................................................................... 320
Figure 208 Trigger Port Forwarding Process: Example ........................................................................ 322
Figure 209 ADVANCED > NAT > Port Triggering ................................................................................. 322
Figure 210 Example of Static Routing Topology ................................................................................... 325
ZyWALL 2 Plus User’s Guide
29
List of Figures
Figure 211 ADVANCED > STATIC ROUTE > IP Static Route .............................................................. 326
Figure 212 ADVANCED > STATIC ROUTE > IP Static Route > Edit .................................................... 327
Figure 213 Subnet-based Bandwidth Management Example .............................................................. 330
Figure 214 ADVANCED > BW MGMT > Summary .............................................................................. 335
Figure 215 ADVANCED > BW MGMT > Class Setup .......................................................................... 336
Figure 216 ADVANCED > BW MGMT > Class Setup > Add Sub-Class .............................................. 338
Figure 217 ADVANCED > BW MGMT > Class Setup > Statistics ........................................................ 340
Figure 218 ADVANCED > BW MGMT > Monitor ................................................................................. 341
Figure 219 Private DNS Server Example ............................................................................................. 345
Figure 220 ADVANCED > DNS > System DNS ................................................................................... 345
Figure 221 ADVANCED > DNS > Add (Address Record) .................................................................... 347
Figure 222 ADVANCED > DNS > Insert (Name Server Record) .......................................................... 348
Figure 223 ADVANCED > DNS > Cache ............................................................................................. 349
Figure 224 ADVANCED > DNS > DHCP .............................................................................................. 350
Figure 225 ADVANCED > DNS > DDNS .............................................................................................. 352
Figure 226 Secure and Insecure Remote Management From the WAN .............................................. 355
Figure 227 HTTPS Implementation ...................................................................................................... 357
Figure 228 ADVANCED > REMOTE MGMT > WWW .......................................................................... 357
Figure 229 Security Alert Dialog Box (Internet Explorer) ...................................................................... 359
Figure 230 Security Certificate 1 (Netscape) ........................................................................................ 360
Figure 231 Security Certificate 2 (Netscape) ........................................................................................ 360
Figure 232 Example: Lock Denoting a Secure Connection ................................................................. 361
Figure 233 Replace Certificate ............................................................................................................. 362
Figure 234 Device-specific Certificate .................................................................................................. 362
Figure 235 Common ZyWALL Certificate ............................................................................................. 362
Figure 236 SSH Communication Over the WAN Example .................................................................. 363
Figure 237 How SSH Works ................................................................................................................. 363
Figure 238 ADVANCED > REMOTE MGMT > SSH ............................................................................. 365
Figure 239 SSH Example 1: Store Host Key ........................................................................................ 366
Figure 240 SSH Example 2: Test ........................................................................................................ 366
Figure 241 SSH Example 2: Log in ...................................................................................................... 367
Figure 242 Secure FTP: Firmware Upload Example ............................................................................ 367
Figure 243 ADVANCED > REMOTE MGMT > TELNET ..................................................................... 368
Figure 244 ADVANCED > REMOTE MGMT > FTP ............................................................................. 369
Figure 245 SNMP Management Model ................................................................................................ 370
Figure 246 ADVANCED > REMOTE MGMT > SNMP .......................................................................... 372
Figure 247 ADVANCED > REMOTE MGMT > DNS ............................................................................. 373
Figure 248 ADVANCED > REMOTE MGMT > CNM ............................................................................ 374
Figure 249 ADVANCED > UPnP .......................................................................................................... 378
Figure 250 ADVANCED > UPnP > Ports .............................................................................................. 379
Figure 251 H.323 ALG Example .......................................................................................................... 388
Figure 252 SIP ALG Example ............................................................................................................. 389
Figure 253 ADVANCED > ALG ........................................................................................................... 390
30
ZyWALL 2 Plus User’s Guide
Loading...
+ 648 hidden pages