70
Table of contents
Loading...
ZyWALL 5/35/70 Series
Internet Security Appliance
User’s Guide
Version 4.00
12/2005
ZyWALL 5/35/70 Series User’s Guide
Copyright
Copyright © 2005 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Copyright 2
ZyWALL 5/35/70 Series User’s Guide
Federal Communications
Commission (FCC) Interference
Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy, and if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Certifications
1 Go to www.zyxel.com.
2 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
3 Select the certification you wish to view from this page.
3 Federal Communications Commission (FCC) Interference Statement
ZyWALL 5/35/70 Series User’s Guide
Federal Communications Commission (FCC) Interference Statement 4
ZyWALL 5/35/70 Series User’s Guide
For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel can
service the device. Please contact your vendor for further information.
• Connect the power cord to the right supply voltage (110V AC in North America or 230V
AC in Europe).
• Place connecting cables carefully so that no one will step on them or stumble over them.
Do NOT allow anything to rest on the power cord and do NOT locate the product where
anyone can walk on the power cord.
• If you wall mount your device, make sure that no electrical, gas or water pipes will be
damaged.
• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of
electric shock from lightning.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
• Make sure to connect the cables to the correct ports.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
• Do NOT store things on the device.
• Connect ONLY suitable accessories to the device.
Safety Warnings
5 Safety Warnings
ZyWALL 5/35/70 Series User’s Guide
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or
subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind of character to the
purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
ZyXEL Limited Warranty 6
ZyWALL 5/35/70 Series User’s Guide
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Customer Support
METHOD
LOCATION
CORPORATE
HEADQUARTERS
(WORLDWIDE)
CZECH REPUBLIC
DENMARK
FINLAND
FRANCE
GERMANY
HUNGARY
KAZAKHSTAN
NORTH AMERICA
NORWAY
SUPPORT E-MAIL TELEPHONE
SALES E-MAIL FAX FTP SITE
support@zyxel.com.tw +886-3-578-3942 www.zyxel.com
sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com
info@cz.zyxel.com +420-241-091-350 www.zyxel.cz ZyXEL Communications
info@cz.zyxel.com +420-241-091-359
support@zyxel.dk +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S
sales@zyxel.dk +45-39-55-07-07
support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy
sales@zyxel.fi +358-9-4780 8448
info@zyxel.fr +33-4-72-52-97-97 www.zyxel.fr ZyXEL France
+33-4-72-52-19-20
support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.
sales@zyxel.de +49-2405-6909-99
support@zyxel.hu +36-1-3361649 www.zyxel.hu ZyXEL Hungary
info@zyxel.hu +36-1-3259100
http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan
sales@zyxel.kz +7-3272-590-689
support@zyxel.com 1-800-255-4101
+1-714-632-0882
sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com
support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S
sales@zyxel.no +47-22-80-61-81
A
WEB SITE
www.europe.zyxel.com
ftp.europe.zyxel.com
www.us.zyxel.com ZyXEL Communications Inc.
REGULAR MAIL
ZyXEL Communications Corp.
6 Innovation Road II
Science Park
Hsinchu 300
Ta iw a n
Czech s.r.o.
Modranská 621
143 01 Praha 4 - Modrany
Ceská Republika
Columbusvej
2860 Soeborg
Denmark
Malminkaari 10
00700 Helsinki
Finland
1 rue des Vergers
Bat. 1 / C
69760 Limonest
France
Adenauerstr. 20/A2 D-52146
Wuerselen
Germany
48, Zoldlomb Str.
H-1025, Budapest
Hungary
43, Dostyk ave.,Office 414
Dostyk Business Centre
050010, Almaty
Republic of Kazakhstan
1130 N. Miller St.
Anaheim
CA 92806-2001
U.S.A.
Nils Hansens vei 13
0667 Oslo
Norway
7 Customer Support
ZyWALL 5/35/70 Series User’s Guide
METHOD
LOCATION
POLAND
RUSSIA
SPAIN
SWEDEN
UKRAINE
UNITED KINGDOM
a. “+” is the (prefix) number you enter to make an international telephone call.
SUPPORT E-MAIL TELEPHONE
SALES E-MAIL FAX FTP SITE
info@pl.zyxel.com +48-22-5286603 www.pl.zyxel.com ZyXEL Communications
+48-22-5206701
http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia
sales@zyxel.ru +7-095-542-89-25
support@zyxel.es +34-902-195-420 www.zyxel.es ZyXEL Communications
sales@zyxel.es +34-913-005-345
support@zyxel.se +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S
sales@zyxel.se +46-31-744-7701
support@ua.zyxel.com +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine
sales@ua.zyxel.com +380-44-494-49-32
support@zyxel.co.uk +44-1344 303044
08707 555779 (UK only)
sales@zyxel.co.uk +44-1344 303034 ftp.zyxel.co.uk
A
WEB SITE
REGULAR MAIL
ul.Emilli Plater 53
00-113 Warszawa
Poland
Ostrovityanova 37a Str.
Moscow, 117279
Russia
Alejandro Villegas 33
1º, 28043 Madrid
Spain
Sjöporten 4, 41764 Göteborg
Sweden
13, Pimonenko Str.
Kiev, 04050
Ukraine
www.zyxel.co.uk ZyXEL Communications UK
Ltd.,11 The Courtyard,
Eastern Road, Bracknell,
Berkshire, RG12 2XB,
United Kingdom (UK)
Customer Support 8
ZyWALL 5/35/70 Series User’s Guide
9 Customer Support
ZyWALL 5/35/70 Series User’s Guide
Table of Contents
Copyright ..................................................................................................................2
Federal Communications Commission (FCC) Interference Statement ............... 3
Safety Warnings ....................................................................................................... 5
ZyXEL Limited Warranty.......................................................................................... 6
Customer Support.................................................................................................... 7
Table of Contents ................................................................................................... 10
List of Figures ........................................................................................................ 32
List of Tables .......................................................................................................... 44
Preface ....................................................................................................................52
Chapter 1
Getting to Know Your ZyWALL ............................................................................. 54
1.1 ZyWALL Internet Security Appliance Overview ..................................................54
1.2 ZyWALL Features ..............................................................................................54
1.2.1 Physical Features .....................................................................................55
1.2.2 Non-Physical Features .............................................................................56
1.3 Applications for the ZyWALL ..............................................................................62
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem .................62
1.3.2 VPN Application ........................................................................................62
1.3.3 Front Panel LEDs .....................................................................................63
Chapter 2
Introducing the Web Configurator........................................................................ 66
2.1 Web Configurator Overview ...............................................................................66
2.2 Accessing the ZyWALL Web Configurator .........................................................66
2.3 Resetting the ZyWALL .......................................................................................67
2.3.1 Procedure To Use The Reset Button ........................................................68
2.3.2 Uploading a Configuration File Via Console Port .....................................68
2.4 Navigating the ZyWALL Web Configurator ........................................................68
2.4.1 Router Mode ..............................................................................................69
2.4.2 Bridge Mode ..............................................................................................71
2.4.3 Navigation Panel .......................................................................................74
2.4.4 System Statistics........................................................................................79
Table of Contents 10
ZyWALL 5/35/70 Series User’s Guide
2.4.5 Show Statistics: Line Chart........................................................................80
2.4.6 DHCP Table Screen ..................................................................................81
2.4.7 VPN Status ................................................................................................82
Chapter 3
Wizard Setup .......................................................................................................... 84
3.1 Wizard Setup Overview ......................................................................................84
3.2 Internet Access .................................................................................................84
3.2.1 ISP Parameters ........................................................................................84
3.2.1.1 Ethernet ...........................................................................................84
3.2.1.2 PPPoE Encapsulation .....................................................................86
3.2.1.3 PPTP Encapsulation .......................................................................87
3.2.2 Internet Access Wizard: Second Screen ...................................................89
3.2.3 Internet Access Wizard: Registration.........................................................90
3.3 VPN Wizard Gateway Setting ............................................................................93
3.4 VPN Wizard Network Setting .............................................................................94
3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) .................................................96
3.6 VPN Wizard IPSec Setting (IKE Phase 2) .........................................................98
3.7 VPN Wizard Status Summary ............................................................................99
3.8 VPN Wizard Setup Complete ...........................................................................102
Chapter 4
Registration ..........................................................................................................104
4.1 myZyXEL.com overview ...................................................................................104
4.1.1 Subscription Services Available on the ZyWALL ....................................104
4.2 Registration ......................................................................................................105
4.3 Service .............................................................................................................107
Chapter 5
LAN Screens......................................................................................................... 110
5.1 LAN Overview .................................................................................................. 110
5.2 DHCP Setup .....................................................................................................110
5.2.1 IP Pool Setup .......................................................................................... 110
5.3 LAN TCP/IP ......................................................................................................110
5.3.1 Factory LAN Defaults .............................................................................. 110
5.3.2 IP Address and Subnet Mask ................................................................. 111
5.3.3 RIP Setup ............................................................................................... 111
5.3.4 Multicast ..................................................................................................112
5.4 DNS Servers .................................................................................................... 112
5.5 LAN ..................................................................................................................112
5.6 LAN Static DHCP .............................................................................................115
5.7 LAN IP Alias .....................................................................................................116
5.8 LAN Port Roles ................................................................................................118
11 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
Chapter 6
Bridge Screens.....................................................................................................122
6.1 Bridge Loop ......................................................................................................122
6.2 Spanning Tree Protocol (STP) .........................................................................122
6.2.1 Rapid STP ..............................................................................................123
6.2.2 STP Terminology ....................................................................................123
6.2.3 How STP Works .....................................................................................123
6.2.4 STP Port States ......................................................................................124
6.3 Bridge ...............................................................................................................124
6.4 Bridge Port Roles ............................................................................................126
Chapter 7
WAN Screens........................................................................................................ 130
7.1 WAN Overview .................................................................................................130
7.2 Multiple WAN ....................................................................................................130
7.3 Load Balancing Introduction .............................................................................131
7.4 Load Balancing Algorithms ..............................................................................131
7.4.1 Least Load First ......................................................................................131
7.4.1.1 Example 1 .....................................................................................132
7.4.1.2 Example 2 .....................................................................................132
7.4.2 Weighted Round Robin ...........................................................................133
7.4.3 Spillover ..................................................................................................133
7.5 TCP/IP Priority (Metric) ....................................................................................134
7.6 WAN General ...................................................................................................134
7.7 Configuring Load Balancing .............................................................................137
7.7.1 Least Load First ......................................................................................138
7.7.2 Weighted Round Robin ...........................................................................139
7.7.3 Spillover ..................................................................................................139
7.8 WAN Route ......................................................................................................140
7.9 WAN IP Address Assignment ...........................................................................142
7.10 DNS Server Address Assignment ..................................................................142
7.11 WAN MAC Address ........................................................................................143
7.12 WAN ...............................................................................................................143
7.12.1 WAN Ethernet Encapsulation ...............................................................143
7.12.2 PPPoE Encapsulation ...........................................................................146
7.12.3 PPTP Encapsulation .............................................................................150
7.13 Traffic Redirect ...............................................................................................153
7.14 Configuring Traffic Redirect ............................................................................154
7.15 Configuring Dial Backup .................................................................................155
7.16 Advanced Modem Setup ................................................................................159
7.16.1 AT Command Strings ............................................................................159
7.16.2 DTR Signal ...........................................................................................159
7.16.3 Response Strings ..................................................................................159
Table of Contents 12
ZyWALL 5/35/70 Series User’s Guide
7.17 Configuring Advanced Modem Setup ............................................................159
Chapter 8
DMZ Screens ........................................................................................................ 162
8.1 DMZ .................................................................................................................162
8.2 Configuring DMZ ..............................................................................................162
8.3 DMZ Static DHCP ............................................................................................165
8.4 DMZ IP Alias ....................................................................................................167
8.5 DMZ Public IP Address Example .....................................................................168
8.6 DMZ Private and Public IP Address Example ..................................................169
8.7 DMZ Port Roles ................................................................................................170
Chapter 9
Wireless LAN ........................................................................................................ 174
9.1 Wireless LAN Introduction ................................................................................174
9.1.1 Additional Installation Requirements for Using 802.1x ...........................174
9.2 Configuring WLAN ...........................................................................................174
9.3 WLAN Static DHCP ..........................................................................................177
9.4 WLAN IP Alias ..................................................................................................178
9.5 WLAN Port Roles .............................................................................................180
9.6 Wireless Security .............................................................................................182
9.6.1 Encryption ...............................................................................................183
9.6.2 Authentication .........................................................................................183
9.6.3 Restricted Access ...................................................................................184
9.6.4 Hide ZyWALL Identity .............................................................................184
9.7 Security Parameters Summary ........................................................................184
9.8 WEP Encryption ...............................................................................................184
9.9 802.1x Overview ..............................................................................................185
9.9.1 Introduction to RADIUS ..........................................................................185
9.9.1.1 Types of RADIUS Messages .........................................................185
9.9.2 EAP Authentication Overview .................................................................186
9.10 Dynamic WEP Key Exchange ........................................................................186
9.11 Introduction to WPA ........................................................................................187
9.11.1 User Authentication ...............................................................................187
9.11.2 Encryption .............................................................................................187
9.12 WPA-PSK Application Example .....................................................................188
9.13 Introduction to RADIUS ..................................................................................189
9.14 WPA with RADIUS Application Example ........................................................189
9.15 Wireless Client WPA Supplicants ...................................................................190
9.16 Wireless Card .................................................................................................190
9.16.1 Static WEP ............................................................................................192
9.16.2 WPA-PSK .............................................................................................193
9.16.3 WPA ......................................................................................................195
13 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
9.16.4 IEEE 802.1x + Dynamic WEP ..............................................................196
9.16.5 IEEE 802.1x + Static WEP ....................................................................197
9.16.6 IEEE 802.1x + No WEP ........................................................................198
9.16.7 No Access 802.1x + Static WEP ...........................................................199
9.16.8 No Access 802.1x + No WEP ...............................................................200
9.17 MAC Filter ......................................................................................................200
Chapter 10
Firewalls................................................................................................................202
10.1 Firewall Overview ...........................................................................................202
10.2 Types of Firewalls ..........................................................................................202
10.2.1 Packet Filtering Firewalls ......................................................................202
10.2.2 Application-level Firewalls ....................................................................202
10.2.3 Stateful Inspection Firewalls .................................................................203
10.3 Introduction to ZyXEL’s Firewall .....................................................................203
10.4 Denial of Service ............................................................................................204
10.4.1 Basics ...................................................................................................204
10.4.2 Types of DoS Attacks ...........................................................................205
10.4.2.1 ICMP Vulnerability ......................................................................207
10.4.2.2 Illegal Commands (NetBIOS and SMTP) ....................................207
10.4.2.3 Traceroute ...................................................................................208
10.5 Stateful Inspection ..........................................................................................208
10.5.1 Stateful Inspection Process ..................................................................209
10.5.2 Stateful Inspection and the ZyWALL .....................................................210
10.5.3 TCP Security .........................................................................................210
10.5.4 UDP/ICMP Security ..............................................................................211
10.5.5 Upper Layer Protocols .......................................................................... 211
10.6 Guidelines For Enhancing Security With Your Firewall ..................................212
10.7 Packet Filtering Vs Firewall ............................................................................212
10.7.1 Packet Filtering: ....................................................................................212
10.7.1.1 When To Use Filtering .................................................................212
10.7.2 Firewall .................................................................................................213
10.7.2.1 When To Use The Firewall ..........................................................213
Chapter 11
Firewall Screens...................................................................................................214
11.1 Access Methods .............................................................................................214
11.2 Firewall Policies Overview ..............................................................................214
11.3 Rule Logic Overview ......................................................................................216
11.3.1 Rule Checklist .......................................................................................216
11.3.2 Security Ramifications ..........................................................................216
11.3.3 Key Fields For Configuring Rules .........................................................216
11.3.3.1 Action ...........................................................................................216
Table of Contents 14
ZyWALL 5/35/70 Series User’s Guide
11.3.3.2 Service .........................................................................................217
11.3.3.3 Source Address ...........................................................................217
11.3.3.4 Destination Address ....................................................................217
11.4 Connection Direction Examples .....................................................................217
11.4.1 LAN To WAN Rules ...............................................................................217
11.4.2 WAN To LAN Rules ...............................................................................218
11.5 Alerts ..............................................................................................................218
11.6 Firewall Default Rule (Router Mode) ..............................................................219
11.7 Firewall Default Rule (Bridge Mode) ............................................................220
11.8 Firewall Rule Summary .................................................................................222
11.8.1 Firewall Edit Rule ..............................................................................223
11.9 Anti-Probing ................................................................................................226
11.10 Firewall Threshold .....................................................................................227
11.10.1 Threshold Values ................................................................................227
11.10.2 Half-Open Sessions ............................................................................227
11.10.2.1 TCP Maximum Incomplete and Blocking Time ..........................228
11.11 Service .........................................................................................................230
11.11.1 Firewall Edit Custom Service ..............................................................232
11.11.2 Predefined Services ............................................................................233
11.12 Example Firewall Rule ..................................................................................235
Chapter 12
Intrusion Detection and Prevention (IDP) .......................................................... 240
12.1 Introduction to IDP .......................................................................................240
12.1.1 Firewalls and Intrusions ........................................................................240
12.1.2 IDS and IDP .........................................................................................241
12.1.3 Host IDP ..............................................................................................241
12.1.4 Network IDP .........................................................................................241
12.1.5 Example Intrusions ...............................................................................242
12.1.5.1 SQL Slammer Worm ...................................................................242
12.1.5.2 Blaster W32.Worm ......................................................................242
12.1.5.3 Nimda ..........................................................................................242
12.1.5.4 MyDoom ......................................................................................243
12.1.6 ZyWALL IDP .........................................................................................243
Chapter 13
Configuring IDP....................................................................................................244
13.1 Overview ........................................................................................................244
13.1.1 Interfaces ..............................................................................................244
13.2 General Setup ................................................................................................245
13.3 IDP Signatures ...............................................................................................246
13.3.1 Attack Types .........................................................................................246
13.3.2 Intrusion Severity ..................................................................................248
15 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
13.3.3 Signature Actions ..................................................................................248
13.3.4 Configuring IDP Signatures ..................................................................249
13.3.5 Query View ...........................................................................................251
13.3.5.1 Query Example 1 ........................................................................251
13.3.5.2 Query Example 2 ........................................................................253
13.4 Update ...........................................................................................................254
13.4.1 mySecurity Zone ...................................................................................254
13.4.2 Configuring IDP Update ........................................................................255
13.5 Backup and Restore .......................................................................................257
Chapter 14
Anti-Virus .............................................................................................................. 258
14.1 Anti-Virus Overview .......................................................................................258
14.1.1 Types of Computer Viruses .................................................................258
14.1.2 Computer Virus Infection and Prevention .............................................258
14.1.3 Types of Anti-Virus Scanner ................................................................259
14.2 Introduction to the ZyWALL Anti-Virus Scanner .............................................259
14.2.1 How the ZyWALL Anti-Virus Scanner Works .......................................260
14.2.2 Notes About the ZyWALL Anti-Virus .....................................................260
14.3 General Anti-Virus Setup ...............................................................................261
14.4 Signature Update .........................................................................................262
14.4.1 mySecurity Zone ...................................................................................263
14.4.2 Configuring Anti-virus Update ...............................................................263
Chapter 15
Anti-Spam .............................................................................................................266
15.1 Anti-Spam Overview ....................................................................................266
15.1.1 Anti-Spam External Database ...............................................................266
15.1.1.1 SpamBulk Engine ........................................................................267
15.1.1.2 SpamRepute Engine ...................................................................267
15.1.1.3 SpamContent Engine ..................................................................267
15.1.1.4 SpamTricks Engine .....................................................................268
15.1.2 Spam Threshold ....................................................................................268
15.1.3 Phishing ................................................................................................268
15.1.4 Whitelist ................................................................................................269
15.1.5 Blacklist .................................................................................................269
15.1.6 SMTP and POP3 ..................................................................................269
15.1.7 MIME Headers ......................................................................................270
15.2 Anti-Spam General Screen ............................................................................270
15.3 Anti-Spam External DB Screen .................................................................271
15.4 Anti-Spam Lists Screen .................................................................................273
15.5 Anti-Spam Rule Edit Screen .........................................................................275
Table of Contents 16
ZyWALL 5/35/70 Series User’s Guide
Chapter 16
Content Filtering Screens ...................................................................................278
16.1 Content Filtering Overview .............................................................................278
16.1.1 Restrict Web Features ..........................................................................278
16.1.2 Create a Filter List ................................................................................278
16.1.3 Customize Web Site Access ................................................................278
16.2 Content Filter General .................................................................................278
16.3 Content Filtering with an External Database ..................................................280
16.4 Content Filter Categories ............................................................................281
16.5 Content Filter Customization .......................................................................288
16.6 Customizing Keyword Blocking URL Checking ..............................................290
16.6.1 Domain Name or IP Address URL Checking ........................................290
16.6.2 Full Path URL Checking .......................................................................290
16.6.3 File Name URL Checking .....................................................................290
16.7 Content Filtering Cache .................................................................................291
Chapter 17
Content Filtering Reports....................................................................................294
17.1 Checking Content Filtering Activation ............................................................294
17.2 Viewing Content Filtering Reports ..................................................................294
17.3 Web Site Submission .....................................................................................299
Chapter 18
Introduction to IPSec ........................................................................................... 302
18.1 VPN Overview ................................................................................................302
18.1.1 IPSec ....................................................................................................302
18.1.2 Security Association .............................................................................302
18.1.3 Other Terminology ................................................................................302
18.1.3.1 Encryption ...................................................................................302
18.1.3.2 Data Confidentiality .....................................................................303
18.1.3.3 Data Integrity ...............................................................................303
18.1.3.4 Data Origin Authentication ..........................................................303
18.1.4 VPN Applications ..................................................................................303
18.1.4.1 Linking Two or More Private Networks Together .........................303
18.1.4.2 Accessing Network Resources When NAT Is Enabled ...............303
18.1.4.3 Unsupported IP Applications .......................................................303
18.2 IPSec Architecture .........................................................................................304
18.2.1 IPSec Algorithms ..................................................................................304
18.2.2 Key Management ..................................................................................304
18.3 Encapsulation .................................................................................................304
18.3.1 Transport Mode ....................................................................................305
18.3.2 Tunnel Mode .........................................................................................305
18.4 IPSec and NAT ...............................................................................................305
17 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
Chapter 19
VPN Screens.........................................................................................................308
19.1 VPN/IPSec Overview .....................................................................................308
19.2 IPSec Algorithms ............................................................................................308
19.2.1 AH (Authentication Header) Protocol ....................................................308
19.2.2 ESP (Encapsulating Security Payload) Protocol ..................................308
19.3 My ZyWALL ....................................................................................................309
19.4 Remote Gateway Address .............................................................................309
19.4.1 Dynamic Remote Gateway Address .....................................................310
19.5 Nailed Up .......................................................................................................310
19.6 NAT Traversal ................................................................................................310
19.6.1 NAT Traversal Configuration ................................................................. 311
19.7 ID Type and Content ......................................................................................311
19.7.1 ID Type and Content Examples ............................................................312
19.8 IKE Phases ....................................................................................................313
19.8.1 Negotiation Mode ..................................................................................314
19.8.2 Pre-Shared Key ....................................................................................314
19.8.3 Diffie-Hellman (DH) Key Groups ...........................................................315
19.8.4 Perfect Forward Secrecy (PFS) ...........................................................315
19.9 X-Auth (Extended Authentication) ..................................................................315
19.9.1 Authentication Server ...........................................................................315
19.10 VPN Rules (IKE) .........................................................................................316
19.11 VPN Rules (IKE) Gateway Policy Edit .........................................................318
19.12 VPN Rules (IKE): Network Policy Edit ......................................................324
19.13 VPN Rules (IKE): Network Policy Move .....................................................328
19.14 VPN Rules (Manual) ...................................................................................329
19.15 VPN Rules (Manual): Edit .........................................................................331
19.15.1 Security Parameter Index (SPI) ..........................................................331
19.16 VPN SA Monitor .........................................................................................335
19.17 VPN Global Setting .....................................................................................336
19.18 Telecommuter VPN/IPSec Examples ...........................................................337
19.18.1 Telecommuters Sharing One VPN Rule Example ..............................337
19.18.2 Telecommuters Using Unique VPN Rules Example ...........................338
19.19 VPN and Remote Management ...................................................................340
Chapter 20
Certificates............................................................................................................ 342
20.1 Certificates Overview .....................................................................................342
20.1.1 Advantages of Certificates ....................................................................343
20.2 Self-signed Certificates ..................................................................................343
20.3 Configuration Summary .................................................................................343
20.4 My Certificates ..............................................................................................344
20.5 My Certificate Import ....................................................................................346
Table of Contents 18
ZyWALL 5/35/70 Series User’s Guide
20.5.1 Certificate File Formats .........................................................................346
20.6 My Certificate Create ...................................................................................347
20.7 My Certificate Details ...................................................................................350
20.8 Trusted CAs .................................................................................................353
20.9 Trusted CA Import ........................................................................................355
20.10 Trusted CA Details ......................................................................................356
20.11 Trusted Remote Hosts ................................................................................359
20.12 Verifying a Trusted Remote Host’s Certificate ..............................................361
20.12.1 Trusted Remote Host Certificate Fingerprints .....................................361
20.13 Trusted Remote Hosts Import ....................................................................362
20.14 Trusted Remote Host Certificate Details ....................................................363
20.15 Directory Servers ........................................................................................366
20.16 Directory Server Add or Edit ......................................................................367
Chapter 21
Authentication Server..........................................................................................370
21.1 Authentication Server Overview .....................................................................370
21.1.1 Local User Database ............................................................................370
21.1.2 RADIUS ................................................................................................370
21.2 Local User Database ....................................................................................370
21.3 RADIUS ........................................................................................................372
Chapter 22
Network Address Translation (NAT)................................................................... 374
22.1 NAT Overview ................................................................................................374
22.1.1 NAT Definitions .....................................................................................374
22.1.2 What NAT Does ....................................................................................375
22.1.3 How NAT Works ...................................................................................375
22.1.4 NAT Application ....................................................................................376
22.1.5 Port Restricted Cone NAT ....................................................................377
22.1.6 NAT Mapping Types .............................................................................377
22.2 Using NAT ......................................................................................................378
22.2.1 SUA (Single User Account) Versus NAT ..............................................378
22.3 NAT Overview ..............................................................................................379
22.4 NAT Address Mapping .................................................................................380
22.4.1 NAT Address Mapping Edit ..................................................................382
22.5 Port Forwarding ..............................................................................................383
22.5.1 Default Server IP Address ....................................................................384
22.5.2 Port Forwarding: Services and Port Numbers ......................................384
22.5.3 Configuring Servers Behind Port Forwarding (Example) ......................384
22.5.4 NAT and Multiple WAN .........................................................................385
22.5.5 Port Translation ....................................................................................385
22.6 Port Forwarding .............................................................................................386
19 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
22.7 Port Triggering ..............................................................................................388
Chapter 23
Static Route ..........................................................................................................392
23.1 IP Static Route ............................................................................................392
23.2 IP Static Route ...............................................................................................392
23.2.1 IP Static Route Edit ..............................................................................394
Chapter 24
Policy Route ......................................................................................................... 396
24.1 Policy Route ..................................................................................................396
24.2 Benefits ..........................................................................................................396
24.3 Routing Policy ................................................................................................396
24.4 IP Routing Policy Setup .................................................................................397
24.5 Policy Route Edit ...........................................................................................398
Chapter 25
Bandwidth Management......................................................................................402
25.1 Bandwidth Management Overview ...............................................................402
25.2 Bandwidth Classes and Filters .......................................................................402
25.3 Proportional Bandwidth Allocation .................................................................403
25.4 Application-based Bandwidth Management ...................................................403
25.5 Subnet-based Bandwidth Management .........................................................403
25.6 Application and Subnet-based Bandwidth Management ...............................404
25.7 Scheduler .......................................................................................................404
25.7.1 Priority-based Scheduler ......................................................................404
25.7.2 Fairness-based Scheduler ....................................................................404
25.7.3 Maximize Bandwidth Usage .................................................................404
25.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................405
25.7.5 Maximize Bandwidth Usage Example ..................................................405
25.7.5.1 Priority-based Allotment of Unused and Unbudgeted Bandwidth 406
25.7.5.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth ...
406
25.8 Bandwidth Borrowing .....................................................................................407
25.8.1 Bandwidth Borrowing Example .............................................................407
25.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................408
25.10 Configuring Summary ..................................................................................408
25.11 Configuring Class Setup .............................................................................410
25.11.1 Bandwidth Manager Class Configuration ...........................................411
25.11.2 Bandwidth Management Statistics ...................................................414
25.12 Configuring Monitor ...................................................................................415
Table of Contents 20
ZyWALL 5/35/70 Series User’s Guide
Chapter 26
DNS........................................................................................................................ 418
26.1 DNS Overview ..............................................................................................418
26.2 DNS Server Address Assignment ..................................................................418
26.3 DNS Servers ..................................................................................................418
26.4 Address Record .............................................................................................419
26.4.1 DNS Wildcard .......................................................................................419
26.5 Name Server Record .....................................................................................419
26.5.1 Private DNS Server ..............................................................................419
26.6 System Screen ...............................................................................................420
26.6.1 Adding an Address Record ..................................................................422
26.6.2 Inserting a Name Server record ...........................................................423
26.7 DNS Cache ..................................................................................................424
26.8 Configure DNS Cache ....................................................................................425
26.9 Configuring DNS DHCP ...............................................................................426
26.10 Dynamic DNS .............................................................................................428
26.10.1 DYNDNS Wildcard ..............................................................................428
26.10.2 High Availability ..................................................................................428
26.11 Configuring Dynamic DNS ...........................................................................428
Chapter 27
Remote Management ........................................................................................... 432
27.1 Remote Management Overview .....................................................................432
27.1.1 Remote Management Limitations .........................................................432
27.1.2 System Timeout ....................................................................................433
27.2 Introduction to HTTPS ....................................................................................433
27.3 WWW ...........................................................................................................434
27.4 HTTPS Example ............................................................................................436
27.4.1 Internet Explorer Warning Messages ...................................................436
27.4.2 Netscape Navigator Warning Messages ...............................................437
27.4.3 Avoiding the Browser Warning Messages ............................................438
27.4.4 Login Screen .........................................................................................438
27.5 SSH .............................................................................................................441
27.6 How SSH works .............................................................................................441
27.7 SSH Implementation on the ZyWALL .............................................................442
27.7.1 Requirements for Using SSH ................................................................443
27.8 Configuring SSH ............................................................................................443
27.9 Secure Telnet Using SSH Examples ..............................................................444
27.9.1 Example 1: Microsoft Windows .............................................................444
27.9.2 Example 2: Linux ..................................................................................444
27.10 Secure FTP Using SSH Example ................................................................445
27.11 Telnet ..........................................................................................................446
27.12 Configuring TELNET ....................................................................................446
21 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
27.13 FTP ............................................................................................................447
27.14 SNMP .........................................................................................................448
27.14.1 Supported MIBs .................................................................................450
27.14.2 SNMP Traps .......................................................................................450
27.14.3 REMOTE MANAGEMENT: SNMP ......................................................450
27.15 DNS ............................................................................................................452
27.16 Introducing Vantage CNM ...........................................................................452
27.17 Configuring CNM ..........................................................................................453
Chapter 28
UPnP...................................................................................................................... 456
28.1 Universal Plug and Play Overview ...............................................................456
28.1.1 How Do I Know If I'm Using UPnP? ......................................................456
28.1.2 NAT Traversal .......................................................................................456
28.1.3 Cautions with UPnP ..............................................................................456
28.1.4 UPnP and ZyXEL ..................................................................................457
28.2 Configuring UPnP ..........................................................................................457
28.3 Displaying UPnP Port Mapping ...................................................................458
28.4 Installing UPnP in Windows Example ............................................................459
28.4.1 Installing UPnP in Windows Me ............................................................460
28.4.2 Installing UPnP in Windows XP ............................................................461
28.5 Using UPnP in Windows XP Example ...........................................................461
28.5.1 Auto-discover Your UPnP-enabled Network Device .............................462
28.5.2 Web Configurator Easy Access ............................................................463
Chapter 29
ALG Screen........................................................................................................... 466
29.1 ALG Introduction ...........................................................................................466
29.1.1 ALG and NAT ........................................................................................466
29.1.2 ALG and the Firewall ............................................................................466
29.1.3 ALG and Multiple WAN .........................................................................466
29.2 FTP ................................................................................................................467
29.3 H.323 ..............................................................................................................467
29.4 RTP ................................................................................................................467
29.4.1 H.323 ALG Details ................................................................................467
29.5 SIP .................................................................................................................469
29.5.1 STUN ....................................................................................................469
29.5.2 SIP ALG Details ....................................................................................469
29.5.3 SIP Signaling Session Timeout ............................................................470
29.5.4 SIP Audio Session Timeout ..................................................................470
29.6 ALG Screen ....................................................................................................470
Table of Contents 22
ZyWALL 5/35/70 Series User’s Guide
Chapter 30
Logs Screens........................................................................................................ 472
30.1 Configuring View Log ....................................................................................472
30.2 Log Description Example ...............................................................................473
30.2.1 Certificate Not Trusted Log Note ..........................................................474
30.3 Configuring Log Settings ...............................................................................475
30.4 Configuring Reports ......................................................................................478
30.4.1 Viewing Web Site Hits ...........................................................................480
30.4.2 Viewing Protocol/Port ...........................................................................480
30.4.3 Viewing Host IP Address ......................................................................482
30.4.4 Reports Specifications ..........................................................................483
Chapter 31
Maintenance ......................................................................................................... 484
31.1 Maintenance Overview ...................................................................................484
31.2 General Setup ................................................................................................484
31.2.1 General Setup and System Name ........................................................484
31.2.2 General Setup .......................................................................................484
31.3 Configuring Password ...................................................................................485
31.4 Time and Date ...............................................................................................486
31.5 Pre-defined NTP Time Servers List ................................................................489
31.5.1 Resetting the Time ................................................................................489
31.5.2 Time Server Synchronization ................................................................489
31.6 Introduction To Transparent Bridging .............................................................491
31.7 Transparent Firewalls .....................................................................................491
31.8 Configuring Device Mode (Router) ................................................................492
31.9 Configuring Device Mode (Bridge) ................................................................493
31.10 F/W Upload Screen .....................................................................................494
31.11 Backup and Restore ....................................................................................496
31.11.1 Backup Configuration .........................................................................497
31.11.2 Restore Configuration ........................................................................497
31.11.3 Back to Factory Defaults ....................................................................499
31.12 Restart Screen ............................................................................................499
Chapter 32
Introducing the SMT ............................................................................................500
32.1 Introduction to the SMT ..................................................................................500
32.2 Accessing the SMT via the Console Port .......................................................500
32.2.1 Initial Screen .........................................................................................500
32.2.2 Entering the Password ..........................................................................501
32.3 Navigating the SMT Interface .........................................................................501
32.3.1 Main Menu ............................................................................................502
32.3.2 SMT Menus Overview ..........................................................................504
23 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
32.4 Changing the System Password ....................................................................506
32.5 Resetting the ZyWALL ...................................................................................507
Chapter 33
SMT Menu 1 - General Setup............................................................................... 508
33.1 Introduction to General Setup ........................................................................508
33.2 Configuring General Setup .............................................................................508
33.2.1 Configuring Dynamic DNS ....................................................................510
33.2.1.1 Editing DDNS Host ......................................................................510
Chapter 34
WAN and Dial Backup Setup ............................................................................... 514
34.1 Introduction to WAN and Dial Backup Setup ..................................................514
34.2 WAN Setup .....................................................................................................514
34.3 Dial Backup ....................................................................................................515
34.4 Configuring Dial Backup in Menu 2 ................................................................515
34.5 Advanced WAN Setup ....................................................................................516
34.6 Remote Node Profile (Backup ISP) ................................................................518
34.7 Editing PPP Options .......................................................................................520
34.8 Editing TCP/IP Options ..................................................................................521
34.9 Editing Login Script ........................................................................................523
34.10 Remote Node Filter ......................................................................................525
Chapter 35
LAN Setup.............................................................................................................526
35.1 Introduction to LAN Setup ..............................................................................526
35.2 Accessing the LAN Menus .............................................................................526
35.3 LAN Port Filter Setup .....................................................................................526
35.4 TCP/IP and DHCP Ethernet Setup Menu ......................................................527
35.4.1 IP Alias Setup .......................................................................................530
Chapter 36
Internet Access .................................................................................................... 532
36.1 Introduction to Internet Access Setup ............................................................532
36.2 Ethernet Encapsulation ..................................................................................532
36.3 Configuring the PPTP Client ..........................................................................534
36.4 Configuring the PPPoE Client ........................................................................534
36.5 Basic Setup Complete ....................................................................................535
Chapter 37
DMZ Setup ............................................................................................................ 536
37.1 Configuring DMZ Setup ..................................................................................536
37.2 DMZ Port Filter Setup ....................................................................................536
Table of Contents 24
ZyWALL 5/35/70 Series User’s Guide
37.3 TCP/IP Setup .................................................................................................536
37.3.1 IP Address ............................................................................................537
37.3.2 IP Alias Setup .......................................................................................538
Chapter 38
Route Setup .......................................................................................................... 540
38.1 Configuring Route Setup ................................................................................540
38.2 Route Assessment .........................................................................................540
38.3 Traffic Redirect ...............................................................................................541
38.4 Route Failover ................................................................................................542
Chapter 39
Wireless Setup ..................................................................................................... 544
39.1 Wireless LAN Setup .......................................................................................544
39.1.1 MAC Address Filter Setup ....................................................................546
39.2 TCP/IP Setup .................................................................................................547
39.2.1 IP Address ............................................................................................547
39.2.2 IP Alias Setup .......................................................................................548
Chapter 40
Remote Node Setup ............................................................................................. 550
40.1 Introduction to Remote Node Setup ...............................................................550
40.2 Remote Node Setup .......................................................................................550
40.3 Remote Node Profile Setup ...........................................................................551
40.3.1 Ethernet Encapsulation .........................................................................551
40.3.2 PPPoE Encapsulation ...........................................................................553
40.3.2.1 Outgoing Authentication Protocol ................................................553
40.3.2.2 Nailed-Up Connection .................................................................553
40.3.2.3 Metric ..........................................................................................554
40.3.3 PPTP Encapsulation .............................................................................554
40.4 Edit IP .............................................................................................................555
40.5 Remote Node Filter ........................................................................................557
40.6 Traffic Redirect ...............................................................................................558
Chapter 41
IP Static Route Setup...........................................................................................560
41.1 IP Static Route Setup .....................................................................................560
Chapter 42
Network Address Translation (NAT)................................................................... 562
42.1 Using NAT ......................................................................................................562
42.1.1 SUA (Single User Account) Versus NAT ..............................................562
42.1.2 Applying NAT ........................................................................................562
25 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
42.2 NAT Setup ......................................................................................................564
42.2.1 Address Mapping Sets ..........................................................................565
42.2.1.1 SUA Address Mapping Set .........................................................565
42.2.1.2 User-Defined Address Mapping Sets ..........................................566
42.2.1.3 Ordering Your Rules ....................................................................567
42.3 Configuring a Server behind NAT ..................................................................569
42.4 General NAT Examples ..................................................................................572
42.4.1 Internet Access Only .............................................................................572
42.4.2 Example 2: Internet Access with an Default Server ..............................574
42.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............574
42.4.4 Example 4: NAT Unfriendly Application Programs ...............................578
42.5 Trigger Port Forwarding .................................................................................579
42.5.1 Two Points To Remember About Trigger Ports .....................................579
Chapter 43
Introducing the ZyWALL Firewall .......................................................................582
43.1 Using ZyWALL SMT Menus ...........................................................................582
43.1.1 Activating the Firewall ...........................................................................582
Chapter 44
Filter Configuration..............................................................................................584
44.1 Introduction to Filters ......................................................................................584
44.1.1 The Filter Structure of the ZyWALL ......................................................585
44.2 Configuring a Filter Set ..................................................................................587
44.2.1 Configuring a Filter Rule .......................................................................588
44.2.2 Configuring a TCP/IP Filter Rule ..........................................................589
44.2.3 Configuring a Generic Filter Rule .........................................................591
44.3 Example Filter ................................................................................................593
44.4 Filter Types and NAT ......................................................................................595
44.5 Firewall Versus Filters ....................................................................................595
44.6 Applying a Filter ............................................................................................596
44.6.1 Applying LAN Filters .............................................................................596
44.6.2 Applying DMZ Filters ............................................................................596
44.6.3 Applying Remote Node Filters ..............................................................597
Chapter 45
SNMP Configuration ............................................................................................598
45.1 SNMP Configuration ......................................................................................598
45.2 SNMP Traps ...................................................................................................599
Chapter 46
System Information & Diagnosis........................................................................ 600
46.1 Introduction to System Status ........................................................................600
Table of Contents 26
ZyWALL 5/35/70 Series User’s Guide
46.2 System Status ................................................................................................600
46.3 System Information and Console Port Speed ................................................602
46.3.1 System Information ...............................................................................602
46.3.2 Console Port Speed ..............................................................................603
46.4 Log and Trace ................................................................................................604
46.4.1 Viewing Error Log .................................................................................604
46.4.2 Syslog Logging .....................................................................................605
46.4.3 Call-Triggering Packet ..........................................................................608
46.5 Diagnostic ......................................................................................................608
46.5.1 WAN DHCP ..........................................................................................609
Chapter 47
Firmware and Configuration File Maintenance ................................................. 612
47.1 Introduction ....................................................................................................612
47.2 Filename Conventions ...................................................................................612
47.3 Backup Configuration .....................................................................................613
47.3.1 Backup Configuration ...........................................................................613
47.3.2 Using the FTP Command from the Command Line ..............................614
47.3.3 Example of FTP Commands from the Command Line .........................615
47.3.4 GUI-based FTP Clients .........................................................................615
47.3.5 File Maintenance Over WAN ................................................................615
47.3.6 Backup Configuration Using TFTP .......................................................616
47.3.7 TFTP Command Example ....................................................................616
47.3.8 GUI-based TFTP Clients ......................................................................617
47.3.9 Backup Via Console Port ......................................................................617
47.4 Restore Configuration ....................................................................................618
47.4.1 Restore Using FTP ...............................................................................618
47.4.2 Restore Using FTP Session Example ..................................................620
47.4.3 Restore Via Console Port .....................................................................620
47.5 Uploading Firmware and Configuration Files .................................................621
47.5.1 Firmware File Upload ............................................................................621
47.5.2 Configuration File Upload .....................................................................622
47.5.3 FTP File Upload Command from the DOS Prompt Example ................623
47.5.4 FTP Session Example of Firmware File Upload ...................................623
47.5.5 TFTP File Upload ..................................................................................623
47.5.6 TFTP Upload Command Example ........................................................624
47.5.7 Uploading Via Console Port ..................................................................624
47.5.8 Uploading Firmware File Via Console Port ...........................................624
47.5.9 Example Xmodem Firmware Upload Using HyperTerminal ..................625
47.5.10 Uploading Configuration File Via Console Port ..................................625
47.5.11 Example Xmodem Configuration Upload Using HyperTerminal .........626
27 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
Chapter 48
System Maintenance Menus 8 to 10...................................................................628
48.1 Command Interpreter Mode ...........................................................................628
48.1.1 Command Syntax .................................................................................628
48.1.2 Command Usage ..................................................................................629
48.2 Call Control Support .......................................................................................630
48.2.1 Budget Management ............................................................................630
48.2.2 Call History ...........................................................................................631
48.3 Time and Date Setting ....................................................................................632
Chapter 49
Remote Management ........................................................................................... 636
49.1 Remote Management .....................................................................................636
49.1.1 Remote Management Limitations .........................................................638
Chapter 50
IP Policy Routing.................................................................................................. 640
50.1 IP Routing Policy Summary ...........................................................................640
50.2 IP Routing Policy Setup .................................................................................641
50.2.1 Applying Policy to Packets ....................................................................643
50.3 IP Policy Routing Example .............................................................................644
Chapter 51
Call Scheduling ....................................................................................................648
51.1 Introduction to Call Scheduling ......................................................................648
Chapter 52
Troubleshooting ...................................................................................................652
52.1 Problems Starting Up the ZyWALL .................................................................652
52.2 Problems with the LAN Interface ....................................................................652
52.3 Problems with the DMZ Interface ...................................................................653
52.4 Problems with the WAN Interface ..................................................................653
52.5 Problems Accessing the ZyWALL ..................................................................654
52.5.1 Pop-up Windows, JavaScripts and Java Permissions ..........................654
52.5.1.1 Internet Explorer Pop-up Blockers ..............................................655
52.5.1.2 JavaScripts ..................................................................................658
52.5.1.3 Java Permissions ........................................................................660
52.6 Packet Flow ....................................................................................................662
Appendix A
Product Specifications ........................................................................................ 664
Appendix B
Table of Contents 28
ZyWALL 5/35/70 Series User’s Guide
Hardware Installation........................................................................................... 672
Appendix C
Removing and Installing a Fuse ........................................................................ 676
Appendix D
Setting up Your Computer’s IP Address............................................................ 678
Appendix E
IP Subnetting ........................................................................................................ 694
Appendix F
PPPoE ................................................................................................................... 702
Appendix G
PPTP......................................................................................................................704
Appendix H
Wireless LANs ...................................................................................................... 708
Appendix I
Triangle Route ...................................................................................................... 722
Appendix J
Windows 98 SE/Me Requirements for Anti-Virus Message Display................ 726
Appendix K
VPN Setup............................................................................................................. 730
Appendix L
Importing Certificates .......................................................................................... 742
Appendix M
Command Interpreter........................................................................................... 754
Appendix N
Firewall Commands ............................................................................................. 756
Appendix O
NetBIOS Filter Commands .................................................................................. 762
Appendix P
Certificates Commands ....................................................................................... 766
Appendix Q
Brute-Force Password Guessing Protection..................................................... 770
Appendix R
Boot Commands ..................................................................................................772
29 Table of Contents
ZyWALL 5/35/70 Series User’s Guide
Appendix S
Log Descriptions.................................................................................................. 774
Index...................................................................................................................... 798
Table of Contents 30
Loading...