Page 1
Vantage CNM
Centralized Network Management
User’s Guide
Version 3.0
3/2008
Edition 2
www.zyxel.com
Page 2
Page 3
About This User's Guide
About This User's Guide
" The screens in Vantage CNM vary by device type and firmware version. The
examples in this User’s Guide use one of the most comprehensive examples
of each screen, not every variation for each device type and firmware version.
If you are unable to find a specific screen or field in this User’s Guide, please
see the User’s Guide for the device for more information.
Intended Audience
This manual is intended for people who want to configure Vantage CNM using the web
configurator. You should have at least a basic knowledge of TCP/IP networking concepts,
topology, and the devices you want to manage.
Related Documentation
• Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. It contains
information on setting up and connecting to your software.
• Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary
information.
" It is recommended you use the web configurator to configure the Vantage
CNM.
• Device User’s Guide
The User’s Guide for each device provides more information about the device, its features,
and its configuration.
• ZyXEL Web Site
Please refer to www.zyxel.com
certifications.
for additional support documentation and product
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for
improvement to the following address, or use e-mail instead. Thank you!
Vantage CNM User’s Guide
3
Page 4
About This User's Guide
The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
4
Vantage CNM User’s Guide
Page 5
Document Conventions
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• Vantage CNM may be referred to as “Vantage CNM” or the “product” in this User’s
Guide.
• Vantage Report may be referred to as “Vantage Report” or “VRPT” in this User’s Guide.
• A device that is managed by Vantage CNM may be referred to as the “ZyXEL device,”
“device,” or the “system” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key.
“Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example,
Maintenance > Log > Log Setting means you first click Maintenance in the navigation
panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For
example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000”
or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
Vantage CNM User’s Guide
5
Page 6
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. Device icons are not an
exact representations of your devices.
Device (example) Computer Notebook computer
Server DSLAM
Telephone Switch Router
6
Vantage CNM User’s Guide
Page 7
Contents Overview
Contents Overview
Introducing Vantage CNM .......................................................................................................... 31
Introduction ............................................................................................................................ 33
GUI Introduction ........................................................................................................................ 35
Device Operation ...................................................................................................................51
Load or Save Building Blocks (BB) ............................................................................................ 53
Device General Settings ............................................................................................................ 55
Device Network Settings ........................................................................................................... 59
Device Security Settings ...........................................................................................................115
Device Advanced Settings .......................................................................................................193
Device Log ............................................................................................................................... 217
Device Configuration Management ......................................................................................... 221
Firmware Management ............................................................................................................243
License Management .............................................................................................................. 249
VPN Management .................................................................................................................255
VPN Community ...................................................................................................................... 257
Installation Report .................................................................................................................... 263
VPN Monitor ............................................................................................................................ 265
Monitor .................................................................................................................................. 273
Device Status Monitor ............................................................................................................. 275
Device HA Status Monitor ..................................................................................................... 281
Device Alarm ........................................................................................................................... 283
Log & Report ........................................................................................................................ 287
Device Operation Report ......................................................................................................... 289
CNM Logs ................................................................................................................................ 301
VRPT ....................................................................................................................................... 303
CNM System Setting ............................................................................................................307
CNM System Setting .............................................................................................................. 309
Maintenance ............................................................................................................................ 323
Device Owner .......................................................................................................................... 327
Vantage CNM Software Upgrade ............................................................................................ 329
License ................................................................................................................................. 331
Vantage CNM User’s Guide
7
Page 8
Contents Overview
About CNM .............................................................................................................................. 333
Account Management ..........................................................................................................335
User Group .............................................................................................................................. 337
Account .................................................................................................................................... 341
Troubleshooting ...................................................................................................................345
Troubleshooting ....................................................................................................................... 347
Appendices and Index ......................................................................................................... 351
8
Vantage CNM User’s Guide
Page 9
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................5
Contents Overview ...................................................................................................................7
Chapter 1
Introducing Vantage CNM ...................................................................................................... 31
1.1 Overview .............................................................................................................................. 31
1.2 Ways to Manage Vantage CNM ........................................................................................... 32
1.3 Suggestions for Using Vantage CNM .................................................................................. 32
Part I: Introduction................................................................................. 33
Chapter 2
GUI Introduction...................................................................................................................... 35
2.1 Menu Bar ............................................................................................................................. 36
2.2 Title Bar ............................................................................................................................... 37
2.3 Device Window .................................................................................................................... 37
2.3.1 Topology ..................................................................................................................... 37
2.3.2 Device Search ............................................................................................................45
2.4 Navigation Panel and Configuration Window ...................................................................... 45
2.5 Security Risk Pop-up Messages in Internet Explorer 7.0 .................................................... 48
Part II: Device Operation ....................................................................... 51
Chapter 3
Load or Save Building Blocks (BB).......................................................................................53
3.1 Load or Save BB ................................................................................................................. 53
Chapter 4
Device General Settings.........................................................................................................55
4.1 System ................................................................................................................................. 55
4.2 Time Setting ......................................................................................................................... 56
Chapter 5
Device Network Settings........................................................................................................59
5.1 LAN (ZyNOS ZyWALL) ....................................................................................................... 59
5.2 LAN (Prestige) ..................................................................................................................... 63
5.2.1 Static DHCP ............................................................................................................... 65
5.2.2 IP Alias ....................................................................................................................... 66
Vantage CNM User’s Guide
9
Page 10
5.3 WAN General (ZyNOS ZyWALL) ......................................................................................... 67
5.3.1 WAN1 (ZyNOS ZyWALL with one WAN port) ............................................................ 69
5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports) ......................................... 77
5.3.3 WAN2 (ZyNOS ZyWALL with 3G WAN) ..................................................................... 85
5.3.4 Dial Backup (ZyNOS ZyWALL) .................................................................................. 90
5.3.5 Advanced Modem Setup (ZyNOS ZyWALL) .............................................................. 92
5.3.6 Edit Dial Backup (ZyNOS ZyWALL) ........................................................................... 94
5.3.7 WAN Setup (Prestige) ................................................................................................ 96
5.3.8 WAN Backup (Prestige) ............................................................................................. 99
5.3.9 Advanced WAN Backup (Prestige) .......................................................................... 102
5.3.10 Advanced Modem Setup (Prestige) ....................................................................... 104
5.4 Wireless Card .................................................................................................................... 104
5.4.1 Wireless and Wireless Security Settings .................................................................. 104
5.4.2 Advanced Wireless Security Settings ...................................................................... 106
5.4.3 MAC Filter ................................................................................................................ . 111
Chapter 6
Device Security Settings...................................................................................................... 115
6.1 Firewall ...............................................................................................................................115
6.1.1 Default Rule ..............................................................................................................115
6.1.2 Rule Summary ..........................................................................................................117
6.1.3 Add/Edit a Rule .........................................................................................................119
6.1.4 Anti-Probing .............................................................................................................122
6.1.5 Threshold ................................................................................................................. 123
6.1.6 Service ..................................................................................................................... 125
6.1.7 Add/Edit Service ....................................................................................................... 125
6.2 VPN ................................................................................................................................... 126
6.3 IPSec High Availability ....................................................................................................... 127
6.3.1 VPN Rules (IKE) ...................................................................................................... 127
6.3.2 Add/Edit an IKE Gateway Policy ............................................................................ 128
6.3.3 Add/Edit an IKE Network Policy .............................................................................. 134
6.3.4 Move an IKE Network Policy .................................................................................... 139
6.3.5 VPN Rules (Manual) ................................................................................................ 140
6.3.6 Add/Edit an Manual VPN Rule ................................................................................. 142
6.3.7 VPN Global Setting .................................................................................................. 144
6.4 Anti-Virus ........................................................................................................................... 146
6.4.1 General Anti-Virus Setup ......................................................................................... 146
6.5 Anti-Spam .......................................................................................................................... 148
6.5.1 Anti-Spam General Screen ...................................................................................... 148
6.5.2 Anti-Spam External DB Screen ................................................................................ 151
6.6 Anti-Spam Lists Screen .....................................................................................................153
6.6.1 Anti-Spam Lists Edit Screen ..................................................................................... 154
6.7 IDP ..................................................................................................................................... 157
10
Vantage CNM User’s Guide
Page 11
6.8 General Setup ................................................................................................................... 157
6.9 IDP Signatures .................................................................................................................. 158
6.9.1 Attack Types .............................................................................................................158
6.9.2 Intrusion Severity ..................................................................................................... 160
6.9.3 Signature Actions ..................................................................................................... 160
6.9.4 Configuring IDP Signatures ...................................................................................... 161
6.9.5 Query View ...............................................................................................................163
6.9.6 Protocol Anomaly ..................................................................................................... 165
6.10 Signature Update ............................................................................................................. 167
6.11 Content Filter ................................................................................................................... 169
6.12 Content Filter General Screen ......................................................................................... 169
6.13 Content Filter Policy ........................................................................................................ 172
6.13.1 Content Filter Policy: General ................................................................................ 174
6.13.2 Content Filter Policy: External Database ............................................................... 175
6.13.3 Content Filter Policy: Customization ...................................................................... 182
6.13.4 Content Filter Policy: Schedule .............................................................................. 184
6.14 Content Filter Objects ...................................................................................................... 186
6.15 Content Filtering Cache ...................................................................................................187
6.16 X Auth .............................................................................................................................. 188
6.16.1 Local User Database .............................................................................................. 188
6.16.2 RADIUS ..................................................................................................................189
Chapter 7
Device Advanced Settings...................................................................................................193
7.0.1 NAT .......................................................................................................................... 193
7.1 NAT .................................................................................................................................... 193
7.2 Port Forwarding ................................................................................................................. 195
7.3 Address Mapping ............................................................................................................... 197
7.3.1 Edit an Address Mapping Rule ................................................................................. 198
7.4 Trigger Port ........................................................................................................................ 199
7.4.1 Edit a Trigger Port Rule ............................................................................................ 200
7.5 Static Route ....................................................................................................................... 201
7.6 Static Route ....................................................................................................................... 201
7.6.1 Edit a Static Route .................................................................................................... 202
7.7 DNS ................................................................................................................................... 203
7.8 Address Record ................................................................................................................. 203
7.8.1 Add/Edit an Address Record .................................................................................... 204
7.9 Name Server Record .........................................................................................................205
7.9.1 Add/Edit a Name Server Record .............................................................................. 206
7.10 Cache .............................................................................................................................. 207
7.11 DDNS ............................................................................................................................... 208
7.12 DHCP .............................................................................................................................. 209
7.13 Remote MGMT .................................................................................................................211
Vantage CNM User’s Guide
11
Page 12
7.14 Remote MGMT .................................................................................................................211
Chapter 8
Device Log............................................................................................................................. 217
8.1 Device Log ......................................................................................................................... 217
Chapter 9
Device Configuration Management..................................................................................... 221
9.1 Synchronization (Device) ..................................................................................................221
9.2 Synchronization (Folder) ..................................................................................................222
9.3 Configuration File Management ........................................................................................ 223
9.3.1 Backup & Restore (Device) ...................................................................................... 224
9.3.2 Backup a Device ...................................................................................................... 225
9.3.3 Backup & Restore (Folder) ....................................................................................... 226
9.3.4 Group Backup (Folder) ............................................................................................. 227
9.3.5 Group Restore (Folder) ............................................................................................ 229
9.4 Schedule List (Device) ....................................................................................................... 230
9.5 Schedule List (Folder) ....................................................................................................... 231
9.5.1 Add/Edit Schedule List (Folder) ............................................................................... 231
9.6 Signature Profile Management .......................................................................................... 233
9.6.1 Backup & Restore .................................................................................................... 233
9.6.2 Signature Profile Backup (Device) ........................................................................... 234
9.6.3 Signature Profile Restore (Folder) ........................................................................... 235
9.6.4 Reset to Factory ....................................................................................................... 236
9.7 Configuration Building Block .............................................................................................. 237
9.8 Add/Edit a Configuration BB .............................................................................................. 238
9.9 Component BB .................................................................................................................. 241
9.10 Add/Edit/Save as a Component BB ................................................................................. 241
Chapter 10
Firmware Management .........................................................................................................243
10.1 Firmware List ................................................................................................................... 243
10.1.1 Add Firmware ......................................................................................................... 244
10.2 Scheduler List .................................................................................................................. 245
10.3 Firmware Upgrade ........................................................................................................... 245
10.3.1 Firmware Upgrade (Folder) .................................................................................... 246
10.3.2 Firmware Upgrade (Device) ................................................................................... 246
10.3.3 Firmware Upgrade (Device) > Upgrade ................................................................. 247
Chapter 11
License Management............................................................................................................249
11.1 Service Activiation ............................................................................................................ 249
11.1.1 Registration ............................................................................................................249
12
Vantage CNM User’s Guide
Page 13
11.1.2 Service ................................................................................................................... 251
11.2 License Status .................................................................................................................. 252
11.2.1 Activate/Upgrade License ...................................................................................... 253
11.3 Signature Status ............................................................................................................... 253
Part III: VPN Management ................................................................... 255
Chapter 12
VPN Community.................................................................................................................... 257
12.1 VPN Community .............................................................................................................. 257
12.1.1 Add/Edit a VPN Community ................................................................................... 258
Chapter 13
Installation Report ................................................................................................................263
13.1 Installation Report ............................................................................................................ 263
13.1.1 Show Detailed Installation Reportl ......................................................................... 264
Chapter 14
VPN Monitor ..........................................................................................................................265
14.1 Monitor VPN by Community ............................................................................................ 265
14.1.1 Show Detailed VPN Community ............................................................................ 266
14.1.2 VPN Tunnel Diagnostics ........................................................................................ 267
14.2 Monitor VPN by Device ................................................................................................... 269
14.2.1 VPN Tunnel Status ................................................................................................. 269
14.2.2 Search VPN Tunnels .............................................................................................. 269
14.2.3 SA Monitor ............................................................................................................. 270
Part IV: Monitor .................................................................................... 273
Chapter 15
Device Status Monitor .........................................................................................................275
15.1 Device Status ................................................................................................................... 275
15.1.1 Device Status > 3G Card ....................................................................................... 276
Chapter 16
Device HA Status Monitor ................................................................................................. 281
16.1 Device HA Status ............................................................................................................. 281
Chapter 17
Device Alarm ......................................................................................................................... 283
Vantage CNM User’s Guide
13
Page 14
17.1 Device Alarm Introduction ............................................................................................... 283
17.1.1 Alarm Severity ........................................................................................................ 283
17.1.2 Unresolved Alarms ................................................................................................. 283
17.1.3 Responded Alarm .................................................................................................. 285
Part V: Log & Report ............................................................................ 287
Chapter 18
Device Operation Report...................................................................................................... 289
18.1 Firmware Upgrade Report ............................................................................................... 289
18.1.1 Firmware Report Details ........................................................................................ 290
18.2 Configuration Report ....................................................................................................... 291
18.2.1 Configuration Report Details .................................................................................. 292
18.3 Configuration File Backup Report .................................................................................... 294
18.3.1 Configuration File Backup Report Details .............................................................. 295
18.4 Configuration File Restore Report ................................................................................... 296
18.5 Signature Profile Backup Report ..................................................................................... 298
18.6 Signature Profile Restore Report ..................................................................................... 299
Chapter 19
CNM Logs .............................................................................................................................. 301
19.1 Vantage CNM Logs ..........................................................................................................301
19.1.1 CNM Logs .............................................................................................................. 301
Chapter 20
VRPT ......................................................................................................................................303
20.1 Vantage Report Overview ................................................................................................ 303
20.2 Vantage Report in Vantage CNM ..................................................................................... 304
20.3 Setting Up Vantage Report in Vantage CNM ................................................................... 304
20.4 Opening Vantage Report in Vantage CNM ...................................................................... 305
Part VI: CNM System Setting .............................................................. 307
Chapter 21
CNM System Setting............................................................................................................309
21.1 Servers Configuration ...................................................................................................... 309
21.1.1 Vantage CNM Server Public IP Address .................................................................311
21.2 Servers Status ..................................................................................................................311
21.3 User Access .................................................................................................................... 312
21.4 Notifications ..................................................................................................................... 313
14
Vantage CNM User’s Guide
Page 15
21.4.1 Notifications Settings .............................................................................................. 314
21.5 Log Setting ...................................................................................................................... 315
21.6 VRPT Management ......................................................................................................... 316
21.6.1 Add/Edit VRPT Management ................................................................................. 317
21.7 Certificate Management Overview .................................................................................. 318
21.7.1 Advantages of Certificates ..................................................................................... 319
21.7.2 Current Certificate Information ............................................................................... 319
21.7.3 Create CSR ............................................................................................................ 320
21.7.4 Import Certificate .................................................................................................... 322
Chapter 22
Maintenance .......................................................................................................................... 323
22.1 System Maintenance ....................................................................................................... 323
22.1.1 Backup ................................................................................................................... 324
22.2 Device Maintenance ........................................................................................................325
Chapter 23
Device Owner ........................................................................................................................ 327
23.1 Device Owner .................................................................................................................. 327
23.1.1 Add/Edit a Device Owner ....................................................................................... 327
Chapter 24
Vantage CNM Software Upgrade ......................................................................................... 329
24.1 CNM Software Upgrade ................................................................................................... 329
Chapter 25
License................................................................................................................................ 331
25.1 CNM Licence ................................................................................................................... 331
25.1.1 License Upgrade .................................................................................................... 332
Chapter 26
About CNM ............................................................................................................................ 333
26.1 About CNM ...................................................................................................................... 333
Part VII: Account Management ........................................................... 335
Chapter 27
User Group ............................................................................................................................ 337
27.1 Group ............................................................................................................................... 337
27.1.1 Add User Group ..................................................................................................... 338
Vantage CNM User’s Guide
15
Page 16
Chapter 28
Account.................................................................................................................................. 341
28.1 “Root” Administrator ........................................................................................................ 341
28.2 “Super” Administrators ..................................................................................................... 341
28.3 Account ............................................................................................................................ 342
28.3.1 Add/Edit an Administrator Account ........................................................................ 342
Part VIII: Troubleshooting ................................................................... 345
Chapter 29
Troubleshooting ....................................................................................................................347
29.1 Vantage CNM Access and Login ..................................................................................... 347
29.2 Device Management ........................................................................................................ 348
29.3 Device Firmware Management ........................................................................................ 348
29.4 Vantage Report ................................................................................................................ 349
Part IX: Appendices and Index ........................................................... 351
Appendix A Product Specifications.......................................................................................353
Appendix B Setting up Your Computer’s IP Address............................................................ 357
Appendix C Pop-up Windows, Java Scripts and Java Permissions ..................................... 373
Appendix D IP Addresses and Subnetting ........................................................................... 379
Appendix E IP Address Assignment Conflicts ...................................................................... 387
Appendix F Common Services .............................................................................................391
Appendix G Importing Certificates........................................................................................ 395
Appendix H Open Software Announcements .......................................................................401
Appendix I Legal Information................................................................................................ 425
Appendix J Customer Support .............................................................................................427
Index....................................................................................................................................... 433
16
Vantage CNM User’s Guide
Page 17
Figure 1 Vantage CNM Application ......................................................................................................... 31
Figure 2 Main Screen ............................................................................................................................. 35
Figure 3 Device Window: Topology ....................................................................................................... 37
Figure 4 Folder Right-Click Options ....................................................................................................... 39
Figure 5 Device Window: Topology: Right Click to Add a Folder .......................................................... 39
Figure 6 Device Window: Topology: Add Folder .................................................................................... 39
Figure 7 Device Window: Topology: Delete Folder Warning ................................................................. 40
Figure 8 Device Window: Topology: Edit Folder .................................................................................... 40
Figure 9 Device Right-Click Options ....................................................................................................... 41
Figure 10 Device Window: Topology: Right Click to Add/Edit a Device ................................................ 41
Figure 11 Device Window: Topology: Add/Edit Device (ZyNOS) ........................................................... 42
Figure 12 Device Window: Topology: Add/Edit Device (ZLD) ............................................................... 42
Figure 13 Device Window: Topology: Delete Device Warning ............................................................... 44
Figure 14 Device Window: Topology: Re-associate a Device ............................................................... 44
Figure 15 Device Window: Topology: Delete Device Warning ............................................................... 45
Figure 16 Device Window: Search ........................................................................................................ 45
Figure 17 CNM System Setting > Configuration > Certificate Management > Create CSR ................... 49
Figure 18 CNM System Setting > Configuration > Certificate Management > Create CSR > CSR Key 49
Figure 19 CNM System Setting > Configuration > Certificate Management > Import Certificate ........... 50
Figure 20 Pop-up Message in Internet Explorer 7.0 ............................................................................... 50
Figure 21 Device Operation > Device Configuration > Load or Save BB ............................................... 53
Figure 22 Device Operation > Device Configuration > Load or Save BB > Load a BB .......................... 54
Figure 23 Device Operation > Device Configuration > Load or Save BB > Save as a BB ..................... 54
Figure 24 Device Operation > Device Configuration > General > System ............................................. 55
Figure 25 Device Operation > Device Configuration > General > Time Setting ..................................... 56
Figure 26 Example: Device Operation > Device Configuration > Network > Interface (ZLD) ................. 59
Figure 27 Device Operation > Device Configuration > Network > LAN > LAN (ZyNOS ZyWALL) ........ 60
Figure 28 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) ...................... 63
Figure 29 Device Operation > Device Configuration > Network > LAN > Static DHCP .......................... 65
Figure 30 Device Operation > Device Configuration > Network > LAN > IP Alias ................................. 66
Figure 31 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) .. 68
Figure 32 Device Operation > Device Configuration > Network > WAN > WAN1 (ZyNOS ZyWALL with one
WAN port) ..................................................................................................................... 70
Figure 33 Warning Message When Select PPPoE ................................................................................. 72
Figure 34 Device Operation > Device Configuration > Network > WAN > WAN1-PPPoE (ZyNOS ZyWALL
with one WAN port) ....................................................................................................... 72
Figure 35 Warning Message When Select PPTP ................................................................................... 74
Figure 36 Device Operation > Device Configuration > Network > WAN > WAN1 - PPTP (ZyNOS ZyWALL
with one WAN port) ....................................................................................................... 75
Figure 37 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with
two WAN ports) ............................................................................................................. 78
Figure 38 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE (ZyNOS
ZyWALL with two WAN ports) ...................................................................................... 80
Vantage CNM User’s Guide
17
Page 18
Figure 39 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL
with two WAN ports) ..................................................................................................... 83
Figure 40 Device Configuration > Network > WAN > 3G(WAN 2) ......................................................... 87
Figure 41 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL)
91
Figure 42 Device Operation > Device Configuration > Network > WAN > Dial Backup > Advanced (ZyNOS
ZyWALL) ....................................................................................................................... 93
Figure 43 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit (ZyNOS
ZyWALL) ....................................................................................................................... 95
Figure 44 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) .................. 97
Figure 45 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) .............. 100
Figure 46 Device Operation > Device Configuration > Network > WAN > Backup > Advanced (Prestige)
102
Figure 47 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card ..... 105
Figure 48 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card
(Advanced Wireless Security Settings) ....................................................................... 107
Figure 49 Device Operation > Device Configuration > Network > Wireless Card > MAC Filter ............112
Figure 50 Example: Device Operation > Device Configuration > VPN > IPSec VPN (ZLD) .................115
Figure 51 Device Operation > Device Configuration > Security > Firewall > Default Rule ....................116
Figure 52 Device Operation > Device Configuration > Security > Firewall > Rule Summary ................118
Figure 53 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Edit .... 120
Figure 54 Device Operation > Device Configuration > Security > Firewall > Anti-Probing ................... 122
Figure 55 Device Operation > Device Configuration > Security > Firewall > Threshold ...................... 123
Figure 56 Device Operation > Device Configuration > Security > Firewall > Service .......................... 125
Figure 57 Device Operation > Device Configuration > Security > Firewall > Service > Add/Edit ......... 126
Figure 58 IPSec High Availability ......................................................................................................... 127
Figure 59 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) ................. 128
Figure 60 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway
Policy Add/Edit ........................................................................................................... 129
Figure 61 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy
Add/Edit ...................................................................................................................... 135
Figure 62 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy
Move ...........................................................................................................................140
Figure 63 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) ........... 141
Figure 64 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit
142
Figure 65 Device Operation > Device Configuration > Security > VPN > Global Setting ..................... 145
Figure 66 Device Operation > Device Configuration > Security > Anti-Virus > General ....................... 147
Figure 67 Device Operation > Device Configuration > Security > Anti-Spam > General ..................... 149
Figure 68 Device Operation > Device Configuration > Security > Anti-Spam > External DB ............... 151
Figure 69 Device Operation > Device Configuration > Security > Anti-Spam > Lists ........................... 153
Figure 70 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/Edit ......... 155
Figure 71 Device Operation > Device Configuration > Security > IDP > General ................................ 157
Figure 72 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types ..... 159
Figure 73 Device Operation > Device Configuration > Security > IDP > Signature > Actions .............. 160
18
Vantage CNM User’s Guide
Page 19
Figure 74 Device Operation > Device Configuration > Security > IDP > Signature ............................. 161
Figure 75 Device Operation > Device Configuration > Security > IDP > Signature (Query View) ........ 163
Figure 76 Device Operation > Device Configuration > Security > IDP > Anomaly ............................... 165
Figure 77 Device Operation > Device Configuration > Security > Signature Update ........................... 168
Figure 78 Device Operation > Device Configuration > Security > Content Filter > General ................ 170
Figure 79 Device Operation > Device Configuration > Security > Content Filter > Policy .................... 173
Figure 80 Device Operation > Device Configuration > Security > Content Filter > Policy > Add/General .
174
Figure 81 Device Operation > Device Configuration > Security > Content Filter > Policy > External
Databasel .................................................................................................................... 176
Figure 82 Device Operation > Device Configuration > Security > Content Filter > Policy > Customizationl
183
Figure 83 Device Operation > Device Configuration > Security > Content Filter > Policy > Schedulel 185
Figure 84 Device Operation > Device Configuration > Security > Content Filter > Object ................... 186
Figure 85 Device Operation > Device Configuration > Security > Content Filter > Cache ................... 188
Figure 86 Device Operation > Device Configuration > Security > X Auth > Local User ....................... 189
Figure 87 Device Operation > Device Configuration > Security > X Auth > RADIUS .......................... 190
Figure 88 Device Operation > Device Configuration > Advanced > NAT > NAT Overview .................. 194
Figure 89 Device Operation > Device Configuration > Advanced > NAT > Port Forwarding ............... 196
Figure 90 Device Operation > Device Configuration > Advanced > NAT > Address Mapping ............. 197
Figure 91 Device Operation > Device Configuration > Advanced > NAT > Address Mapping > Edit ... 198
Figure 92 Device Operation > Device Configuration > Advanced > NAT > Trigger Port ...................... 199
Figure 93 Device Operation > Device Configuration > Advanced > NAT > Trigger Port > Edit ............ 200
Figure 94 Device Operation > Device Configuration > Advanced > Static Route ................................. 201
Figure 95 Device Operation > Device Configuration > Advanced > Static Route > Edit ...................... 202
Figure 96 Device Operation > Device Configuration > Advanced > DNS > Address Record .............. 203
Figure 97 Device Operation > Device Configuration > Advanced > DNS > Address Record > Add/Edit 204
Figure 98 Device Operation > Device Configuration > Advanced > DNS > Name Server Record ...... 205
Figure 99 Device Operation > Device Configuration > Advanced > DNS > Name Server Record > Add/Edit
206
Figure 100 Device Operation > Device Configuration > Advanced > DNS > Cache ............................ 207
Figure 101 Device Operation > Device Configuration > Advanced > DNS > DDNS ............................ 208
Figure 102 Device Operation > Device Configuration > Advanced > DNS > DHCP ............................ 210
Figure 103 Device Operation > Device Configuration > Advanced > Remote Management ................211
Figure 104 Device Operation > Device Configuration > Device Log .................................................... 217
Figure 105 Device Operation > Configuration Management > Synchronization .................................. 221
Figure 106 Device Operation > Configuration Management > Synchronization (Customize) .............. 222
Figure 107 Device Operation > Configuration Management > Synchronization (Folder) ..................... 223
Figure 108 Device Operation > Configuration Management > Configuration File Management > Backup &
Restore (Device) ......................................................................................................... 224
Figure 109 Device Operation > Configuration Management > Configuration File Management > Backup
(Device) ...................................................................................................................... 225
Figure 110 Device Operation > Configuration Management > Configuration File Management > Backup &
Restore (Folder) ......................................................................................................... 226
Vantage CNM User’s Guide
19
Page 20
Figure 111 Device Operation > Configuration Management >Configuration Management > Configuration
File Management > Backup (Folder) .......................................................................... 228
Figure 112 Device Operation > Configuration Management > Configuration File Management > Restore
(Folder) .......................................................................................................................229
Figure 113 Device Operation > Configuration Management > Configuration File Management > Schedule
List (Device) ................................................................................................................ 230
Figure 114 Device Operation > Configuration Management > Configuration File Management > Schedule
List (Folder) ................................................................................................................ 231
Figure 115 Device Operation > Configuration Management > Configuration File Management > Schedule
List (Folder) ................................................................................................................ 232
Figure 116 Device Operation > Configuration Management > Signature Profile Management > Backup &
Restore ...................................................................................................................... 233
Figure 117 Device Operation > Configuration Management > Signature Profile Management > Backup &
Restore > Backup (Device) ......................................................................................... 235
Figure 118 Device Operation > Configuration Management > Signature Profile Management > Backup &
Restore > Restore (Folder) ......................................................................................... 236
Figure 119 Device Operation > Configuration Management > Signature Profile Management > Reset to
Factory ........................................................................................................................237
Figure 120 Device Operation > Configuration Management > Building Block > Configuration BB ...... 237
Figure 121 Device Operation > Configuration Management > Building Block > Configuration BB > Add ..
238
Figure 122 Device Operation > Configuration Management > Building Block > Configuration BB > Edit ..
239
Figure 123 Device Operation > Configuration Management > Building Block > Configuration BB > Save as
239
Figure 124 Device Operation > Configuration Management > Building Block > Component BB ......... 241
Figure 125 Device Operation > Configuration Management > Building Block > Component BB > Add/Edit/
Save as ....................................................................................................................... 242
Figure 126 Device Operation > Firmware Management > Firmware List ............................................. 243
Figure 127 Device Operation > Firmware Management > Firmware List > Add .................................. 244
Figure 128 Device Operation > Firmware Management > Scheduler List ............................................ 245
Figure 129 Device Operation > Firmware Management > Firmware Upgrade (Folder) ....................... 246
Figure 130 Device Operation > Firmware Management > Firmware Upgrade (Device) ..................... 246
Figure 131 Device Operation > Firmware Management > Firmware Upgrade (Device) > Upgrade .... 247
Figure 132 Device Operation > License Management > Service Activation > Registration ................. 249
Figure 133 Device Operation > License Management > Service Activiation > Registration > Save as a BB
250
Figure 134 Device Operation > License Management > Service Activation > Service ........................ 251
Figure 135 Device Operation > License Management > License Status .............................................. 252
Figure 136 Device Operation > License Management > License Status > Upgrade ............................ 253
Figure 137 Device Operation > License Management > Signature Status ........................................... 254
Figure 138 VPN Management > VPN Community ............................................................................... 257
Figure 139 VPN Management > VPN Community > Add/Edit .............................................................. 258
Figure 140 VPN Management > VPN Community > Add/Edit > Load a BB ......................................... 259
Figure 141 VPN Management > VPN Community > Add/Edit > Save as a BB .................................... 259
Figure 142 VPN Community Types ...................................................................................................... 259
20
Vantage CNM User’s Guide
Page 21
Figure 143 VPN Management > Installation Report ............................................................................. 263
Figure 144 VPN Management > Installation Report > Show Detail ...................................................... 264
Figure 145 VPN Management > VPN Monitor > By Community .......................................................... 265
Figure 146 VPN Management > VPN Monitor > By Community > Show Detail ................................... 266
Figure 147 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic .............. 267
Figure 148 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic > Logs .. 268
Figure 149 VPN Management > VPN Monitor > By Device > VPN Tunnel Status ............................... 269
Figure 150 VPN Management > VPN Monitor > By Device > VPN Tunnel Status > Search Special Tunnel
270
Figure 151 VPN Management > VPN Monitor > By Device > SA Monitor ........................................... 271
Figure 152 Monitor > Device Status ..................................................................................................... 275
Figure 153 Monitor > Device Status > 3G Card .................................................................................... 276
Figure 154 Monitor > Device HA Status ............................................................................................... 281
Figure 155 Monitor > Device Alarm > Unresolved Alarm ..................................................................... 284
Figure 156 Monitor > Device Alarm > Responded Alarm ..................................................................... 285
Figure 157 Log & Report > Operation Report > Firmware Upgrade Report (Device) .......................... 289
Figure 158 Log & Report > Operation Report > Firmware Upgrade Report (Group) ........................... 289
Figure 159 Log & Report > Operation Report > Firmware Upgrade Report (Group) > Show Detail .... 290
Figure 160 Log & Report > Operation Report > Configuration Report (Device) ................................... 291
Figure 161 Log & Report > Operation Report > Configuration Report (Group) .................................... 292
Figure 162 Log & Report > Operation Report > Configuration Report > Show Details ........................ 293
Figure 163 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup
Report (Device) .......................................................................................................... 294
Figure 164 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup
Report (Group) ........................................................................................................... 294
Figure 165 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup
Report (Group) > Show Detail .................................................................................... 296
Figure 166 Log & Report > Operation Report > Configuration File Backup & Restore Report > Restore
Report (Device) .......................................................................................................... 297
Figure 167 Log & Report > Operation Report > Configuration File Backup & Restore Report > Restore
Report (Group) ........................................................................................................... 297
Figure 168 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Backup
Report .........................................................................................................................298
Figure 169 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Restore
Report .........................................................................................................................299
Figure 170 Log & Report > CNM Logs ................................................................................................. 301
Figure 171 Typical Vantage Report Application .................................................................................... 303
Figure 172 Vantage Report and Vantage CNM Architecture ................................................................ 304
Figure 173 Log & Report > VRPT (Vantage Report Main Screen) ....................................................... 305
Figure 174 CNM System Setting > Configuration > Servers > Configuration ....................................... 310
Figure 175 CNM System Setting > Configuration > Servers > Status .................................................. 312
Figure 176 CNM System Setting > Configuration > User Access ........................................................ 313
Figure 177 CNM System Setting > Configuration > Notification ........................................................... 314
Figure 178 CNM System Setting > Configuration > Log Setting ........................................................ 315
Figure 179 CNM System Setting > Configuration > VRPT Management ............................................. 316
Vantage CNM User’s Guide
21
Page 22
Figure 180 CNM System Setting > Configuration > VRPT Management > Add/Edit ........................... 317
Figure 181 CNM System Setting > Configuration > Certificate Management ...................................... 319
Figure 182 CNM System Setting > Configuration > Certificate Management > Create CSR ............... 321
Figure 183 CNM System Setting > Configuration > Certificate Management > Import Certificate ....... 322
Figure 184 CNM System Setting > Maintenance > System ................................................................. 323
Figure 185 CNM System Setting > Maintenance > System > Backup ................................................. 324
Figure 186 CNM System Setting > Maintenance > Device .................................................................. 325
Figure 187 CNM System Setting > Maintenance > Device List Import Conflict ................................... 325
Figure 188 CNM System Setting > Maintenance > Device List Import Successful .............................. 326
Figure 189 CNM System Setting > Device Owner ............................................................................... 327
Figure 190 CNM System setting > Device Owner > Add/Edit .............................................................. 328
Figure 191 CNM System Setting > Upgrade ........................................................................................329
Figure 192 CNM System Setting > License .......................................................................................... 331
Figure 193 CNM System Setting > License > Upgrade ........................................................................ 332
Figure 194 CNM System Setting > About ............................................................................................. 333
Figure 195 Account Management > Group ..........................................................................................337
Figure 196 Account Management > Group > Add ................................................................................ 338
Figure 197 Account Management > Account ....................................................................................... 342
Figure 198 Account Management > Account > Add/Edit ...................................................................... 343
Figure 199 WIndows 95/98/Me: Network: Configuration ...................................................................... 358
Figure 200 Windows 95/98/Me: TCP/IP Properties: IP Address .......................................................... 359
Figure 201 Windows 95/98/Me: TCP/IP Properties: DNS Configuration .............................................. 360
Figure 202 Windows XP: Start Menu .................................................................................................... 361
Figure 203 Windows XP: Control Panel ............................................................................................... 361
Figure 204 Windows XP: Control Panel: Network Connections: Properties ......................................... 362
Figure 205 Windows XP: Local Area Connection Properties ............................................................... 362
Figure 206 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 363
Figure 207 Windows XP: Advanced TCP/IP Properties ....................................................................... 364
Figure 208 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 365
Figure 209 Macintosh OS 8/9: Apple Menu .......................................................................................... 366
Figure 210 Macintosh OS 8/9: TCP/IP ................................................................................................. 366
Figure 211 Macintosh OS X: Apple Menu ............................................................................................ 367
Figure 212 Macintosh OS X: Network .................................................................................................. 368
Figure 213 Red Hat 9.0: KDE: Network Configuration: Devices .......................................................... 369
Figure 214 Red Hat 9.0: KDE: Ethernet Device: General .................................................................. 369
Figure 215 Red Hat 9.0: KDE: Network Configuration: DNS ................................................................ 370
Figure 216 Red Hat 9.0: KDE: Network Configuration: Activate ........................................................ 370
Figure 217 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 ............................................... 371
Figure 218 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 ................................................... 371
Figure 219 Red Hat 9.0: DNS Settings in resolv.conf ........................................................................ 371
Figure 220 Red Hat 9.0: Restart Ethernet Card ................................................................................. 371
Figure 221 Red Hat 9.0: Checking TCP/IP Properties ....................................................................... 372
Figure 222 Pop-up Blocker ................................................................................................................... 373
22
Vantage CNM User’s Guide
Page 23
Figure 223 Internet Options: Privacy .................................................................................................... 374
Figure 224 Internet Options: Privacy .................................................................................................... 375
Figure 225 Pop-up Blocker Settings ..................................................................................................... 375
Figure 226 Internet Options: Security ................................................................................................... 376
Figure 227 Security Settings - Java Scripting ....................................................................................... 377
Figure 228 Security Settings - Java ...................................................................................................... 377
Figure 229 Java (Sun) .......................................................................................................................... 378
Figure 230 Network Number and Host ID ............................................................................................ 380
Figure 231 Subnetting Example: Before Subnetting ............................................................................ 382
Figure 232 Subnetting Example: After Subnetting ............................................................................... 383
Figure 233 IP Address Conflicts: Case A ............................................................................................. 387
Figure 234 IP Address Conflicts: Case B ............................................................................................. 388
Figure 235 IP Address Conflicts: Case C ............................................................................................. 388
Figure 236 IP Address Conflicts: Case D ............................................................................................. 389
Figure 237 Security Certificate ............................................................................................................. 395
Figure 238 Login Screen ...................................................................................................................... 396
Figure 239 Certificate General Information before Import .................................................................... 396
Figure 240 Certificate Import Wizard 1 ................................................................................................. 397
Figure 241 Certificate Import Wizard 2 ................................................................................................. 397
Figure 242 Certificate Import Wizard 3 ................................................................................................. 398
Figure 243 Root Certificate Store ......................................................................................................... 398
Figure 244 Certificate General Information after Import ....................................................................... 399
Vantage CNM User’s Guide
23
Page 24
24
Vantage CNM User’s Guide
Page 25
Table 1 Menu Bar Icon Description ........................................................................................................ 36
Table 2 Title Bar Icon Description .......................................................................................................... 37
Table 3 Device Window: Topology ......................................................................................................... 38
Table 4 Device Window: Icons ............................................................................................................... 38
Table 5 Device Window: Folder Icons ................................................................................................... 38
Table 6 Device Window: Device Icons ................................................................................................... 40
Table 7 Configuration Screen: Device List ............................................................................................. 42
Table 8 Navigation Panel: Menu Summary - Device Operation ............................................................ 46
Table 9 Navigation Panel: Menu Summary - Others ............................................................................. 46
Table 10 Navigation Panel Links ........................................................................................................... 47
Table 11 Device Operation > Device Configuration > General > System .............................................. 55
Table 12 Device Operation > Device Configuration > General > Time Setting ...................................... 56
Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL) ........................... 61
Table 14 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) ....................... 64
Table 15 Device Operation > Device Configuration > Network > LAN > Static DHCP .......................... 65
Table 16 Device Operation > Device Configuration > Network > LAN > IP Alias .................................. 66
Table 17 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) .. 68
Table 18 Device Operation > Device Configuration > Network > WAN > ISP (Ethernet) – ZyNOS ZyWALL
(one WAN port) ............................................................................................................ 70
Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) – ZyNOS ZyWALL
(one WAN port) ............................................................................................................ 73
Table 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS ZyWALL
(one WAN port) ............................................................................................................ 75
Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two
WAN ports) .................................................................................................................. 78
Table 22 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE (ZyNOS
ZyWALL with two WAN ports) ...................................................................................... 81
Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL
with two WAN ports) .................................................................................................... 83
Table 24 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies ........................................................... 86
Table 25 Device Configuration > WAN > 3G(WAN2) ............................................................................. 88
Table 26 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL)
91
Table 27 Device Operation > Device Configuration > Network > WAN > Dial Backup > Advanced (ZyNOS
ZyWALL) ...................................................................................................................... 93
Table 28 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit – ZyNOS
ZyWALL ....................................................................................................................... 95
Table 29 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) ................... 97
Table 30 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) .............. 100
Table 31 Device Operation > Device Configuration > Network > WAN Backup > Advanced (Prestige) 102
Table 32 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card ...... 105
Table 33 Wireless Card: Static WEP ................................................................................................... 108
Table 34 Wireless Card: WPA-PSK ..................................................................................................... 108
Table 35 Wireless Card: WPA ............................................................................................................. 109
Table 36 Wireless Card: 802.1x + Dynamic WEP ............................................................................... 109
Vantage CNM User’s Guide
25
Page 26
Table 37 Wireless Card: 802.1x + Static WEP ......................................................................................110
Table 38 Wireless Card: 802.1x + No WEP ..........................................................................................110
Table 39 Wireless Card: No Access 802.1x + Static WEP ................................................................... 111
Table 40 Wireless Card: No Access 802.1x + No WEP ........................................................................111
Table 41 Device Operation > Device Configuration > Network > Wireless Card > MAC Filter .............112
Table 42 Device Operation > Device Configuration > Security > Firewall > Default Rule ....................116
Table 43 Device Operation > Device Configuration > Security > Firewall > Rule Summary ................118
Table 44 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Add/Edit 121
Table 45 Device Operation > Device Configuration > Security > Firewall > Anti-Probing ................... 123
Table 46 Device Operation > Device Configuration > Security > Firewall > Threshold ....................... 124
Table 47 Device Operation > Device Configuration > Security > Firewall > Service ........................... 125
Table 48 Device Operation > Device Configuration > Security > Firewall > Service > Add/Edit ......... 126
Table 49 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) ................. 128
Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy
Add/Edit ..................................................................................................................... 130
Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy
Add/Edit ..................................................................................................................... 136
Table 52 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy
Move ..........................................................................................................................140
Table 53 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) ........... 141
Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit
143
Table 55 Device Operation > Device Configuration > Security > VPN > Global Setting ..................... 145
Table 56 Device Operation > Device Configuration > Security > Anti-Virus > General ....................... 147
Table 57 Device Operation > Device Configuration > Security > Anti-Spam > General ...................... 149
Table 58 Device Operation > Device Configuration > Security > Anti-Spam > External DB ................ 152
Table 59 Device Operation > Device Configuration > Security > Anti-Spam > Lists ............................ 153
Table 60 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/Edit .......... 155
Table 61 Device Operation > Device Configuration > Security > IDP > General ................................. 157
Table 62 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types ..... 159
Table 63 Device Operation > Device Configuration > Security > IDP > Signature > Intrusion Severity 160
Table 64 Device Operation > Device Configuration > Security > IDP > Signature > Actions .............. 161
Table 65 Device Operation > Device Configuration > Security > IDP > Signature .............................. 162
Table 66 Device Operation > Device Configuration > Security > IDP > Signature (Query View) ........ 163
Table 67 Device Operation > Device Configuration > Security > IDP > Anomaly ............................... 166
Table 68 Device Operation > Device Configuration > Security > Signature Update ............................ 168
Table 69 Device Operation > Device Configuration > Security > Content Filter > General ................. 170
Table 70 Device Operation > Device Configuration > Security > Content Filter > Policy .................... 173
Table 71 Device Operation > Device Configuration > Security > Content Filter > Policy > Add/General ..
174
Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database
176
Table 73 Device Operation > Device Configuration > Security > Content Filter > Policy > Customization
184
26
Vantage CNM User’s Guide
Page 27
Table 74 Device Operation > Device Configuration > Security > Content Filter > Policy > Schedule . 185
Table 75 Device Operation > Device Configuration > Security > Content Filter > Object ................... 187
Table 76 Device Operation > Device Configuration > Security > Content Filter > Cache ................... 188
Table 77 Device Operation > Device Configuration > Security > X Auth > Local User ....................... 189
Table 78 Device Operation > Device Configuration > Security > X Auth > RADIUS ........................... 190
Table 79 Device Operation > Device Configuration > Advanced > NAT > NAT Overview ................... 194
Table 80 Device Operation > Device Configuration > Advanced > NAT > Port Fowarding ................. 196
Table 81 Device Operation > Device Configuration > Advanced > NAT > Address Mapping .............. 197
Table 82 Device Operation > Device Configuration > Advanced > NAT > Address Mapping > Edit ... 198
Table 83 Device Operation > Device Configuration > Advanced > NAT > Trigger Port ....................... 199
Table 84 Device Operation > Device Configuration > Advanced > NAT > Trigger Port > Edit ............ 200
Table 85 Device Operation > Device Configuration > Advanced > Static Route ................................. 202
Table 86 Device Operation > Device Configuration > Advanced > Static Route > Edit ....................... 202
Table 87 Device Operation > Device Configuration > Advanced > DNS > Address Record ............... 204
Table 88 Device Operation > Device Configuration > Advanced > DNS > Address Record > Add/Edit 204
Table 89 Device Operation > Device Configuration > Advanced > DNS > Name Server Record ....... 205
Table 90 Device Operation > Device Configuration > Advanced > DNS > Name Server Record > Add/Edit
206
Table 91 Device Operation > Device Configuration > Advanced > DNS > Cache .............................. 207
Table 92 Device Operation > Device Configuration > Advanced > DNS > DDNS ............................... 208
Table 93 Device Operation > Device Configuration > Advanced > DNS > DHCP ............................... 210
Table 94 Device Operation > Device Configuration > Advanced > Remote Management .................. 212
Table 95 Device Operation > Device Configuration > Device Log ....................................................... 219
Table 96 Device Operation > Configuration Management > Synchronization ..................................... 222
Table 97 Device Operation > Configuration Management > Synchronization (Folder) ....................... 223
Table 98 Device Operation > Configuration Management > Configuration File > Backup & Restore (Device)
224
Table 99 Device Operation > Configuration Management > Configuration File Management > Backup &
Restore > Backup (Device) ........................................................................................ 226
Table 100 Device Operation > Configuration Management > Configuration File Management > Backup &
Restore (Folder) ........................................................................................................ 227
Table 101 Device Operation > Configuration Management > Configuration File Management > Backup
(Folder) ......................................................................................................................228
Table 102 Device Operation > Configuration Management > Configuration File Management > Restore
(Folder) ......................................................................................................................229
Table 103 Device Operation > Configuration Management > Configuration File Management > Schedule
List (Device) ............................................................................................................... 230
Table 104 Device Operation > Configuration Management > Configuration File Management > Schedule
List (Folder) ............................................................................................................... 231
Table 105 Device Operation > Configuration Management > Configuration File Management > Schedule
List (Folder) ............................................................................................................... 232
Table 106 Device Operation > Configuration Management > Signature Profile Management > Backup &
Restore ...................................................................................................................... 234
Table 107 Device Operation > Configuration Management > Signature Profile Management > Backup &
Restore > Backup (Device) ........................................................................................ 235
Vantage CNM User’s Guide
27
Page 28
Table 108 Device Operation > Configuration Management > Signature Profile Management > Backup &
Restore > Restore (Folder) ........................................................................................ 236
Table 109 Device Operation > Configuration Management > Signature Profile Management > Reset to
Factory .......................................................................................................................237
Table 110 Device Operation > Configuration Management > Building Block > Configuration BB ....... 238
Table 111 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit/
Save As ..................................................................................................................... 239
Table 112 Device Operation > Configuration Management > Building Block > Component BB .......... 241
Table 113 Device Operation > Configuration Management > Building Block > Component BB > Add/Edit/
Save as ...................................................................................................................... 242
Table 114 Device Operation > Firmware Management > Firmware List .............................................. 243
Table 115 Device Operation > Firmware Management > Scheduler List ............................................ 245
Table 116 Device Operation > Firmware Management > Firmware Upgrade (Device) ....................... 247
Table 117 Device Operation > Firmware Management > Firmware Upgrade (Device) > Upgrade ..... 248
Table 118 Device Operation > License Management > Service Activation > Registration .................. 250
Table 119 Device Operation > License Management > Service Activation > Service ......................... 251
Table 120 Device Operation > License Management > License Status .............................................. 252
Table 121 Device Operation > License Management > License Status > Activate/Upgrade ............... 253
Table 122 Device Operation > License Management > Signature Status ........................................... 254
Table 123 VPN Management > VPN Community ................................................................................ 257
Table 124 VPN Management > VPN Community > Add/Edit .............................................................. 260
Table 125 VPN Management > Installation Report .............................................................................. 263
Table 126 VPN Management > Installation Report .............................................................................. 264
Table 127 VPN Management > VPN Monitor > By Community ........................................................... 265
Table 128 VPN Management > VPN Monitor > By Community > Show Detail ................................... 266
Table 129 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic > Logs ... 268
Table 130 VPN Management > VPN Monitor > By Device > VPN Tunnel Status ............................... 269
Table 131 VPN Management > VPN Monitor > By Device > VPN Tunnel Status > Search Special Tunnel
270
Table 132 VPN Management > VPN Monitor > By Device > SA Monitor ............................................ 271
Table 133 Monitor > Device Status ...................................................................................................... 275
Table 134 Monitor > Device Status > 3G Card .................................................................................... 277
Table 135 Monitor > Device HA Status ................................................................................................ 281
Table 136 Alarm Severity ..................................................................................................................... 283
Table 137 Monitor > Device Alarm > Unresolved Alarm ...................................................................... 284
Table 138 Monitor > Device Alarm > Responded Alarm ...................................................................... 285
Table 139 Log & Report > Operation Report > Firmware Upgrade Report ......................................... 290
Table 140 Log & Report > Operation Report > Firmware Upgrade Report (Group) > Show Detail ..... 291
Table 141 Log & Report > Operation Report > Configuration Report .................................................. 292
Table 142 Log & Report > Operation Report > Configuration Report > Show Details ......................... 293
Table 143 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup
Report ........................................................................................................................295
Table 144 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup
Report (Group) > Show Detail ................................................................................... 296
28
Vantage CNM User’s Guide
Page 29
Table 145 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup
Report ........................................................................................................................297
Table 146 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Backup Report
298
Table 147 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Restore
Report ........................................................................................................................299
Table 148 LOG & Report > CNM Logs ............................................................................................... 302
Table 149 CNM System Setting > Configuration > Servers > Configuration ....................................... 310
Table 150 CNM System Setting > Configuration > Servers > Status ................................................... 312
Table 151 CNM System Setting > Configuration > User Access ......................................................... 313
Table 152 CNM System Setting > Configuration > Notification ........................................................... 314
Table 153 CNM System Setting > Configuration > Log Setting ........................................................... 316
Table 154 CNM System Setting > Configuration > VRPT Management ............................................. 316
Table 155 CNM System Setting > Configuration > VRPT Management > Add/Edit ............................ 317
Table 156 CNM System Setting > Configuration > Certificate Management ....................................... 320
Table 157 Cnm system Setting > Configuration > Certificate Management > Create CSR ................. 321
Table 158 CNM System Setting > Configuration > Certificate Management > Import Certificate ....... 322
Table 159 CNM System Setting > Maintenance > System .................................................................. 323
Table 160 CNM System Setting > Maintenance > Device ................................................................... 325
Table 161 CNM System Setting > Device Owner ................................................................................ 327
Table 162 CNM System Setting > Device Owner > Add/Edit .............................................................. 328
Table 163 CNM System Setting > License .......................................................................................... 331
Table 164 Account Management > Group ........................................................................................... 338
Table 165 Account Management > Group > Add ................................................................................ 339
Table 166 Account Management > Account ........................................................................................342
Table 167 Account Management > Account > Add/Edit ...................................................................... 343
Table 168 Firmware Specifications ...................................................................................................... 353
Table 169 Feature Specifications ......................................................................................................... 354
Table 170 ZyXEL Device and the Corresponding Firmware Version Vantage CNM Supports ............ 354
Table 171 Trusted CAs (Keystore type: jks, Keystore provider: SUN) ................................................. 354
Table 172 Port Number Specifications ................................................................................................. 356
Table 173 System Notifications Specifications .................................................................................... 356
Table 174 Feature Specifications ......................................................................................................... 356
Table 175 Default Access .................................................................................................................... 356
Table 176 IP Address Network Number and Host ID Example ........................................................... 380
Table 177 Subnet Masks ..................................................................................................................... 381
Table 178 Maximum Host Numbers .................................................................................................... 381
Table 179 Alternative Subnet Mask Notation ....................................................................................... 381
Table 180 Subnet 1 .............................................................................................................................. 383
Table 181 Subnet 2 .............................................................................................................................. 384
Table 182 Subnet 3 .............................................................................................................................. 384
Table 183 Subnet 4 .............................................................................................................................. 384
Table 184 Eight Subnets ...................................................................................................................... 384
Table 185 24-bit Network Number Subnet Planning ............................................................................ 385
Vantage CNM User’s Guide
29
Page 30
Table 186 16-bit Network Number Subnet Planning ............................................................................ 385
Table 187 Commonly Used Services ................................................................................................... 391
30
Vantage CNM User’s Guide
Page 31
CHAPTER 1
Introducing Vantage CNM
This chapter introduces the main applications and features of Vantage CNM. It also introduces
the ways you can manage Vantage CNM.
1.1 Overview
Vantage Centralized Network Management (“Vantage CNM”) helps network administrators
monitor and manage a distributed network of ZyXEL network devices. A typical application is
shown in the following example.
Figure 1 Vantage CNM Application
C
A
In this example, you use the Vantage CNM web configurator (A) to access the Vantage CNM
server (B). The Vantage CNM server is connected to the devices (C), and you can
• Monitor all the devices in the network and receive alarms in one place
• Create building blocks to configure one or more devices
• Set up other administrators who are allowed to perform specific functions for specific
devices
You can also manage configuration files, upload firmware, and activate subscription services,
such as Intrusion Detection and Protection (IDP) and content filtering, on one or more devices.
See Appendix A on page 353 for a complete list of features and supported devices.
B
Vantage CNM User’s Guide
31
Page 32
Chapter 1 Introducing Vantage CNM
1.2 Ways to Manage Vantage CNM
Use the web configurator to access and manage Vantage CNM. See the Quick Start Guide for
instructions to access the web configurator and this User’s Guide for more information about
the screens.
1.3 Suggestions for Using Vantage CNM
Do the following things regularly to make Vantage CNM more secure and to manage Vantage
CNM more effectively.
•Change the root password. Use a password that’s not easy to guess and that consists of
different types of characters, such as numbers and letters.
• Write down the root password and put it in a safe place. If you forget the root password,
contact your local vendor.
• Back up the configuration (and make sure you know how to restore it). Restoring an
earlier working configuration may be useful or necessary if the system becomes unstable
or even crashes. If you have to re-install Vantage CNM, you could simply restore your last
configuration afterwards.
32
Vantage CNM User’s Guide
Page 33
PART I
Introduction
Introducing Vantage CNM (31)
GUI Introduction (35)
33
Page 34
34
Page 35
CHAPTER 2
1
GUI Introduction
See the Quick Start Guide for instructions about installing, setting up, and accessing Vantage
CNM. This chapter introduces the Vantage CNM main screen.
Figure 2 Main Screen
2
The main screen consists of three main parts and are numbered in the sequence you typically
follow to configure a device.
1 Menu bar: Displays main menu links that you use to access related submenus in the
navigation panel (4) or to manage the Vantage CNM
2 Title bar: Displays login user name, dashboard and message center buttons.
3 Device window: Displays the devices that are managed by the Vantage CNM. You can
also configure and view the logical groupings of the managed devices. This is also
known as OTV (Object Tree View).
4 Navigation panel: Displays the navigation links that you use to access configuration,
log or status screens.
5 Configuration window: Displays the configuration screens that you set for Vantage
CNM or a selected device.
Vantage CNM User’s Guide
3
4
5
35
Page 36
Chapter 2 GUI Introduction
" For security reasons, Vantage CNM automatically times out after fifteen minutes
of inactivity. Log in again if this happens.
Each part is discussed in more detail in the following sections.
2.1 Menu Bar
The following table describes the icons in the menu bar.
Table 1 Menu Bar Icon Description
ICON DESCRIPTION
Click this icon to display the navigation links to screens that allow you to configure,
manage firmware or license for a selected device.
Click this icon to display the navigation links to screens that allow you to manage VPN
tunnels among ZyWALL devices and provide diagnostics for fail tunnels.
Click this icon to display the navigation links to screens that allow you to check device
status, ZLD ZyWALL Device HA status and device alarm.
Click this icon to display the navigation links to screens that allow you to view device
operation reports, CNM logs and device associated Vanatage reports on Vantage
Report server.
Click this icon to display the navigation links to screens that allow you to configure/
backup/restore the Vantage CNM system settings, upgrade Vantage CNM software
version and license and view the current software informatoin.
Click this icon to display the navigation links to screens that allow you to manage
system group and account.
Click this icon to open the help page for the current screen in Vantage CNM.
Click this icon to open a screen that displays the version of Vantage CNM.
Click this icon to log out of Vantage CNM.
" When you click a menu icon, an introduction for the menu and its
corresponding navigation panel menus appear in the configuration window.
See Table 8 on page 46.
36
Vantage CNM User’s Guide
Page 37
2.2 Title Bar
The following table describes the icons in the title bar.
Table 2 Title Bar Icon Description
ICON DESCRIPTION
This icon displays with a hi to the current login user.
Click this icon to display the dashboard in the configuration window.
Click this icon to open a window to display real-time Vantage CNM system logs.
2.3 Device Window
Use the device window to view the logical network topology, search for a device, view general
device status or select which device(s) you want to edit configuration settings.
Chapter 2 GUI Introduction
2.3.1 Topology
You can view the logical network topology in the Topology screen in the device window. You
can also create, delete or rename a device or a folder in the Topolo gy screen.
In the Topology screen, you can only view the folder(s) or device(s) for your login account
group. You cannot view the folders created by another user group.
Figure 3 Device Window: Topology
Vantage CNM User’s Guide
37
Page 38
Chapter 2 GUI Introduction
The following table describes the labels in the Device window.
Table 3 Device Window: Topology
LABEL DESCRIPTION
Topology Click Topology to display device groups in a tree structure.
Search Click Search to look for device(s).
There are a couple icons in the device window that perform additional functions related to
views.
Table 4 Device Window: Icons
Icon Description
2.3.1.1 Folders
Folders are represented by the following icons in the device window.
Table 5 Device Window: Folder Icons
Icon Status Description
Click this icon to set how often the OTV tree refreshes.
Click this icon to refresh the OTV tree.
On-Closed This is a closed folder, which contains online devices.
On-Open This is a opened folder, which contains online devices.
Off-Closed This is a closed folder, which contains one or some offline
Off-Open This is a opened folder, which contains one or some offline
On_Alarm-Closed This is a closed folder, which contains some online devices with
On_Alarm-Open This is a opened folder, which contains some online devices
Off_Alarm-Closed This is a closed folder, which contains one or some offline
Off_Alarm-Open This is a opened folder, which contains one or some offline
On_Pending-Closed This is a closed folder, which contains some online devices with
On_Pending-Open This is a opened folder, which contains some online devices
Off_Pending-Closed This is a closed folder, which contains one or some offline
Off_Pending-Open This is a opened folder, which contains one or some offline
On_Alarm_Pending-Closed This is a closed folder, which contains some online devices with
On_Alarm_Pending-Open This is a opened folder, which contains some online devices
devices.
devices.
an alarm.
with an alarm.
devices. Some are with an alarm.
devices. Some devices are with an alarm.
pending tasks.
with pending tasks.
devices. Some devices are with pending tasks.
devices. Some devices are with pending tasks.
an alarm and some with pending tasks.
with an alarm and some with pending tasks.
38
Vantage CNM User’s Guide
Page 39
Chapter 2 GUI Introduction
Table 5 Device Window: Folder Icons (continued)
Icon Status Description
Off_ Alarm_Pending-Closed This is a closed folder, which contains one or some offline
devices. Some devices with an alarm while some with pending
tasks.
Off_ Alarm_Pending-Open This is a opened folder, which contains one or some offline
devices. Some devices with an alarm while some with pending
tasks.
You can right-click on a folder to see the following menu items. Some folders do not have
every menu item. Click Settings to configure the Adobe flash player settings. Click About
Adobe Flash Player 9 to connect to Adobe’s website for more information.
Figure 4 Folder Right-Click Options
2.3.1.1.1 Add a Folder
Topology folders allow you to group managed devices logically. You can add or delete
device(s) in a folder. The following steps show you how to create a device group folder in the
Topology screen.
1 In the device window, click Top ology.
2 Right-click on a folder and click Add Folder.
Figure 5 Device Window: Topology: Right Click to Add a Folder
3 The screen displays in the configuration window as shown. Enter a descriptive name
(Specify a unique, up to 64 alphanumerical characters including 0-9, a-z, A-Z, _, -) in the
Folder Name field) and/or a description for the folder. Click Apply.
Figure 6 Device Window: Topology: Add Folder
Vantage CNM User’s Guide
39
Page 40
Chapter 2 GUI Introduction
4 A new folder icon displays.
2.3.1.1.2 Delete a Folder
Deleting a folder also deletes all the associated device(s).
Follow the steps below to delete a group.
1 In the device window, click Top ology.
2 Right-click on a folder and click Delete Folder.
3 A warning screen displays.
Click OK to delete.
Click Cancel to close this screen without deleting the selected folder.
Figure 7 Device Window: Topology: Delete Folder Warning
2.3.1.1.3 Edit a Folder
When you edit a folder, you can rename the folder or modify its description..
1 In the device window, click Top ology.
2 Right-click on the folder you want to edit and click Edit Folder.
3 The screen displays in the configuration window as shown. Rename it and/or modify its
Figure 8 Device Window: Topology: Edit Folder
2.3.1.2 Devices
A device appears in the device window if it is registered (Section 3.3 on page 58) and mapped
to a folder (Section 2.3.1.2.3 on page 44) in the Vantage CNM.
Devices are represented by the following icons in the device window.
Table 6 Device Window: Device Icons
Icon Description
description and click Apply.
40
On This is a device turned on.
Off This is a device turned off.
Vantage CNM User’s Guide
Page 41
Chapter 2 GUI Introduction
Table 6 Device Window: Device Icons (continued)
Icon Description
Not Yet Acquired This is a device never registered itself to Vantage CNM since it is
added in the device window.
On_Alarm This is a device turned on with an alarm.
Off_Alarm This is a device turned off with an alarm.
On_Pending This is a device turned on with pending tasks.
Off_Pending This is a device turned off with pending tasks.
On_Alarm_Pending This is a device turned on with an alarm and pending tasks.
Off_Alarm_Pending This is a device turned off with an alarm and pending tasks.
You can right-click on a device to see the following menu. Some menu items are not available
for every device. Click Settings to configure Adobe flash player settings. Click About Adobe
Flash Player 9 to connect to Adobe’s website for more information.
Figure 9 Device Right-Click Options
2.3.1.2.1 Add/Edit a Device
The following steps show you how to create a device in the To po log y screen.
1 In the device window, click Top ology.
2 Right-click on a folder and click Add Device or right-click on a device and click Edit
Device.
Figure 10 Device Window: Topology: Right Click to Add/Edit a Device
or
3 The screen displays in the configuration window as shown.
Vantage CNM User’s Guide
41
Page 42
Chapter 2 GUI Introduction
Figure 11 Device Window: Topology: Add/Edit Device (ZyNOS)
Figure 12 Device Window: Topology: Add/Edit Device (ZLD)
42
The following table describes the labels in this screen.
Table 7 Configuration Screen: Device List
LABEL DESCRIPTION
LAN MAC
(Hex)
Device Name Enter a unique name here for the device for identification purposes. The device name
Device Type Select the device type from the pull-down menu. The pull-down menu lists only full
Enter the LAN MAC address of the device (without colons) in this field. Vantage CNM
uses the MAC address to identify the device, so make sure it is entered correctly.
cannot exceed ten characters.
functions supported device types (See table xxx). Select Unknown if you cannot find
your device model from the list.
Vantage CNM User’s Guide
Page 43
Chapter 2 GUI Introduction
Table 7 Configuration Screen: Device List (continued)
LABEL DESCRIPTION
Firmware
Ver si on
This field is only available for a ZyNOS device. Select the firmware version the device
is currently using. The pull-down menu lists only supported firmware versions. Select
Unknown if you don’t know the device’s firmware version or you cannot find your
device’s current firmware version from the list.
Note: Not all ZyXEL devices can work with Vantage CNM. See Quick
Start Guide for the supported device models and firmware
versions.
Synchronize
Type
Encryption
Methods
Encryption
Key
Syslog
Server IP
Device
Owner
Device Login Select HTTPS to use HTTPS connection when login the device’s web configurator from
Device Login
Username
Device Login
Password
Device HA This field is only available for a ZLD device. Select this if you want to monitor the
Device Role Select Master or Backup for this device’s HA role.
Select Get configuration from the device if you want Vantage CNM to pull all current
device configurations into Vantage CNM. The current device configuration "overwrites"
Vantage CNM configurations.
Select Set Vantage CNM configuration to device if you want Vantage CNM to push
all current configurations from Vantage CNM to the device. The current device
configuration is then reset to the configuration settings in Vantage CNM.
This field is only available for a ZyNOS device. The encryption options are DES and
3DES. Choose from None (no encryption), DES or 3DES. The device must be set to
the same encryption mode (and have the same encryption key) as the Vantage CNM
server.
This field is only available for a ZyNOS device. Type an eight-character alphanumeric
(“0” to “9”, “a” to “z” or "A" to "Z") for DES encryption and a 24-character alphanumeric
(“0” to “9”, “a” to “z” or "A" to "Z") for 3DES encryption.
Select the IP address of the device’s Vantage Report server, or, if the IP address is not
in the drop-down box, select User-Define and enter the IP address. Leave the IP
address blank if the device does not use a Vantage Report server. See Section 21.6 on
page 316.
Select the owner’s name of the device. You have to go to CNM System Setting >
Device Owner screen to add device owners first.
Vantage CNM.
Select HTTP to use HTTP connection when login the device’s web configurator from
Vantage CNM.
This field is only available for a ZLD device. Type the administrator’s login name of the
device in this field.
This field is only available for a ZLD device. Type the administrator’s login password of
the device in this field.
device’s device HA status from the Vantage CNM. After you select this, the Device
Role field appears.
Description Enter a description for the ZyXEL device.
Apply Click this to save your changes back to the OTV tree.
Reset Click this to begin configuring this screen afresh.
Vantage CNM User’s Guide
Note: You have to select the correct role matching to the setting on the
device. Otherwise, you cannot see the related information shown
in the Monitor > Device HA status on the Vantage CNM.
Note: You have to add a master device before adding the backup
device in the same HA group.
43
Page 44
Chapter 2 GUI Introduction
4 After clicking Apply and a new device icon displays.
2.3.1.2.2 Delete a Device
Follow the steps below to delete a group.
1 In the device window, click Top ology.
2 Right-click on a device and click Delete Device.
3 A warning screen displays.
Click OK to delete.
Click Cancel to close this screen without deleting the selected device.
Figure 13 Device Window: Topology: Delete Device Warning
2.3.1.2.3 Associate a Device to Another Folder
To un-associate a device from a folder, log into the web configurator as root or a user who
belongs to the "super" group.
1 In the device window, click Top ology.
2 Right-click on a device and click Cut Device.
3 Right-click on a folder you want to move the device to and click Paste Device.
4 The device re-associates to another folder.
The following figure shows you an example to move a device from one folder to another.
Figure 14 Device Window: Topology: Re-associate a Device
2.3.1.2.4 Login a Device
You can log into a device’s web configurator from Vantage CNM web configuration directly.
1 In the device window, click Top ology.
2 Right-click on an on-line device you want to access to and click Login Device.
44
Vantage CNM User’s Guide
Page 45
Figure 15 Device Window: Topology: Delete Device Warning
3 The device’s web configurator appears via a HTTP or HTTPS connection. You can
change the device login setting by editing a device. Refer to Figure 11 on page 42.
2.3.2 Device Search
Use the Search function in the device window to look for device(s).
1 In the device window, click Search.
Figure 16 Device Window: Search
Chapter 2 GUI Introduction
2 Specify the search criteria (such as the device type, device status, etc.) and click Search.
3 Vantage CNM displays the device(s) that match any of the search criteria.
2.4 Navigation Panel and Configuration Window
Use this panel to navigate to and display the screens. These screens are organized into
different menus. You can only expand the submenus from a menu at one time. If you expand
another one, the previous one automatically contracts.
Menus available in the navigation panel vary depending your login account type, whether you
have selected a device or device group and the device model you manage. Following are the
menus you can see under the Device Operation menu for different device models.
" Menus vary depending on the device model you select. See device’s User’s
Guide for the detail configuration description.
Vantage CNM User’s Guide
45
Page 46
Chapter 2 GUI Introduction
Table 8 Navigation Panel: Menu Summary - Device Operation
DEVICE OPERATION
ZYNOS-BASED DEVICE ZLD-BASED DEVICE PRESTIGE
Device Configuration
Load or Save BB
General
System
Tim Setting
Network
LAN
WAN
DMZ
WLAN
Wireless Card
Port Roles
Security
Firewall
VPN
Anti-Virus
Anti-Spam
IDP
Signature Update
Content Filter
X Auth
Advanced
NAT
Static Route
DNS
Remote Management
Device Log
Configuration Management
Synchronization
Configuration File Management
Signature Profile Management
Building Block
Firmware Management
Firewall List
Schedule List
Firmware Upgrade
License Management
Service Activation
License Status
Signature Status
Device Configuration
Network
Interface
Routing
VPN
IPSec VPN
SSL VPN
L2TP VPN
Object
User/Group
Address
Service
Schedule
AAA Server
Auth.method
Certificate
ISP Account
SSL Application
Management
Log Setting
Configuration Management
Synchronization
Configuration File Management
Signature Profile Management
Building Block
Firmware Management
Firewall List
Schedule List
Firmware Upgrade
License Management
Service Activation
License Status
Signature Status
Device Configuration
Load or Save BB
General
System
Time Setting
Network
LAN
WAN
DMZ
Wireless Card
Security
Firewall
VPN
X Auth
Advanced
NAT
DDNS
Device Log
ADSL Monitor
Configuration
Management
Configuration File
Management
Building Block
Firmware Management
Firewall List
Schedule List
Firmware Upgrade
License Management
46
Following are the other menus.
Table 9 Navigation Panel: Menu Summary - Others
VPN MANAGEMENT MONITOR LOG & REPORT
VPN Community
Installation Report
VPN Monitor
By Community
By Device
Device Status
Device HA Status
Device Alarm
Unresolved Alarm
Responded Alarm
Operation Report
Firmware Upgrade Report
Configuration Report
Configuration File Backup &
Restore Report
Signature Profile Backup &
Restore Report
CNM Logs
VRPT
Vantage CNM User’s Guide
Page 47
Chapter 2 GUI Introduction
Table 9 Navigation Panel: Menu Summary - Others
CNM SYSTEM SETTING ACCOUNT MANAGEMENT
Servers
User Access
Notification
Log Setting
VRPT Management
Certificate Management
Maintenance
Device Owner
Upgrade
License
About
Group
Account
The following table describes the links in the navigation panel.
Table 10 Navigation Panel Links
LINK DESCRIPTION
Device Operation
Device
Configuration
Configuration
Management
Firmware
Management
License
Management
VPN Management
VPN Community This link takes you to a screen where you can centrally manage (add/edit/delete)
Installation
Report
VPN Monitor This link takes you to a screen where you can monitor status of tunnels.
Monitor
Device Status This link takes you to a screen where you can monitor device general information
Device HA Status This link takes you to a screen where you can monitor device high availability (HA)
Device Alarm This link takes you to a screen where you can monitor device alarms.
Log & Report
Operation Report This link takes you to a screen where you can see firmware upgrade, device
CNM Logs This link takes you to a screen where you can see all or specified CNM logs via a
This link takes you to a screen where you can configure general device information.
This link takes you to a screen where you can configure synchronization setting
between Vantage CNM and devices, backup/restore device configuration file,
backup/restore anti-virus or IDP signature profiles, or manage building blocks.
This link takes you to a screen where you can manage device firmware files,
upgrade firmware for a on-line device or set a device firmware upgrade schedule.
This link takes you to a screen where you can register a user account and activate
UTM services to myZyXEL.com for the selected device. You also can manage UTM
services license and monitor signature status for the device.
VPN settings between or among managed devices.
This link takes you to a screen where you can check whether the settings of a
configured VPN community are successfully applied to associated devices.
(ex. firmware version, WAN IP address, LAN MAC address, and so on) and current
status.
status for ZLD devices (ex. ZyWALL1050 or ZyWALL USG 300).
cofniguration, configuration backup/restore, and signature profile backup/restore
reports.
query.
Vantage CNM User’s Guide
47
Page 48
Chapter 2 GUI Introduction
Table 10 Navigation Panel Links (continued)
LINK DESCRIPTION
VRPT This function is available if any Vantage Report (VRPT) server is configured on the
CNM System Setting
Configuration This link takes you to a screen where you can configure Vantage CNM settings.
Maintenance This link takes you to a screen where you can backup/restore Vantage CNM
Device Owner This link takes you to a screen where you can manage device owners.
Upgrade This link takes you to a screen where you can see current Vantage CNM software
License This link takes you to a screen where you can activate or upgrade a Vantage CNM
About This link takes you to a screen where you can see Vantage CNM software version,
Account Management
Group This link takes you to a screen where you can define group privilege and manage
Account This link takes you to a screen where you can manage (add/edit/kick out/remove)
selected device. This link takes you to a screen where you can see reports
generated by an associated VRPT server.
settings and device list.
version and perform a software upgrade.
license.
release date, and copyright.
(add/edit/remove) groups.
user accounts.
This section provides some notes about the navigation panel.
• The configuration information appears when you click a menu item from nevigation panel
for a selected device, folder or for Vantage CNM management.
• Menus display may vary depending on which device model you are configuring.
• If the login user does not have permission to use a menu item, it is not displayed.
• The operation on Vantage CNM is:
If you select Device Operation, Log & Report (all except sub-menu VRPT) or
Monitor in the menu bar,
1 click a device or a folder,
2 click a sub-menu in the navigation panel,
3 the corresponding information displays in the configuration window.
If you select VPN Management, Log & Report (sub-menu VRPT), CNM System
Setting or Account Management in the menu bar,
1 click a sub-menu in the navigation panel,
2 the corresponding information displays in the configuration window.
2.5 Security Risk Pop-up Messages in Internet Explorer 7.0
48
The default certificate in Vantage CNM is self-signed, not signed by a trusted CA. As a result,
Internet Explorer 7.0 might give you a pop-up message about the security risk. Follow these
steps to get rid of this pop-up message.
Vantage CNM User’s Guide
Page 49
Chapter 2 GUI Introduction
1 Click CNM System Setting in the menu bar.
2 Click Configuration > Certificate Management in the navigation panel.
3 Click Create CSR. The following screen appears.
Figure 17 CNM System Setting > Configuration > Certificate Management > Create CSR
4 Type the IP address of the Vantage CNM server in the Common Name field. This is the
IP address you use to log in (http://your IP address:8080/vantage). The value localhost
cannot be used in the Common Name field.
5 Enter the rest of the required information, and click Apply. See Section 21.7 on page 318
for more information about these fields.
6 A CSR (Certificate Signing Request) key screen displays. Copy this CSR key and click
Finish. Use this CSR key to get a signed certificate from a trusted CA (certification
authority).
Figure 18 CNM System Setting > Configuration > Certificate Management > Create CSR >
CSR Key
7 The Certificate Management screen appears. Click Import Certificate. The following
screen appears.
Vantage CNM User’s Guide
49
Page 50
Chapter 2 GUI Introduction
Figure 19 CNM System Setting > Configuration > Certificate Management > Import
Certificate
8 Enter the signed certificate file path and click Apply.
9 Restart the Vantage CNM server.
10 Use the IP address and log into the Vantage CNM server.
11 In Internet Explorer 7.0, click View Certificates when the following screen appears.
Figure 20 Pop-up Message in Internet Explorer 7.0
12 Certificate screen appears. Click Install Certificate and follow instruction to install the
new certificate.
50
Vantage CNM User’s Guide
Page 51
PART II
Device Operation
" This menu only appear if you select a device. For ZLD-based device, this
menu appear when the device status is on.
" The menus and screens may vary depending on the device model you select.
See Table 8 on page 46 for the device model and the corresponding firmware
version CNM supports.
Load or Save Building Blocks (BB) (53)
Device General Settings (55)
Device Network Settings (59)
Device Security Settings (115)
Device Advanced Settings (193)
Device Log (217)
Device Configuration Management (221)
Firmware Management (243)
License Management (249)
51
Page 52
52
Page 53
CHAPTER 3
Load or Save Building Blocks
(BB)
" These menus only appear if you select a ZyNOS-based or a prestige device.
3.1 Load or Save BB
Use this menu item to load building blocks to the selected device or to create building blocks
from the current configuration of the selected device. This menu item appears if a device is
selected. See Chapter 34 on page 356 for more information about building blocks. To open this
menu item, select the device, click Device Operation in the menu bar and then click Device
Configuration > Load or Save BB in the navigation panel.
Figure 21 Device Operation > Device Configuration > Load or Save BB
This screen displays the type of the selected device, each type of building block, and a
summary of the information in each type of building block.
Vantage CNM User’s Guide
53
Page 54
Chapter 3 Load or Save Building Blocks (BB)
Click the Load a BB icon to load a building block to the selected device. The following popup screen appears.
Figure 22 Device Operation > Device Configuration > Load or Save BB > Load a BB
Select the building block you want to load to the selected device, and click Apply.
Click the Save as a BB icon to save the current configuration of the selected device as a
building block. The following pop-up screen appears.
Figure 23 Device Operation > Device Configuration > Load or Save BB > Save as a BB
or
Enter the name of the new building block, and click Apply. The name must be 1-32
alphanumeric characters or underscores (_). It cannot include spaces. The name is casesensitive. If you have an existing BB, the Select a BB field appears. You can replace an
existing BB with the current configuration by selecting it from the Select a BB field and click
Apply.
54
Vantage CNM User’s Guide
Page 55
CHAPTER 4
Device General Settings
This section configures device general settings.
4.1 System
Use this screen to set the password, system name, domain name, idle timeout, and DNS
servers for the device. Please see the device’s User’s Guide for more information about any of
these screens or fields. To open this screen, click Device Operation in the menu bar, and click
Device Configuration > General > System in the navigation panel.
Figure 24 Device Operation > Device Configuration > General > System
The following table describes the fields in this screen.
Tabl e 11 Device Operation > Device Configuration > General > System
FIELD DESCRIPTION
Password Enter the password used to access the device.
Confirm Password Re-enter the password used to access the device.
System Name Enter a unique name here for the device for identification purposes. The
Domain Name The Domain Name entry is what is propagated to the DHCP clients on the
Administrator
Inactivity Timer
Vantage CNM User’s Guide
device name cannot exceed 31 characters.
LAN side of the target device. If you leave this blank, the domain name
obtained by the device via DHCP from the ISP is used.
Set how long a management session can remain idle before it expires. After it
expires, you have to log back into the device.
55
Page 56
Chapter 4 Device General Settings
Tabl e 11 Device Operation > Device Configuration > General > System (continued)
FIELD DESCRIPTION
Apply Click this to save your changes to the device.
Reset Click this to begin configuring the screen afresh.
4.2 Time Setting
Use this screen to configure the time settings on the device. To open this screen, click Device
Operation > Device Configuration > General > Time Setting.
Figure 25 Device Operation > Device Configuration > General > Time Setting
The following table describes the fields in this screen.
Table 12 Device Operation > Device Configuration > General > Time Setting
LABEL DESCRIPTION
Time Protocol Select the time service protocol that your timeserver sends when you turn on
Time Server
Address
Time Zone Choose the Time Zone of your location. This will set the time difference between
Daylight Savings Daylight saving is a period from late spring to early fall when many countries set
the device. Not all time servers support all protocols, so you may have to check
with your ISP/network administrator or use trial and error to find a protocol that
works.
The main difference between them is the format.
Daytime (RFC-867) format is day/month/year/time zone of the server.
Time (RFC-868) format displays a 4-byte integer giving the total number of
seconds since 1970/1/1 at 0:0:0.
The default, NTP (RFC-1305), is similar to Time (RFC 868).
Select None to enter the time and date manually.
Enter the IP address or domain name of your timeserver. Check with your ISP/
network administrator if you are unsure of this information (the default is
tick.stdtime.gov.tw).
your time zone and Greenwich Mean Time (GMT).
their clocks ahead of normal local time by one hour to give more daytime light in
the evening.
Select this option if you use Daylight Saving Time.
56
Vantage CNM User’s Guide
Page 57
Chapter 4 Device General Settings
Table 12 Device Operation > Device Configuration > General > Time Setting (continued)
LABEL DESCRIPTION
Start Date Configure the day and time when Daylight Saving Time starts if you selected
Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple
of examples:
Daylight Saving Time starts in most parts of the United States on the first
Sunday of April. Each time zone in the United States starts using Daylight
Saving Time at 2 A.M. local time. So in the United States you would select First,
Sunday, April and type 2 in the o'clock field.
Daylight Saving Time starts in the European Union on the last Sunday of March.
All of the time zones in the European Union start using Daylight Saving Time at
the same moment (1 A.M. GMT or UTC). So in the European Union you would
select Last, Sunday, March. The time you type in the o'clock field depends on
your time zone. In Germany for instance, you would type 2 because Germany's
time zone is one hour ahead of GMT or UTC (GMT+1).
End Date Configure the day and time when Daylight Saving Time ends if you selected
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple
of examples:
Daylight Saving Time ends in the United States on the last Sunday of October.
Each time zone in the United States stops using Daylight Saving Time at 2 A.M.
local time. So in the United States you would select Last, Sunday, October and
type 2 in the o'clock field.
Daylight Saving Time ends in the European Union on the last Sunday of
October. All of the time zones in the European Union stop using Daylight Saving
Time at the same moment (1 A.M. GMT or UTC). So in the European Union you
would select Last, Sunday, October. The time you type in the o'clock field
depends on your time zone. In Germany for instance, you would type 2 because
Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
Vantage CNM User’s Guide
57
Page 58
Chapter 4 Device General Settings
58
Vantage CNM User’s Guide
Page 59
CHAPTER 5
Device Network Settings
The screens explained network settings such as LAN, WAN, wireless card.
The menus and screens may vary for different ZyXEL products. For example, click Device
Configuration > Network Interface for ZLD-based device’s network settings. This
document uses the ZyNOS ZyWALL settings for each screen description. For ZLD-based
settings, please see device’s User’s Guide for the detailed information. An example is shown
next.
Figure 26 Example: Device Operation > Device Configuration > Network > Interface (ZLD)
5.1 LAN (ZyNOS ZyWALL)
" This section refers only to the LAN screen, but the information is applicable for
the LAN, WLAN, and DMZ screens.
Use this screen to configure the DHCP settings, TCP/IP settings, and NetBIOS settings for the
LAN on a ZyNOS ZyWALL. To open this screen, click Device Operation in the menu bar,
and click Device Configuration > Network > LAN > LAN in the navigation panel.
Vantage CNM User’s Guide
59
Page 60
Chapter 5 Device Network Settings
Figure 27 Device Operation > Device Configuration > Network > LAN > LAN (ZyNOS
ZyWALL)
60
Vantage CNM User’s Guide
Page 61
Chapter 5 Device Network Settings
The following table describes the fields in this screen.
Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL)
LABEL DESCRIPTION
DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows
IP Pool Starting
Address
DHCP Server IP Type the IP address of the DHCP server to which you want the device to relay
DHCP WINS
Server 1, 2
Pool Size This field specifies the size, or count of the IP address pool.
First DNS Server
Second DNS
Server
Third DNS Server
TCP/IP
IP Address Type the IP address of the device in dotted decimal notation. 192.168.1.1 is the
IP Subnet Mask The subnet mask specifies the network number portion of an IP address. The
RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to
RIP Version The RIP Version field controls the format and the broadcasting method of the
individual clients (workstations) to obtain TCP/IP configuration at startup from a
server. Unless you are instructed by your ISP, leave this field set to Server. When
configured as a server, the device provides TCP/IP configuration for the clients.
When set as a server, fill in the IP Pool Starting Address and Pool Size fields.
Select Relay to have the device forward DHCP requests to another DHCP
server. When set to Relay, fill in the DHCP Server IP field.
Select None to stop the device from acting as a DHCP server. When you select
None, you must have another DHCP server on your LAN, or else the computers
must be manually configured.
This field specifies the first of the contiguous addresses in the IP address pool.
DHCP requests. Use dotted decimal notation. Alternatively, click the right mouse
button to copy and/or paste the IP address.
Type the IP address of the WINS (Windows Internet Naming Service) server that
you want to send to the DHCP clients. The WINS server keeps a mapping table
of the computer names on your network and the IP addresses that they are
currently using.
These fields are enabled if the DHCP Mode is Server. Specify the DNS servers
that are provided to DHCP clients.
Select From ISP if you want the device to use corresponding DNS server
provided by the ISP.
Select User-Defined and specify the IP address if you want the device to use the
specific DNS server.
Select DNS Relay if you want the device to
factory default.
device automatically calculates the subnet mask based on the IP address that
you assign. Unless you are implementing subnetting, use the subnet mask
computed by the device, which is 255.255.255.0.
exchange routing information with other routers. The RIP Direction field controls
the sending and receiving of RIP packets. Select the RIP direction from Both/In
Only/Out Only/None. When set to Both or Out Only, the device broadcasts its
routing table periodically. When set to Both or In Only, it incorporates the RIP
information that it receives; when set to None, it does not send any RIP packets
and ignores any RIP packets received. Both is the default.
RIP packets that the device sends (it recognizes both formats when receiving).
RIP-1 is universally supported but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the
difference being that RIP-2B uses subnet broadcasting while RIP-2M uses
multicasting. Multicasting can reduce the load on non-router machines since they
generally do not listen to the RIP multicast address and so will not receive the
RIP packets. However, if one router uses multicasting, then all routers on your
network must use multicasting, also. By default, RIP direction is set to Both and
the Version set to RIP-1.
Vantage CNM User’s Guide
61
Page 62
Chapter 5 Device Network Settings
Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL)
LABEL DESCRIPTION
Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol)
is a network-layer protocol used to establish membership in a Multicast group - it
is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement
over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would
like to read more detailed information about inter operability between IGMP
version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Filter (IP/MAC
Binding)
Drop packets that
do not match static
IP or Dynamic IP/
MAC binding
Exempt packets in
this IP address
range.
Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP
or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For
some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it
may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a
computer on the WAN.
Allow between LAN
and WAN1
Allow between LAN
and WAN2
Allow between LAN
and DMZ
Allow between LAN
and WLAN
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
Select this to allow traffic only from devices on the LAN which have received an
IP address from the selected device. This is done by allowing traffic only from
devices on the LAN with specific combinations of IP and MAC addresses. These
IP addresses are dynamically assigned by the the selected device or manually
set using static DHCP.
Click static IP to go to the Device Configuration > Network > LAN > Static
DHCP screen for a list of static IP/MAC address combinations.
Set the selected device to allow packets from the LAN with source IP addresses
within a specified range. This allows packets even when their IP and MAC
addresses do not match those specified in the Device Configuration > Network
> LAN > Static DHCP screen.
Type this range of IP addresses in the From and To fields.
Select this check box to forward NetBIOS packets from the LAN to WAN port
1and from WAN port 1 to the LAN. If your firewall is enabled with the default
policy set to block WAN port 1 to LAN traffic, you also need to enable the default
WAN port 1 to LAN firewall rule that forwards NetBIOS traffic.
Clear this check box to block all NetBIOS packets going from the LAN to WAN
port 1 and from WAN port 1 to the LAN.
Select this check box to forward NetBIOS packets from the LAN to WAN port 2
and from WAN port 2 to the LAN. If your firewall is enabled with the default policy
set to block WAN port 2 to LAN traffic, you also need to enable the default WAN
port 2 to LAN firewall rule that forwards NetBIOS traffic.
Clear this check box to block all NetBIOS packets going from the LAN to WAN
port 2 and from WAN port 2 to the LAN.
Select this check box to forward NetBIOS packets from the LAN to the DMZ and
from the DMZ to the LAN. If your firewall is enabled with the default policy set to
block DMZ to LAN traffic, you also need to enable the default DMZ to LAN
firewall rule that forwards NetBIOS traffic.
Clear this check box to block all NetBIOS packets going from the LAN to the DMZ
and from the DMZ to the LAN.
Select this check box to forward NetBIOS packets from the LAN to the WLAN
and from the WLAN to the LAN.
Clear this check box to block all NetBIOS packets going from the LAN to the
WLAN and from the WLAN to the LAN.
62
Vantage CNM User’s Guide
Page 63
Chapter 5 Device Network Settings
5.2 LAN (Prestige)
" This section refers only to the LAN screen, but the information is applicable for
the LAN, WLAN, and DMZ screens.
Use this screen to configure the DHCP settings, TCP/IP settings, and Any IP settings for the
LAN port on a device. To open this screen, click Device Operation in the menu bar, and click
Device Configuration > Network > LAN > LAN in the navigation panel.
Figure 28 Device Operation > Device Configuration > Network > LAN > LAN (Prestige)
Vantage CNM User’s Guide
63
Page 64
Chapter 5 Device Network Settings
The following table describes the fields in this screen.
Table 14 Device Operation > Device Configuration > Network > LAN > LAN (Prestige)
LABEL DESCRIPTION
DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows
IP Pool Starting
Address
DHCP Server IP If Relay is selected in the DHCP field above, then type the IP address of the
Pool Size This field specifies the size, or count of the IP address pool.
First DNS Server IP
Second DNS
Server IP
TCP/IP
IP Address Type the IP address of the device in dotted decimal notation.
IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Unless
RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to
RIP Version The RIP Version field controls the format and the broadcasting method of the
Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol)
Any IP Setup
individual clients (computers) to obtain TCP/IP configuration at startup from a
server.
Select None if you do not want to configure DNS servers. If you do not configure
a DNS server, you must know the IP address of a machine in order to access it.
When configured as a Server, the device provides TCP/IP configuration for the
clients. When set as a Server, fill in the rest of the DHCP setup fields.
Select Relay to have the device act as a DNS proxy. The device tells the DHCP
clients on the LAN that the device itself is the DNS server. When a computer on
the LAN sends a DNS query to the device, the device forwards the query to the
device’s system DNS server and relays the response back to the computer. You
can select Relay and enter an IP Pool Starting Address. The First DNS Server
IP and Second DNS Server IP will appear as read only fields.
This field specifies the first of the contiguous addresses in the IP address pool.
actual, remote DHCP server here.
The device passes a DNS (Domain Name System) server IP address (in the
order you specify here) to the DHCP clients. Type your First DNS Server IP and
Second DNS Server IP addresses in these fields.
you are implementing subnetting, use the “natural” subnet mask, which is usually
255.255.255.0.
exchange routing information with other routers. The RIP Direction field controls
the sending and receiving of RIP packets. Select the RIP direction from Both/In
Only/Out Only/None. When set to Both or Out Only, the device broadcasts its
routing table periodically. When set to Both or In Only, it incorporates the RIP
information that it receives; when set to None, it does not send any RIP packets
and ignores any RIP packets received. Both is the default.
RIP packets that the device sends (it recognizes both formats when receiving).
RIP-1 is universally supported but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the
difference being that RIP-2B uses subnet broadcasting while RIP-2M uses
multicasting. Multicasting can reduce the load on non-router machines since they
generally do not listen to the RIP multicast address and so will not receive the
RIP packets. However, if one router uses multicasting, then all routers on your
network must use multicasting, also. By default, RIP direction is set to Both and
the Version set to RIP-1.
is a network-layer protocol used to establish membership in a Multicast group - it
is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement
over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would
like to read more detailed information about interpretability between IGMP
version 2 and version 1, please see sections 4 and 5 of RFC 2236.
64
Vantage CNM User’s Guide
Page 65
Chapter 5 Device Network Settings
Table 14 Device Operation > Device Configuration > Network > LAN > LAN (Prestige)
LABEL DESCRIPTION
Active Select this option to activate the Any-IP feature. This allows a computer to
access the Internet without changing the network settings (such as IP address
and subnet mask) of the computer, even when the IP addresses of the computer
and the device are not in the same subnet.
When you disable the Any-IP feature, only computers with dynamic IP addresses
or static IP addresses in the same subnet as the device’s LAN IP address can
connect to the device or access the Internet through the device.
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
5.2.1 Static DHCP
" This section refers only to the LAN screen, but the information is applicable for
the LAN, WLAN, and DMZ screens.
Use this screen to assign IP addresses to specific individual computers on the LAN based on
their MAC addresses. To open this screen, click Device Operation in the menu bar, and click
Device Configuration > Network > LAN > Static DHCP in the navigation panel.
Figure 29 Device Operation > Device Configuration > Network > LAN > Static DHCP
The following table describes the fields in this screen.
Table 15 Device Operation > Device Configuration > Network > LAN > Static DHCP
LABEL DESCRIPTION
Index This is the index number of the Static IP table entry (row).
MAC Address This is the MAC address of a computer on the device’s LAN.
IP Address This is the IP address to be assigned to the device with the MAC address above.
Vantage CNM User’s Guide
65
Page 66
Chapter 5 Device Network Settings
Table 15 Device Operation > Device Configuration > Network > LAN > Static DHCP
(continued)
LABEL DESCRIPTION
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
5.2.2 IP Alias
" This section refers only to the LAN screen, but the information is applicable for
the LAN, WLAN, and DMZ screens.
Use this screen to configure logical interfaces (subnets) via its single physical Ethernet
interface with the device itself being the gateway for each network. You can also configure
firewall rules to control access between the logical networks. To open this screen, click Device
Operation > Device Configuration > Network > LAN > IP Alias.
Figure 30 Device Operation > Device Configuration > Network > LAN > IP Alias
66
The following table describes the fields in this screen.
Table 16 Device Operation > Device Configuration > Network > LAN > IP Alias
LABEL DESCRIPTION
IP Alias 1,2 Select the check box to configure another network for the device.
IP Address Enter the IP address of the device in dotted decimal notation.
Vantage CNM User’s Guide
Page 67
Chapter 5 Device Network Settings
Table 16 Device Operation > Device Configuration > Network > LAN > IP Alias (continued)
LABEL DESCRIPTION
IP Subnet Mask The device automatically calculates the subnet mask based how many aliases
you select. See also the appendices for more information on IP subnetting.
RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to
exchange routing information with other routers. The RIP Direction field controls
the sending and receiving of RIP packets. Select the RIP direction from Both/In
Only/Out Only/None. When set to Both or Out Only, the device broadcasts its
routing table periodically. When set to Both or In Only, it incorporates the RIP
information that it receives; when set to None, it does not send any RIP packets
and ignores any RIP packets received.
RIP Version The RIP Version field controls the format and the broadcasting method of the
RIP packets that the device sends (it recognizes both formats when receiving).
RIP-1 is universally supported but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the
difference being that RIP-2B uses subnet broadcasting while RIP-2M uses
multicasting. Multicasting can reduce the load on non-router machines since
they generally do not listen to the RIP multicast address and so will not receive
the RIP packets. However, if one router uses multicasting, then all routers on
your network must use multicasting, also. By default, RIP direction is set to Both
and the Version set to RIP-1.
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
5.3 WAN General (ZyNOS ZyWALL)
This section gives configuration information on the fields displayed in this screen. To open
this screen, click Device Operation in the menu bar, and click Device Configuration >
Network > WAN > General in the navigation panel.
" Be careful when configuring a device’s WAN as an incorrect configuration
could result in the device being inaccessible from Vantage CNM (or by the web
configurator from the WAN) and may necessitate a site visit to correct.
Vantage CNM User’s Guide
67
Page 68
Chapter 5 Device Network Settings
Figure 31 Device Operation > Device Configuration > Network > WAN > General (ZyNOS
ZyWALL)
68
The following table describes the fields in this screen.
Table 17 Device Operation > Device Configuration > Network > WAN > General (ZyNOS
ZyWALL)
LABEL DESCRIPTION
WAN Priority
WAN2 Priority
Traffic Redirect
Dial Backup
Active Select this check box to have the device use traffic redirect if the normal WAN
Backup
Gateway IP
Address
The default WAN connection is "1' as your broadband connection via the WAN port
should always be your preferred method of accessing the WAN. The default priority
of the routes is WAN , Traffic Redirect and then Dial Backup (dial backup does not
apply to all device models):
You have two choices for an auxiliary connection in the event that your regular WAN
connection goes down. If Dial Backup is preferred to Traffic Redirect, then type
"14" in the Dial Backup Priority (metric) field (and leave the Traffic Redirect
Priority (metric) at the default of "15").
connection goes down.
Type the IP address of your backup gateway in dotted decimal notation. The device
automatically forwards traffic to this IP address if the device's Internet connection
terminates.
Vantage CNM User’s Guide
Page 69
Chapter 5 Device Network Settings
Table 17 Device Operation > Device Configuration > Network > WAN > General (ZyNOS
ZyWALL) (continued)
LABEL DESCRIPTION
Fail Tolerance Type the number of times the device may attempt and fail to connect to the Internet
before traffic is forwarded to the backup gateway.
Period (sec) Type the number of seconds for the device to wait between checks to see if it can
connect to the WAN IP address (Check WAN IP Address field) or default gateway.
Allow more time if your destination IP address handles lots of traffic.
Timeout (sec) Type the number of seconds for the device to wait for a ping response from the IP
Windows
Networking
(NetBIOS over
TCP/IP):
Allow between
WAN1 and LAN
Allow between
WAN1 and
DMZ
Allow between
WAN1 and
WLAN
Allow between
WAN2 and LAN
Allow between
WAN2 and
DMZ
Allow between
WAN2 and
WLAN
Allow Trigger
Dial
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
Address in the Check WAN IP Address field before it times out. The WAN
connection is considered "down" after the device times out the number of times
specified in the Fail Tolerance field. Use a higher value in this field if your network is
busy or congested.
NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that enable
a computer to connect to and communicate with a LAN. For some dial-up services
such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Select this check box to forward NetBIOS packets from the WAN1 port to the LAN
port and from the LAN port to WAN1. If your firewall is enabled with the default
policy set to block WAN port 1 to LAN traffic, you also need to enable the default
WAN1 to LAN firewall rule that forwards NetBIOS traffic.
Clear this check box to block all NetBIOS packets going from the WAN1 port to the
LAN port and from LAN port to WAN1.
Select this check box to forward NetBIOS packets from the WAN1 port to the DMZ
port and from the DMZ port to WAN1.
Clear this check box to block all NetBIOS packets going from the WAN1 port to the
DMZ port and from DMZ port to WAN1.
Select this check box to forward NetBIOS packets from the WAN1 port to the WLAN
port and from the WLAN port to WAN1.
Clear this check box to block all NetBIOS packets going from the WAN1 port to the
WLAN port and from WLAN port to WAN1.
Select this check box to forward NetBIOS packets from the WAN2 port to the LAN
port and from the LAN port to WAN2. If your firewall is enabled with the default
policy set to block WAN port 2 to LAN traffic, you also need to enable the default
WAN2 to LAN firewall rule that forwards NetBIOS traffic.
Clear this check box to block all NetBIOS packets going from the WAN2 port to the
LAN port and from LAN port to WAN2.
Select this check box to forward NetBIOS packets from the WAN2 port to the DMZ
port and from the DMZ port to WAN2.
Clear this check box to block all NetBIOS packets going from the WAN2 port to the
DMZ port and from DMZ port to WAN2.
Select this check box to forward NetBIOS packets from the WAN2 port to the WLAN
port and from the WLAN port to WAN2.
Clear this check box to block all NetBIOS packets going from the WAN2 port to the
WLAN port and from WLAN port to WAN2.
Select this option to allow NetBIOS packets to initiate calls.
5.3.1 WAN1 (ZyNOS ZyWALL with one WAN port)
The screen differs by the encapsulation type chosen.
Vantage CNM User’s Guide
69
Page 70
Chapter 5 Device Network Settings
Figure 32 Device Operation > Device Configuration > Network > WAN > WAN1 (ZyNOS
ZyWALL with one WAN port)
5.3.1.1 Ethernet Encapsulation
The following table describes the labels in the Ethernet encapsulation screen.
Table 18 Device Operation > Device Configuration > Network > WAN > ISP (Ethernet) –
ZyNOS ZyWALL (one WAN port)
LABEL DESCRIPTION
Encapsulation You must choose the Ethernet option when the WAN port is used as a regular
Service Type Choose from Standard, Telst ra (RoadRunner Telstra authentication method),
WAN:IP
WAN IP Address
Assignment
My WAN IP
Address
My WAN IP Subnet
Mask
Gateway IP
Address
Ethernet.
RR-Manager (Roadrunner Manager authentication method), RR-Toshiba
(Roadrunner Toshiba authentication method) or Telia Login.
The following fields do not appear with the Standard service type.
Select Get automatically from ISP If your ISP did not assign you a fixed IP
address. This is the default selection.
Select Use fixed IP address If the ISP assigned a fixed IP address.
Enter your WAN IP address in this field if you selected Use Fixed IP Address.
Enter the IP subnet mask (if your ISP gave you one) in this field if you selected
Use Fixed IP Address.
Enter the gateway or remote IP address (if your ISP gave you one) in this field if
you selected Use Fixed IP Address.
70
Vantage CNM User’s Guide
Page 71
Chapter 5 Device Network Settings
Table 18 Device Operation > Device Configuration > Network > WAN > ISP (Ethernet) –
ZyNOS ZyWALL (one WAN port) (continued)
LABEL DESCRIPTION
Advanced Setup
RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing
RIP Version The RIP Version field controls the format and the broadcasting method of the
Multicast Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Multicast
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
information with other routers. The RIP Direction field controls the sending and
receiving of RIP packets.
Choose Both, None, In Only or Out Only.
When set to Both or Out Only, the device will broadcast its routing table
periodically.
When set to Both or In Only, the device will incorporate RIP information that it
receives.
When set to None, the device will not send any RIP packets and will ignore any
RIP packets received.
By default, RIP Direction is set to Both.
RIP packets that the device sends (it recognizes both formats when receiving).
Choose RIP-1, RIP-2B or RIP-2M.
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the
difference being that RIP-2B uses subnet broadcasting while RIP-2M uses
multicasting. Multicasting can reduce the load on non-router machines since
they generally do not listen to the RIP multicast address and so will not receive
the RIP packets. However, if one router uses multicasting, then all routers on
your network must use multicasting, also. By default, the RIP Version field is set
to RIP-1.
Protocol) is a network-layer protocol used to establish membership in a Multicast
group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an
improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If
you would like to read more detailed information about inter operability between
IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
5.3.1.2 PPPoE Encapsulation
The device supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft
standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband
modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection
using PPPoE.
For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for example Radius). PPPoE provides a login and
authentication method that the existing Microsoft Dial-Up Networking software can activate,
and therefore requires no new learning or procedures for Windows users.
One of the benefits of PPPoE is the ability to let you access one of multiple network services,
a function known as dynamic service selection. This enables the service provider to easily
create and offer new IP services for individuals.
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires
no specific configuration of the broadband modem at the customer site.
Vantage CNM User’s Guide
71
Page 72
Chapter 5 Device Network Settings
By implementing PPPoE directly on the device (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the device does that part of
the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Select PPP Over Ethernet from the Encapsulation field. A warning message appears. Click
OK.
Figure 33 Warning Message When Select PPPoE
Figure 34 Device Operation > Device Configuration > Network > WAN > WAN1-PPPoE
(ZyNOS ZyWALL with one WAN port)
72
Vantage CNM User’s Guide
Page 73
Chapter 5 Device Network Settings
The following table describes the labels in the PPPoE screen.
Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) –
ZyNOS ZyWALL (one WAN port)
LABEL DESCRIPTION
WAN:ISP
Encapsulation The PPPoE choice is for a dial-up connection using PPPoE. The router supports
PPP Over
Ethernet
Service Name Type the PPPoE service name provided to you. PPPoE uses a service name to
User Name Type the user name given to you by your ISP.
Password Type the password associated with the User Name above.
Retype to
confirm
Password
Nailed-Up
Connection
Idle Timeout This value specifies the time in seconds that elapses before the router
Authentication
Type
WAN:IP
WAN IP
Address
Assignment
My WAN IP
Address
Private This parameter determines if the device will include the route to this remote node in
Advanced Setup
PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard
(RFC 2516) specifying how a personal computer (PC) interacts with a broadband
modem (for example, xDSL, cable, wireless, etc.) connection. Operationally,
PPPoE saves significant effort for both the end user and ISP/carrier, as it requires
no specific configuration of the broadband modem at the customer site. By
implementing PPPoE directly on the router rather than individual computers, the
computers on the LAN do not need PPPoE software installed, since the router does
that part of the task. Further, with NAT, all of the LAN's computers will have access.
identify and reach the PPPoE server.
Type your password again to make sure that you have entered it correctly.
Select Nailed-Up Connection if you do not want the connection to time out.
automatically disconnects from the PPPoE server.
Use the drop-down list box to select an authentication protocol for outgoing calls.
Options are:
CHAP/PAP - Your Vantage CNM accepts either CHAP or PAP when requested by
this remote node.
CHAP - Your Vantage CNM accepts CHAP only.
PAP - Your Vantage CNM accepts PAP only.
Select Get automatically from ISP If your ISP did not assign you a fixed IP
address. This is the default selection.
Select Use fixed IP address If the ISP assigned a fixed IP address.
Enter your WAN IP address in this field if you selected Use Fixed IP Address.
its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP
broadcast. If No, the route to this remote node will be propagated to other hosts
through RIP broadcasts.
Vantage CNM User’s Guide
73
Page 74
Chapter 5 Device Network Settings
Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) –
ZyNOS ZyWALL (one WAN port) (continued)
LABEL DESCRIPTION
RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information
with other routers. The RIP Direction field controls the sending and receiving of
RIP packets.
Choose Both, None, In Only or Out Only.
When set to Both or Out Only, the device will broadcast its routing table
periodically.
When set to Both or In Only, the device will incorporate RIP information that it
receives.
When set to None, the device will not send any RIP packets and will ignore any RIP
packets received.
By default, RIP Direction is set to Both.
RIP Version The RIP Version field controls the format and the broadcasting method of the RIP
packets that the device sends (it recognizes both formats when receiving).
Choose RIP-1, RIP-2B or RIP-2M.
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the
difference being that RIP-2B uses subnet broadcasting while RIP-2M uses
multicasting. Multicasting can reduce the load on non-router machines since they
generally do not listen to the RIP multicast address and so will not receive the RIP
packets. However, if one router uses multicasting, then all routers on your network
must use multicasting, also. By default, the RIP Version field is set to RIP-1.
Multicast Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Multicast
Protocol) is a network-layer protocol used to establish membership in a Multicast
group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an
improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If
you would like to read more detailed information about inter operability between
IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
5.3.1.3 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using
TCP/IP-based networks.
PPTP supports on-demand, multi-protocol and virtual private networking over public
networks, such as the Internet.
Select PPP Over Ethernet from the Encapsulation field. A warning message appears. Click
OK.
Figure 35 Warning Message When Select PPTP
74
Vantage CNM User’s Guide
Page 75
Chapter 5 Device Network Settings
Figure 36 Device Operation > Device Configuration > Network > WAN > WAN1 - PPTP
(ZyNOS ZyWALL with one WAN port)
The following table describes the labels in the PPTP screen.
Tabl e 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS
ZyWALL (one WAN port)
LABEL DESCRIPTION
WAN:ISP
Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables
Vantage CNM User’s Guide
secure transfer of data from a remote client to a private server, creating a
Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports
on-demand, multi-protocol, and virtual private networking over public
networks, such as the Internet. The device supports only one PPTP server
connection at any given time. To configure a PPTP client, you must configure
the User Name and Password fields for a PPP connection and the PPTP
parameters for a PPTP connection.
75
Page 76
Chapter 5 Device Network Settings
Tabl e 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS
ZyWALL (one WAN port) (continued)
LABEL DESCRIPTION
PPTP
User Name Type the user name given to you by your ISP.
Password Type the password associated with the User Name above.
Retype to confirm
Password
Nailed-up Connection Select Nailed-Up Connection if you do not want the connection to time out.
Idle Timeout This value specifies the time in seconds that elapses before the device
My IP Address Type the (static) IP address assigned to you by your ISP.
My IP Subnet Mask The device will automatically calculate the subnet mask based on the IP
Server IP Address Type the IP address of the PPTP server.
Connection ID/Name Type your identification name for the PPTP server.
Authentication Type Use the drop-down list box to select an authentication protocol for outgoing
WAN:IP
WAN IP Address
Assignment
My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP
Private This parameter determines if the device will include the route to this remote
Advanced Setup
RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing
Type your password again to make sure that you have entered it correctly.
automatically disconnects from the PPTP server.
address that you assign. Unless you are implementing subnetting, use the
subnet mask computed by the device.
calls. Options are:
CHAP/PAP - Your Vantage CNM accepts either CHAP or PAP when
requested by this remote node.
CHAP - Your Vantage CNM accepts CHAP only.
PAP - Your Vantage CNM accepts PAP only.
Select Get automatically from ISP If your ISP did not assign you a fixed IP
address. This is the default selection.
Select Use fixed IP address If the ISP assigned a fixed IP address.
Address.
node in its RIP broadcasts. If set to Yes, this route is kept private and not
included in RIP broadcast. If No, the route to this remote node will be
propagated to other hosts through RIP broadcasts.
information with other routers. The RIP Direction field controls the sending
and receiving of RIP packets.
Choose Both, None, In Only or Out Only.
When set to Both or Out Only, the device will broadcast its routing table
periodically.
When set to Both or In Only, the device will incorporate RIP information that
it receives.
When set to None, the device will not send any RIP packets and will ignore
any RIP packets received.
By default, RIP Direction is set to Both.
76
Vantage CNM User’s Guide
Page 77
Chapter 5 Device Network Settings
Tabl e 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS
ZyWALL (one WAN port) (continued)
LABEL DESCRIPTION
RIP Version The RIP Version field controls the format and the broadcasting method of the
RIP packets that the device sends (it recognizes both formats when
receiving).
Choose RIP-1, RIP-2B or RIP-2M.
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format;
the difference being that RIP-2B uses subnet broadcasting while RIP-2M
uses multicasting. Multicasting can reduce the load on non-router machines
since they generally do not listen to the RIP multicast address and so will not
receive the RIP packets. However, if one router uses multicasting, then all
routers on your network must use multicasting, also. By default, the RIP
Ver si on field is set to RIP-1.
Multicast Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
Multicast Protocol) is a network-layer protocol used to establish membership
in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC
2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is
still in wide use. If you would like to read more detailed information about inter
operability between IGMP version 2 and version 1, please see sections 4 and
5 of RFC 2236.
5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports)
Since ZyWALL 4.00, the WAN screens are organized differently than the previous versions
because it has two WAN ports. Use the WA N 1 and WAN 2 tabs to configure the WAN1 and
WAN2 ports. These tabs are similar and vary by encapsulation type.
5.3.2.1 Ethernet Encapsulation
Use this screen to configure an Ethernet connection on one of the device’s WAN ports. To
open this screen, click Device Operation > Device Configuration > Network > WAN >
WAN1/2.
Vantage CNM User’s Guide
77
Page 78
Chapter 5 Device Network Settings
Figure 37 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS
ZyWALL with two WAN ports)
The following table describes the labels in this screen.
Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS
ZyWALL with two WAN ports)
LABEL DESCRIPTION
ISP Parameters
for Internet
Access
Encapsulation You must choose the Ethernet option when the WAN port is used as a regular
Ethernet.
Service Type Choose from Standard, RR-Telstra (RoadRunner Telstra authentication method),
User Name Type the user name given to you by your ISP.
Password Type the password associated with the user name above.
Retype to confirm
Password
Login Server IP
Address
RR-Manager (Roadrunner Manager authentication method), RR-Toshiba
(Roadrunner Toshiba authentication method) or Telia Login.
The following fields do not appear with the Standard service type.
Type your password again to make sure that you have entered is correctly.
Type the authentication server IP address here if your ISP gave you one.
This field is not available for Telia Login.
78
Vantage CNM User’s Guide
Page 79
Chapter 5 Device Network Settings
Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS
ZyWALL with two WAN ports) (continued)
LABEL DESCRIPTION
Telia Login
Server (Telia
Login only)
Relogin
Every(mins)
(Telia Login only)
WAN IP Address
Assignment
Get automatically
from ISP
Use fixed IP
address
My WAN IP
Address
My WAN IP
Subnet Mask
Gateway IP
Address
Advanced Setup
RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information
RIP Version The RIP Version field controls the format and the broadcasting method of the RIP
Multicast Version Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Multicast
Apply Click Apply to save your changes back to the Vantage CNM.
Reset Click Reset to begin configuring this screen afresh.
Type the domain name of the Telia login server, for example login1.telia.com.
The Telia server logs the Vantage CNM out if the Vantage CNM does not log in
periodically. Type the number of minutes from 1 to 59 (30 default) for the Vantage
CNM to wait between logins.
Select this option If your ISP did not assign you a fixed IP address. This is the
default selection.
Select this option If the ISP assigned a fixed IP address.
Enter your WAN IP address in this field if you selected Use Fixed IP Address.
Enter the IP subnet mask (if your ISP gave you one) in this field if you selected Use
Fixed IP Address.
Enter the gateway IP address (if your ISP gave you one) in this field if you selected
Use Fixed IP Address.
with other routers. The RIP Direction field controls the sending and receiving of
RIP packets.
Choose Both, None, In Only or Out Only.
When set to Both or Out Only, the Vantage CNM will broadcast its routing table
periodically.
When set to Both or In Only, the Vantage CNM will incorporate RIP information
that it receives.
When set to None, the Vantage CNM will not send any RIP packets and will ignore
any RIP packets received.
By default, RIP Direction is set to Both.
packets that the Vantage CNM sends (it recognizes both formats when receiving).
Choose RIP-1, RIP-2B or RIP-2M.
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the
difference being that RIP-2B uses subnet broadcasting while RIP-2M uses
multicasting. Multicasting can reduce the load on non-router machines since they
generally do not listen to the RIP multicast address and so will not receive the RIP
packets. However, if one router uses multicasting, then all routers on your network
must use multicasting, also. By default, the RIP Version field is set to RIP-1.
Protocol) is a network-layer protocol used to establish membership in a Multicast
group – it is not used to carry user data. IGMP version 2 (RFC 2236) is an
improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If
you would like to read more detailed information about interoperability between
IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Vantage CNM User’s Guide
79
Page 80
Chapter 5 Device Network Settings
5.3.2.2 PPPoE Encapsulation
PPPoE (Point-to-Point Protocol over Ethernet) is an IETF standard (RFC 2516) specifying
how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.)
connection. The PPPoE option is for a dial-up connection using PPPoE.
For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for example RADIUS).
One of the benefits of PPPoE is the ability to let you access one of multiple network services,
a function known as dynamic service selection. This enables the service provider to easily
create and offer new IP services for individuals.
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires
no specific configuration of the broadband modem at the customer site.
By implementing PPPoE directly on the device (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the device does that part of
the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Figure 38 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE
(ZyNOS ZyWALL with two WAN ports)
80
Vantage CNM User’s Guide
Page 81
Chapter 5 Device Network Settings
The following table describes the labels in this screen.
Table 22 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE
(ZyNOS ZyWALL with two WAN ports)
LABEL DESCRIPTION
ISP Parameters
for Internet
Access
Encapsulation The PPPoE choice is for a dial-up connection using PPPoE. The router supports
PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF standard (RFC
2516) specifying how a personal computer (PC) interacts with a broadband modem
(for example, DSL, cable, wireless, etc.) connection. Operationally, PPPoE saves
significant effort for both the end user and ISP/carrier, as it requires no specific
configuration of the broadband modem at the customer site. By implementing
PPPoE directly on the router rather than individual computers, the computers on
the LAN do not need PPPoE software installed, since the router does that part of
the task. Further, with NAT, all of the LAN's computers will have access.
Service Name Type the PPPoE service name provided to you. PPPoE uses a service name to
identify and reach the PPPoE server.
User Name Type the user name given to you by your ISP.
Password Type the password associated with the user name above.
Retype to
confirm
Password
Nailed-Up
Connection
Idle Timeout This value specifies the time in seconds that elapses before the device
Authentication
Type
WAN IP Address
Assignment
Get
automatically
from ISP
Use Fixed IP
Address
My WAN IP
Address
Private This parameter determines if the device will include this route to a remote node in
Advanced Setup
Type your password again to make sure that you have entered is correctly.
Select this if you do not want the connection to time out.
automatically disconnects from the PPPoE server.
Use the drop-down list box to select an authentication protocol for outgoing calls.
Options are:
CHAP/PAP - Your Vantage CNM accepts either CHAP or PAP when requested by
this remote node.
CHAP - Your Vantage CNM accepts CHAP only.
PAP - Your Vantage CNM accepts PAP only.
Select this option If your ISP did not assign you a fixed IP address. This is the
default selection.
Select this option If the ISP assigned a fixed IP address.
Enter your WAN IP address in this field if you selected Use Fixed IP Address.
its RIP broadcasts.
Select this check box to keep this route private and not included in RIP broadcasts.
Clear this check box to propagate this route to other hosts through RIP broadcasts.
Vantage CNM User’s Guide
81
Page 82
Chapter 5 Device Network Settings
Table 22 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE
(ZyNOS ZyWALL with two WAN ports) (continued)
LABEL DESCRIPTION
RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information
with other routers. The RIP Direction field controls the sending and receiving of
RIP packets.
Choose Both, None, In Only or Out Only.
When set to Both or Out Only, the Vantage CNM will broadcast its routing table
periodically.
When set to Both or In Only, the Vantage CNM will incorporate RIP information
that it receives.
When set to None, the Vantage CNM will not send any RIP packets and will ignore
any RIP packets received.
By default, RIP Direction is set to Both.
RIP Version The RIP Version field controls the format and the broadcasting method of the RIP
packets that the Vantage CNM sends (it recognizes both formats when receiving).
Choose RIP-1, RIP-2B or RIP-2M.
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the
difference being that RIP-2B uses subnet broadcasting while RIP-2M uses
multicasting. Multicasting can reduce the load on non-router machines since they
generally do not listen to the RIP multicast address and so will not receive the RIP
packets. However, if one router uses multicasting, then all routers on your network
must use multicasting, also. By default, the RIP Version field is set to RIP-1.
Multicast Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Multicast
Protocol) is a network-layer protocol used to establish membership in a Multicast
group – it is not used to carry user data. IGMP version 2 (RFC 2236) is an
improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If
you would like to read more detailed information about interoperability between
IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Apply Click Apply to save your changes back to the Vantage CNM.
Reset Click Reset to begin configuring this screen afresh.
5.3.2.3 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using
TCP/IP-based networks.
PPTP supports on-demand, multi-protocol and virtual private networking over public
networks, such as the Internet.
82
Vantage CNM User’s Guide
Page 83
Chapter 5 Device Network Settings
Figure 39 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP
(ZyNOS ZyWALL with two WAN ports)
The following table describes the labels in this screen.
Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP
(ZyNOS ZyWALL with two WAN ports)
LABEL DESCRIPTION
WAN: ISP
Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables
Vantage CNM User’s Guide
secure transfer of data from a remote client to a private server, creating a Virtual
Private Network (VPN) using TCP/IP-based networks. PPTP supports ondemand, multi-protocol, and virtual private networking over public networks, such
as the Internet. The device supports only one PPTP server connection at any
given time. To configure a PPTP client, you must configure the User Name and
Password fields for a PPP connection and the PPTP parameters for a PPTP
connection.
83
Page 84
Chapter 5 Device Network Settings
Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP
(ZyNOS ZyWALL with two WAN ports) (continued)
LABEL DESCRIPTION
PPTP
User Name Type the user name given to you by your ISP.
Password Type the password associated with the user name above.
Retype to confirm
Password
Nailed-up
Connection
Idle Timeout This value specifies the time in seconds that elapses before the device
My IP Address Type the (static) IP address assigned to you by your ISP.
My IP Subnet
Mask
Server IP Address Type the IP address of the PPTP server.
Connection ID/
Name
Authentication
Type
WAN IP Address
Assignment
Get automatically
from ISP
Use fixed IP
address
My WAN IP
Address
Private This parameter determines if the device will include this route to a remote node in
Advanced Setup
RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing
Type your password again to make sure that you have entered is correctly.
Select this if you do not want the connection to time out.
automatically disconnects from the PPTP server.
Type the subnet mask assigned to you by your ISP.
Type your identification name for the PPTP server.
Use the drop-down list box to select an authentication protocol for outgoing calls.
Options are:
CHAP/PAP - Your device accepts either CHAP or PAP when requested by this
remote node.
CHAP - Your device accepts CHAP only.
PAP - Your device accepts PAP only.
Select this option If your ISP did not assign you a fixed IP address. This is the
default selection.
Select this option If the ISP assigned a fixed IP address.
Enter your WAN IP address in this field if you selected Use Fixed IP Address.
its RIP broadcasts.
Select this check box to keep this route private and not included in RIP
broadcasts. Clear this check box to propagate this route to other hosts through
RIP broadcasts.
information with other routers. The RIP Direction field controls the sending and
receiving of RIP packets.
Choose Both, None, In Only or Out Only.
When set to Both or Out Only, the device will broadcast its routing table
periodically.
When set to Both or In Only, the device will incorporate RIP information that it
receives.
When set to None, the device will not send any RIP packets and will ignore any
RIP packets received.
By default, RIP Direction is set to Both.
84
Vantage CNM User’s Guide
Page 85
Chapter 5 Device Network Settings
Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP
(ZyNOS ZyWALL with two WAN ports) (continued)
LABEL DESCRIPTION
RIP Version The RIP Version field controls the format and the broadcasting method of the RIP
packets that the device sends (it recognizes both formats when receiving).
Choose RIP-1, RIP-2B or RIP-2M.
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the
difference being that RIP-2B uses subnet broadcasting while RIP-2M uses
multicasting. Multicasting can reduce the load on non-router machines since they
generally do not listen to the RIP multicast address and so will not receive the RIP
packets. However, if one router uses multicasting, then all routers on your
network must use multicasting, also. By default, the RIP Version field is set to
RIP-1.
Multicast Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Multicast
Protocol) is a network-layer protocol used to establish membership in a Multicast
group – it is not used to carry user data. IGMP version 2 (RFC 2236) is an
improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If
you would like to read more detailed information about interoperability between
IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Apply Click Apply to save your changes back to the Vantage CNM.
Reset Click Reset to begin configuring this screen afresh.
5.3.3 WAN2 (ZyNOS ZyWALL with 3G WAN)
3G (Third Generation) is a digital, packet-switched wireless technology. Bandwidth usage is
optimized as multiple users share the same channel and bandwidth is only allocated to users
when they send data. It allows fast transfer of voice and non-voice data and provides
broadband Internet access to mobile devices.
" The actual data rate you obtain varies depending on the 3G card you use, the
signal strength of the service provider’s base station, your service plan, etc.
Vantage CNM User’s Guide
85
Page 86
Chapter 5 Device Network Settings
If the signal strength of a 3G network is too low, the 3G card may switch to an available 2.5G
or 2.75G network. See the following table for a comparison between 2G, 2.5G, 2.75G, 3G and
3.5G wireless technologies.
Table 24 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies
NAME TYPE
2G Circuit-
switched
2.5G Packetswitched
2.75G Packetswitched
3G Packet-
switched
3.5G Packetswitched
MOBILE PHONE AND DATA STANDARDS
GSM-BASED CDMA-BASED
GSM (Global System for Mobile
Communications), Personal Handyphone System (PHS), etc.
GPRS (General Packet Radio
Services), High-Speed CircuitSwitched Data (HSCSD), etc.
Enhanced Data rates for GSM
Evolution (EDGE), Enhanced GPRS
(EGPRS), etc.
UMTS (Universal Mobile
Telecommunications System), a thirdgeneration (3G) wireless standard
defined in ITU
sometimes marketed as 3GSM. The
UMTS uses GSM infrastructures and
W-CDMA (Wideband Code Division
Multiple Access) as the air interface.
HSDPA (High-Speed Downlink Packet
Access) is a mobile telephony
protocol, used for UMTS-based 3G
networks and allows for higher data
transfer speeds.
A
specification, is
Interim Standard 95 (IS-95), the first
CDMA-based digital cellular standard
pioneered by Qualcomm. The brand
name for IS-95 is cdmaOne. IS-95 is
also known as TIA-EIA-95.
CDMA2000 is a hybrid 2.5G / 3G
protocol of mobile telecommunications
standards that use CDMA, a multiple
access scheme for digital radio.
CDMA2000 1xRTT (1 times Radio
Transmission Technology) is the core
CDMA2000 wireless air interface
standard. It is also known as 1x, 1xRTT,
or IS-2000 and considered to be a 2.5G
or 2.75G technology.
CDMA2000 EV-DO (Evolution-Data
Optimized, originally 1x Evolution-Data
Only), also referred to as EV-DO, EVDO,
or just EV, is an evolution of CDMA2000
1xRTT and enables high-speed wireless
connectivity. It is also denoted as IS-856
or High Data Rate (HDR).
DATA
SPEED
Slow
Fast
A. The International Telecommunication Union (ITU) is an international organization within which governments and the private sector
coordinate global telecom networks and services.
After you insert a 3G card in a device, the 3G connection becomes WAN 2. Refer to the
device’s User’s Guide for the type of 3G cards that you can use in the device along with the
corresponding supported features.
" You must install a 3G card in the selected device before using this WAN 2.
" The WAN 1 and WAN 2 IP addresses of the device with multiple WAN
interfaces must be on different subnets.
86
Vantage CNM User’s Guide
Page 87
Chapter 5 Device Network Settings
Figure 40 Device Configuration > Network > WAN > 3G(WAN 2)
Vantage CNM User’s Guide
87
Page 88
Chapter 5 Device Network Settings
The following table describes the labels in this screen.
Table 25 Device Configuration > WAN > 3G(WAN2)
LABEL DESCRIPTION
WAN2 Setup
Enable Select this option to enable WAN 2.
3G Card
Configuration
3G Wireless Card This displays the manufacturer and model name of your 3G card if you inserted
Network Type Select the type of the network (UMTS/HSDPA only, GPRS/EDGE only, GSM all or
Network
Selection
ISP Parameters
for Internet
Access
Access Point
Name (APN)
Initial String
(containing APN)
Authentication
Type
User Name Type the user name (of up to 31 ASCII printable characters) given to you by your
Password Type the password (of up to 31 ASCII printable characters) associated with the
Retype to
Confirm
The fields below display only when you enable WAN 2.
one in the selected device. Otherwise, it displays Not Installed.
WCDMA all) to which you want the card to connect. See Table 24 on page 86 for
more information. Otherwise, select Automatically to have the card connect to an
available network using the default settings on the 3G card.
The types of the network vary depending on the 3G card you inserted.
This setting is saved to the flash of your 3G card.
Select a service provider to which you want the card to connect. Otherwise, select
Automatically to have the selected device use the default settings on the 3G card
and connect to your service provider’s base station.
This shows Automatically only by default. Click Scan to have the selected device
search for and display the available service providers.
This field resets to the default setting (Automatically) if the selected device
restarts.
Select this option and enter the APN (Access Point Name) if your ISP gives you the
APN only. Connections with different APNs may provide different services (such as
Internet access or MMS (Multi-Media Messaging Service)) and charge methods.
You can enter up to 31 ASCII printable characters. Spaces are allowed.
This field is available only when you insert a GSM 3G card.
Select this option and enter the initial string and APN if you know how to configure
or your ISP provides a string, which would include the APN, to initialize the 3G
card.
You can enter up to 72 ASCII printable characters. Spaces are allowed.
This field is available only when you insert a GSM 3G card.
The selected device supports PAP (Password Authentication Protocol) and CHAP
(Challenge Handshake Authentication Protocol). CHAP is more secure than PAP;
however, PAP is readily available on more platforms.
Use the drop-down list box to select an authentication protocol for outgoing calls.
Options are:
CHAP/PAP - The selected device accepts either CHAP or PAP when requested by
the ISP.
CHAP - The selected device accepts CHAP only.
PAP - The selected device accepts PAP only.
None - The selected device does not send your user name and password for
authentication. The user name and password fields are grayed out. Select this
option if your ISP did not give you a user name and password.
service provider.
user name above.
Type your password again to make sure that you have entered is correctly.
88
Vantage CNM User’s Guide
Page 89
Chapter 5 Device Network Settings
Table 25 Device Configuration > WAN > 3G(WAN2) (continued)
LABEL DESCRIPTION
PIN Code A PIN (Personal Identification Number) code is a key to a 3G card. Without the PIN
code, you cannot use the 3G card.
Enter the PIN code (four to eight digits, 0000 for example) provided by your ISP. If
you enter the PIN code incorrectly, the 3G card may be blocked by your ISP and
you cannot use the account to access the Internet.
If your ISP disabled PIN code authentication, enter an arbitrary number.
This field is available only when you insert a GSM 3G card.
Phone Number Enter the phone number (dial string) used to dial up a connection to your service
provider’s base station. Your ISP should provide the dial string.
By default, *99# is the dial string for GSM-based networks and #777 is the dial
string for CDMA-based networks.
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout This specifies the time (from 0 to 9999) in seconds that elapses before the selected
WAN IP Address
Assignment
Get automatically
from ISP
Use Fixed IP
Address
My WAN IP
Address
Advanced Setup
Enable NAT
(Network
Address
Translation)
Enable Multicast Select this check box to turn on IGMP (Internet Group Multicast Protocol). IGMP is
Multicast Version Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Multicast
Enable Budget
Control
Time Budget Select this check box and specify the amount of time (in hours) that the 3G
device automatically disconnects from the ISP.
Select this option if your ISP did not assign you a fixed IP address. This is the
default selection.
Select this option if the ISP assigned a fixed IP address.
Enter your WAN IP address in this field if you selected Use Fixed IP Address.
Network Address Translation (NAT) allows the translation of an Internet protocol
address used within one network (for example a private IP address used in a local
network) to a different IP address known within another network (for example a
public IP address used on the Internet).
Select this checkbox to enable NAT.
For more information about NAT see Chapter 17 on page 385.
a network-layer protocol used to establish membership in a Multicast group - it is
not used to carry user data.
Protocol) is a session-layer protocol used to establish membership in a Multicast
group – it is not used to carry user data. IGMP version 2 (RFC 2236) is an
improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If
you would like to read more detailed information about interoperability between
IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Select this check box to set a monthly limit for the user account of the installed 3G
card. You must insert a 3G card before you enable budget control on the selected
device.
You can set a limit on the total traffic and/or call time. The selected device takes the
actions you specified when a limit is exceeded during the month.
connection can be used within one month.
If you change the value after you configure and enable budget control, the selected
device resets the statistics.
Vantage CNM User’s Guide
89
Page 90
Chapter 5 Device Network Settings
Table 25 Device Configuration > WAN > 3G(WAN2) (continued)
LABEL DESCRIPTION
Data Budget Select this check box and specify how much downstream and/or upstream data (in
Mbytes) can be transmitted via the 3G connection within one month.
Select Download to set a limit on the downstream traffic (from the ISP to the
selected device).
Select Upload to set a limit on the upstream traffic (from the selected device to the
ISP).
Select Download/Upload to set a limit on the total traffic in both directions.
If you change the value after you configure and enable budget control, the selected
device resets the statistics.
Reset time and
data budget
counters on
Reset time and
data budget
counters
Actions when
over budget
Actions when
over % of time
budget or % of
data budget
Apply Click Apply to save your changes back to the Vantage CNM.
Reset Click Reset to begin configuring this screen afresh.
Select the date on which the selected device resets the budget every month. If the
date you selected is not available in a month, such as 30th or 31th, the selected
device resets the budget on the last day of the month.
This button is available only when you enable budget control in this screen.
Click this button to reset the time and data budgets immediately. The count starts
over with the 3G connection’s full configured monthly time and data budgets. This
does not affect the normal monthly budget restart.
Specify the actions the selected device takes when the time or data limit is
exceeded.
Select Log to create a log.
Select Alert to create an alert. This option is available only when you select Log.
If you select Log, you can also select recurring every to have the selected device
send a log (and alert if selected) for this event periodically. Specify how often (from
1 to 65535 minutes) to send the log (and alert if selected).
Select Allow to permit new 3G connections or Disallow to drop/block new 3G
connections.
Select Keep to maintain the existing 3G connection or Drop to disconnect it.
You cannot select Allow and Drop at the same time.
If you select Disallow and Keep, the selected device allows you to transmit data
using the current connection, but you cannot build a new connection if the existing
connection is disconnected.
Specify the actions the selected device takes when the specified percentage of
time budget or data limit is exceeded. Enter a number from 1 to 99 in the
percentage fields. If you change the value after you configure and enable budget
control, the selected device resets the statistics.
Select Log to create a log.
Select Alert to create an alert. This option is available only when you select Log.
If you select Log, you can also select recurring every to have the selected device
send a log (and alert if selected) for this event periodically. Specify how often (from
1 to 65535 minutes) to send the log (and alert if selected).
5.3.4 Dial Backup (ZyNOS ZyWALL)
Vantage CNM can communicate with the device using Dial Backup if the main WAN
connection goes down. Use this screen to configure Dial Backup on the device.
90
Vantage CNM User’s Guide
Page 91
Chapter 5 Device Network Settings
Figure 41 Device Operation > Device Configuration > Network > WAN > Dial Backup
(ZyNOS ZyWALL)
The following table describes the labels in this screen.
Table 26 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS
ZyWALL)
LABEL DESCRIPTION
Enable Dial Backup Select this check box to turn on dial backup.
Basic Settings
User Name Type the user name assigned by your ISP.
Password Type the password assigned by your ISP.
Retype to confirm
Password
Authentication Type Use the drop-down list box to select an authentication protocol for outgoing
Dial Backup Port
Speed
Type your password again to make sure that you have entered it correctly.
calls. Options are:
CHAP/PAP - The device accepts either CHAP or PAP when requested by this
remote node.
CHAP - The device accepts CHAP only.
PAP - The device accept PAP only.
Use the drop-down list box to select the speed of the connection between the
Dial Backup port and the external device. Available speeds are: 9600, 19200,
38400, 57600, 115200 or 230400 bps.
Vantage CNM User’s Guide
91
Page 92
Chapter 5 Device Network Settings
Table 26 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS
ZyWALL) (continued)
LABEL DESCRIPTION
Primary/Secondary
Phone Number
AT Command Initial
String
Advanced Modem
Setup
TCP/IP Options Click Edit to display the WAN:Dial Backup TCP/IP Options screen.
Budget Select Always On to have the dial backup connection on all of the time.
Allocated Budget Type the amount of time (in minutes) that the dial backup connection can be
Period Type the time period (in hours) for how often the budget should be reset. For
Idle Timeout Type the number of seconds of idle time (when there is no traffic from the
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
Type the first (primary) phone number from the ISP for this remote node. If
the Primary Phone number is busy or does not answer, the device dials the
Secondary Phone number if available. Some areas require dialing the pound
sign # before the phone number for local calls. Include a # symbol at the
beginning of the phone numbers as required.
Type the AT command string to initialize the WAN device. Consult the manual
of your WAN device connected to your Dial Backup port for specific AT
commands.
Click Advanced to display the WAN:Advanced Modem Setup screen and
edit the details of your dial backup setup.
Select Configure Budget to have the dial backup connection on during the
time that you select.
used during the time configured in the Period field. Set an amount that is less
than the time period configured in the Period field.
example, to allow calls to this remote node for a maximum of 10 minutes
every hour, set the Allocated Budget to 10 (minutes) and the Period to 1
(hour).
device to the remote node) for the device to wait before it automatically
disconnects the dial backup connection. This option applies only when the
device initiates the call. The dial backup connection never times out if you set
this field to "0" (it is the same as selecting Always On).
5.3.5 Advanced Modem Setup (ZyNOS ZyWALL)
5.3.5.1 AT Command Strings
For regular telephone lines, the default Dial string tells the modem that the line uses tone
dialing. ATDT is the command for a switch that requires tone dialing. If your switch requires
pulse dialing, change the string to ATDP.
For ISDN lines, there are many more protocols and operational modes. Please consult the
documentation of your TA. You may need additional commands in both Dial and Init strings.
5.3.5.1.1 DTR Signal
The majority of WAN devices default to hanging up the current call when the DTR (Data
Terminal Ready) signal is dropped by the DTE. When the Drop DTR When Hang Up check
box is selected, the device uses this hardware signal to force the WAN device to hang up, in
addition to issuing the drop command ATH.
92
Vantage CNM User’s Guide
Page 93
Chapter 5 Device Network Settings
5.3.5.1.2 Response Strings
The response strings tell the device the tags, or labels, immediately preceding the various call
parameters sent from the WAN device. The response strings have not been standardized;
please consult the documentation of your WAN device to find the correct tags.
Click the Advanced button in the Advanced Modem Setup in the Dial Backup screen to
display the Dial Backup Advanced screen shown next.
" Consult the manual of your WAN device connected to your dial backup port for
specific AT commands.
Figure 42 Device Operation > Device Configuration > Network > WAN > Dial Backup >
Advanced (ZyNOS ZyWALL)
The following table describes the labels in this screen.
Table 27 Device Operation > Device Configuration > Network > WAN > Dial Backup >
Advanced (ZyNOS ZyWALL)
LABEL DESCRIPTION EXAMPLE
AT Command
Strings
Dial Type the AT Command string to make a call. atdt
Drop Type the AT Command string to drop a call. "~" represents a one
Answer Type the AT Command string to answer a call. ata
Vantage CNM User’s Guide
~~+++~~ath
second wait, for example, "~~~+++~~ath" can be used if your
modem has a slow response time.
93
Page 94
Chapter 5 Device Network Settings
Table 27 Device Operation > Device Configuration > Network > WAN > Dial Backup >
Advanced (ZyNOS ZyWALL) (continued)
LABEL DESCRIPTION EXAMPLE
Drop DTR When
Hang Up
AT Response
Strings
CLID Type the keyword that precedes the CLID (Calling Line
Called ID Type the keyword preceding the dialed number.
Speed Type the keyword preceding the connection speed. CONNECT
Call Control
Dial Timeout (sec) Type a number of seconds for the device to try to set up an
Retry Count Type a number of times for the device to retry a busy or no-
Retry Interval
(sec)
Drop Timeout
(sec)
Call Back Delay
(sec)
Back Click Back to return to the previous screen.
Apply Click Apply to save your changes back to the device.
Select this check box to have the device drop the DTR (Data
Terminal Ready) signal after the "AT Command String: Drop" is
sent out.
Identification) in the AT response string. This lets the device
capture the CLID in the AT response string that comes from the
WAN device. CLID is required for CLID authentication.
outgoing call before timing out (stopping).
answer phone number before blacklisting the number.
Type a number of seconds for the device to wait before trying
another call after a call has failed. This applies before a phone
number is blacklisted.
Type the number of seconds for the device to wait before
dropping the DTR signal if it does not receive a positive
disconnect confirmation.
Type a number of seconds for the device to wait between
dropping a callback request call and dialing the corresponding
callback call.
NMBR
60
0
10
20
15
5.3.6 Edit Dial Backup (ZyNOS ZyWALL)
Click Edit in the TCP/IP Options field in the screen shown in Figure 41 on page 91 to display
the next screen.4
94
Vantage CNM User’s Guide
Page 95
Chapter 5 Device Network Settings
Figure 43 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit
(ZyNOS ZyWALL)
The following table describes the fields in this screen.
Table 28 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit –
ZyNOS ZyWALL
LABEL DESCRIPTION
Get IP Address
Automatically from
Remote Server
Use Fixed IP Address Select this check box if your ISP assigned you a fixed IP address, and then
My WAN IP Address Leave the field set to 0.0.0.0 (default) to have the ISP or other remote router
Enable SUA Network Address Translation (NAT) allows the translation of an Internet
Broadcast Dial Backup
Route
Enable Multicast Select this check box to turn on IGMP (Internet Group Multicast Protocol).
Multicast Version Select IGMP-v1 or IGMP-v2. IGMP version 2 (RFC 2236) is an improvement
Type the login name assigned by your ISP for this remote node.
enter the IP address in the following field.
dynamically (automatically) assign your WAN IP address if you do not know
it. Type your WAN IP address here if you know it (static). This is the address
assigned to your local device, not the remote router.
protocol address used within one network to a different IP address known
within another network.
SUA (Single User Account) is a subset of NAT that supports two types of
mapping: Many-to-One and Server. When you select this option the device
will use Address Mapping Set 255 in the SMT (see the section on menu 15.1
for more information).
Select the check box to enable SUA. Clear the check box to disable SUA so
the device does not perform any NAT mapping for the dial backup
connection.
Select this check box to forward the backup route broadcasts to the WAN.
IGMP is a network-layer protocol used to establish membership in a Multicast
group - it is not used to carry user data.
over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you
would like to read more detailed information about inter operability between
IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Vantage CNM User’s Guide
95
Page 96
Chapter 5 Device Network Settings
Table 28 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit –
ZyNOS ZyWALL (continued)
LABEL DESCRIPTION
Enable RIP Select this check box to turn on RIP (Routing Information Protocol), which
RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router
RIP Version The RIP Version field controls the format and the broadcasting method of the
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
allows a router to exchange routing information with other routers.
to exchange routing information with other routers. The RIP Direction field
controls the sending and receiving of RIP packets. Select the RIP direction
from Both/In Only/Out Only/None. When set to Both or Out Only, the
device broadcasts its routing table periodically. When set to Both or In Only,
it incorporates the RIP information that it receives; when set to None, it does
not send any RIP packets and ignores any RIP packets received. Both is the
default.
RIP packets that the device sends (it recognizes both formats when
receiving). RIP-1 is universally supported but RIP-2 carries more information.
RIP-1 is probably adequate for most networks, unless you have an unusual
network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2
format; the difference being that RIP-2B uses subnet broadcasting while RIP-
2M uses multicasting. Multicasting can reduce the load on non-router
machines since they generally do not listen to the RIP multicast address and
so will not receive the RIP packets. However, if one router uses multicasting,
then all routers on your network must use multicasting, also. By default, RIP
direction is set to Both and the Vers io n set to RIP-1.
5.3.7 WAN Setup (Prestige)
The fields in this screen vary depending on device mode and the encapsulation you select. To
open this screen, select a device, click Device Operation in the menu bar and then click
Device Configuration > Network > WAN > Setup in the navigation panel.
96
Vantage CNM User’s Guide
Page 97
Chapter 5 Device Network Settings
Figure 44 Device Operation > Device Configuration > Network > WAN > Setup (Prestige)
The following table describes the fields in this screen.
Table 29 Device Operation > Device Configuration > Network > WAN > Setup (Prestige)
LABEL DESCRIPTION
Name Enter the name of your Internet Service Provider, for example, MyISP.
This information is for identification purposes only.
Mode Select Routing from the drop-down list box if your ISP allows multiple
Encapsulation Select the method of encapsulation used by your ISP from the drop-down
Multiplex Select the method of multiplexing used by your ISP from the drop-down
Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a
VPI The valid range for the VPI is 0 to 255. Enter the VPI assigned to you.
VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local
computers to share an Internet account. Otherwise select Bridge.
list box. Choices vary depending on the mode you select in the Mode
field.
If you select Bridge in the Mode field, select either PPPoA or RFC 1483.
If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET
ENCAP or PPPoE.
list. Choices are VC or LLC.
virtual circuit. Refer to the appendix for more information.
management of ATM traffic). Enter the VCI assigned to you.
Vantage CNM User’s Guide
97
Page 98
Chapter 5 Device Network Settings
Table 29 Device Operation > Device Configuration > Network > WAN > Setup (Prestige)
LABEL DESCRIPTION
ATM QoS Type Select CBR (Constant Bit Rate) to specify fixed (always-on) bandwidth for
Cell Rate Cell rate configuration often helps eliminate traffic congestion that slows
Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the
Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that
Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that
Login Information (PPPoA and PPPoE encapsulation only)
Service Name
(Appears when you use
PPPoE encapsulation)
PPPoE +
PPPoE_Client_PC
(Appears when you use
PPPoE encapsulation)
User Name Enter the user name exactly as your ISP assigned. If assigned a name in
Password Enter the password associated with the user name above.
IP Address This option is available if you select Routing in the Mode field.
Connection
(Appears when you use
PPPoA and PPPoE
encapsulation)
Nailed-Up Connection
(Appears when you use
PPPoA and PPPoE
encapsulation)
Connect on Demand
(Appears when you use
PPPoA and PPPoE
encapsulation)
voice or data traffic. Select UBR (Unspecified Bit Rate) for applications
that are non-time sensitive, such as e-mail. Select VBR (Variable Bit Rate)
for bursty traffic and bandwidth sharing with other applications.
transmission of real time data such as audio and video connections.
Peak Cell Rate (PCR). This is the maximum rate at which the sender can
send cells. Type the PCR here.
can be transmitted. Type the SCR, which must be less than the PCR.
Note that system default is 0 cells/sec.
can be sent at the peak rate. Type the MBS, which is less than 65535.
This field is only available when PPPoE encapsulation is selected. Type
the PPPoE service name provided to you. PPPoE uses a service name to
identify and reach the PPPoE server.
This field is only available when PPPoE encapsulation is selected.
Select the check box to enable PPPoE pass through. In addition to the
device's built-in PPPoE client, you can enable PPPoE pass through to
allow up to ten hosts on the LAN to use PPPoE client software on their
computers to connect to the ISP via the device. Each host can have a
separate account and a public WAN IP address. PPPoE pass through is
an alternative to NAT for application where NAT is not appropriate.
Disable PPPoE pass through if you do not need to allow hosts on the LAN
to use PPPoE client software on their computers to connect to the ISP.
the form user@domain
enter both components exactly as given.
A static IP address is a fixed IP that your ISP gives you. A dynamic IP
address is not fixed; the ISP assigns you a different one each time you
connect to the Internet. The Single User Account feature can be used with
either a dynamic or static IP address.
Select Obtain an IP Address Automatically if you have a dynamic IP
address; otherwise select Static IP Address and type your ISP assigned
IP address in the IP Address field below.
The schedule rule(s) in SMT menu 26 have priority over your
Connection settings.
Select Nailed-Up Connection when you want your connection up all the
time. The device will try to bring up the connection automatically if it is
disconnected.
Select Connect on Demand when you don't want the connection up all
the time and specify an idle time-out in the Max Idle Timeout field.
where domain identifies a service name, then
98
Vantage CNM User’s Guide
Page 99
Table 29 Device Operation > Device Configuration > Network > WAN > Setup (Prestige)
LABEL DESCRIPTION
Max Idle Timeout
(Appears when you use
PPPoA and PPPoE
encapsulation)
Zero Configuration Select this if you want the device to automatically try to configure the
Subnet Mask (Appears
when you use ENET
ENCAP encapsulation)
ENET ENCAP Gateway
(Appears when you use
ENET ENCAP
encapsulation)
Apply Click Apply to save the changes.
Reset Click Reset to begin configuring this screen afresh.
Specify an idle time-out in the Max Idle Timeout field when you select
Connect on Demand. The default setting is 0, which means the Internet
session will not timeout.
Internet connection. See the device’s User’s Guide for more information.
Enter the subnet mask provided by your ISP.
Enter the IP address of the gateway provided by your ISP.
5.3.8 WAN Backup (Prestige)
Chapter 5 Device Network Settings
Use this screen to change your device’s WAN backup settings. To open this screen, select a
device, click Device Operation in the menu bar and then click Device Configuration >
Network > WAN > Backup in the navigation panel.
Vantage CNM User’s Guide
99
Page 100
Chapter 5 Device Network Settings
Figure 45 Device Operation > Device Configuration > Network > WAN > Backup (Prestige)
100
The following table describes the fields in this screen.
Table 30 Device Operation > Device Configuration > Network > WAN > Backup (Prestige)
LABEL DESCRIPTION
Backup Type Select the method that the device uses to check the DSL connection.
Select DSL Link to have the device check if the connection to the DSLAM is
up. Select ICMP to have the device periodically ping the IP addresses
configured in the Check WAN IP Address type fields.
Check WAN IP
Address1-3
Fail Tolerance Type the number of times (2 recommended) that your device may ping the
Configure this field to test your device's WAN accessibility. Type the IP
address of a reliable nearby computer (for example, your ISP's DNS server
address).
If you activate either traffic redirect or dial backup, you must configure at
least one IP address here.
When using a WAN backup connection, the device periodically pings the
addresses configured here and uses the other WAN backup connection (if
configured) if there is no response.
IP addresses configured in the Check WAN IP Address field without getting
a response before switching to a WAN backup connection (or a different
WAN backup connection).
Vantage CNM User’s Guide
Loading...