ZyWALL 2 Plus
Internet Security Appliance
User’s Guide
Version 4.03
12/2007
Edition 1
www.zyxel.com
About This User's Guide
About This User's Guide
Intended Audience
This manual is intended for people who want to configure the ZyWALL using the web
configurator or System Management Terminal (SMT). You should have at least a basic
knowledge of TCP/IP networking concepts and topology.
Related Documentation
• Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. It contains
information on setting up your network and configuring for Internet access.
• Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary
information.
" It is recommended you use the web configurator to configure the ZyWALL.
• Supporting Disk
Refer to the included CD for support documents.
• ZyXEL Web Site
Please refer to www.zyxel.com
certifications.
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for
improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
for additional support documentation and product
ZyWALL 2 Plus User’s Guide
3
Document Conventions
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The ZyWALL 2 Plus may be referred to as the “ZyWALL”, the “device” or the “system”
in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key.
“Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example,
Maintenance > Log > Log Setting means you first click Maintenance in the navigation
panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For
example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000”
or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
4
ZyWALL 2 Plus User’s Guide
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an
exact representation of your device.
ZyWALL Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
ZyWALL 2 Plus User’s Guide
5
Safety Warnings
Safety Warnings
1 For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device.
• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in
North America or 230V AC in Europe).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.
• If the power adaptor or cord is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.
6
This product is recyclable. Dispose of it properly.
ZyWALL 2 Plus User’s Guide
Contents Overview
Contents Overview
Introduction and Registration ...............................................................................................45
Getting to Know Your ZyWALL .................................................................................................. 47
Introducing the Web Configurator .............................................................................................. 51
Wizard Setup ............................................................................................................................. 69
Tutorials ..................................................................................................................................... 89
Registration ............................................................................................................................. 127
Network ................................................................................................................................. 131
LAN Screens ........................................................................................................................... 133
Bridge Screens ........................................................................................................................ 145
WAN Screens .......................................................................................................................... 151
DMZ Screens ........................................................................................................................... 171
Wireless LAN ........................................................................................................................... 181
Security ................................................................................................................................. 189
Firewall .................................................................................................................................... 191
Content Filtering Screens ........................................................................................................ 223
Content Filtering Reports ......................................................................................................... 245
IPSec VPN ............................................................................................................................... 253
Certificates ............................................................................................................................... 295
Authentication Server .............................................................................................................. 323
Advanced .............................................................................................................................. 329
Network Address Translation (NAT) ........................................................................................ 331
Static Route ............................................................................................................................. 347
Bandwidth Management .......................................................................................................... 351
DNS ......................................................................................................................................... 365
Remote Management ..............................................................................................................377
UPnP ....................................................................................................................................... 399
Custom Application .................................................................................................................. 409
ALG Screen ..............................................................................................................................411
Logs and Maintenance ........................................................................................................ 417
Logs Screens ........................................................................................................................... 419
Maintenance ............................................................................................................................ 447
ZyWALL 2 Plus User’s Guide
7
Contents Overview
SMT ....................................................................................................................................... 465
Introducing the SMT ................................................................................................................ 467
SMT Menu 1 - General Setup .................................................................................................. 475
WAN and Dial Backup Setup ................................................................................................... 481
LAN Setup ............................................................................................................................... 491
Internet Access ........................................................................................................................ 497
DMZ Setup .............................................................................................................................. 501
Wireless Setup ........................................................................................................................ 505
Remote Node Setup ................................................................................................................ 509
IP Static Route Setup .............................................................................................................. 519
Network Address Translation (NAT) ........................................................................................ 521
Introducing the ZyWALL Firewall ............................................................................................. 539
Filter Configuration .................................................................................................................. 541
SNMP Configuration ................................................................................................................ 557
System Information & Diagnosis ............................................................................................. 559
Firmware and Configuration File Maintenance ........................................................................ 571
System Maintenance Menus 8 to 10 ....................................................................................... 587
Remote Management ..............................................................................................................595
Call Scheduling ........................................................................................................................ 599
Troubleshooting and Specifications ..................................................................................603
Troubleshooting ....................................................................................................................... 605
Product Specifications ............................................................................................................. 613
Appendices and Index ......................................................................................................... 619
8
ZyWALL 2 Plus User’s Guide
Table of Contents
Table of Contents
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................4
Safety Warnings........................................................................................................................ 6
Contents Overview ...................................................................................................................7
Table of Contents...................................................................................................................... 9
List of Figures ......................................................................................................................... 27
List of Tables...........................................................................................................................39
Part I: Introduction and Registration ................................................... 45
Chapter 1
Getting to Know Your ZyWALL.............................................................................................. 47
1.1 ZyWALL Internet Security Appliance Overview ................................................................... 47
1.2 Applications for the ZyWALL ............................................................................................... 47
1.2.1 Secure Broadband Internet Access via Cable or DSL Modem .................................. 47
1.2.2 VPN Application ......................................................................................................... 48
1.3 Ways to Manage the ZyWALL ............................................................................................. 48
1.4 Good Habits for Managing the ZyWALL .............................................................................. 49
1.5 LEDs .................................................................................................................................... 49
Chapter 2
Introducing the Web Configurator ........................................................................................51
2.1 Web Configurator Overview ................................................................................................. 51
2.2 Accessing the ZyWALL Web Configurator .......................................................................... 51
2.3 Resetting the ZyWALL ......................................................................................................... 53
2.3.1 Procedure To Use The Reset Button ......................................................................... 53
2.3.2 Uploading a Configuration File Via Console Port ....................................................... 53
2.4 Navigating the ZyWALL Web Configurator .......................................................................... 54
2.4.1 Title Bar ...................................................................................................................... 54
2.4.2 Main Window ..............................................................................................................55
2.4.3 HOME Screen: Router Mode ................................................................................. 55
2.4.4 HOME Screen: Bridge Mode .................................................................................... 57
2.4.5 Navigation Panel ........................................................................................................ 60
ZyWALL 2 Plus User’s Guide
9
Table of Contents
2.4.6 Port Statistics ........................................................................................................... 64
2.4.7 DHCP Table Screen ................................................................................................ 65
2.4.8 VPN Status ................................................................................................................. 66
2.4.9 Bandwidth Monitor .................................................................................................... 67
Chapter 3
Wizard Setup ...........................................................................................................................69
3.1 Wizard Setup Overview ...................................................................................................... 69
3.2 Internet Access ................................................................................................................... 70
3.2.1 ISP Parameters .......................................................................................................... 70
3.2.2 Internet Access Wizard: Second Screen .................................................................... 75
3.2.3 Internet Access Wizard: Registration ......................................................................... 76
3.3 VPN Wizard Gateway Setting .............................................................................................. 79
3.4 VPN Wizard Network Setting ............................................................................................... 80
3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) ................................................................... 82
3.6 VPN Wizard IPSec Setting (IKE Phase 2) ........................................................................... 83
3.7 VPN Wizard Status Summary .............................................................................................. 85
3.8 VPN Wizard Setup Complete .............................................................................................. 87
Chapter 4
Tutorials ................................................................................................................................... 89
4.1 Security Settings for VPN Traffic ......................................................................................... 89
4.1.1 Firewall Rule for VPN Example .................................................................................. 89
4.1.2 Configuring the VPN Rule .......................................................................................... 90
4.1.3 Configuring the Firewall Rules ................................................................................... 93
4.2 Using NAT with Multiple Public IP Addresses ...................................................................... 97
4.2.1 Example Parameters and Scenario ........................................................................... 97
4.2.2 Configuring the WAN Connection with a Static IP Address ........................................ 98
4.2.3 Public IP Address Mapping ...................................................................................... 101
4.2.4 Forwarding Traffic from the WAN to a Local Computer ............................................ 105
4.2.5 Allow WAN-to-LAN Traffic through the Firewall ........................................................ 107
4.2.6 Testing the Connections ............................................................................................114
4.3 Using NAT with Multiple Game Players ..............................................................................114
4.4 How to Manage the ZyWALL’s Bandwidth ..........................................................................115
4.4.1 Example Parameters and Scenario ..........................................................................115
4.4.2 Configuring Bandwidth Management Rules ..............................................................116
4.5 Configuring Content Filtering ............................................................................................. 120
4.5.1 Enable Content Filtering ........................................................................................... 120
4.5.2 Block Categories of Web Content ............................................................................ 121
4.5.3 Assign Bob’s Computer a Specific IP Address ......................................................... 123
4.5.4 Create a Content Filter Policy for Bob ...................................................................... 123
4.5.5 Set the Content Filter Schedule ............................................................................... 124
4.5.6 Block Categories of Web Content for Bob ............................................................... 125
10
ZyWALL 2 Plus User’s Guide
Table of Contents
Chapter 5
Registration........................................................................................................................... 127
5.1 myZyXEL.com overview .................................................................................................... 127
5.1.1 Content Filtering Subscription Service ..................................................................... 127
5.2 Registration ....................................................................................................................... 128
5.3 Service ............................................................................................................................... 129
Part II: Network..................................................................................... 131
Chapter 6
LAN Screens.......................................................................................................................... 133
6.1 LAN, WAN and the ZyWALL .............................................................................................. 133
6.2 IP Address and Subnet Mask ............................................................................................ 133
6.2.1 Private IP Addresses ................................................................................................ 134
6.3 DHCP ................................................................................................................................ 135
6.3.1 IP Pool Setup ........................................................................................................... 135
6.4 RIP Setup .......................................................................................................................... 135
6.5 Multicast ............................................................................................................................ 135
6.6 WINS ................................................................................................................................. 136
6.7 LAN .................................................................................................................................... 136
6.8 LAN Static DHCP ............................................................................................................... 139
6.9 LAN IP Alias .................................................................................................................... 140
6.10 LAN Port Roles ................................................................................................................ 142
Chapter 7
Bridge Screens...................................................................................................................... 145
7.1 Bridge Loop ....................................................................................................................... 145
7.2 Spanning Tree Protocol (STP) ........................................................................................... 146
7.2.1 Rapid STP ................................................................................................................146
7.2.2 STP Terminology ...................................................................................................... 146
7.2.3 How STP Works ....................................................................................................... 146
7.2.4 STP Port States ........................................................................................................ 147
7.3 Bridge ................................................................................................................................ 147
7.4 Bridge Port Roles ............................................................................................................. 149
Chapter 8
WAN Screens......................................................................................................................... 151
8.1 WAN Overview .................................................................................................................. 151
8.2 TCP/IP Priority (Metric) ...................................................................................................... 151
8.3 WAN Route ........................................................................................................................ 151
8.4 WAN IP Address Assignment ............................................................................................ 153
ZyWALL 2 Plus User’s Guide
11
Table of Contents
8.5 DNS Server Address Assignment ................................................................................... 153
8.6 WAN MAC Address ........................................................................................................... 154
8.7 WAN ................................................................................................................................ 154
8.7.1 WAN Ethernet Encapsulation ................................................................................... 154
8.7.2 PPPoE Encapsulation .............................................................................................. 157
8.7.3 PPTP Encapsulation ................................................................................................ 160
8.8 Traffic Redirect ................................................................................................................ 163
8.9 Configuring Traffic Redirect ...............................................................................................164
8.10 Configuring Dial Backup .................................................................................................. 165
8.11 Advanced Modem Setup ................................................................................................ 168
8.11.1 AT Command Strings ............................................................................................. 168
8.11.2 DTR Signal ............................................................................................................. 168
8.11.3 Response Strings ................................................................................................... 169
8.12 Configuring Advanced Modem Setup .............................................................................. 169
Chapter 9
DMZ Screens ......................................................................................................................... 171
9.1 DMZ ................................................................................................................................. 171
9.2 Configuring DMZ ............................................................................................................... 171
9.3 DMZ Static DHCP ............................................................................................................ 174
9.4 DMZ IP Alias .................................................................................................................... 175
9.5 DMZ Public IP Address Example ...................................................................................... 177
9.6 DMZ Private and Public IP Address Example ................................................................... 177
9.7 DMZ Port Roles ............................................................................................................... 178
Chapter 10
Wireless LAN.........................................................................................................................181
10.1 Wireless LAN Introduction ............................................................................................... 181
10.2 Configuring WLAN ......................................................................................................... 181
10.3 WLAN Static DHCP ....................................................................................................... 184
10.4 WLAN IP Alias ............................................................................................................... 185
10.5 WLAN Port Roles ........................................................................................................... 187
Part III: Security.................................................................................... 189
Chapter 11
Firewall................................................................................................................................... 191
12
11.1 Firewall Overview ............................................................................................................ 191
11.2 Packet Direction Matrix .................................................................................................... 192
11.3 Packet Direction Examples .............................................................................................. 193
11.3.1 To VPN Packet Direction ........................................................................................ 195
ZyWALL 2 Plus User’s Guide
Table of Contents
11.3.2 From VPN Packet Direction ................................................................................... 196
11.3.3 From VPN To VPN Packet Direction ...................................................................... 198
11.4 Security Considerations ...................................................................................................199
11.5 Firewall Rules Example ................................................................................................... 200
11.6 Asymmetrical Routes .......................................................................................................201
11.6.1 Asymmetrical Routes and IP Alias ......................................................................... 202
11.7 Firewall Default Rule (Router Mode) ................................................................................ 202
11.8 Firewall Default Rule (Bridge Mode) .............................................................................. 204
11.9 Firewall Rule Summary ................................................................................................... 206
11.9.1 Firewall Edit Rule ................................................................................................. 208
11.10 Anti-Probing ..................................................................................................................211
11.11 Firewall Thresholds ..................................................................................................... 212
11.11.1 Threshold Values .................................................................................................. 213
11.12 Threshold Screen ........................................................................................................... 213
11.13 Service .......................................................................................................................... 215
11.13.1 Firewall Edit Custom Service .............................................................................. 216
11.14 My Service Firewall Rule Example ................................................................................ 217
Chapter 12
Content Filtering Screens ....................................................................................................223
12.1 Content Filtering Overview .............................................................................................. 223
12.1.1 Restrict Web Features ........................................................................................... 223
12.1.2 Create a Filter List .................................................................................................. 223
12.1.3 Customize Web Site Access ................................................................................. 223
12.2 Content Filtering with an External Database ................................................................... 223
12.3 Content Filter General Screen ........................................................................................ 224
12.4 Content Filter Policy ..................................................................................................... 227
12.5 Content Filter Policy: General ......................................................................................... 229
12.6 Content Filter Policy: External Database ........................................................................ 230
12.7 Content Filter Policy: Customization ............................................................................... 237
12.8 Content Filter Policy: Schedule ...................................................................................... 239
12.9 Content Filter Object ..................................................................................................... 240
12.10 Customizing Keyword Blocking URL Checking ............................................................. 242
12.10.1 Domain Name or IP Address URL Checking ....................................................... 242
12.10.2 Full Path URL Checking ....................................................................................... 243
12.10.3 File Name URL Checking ..................................................................................... 243
12.11 Content Filtering Cache ............................................................................................... 243
Chapter 13
Content Filtering Reports.....................................................................................................245
13.1 Checking Content Filtering Activation .............................................................................. 245
13.2 Viewing Content Filtering Reports ................................................................................... 245
13.3 Web Site Submission .......................................................................................................250
ZyWALL 2 Plus User’s Guide
13
Table of Contents
Chapter 14
IPSec VPN.............................................................................................................................. 253
14.1 IPSec VPN Overview ..................................................................................................... 253
14.1.1 IKE SA Overview .................................................................................................... 254
14.2 VPN Rules (IKE) .............................................................................................................. 255
14.3 IKE SA Setup .................................................................................................................. 257
14.3.1 IKE SA Proposal .................................................................................................... 257
14.4 Additional IPSec VPN Topics ........................................................................................... 261
14.4.1 SA Life Time ........................................................................................................... 262
14.4.2 IPSec High Availability ........................................................................................... 262
14.4.3 Encryption and Authentication Algorithms ............................................................. 263
14.5 VPN Rules (IKE) Gateway Policy Edit ............................................................................. 264
14.6 IPSec SA Overview .....................................................................................................270
14.6.1 Local Network and Remote Network ...................................................................... 270
14.6.2 Virtual Address Mapping ........................................................................................ 271
14.6.3 Active Protocol ....................................................................................................... 272
14.6.4 Encapsulation ......................................................................................................... 272
14.6.5 IPSec SA Proposal and Perfect Forward Secrecy ................................................. 273
14.7 VPN Rules (IKE) Network Policy Edit ............................................................................. 273
14.8 Network Policy Port Forwarding ................................................................................... 278
14.9 Network Policy Move .....................................................................................................280
14.10 IPSec SA Using Manual Keys ................................................................................... 281
14.10.1 IPSec SA Proposal Using Manual Keys ............................................................... 281
14.10.2 Authentication and the Security Parameter Index (SPI) ....................................... 281
14.11 VPN Rules (Manual) ...................................................................................................... 281
14.12 VPN Rules (Manual) Edit ............................................................................................ 283
14.13 VPN SA Monitor .......................................................................................................... 285
14.14 VPN Global Setting ....................................................................................................... 286
14.14.1 Local and Remote IP Address Conflict Resolution .............................................. 286
14.15 Telecommuter VPN/IPSec Examples ............................................................................ 289
14.15.1 Telecommuters Sharing One VPN Rule Example ................................................ 289
14.15.2 Telecommuters Using Unique VPN Rules Example ............................................. 290
14.16 VPN and Remote Management ..................................................................................... 291
14.17 Hub-and-spoke VPN ...................................................................................................... 292
14.17.1 Hub-and-spoke VPN Example ............................................................................. 293
14.17.2 Hub-and-spoke Example VPN Rule Addresses ................................................... 293
14.17.3 Hub-and-spoke VPN Requirements and Suggestions ......................................... 294
Chapter 15
Certificates ............................................................................................................................295
15.1 Certificates Overview ....................................................................................................... 295
15.1.1 Advantages of Certificates ..................................................................................... 296
15.2 Self-signed Certificates .................................................................................................... 296
14
ZyWALL 2 Plus User’s Guide
Table of Contents
15.3 Verifying a Certificate ....................................................................................................... 296
15.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 296
15.4 Configuration Summary ................................................................................................... 297
15.5 My Certificates ................................................................................................................ 298
15.6 My Certificate Details ..................................................................................................... 300
15.7 My Certificate Export ...................................................................................................... 302
15.7.1 Certificate File Export Formats ............................................................................... 302
15.8 My Certificate Import ..................................................................................................... 303
15.8.1 Certificate File Formats .......................................................................................... 303
15.9 My Certificate Create ..................................................................................................... 305
15.10 Trusted CAs ................................................................................................................. 310
15.11 Trusted CA Details ........................................................................................................ 312
15.12 Trusted CA Import ....................................................................................................... 314
15.13 Trusted Remote Hosts ................................................................................................. 315
15.14 Trusted Remote Host Certificate Details ..................................................................... 316
15.15 Trusted Remote Hosts Import ...................................................................................... 319
15.16 Directory Servers .......................................................................................................... 320
15.17 Directory Server Add or Edit ........................................................................................ 321
Chapter 16
Authentication Server...........................................................................................................323
16.1 Authentication Server Overview ...................................................................................... 323
16.1.1 Local User Database .............................................................................................. 323
16.1.2 RADIUS ..................................................................................................................323
16.1.3 Types of RADIUS Messages .................................................................................. 323
16.2 Local User Database .....................................................................................................324
16.3 RADIUS ......................................................................................................................... 326
Part IV: Advanced ................................................................................ 329
Chapter 17
Network Address Translation (NAT).................................................................................... 331
17.1 NAT Overview ................................................................................................................ 331
17.1.1 NAT Definitions ...................................................................................................... 331
17.1.2 What NAT Does ..................................................................................................... 332
17.1.3 How NAT Works ..................................................................................................... 332
17.1.4 NAT Application ...................................................................................................... 333
17.1.5 Port Restricted Cone NAT ...................................................................................... 334
17.1.6 NAT Mapping Types ............................................................................................... 334
17.2 Using NAT ........................................................................................................................ 335
17.2.1 SUA (Single User Account) Versus NAT ................................................................ 335
ZyWALL 2 Plus User’s Guide
15
Table of Contents
17.3 NAT Overview Screen ..................................................................................................... 336
17.4 NAT Address Mapping ................................................................................................... 337
17.4.1 What NAT Does ..................................................................................................... 337
17.4.2 NAT Address Mapping Edit .................................................................................. 339
17.5 Port Forwarding .............................................................................................................. 340
17.5.1 Default Server IP Address ...................................................................................... 340
17.5.2 Port Forwarding: Services and Port Numbers ........................................................ 341
17.5.3 Configuring Servers Behind Port Forwarding (Example) ....................................... 341
17.5.4 Port Translation ...................................................................................................... 341
17.6 Port Forwarding Screen ................................................................................................... 342
17.7 Port Triggering ............................................................................................................... 344
Chapter 18
Static Route ........................................................................................................................... 347
18.1 IP Static Route .............................................................................................................. 347
18.2 IP Static Route ................................................................................................................. 348
18.2.1 IP Static Route Edit .............................................................................................. 349
Chapter 19
Bandwidth Management.......................................................................................................351
19.1 Bandwidth Management Overview ................................................................................. 351
19.2 Bandwidth Classes and Filters ........................................................................................ 351
19.3 Proportional Bandwidth Allocation ................................................................................... 352
19.4 Application-based Bandwidth Management .................................................................... 352
19.5 Subnet-based Bandwidth Management .......................................................................... 352
19.6 Application and Subnet-based Bandwidth Management ................................................. 352
19.7 Scheduler ........................................................................................................................ 353
19.7.1 Priority-based Scheduler ........................................................................................ 353
19.7.2 Fairness-based Scheduler ..................................................................................... 353
19.7.3 Maximize Bandwidth Usage ................................................................................... 353
19.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic .......................................... 353
19.7.5 Maximize Bandwidth Usage Example .................................................................... 354
19.8 Bandwidth Borrowing .......................................................................................................355
19.8.1 Bandwidth Borrowing Example .............................................................................. 355
19.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................................. 356
19.10 Over Allotment of Bandwidth ......................................................................................... 356
19.11 Configuring Summary .................................................................................................... 357
19.12 Configuring Class Setup .............................................................................................. 358
19.12.1 Bandwidth Manager Class Configuration ........................................................... 359
19.12.2 Bandwidth Management Statistics ................................................................... 362
19.13 Bandwidth Manager Monitor ........................................................................................ 363
Chapter 20
DNS ........................................................................................................................................ 365
16
ZyWALL 2 Plus User’s Guide
Table of Contents
20.1 DNS Overview ............................................................................................................... 365
20.2 DNS Server Address Assignment ................................................................................... 365
20.3 DNS Servers .................................................................................................................... 365
20.4 Address Record ............................................................................................................... 366
20.4.1 DNS Wildcard ......................................................................................................... 366
20.5 Name Server Record ....................................................................................................... 366
20.5.1 Private DNS Server ................................................................................................ 366
20.6 System Screen ................................................................................................................ 367
20.6.1 Adding an Address Record .................................................................................. 368
20.6.2 Inserting a Name Server Record .......................................................................... 369
20.7 DNS Cache .................................................................................................................... 371
20.8 Configure DNS Cache ..................................................................................................... 371
20.9 Configuring DNS DHCP ................................................................................................ 372
20.10 Dynamic DNS .............................................................................................................. 374
20.10.1 DYNDNS Wildcard ............................................................................................... 374
20.11 Configuring Dynamic DNS ............................................................................................. 374
Chapter 21
Remote Management............................................................................................................ 377
21.1 Remote Management Overview ...................................................................................... 377
21.1.1 Remote Management Limitations .......................................................................... 378
21.1.2 System Timeout ..................................................................................................... 378
21.2 WWW (HTTP and HTTPS) ............................................................................................. 378
21.3 WWW Configuration ........................................................................................................ 379
21.4 HTTPS Example .............................................................................................................. 380
21.4.1 Internet Explorer Warning Messages ..................................................................... 381
21.4.2 Netscape Navigator Warning Messages ................................................................ 381
21.4.3 Avoiding the Browser Warning Messages .............................................................. 382
21.4.4 Login Screen .......................................................................................................... 383
21.5 SSH .............................................................................................................................. 385
21.6 How SSH Works .............................................................................................................. 385
21.7 SSH Implementation on the ZyWALL .............................................................................. 386
21.7.1 Requirements for Using SSH ................................................................................. 386
21.8 Configuring SSH .............................................................................................................. 386
21.9 Secure Telnet Using SSH Examples ............................................................................... 387
21.9.1 Example 1: Microsoft Windows .............................................................................. 387
21.9.2 Example 2: Linux .................................................................................................... 388
21.10 Secure FTP Using SSH Example .................................................................................. 389
21.11 Telnet ........................................................................................................................... 390
21.12 Configuring TELNET ..................................................................................................... 390
21.13 FTP .............................................................................................................................. 391
21.14 SNMP .......................................................................................................................... 392
21.14.1 Supported MIBs ................................................................................................... 393
ZyWALL 2 Plus User’s Guide
17
Table of Contents
21.14.2 SNMP Traps ......................................................................................................... 393
21.14.3 REMOTE MANAGEMENT: SNMP ....................................................................... 393
21.15 DNS ............................................................................................................................. 395
21.16 Introducing Vantage CNM ............................................................................................. 395
21.17 Configuring CNM ........................................................................................................... 396
21.17.1 Additional Configuration for Vantage CNM .......................................................... 397
Chapter 22
UPnP ...................................................................................................................................... 399
22.1 Universal Plug and Play Overview ................................................................................ 399
22.1.1 How Do I Know If I'm Using UPnP? ....................................................................... 399
22.1.2 NAT Traversal ........................................................................................................ 399
22.1.3 Cautions with UPnP ............................................................................................... 399
22.1.4 UPnP and ZyXEL ................................................................................................... 400
22.2 Configuring UPnP ............................................................................................................ 400
22.3 Displaying UPnP Port Mapping .................................................................................... 401
22.4 Installing UPnP in Windows Example .............................................................................. 402
22.4.1 Installing UPnP in Windows Me ............................................................................. 403
22.4.2 Installing UPnP in Windows XP ............................................................................. 404
22.5 Using UPnP in Windows XP Example ............................................................................. 404
22.5.1 Auto-discover Your UPnP-enabled Network Device .............................................. 405
22.5.2 Web Configurator Easy Access ............................................................................. 406
Chapter 23
Custom Application ..............................................................................................................409
23.1 Custom Applicaton ......................................................................................................... 409
23.2 Custom Applicaton Configuration .................................................................................... 409
Chapter 24
ALG Screen ........................................................................................................................... 411
24.1 ALG Introduction ..............................................................................................................411
24.1.1 ALG and NAT ..........................................................................................................411
24.1.2 ALG and the Firewall ...............................................................................................411
24.2 FTP .................................................................................................................................. 412
24.3 H.323 ............................................................................................................................... 412
24.4 RTP .................................................................................................................................. 412
24.4.1 H.323 ALG Details ................................................................................................. 412
24.5 SIP ................................................................................................................................... 413
24.5.1 STUN ..................................................................................................................... 413
24.5.2 SIP ALG Details ..................................................................................................... 413
24.5.3 SIP Signaling Session Timeout .............................................................................. 414
24.5.4 SIP Audio Session Timeout .................................................................................... 414
24.6 ALG Screen ..................................................................................................................... 414
18
ZyWALL 2 Plus User’s Guide
Table of Contents
Part V: Logs and Maintenance ............................................................ 417
Chapter 25
Logs Screens ........................................................................................................................419
25.1 Configuring View Log ...................................................................................................... 419
25.2 Log Description Example ................................................................................................. 420
25.2.1 About the Certificate Not Trusted Log .................................................................... 421
25.3 Configuring Log Settings ................................................................................................ 422
25.4 Configuring Reports ....................................................................................................... 425
25.4.1 Viewing Web Site Hits ............................................................................................ 427
25.4.2 Viewing Host IP Address ........................................................................................ 427
25.4.3 Viewing Protocol/Port ............................................................................................. 428
25.4.4 System Reports Specifications ............................................................................... 430
25.5 Log Descriptions .............................................................................................................. 430
25.6 Syslog Logs .................................................................................................................... 445
Chapter 26
Maintenance .......................................................................................................................... 447
26.1 Maintenance Overview .................................................................................................... 447
26.2 General Setup and System Name ................................................................................... 447
26.2.1 General Setup ....................................................................................................... 447
26.3 Configuring Password .................................................................................................... 448
26.4 Time and Date ................................................................................................................ 449
26.5 Pre-defined NTP Time Server Pools ............................................................................... 452
26.5.1 Resetting the Time ................................................................................................. 452
26.5.2 Time Server Synchronization ................................................................................. 452
26.6 Introduction To Transparent Bridging ............................................................................... 453
26.7 Transparent Firewalls ...................................................................................................... 454
26.8 Configuring Device Mode (Router) ................................................................................. 454
26.9 Configuring Device Mode (Bridge) ................................................................................. 455
26.10 F/W Upload Screen ...................................................................................................... 457
26.11 Backup and Restore ..................................................................................................... 459
26.11.1 Backup Configuration ........................................................................................... 460
26.11.2 Restore Configuration .......................................................................................... 460
26.11.3 Back to Factory Defaults ..................................................................................... 461
26.12 Restart Screen .............................................................................................................. 461
26.13 Diagnostics .................................................................................................................... 462
Part VI: SMT.......................................................................................... 465
ZyWALL 2 Plus User’s Guide
19
Table of Contents
Chapter 27
Introducing the SMT .............................................................................................................467
27.1 Introduction to the SMT ...................................................................................................467
27.2 Accessing the SMT via the Console Port ........................................................................ 467
27.2.1 Initial Screen ..........................................................................................................467
27.2.2 Entering the Password ........................................................................................... 468
27.3 Navigating the SMT Interface .......................................................................................... 468
27.3.1 Main Menu ............................................................................................................. 469
27.3.2 SMT Menus Overview ............................................................................................ 471
27.4 Changing the System Password ..................................................................................... 472
27.5 Resetting the ZyWALL ..................................................................................................... 473
Chapter 28
SMT Menu 1 - General Setup ............................................................................................... 475
28.1 Introduction to General Setup .......................................................................................... 475
28.2 Configuring General Setup .............................................................................................. 475
28.2.1 Configuring Dynamic DNS ..................................................................................... 476
Chapter 29
WAN and Dial Backup Setup................................................................................................ 481
29.1 Introduction to WAN and Dial Backup Setup ................................................................... 481
29.2 WAN Setup ...................................................................................................................... 481
29.3 Dial Backup ..................................................................................................................... 482
29.4 Configuring Dial Backup in Menu 2 ................................................................................. 482
29.5 Advanced WAN Setup ..................................................................................................... 483
29.6 Remote Node Profile (Backup ISP) ................................................................................. 485
29.7 Editing TCP/IP Options ....................................................................................................487
29.8 Editing Login Script .......................................................................................................... 488
29.9 Remote Node Filter ......................................................................................................... 489
Chapter 30
LAN Setup.............................................................................................................................. 491
30.1 Introduction to LAN Setup ............................................................................................... 491
30.2 Accessing the LAN Menus .............................................................................................. 491
30.3 LAN Port Filter Setup ....................................................................................................... 491
30.4 TCP/IP and DHCP Ethernet Setup Menu ........................................................................ 492
30.4.1 IP Alias Setup ......................................................................................................... 495
Chapter 31
Internet Access ..................................................................................................................... 497
31.1 Introduction to Internet Access Setup .............................................................................. 497
31.2 Ethernet Encapsulation ................................................................................................... 497
31.3 Configuring the PPTP Client ............................................................................................ 499
20
ZyWALL 2 Plus User’s Guide
Table of Contents
31.4 Configuring the PPPoE Client ......................................................................................... 499
31.5 Basic Setup Complete ..................................................................................................... 500
Chapter 32
DMZ Setup ............................................................................................................................. 501
32.1 Configuring DMZ Setup ................................................................................................... 501
32.2 DMZ Port Filter Setup ...................................................................................................... 501
32.3 TCP/IP Setup ................................................................................................................... 502
32.3.1 IP Address ..............................................................................................................502
32.3.2 IP Alias Setup ......................................................................................................... 503
Chapter 33
Wireless Setup ......................................................................................................................505
33.1 TCP/IP Setup ................................................................................................................... 505
33.1.1 IP Address ..............................................................................................................505
33.1.2 IP Alias Setup ......................................................................................................... 506
Chapter 34
Remote Node Setup..............................................................................................................509
34.1 Introduction to Remote Node Setup ................................................................................ 509
34.2 Remote Node Setup ........................................................................................................ 509
34.3 Remote Node Profile Setup ............................................................................................. 509
34.3.1 Ethernet Encapsulation .......................................................................................... 510
34.3.2 PPPoE Encapsulation .............................................................................................511
34.3.3 PPTP Encapsulation .............................................................................................. 513
34.4 Edit IP .............................................................................................................................. 514
34.5 Remote Node Filter ......................................................................................................... 516
34.6 Traffic Redirect ................................................................................................................ 517
Chapter 35
IP Static Route Setup............................................................................................................ 519
35.1 IP Static Route Setup ...................................................................................................... 519
Chapter 36
Network Address Translation (NAT).................................................................................... 521
36.1 Using NAT ........................................................................................................................ 521
36.1.1 SUA (Single User Account) Versus NAT ................................................................ 521
36.1.2 Applying NAT ......................................................................................................... 521
36.2 NAT Setup ....................................................................................................................... 523
36.2.1 Address Mapping Sets ........................................................................................... 523
36.3 Configuring a Server behind NAT .................................................................................... 528
36.4 General NAT Examples ................................................................................................... 530
36.4.1 Internet Access Only .............................................................................................. 530
ZyWALL 2 Plus User’s Guide
21
Table of Contents
36.4.2 Example 2: Internet Access with a Default Server ................................................. 532
36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............................. 532
36.4.4 Example 4: NAT Unfriendly Application Programs ................................................. 536
36.5 Trigger Port Forwarding ...................................................................................................537
36.5.1 Two Points To Remember About Trigger Ports ...................................................... 537
Chapter 37
Introducing the ZyWALL Firewall ........................................................................................539
37.1 Using ZyWALL SMT Menus ............................................................................................ 539
37.1.1 Activating the Firewall ............................................................................................ 539
Chapter 38
Filter Configuration............................................................................................................... 541
38.1 Introduction to Filters ....................................................................................................... 541
38.1.1 The Filter Structure of the ZyWALL ........................................................................ 542
38.2 Configuring a Filter Set .................................................................................................... 544
38.2.1 Configuring a Filter Rule ........................................................................................ 546
38.2.2 Configuring a TCP/IP Filter Rule ............................................................................ 546
38.2.3 Configuring a Generic Filter Rule ........................................................................... 549
38.3 Example Filter .................................................................................................................. 550
38.4 Filter Types and NAT ....................................................................................................... 552
38.5 Firewall Versus Filters ..................................................................................................... 552
38.5.1 Packet Filtering: ..................................................................................................... 552
38.5.2 Firewall ................................................................................................................... 553
38.6 Applying a Filter .............................................................................................................. 553
38.6.1 Applying LAN Filters ............................................................................................... 554
38.6.2 Applying DMZ Filters .............................................................................................. 554
38.6.3 Applying Remote Node Filters ............................................................................... 555
Chapter 39
SNMP Configuration.............................................................................................................557
39.1 SNMP Configuration ........................................................................................................557
39.2 SNMP Traps .................................................................................................................... 558
Chapter 40
System Information & Diagnosis.........................................................................................559
40.1 Introduction to System Status .......................................................................................... 559
40.2 System Status .................................................................................................................. 559
40.3 System Information and Console Port Speed .................................................................. 561
40.3.1 System Information ................................................................................................ 561
40.3.2 Console Port Speed ............................................................................................... 562
40.4 Log and Trace .................................................................................................................. 562
40.4.1 Viewing Error Log ................................................................................................... 562
22
ZyWALL 2 Plus User’s Guide
Table of Contents
40.4.2 Syslog Logging ....................................................................................................... 563
40.4.3 Call-Triggering Packet ............................................................................................ 566
40.5 Diagnostic ........................................................................................................................ 567
40.5.1 WAN DHCP ............................................................................................................ 568
Chapter 41
Firmware and Configuration File Maintenance..................................................................571
41.1 Introduction ...................................................................................................................... 571
41.2 Filename Conventions ..................................................................................................... 571
41.3 Backup Configuration ......................................................................................................572
41.3.1 Backup Configuration ............................................................................................. 572
41.3.2 Using the FTP Command from the Command Line ............................................... 573
41.3.3 Example of FTP Commands from the Command Line .......................................... 574
41.3.4 GUI-based FTP Clients .......................................................................................... 574
41.3.5 File Maintenance Over WAN .................................................................................. 574
41.3.6 Backup Configuration Using TFTP ......................................................................... 575
41.3.7 TFTP Command Example ...................................................................................... 575
41.3.8 GUI-based TFTP Clients ........................................................................................ 575
41.3.9 Backup Via Console Port ....................................................................................... 576
41.4 Restore Configuration ...................................................................................................... 577
41.4.1 Restore Using FTP ................................................................................................. 577
41.4.2 Restore Using FTP Session Example .................................................................... 578
41.4.3 Restore Via Console Port ....................................................................................... 579
41.5 Uploading Firmware and Configuration Files .................................................................. 579
41.5.1 Firmware File Upload ............................................................................................. 580
41.5.2 Configuration File Upload ....................................................................................... 580
41.5.3 FTP File Upload Command from the DOS Prompt Example ................................. 581
41.5.4 FTP Session Example of Firmware File Upload .................................................... 582
41.5.5 TFTP File Upload ................................................................................................... 582
41.5.6 TFTP Upload Command Example ......................................................................... 583
41.5.7 Uploading Via Console Port ................................................................................... 583
41.5.8 Uploading Firmware File Via Console Port ............................................................ 583
41.5.9 Example Xmodem Firmware Upload Using HyperTerminal ................................... 583
41.5.10 Uploading Configuration File Via Console Port .................................................... 584
41.5.11 Example Xmodem Configuration Upload Using HyperTerminal ........................... 585
Chapter 42
System Maintenance Menus 8 to 10....................................................................................587
42.1 Command Interpreter Mode ............................................................................................ 587
42.1.1 Command Syntax ................................................................................................... 588
42.1.2 Command Usage ................................................................................................... 588
42.2 Call Control Support ........................................................................................................ 589
42.2.1 Budget Management .............................................................................................. 589
ZyWALL 2 Plus User’s Guide
23
Table of Contents
42.2.2 Call History ............................................................................................................. 590
42.3 Time and Date Setting .....................................................................................................591
Chapter 43
Remote Management............................................................................................................ 595
43.1 Remote Management ...................................................................................................... 595
43.1.1 Remote Management Limitations .......................................................................... 597
Chapter 44
Call Scheduling..................................................................................................................... 599
44.1 Introduction to Call Scheduling ........................................................................................ 599
Part VII: Troubleshooting and Specifications ................................... 603
Chapter 45
Troubleshooting....................................................................................................................605
45.1 Power, Hardware Connections, and LEDs ...................................................................... 605
45.2 ZyWALL Access and Login .............................................................................................. 606
45.3 Internet Access ................................................................................................................ 608
45.4 Wireless Router/AP Troubleshooting ............................................................................... 610
45.5 UPnP ............................................................................................................................... 610
Chapter 46
Product Specifications.........................................................................................................613
46.1 General ZyWALL Specifications ...................................................................................... 613
46.2 Cable Pin Assignments ................................................................................................... 615
46.3 Wall-mounting Instructions .............................................................................................. 617
Part VIII: Appendices and Index ......................................................... 619
Appendix A Setting up Your Computer’s IP Address............................................................ 621
Appendix B Pop-up Windows, JavaScripts and Java Permissions ......................................637
Appendix C IP Addresses and Subnetting ........................................................................... 645
Appendix D Common Services ............................................................................................653
Appendix E Importing Certificates ........................................................................................657
Appendix F Legal Information ..............................................................................................669
Appendix G Customer Support ............................................................................................673
24
ZyWALL 2 Plus User’s Guide
Table of Contents
Index....................................................................................................................................... 679
ZyWALL 2 Plus User’s Guide
25
Table of Contents
26
ZyWALL 2 Plus User’s Guide
List of Figures
List of Figures
Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ................................................... 48
Figure 2 VPN Application ....................................................................................................................... 48
Figure 3 Front Panel .............................................................................................................................. 49
Figure 4 Change Password Screen ........................................................................................................ 52
Figure 5 Replace Certificate Screen ....................................................................................................... 52
Figure 6 Example Xmodem Upload ........................................................................................................ 53
Figure 7 HOME Screen .......................................................................................................................... 54
Figure 8 Web Configurator HOME Screen in Router Mode ................................................................... 55
Figure 9 Web Configurator HOME Screen in Bridge Mode .................................................................... 58
Figure 10 HOME > Show Statistics ........................................................................................................ 64
Figure 11 HOME > DHCP Table ............................................................................................................. 65
Figure 12 HOME > VPN Status .............................................................................................................. 66
Figure 13 Home > Bandwidth Monitor .................................................................................................... 67
Figure 14 Wizard Setup Welcome .......................................................................................................... 69
Figure 15 ISP Parameters: Ethernet Encapsulation ...............................................................................70
Figure 16 ISP Parameters: PPPoE Encapsulation ................................................................................. 72
Figure 17 ISP Parameters: PPTP Encapsulation ...................................................................................74
Figure 18 Internet Access Wizard: Second Screen ................................................................................75
Figure 19 Internet Access Setup Complete ............................................................................................ 76
Figure 20 Internet Access Wizard: Registration ..................................................................................... 77
Figure 21 Internet Access Wizard: Registration in Progress .................................................................. 78
Figure 22 Internet Access Wizard: Status .............................................................................................. 78
Figure 23 Internet Access Wizard: Registration Failed ..........................................................................78
Figure 24 Internet Access Wizard: Registered Device ........................................................................... 79
Figure 25 Internet Access Wizard: Activated Services ...........................................................................79
Figure 26 VPN Wizard: Gateway Setting ............................................................................................... 80
Figure 27 VPN Wizard: Network Setting ................................................................................................ 81
Figure 28 VPN Wizard: IKE Tunnel Setting ............................................................................................ 82
Figure 29 VPN Wizard: IPSec Setting .................................................................................................... 84
Figure 30 VPN Wizard: VPN Status ....................................................................................................... 85
Figure 31 VPN Wizard Setup Complete ................................................................................................. 87
Figure 32 Firewall Rule for VPN ............................................................................................................. 90
Figure 33 SECURITY > VPN > VPN Rules (IKE) .................................................................................. 90
Figure 34 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy ............................................. 91
Figure 35 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example ................................ 92
Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy ............................................... 93
Figure 37 SECURITY > FIREWALL > Rule Summary ........................................................................... 94
Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow ..................................................... 95
ZyWALL 2 Plus User’s Guide
27
List of Figures
Figure 39 SECURITY > FIREWALL > Rule Summary: Allow ................................................................. 96
Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN ...................................... 96
Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses ............................................... 97
Figure 42 Tutorial Example: WAN Connection with a Static Public IP Address ..................................... 98
Figure 43 Tutorial Example: WAN Screen ............................................................................................. 99
Figure 44 Tutorial Example: DNS > System ........................................................................................... 99
Figure 45 Tutorial Example: DNS > System Edit-1 ............................................................................. 100
Figure 46 Tutorial Example: DNS > System Edit-2 ............................................................................. 100
Figure 47 Tutorial Example: DNS > System: Done ............................................................................. 101
Figure 48 Tutorial Example: Status ....................................................................................................... 101
Figure 49 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers ........................ 102
Figure 50 Tutorial Example: NAT > NAT Overview .............................................................................. 103
Figure 51 Tutorial Example: NAT > Address Mapping .......................................................................... 103
Figure 52 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) .......................................... 104
Figure 53 Tutorial Example: NAT Address Mapping Edit: One-to-One (2) .......................................... 104
Figure 54 Tutorial Example: NAT Address Mapping Edit: Many-to-One ............................................. 104
Figure 55 Tutorial Example: NAT Address Mapping Done ................................................................. 105
Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... 106
Figure 57 Tutorial Example: NAT Address Mapping Edit: Server ....................................................... 106
Figure 58 Tutorial Example: NAT Port Forwarding ............................................................................... 107
Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... 107
Figure 60 Tutorial Example: Firewall Default Rule .............................................................................. 108
Figure 61 Tutorial Example: Firewall Rule: WAN to LAN .................................................................... 108
Figure 62 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server ...................... 109
Figure 63 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server ........................110
Figure 64 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server ........................111
Figure 65 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server .........................111
Figure 66 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server ........................112
Figure 67 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server .........................113
Figure 68 Tutorial Example: Firewall Rule Summary ............................................................................113
Figure 69 Tutorial Example: NAT Address Mapping Done: Game Playing .........................................115
Figure 70 Tutorial Example: Bandwidth Management ...........................................................................116
Figure 71 Tutorial Example: Bandwidth Management Summary .........................................................117
Figure 72 Tutorial Example: Bandwidth Management Class Setup ......................................................117
Figure 73 Tutorial Example: Bandwidth Management Class Setup: VoIP .............................................118
Figure 74 Tutorial Example: Bandwidth Management Class Setup: FTP .............................................118
Figure 75 Tutorial Example: Bandwidth Management Class Setup: WWW .........................................119
Figure 76 Tutorial Example: Bandwidth Management Class Setup Done .............................................119
Figure 77 Tutorial Example: Bandwidth Management Monitor ............................................................. 120
Figure 78 SECURITY > CONTENT FILTER > General ........................................................................ 121
Figure 79 SECURITY > CONTENT FILTER > Policy ........................................................................... 122
Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default) .......................... 122
Figure 81 HOME > DHCP Table ........................................................................................................... 123
28
ZyWALL 2 Plus User’s Guide
List of Figures
Figure 82 SECURITY > CONTENT FILTER > Policy ........................................................................... 123
Figure 83 SECURITY > CONTENT FILTER > Policy > Insert .............................................................. 124
Figure 84 SECURITY > CONTENT FILTER > Policy ........................................................................... 124
Figure 85 SECURITY > CONTENT FILTER > Policy > Schedule (Bob) .............................................. 125
Figure 86 SECURITY > CONTENT FILTER > Policy ........................................................................... 125
Figure 87 SECURITY > CONTENT FILTER > Policy > External Database (Bob) ............................... 126
Figure 88 REGISTRATION ................................................................................................................... 128
Figure 89 REGISTRATION: Registered Device ................................................................................... 129
Figure 90 REGISTRATION > Service ................................................................................................... 130
Figure 91 LAN and WAN ..................................................................................................................... 133
Figure 92 NETWORK > LAN ................................................................................................................ 137
Figure 93 NETWORK > LAN > Static DHCP ........................................................................................ 139
Figure 94 Physical Network & Partitioned Logical Networks ................................................................ 140
Figure 95 NETWORK > LAN > IP Alias ................................................................................................ 141
Figure 96 NETWORK > LAN > Port Roles ...........................................................................................142
Figure 97 Port Roles Change Complete ............................................................................................... 143
Figure 98 Bridge Loop: Bridge Connected to Wired LAN ..................................................................... 145
Figure 99 NETWORK > Bridge ............................................................................................................. 148
Figure 100 NETWORK > Bridge > Port Roles ...................................................................................... 150
Figure 101 Port Roles Change Complete ............................................................................................. 150
Figure 102 NETWORK > WAN Route ................................................................................................. 152
Figure 103 NETWORK > WAN > WAN (Ethernet Encapsulation) ..................................................... 155
Figure 104 NETWORK > WAN > WAN (PPPoE Encapsulation) ......................................................... 158
Figure 105 NETWORK > WAN > WAN (PPTP Encapsulation) ........................................................... 161
Figure 106 Traffic Redirect WAN Setup ................................................................................................ 164
Figure 107 Traffic Redirect LAN Setup ................................................................................................. 164
Figure 108 NETWORK > WAN > Traffic Redirect ................................................................................ 164
Figure 109 NETWORK > WAN > Dial Backup ................................................................................... 166
Figure 110 NETWORK > WAN > Dial Backup > Edit ......................................................................... 169
Figure 111 NETWORK > DMZ ............................................................................................................. 172
Figure 112 NETWORK > DMZ > Static DHCP ................................................................................... 174
Figure 113 NETWORK > DMZ > IP Alias ............................................................................................ 176
Figure 114 DMZ Public Address Example ............................................................................................ 177
Figure 115 DMZ Private and Public Address Example ......................................................................... 178
Figure 116 NETWORK > DMZ > Port Roles ....................................................................................... 179
Figure 117 NETWORK > WLAN .......................................................................................................... 182
Figure 118 NETWORK > WLAN > Static DHCP .................................................................................. 184
Figure 119 NETWORK > WLAN > IP Alias ......................................................................................... 186
Figure 120 WLAN Port Role Example ................................................................................................. 187
Figure 121 NETWORK > WLAN > Port Roles ..................................................................................... 188
Figure 122 NETWORK > WLAN > Port Roles: Change Complete ....................................................... 188
Figure 123 Default Firewall Action ........................................................................................................ 191
Figure 124 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 192
ZyWALL 2 Plus User’s Guide
29
List of Figures
Figure 125 Default Block Traffic From WAN to DMZ Example ......................................................... 193
Figure 126 From LAN to VPN Example ............................................................................................... 195
Figure 127 Block DMZ to VPN Traffic by Default Example ............................................................... 196
Figure 128 From VPN to LAN Example ............................................................................................... 197
Figure 129 Block VPN to LAN Traffic by Default Example ................................................................. 197
Figure 130 From VPN to VPN Example .............................................................................................. 198
Figure 131 Block VPN to VPN Traffic by Default Example ............................................................... 199
Figure 132 Blocking All LAN to WAN IRC Traffic Example .................................................................. 200
Figure 133 Limited LAN to WAN IRC Traffic Example .......................................................................... 201
Figure 134 Using IP Alias to Solve the Triangle Route Problem .......................................................... 202
Figure 135 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 203
Figure 136 SECURITY > FIREWALL > Default Rule (Bridge Mode) .................................................... 205
Figure 137 SECURITY > FIREWALL > Rule Summary ....................................................................... 207
Figure 138 SECURITY > FIREWALL > Rule Summary > Edit ............................................................ 209
Figure 139 SECURITY > FIREWALL > Anti-Probing ............................................................................211
Figure 140 Three-Way Handshake ....................................................................................................... 212
Figure 141 SECURITY > FIREWALL > Threshold ............................................................................ 213
Figure 142 SECURITY > FIREWALL > Service ................................................................................... 215
Figure 143 Firewall Edit Custom Service ............................................................................................. 216
Figure 144 My Service Firewall Rule Example: Service ...................................................................... 217
Figure 145 My Service Firewall Rule Example: Edit Custom Service ................................................. 217
Figure 146 My Service Firewall Rule Example: Rule Summary ........................................................... 218
Figure 147 My Service Firewall Rule Example: Rule Edit: Source and Destination Addresses .......... 218
Figure 148 My Service Firewall Rule Example: Edit Rule: Service Configuration ................................ 220
Figure 149 My Service Firewall Rule Example: Rule Summary: Completed ........................................ 221
Figure 150 Content Filtering Lookup Procedure ................................................................................... 224
Figure 151 SECURITY > CONTENT FILTER > General ...................................................................... 225
Figure 152 SECURITY > CONTENT FILTER > Policy ......................................................................... 228
Figure 153 SECURITY > CONTENT FILTER > Policy > General ........................................................ 229
Figure 154 SECURITY > CONTENT FILTER > Policy > External Database ....................................... 231
Figure 155 SECURITY > CONTENT FILTER > Policy > Customization .............................................. 238
Figure 156 SECURITY > CONTENT FILTER > Policy > Schedule ...................................................... 240
Figure 157 SECURITY > CONTENT FILTER > Object ........................................................................ 241
Figure 158 SECURITY > CONTENT FILTER > Cache ........................................................................ 244
Figure 159 myZyXEL.com: Login ......................................................................................................... 246
Figure 160 myZyXEL.com: Welcome ................................................................................................... 246
Figure 161 myZyXEL.com: Service Management ................................................................................ 247
Figure 162 Blue Coat: Login ................................................................................................................. 247
Figure 163 Content Filtering Reports Main Screen .............................................................................. 248
Figure 164 Blue Coat: Report Home .................................................................................................... 248
Figure 165 Global Report Screen Example .......................................................................................... 249
Figure 166 Requested URLs Example ................................................................................................. 250
Figure 167 Web Page Review Process Screen ................................................................................... 251
30
ZyWALL 2 Plus User’s Guide