ZyXEL Communications ZyWALL 2 Plus User Manual

ZyWALL 2 Plus

Internet Security Appliance

User’s Guide

Version 4.03
12/2007
Edition 1

www.zyxel.com

About This User's Guide

About This User's Guide

Intended Audience

This manual is intended for people who want to configure the ZyWALL using the web
configurator or System Management Terminal (SMT). You should have at least a basic
knowledge of TCP/IP networking concepts and topology.

Related Documentation

• Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. It contains

information on setting up your network and configuring for Internet access.

• Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary

information.

" It is recommended you use the web configurator to configure the ZyWALL.

• Supporting Disk
Refer to the included CD for support documents.

• ZyXEL Web Site
Please refer to www.zyxel.com

certifications.

User Guide Feedback

Help us help you. Send all User Guide-related comments, questions or suggestions for
improvement to the following address, or use e-mail instead. Thank you!

The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.

E-mail: techwriters@zyxel.com.tw

for additional support documentation and product

ZyWALL 2 Plus User’s Guide

3

Document Conventions

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

1 Warnings tell you about things that could harm you or your device.

" Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ZyWALL 2 Plus may be referred to as the “ZyWALL”, the “device” or the “system”
in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “enter” or “return” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the [ENTER] key.
“Select” or “choose” means for you to use one of the predefined choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For example,
Maintenance > Log > Log Setting means you first click Maintenance in the navigation
panel, then the Log sub menu and finally the Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value. For
example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000”
or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.

4

ZyWALL 2 Plus User’s Guide

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an
exact representation of your device.

ZyWALL Computer Notebook computer

Server DSLAM Firewall

Telephone Switch Router

ZyWALL 2 Plus User’s Guide

5

Safety Warnings

Safety Warnings

1 For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device.

• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in
North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.

• If the power adaptor or cord is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.

6

This product is recyclable. Dispose of it properly.

ZyWALL 2 Plus User’s Guide

Contents Overview

Contents Overview

Introduction and Registration ...............................................................................................45

Getting to Know Your ZyWALL .................................................................................................. 47

Introducing the Web Configurator .............................................................................................. 51

Wizard Setup ............................................................................................................................. 69

Tutorials ..................................................................................................................................... 89

Registration ............................................................................................................................. 127

Network ................................................................................................................................. 131

LAN Screens ........................................................................................................................... 133

Bridge Screens ........................................................................................................................ 145

WAN Screens .......................................................................................................................... 151

DMZ Screens ........................................................................................................................... 171

Wireless LAN ........................................................................................................................... 181

Security ................................................................................................................................. 189

Firewall .................................................................................................................................... 191

Content Filtering Screens ........................................................................................................ 223

Content Filtering Reports ......................................................................................................... 245

IPSec VPN ............................................................................................................................... 253

Certificates ............................................................................................................................... 295

Authentication Server .............................................................................................................. 323

Advanced .............................................................................................................................. 329

Network Address Translation (NAT) ........................................................................................ 331

Static Route ............................................................................................................................. 347

Bandwidth Management .......................................................................................................... 351

DNS ......................................................................................................................................... 365

Remote Management ..............................................................................................................377

UPnP ....................................................................................................................................... 399

Custom Application .................................................................................................................. 409

ALG Screen ..............................................................................................................................411

Logs and Maintenance ........................................................................................................ 417

Logs Screens ........................................................................................................................... 419

Maintenance ............................................................................................................................ 447

ZyWALL 2 Plus User’s Guide

7

Contents Overview

SMT ....................................................................................................................................... 465

Introducing the SMT ................................................................................................................ 467

SMT Menu 1 - General Setup .................................................................................................. 475

WAN and Dial Backup Setup ................................................................................................... 481

LAN Setup ............................................................................................................................... 491

Internet Access ........................................................................................................................ 497

DMZ Setup .............................................................................................................................. 501

Wireless Setup ........................................................................................................................ 505

Remote Node Setup ................................................................................................................ 509

IP Static Route Setup .............................................................................................................. 519

Network Address Translation (NAT) ........................................................................................ 521

Introducing the ZyWALL Firewall ............................................................................................. 539

Filter Configuration .................................................................................................................. 541

SNMP Configuration ................................................................................................................ 557

System Information & Diagnosis ............................................................................................. 559

Firmware and Configuration File Maintenance ........................................................................ 571

System Maintenance Menus 8 to 10 ....................................................................................... 587

Remote Management ..............................................................................................................595

Call Scheduling ........................................................................................................................ 599

Troubleshooting and Specifications ..................................................................................603

Troubleshooting ....................................................................................................................... 605

Product Specifications ............................................................................................................. 613

Appendices and Index ......................................................................................................... 619

8

ZyWALL 2 Plus User’s Guide

Table of Contents

Table of Contents

About This User's Guide ..........................................................................................................3

Document Conventions............................................................................................................4

Safety Warnings........................................................................................................................ 6

Contents Overview ...................................................................................................................7

Table of Contents...................................................................................................................... 9

List of Figures ......................................................................................................................... 27

List of Tables...........................................................................................................................39

Part I: Introduction and Registration ................................................... 45

Chapter 1

Getting to Know Your ZyWALL.............................................................................................. 47

1.1 ZyWALL Internet Security Appliance Overview ................................................................... 47

1.2 Applications for the ZyWALL ............................................................................................... 47

1.2.1 Secure Broadband Internet Access via Cable or DSL Modem .................................. 47

1.2.2 VPN Application ......................................................................................................... 48

1.3 Ways to Manage the ZyWALL ............................................................................................. 48

1.4 Good Habits for Managing the ZyWALL .............................................................................. 49

1.5 LEDs .................................................................................................................................... 49

Chapter 2

Introducing the Web Configurator ........................................................................................51

2.1 Web Configurator Overview ................................................................................................. 51

2.2 Accessing the ZyWALL Web Configurator .......................................................................... 51

2.3 Resetting the ZyWALL ......................................................................................................... 53

2.3.1 Procedure To Use The Reset Button ......................................................................... 53

2.3.2 Uploading a Configuration File Via Console Port ....................................................... 53

2.4 Navigating the ZyWALL Web Configurator .......................................................................... 54

2.4.1 Title Bar ...................................................................................................................... 54

2.4.2 Main Window ..............................................................................................................55

2.4.3 HOME Screen: Router Mode ................................................................................. 55

2.4.4 HOME Screen: Bridge Mode .................................................................................... 57

2.4.5 Navigation Panel ........................................................................................................ 60

ZyWALL 2 Plus User’s Guide

9

Table of Contents

2.4.6 Port Statistics ........................................................................................................... 64

2.4.7 DHCP Table Screen ................................................................................................ 65

2.4.8 VPN Status ................................................................................................................. 66

2.4.9 Bandwidth Monitor .................................................................................................... 67

Chapter 3

Wizard Setup ...........................................................................................................................69

3.1 Wizard Setup Overview ...................................................................................................... 69

3.2 Internet Access ................................................................................................................... 70

3.2.1 ISP Parameters .......................................................................................................... 70

3.2.2 Internet Access Wizard: Second Screen .................................................................... 75

3.2.3 Internet Access Wizard: Registration ......................................................................... 76

3.3 VPN Wizard Gateway Setting .............................................................................................. 79

3.4 VPN Wizard Network Setting ............................................................................................... 80

3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) ................................................................... 82

3.6 VPN Wizard IPSec Setting (IKE Phase 2) ........................................................................... 83

3.7 VPN Wizard Status Summary .............................................................................................. 85

3.8 VPN Wizard Setup Complete .............................................................................................. 87

Chapter 4

Tutorials ................................................................................................................................... 89

4.1 Security Settings for VPN Traffic ......................................................................................... 89

4.1.1 Firewall Rule for VPN Example .................................................................................. 89

4.1.2 Configuring the VPN Rule .......................................................................................... 90

4.1.3 Configuring the Firewall Rules ................................................................................... 93

4.2 Using NAT with Multiple Public IP Addresses ...................................................................... 97

4.2.1 Example Parameters and Scenario ........................................................................... 97

4.2.2 Configuring the WAN Connection with a Static IP Address ........................................ 98

4.2.3 Public IP Address Mapping ...................................................................................... 101

4.2.4 Forwarding Traffic from the WAN to a Local Computer ............................................ 105

4.2.5 Allow WAN-to-LAN Traffic through the Firewall ........................................................ 107

4.2.6 Testing the Connections ............................................................................................114

4.3 Using NAT with Multiple Game Players ..............................................................................114

4.4 How to Manage the ZyWALL’s Bandwidth ..........................................................................115

4.4.1 Example Parameters and Scenario ..........................................................................115

4.4.2 Configuring Bandwidth Management Rules ..............................................................116

4.5 Configuring Content Filtering ............................................................................................. 120

4.5.1 Enable Content Filtering ........................................................................................... 120

4.5.2 Block Categories of Web Content ............................................................................ 121

4.5.3 Assign Bob’s Computer a Specific IP Address ......................................................... 123

4.5.4 Create a Content Filter Policy for Bob ...................................................................... 123

4.5.5 Set the Content Filter Schedule ............................................................................... 124

4.5.6 Block Categories of Web Content for Bob ............................................................... 125

10

ZyWALL 2 Plus User’s Guide

Table of Contents

Chapter 5

Registration........................................................................................................................... 127

5.1 myZyXEL.com overview .................................................................................................... 127

5.1.1 Content Filtering Subscription Service ..................................................................... 127

5.2 Registration ....................................................................................................................... 128

5.3 Service ............................................................................................................................... 129

Part II: Network..................................................................................... 131

Chapter 6

LAN Screens.......................................................................................................................... 133

6.1 LAN, WAN and the ZyWALL .............................................................................................. 133

6.2 IP Address and Subnet Mask ............................................................................................ 133

6.2.1 Private IP Addresses ................................................................................................ 134

6.3 DHCP ................................................................................................................................ 135

6.3.1 IP Pool Setup ........................................................................................................... 135

6.4 RIP Setup .......................................................................................................................... 135

6.5 Multicast ............................................................................................................................ 135

6.6 WINS ................................................................................................................................. 136

6.7 LAN .................................................................................................................................... 136

6.8 LAN Static DHCP ............................................................................................................... 139

6.9 LAN IP Alias .................................................................................................................... 140

6.10 LAN Port Roles ................................................................................................................ 142

Chapter 7

Bridge Screens...................................................................................................................... 145

7.1 Bridge Loop ....................................................................................................................... 145

7.2 Spanning Tree Protocol (STP) ........................................................................................... 146

7.2.1 Rapid STP ................................................................................................................146

7.2.2 STP Terminology ...................................................................................................... 146

7.2.3 How STP Works ....................................................................................................... 146

7.2.4 STP Port States ........................................................................................................ 147

7.3 Bridge ................................................................................................................................ 147

7.4 Bridge Port Roles ............................................................................................................. 149

Chapter 8

WAN Screens......................................................................................................................... 151

8.1 WAN Overview .................................................................................................................. 151

8.2 TCP/IP Priority (Metric) ...................................................................................................... 151

8.3 WAN Route ........................................................................................................................ 151

8.4 WAN IP Address Assignment ............................................................................................ 153

ZyWALL 2 Plus User’s Guide

11

Table of Contents

8.5 DNS Server Address Assignment ................................................................................... 153

8.6 WAN MAC Address ........................................................................................................... 154

8.7 WAN ................................................................................................................................ 154

8.7.1 WAN Ethernet Encapsulation ................................................................................... 154

8.7.2 PPPoE Encapsulation .............................................................................................. 157

8.7.3 PPTP Encapsulation ................................................................................................ 160

8.8 Traffic Redirect ................................................................................................................ 163

8.9 Configuring Traffic Redirect ...............................................................................................164

8.10 Configuring Dial Backup .................................................................................................. 165

8.11 Advanced Modem Setup ................................................................................................ 168

8.11.1 AT Command Strings ............................................................................................. 168

8.11.2 DTR Signal ............................................................................................................. 168

8.11.3 Response Strings ................................................................................................... 169

8.12 Configuring Advanced Modem Setup .............................................................................. 169

Chapter 9

DMZ Screens ......................................................................................................................... 171

9.1 DMZ ................................................................................................................................. 171

9.2 Configuring DMZ ............................................................................................................... 171

9.3 DMZ Static DHCP ............................................................................................................ 174

9.4 DMZ IP Alias .................................................................................................................... 175

9.5 DMZ Public IP Address Example ...................................................................................... 177

9.6 DMZ Private and Public IP Address Example ................................................................... 177

9.7 DMZ Port Roles ............................................................................................................... 178

Chapter 10

Wireless LAN.........................................................................................................................181

10.1 Wireless LAN Introduction ............................................................................................... 181

10.2 Configuring WLAN ......................................................................................................... 181

10.3 WLAN Static DHCP ....................................................................................................... 184

10.4 WLAN IP Alias ............................................................................................................... 185

10.5 WLAN Port Roles ........................................................................................................... 187

Part III: Security.................................................................................... 189

Chapter 11

Firewall................................................................................................................................... 191

12

11.1 Firewall Overview ............................................................................................................ 191

11.2 Packet Direction Matrix .................................................................................................... 192

11.3 Packet Direction Examples .............................................................................................. 193

11.3.1 To VPN Packet Direction ........................................................................................ 195

ZyWALL 2 Plus User’s Guide

Table of Contents

11.3.2 From VPN Packet Direction ................................................................................... 196

11.3.3 From VPN To VPN Packet Direction ...................................................................... 198

11.4 Security Considerations ...................................................................................................199

11.5 Firewall Rules Example ................................................................................................... 200

11.6 Asymmetrical Routes .......................................................................................................201

11.6.1 Asymmetrical Routes and IP Alias ......................................................................... 202

11.7 Firewall Default Rule (Router Mode) ................................................................................ 202

11.8 Firewall Default Rule (Bridge Mode) .............................................................................. 204

11.9 Firewall Rule Summary ................................................................................................... 206

11.9.1 Firewall Edit Rule ................................................................................................. 208

11.10 Anti-Probing ..................................................................................................................211

11.11 Firewall Thresholds ..................................................................................................... 212

11.11.1 Threshold Values .................................................................................................. 213

11.12 Threshold Screen ........................................................................................................... 213

11.13 Service .......................................................................................................................... 215

11.13.1 Firewall Edit Custom Service .............................................................................. 216

11.14 My Service Firewall Rule Example ................................................................................ 217

Chapter 12

Content Filtering Screens ....................................................................................................223

12.1 Content Filtering Overview .............................................................................................. 223

12.1.1 Restrict Web Features ........................................................................................... 223

12.1.2 Create a Filter List .................................................................................................. 223

12.1.3 Customize Web Site Access ................................................................................. 223

12.2 Content Filtering with an External Database ................................................................... 223

12.3 Content Filter General Screen ........................................................................................ 224

12.4 Content Filter Policy ..................................................................................................... 227

12.5 Content Filter Policy: General ......................................................................................... 229

12.6 Content Filter Policy: External Database ........................................................................ 230

12.7 Content Filter Policy: Customization ............................................................................... 237

12.8 Content Filter Policy: Schedule ...................................................................................... 239

12.9 Content Filter Object ..................................................................................................... 240

12.10 Customizing Keyword Blocking URL Checking ............................................................. 242

12.10.1 Domain Name or IP Address URL Checking ....................................................... 242

12.10.2 Full Path URL Checking ....................................................................................... 243

12.10.3 File Name URL Checking ..................................................................................... 243

12.11 Content Filtering Cache ............................................................................................... 243

Chapter 13

Content Filtering Reports.....................................................................................................245

13.1 Checking Content Filtering Activation .............................................................................. 245

13.2 Viewing Content Filtering Reports ................................................................................... 245

13.3 Web Site Submission .......................................................................................................250

ZyWALL 2 Plus User’s Guide

13

Table of Contents

Chapter 14

IPSec VPN.............................................................................................................................. 253

14.1 IPSec VPN Overview ..................................................................................................... 253

14.1.1 IKE SA Overview .................................................................................................... 254

14.2 VPN Rules (IKE) .............................................................................................................. 255

14.3 IKE SA Setup .................................................................................................................. 257

14.3.1 IKE SA Proposal .................................................................................................... 257

14.4 Additional IPSec VPN Topics ........................................................................................... 261

14.4.1 SA Life Time ........................................................................................................... 262

14.4.2 IPSec High Availability ........................................................................................... 262

14.4.3 Encryption and Authentication Algorithms ............................................................. 263

14.5 VPN Rules (IKE) Gateway Policy Edit ............................................................................. 264

14.6 IPSec SA Overview .....................................................................................................270

14.6.1 Local Network and Remote Network ...................................................................... 270

14.6.2 Virtual Address Mapping ........................................................................................ 271

14.6.3 Active Protocol ....................................................................................................... 272

14.6.4 Encapsulation ......................................................................................................... 272

14.6.5 IPSec SA Proposal and Perfect Forward Secrecy ................................................. 273

14.7 VPN Rules (IKE) Network Policy Edit ............................................................................. 273

14.8 Network Policy Port Forwarding ................................................................................... 278

14.9 Network Policy Move .....................................................................................................280

14.10 IPSec SA Using Manual Keys ................................................................................... 281

14.10.1 IPSec SA Proposal Using Manual Keys ............................................................... 281

14.10.2 Authentication and the Security Parameter Index (SPI) ....................................... 281

14.11 VPN Rules (Manual) ...................................................................................................... 281

14.12 VPN Rules (Manual) Edit ............................................................................................ 283

14.13 VPN SA Monitor .......................................................................................................... 285

14.14 VPN Global Setting ....................................................................................................... 286

14.14.1 Local and Remote IP Address Conflict Resolution .............................................. 286

14.15 Telecommuter VPN/IPSec Examples ............................................................................ 289

14.15.1 Telecommuters Sharing One VPN Rule Example ................................................ 289

14.15.2 Telecommuters Using Unique VPN Rules Example ............................................. 290

14.16 VPN and Remote Management ..................................................................................... 291

14.17 Hub-and-spoke VPN ...................................................................................................... 292

14.17.1 Hub-and-spoke VPN Example ............................................................................. 293

14.17.2 Hub-and-spoke Example VPN Rule Addresses ................................................... 293

14.17.3 Hub-and-spoke VPN Requirements and Suggestions ......................................... 294

Chapter 15

Certificates ............................................................................................................................295

15.1 Certificates Overview ....................................................................................................... 295

15.1.1 Advantages of Certificates ..................................................................................... 296

15.2 Self-signed Certificates .................................................................................................... 296

14

ZyWALL 2 Plus User’s Guide

Table of Contents

15.3 Verifying a Certificate ....................................................................................................... 296

15.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 296

15.4 Configuration Summary ................................................................................................... 297

15.5 My Certificates ................................................................................................................ 298

15.6 My Certificate Details ..................................................................................................... 300

15.7 My Certificate Export ...................................................................................................... 302

15.7.1 Certificate File Export Formats ............................................................................... 302

15.8 My Certificate Import ..................................................................................................... 303

15.8.1 Certificate File Formats .......................................................................................... 303

15.9 My Certificate Create ..................................................................................................... 305

15.10 Trusted CAs ................................................................................................................. 310

15.11 Trusted CA Details ........................................................................................................ 312

15.12 Trusted CA Import ....................................................................................................... 314

15.13 Trusted Remote Hosts ................................................................................................. 315

15.14 Trusted Remote Host Certificate Details ..................................................................... 316

15.15 Trusted Remote Hosts Import ...................................................................................... 319

15.16 Directory Servers .......................................................................................................... 320

15.17 Directory Server Add or Edit ........................................................................................ 321

Chapter 16

Authentication Server...........................................................................................................323

16.1 Authentication Server Overview ...................................................................................... 323

16.1.1 Local User Database .............................................................................................. 323

16.1.2 RADIUS ..................................................................................................................323

16.1.3 Types of RADIUS Messages .................................................................................. 323

16.2 Local User Database .....................................................................................................324

16.3 RADIUS ......................................................................................................................... 326

Part IV: Advanced ................................................................................ 329

Chapter 17

Network Address Translation (NAT).................................................................................... 331

17.1 NAT Overview ................................................................................................................ 331

17.1.1 NAT Definitions ...................................................................................................... 331

17.1.2 What NAT Does ..................................................................................................... 332

17.1.3 How NAT Works ..................................................................................................... 332

17.1.4 NAT Application ...................................................................................................... 333

17.1.5 Port Restricted Cone NAT ...................................................................................... 334

17.1.6 NAT Mapping Types ............................................................................................... 334

17.2 Using NAT ........................................................................................................................ 335

17.2.1 SUA (Single User Account) Versus NAT ................................................................ 335

ZyWALL 2 Plus User’s Guide

15

Table of Contents

17.3 NAT Overview Screen ..................................................................................................... 336

17.4 NAT Address Mapping ................................................................................................... 337

17.4.1 What NAT Does ..................................................................................................... 337

17.4.2 NAT Address Mapping Edit .................................................................................. 339

17.5 Port Forwarding .............................................................................................................. 340

17.5.1 Default Server IP Address ...................................................................................... 340

17.5.2 Port Forwarding: Services and Port Numbers ........................................................ 341

17.5.3 Configuring Servers Behind Port Forwarding (Example) ....................................... 341

17.5.4 Port Translation ...................................................................................................... 341

17.6 Port Forwarding Screen ................................................................................................... 342

17.7 Port Triggering ............................................................................................................... 344

Chapter 18

Static Route ........................................................................................................................... 347

18.1 IP Static Route .............................................................................................................. 347

18.2 IP Static Route ................................................................................................................. 348

18.2.1 IP Static Route Edit .............................................................................................. 349

Chapter 19

Bandwidth Management.......................................................................................................351

19.1 Bandwidth Management Overview ................................................................................. 351

19.2 Bandwidth Classes and Filters ........................................................................................ 351

19.3 Proportional Bandwidth Allocation ................................................................................... 352

19.4 Application-based Bandwidth Management .................................................................... 352

19.5 Subnet-based Bandwidth Management .......................................................................... 352

19.6 Application and Subnet-based Bandwidth Management ................................................. 352

19.7 Scheduler ........................................................................................................................ 353

19.7.1 Priority-based Scheduler ........................................................................................ 353

19.7.2 Fairness-based Scheduler ..................................................................................... 353

19.7.3 Maximize Bandwidth Usage ................................................................................... 353

19.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic .......................................... 353

19.7.5 Maximize Bandwidth Usage Example .................................................................... 354

19.8 Bandwidth Borrowing .......................................................................................................355

19.8.1 Bandwidth Borrowing Example .............................................................................. 355

19.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................................. 356

19.10 Over Allotment of Bandwidth ......................................................................................... 356

19.11 Configuring Summary .................................................................................................... 357

19.12 Configuring Class Setup .............................................................................................. 358

19.12.1 Bandwidth Manager Class Configuration ........................................................... 359

19.12.2 Bandwidth Management Statistics ................................................................... 362

19.13 Bandwidth Manager Monitor ........................................................................................ 363

Chapter 20

DNS ........................................................................................................................................ 365

16

ZyWALL 2 Plus User’s Guide

Table of Contents

20.1 DNS Overview ............................................................................................................... 365

20.2 DNS Server Address Assignment ................................................................................... 365

20.3 DNS Servers .................................................................................................................... 365

20.4 Address Record ............................................................................................................... 366

20.4.1 DNS Wildcard ......................................................................................................... 366

20.5 Name Server Record ....................................................................................................... 366

20.5.1 Private DNS Server ................................................................................................ 366

20.6 System Screen ................................................................................................................ 367

20.6.1 Adding an Address Record .................................................................................. 368

20.6.2 Inserting a Name Server Record .......................................................................... 369

20.7 DNS Cache .................................................................................................................... 371

20.8 Configure DNS Cache ..................................................................................................... 371

20.9 Configuring DNS DHCP ................................................................................................ 372

20.10 Dynamic DNS .............................................................................................................. 374

20.10.1 DYNDNS Wildcard ............................................................................................... 374

20.11 Configuring Dynamic DNS ............................................................................................. 374

Chapter 21

Remote Management............................................................................................................ 377

21.1 Remote Management Overview ...................................................................................... 377

21.1.1 Remote Management Limitations .......................................................................... 378

21.1.2 System Timeout ..................................................................................................... 378

21.2 WWW (HTTP and HTTPS) ............................................................................................. 378

21.3 WWW Configuration ........................................................................................................ 379

21.4 HTTPS Example .............................................................................................................. 380

21.4.1 Internet Explorer Warning Messages ..................................................................... 381

21.4.2 Netscape Navigator Warning Messages ................................................................ 381

21.4.3 Avoiding the Browser Warning Messages .............................................................. 382

21.4.4 Login Screen .......................................................................................................... 383

21.5 SSH .............................................................................................................................. 385

21.6 How SSH Works .............................................................................................................. 385

21.7 SSH Implementation on the ZyWALL .............................................................................. 386

21.7.1 Requirements for Using SSH ................................................................................. 386

21.8 Configuring SSH .............................................................................................................. 386

21.9 Secure Telnet Using SSH Examples ............................................................................... 387

21.9.1 Example 1: Microsoft Windows .............................................................................. 387

21.9.2 Example 2: Linux .................................................................................................... 388

21.10 Secure FTP Using SSH Example .................................................................................. 389

21.11 Telnet ........................................................................................................................... 390

21.12 Configuring TELNET ..................................................................................................... 390

21.13 FTP .............................................................................................................................. 391

21.14 SNMP .......................................................................................................................... 392

21.14.1 Supported MIBs ................................................................................................... 393

ZyWALL 2 Plus User’s Guide

17

Table of Contents

21.14.2 SNMP Traps ......................................................................................................... 393

21.14.3 REMOTE MANAGEMENT: SNMP ....................................................................... 393

21.15 DNS ............................................................................................................................. 395

21.16 Introducing Vantage CNM ............................................................................................. 395

21.17 Configuring CNM ........................................................................................................... 396

21.17.1 Additional Configuration for Vantage CNM .......................................................... 397

Chapter 22

UPnP ...................................................................................................................................... 399

22.1 Universal Plug and Play Overview ................................................................................ 399

22.1.1 How Do I Know If I'm Using UPnP? ....................................................................... 399

22.1.2 NAT Traversal ........................................................................................................ 399

22.1.3 Cautions with UPnP ............................................................................................... 399

22.1.4 UPnP and ZyXEL ................................................................................................... 400

22.2 Configuring UPnP ............................................................................................................ 400

22.3 Displaying UPnP Port Mapping .................................................................................... 401

22.4 Installing UPnP in Windows Example .............................................................................. 402

22.4.1 Installing UPnP in Windows Me ............................................................................. 403

22.4.2 Installing UPnP in Windows XP ............................................................................. 404

22.5 Using UPnP in Windows XP Example ............................................................................. 404

22.5.1 Auto-discover Your UPnP-enabled Network Device .............................................. 405

22.5.2 Web Configurator Easy Access ............................................................................. 406

Chapter 23

Custom Application ..............................................................................................................409

23.1 Custom Applicaton ......................................................................................................... 409

23.2 Custom Applicaton Configuration .................................................................................... 409

Chapter 24

ALG Screen ........................................................................................................................... 411

24.1 ALG Introduction ..............................................................................................................411

24.1.1 ALG and NAT ..........................................................................................................411

24.1.2 ALG and the Firewall ...............................................................................................411

24.2 FTP .................................................................................................................................. 412

24.3 H.323 ............................................................................................................................... 412

24.4 RTP .................................................................................................................................. 412

24.4.1 H.323 ALG Details ................................................................................................. 412

24.5 SIP ................................................................................................................................... 413

24.5.1 STUN ..................................................................................................................... 413

24.5.2 SIP ALG Details ..................................................................................................... 413

24.5.3 SIP Signaling Session Timeout .............................................................................. 414

24.5.4 SIP Audio Session Timeout .................................................................................... 414

24.6 ALG Screen ..................................................................................................................... 414

18

ZyWALL 2 Plus User’s Guide

Table of Contents

Part V: Logs and Maintenance ............................................................ 417

Chapter 25

Logs Screens ........................................................................................................................419

25.1 Configuring View Log ...................................................................................................... 419

25.2 Log Description Example ................................................................................................. 420

25.2.1 About the Certificate Not Trusted Log .................................................................... 421

25.3 Configuring Log Settings ................................................................................................ 422

25.4 Configuring Reports ....................................................................................................... 425

25.4.1 Viewing Web Site Hits ............................................................................................ 427

25.4.2 Viewing Host IP Address ........................................................................................ 427

25.4.3 Viewing Protocol/Port ............................................................................................. 428

25.4.4 System Reports Specifications ............................................................................... 430

25.5 Log Descriptions .............................................................................................................. 430

25.6 Syslog Logs .................................................................................................................... 445

Chapter 26

Maintenance .......................................................................................................................... 447

26.1 Maintenance Overview .................................................................................................... 447

26.2 General Setup and System Name ................................................................................... 447

26.2.1 General Setup ....................................................................................................... 447

26.3 Configuring Password .................................................................................................... 448

26.4 Time and Date ................................................................................................................ 449

26.5 Pre-defined NTP Time Server Pools ............................................................................... 452

26.5.1 Resetting the Time ................................................................................................. 452

26.5.2 Time Server Synchronization ................................................................................. 452

26.6 Introduction To Transparent Bridging ............................................................................... 453

26.7 Transparent Firewalls ...................................................................................................... 454

26.8 Configuring Device Mode (Router) ................................................................................. 454

26.9 Configuring Device Mode (Bridge) ................................................................................. 455

26.10 F/W Upload Screen ...................................................................................................... 457

26.11 Backup and Restore ..................................................................................................... 459

26.11.1 Backup Configuration ........................................................................................... 460

26.11.2 Restore Configuration .......................................................................................... 460

26.11.3 Back to Factory Defaults ..................................................................................... 461

26.12 Restart Screen .............................................................................................................. 461

26.13 Diagnostics .................................................................................................................... 462

Part VI: SMT.......................................................................................... 465

ZyWALL 2 Plus User’s Guide

19

Table of Contents

Chapter 27

Introducing the SMT .............................................................................................................467

27.1 Introduction to the SMT ...................................................................................................467

27.2 Accessing the SMT via the Console Port ........................................................................ 467

27.2.1 Initial Screen ..........................................................................................................467

27.2.2 Entering the Password ........................................................................................... 468

27.3 Navigating the SMT Interface .......................................................................................... 468

27.3.1 Main Menu ............................................................................................................. 469

27.3.2 SMT Menus Overview ............................................................................................ 471

27.4 Changing the System Password ..................................................................................... 472

27.5 Resetting the ZyWALL ..................................................................................................... 473

Chapter 28

SMT Menu 1 - General Setup ............................................................................................... 475

28.1 Introduction to General Setup .......................................................................................... 475

28.2 Configuring General Setup .............................................................................................. 475

28.2.1 Configuring Dynamic DNS ..................................................................................... 476

Chapter 29

WAN and Dial Backup Setup................................................................................................ 481

29.1 Introduction to WAN and Dial Backup Setup ................................................................... 481

29.2 WAN Setup ...................................................................................................................... 481

29.3 Dial Backup ..................................................................................................................... 482

29.4 Configuring Dial Backup in Menu 2 ................................................................................. 482

29.5 Advanced WAN Setup ..................................................................................................... 483

29.6 Remote Node Profile (Backup ISP) ................................................................................. 485

29.7 Editing TCP/IP Options ....................................................................................................487

29.8 Editing Login Script .......................................................................................................... 488

29.9 Remote Node Filter ......................................................................................................... 489

Chapter 30

LAN Setup.............................................................................................................................. 491

30.1 Introduction to LAN Setup ............................................................................................... 491

30.2 Accessing the LAN Menus .............................................................................................. 491

30.3 LAN Port Filter Setup ....................................................................................................... 491

30.4 TCP/IP and DHCP Ethernet Setup Menu ........................................................................ 492

30.4.1 IP Alias Setup ......................................................................................................... 495

Chapter 31

Internet Access ..................................................................................................................... 497

31.1 Introduction to Internet Access Setup .............................................................................. 497

31.2 Ethernet Encapsulation ................................................................................................... 497

31.3 Configuring the PPTP Client ............................................................................................ 499

20

ZyWALL 2 Plus User’s Guide

Table of Contents

31.4 Configuring the PPPoE Client ......................................................................................... 499

31.5 Basic Setup Complete ..................................................................................................... 500

Chapter 32

DMZ Setup ............................................................................................................................. 501

32.1 Configuring DMZ Setup ................................................................................................... 501

32.2 DMZ Port Filter Setup ...................................................................................................... 501

32.3 TCP/IP Setup ................................................................................................................... 502

32.3.1 IP Address ..............................................................................................................502

32.3.2 IP Alias Setup ......................................................................................................... 503

Chapter 33

Wireless Setup ......................................................................................................................505

33.1 TCP/IP Setup ................................................................................................................... 505

33.1.1 IP Address ..............................................................................................................505

33.1.2 IP Alias Setup ......................................................................................................... 506

Chapter 34

Remote Node Setup..............................................................................................................509

34.1 Introduction to Remote Node Setup ................................................................................ 509

34.2 Remote Node Setup ........................................................................................................ 509

34.3 Remote Node Profile Setup ............................................................................................. 509

34.3.1 Ethernet Encapsulation .......................................................................................... 510

34.3.2 PPPoE Encapsulation .............................................................................................511

34.3.3 PPTP Encapsulation .............................................................................................. 513

34.4 Edit IP .............................................................................................................................. 514

34.5 Remote Node Filter ......................................................................................................... 516

34.6 Traffic Redirect ................................................................................................................ 517

Chapter 35

IP Static Route Setup............................................................................................................ 519

35.1 IP Static Route Setup ...................................................................................................... 519

Chapter 36

Network Address Translation (NAT).................................................................................... 521

36.1 Using NAT ........................................................................................................................ 521

36.1.1 SUA (Single User Account) Versus NAT ................................................................ 521

36.1.2 Applying NAT ......................................................................................................... 521

36.2 NAT Setup ....................................................................................................................... 523

36.2.1 Address Mapping Sets ........................................................................................... 523

36.3 Configuring a Server behind NAT .................................................................................... 528

36.4 General NAT Examples ................................................................................................... 530

36.4.1 Internet Access Only .............................................................................................. 530

ZyWALL 2 Plus User’s Guide

21

Table of Contents

36.4.2 Example 2: Internet Access with a Default Server ................................................. 532

36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............................. 532

36.4.4 Example 4: NAT Unfriendly Application Programs ................................................. 536

36.5 Trigger Port Forwarding ...................................................................................................537

36.5.1 Two Points To Remember About Trigger Ports ...................................................... 537

Chapter 37

Introducing the ZyWALL Firewall ........................................................................................539

37.1 Using ZyWALL SMT Menus ............................................................................................ 539

37.1.1 Activating the Firewall ............................................................................................ 539

Chapter 38

Filter Configuration............................................................................................................... 541

38.1 Introduction to Filters ....................................................................................................... 541

38.1.1 The Filter Structure of the ZyWALL ........................................................................ 542

38.2 Configuring a Filter Set .................................................................................................... 544

38.2.1 Configuring a Filter Rule ........................................................................................ 546

38.2.2 Configuring a TCP/IP Filter Rule ............................................................................ 546

38.2.3 Configuring a Generic Filter Rule ........................................................................... 549

38.3 Example Filter .................................................................................................................. 550

38.4 Filter Types and NAT ....................................................................................................... 552

38.5 Firewall Versus Filters ..................................................................................................... 552

38.5.1 Packet Filtering: ..................................................................................................... 552

38.5.2 Firewall ................................................................................................................... 553

38.6 Applying a Filter .............................................................................................................. 553

38.6.1 Applying LAN Filters ............................................................................................... 554

38.6.2 Applying DMZ Filters .............................................................................................. 554

38.6.3 Applying Remote Node Filters ............................................................................... 555

Chapter 39

SNMP Configuration.............................................................................................................557

39.1 SNMP Configuration ........................................................................................................557

39.2 SNMP Traps .................................................................................................................... 558

Chapter 40

System Information & Diagnosis.........................................................................................559

40.1 Introduction to System Status .......................................................................................... 559

40.2 System Status .................................................................................................................. 559

40.3 System Information and Console Port Speed .................................................................. 561

40.3.1 System Information ................................................................................................ 561

40.3.2 Console Port Speed ............................................................................................... 562

40.4 Log and Trace .................................................................................................................. 562

40.4.1 Viewing Error Log ................................................................................................... 562

22

ZyWALL 2 Plus User’s Guide

Table of Contents

40.4.2 Syslog Logging ....................................................................................................... 563

40.4.3 Call-Triggering Packet ............................................................................................ 566

40.5 Diagnostic ........................................................................................................................ 567

40.5.1 WAN DHCP ............................................................................................................ 568

Chapter 41

Firmware and Configuration File Maintenance..................................................................571

41.1 Introduction ...................................................................................................................... 571

41.2 Filename Conventions ..................................................................................................... 571

41.3 Backup Configuration ......................................................................................................572

41.3.1 Backup Configuration ............................................................................................. 572

41.3.2 Using the FTP Command from the Command Line ............................................... 573

41.3.3 Example of FTP Commands from the Command Line .......................................... 574

41.3.4 GUI-based FTP Clients .......................................................................................... 574

41.3.5 File Maintenance Over WAN .................................................................................. 574

41.3.6 Backup Configuration Using TFTP ......................................................................... 575

41.3.7 TFTP Command Example ...................................................................................... 575

41.3.8 GUI-based TFTP Clients ........................................................................................ 575

41.3.9 Backup Via Console Port ....................................................................................... 576

41.4 Restore Configuration ...................................................................................................... 577

41.4.1 Restore Using FTP ................................................................................................. 577

41.4.2 Restore Using FTP Session Example .................................................................... 578

41.4.3 Restore Via Console Port ....................................................................................... 579

41.5 Uploading Firmware and Configuration Files .................................................................. 579

41.5.1 Firmware File Upload ............................................................................................. 580

41.5.2 Configuration File Upload ....................................................................................... 580

41.5.3 FTP File Upload Command from the DOS Prompt Example ................................. 581

41.5.4 FTP Session Example of Firmware File Upload .................................................... 582

41.5.5 TFTP File Upload ................................................................................................... 582

41.5.6 TFTP Upload Command Example ......................................................................... 583

41.5.7 Uploading Via Console Port ................................................................................... 583

41.5.8 Uploading Firmware File Via Console Port ............................................................ 583

41.5.9 Example Xmodem Firmware Upload Using HyperTerminal ................................... 583

41.5.10 Uploading Configuration File Via Console Port .................................................... 584

41.5.11 Example Xmodem Configuration Upload Using HyperTerminal ........................... 585

Chapter 42

System Maintenance Menus 8 to 10....................................................................................587

42.1 Command Interpreter Mode ............................................................................................ 587

42.1.1 Command Syntax ................................................................................................... 588

42.1.2 Command Usage ................................................................................................... 588

42.2 Call Control Support ........................................................................................................ 589

42.2.1 Budget Management .............................................................................................. 589

ZyWALL 2 Plus User’s Guide

23

Table of Contents

42.2.2 Call History ............................................................................................................. 590

42.3 Time and Date Setting .....................................................................................................591

Chapter 43

Remote Management............................................................................................................ 595

43.1 Remote Management ...................................................................................................... 595

43.1.1 Remote Management Limitations .......................................................................... 597

Chapter 44

Call Scheduling..................................................................................................................... 599

44.1 Introduction to Call Scheduling ........................................................................................ 599

Part VII: Troubleshooting and Specifications ................................... 603

Chapter 45

Troubleshooting....................................................................................................................605

45.1 Power, Hardware Connections, and LEDs ...................................................................... 605

45.2 ZyWALL Access and Login .............................................................................................. 606

45.3 Internet Access ................................................................................................................ 608

45.4 Wireless Router/AP Troubleshooting ............................................................................... 610

45.5 UPnP ............................................................................................................................... 610

Chapter 46

Product Specifications.........................................................................................................613

46.1 General ZyWALL Specifications ...................................................................................... 613

46.2 Cable Pin Assignments ................................................................................................... 615

46.3 Wall-mounting Instructions .............................................................................................. 617

Part VIII: Appendices and Index ......................................................... 619

Appendix A Setting up Your Computer’s IP Address............................................................ 621

Appendix B Pop-up Windows, JavaScripts and Java Permissions ......................................637

Appendix C IP Addresses and Subnetting ........................................................................... 645

Appendix D Common Services ............................................................................................653

Appendix E Importing Certificates ........................................................................................657

Appendix F Legal Information ..............................................................................................669

Appendix G Customer Support ............................................................................................673

24

ZyWALL 2 Plus User’s Guide

Table of Contents

Index....................................................................................................................................... 679

ZyWALL 2 Plus User’s Guide

25

Table of Contents

26

ZyWALL 2 Plus User’s Guide

List of Figures

List of Figures

Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ................................................... 48

Figure 2 VPN Application ....................................................................................................................... 48

Figure 3 Front Panel .............................................................................................................................. 49

Figure 4 Change Password Screen ........................................................................................................ 52

Figure 5 Replace Certificate Screen ....................................................................................................... 52

Figure 6 Example Xmodem Upload ........................................................................................................ 53

Figure 7 HOME Screen .......................................................................................................................... 54

Figure 8 Web Configurator HOME Screen in Router Mode ................................................................... 55

Figure 9 Web Configurator HOME Screen in Bridge Mode .................................................................... 58

Figure 10 HOME > Show Statistics ........................................................................................................ 64

Figure 11 HOME > DHCP Table ............................................................................................................. 65

Figure 12 HOME > VPN Status .............................................................................................................. 66

Figure 13 Home > Bandwidth Monitor .................................................................................................... 67

Figure 14 Wizard Setup Welcome .......................................................................................................... 69

Figure 15 ISP Parameters: Ethernet Encapsulation ...............................................................................70

Figure 16 ISP Parameters: PPPoE Encapsulation ................................................................................. 72

Figure 17 ISP Parameters: PPTP Encapsulation ...................................................................................74

Figure 18 Internet Access Wizard: Second Screen ................................................................................75

Figure 19 Internet Access Setup Complete ............................................................................................ 76

Figure 20 Internet Access Wizard: Registration ..................................................................................... 77

Figure 21 Internet Access Wizard: Registration in Progress .................................................................. 78

Figure 22 Internet Access Wizard: Status .............................................................................................. 78

Figure 23 Internet Access Wizard: Registration Failed ..........................................................................78

Figure 24 Internet Access Wizard: Registered Device ........................................................................... 79

Figure 25 Internet Access Wizard: Activated Services ...........................................................................79

Figure 26 VPN Wizard: Gateway Setting ............................................................................................... 80

Figure 27 VPN Wizard: Network Setting ................................................................................................ 81

Figure 28 VPN Wizard: IKE Tunnel Setting ............................................................................................ 82

Figure 29 VPN Wizard: IPSec Setting .................................................................................................... 84

Figure 30 VPN Wizard: VPN Status ....................................................................................................... 85

Figure 31 VPN Wizard Setup Complete ................................................................................................. 87

Figure 32 Firewall Rule for VPN ............................................................................................................. 90

Figure 33 SECURITY > VPN > VPN Rules (IKE) .................................................................................. 90

Figure 34 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy ............................................. 91

Figure 35 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example ................................ 92

Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy ............................................... 93

Figure 37 SECURITY > FIREWALL > Rule Summary ........................................................................... 94

Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow ..................................................... 95

ZyWALL 2 Plus User’s Guide

27

List of Figures

Figure 39 SECURITY > FIREWALL > Rule Summary: Allow ................................................................. 96

Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN ...................................... 96

Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses ............................................... 97

Figure 42 Tutorial Example: WAN Connection with a Static Public IP Address ..................................... 98

Figure 43 Tutorial Example: WAN Screen ............................................................................................. 99

Figure 44 Tutorial Example: DNS > System ........................................................................................... 99

Figure 45 Tutorial Example: DNS > System Edit-1 ............................................................................. 100

Figure 46 Tutorial Example: DNS > System Edit-2 ............................................................................. 100

Figure 47 Tutorial Example: DNS > System: Done ............................................................................. 101

Figure 48 Tutorial Example: Status ....................................................................................................... 101

Figure 49 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers ........................ 102

Figure 50 Tutorial Example: NAT > NAT Overview .............................................................................. 103

Figure 51 Tutorial Example: NAT > Address Mapping .......................................................................... 103

Figure 52 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) .......................................... 104

Figure 53 Tutorial Example: NAT Address Mapping Edit: One-to-One (2) .......................................... 104

Figure 54 Tutorial Example: NAT Address Mapping Edit: Many-to-One ............................................. 104

Figure 55 Tutorial Example: NAT Address Mapping Done ................................................................. 105

Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... 106

Figure 57 Tutorial Example: NAT Address Mapping Edit: Server ....................................................... 106

Figure 58 Tutorial Example: NAT Port Forwarding ............................................................................... 107

Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... 107

Figure 60 Tutorial Example: Firewall Default Rule .............................................................................. 108

Figure 61 Tutorial Example: Firewall Rule: WAN to LAN .................................................................... 108

Figure 62 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server ...................... 109

Figure 63 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server ........................110

Figure 64 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server ........................111

Figure 65 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server .........................111

Figure 66 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server ........................112

Figure 67 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server .........................113

Figure 68 Tutorial Example: Firewall Rule Summary ............................................................................113

Figure 69 Tutorial Example: NAT Address Mapping Done: Game Playing .........................................115

Figure 70 Tutorial Example: Bandwidth Management ...........................................................................116

Figure 71 Tutorial Example: Bandwidth Management Summary .........................................................117

Figure 72 Tutorial Example: Bandwidth Management Class Setup ......................................................117

Figure 73 Tutorial Example: Bandwidth Management Class Setup: VoIP .............................................118

Figure 74 Tutorial Example: Bandwidth Management Class Setup: FTP .............................................118

Figure 75 Tutorial Example: Bandwidth Management Class Setup: WWW .........................................119

Figure 76 Tutorial Example: Bandwidth Management Class Setup Done .............................................119

Figure 77 Tutorial Example: Bandwidth Management Monitor ............................................................. 120

Figure 78 SECURITY > CONTENT FILTER > General ........................................................................ 121

Figure 79 SECURITY > CONTENT FILTER > Policy ........................................................................... 122

Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default) .......................... 122

Figure 81 HOME > DHCP Table ........................................................................................................... 123

28

ZyWALL 2 Plus User’s Guide

List of Figures

Figure 82 SECURITY > CONTENT FILTER > Policy ........................................................................... 123

Figure 83 SECURITY > CONTENT FILTER > Policy > Insert .............................................................. 124

Figure 84 SECURITY > CONTENT FILTER > Policy ........................................................................... 124

Figure 85 SECURITY > CONTENT FILTER > Policy > Schedule (Bob) .............................................. 125

Figure 86 SECURITY > CONTENT FILTER > Policy ........................................................................... 125

Figure 87 SECURITY > CONTENT FILTER > Policy > External Database (Bob) ............................... 126

Figure 88 REGISTRATION ................................................................................................................... 128

Figure 89 REGISTRATION: Registered Device ................................................................................... 129

Figure 90 REGISTRATION > Service ................................................................................................... 130

Figure 91 LAN and WAN ..................................................................................................................... 133

Figure 92 NETWORK > LAN ................................................................................................................ 137

Figure 93 NETWORK > LAN > Static DHCP ........................................................................................ 139

Figure 94 Physical Network & Partitioned Logical Networks ................................................................ 140

Figure 95 NETWORK > LAN > IP Alias ................................................................................................ 141

Figure 96 NETWORK > LAN > Port Roles ...........................................................................................142

Figure 97 Port Roles Change Complete ............................................................................................... 143

Figure 98 Bridge Loop: Bridge Connected to Wired LAN ..................................................................... 145

Figure 99 NETWORK > Bridge ............................................................................................................. 148

Figure 100 NETWORK > Bridge > Port Roles ...................................................................................... 150

Figure 101 Port Roles Change Complete ............................................................................................. 150

Figure 102 NETWORK > WAN Route ................................................................................................. 152

Figure 103 NETWORK > WAN > WAN (Ethernet Encapsulation) ..................................................... 155

Figure 104 NETWORK > WAN > WAN (PPPoE Encapsulation) ......................................................... 158

Figure 105 NETWORK > WAN > WAN (PPTP Encapsulation) ........................................................... 161

Figure 106 Traffic Redirect WAN Setup ................................................................................................ 164

Figure 107 Traffic Redirect LAN Setup ................................................................................................. 164

Figure 108 NETWORK > WAN > Traffic Redirect ................................................................................ 164

Figure 109 NETWORK > WAN > Dial Backup ................................................................................... 166

Figure 110 NETWORK > WAN > Dial Backup > Edit ......................................................................... 169

Figure 111 NETWORK > DMZ ............................................................................................................. 172

Figure 112 NETWORK > DMZ > Static DHCP ................................................................................... 174

Figure 113 NETWORK > DMZ > IP Alias ............................................................................................ 176

Figure 114 DMZ Public Address Example ............................................................................................ 177

Figure 115 DMZ Private and Public Address Example ......................................................................... 178

Figure 116 NETWORK > DMZ > Port Roles ....................................................................................... 179

Figure 117 NETWORK > WLAN .......................................................................................................... 182

Figure 118 NETWORK > WLAN > Static DHCP .................................................................................. 184

Figure 119 NETWORK > WLAN > IP Alias ......................................................................................... 186

Figure 120 WLAN Port Role Example ................................................................................................. 187

Figure 121 NETWORK > WLAN > Port Roles ..................................................................................... 188

Figure 122 NETWORK > WLAN > Port Roles: Change Complete ....................................................... 188

Figure 123 Default Firewall Action ........................................................................................................ 191

Figure 124 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 192

ZyWALL 2 Plus User’s Guide

29

List of Figures

Figure 125 Default Block Traffic From WAN to DMZ Example ......................................................... 193

Figure 126 From LAN to VPN Example ............................................................................................... 195

Figure 127 Block DMZ to VPN Traffic by Default Example ............................................................... 196

Figure 128 From VPN to LAN Example ............................................................................................... 197

Figure 129 Block VPN to LAN Traffic by Default Example ................................................................. 197

Figure 130 From VPN to VPN Example .............................................................................................. 198

Figure 131 Block VPN to VPN Traffic by Default Example ............................................................... 199

Figure 132 Blocking All LAN to WAN IRC Traffic Example .................................................................. 200

Figure 133 Limited LAN to WAN IRC Traffic Example .......................................................................... 201

Figure 134 Using IP Alias to Solve the Triangle Route Problem .......................................................... 202

Figure 135 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 203

Figure 136 SECURITY > FIREWALL > Default Rule (Bridge Mode) .................................................... 205

Figure 137 SECURITY > FIREWALL > Rule Summary ....................................................................... 207

Figure 138 SECURITY > FIREWALL > Rule Summary > Edit ............................................................ 209

Figure 139 SECURITY > FIREWALL > Anti-Probing ............................................................................211

Figure 140 Three-Way Handshake ....................................................................................................... 212

Figure 141 SECURITY > FIREWALL > Threshold ............................................................................ 213

Figure 142 SECURITY > FIREWALL > Service ................................................................................... 215

Figure 143 Firewall Edit Custom Service ............................................................................................. 216

Figure 144 My Service Firewall Rule Example: Service ...................................................................... 217

Figure 145 My Service Firewall Rule Example: Edit Custom Service ................................................. 217

Figure 146 My Service Firewall Rule Example: Rule Summary ........................................................... 218

Figure 147 My Service Firewall Rule Example: Rule Edit: Source and Destination Addresses .......... 218

Figure 148 My Service Firewall Rule Example: Edit Rule: Service Configuration ................................ 220

Figure 149 My Service Firewall Rule Example: Rule Summary: Completed ........................................ 221

Figure 150 Content Filtering Lookup Procedure ................................................................................... 224

Figure 151 SECURITY > CONTENT FILTER > General ...................................................................... 225

Figure 152 SECURITY > CONTENT FILTER > Policy ......................................................................... 228

Figure 153 SECURITY > CONTENT FILTER > Policy > General ........................................................ 229

Figure 154 SECURITY > CONTENT FILTER > Policy > External Database ....................................... 231

Figure 155 SECURITY > CONTENT FILTER > Policy > Customization .............................................. 238

Figure 156 SECURITY > CONTENT FILTER > Policy > Schedule ...................................................... 240

Figure 157 SECURITY > CONTENT FILTER > Object ........................................................................ 241

Figure 158 SECURITY > CONTENT FILTER > Cache ........................................................................ 244

Figure 159 myZyXEL.com: Login ......................................................................................................... 246

Figure 160 myZyXEL.com: Welcome ................................................................................................... 246

Figure 161 myZyXEL.com: Service Management ................................................................................ 247

Figure 162 Blue Coat: Login ................................................................................................................. 247

Figure 163 Content Filtering Reports Main Screen .............................................................................. 248

Figure 164 Blue Coat: Report Home .................................................................................................... 248

Figure 165 Global Report Screen Example .......................................................................................... 249

Figure 166 Requested URLs Example ................................................................................................. 250

Figure 167 Web Page Review Process Screen ................................................................................... 251

30

ZyWALL 2 Plus User’s Guide