ZyWALL 2WG
Internet Security Appliance
User’s Guide
Version 4.03
12/2007
Edition 1
www.zyxel.com
About This User's Guide
About This User's Guide
Intended Audience
This manual is intended for people who want to configure the ZyWALL using the web
configurator or System Management Terminal (SMT). You should have at least a basic
knowledge of TCP/IP networking concepts and topology.
Related Documentation
• Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. It contains
information on setting up your network and configuring for Internet access.
• Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary
information.
• Supporting Disk
Refer to the included CD for support documents.
• ZyXEL Web Site
Please refer to www.zyxel.com
certifications.
for additional support documentation and product
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for
improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
ZyWALL 2WG User’s Guide
3
Document Conventions
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The ZyWALL 2WG may be referred to as the “ZyWALL”, the “device” or the “system” in
this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key.
“Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example,
Maintenance > Log > Log Setting means you first click Maintenance in the navigation
panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For
example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000”
or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
4
ZyWALL 2WG User’s Guide
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an
exact representation of your device.
ZyWALL Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
ZyWALL 2WG User’s Guide
5
Safety Warnings
Safety Warnings
1 For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device.
• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in
North America or 230V AC in Europe).
• Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug
to the power adaptor first before connecting it to a power outlet.
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.
• If the power adaptor or cord is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.
• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED
BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE
INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of
electrical and electronic equipment. For detailed information about recycling of this
product, please contact your local city office, your household waste disposal service or the
store where you purchased the product.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
6
ZyWALL 2WG User’s Guide
Safety Warnings
• Antenna Warning! This device meets ETSI and FCC certification requirements when
using the included antenna(s). Only use the included antenna(s).
• If you wall mount your device, make sure that no electrical lines, gas or water pipes will
be damaged.
This product is recyclable. Dispose of it properly.
ZyWALL 2WG User’s Guide
7
Safety Warnings
8
ZyWALL 2WG User’s Guide
Contents Overview
Contents Overview
Introduction ............................................................................................................................ 51
Getting to Know Your ZyWALL .................................................................................................. 53
Introducing the Web Configurator .............................................................................................. 57
Wizard Setup ............................................................................................................................. 81
Tutorial ..................................................................................................................................... 101
Registration ............................................................................................................................. 141
Network and Wireless ..........................................................................................................145
LAN Screens ........................................................................................................................... 147
Bridge Screens ........................................................................................................................ 159
WAN Screens .......................................................................................................................... 165
DMZ Screens ........................................................................................................................... 201
Wireless LAN ............................................................................................................................211
Security ................................................................................................................................. 237
Firewall .................................................................................................................................... 239
Content Filtering Screens ........................................................................................................ 271
Content Filtering Reports ......................................................................................................... 293
IPSec VPN ............................................................................................................................... 301
Certificates ............................................................................................................................... 349
Authentication Server .............................................................................................................. 379
Advanced .............................................................................................................................. 383
Network Address Translation (NAT) ........................................................................................ 385
Static Route ............................................................................................................................. 401
Policy Route ............................................................................................................................ 405
Bandwidth Management ...........................................................................................................411
DNS ......................................................................................................................................... 427
Remote Management ..............................................................................................................439
UPnP ....................................................................................................................................... 461
Custom Application .................................................................................................................. 471
ALG Screen ............................................................................................................................. 473
Logs and Maintenance ........................................................................................................479
Logs Screens ........................................................................................................................... 481
Maintenance .............................................................................................................................511
ZyWALL 2WG User’s Guide
9
Contents Overview
SMT ....................................................................................................................................... 529
Introducing the SMT ................................................................................................................ 531
SMT Menu 1 - General Setup .................................................................................................. 539
WAN and Dial Backup Setup ................................................................................................... 545
LAN Setup ............................................................................................................................... 559
Internet Access ........................................................................................................................ 565
DMZ Setup .............................................................................................................................. 571
Route Setup ............................................................................................................................. 575
Wireless Setup ........................................................................................................................ 579
Remote Node Setup ................................................................................................................ 583
IP Static Route Setup .............................................................................................................. 591
Network Address Translation (NAT) ........................................................................................ 595
Introducing the ZyWALL Firewall ............................................................................................. 615
Filter Configuration .................................................................................................................. 617
SNMP Configuration ................................................................................................................ 633
System Information & Diagnosis ............................................................................................. 635
Firmware and Configuration File Maintenance ........................................................................ 647
System Maintenance Menus 8 to 10 ....................................................................................... 661
Remote Management ..............................................................................................................669
IP Policy Routing ..................................................................................................................... 673
Call Scheduling ........................................................................................................................ 681
Troubleshooting and Specifications ..................................................................................685
Troubleshooting ....................................................................................................................... 687
Product Specifications ............................................................................................................. 693
Appendices and Index ......................................................................................................... 703
10
ZyWALL 2WG User’s Guide
Table of Contents
Table of Contents
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................4
Safety Warnings........................................................................................................................ 6
Contents Overview ...................................................................................................................9
Table of Contents.................................................................................................................... 11
List of Figures ......................................................................................................................... 29
List of Tables...........................................................................................................................43
Part I: Introduction................................................................................. 51
Chapter 1
Getting to Know Your ZyWALL.............................................................................................. 53
1.1 ZyWALL Internet Security Appliance Overview ................................................................... 53
1.2 Ways to Manage the ZyWALL ............................................................................................. 53
1.3 Good Habits for Managing the ZyWALL .............................................................................. 54
1.4 Applications for the ZyWALL ............................................................................................... 54
1.4.1 Secure Broadband Internet Access via Cable or DSL Modem .................................. 54
1.4.2 VPN Application ......................................................................................................... 55
1.4.3 3G WAN Application ................................................................................................... 55
1.4.4 Front Panel Lights ...................................................................................................... 56
Chapter 2
Introducing the Web Configurator ........................................................................................57
2.1 Web Configurator Overview ................................................................................................. 57
2.2 Accessing the ZyWALL Web Configurator .......................................................................... 57
2.3 Resetting the ZyWALL ......................................................................................................... 59
2.3.1 Procedure To Use The Reset Button ......................................................................... 59
2.3.2 Uploading a Configuration File Via Console Port ....................................................... 59
2.4 Navigating the ZyWALL Web Configurator .......................................................................... 60
2.4.1 Title Bar ...................................................................................................................... 60
2.4.2 Main Window ..............................................................................................................61
2.4.3 HOME Screen: Router Mode ................................................................................... 61
2.4.4 HOME Screen: Bridge Mode .................................................................................... 67
ZyWALL 2WG User’s Guide
11
Table of Contents
2.4.5 Navigation Panel ........................................................................................................ 70
2.4.6 Port Statistics ........................................................................................................... 74
2.4.7 Show Statistics: Line Chart ........................................................................................ 75
2.4.8 DHCP Table Screen ................................................................................................ 76
2.4.9 VPN Status ................................................................................................................. 77
2.4.10 Bandwidth Monitor .................................................................................................. 78
Chapter 3
Wizard Setup ........................................................................................................................... 81
3.1 Wizard Setup Overview ...................................................................................................... 81
3.2 Internet Access ................................................................................................................... 81
3.2.1 ISP Parameters .......................................................................................................... 82
3.2.2 Internet Access Wizard: Second Screen .................................................................... 86
3.2.3 Internet Access Wizard: Registration ......................................................................... 87
3.2.4 Internet Access Wizard: Status .................................................................................. 89
3.2.5 Internet Access Wizard: Service Activation ............................................................... 90
3.3 VPN Wizard Gateway Setting .............................................................................................. 90
3.4 VPN Wizard Network Setting ............................................................................................... 92
3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) ................................................................... 93
3.6 VPN Wizard IPSec Setting (IKE Phase 2) ........................................................................... 95
3.7 VPN Wizard Status Summary .............................................................................................. 96
3.8 VPN Wizard Setup Complete .............................................................................................. 99
Chapter 4
Tutorial ................................................................................................................................... 101
4.1 Security Settings for VPN Traffic ....................................................................................... 101
4.1.1 Firewall Rule for VPN Example ................................................................................ 101
4.1.2 Configuring the VPN Rule ........................................................................................ 102
4.1.3 Configuring the Firewall Rules ................................................................................. 105
4.2 Using NAT with Multiple Public IP Addresses .................................................................... 109
4.2.1 Example Parameters and Scenario ......................................................................... 109
4.2.2 Configuring the WAN Connection with a Static IP Address .......................................110
4.2.3 Public IP Address Mapping .......................................................................................113
4.2.4 Forwarding Traffic from the WAN to a Local Computer .............................................118
4.2.5 Allow WAN-to-LAN Traffic through the Firewall ........................................................ 120
4.2.6 Testing the Connections ........................................................................................... 127
4.3 Using NAT with Multiple Game Players ............................................................................. 127
4.4 How to Manage the ZyWALL’s Bandwidth ......................................................................... 128
4.4.1 Example Parameters and Scenario ......................................................................... 128
4.4.2 Configuring Bandwidth Management Rules ............................................................. 129
4.5 Configuring Content Filtering ............................................................................................. 133
4.5.1 Enable Content Filtering ........................................................................................... 133
4.5.2 Block Categories of Web Content ............................................................................ 134
12
ZyWALL 2WG User’s Guide
Table of Contents
4.5.3 Assign Bob’s Computer a Specific IP Address ......................................................... 136
4.5.4 Create a Content Filter Policy for Bob ...................................................................... 136
4.5.5 Set the Content Filter Schedule ............................................................................... 137
4.5.6 Block Categories of Web Content for Bob ............................................................... 138
Chapter 5
Registration........................................................................................................................... 141
5.1 myZyXEL.com overview .................................................................................................... 141
5.1.1 Content Filtering Subscription Service ..................................................................... 141
5.2 Registration ....................................................................................................................... 142
5.3 Service ............................................................................................................................... 143
Part II: Network and Wireless ............................................................. 145
Chapter 6
LAN Screens.......................................................................................................................... 147
6.1 LAN, WAN and the ZyWALL .............................................................................................. 147
6.2 IP Address and Subnet Mask ............................................................................................ 147
6.2.1 Private IP Addresses ................................................................................................ 148
6.3 DHCP ................................................................................................................................ 149
6.3.1 IP Pool Setup ........................................................................................................... 149
6.4 RIP Setup .......................................................................................................................... 149
6.5 Multicast ............................................................................................................................ 149
6.6 WINS ................................................................................................................................. 150
6.7 LAN .................................................................................................................................... 150
6.8 LAN Static DHCP ............................................................................................................... 153
6.9 LAN IP Alias .................................................................................................................... 154
6.10 LAN Port Roles ................................................................................................................ 156
Chapter 7
Bridge Screens...................................................................................................................... 159
7.1 Bridge Loop ....................................................................................................................... 159
7.2 Spanning Tree Protocol (STP) ........................................................................................... 160
7.2.1 Rapid STP ................................................................................................................160
7.2.2 STP Terminology ...................................................................................................... 160
7.2.3 How STP Works ....................................................................................................... 160
7.2.4 STP Port States ........................................................................................................ 161
7.3 Bridge ................................................................................................................................ 161
7.4 Bridge Port Roles ............................................................................................................. 163
Chapter 8
WAN Screens......................................................................................................................... 165
ZyWALL 2WG User’s Guide
13
Table of Contents
8.1 WAN Overview .................................................................................................................. 165
8.2 Multiple WAN ..................................................................................................................... 165
8.3 Load Balancing Introduction .............................................................................................. 166
8.4 Load Balancing Algorithms ................................................................................................ 166
8.4.1 Least Load First ....................................................................................................... 166
8.4.2 Weighted Round Robin ............................................................................................ 167
8.4.3 Spillover .................................................................................................................... 168
8.5 WAN Interface to Local Host Mapping Timeout ................................................................. 169
8.6 TCP/IP Priority (Metric) ...................................................................................................... 170
8.7 WAN General ..................................................................................................................... 170
8.8 Configuring Load Balancing .............................................................................................. 174
8.8.1 Least Load First ....................................................................................................... 174
8.8.2 Weighted Round Robin ............................................................................................ 175
8.8.3 Spillover .................................................................................................................... 176
8.9 WAN IP Address Assignment ............................................................................................ 177
8.10 DNS Server Address Assignment ................................................................................... 177
8.11 WAN MAC Address ......................................................................................................... 178
8.12 WAN 1 ........................................................................................................................... 178
8.12.1 WAN Ethernet Encapsulation ................................................................................. 178
8.12.2 PPPoE Encapsulation ............................................................................................ 181
8.12.3 PPTP Encapsulation .............................................................................................. 184
8.13 WAN 2 (3G WAN) ...........................................................................................................187
8.14 Traffic Redirect .............................................................................................................. 193
8.15 Configuring Traffic Redirect ............................................................................................. 194
8.16 Configuring Dial Backup .................................................................................................. 195
8.17 Advanced Modem Setup ............................................................................................... 197
8.17.1 AT Command Strings ............................................................................................. 197
8.17.2 DTR Signal ............................................................................................................. 198
8.17.3 Response Strings ................................................................................................... 198
8.18 Configuring Advanced Modem Setup .............................................................................. 198
Chapter 9
DMZ Screens ......................................................................................................................... 201
9.1 DMZ ................................................................................................................................. 201
9.2 Configuring DMZ ............................................................................................................... 201
9.3 DMZ Static DHCP ............................................................................................................ 204
9.4 DMZ IP Alias .................................................................................................................... 205
9.5 DMZ Public IP Address Example ...................................................................................... 207
9.6 DMZ Private and Public IP Address Example ................................................................... 208
9.7 DMZ Port Roles ............................................................................................................... 209
Chapter 10
Wireless LAN......................................................................................................................... 211
14
ZyWALL 2WG User’s Guide
Table of Contents
10.1 Wireless LAN Introduction ................................................................................................211
10.2 Configuring WLAN ......................................................................................................... 212
10.3 WLAN Static DHCP ....................................................................................................... 215
10.4 WLAN IP Alias ............................................................................................................... 216
10.5 WLAN Port Roles ........................................................................................................... 218
10.6 Wireless Security Overview ............................................................................................. 220
10.6.1 SSID ....................................................................................................................... 221
10.6.2 MAC Address Filter ................................................................................................ 221
10.6.3 User Authentication ................................................................................................ 221
10.6.4 Encryption ..............................................................................................................222
10.6.5 Additional Installation Requirements for Using 802.1x ........................................... 223
10.7 Wireless Card ................................................................................................................ 223
10.7.1 SSID Profile ...........................................................................................................226
10.8 Configuring Wireless Security ......................................................................................... 227
10.8.1 No Security .............................................................................................................228
10.8.2 Static WEP ............................................................................................................. 229
10.8.3 IEEE 802.1x Only ................................................................................................... 230
10.8.4 IEEE 802.1x + Static WEP ..................................................................................... 231
10.8.5 WPA, WPA2, WPA2-MIX ........................................................................................ 232
10.8.6 WPA-PSK, WPA2-PSK, WPA2-PSK-MIX ............................................................... 233
10.9 MAC Filter ....................................................................................................................... 235
Part III: Security.................................................................................... 237
Chapter 11
Firewall................................................................................................................................... 239
11.1 Firewall Overview ............................................................................................................ 239
11.2 Packet Direction Matrix .................................................................................................... 240
11.3 Packet Direction Examples .............................................................................................. 242
11.3.1 To VPN Packet Direction ........................................................................................ 243
11.3.2 From VPN Packet Direction ................................................................................... 244
11.3.3 From VPN To VPN Packet Direction ...................................................................... 246
11.4 Security Considerations ...................................................................................................248
11.5 Firewall Rules Example ................................................................................................... 248
11.6 Asymmetrical Routes .......................................................................................................250
11.6.1 Asymmetrical Routes and IP Alias ......................................................................... 250
11.7 Firewall Default Rule (Router Mode) ................................................................................ 251
11.8 Firewall Default Rule (Bridge Mode) .............................................................................. 253
11.9 Firewall Rule Summary ................................................................................................... 255
11.9.1 Firewall Edit Rule ............................................................................................... 257
11.10 Anti-Probing ............................................................................................................... 260
ZyWALL 2WG User’s Guide
15
Table of Contents
11.11 Firewall Thresholds ..................................................................................................... 261
11.11.1 Threshold Values .................................................................................................. 262
11.12 Threshold Screen ........................................................................................................... 262
11.13 Service .......................................................................................................................... 264
11.13.1 Firewall Edit Custom Service .............................................................................. 265
11.14 My Service Firewall Rule Example ................................................................................ 266
Chapter 12
Content Filtering Screens ....................................................................................................271
12.1 Content Filtering Overview .............................................................................................. 271
12.1.1 Restrict Web Features ........................................................................................... 271
12.1.2 Create a Filter List .................................................................................................. 271
12.1.3 Customize Web Site Access ................................................................................. 271
12.2 Content Filtering with an External Database ................................................................... 271
12.3 Content Filter General Screen ........................................................................................ 272
12.4 Content Filter Policy ..................................................................................................... 275
12.5 Content Filter Policy: General ......................................................................................... 277
12.6 Content Filter Policy: External Database ........................................................................ 278
12.7 Content Filter Policy: Customization ............................................................................... 285
12.8 Content Filter Policy: Schedule ...................................................................................... 287
12.9 Content Filter Object ..................................................................................................... 288
12.10 Customizing Keyword Blocking URL Checking ............................................................. 290
12.10.1 Domain Name or IP Address URL Checking ....................................................... 290
12.10.2 Full Path URL Checking ....................................................................................... 291
12.10.3 File Name URL Checking ..................................................................................... 291
12.11 Content Filtering Cache ............................................................................................... 291
Chapter 13
Content Filtering Reports.....................................................................................................293
13.1 Checking Content Filtering Activation .............................................................................. 293
13.2 Viewing Content Filtering Reports ................................................................................... 293
13.3 Web Site Submission .......................................................................................................298
Chapter 14
IPSec VPN.............................................................................................................................. 301
14.1 IPSec VPN Overview ..................................................................................................... 301
14.1.1 IKE SA Overview .................................................................................................... 302
14.2 VPN Rules (IKE) .............................................................................................................. 303
14.3 IKE SA Setup .................................................................................................................. 305
14.3.1 IKE SA Proposal .................................................................................................... 305
14.4 Additional IPSec VPN Topics ........................................................................................... 309
14.4.1 SA Life Time ........................................................................................................... 310
14.4.2 IPSec High Availability ........................................................................................... 310
16
ZyWALL 2WG User’s Guide
Table of Contents
14.4.3 Encryption and Authentication Algorithms ..............................................................311
14.5 VPN Rules (IKE) Gateway Policy Edit ............................................................................. 312
14.6 IPSec SA Overview .....................................................................................................318
14.6.1 Local and Remote Networks .................................................................................. 318
14.6.2 Virtual Address Mapping ........................................................................................ 319
14.6.3 Active Protocol ....................................................................................................... 320
14.6.4 Encapsulation ......................................................................................................... 320
14.6.5 IPSec SA Proposal and Perfect Forward Secrecy ................................................. 321
14.7 VPN Rules (IKE) Network Policy Edit ............................................................................. 321
14.8 Network Policy Port Forwarding ................................................................................... 326
14.9 Network Policy Move .....................................................................................................328
14.10 Dialing the VPN Tunnel via Web Configurator ............................................................... 329
14.11 VPN Troubleshooting ..................................................................................................... 330
14.11.1 VPN Log ............................................................................................................... 330
14.12 IPSec Debug ................................................................................................................. 331
14.13 IPSec SA Using Manual Keys ................................................................................... 333
14.13.1 IPSec SA Proposal Using Manual Keys ............................................................... 333
14.13.2 Authentication and the Security Parameter Index (SPI) ....................................... 333
14.14 VPN Rules (Manual) ...................................................................................................... 333
14.15 VPN Rules (Manual) Edit ............................................................................................ 335
14.16 VPN SA Monitor .......................................................................................................... 338
14.17 VPN Global Setting ....................................................................................................... 338
14.17.1 Local and Remote IP Address Conflict Resolution .............................................. 338
14.18 Telecommuter VPN/IPSec Examples ............................................................................ 341
14.18.1 Telecommuters Sharing One VPN Rule Example ................................................ 342
14.18.2 Telecommuters Using Unique VPN Rules Example ............................................. 342
14.19 VPN and Remote Management ..................................................................................... 344
14.20 Hub-and-spoke VPN ...................................................................................................... 344
14.20.1 Hub-and-spoke VPN Example ............................................................................. 345
14.20.2 Hub-and-spoke Example VPN Rule Addresses ................................................... 346
14.20.3 Hub-and-spoke VPN Requirements and Suggestions ......................................... 346
Chapter 15
Certificates ............................................................................................................................349
15.1 Certificates Overview ....................................................................................................... 349
15.1.1 Advantages of Certificates ..................................................................................... 350
15.2 Self-signed Certificates .................................................................................................... 350
15.3 Verifying a Certificate ....................................................................................................... 350
15.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 350
15.4 Configuration Summary ................................................................................................... 351
15.5 My Certificates ................................................................................................................ 352
15.6 My Certificate Details ..................................................................................................... 354
15.7 My Certificate Export ...................................................................................................... 356
ZyWALL 2WG User’s Guide
17
Table of Contents
15.7.1 Certificate File Export Formats ............................................................................... 356
15.8 My Certificate Import ..................................................................................................... 357
15.8.1 Certificate File Formats .......................................................................................... 357
15.9 My Certificate Create ..................................................................................................... 359
15.10 Trusted CAs ................................................................................................................. 364
15.11 Trusted CA Details ........................................................................................................ 366
15.12 Trusted CA Import ....................................................................................................... 369
15.13 Trusted Remote Hosts ................................................................................................. 370
15.14 Trusted Remote Hosts Import ...................................................................................... 372
15.15 Trusted Remote Host Certificate Details ..................................................................... 373
15.16 Directory Servers .......................................................................................................... 375
15.17 Directory Server Add or Edit ........................................................................................ 376
Chapter 16
Authentication Server...........................................................................................................379
16.1 Authentication Server Overview ...................................................................................... 379
16.1.1 Local User Database .............................................................................................. 379
16.1.2 RADIUS ..................................................................................................................379
16.2 Local User Database .....................................................................................................379
16.3 RADIUS ......................................................................................................................... 381
Part IV: Advanced ................................................................................ 383
Chapter 17
Network Address Translation (NAT).................................................................................... 385
17.1 NAT Overview ................................................................................................................ 385
17.1.1 NAT Definitions ...................................................................................................... 385
17.1.2 What NAT Does ..................................................................................................... 386
17.1.3 How NAT Works ..................................................................................................... 386
17.1.4 NAT Application ...................................................................................................... 387
17.1.5 Port Restricted Cone NAT ...................................................................................... 388
17.1.6 NAT Mapping Types ............................................................................................... 388
17.2 Using NAT ........................................................................................................................ 389
17.2.1 SUA (Single User Account) Versus NAT ................................................................ 389
17.3 NAT Overview Screen ..................................................................................................... 390
17.4 NAT Address Mapping ................................................................................................... 391
17.4.1 What NAT Does ..................................................................................................... 391
17.4.2 NAT Address Mapping Edit .................................................................................. 393
17.5 Port Forwarding .............................................................................................................. 394
17.5.1 Default Server IP Address ...................................................................................... 394
17.5.2 Port Forwarding: Services and Port Numbers ........................................................ 395
18
ZyWALL 2WG User’s Guide
Table of Contents
17.5.3 Configuring Servers Behind Port Forwarding (Example) ....................................... 395
17.5.4 NAT and Multiple WAN ........................................................................................... 396
17.5.5 Port Translation ...................................................................................................... 396
17.6 Port Forwarding Screen ................................................................................................... 397
17.7 Port Triggering ............................................................................................................... 399
Chapter 18
Static Route ........................................................................................................................... 401
18.1 IP Static Route .............................................................................................................. 401
18.2 IP Static Route ................................................................................................................. 402
18.2.1 IP Static Route Edit .............................................................................................. 403
Chapter 19
Policy Route .......................................................................................................................... 405
19.1 Policy Route ................................................................................................................... 405
19.2 Benefits ............................................................................................................................ 405
19.3 Routing Policy .................................................................................................................. 405
19.4 IP Routing Policy Setup ...................................................................................................406
19.5 Policy Route Edit ............................................................................................................ 407
Chapter 20
Bandwidth Management....................................................................................................... 411
20.1 Bandwidth Management Overview ..................................................................................411
20.2 Bandwidth Classes and Filters .........................................................................................411
20.3 Proportional Bandwidth Allocation ................................................................................... 412
20.4 Application-based Bandwidth Management .................................................................... 412
20.5 Subnet-based Bandwidth Management .......................................................................... 412
20.6 Application and Subnet-based Bandwidth Management ................................................. 412
20.7 Scheduler ........................................................................................................................ 413
20.7.1 Priority-based Scheduler ........................................................................................ 413
20.7.2 Fairness-based Scheduler ..................................................................................... 413
20.7.3 Maximize Bandwidth Usage ................................................................................... 413
20.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic .......................................... 413
20.7.5 Maximize Bandwidth Usage Example .................................................................... 414
20.8 Bandwidth Borrowing .......................................................................................................415
20.8.1 Bandwidth Borrowing Example .............................................................................. 415
20.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................................. 416
20.10 Over Allotment of Bandwidth ......................................................................................... 417
20.11 Configuring Summary .................................................................................................... 417
20.12 Configuring Class Setup .............................................................................................. 419
20.12.1 Bandwidth Manager Class Configuration ........................................................... 420
20.12.2 Bandwidth Management Statistics ................................................................... 423
20.13 Bandwidth Manager Monitor ........................................................................................ 424
ZyWALL 2WG User’s Guide
19
Table of Contents
Chapter 21
DNS ........................................................................................................................................ 427
21.1 DNS Overview ............................................................................................................... 427
21.2 DNS Server Address Assignment ................................................................................... 427
21.3 DNS Servers .................................................................................................................... 427
21.4 Address Record ............................................................................................................... 428
21.4.1 DNS Wildcard ......................................................................................................... 428
21.5 Name Server Record ....................................................................................................... 428
21.5.1 Private DNS Server ................................................................................................ 428
21.6 System Screen ................................................................................................................ 429
21.6.1 Adding an Address Record .................................................................................. 431
21.6.2 Inserting a Name Server Record .......................................................................... 432
21.7 DNS Cache .................................................................................................................... 433
21.8 Configure DNS Cache ..................................................................................................... 433
21.9 Configuring DNS DHCP ................................................................................................ 435
21.10 Dynamic DNS .............................................................................................................. 436
21.10.1 DYNDNS Wildcard ............................................................................................... 436
21.10.2 High Availability .................................................................................................... 437
21.11 Configuring Dynamic DNS ............................................................................................. 437
Chapter 22
Remote Management............................................................................................................ 439
22.1 Remote Management Overview ...................................................................................... 439
22.1.1 Remote Management Limitations .......................................................................... 440
22.1.2 System Timeout ..................................................................................................... 440
22.2 WWW (HTTP and HTTPS) ............................................................................................. 440
22.3 WWW .............................................................................................................................. 441
22.4 HTTPS Example .............................................................................................................. 443
22.4.1 Internet Explorer Warning Messages ..................................................................... 443
22.4.2 Netscape Navigator Warning Messages ................................................................ 443
22.4.3 Avoiding the Browser Warning Messages .............................................................. 444
22.4.4 Login Screen .......................................................................................................... 445
22.5 SSH .............................................................................................................................. 447
22.6 How SSH Works .............................................................................................................. 447
22.7 SSH Implementation on the ZyWALL .............................................................................. 448
22.7.1 Requirements for Using SSH ................................................................................. 448
22.8 Configuring SSH .............................................................................................................. 449
22.9 Secure Telnet Using SSH Examples ............................................................................... 450
22.9.1 Example 1: Microsoft Windows .............................................................................. 450
22.9.2 Example 2: Linux .................................................................................................... 450
22.10 Secure FTP Using SSH Example .................................................................................. 451
22.11 Telnet ........................................................................................................................... 452
22.12 Configuring TELNET ..................................................................................................... 452
20
ZyWALL 2WG User’s Guide
Table of Contents
22.13 FTP .............................................................................................................................. 453
22.14 SNMP .......................................................................................................................... 454
22.14.1 Supported MIBs .................................................................................................. 455
22.14.2 SNMP Traps ......................................................................................................... 456
22.14.3 REMOTE MANAGEMENT: SNMP ....................................................................... 456
22.15 DNS ............................................................................................................................. 457
22.16 Introducing Vantage CNM ............................................................................................. 458
22.17 Configuring CNM ........................................................................................................... 458
22.17.1 Additional Configuration for Vantage CNM .......................................................... 460
Chapter 23
UPnP ...................................................................................................................................... 461
23.1 Universal Plug and Play Overview ................................................................................ 461
23.1.1 How Do I Know If I'm Using UPnP? ....................................................................... 461
23.1.2 NAT Traversal ........................................................................................................ 461
23.1.3 Cautions with UPnP ............................................................................................... 461
23.1.4 UPnP and ZyXEL ................................................................................................... 462
23.2 Configuring UPnP ............................................................................................................ 462
23.3 Displaying UPnP Port Mapping .................................................................................... 463
23.4 Installing UPnP in Windows Example .............................................................................. 464
23.4.1 Installing UPnP in Windows Me ............................................................................. 465
23.4.2 Installing UPnP in Windows XP ............................................................................. 466
23.5 Using UPnP in Windows XP Example ............................................................................. 466
23.5.1 Auto-discover Your UPnP-enabled Network Device .............................................. 467
23.5.2 Web Configurator Easy Access ............................................................................. 468
Chapter 24
Custom Application ..............................................................................................................471
24.1 Custom Applicaton ......................................................................................................... 471
24.2 Custom Applicaton Configuration .................................................................................... 471
Chapter 25
ALG Screen ........................................................................................................................... 473
25.1 ALG Introduction ............................................................................................................. 473
25.1.1 ALG and NAT ......................................................................................................... 473
25.1.2 ALG and the Firewall .............................................................................................. 473
25.1.3 ALG and Multiple WAN .......................................................................................... 474
25.2 FTP .................................................................................................................................. 474
25.3 H.323 ............................................................................................................................... 474
25.4 RTP .................................................................................................................................. 474
25.4.1 H.323 ALG Details ................................................................................................. 474
25.5 SIP ................................................................................................................................... 476
25.5.1 STUN ..................................................................................................................... 476
ZyWALL 2WG User’s Guide
21
Table of Contents
25.5.2 SIP ALG Details ..................................................................................................... 476
25.5.3 SIP Signaling Session Timeout .............................................................................. 477
25.5.4 SIP Audio Session Timeout .................................................................................... 477
25.6 ALG Screen ..................................................................................................................... 477
Part V: Logs and Maintenance ............................................................ 479
Chapter 26
Logs Screens ........................................................................................................................481
26.1 Configuring View Log ...................................................................................................... 481
26.2 Log Description Example ................................................................................................. 482
26.2.1 About the Certificate Not Trusted Log .................................................................... 483
26.3 Configuring Log Settings ................................................................................................ 484
26.4 Configuring Reports ....................................................................................................... 487
26.4.1 Viewing Web Site Hits ............................................................................................ 489
26.4.2 Viewing Host IP Address ........................................................................................ 489
26.4.3 Viewing Protocol/Port ............................................................................................. 490
26.4.4 System Reports Specifications ............................................................................... 492
26.5 Log Descriptions .............................................................................................................. 492
26.6 Syslog Logs ..................................................................................................................... 508
Chapter 27
Maintenance .......................................................................................................................... 511
27.1 Maintenance Overview .....................................................................................................511
27.2 General Setup and System Name ....................................................................................511
27.2.1 General Setup ........................................................................................................511
27.3 Configuring Password .................................................................................................... 512
27.4 Time and Date ................................................................................................................ 513
27.5 Pre-defined NTP Time Server Pools ............................................................................... 516
27.5.1 Resetting the Time ................................................................................................. 516
27.5.2 Time Server Synchronization ................................................................................. 516
27.6 Introduction To Transparent Bridging ............................................................................... 517
27.7 Transparent Firewalls ...................................................................................................... 518
27.8 Configuring Device Mode (Router) ................................................................................. 518
27.9 Configuring Device Mode (Bridge) ................................................................................. 519
27.10 F/W Upload Screen ...................................................................................................... 521
27.11 Backup and Restore ..................................................................................................... 523
27.11.1 Backup Configuration ........................................................................................... 524
27.11.2 Restore Configuration .......................................................................................... 524
27.11.3 Back to Factory Defaults ..................................................................................... 525
27.12 Restart Screen .............................................................................................................. 525
22
ZyWALL 2WG User’s Guide
Table of Contents
27.13 Diagnostics ................................................................................................................... 526
Part VI: SMT.......................................................................................... 529
Chapter 28
Introducing the SMT .............................................................................................................531
28.1 Introduction to the SMT ...................................................................................................531
28.2 Accessing the SMT via the Console Port ........................................................................ 531
28.2.1 Initial Screen ..........................................................................................................531
28.2.2 Entering the Password ........................................................................................... 532
28.3 Navigating the SMT Interface .......................................................................................... 532
28.3.1 Main Menu ............................................................................................................. 533
28.3.2 SMT Menus Overview ............................................................................................ 535
28.4 Changing the System Password ..................................................................................... 537
28.5 Resetting the ZyWALL ..................................................................................................... 538
Chapter 29
SMT Menu 1 - General Setup ............................................................................................... 539
29.1 Introduction to General Setup .......................................................................................... 539
29.2 Configuring General Setup .............................................................................................. 539
29.2.1 Configuring Dynamic DNS ..................................................................................... 541
Chapter 30
WAN and Dial Backup Setup................................................................................................ 545
30.1 Introduction to WAN, 3G WAN and Dial Backup Setup ................................................... 545
30.2 WAN Setup ...................................................................................................................... 545
30.3 Dial Backup ..................................................................................................................... 546
30.3.1 Configuring Dial Backup in Menu 2 ........................................................................ 546
30.3.2 Advanced WAN Setup ........................................................................................... 547
30.3.3 Remote Node Profile (Backup ISP) ........................................................................ 549
30.3.4 Editing TCP/IP Options .......................................................................................... 551
30.3.5 Editing Login Script ................................................................................................ 552
30.3.6 Remote Node Filter ................................................................................................ 554
30.4 3G WAN ........................................................................................................................... 554
30.4.1 3G Modem Setup ................................................................................................... 554
30.4.2 Remote Node Profile (3G WAN) ............................................................................ 556
Chapter 31
LAN Setup.............................................................................................................................. 559
31.1 Introduction to LAN Setup ............................................................................................... 559
31.2 Accessing the LAN Menus .............................................................................................. 559
ZyWALL 2WG User’s Guide
23
Table of Contents
31.3 LAN Port Filter Setup ....................................................................................................... 559
31.4 TCP/IP and DHCP Ethernet Setup Menu ........................................................................ 560
31.4.1 IP Alias Setup ......................................................................................................... 563
Chapter 32
Internet Access ..................................................................................................................... 565
32.1 Introduction to Internet Access Setup .............................................................................. 565
32.2 Ethernet Encapsulation ................................................................................................... 565
32.3 Configuring the PPTP Client ............................................................................................ 567
32.4 Configuring the PPPoE Client ......................................................................................... 568
32.5 Basic Setup Complete ..................................................................................................... 569
Chapter 33
DMZ Setup ............................................................................................................................. 571
33.1 Configuring DMZ Setup ................................................................................................... 571
33.2 DMZ Port Filter Setup ...................................................................................................... 571
33.3 TCP/IP Setup ................................................................................................................... 572
33.3.1 IP Address ..............................................................................................................572
33.3.2 IP Alias Setup ......................................................................................................... 573
Chapter 34
Route Setup........................................................................................................................... 575
34.1 Configuring Route Setup ................................................................................................. 575
34.2 Route Assessment ..........................................................................................................575
34.3 Traffic Redirect ................................................................................................................ 576
34.4 Route Failover ................................................................................................................. 577
Chapter 35
Wireless Setup ...................................................................................................................... 579
35.1 TCP/IP Setup ................................................................................................................... 579
35.1.1 IP Address ..............................................................................................................579
35.1.2 IP Alias Setup ......................................................................................................... 580
Chapter 36
Remote Node Setup..............................................................................................................583
36.1 Introduction to Remote Node Setup ................................................................................ 583
36.2 Remote Node Setup ........................................................................................................ 583
36.3 Remote Node Profile Setup ............................................................................................. 583
36.3.1 Ethernet Encapsulation .......................................................................................... 584
36.3.2 PPPoE Encapsulation ............................................................................................ 585
36.3.3 PPTP Encapsulation .............................................................................................. 586
36.4 Edit IP .............................................................................................................................. 587
36.5 Remote Node Filter ......................................................................................................... 589
24
ZyWALL 2WG User’s Guide
Table of Contents
Chapter 37
IP Static Route Setup............................................................................................................ 591
37.1 IP Static Route Setup ...................................................................................................... 591
Chapter 38
Network Address Translation (NAT).................................................................................... 595
38.1 Using NAT ........................................................................................................................ 595
38.1.1 SUA (Single User Account) Versus NAT ................................................................ 595
38.1.2 Applying NAT ......................................................................................................... 595
38.2 NAT Setup ....................................................................................................................... 597
38.2.1 Address Mapping Sets ........................................................................................... 598
38.3 Configuring a Server behind NAT .................................................................................... 602
38.4 General NAT Examples ................................................................................................... 605
38.4.1 Internet Access Only .............................................................................................. 605
38.4.2 Example 2: Internet Access with a Default Server ................................................. 606
38.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............................. 607
38.4.4 Example 4: NAT Unfriendly Application Programs ................................................. 610
38.5 Trigger Port Forwarding ...................................................................................................612
38.5.1 Two Points To Remember About Trigger Ports ...................................................... 612
Chapter 39
Introducing the ZyWALL Firewall ........................................................................................615
39.1 Using ZyWALL SMT Menus ............................................................................................ 615
39.1.1 Activating the Firewall ............................................................................................ 615
Chapter 40
Filter Configuration............................................................................................................... 617
40.1 Introduction to Filters ....................................................................................................... 617
40.1.1 The Filter Structure of the ZyWALL ........................................................................ 618
40.2 Configuring a Filter Set .................................................................................................... 620
40.2.1 Configuring a Filter Rule ........................................................................................ 621
40.2.2 Configuring a TCP/IP Filter Rule ............................................................................ 622
40.2.3 Configuring a Generic Filter Rule ........................................................................... 624
40.3 Example Filter .................................................................................................................. 626
40.4 Filter Types and NAT ....................................................................................................... 628
40.5 Firewall Versus Filters ..................................................................................................... 628
40.5.1 Packet Filtering: ..................................................................................................... 628
40.5.2 Firewall ................................................................................................................... 629
40.6 Applying a Filter .............................................................................................................. 629
40.6.1 Applying LAN Filters ............................................................................................... 630
40.6.2 Applying DMZ Filters .............................................................................................. 630
40.6.3 Applying Remote Node Filters ............................................................................... 631
ZyWALL 2WG User’s Guide
25
Table of Contents
Chapter 41
SNMP Configuration.............................................................................................................633
41.1 SNMP Configuration ........................................................................................................633
41.2 SNMP Traps .................................................................................................................... 634
Chapter 42
System Information & Diagnosis.........................................................................................635
42.1 Introduction to System Status .......................................................................................... 635
42.2 System Status .................................................................................................................. 635
42.3 System Information and Console Port Speed .................................................................. 637
42.3.1 System Information ................................................................................................ 637
42.3.2 Console Port Speed ............................................................................................... 638
42.4 Log and Trace .................................................................................................................. 639
42.4.1 Viewing Error Log ................................................................................................... 639
42.4.2 Syslog Logging ....................................................................................................... 640
42.4.3 Call-Triggering Packet ............................................................................................ 643
42.5 Diagnostic ........................................................................................................................ 644
42.5.1 WAN DHCP ............................................................................................................ 645
Chapter 43
Firmware and Configuration File Maintenance..................................................................647
43.1 Introduction ...................................................................................................................... 647
43.2 Filename Conventions ..................................................................................................... 647
43.3 Backup Configuration ......................................................................................................648
43.3.1 Backup Configuration ............................................................................................. 648
43.3.2 Using the FTP Command from the Command Line ............................................... 649
43.3.3 Example of FTP Commands from the Command Line .......................................... 649
43.3.4 GUI-based FTP Clients .......................................................................................... 650
43.3.5 File Maintenance Over WAN .................................................................................. 650
43.3.6 Backup Configuration Using TFTP ......................................................................... 650
43.3.7 TFTP Command Example ...................................................................................... 651
43.3.8 GUI-based TFTP Clients ........................................................................................ 651
43.3.9 Backup Via Console Port ....................................................................................... 651
43.4 Restore Configuration ...................................................................................................... 652
43.4.1 Restore Using FTP ................................................................................................. 653
43.4.2 Restore Using FTP Session Example .................................................................... 654
43.4.3 Restore Via Console Port ....................................................................................... 654
43.5 Uploading Firmware and Configuration Files .................................................................. 655
43.5.1 Firmware File Upload ............................................................................................. 655
43.5.2 Configuration File Upload ....................................................................................... 656
43.5.3 FTP File Upload Command from the DOS Prompt Example ................................. 657
43.5.4 FTP Session Example of Firmware File Upload .................................................... 657
43.5.5 TFTP File Upload ................................................................................................... 657
26
ZyWALL 2WG User’s Guide
Table of Contents
43.5.6 TFTP Upload Command Example ......................................................................... 658
43.5.7 Uploading Via Console Port ................................................................................... 658
43.5.8 Uploading Firmware File Via Console Port ............................................................ 658
43.5.9 Example Xmodem Firmware Upload Using HyperTerminal ................................... 659
43.5.10 Uploading Configuration File Via Console Port .................................................... 659
43.5.11 Example Xmodem Configuration Upload Using HyperTerminal ........................... 660
Chapter 44
System Maintenance Menus 8 to 10....................................................................................661
44.1 Command Interpreter Mode ............................................................................................ 661
44.1.1 Command Syntax ................................................................................................... 662
44.1.2 Command Usage ................................................................................................... 662
44.2 Call Control Support ........................................................................................................ 663
44.2.1 Budget Management .............................................................................................. 663
44.2.2 Call History ............................................................................................................. 664
44.3 Time and Date Setting .....................................................................................................665
Chapter 45
Remote Management............................................................................................................ 669
45.1 Remote Management ...................................................................................................... 669
45.1.1 Remote Management Limitations .......................................................................... 671
Chapter 46
IP Policy Routing ..................................................................................................................673
46.1 IP Routing Policy Summary ............................................................................................. 673
46.2 IP Routing Policy Setup ...................................................................................................674
46.2.1 Applying Policy to Packets ..................................................................................... 676
46.3 IP Policy Routing Example .............................................................................................. 677
Chapter 47
Call Scheduling..................................................................................................................... 681
47.1 Introduction to Call Scheduling ........................................................................................ 681
Part VII: Troubleshooting and Specifications ................................... 685
Chapter 48
Troubleshooting....................................................................................................................687
48.1 Power, Hardware Connections, and LEDs ...................................................................... 687
48.2 ZyWALL Access and Login .............................................................................................. 688
48.3 Internet Access ................................................................................................................ 690
ZyWALL 2WG User’s Guide
27
Table of Contents
Chapter 49
Product Specifications.........................................................................................................693
49.1 General ZyWALL Specifications ...................................................................................... 693
49.2 Compatible 3G Cards ...................................................................................................... 696
49.3 3G Card Installation ......................................................................................................... 697
49.4 Wall-mounting Instructions .............................................................................................. 697
49.5 Power Adaptor Specifications .......................................................................................... 699
49.6 Cable Pin Assignments ................................................................................................... 700
Part VIII: Appendices and Index ......................................................... 703
Appendix A Pop-up Windows, JavaScripts and Java Permissions ...................................... 705
Appendix B Setting up Your Computer’s IP Address............................................................ 713
Appendix C IP Addresses and Subnetting ........................................................................... 729
Appendix D Common Services ............................................................................................737
Appendix E Wireless LANs ..................................................................................................741
Appendix F Importing Certificates ........................................................................................ 755
Appendix G Legal Information ..............................................................................................765
Appendix H Customer Support............................................................................................. 769
Index....................................................................................................................................... 775
28
ZyWALL 2WG User’s Guide
List of Figures
List of Figures
Figure 1 Secure Internet Access via Cable or DSL Modem ................................................................... 54
Figure 2 VPN Application ....................................................................................................................... 55
Figure 3 3G WAN Application ................................................................................................................. 55
Figure 4 Front Panel ............................................................................................................................... 56
Figure 5 Change Password Screen ........................................................................................................ 58
Figure 6 Replace Certificate Screen ....................................................................................................... 58
Figure 7 Example Xmodem Upload ........................................................................................................ 59
Figure 8 HOME Screen .......................................................................................................................... 60
Figure 9 Web Configurator HOME Screen in Router Mode .................................................................. 61
Figure 10 Web Configurator HOME Screen in Bridge Mode .................................................................. 67
Figure 11 HOME > Show Statistics ......................................................................................................... 74
Figure 12 HOME > Show Statistics > Line Chart .................................................................................... 75
Figure 13 HOME > DHCP Table ............................................................................................................. 76
Figure 14 HOME > VPN Status .............................................................................................................. 77
Figure 15 Home > Bandwidth Monitor .................................................................................................... 78
Figure 16 Wizard Setup Welcome .......................................................................................................... 81
Figure 17 ISP Parameters: Ethernet Encapsulation ...............................................................................82
Figure 18 ISP Parameters: PPPoE Encapsulation ................................................................................. 83
Figure 19 ISP Parameters: PPTP Encapsulation ...................................................................................85
Figure 20 Internet Access Wizard: Second Screen ................................................................................86
Figure 21 Internet Access Setup Complete ............................................................................................ 87
Figure 22 Internet Access Wizard: Registration ..................................................................................... 88
Figure 23 Internet Access Wizard: Registration in Progress .................................................................. 89
Figure 24 Internet Access Wizard: Status .............................................................................................. 89
Figure 25 Internet Access Wizard: Registration Failed ..........................................................................89
Figure 26 Internet Access Wizard: Registered Device ........................................................................... 90
Figure 27 Internet Access Wizard: Activated Services ...........................................................................90
Figure 28 VPN Wizard: Gateway Setting ............................................................................................... 91
Figure 29 VPN Wizard: Network Setting ................................................................................................ 92
Figure 30 VPN Wizard: IKE Tunnel Setting ............................................................................................ 94
Figure 31 VPN Wizard: IPSec Setting .................................................................................................... 95
Figure 32 VPN Wizard: VPN Status ....................................................................................................... 97
Figure 33 VPN Wizard Setup Complete ................................................................................................. 99
Figure 34 Firewall Rule for VPN ........................................................................................................... 102
Figure 35 SECURITY > VPN > VPN Rules (IKE) ................................................................................ 102
Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy ........................................... 103
Figure 37 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example .............................. 104
Figure 38 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy ............................................. 105
ZyWALL 2WG User’s Guide
29
List of Figures
Figure 39 SECURITY > FIREWALL > Rule Summary ......................................................................... 106
Figure 40 SECURITY > FIREWALL > Rule Summary > Edit: Allow ................................................... 107
Figure 41 SECURITY > FIREWALL > Rule Summary: Allow ............................................................... 108
Figure 42 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN .................................... 108
Figure 43 Tutorial Example: Using NAT with Static Public IP Addresses ............................................. 109
Figure 44 Tutorial Example: WAN Connection with a Static Public IP Address ....................................110
Figure 45 Tutorial Example: WAN 1 Screen .........................................................................................111
Figure 46 Tutorial Example: DNS > System .......................................................................................... 111
Figure 47 Tutorial Example: DNS > System Edit-1 ..............................................................................11 2
Figure 48 Tutorial Example: DNS > System Edit-2 ..............................................................................11 2
Figure 49 Tutorial Example: DNS > System: Done ..............................................................................113
Figure 50 Tutorial Example: Status ........................................................................................................113
Figure 51 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers .........................114
Figure 52 Tutorial Example: NAT > NAT Overview ...............................................................................115
Figure 53 Tutorial Example: NAT > Address Mapping ...........................................................................116
Figure 54 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) ...........................................116
Figure 55 Tutorial Example: NAT Address Mapping Edit: One-to-One (2) ...........................................117
Figure 56 Tutorial Example: NAT Address Mapping Edit: Many-to-One ..............................................117
Figure 57 Tutorial Example: NAT Address Mapping Done ..................................................................118
Figure 58 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer ...........................119
Figure 59 Tutorial Example: NAT Address Mapping Edit: Server ........................................................119
Figure 60 Tutorial Example: NAT Port Forwarding ............................................................................... 120
Figure 61 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... 120
Figure 62 Tutorial Example: Firewall Default Rule .............................................................................. 121
Figure 63 Tutorial Example: Firewall Rule: WAN1 to LAN .................................................................. 121
Figure 64 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server ...................... 122
Figure 65 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server ....................... 123
Figure 66 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server ....................... 124
Figure 67 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server ........................ 124
Figure 68 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server ....................... 125
Figure 69 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server ........................ 126
Figure 70 Tutorial Example: Firewall Rule Summary ........................................................................... 126
Figure 71 Tutorial Example: NAT Address Mapping Done: Game Playing ........................................ 128
Figure 72 Tutorial Example: Bandwidth Management .......................................................................... 129
Figure 73 Tutorial Example: Bandwidth Management Summary ........................................................ 130
Figure 74 Tutorial Example: Bandwidth Management Class Setup ..................................................... 130
Figure 75 Tutorial Example: Bandwidth Management Class Setup: VoIP ............................................ 131
Figure 76 Tutorial Example: Bandwidth Management Class Setup: FTP ............................................ 131
Figure 77 Tutorial Example: Bandwidth Management Class Setup: WWW ........................................ 132
Figure 78 Tutorial Example: Bandwidth Management Class Setup Done ............................................ 132
Figure 79 Tutorial Example: Bandwidth Management Monitor ............................................................. 133
Figure 80 SECURITY > CONTENT FILTER > General ........................................................................ 134
Figure 81 SECURITY > CONTENT FILTER > Policy ........................................................................... 135
30
ZyWALL 2WG User’s Guide