How it Works
ZyXEL Communications
Loading...
ZyWALL 2WG
User Manual
264 pgs13.51 Mb0
User Manual 2
784 pgs24.7 Mb0
Table of contents
Loading...

ZyXEL Communications ZyWALL 2WG User Manual 2

Download
ZyWALL 2WG
Internet Security Appliance

User’s Guide

Version 4.03 12/2007 Edition 1
www.zyxel.com
About This User's Guide
Intended Audience
This manual is intended for people who want to configure the ZyWALL using the web configurator or System Management Terminal (SMT). You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Related Documentation
• Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains
information on setting up your network and configuring for Internet access.
• Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary
information.
• Supporting Disk Refer to the included CD for support documents.
• ZyXEL Web Site Please refer to www.zyxel.com
certifications.
for additional support documentation and product
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
ZyWALL 2WG User’s Guide
3

Document Conventions

Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The ZyWALL 2WG may be referred to as the “ZyWALL”, the “device” or the “system” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
4
ZyWALL 2WG User’s Guide
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device.
ZyWALL Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
ZyWALL 2WG User’s Guide
5

Safety Warnings

Safety Warnings
1 For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device.
• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
• Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet.
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
6
ZyWALL 2WG User’s Guide
Safety Warnings
• Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).
• If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged.
This product is recyclable. Dispose of it properly.
ZyWALL 2WG User’s Guide
7
Safety Warnings
8
ZyWALL 2WG User’s Guide

Contents Overview

Contents Overview
Introduction ............................................................................................................................ 51
Getting to Know Your ZyWALL .................................................................................................. 53
Introducing the Web Configurator .............................................................................................. 57
Wizard Setup ............................................................................................................................. 81
Tutorial ..................................................................................................................................... 101
Registration ............................................................................................................................. 141
Network and Wireless ..........................................................................................................145
LAN Screens ........................................................................................................................... 147
Bridge Screens ........................................................................................................................ 159
WAN Screens .......................................................................................................................... 165
DMZ Screens ........................................................................................................................... 201
Wireless LAN ............................................................................................................................211
Security ................................................................................................................................. 237
Firewall .................................................................................................................................... 239
Content Filtering Screens ........................................................................................................ 271
Content Filtering Reports ......................................................................................................... 293
IPSec VPN ............................................................................................................................... 301
Certificates ............................................................................................................................... 349
Authentication Server .............................................................................................................. 379
Advanced .............................................................................................................................. 383
Network Address Translation (NAT) ........................................................................................ 385
Static Route ............................................................................................................................. 401
Policy Route ............................................................................................................................ 405
Bandwidth Management ...........................................................................................................411
DNS ......................................................................................................................................... 427
Remote Management ..............................................................................................................439
UPnP ....................................................................................................................................... 461
Custom Application .................................................................................................................. 471
ALG Screen ............................................................................................................................. 473
Logs and Maintenance ........................................................................................................479
Logs Screens ........................................................................................................................... 481
Maintenance .............................................................................................................................511
ZyWALL 2WG User’s Guide
9
Contents Overview
SMT ....................................................................................................................................... 529
Introducing the SMT ................................................................................................................ 531
SMT Menu 1 - General Setup .................................................................................................. 539
WAN and Dial Backup Setup ................................................................................................... 545
LAN Setup ............................................................................................................................... 559
Internet Access ........................................................................................................................ 565
DMZ Setup .............................................................................................................................. 571
Route Setup ............................................................................................................................. 575
Wireless Setup ........................................................................................................................ 579
Remote Node Setup ................................................................................................................ 583
IP Static Route Setup .............................................................................................................. 591
Network Address Translation (NAT) ........................................................................................ 595
Introducing the ZyWALL Firewall ............................................................................................. 615
Filter Configuration .................................................................................................................. 617
SNMP Configuration ................................................................................................................ 633
System Information & Diagnosis ............................................................................................. 635
Firmware and Configuration File Maintenance ........................................................................ 647
System Maintenance Menus 8 to 10 ....................................................................................... 661
Remote Management ..............................................................................................................669
IP Policy Routing ..................................................................................................................... 673
Call Scheduling ........................................................................................................................ 681
Troubleshooting and Specifications ..................................................................................685
Troubleshooting ....................................................................................................................... 687
Product Specifications ............................................................................................................. 693
Appendices and Index ......................................................................................................... 703
10
ZyWALL 2WG User’s Guide

Table of Contents

Table of Contents
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................4
Safety Warnings........................................................................................................................ 6
Contents Overview ...................................................................................................................9
Table of Contents.................................................................................................................... 11
List of Figures ......................................................................................................................... 29
List of Tables...........................................................................................................................43
Part I: Introduction................................................................................. 51
Chapter 1
Getting to Know Your ZyWALL.............................................................................................. 53
1.1 ZyWALL Internet Security Appliance Overview ................................................................... 53
1.2 Ways to Manage the ZyWALL ............................................................................................. 53
1.3 Good Habits for Managing the ZyWALL .............................................................................. 54
1.4 Applications for the ZyWALL ............................................................................................... 54
1.4.1 Secure Broadband Internet Access via Cable or DSL Modem .................................. 54
1.4.2 VPN Application ......................................................................................................... 55
1.4.3 3G WAN Application ................................................................................................... 55
1.4.4 Front Panel Lights ...................................................................................................... 56
Chapter 2
Introducing the Web Configurator ........................................................................................57
2.1 Web Configurator Overview ................................................................................................. 57
2.2 Accessing the ZyWALL Web Configurator .......................................................................... 57
2.3 Resetting the ZyWALL ......................................................................................................... 59
2.3.1 Procedure To Use The Reset Button ......................................................................... 59
2.3.2 Uploading a Configuration File Via Console Port ....................................................... 59
2.4 Navigating the ZyWALL Web Configurator .......................................................................... 60
2.4.1 Title Bar ...................................................................................................................... 60
2.4.2 Main Window ..............................................................................................................61
2.4.3 HOME Screen: Router Mode ................................................................................... 61
2.4.4 HOME Screen: Bridge Mode .................................................................................... 67
ZyWALL 2WG User’s Guide
11
Table of Contents
2.4.5 Navigation Panel ........................................................................................................ 70
2.4.6 Port Statistics ........................................................................................................... 74
2.4.7 Show Statistics: Line Chart ........................................................................................ 75
2.4.8 DHCP Table Screen ................................................................................................ 76
2.4.9 VPN Status ................................................................................................................. 77
2.4.10 Bandwidth Monitor .................................................................................................. 78
Chapter 3
Wizard Setup ........................................................................................................................... 81
3.1 Wizard Setup Overview ...................................................................................................... 81
3.2 Internet Access ................................................................................................................... 81
3.2.1 ISP Parameters .......................................................................................................... 82
3.2.2 Internet Access Wizard: Second Screen .................................................................... 86
3.2.3 Internet Access Wizard: Registration ......................................................................... 87
3.2.4 Internet Access Wizard: Status .................................................................................. 89
3.2.5 Internet Access Wizard: Service Activation ............................................................... 90
3.3 VPN Wizard Gateway Setting .............................................................................................. 90
3.4 VPN Wizard Network Setting ............................................................................................... 92
3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) ................................................................... 93
3.6 VPN Wizard IPSec Setting (IKE Phase 2) ........................................................................... 95
3.7 VPN Wizard Status Summary .............................................................................................. 96
3.8 VPN Wizard Setup Complete .............................................................................................. 99
Chapter 4
Tutorial ................................................................................................................................... 101
4.1 Security Settings for VPN Traffic ....................................................................................... 101
4.1.1 Firewall Rule for VPN Example ................................................................................ 101
4.1.2 Configuring the VPN Rule ........................................................................................ 102
4.1.3 Configuring the Firewall Rules ................................................................................. 105
4.2 Using NAT with Multiple Public IP Addresses .................................................................... 109
4.2.1 Example Parameters and Scenario ......................................................................... 109
4.2.2 Configuring the WAN Connection with a Static IP Address .......................................110
4.2.3 Public IP Address Mapping .......................................................................................113
4.2.4 Forwarding Traffic from the WAN to a Local Computer .............................................118
4.2.5 Allow WAN-to-LAN Traffic through the Firewall ........................................................ 120
4.2.6 Testing the Connections ........................................................................................... 127
4.3 Using NAT with Multiple Game Players ............................................................................. 127
4.4 How to Manage the ZyWALL’s Bandwidth ......................................................................... 128
4.4.1 Example Parameters and Scenario ......................................................................... 128
4.4.2 Configuring Bandwidth Management Rules ............................................................. 129
4.5 Configuring Content Filtering ............................................................................................. 133
4.5.1 Enable Content Filtering ........................................................................................... 133
4.5.2 Block Categories of Web Content ............................................................................ 134
12
ZyWALL 2WG User’s Guide
Table of Contents
4.5.3 Assign Bob’s Computer a Specific IP Address ......................................................... 136
4.5.4 Create a Content Filter Policy for Bob ...................................................................... 136
4.5.5 Set the Content Filter Schedule ............................................................................... 137
4.5.6 Block Categories of Web Content for Bob ............................................................... 138
Chapter 5
Registration........................................................................................................................... 141
5.1 myZyXEL.com overview .................................................................................................... 141
5.1.1 Content Filtering Subscription Service ..................................................................... 141
5.2 Registration ....................................................................................................................... 142
5.3 Service ............................................................................................................................... 143
Part II: Network and Wireless ............................................................. 145
Chapter 6
LAN Screens.......................................................................................................................... 147
6.1 LAN, WAN and the ZyWALL .............................................................................................. 147
6.2 IP Address and Subnet Mask ............................................................................................ 147
6.2.1 Private IP Addresses ................................................................................................ 148
6.3 DHCP ................................................................................................................................ 149
6.3.1 IP Pool Setup ........................................................................................................... 149
6.4 RIP Setup .......................................................................................................................... 149
6.5 Multicast ............................................................................................................................ 149
6.6 WINS ................................................................................................................................. 150
6.7 LAN .................................................................................................................................... 150
6.8 LAN Static DHCP ............................................................................................................... 153
6.9 LAN IP Alias .................................................................................................................... 154
6.10 LAN Port Roles ................................................................................................................ 156
Chapter 7
Bridge Screens...................................................................................................................... 159
7.1 Bridge Loop ....................................................................................................................... 159
7.2 Spanning Tree Protocol (STP) ........................................................................................... 160
7.2.1 Rapid STP ................................................................................................................160
7.2.2 STP Terminology ...................................................................................................... 160
7.2.3 How STP Works ....................................................................................................... 160
7.2.4 STP Port States ........................................................................................................ 161
7.3 Bridge ................................................................................................................................ 161
7.4 Bridge Port Roles ............................................................................................................. 163
Chapter 8
WAN Screens......................................................................................................................... 165
ZyWALL 2WG User’s Guide
13
Table of Contents
8.1 WAN Overview .................................................................................................................. 165
8.2 Multiple WAN ..................................................................................................................... 165
8.3 Load Balancing Introduction .............................................................................................. 166
8.4 Load Balancing Algorithms ................................................................................................ 166
8.4.1 Least Load First ....................................................................................................... 166
8.4.2 Weighted Round Robin ............................................................................................ 167
8.4.3 Spillover .................................................................................................................... 168
8.5 WAN Interface to Local Host Mapping Timeout ................................................................. 169
8.6 TCP/IP Priority (Metric) ...................................................................................................... 170
8.7 WAN General ..................................................................................................................... 170
8.8 Configuring Load Balancing .............................................................................................. 174
8.8.1 Least Load First ....................................................................................................... 174
8.8.2 Weighted Round Robin ............................................................................................ 175
8.8.3 Spillover .................................................................................................................... 176
8.9 WAN IP Address Assignment ............................................................................................ 177
8.10 DNS Server Address Assignment ................................................................................... 177
8.11 WAN MAC Address ......................................................................................................... 178
8.12 WAN 1 ........................................................................................................................... 178
8.12.1 WAN Ethernet Encapsulation ................................................................................. 178
8.12.2 PPPoE Encapsulation ............................................................................................ 181
8.12.3 PPTP Encapsulation .............................................................................................. 184
8.13 WAN 2 (3G WAN) ...........................................................................................................187
8.14 Traffic Redirect .............................................................................................................. 193
8.15 Configuring Traffic Redirect ............................................................................................. 194
8.16 Configuring Dial Backup .................................................................................................. 195
8.17 Advanced Modem Setup ............................................................................................... 197
8.17.1 AT Command Strings ............................................................................................. 197
8.17.2 DTR Signal ............................................................................................................. 198
8.17.3 Response Strings ................................................................................................... 198
8.18 Configuring Advanced Modem Setup .............................................................................. 198
Chapter 9
DMZ Screens ......................................................................................................................... 201
9.1 DMZ ................................................................................................................................. 201
9.2 Configuring DMZ ............................................................................................................... 201
9.3 DMZ Static DHCP ............................................................................................................ 204
9.4 DMZ IP Alias .................................................................................................................... 205
9.5 DMZ Public IP Address Example ...................................................................................... 207
9.6 DMZ Private and Public IP Address Example ................................................................... 208
9.7 DMZ Port Roles ............................................................................................................... 209
Chapter 10
Wireless LAN......................................................................................................................... 211
14
ZyWALL 2WG User’s Guide
Table of Contents
10.1 Wireless LAN Introduction ................................................................................................211
10.2 Configuring WLAN ......................................................................................................... 212
10.3 WLAN Static DHCP ....................................................................................................... 215
10.4 WLAN IP Alias ............................................................................................................... 216
10.5 WLAN Port Roles ........................................................................................................... 218
10.6 Wireless Security Overview ............................................................................................. 220
10.6.1 SSID ....................................................................................................................... 221
10.6.2 MAC Address Filter ................................................................................................ 221
10.6.3 User Authentication ................................................................................................ 221
10.6.4 Encryption ..............................................................................................................222
10.6.5 Additional Installation Requirements for Using 802.1x ........................................... 223
10.7 Wireless Card ................................................................................................................ 223
10.7.1 SSID Profile ...........................................................................................................226
10.8 Configuring Wireless Security ......................................................................................... 227
10.8.1 No Security .............................................................................................................228
10.8.2 Static WEP ............................................................................................................. 229
10.8.3 IEEE 802.1x Only ................................................................................................... 230
10.8.4 IEEE 802.1x + Static WEP ..................................................................................... 231
10.8.5 WPA, WPA2, WPA2-MIX ........................................................................................ 232
10.8.6 WPA-PSK, WPA2-PSK, WPA2-PSK-MIX ............................................................... 233
10.9 MAC Filter ....................................................................................................................... 235
Part III: Security.................................................................................... 237
Chapter 11
Firewall................................................................................................................................... 239
11.1 Firewall Overview ............................................................................................................ 239
11.2 Packet Direction Matrix .................................................................................................... 240
11.3 Packet Direction Examples .............................................................................................. 242
11.3.1 To VPN Packet Direction ........................................................................................ 243
11.3.2 From VPN Packet Direction ................................................................................... 244
11.3.3 From VPN To VPN Packet Direction ...................................................................... 246
11.4 Security Considerations ...................................................................................................248
11.5 Firewall Rules Example ................................................................................................... 248
11.6 Asymmetrical Routes .......................................................................................................250
11.6.1 Asymmetrical Routes and IP Alias ......................................................................... 250
11.7 Firewall Default Rule (Router Mode) ................................................................................ 251
11.8 Firewall Default Rule (Bridge Mode) .............................................................................. 253
11.9 Firewall Rule Summary ................................................................................................... 255
11.9.1 Firewall Edit Rule ............................................................................................... 257
11.10 Anti-Probing ............................................................................................................... 260
ZyWALL 2WG User’s Guide
15
Table of Contents
11.11 Firewall Thresholds ..................................................................................................... 261
11.11.1 Threshold Values .................................................................................................. 262
11.12 Threshold Screen ........................................................................................................... 262
11.13 Service .......................................................................................................................... 264
11.13.1 Firewall Edit Custom Service .............................................................................. 265
11.14 My Service Firewall Rule Example ................................................................................ 266
Chapter 12
Content Filtering Screens ....................................................................................................271
12.1 Content Filtering Overview .............................................................................................. 271
12.1.1 Restrict Web Features ........................................................................................... 271
12.1.2 Create a Filter List .................................................................................................. 271
12.1.3 Customize Web Site Access ................................................................................. 271
12.2 Content Filtering with an External Database ................................................................... 271
12.3 Content Filter General Screen ........................................................................................ 272
12.4 Content Filter Policy ..................................................................................................... 275
12.5 Content Filter Policy: General ......................................................................................... 277
12.6 Content Filter Policy: External Database ........................................................................ 278
12.7 Content Filter Policy: Customization ............................................................................... 285
12.8 Content Filter Policy: Schedule ...................................................................................... 287
12.9 Content Filter Object ..................................................................................................... 288
12.10 Customizing Keyword Blocking URL Checking ............................................................. 290
12.10.1 Domain Name or IP Address URL Checking ....................................................... 290
12.10.2 Full Path URL Checking ....................................................................................... 291
12.10.3 File Name URL Checking ..................................................................................... 291
12.11 Content Filtering Cache ............................................................................................... 291
Chapter 13
Content Filtering Reports.....................................................................................................293
13.1 Checking Content Filtering Activation .............................................................................. 293
13.2 Viewing Content Filtering Reports ................................................................................... 293
13.3 Web Site Submission .......................................................................................................298
Chapter 14
IPSec VPN.............................................................................................................................. 301
14.1 IPSec VPN Overview ..................................................................................................... 301
14.1.1 IKE SA Overview .................................................................................................... 302
14.2 VPN Rules (IKE) .............................................................................................................. 303
14.3 IKE SA Setup .................................................................................................................. 305
14.3.1 IKE SA Proposal .................................................................................................... 305
14.4 Additional IPSec VPN Topics ........................................................................................... 309
14.4.1 SA Life Time ........................................................................................................... 310
14.4.2 IPSec High Availability ........................................................................................... 310
16
ZyWALL 2WG User’s Guide
Table of Contents
14.4.3 Encryption and Authentication Algorithms ..............................................................311
14.5 VPN Rules (IKE) Gateway Policy Edit ............................................................................. 312
14.6 IPSec SA Overview .....................................................................................................318
14.6.1 Local and Remote Networks .................................................................................. 318
14.6.2 Virtual Address Mapping ........................................................................................ 319
14.6.3 Active Protocol ....................................................................................................... 320
14.6.4 Encapsulation ......................................................................................................... 320
14.6.5 IPSec SA Proposal and Perfect Forward Secrecy ................................................. 321
14.7 VPN Rules (IKE) Network Policy Edit ............................................................................. 321
14.8 Network Policy Port Forwarding ................................................................................... 326
14.9 Network Policy Move .....................................................................................................328
14.10 Dialing the VPN Tunnel via Web Configurator ............................................................... 329
14.11 VPN Troubleshooting ..................................................................................................... 330
14.11.1 VPN Log ............................................................................................................... 330
14.12 IPSec Debug ................................................................................................................. 331
14.13 IPSec SA Using Manual Keys ................................................................................... 333
14.13.1 IPSec SA Proposal Using Manual Keys ............................................................... 333
14.13.2 Authentication and the Security Parameter Index (SPI) ....................................... 333
14.14 VPN Rules (Manual) ...................................................................................................... 333
14.15 VPN Rules (Manual) Edit ............................................................................................ 335
14.16 VPN SA Monitor .......................................................................................................... 338
14.17 VPN Global Setting ....................................................................................................... 338
14.17.1 Local and Remote IP Address Conflict Resolution .............................................. 338
14.18 Telecommuter VPN/IPSec Examples ............................................................................ 341
14.18.1 Telecommuters Sharing One VPN Rule Example ................................................ 342
14.18.2 Telecommuters Using Unique VPN Rules Example ............................................. 342
14.19 VPN and Remote Management ..................................................................................... 344
14.20 Hub-and-spoke VPN ...................................................................................................... 344
14.20.1 Hub-and-spoke VPN Example ............................................................................. 345
14.20.2 Hub-and-spoke Example VPN Rule Addresses ................................................... 346
14.20.3 Hub-and-spoke VPN Requirements and Suggestions ......................................... 346
Chapter 15
Certificates ............................................................................................................................349
15.1 Certificates Overview ....................................................................................................... 349
15.1.1 Advantages of Certificates ..................................................................................... 350
15.2 Self-signed Certificates .................................................................................................... 350
15.3 Verifying a Certificate ....................................................................................................... 350
15.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 350
15.4 Configuration Summary ................................................................................................... 351
15.5 My Certificates ................................................................................................................ 352
15.6 My Certificate Details ..................................................................................................... 354
15.7 My Certificate Export ...................................................................................................... 356
ZyWALL 2WG User’s Guide
17
Table of Contents
15.7.1 Certificate File Export Formats ............................................................................... 356
15.8 My Certificate Import ..................................................................................................... 357
15.8.1 Certificate File Formats .......................................................................................... 357
15.9 My Certificate Create ..................................................................................................... 359
15.10 Trusted CAs ................................................................................................................. 364
15.11 Trusted CA Details ........................................................................................................ 366
15.12 Trusted CA Import ....................................................................................................... 369
15.13 Trusted Remote Hosts ................................................................................................. 370
15.14 Trusted Remote Hosts Import ...................................................................................... 372
15.15 Trusted Remote Host Certificate Details ..................................................................... 373
15.16 Directory Servers .......................................................................................................... 375
15.17 Directory Server Add or Edit ........................................................................................ 376
Chapter 16
Authentication Server...........................................................................................................379
16.1 Authentication Server Overview ...................................................................................... 379
16.1.1 Local User Database .............................................................................................. 379
16.1.2 RADIUS ..................................................................................................................379
16.2 Local User Database .....................................................................................................379
16.3 RADIUS ......................................................................................................................... 381
Part IV: Advanced ................................................................................ 383
Chapter 17
Network Address Translation (NAT).................................................................................... 385
17.1 NAT Overview ................................................................................................................ 385
17.1.1 NAT Definitions ...................................................................................................... 385
17.1.2 What NAT Does ..................................................................................................... 386
17.1.3 How NAT Works ..................................................................................................... 386
17.1.4 NAT Application ...................................................................................................... 387
17.1.5 Port Restricted Cone NAT ...................................................................................... 388
17.1.6 NAT Mapping Types ............................................................................................... 388
17.2 Using NAT ........................................................................................................................ 389
17.2.1 SUA (Single User Account) Versus NAT ................................................................ 389
17.3 NAT Overview Screen ..................................................................................................... 390
17.4 NAT Address Mapping ................................................................................................... 391
17.4.1 What NAT Does ..................................................................................................... 391
17.4.2 NAT Address Mapping Edit .................................................................................. 393
17.5 Port Forwarding .............................................................................................................. 394
17.5.1 Default Server IP Address ...................................................................................... 394
17.5.2 Port Forwarding: Services and Port Numbers ........................................................ 395
18
ZyWALL 2WG User’s Guide
Table of Contents
17.5.3 Configuring Servers Behind Port Forwarding (Example) ....................................... 395
17.5.4 NAT and Multiple WAN ........................................................................................... 396
17.5.5 Port Translation ...................................................................................................... 396
17.6 Port Forwarding Screen ................................................................................................... 397
17.7 Port Triggering ............................................................................................................... 399
Chapter 18
Static Route ........................................................................................................................... 401
18.1 IP Static Route .............................................................................................................. 401
18.2 IP Static Route ................................................................................................................. 402
18.2.1 IP Static Route Edit .............................................................................................. 403
Chapter 19
Policy Route .......................................................................................................................... 405
19.1 Policy Route ................................................................................................................... 405
19.2 Benefits ............................................................................................................................ 405
19.3 Routing Policy .................................................................................................................. 405
19.4 IP Routing Policy Setup ...................................................................................................406
19.5 Policy Route Edit ............................................................................................................ 407
Chapter 20
Bandwidth Management....................................................................................................... 411
20.1 Bandwidth Management Overview ..................................................................................411
20.2 Bandwidth Classes and Filters .........................................................................................411
20.3 Proportional Bandwidth Allocation ................................................................................... 412
20.4 Application-based Bandwidth Management .................................................................... 412
20.5 Subnet-based Bandwidth Management .......................................................................... 412
20.6 Application and Subnet-based Bandwidth Management ................................................. 412
20.7 Scheduler ........................................................................................................................ 413
20.7.1 Priority-based Scheduler ........................................................................................ 413
20.7.2 Fairness-based Scheduler ..................................................................................... 413
20.7.3 Maximize Bandwidth Usage ................................................................................... 413
20.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic .......................................... 413
20.7.5 Maximize Bandwidth Usage Example .................................................................... 414
20.8 Bandwidth Borrowing .......................................................................................................415
20.8.1 Bandwidth Borrowing Example .............................................................................. 415
20.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................................. 416
20.10 Over Allotment of Bandwidth ......................................................................................... 417
20.11 Configuring Summary .................................................................................................... 417
20.12 Configuring Class Setup .............................................................................................. 419
20.12.1 Bandwidth Manager Class Configuration ........................................................... 420
20.12.2 Bandwidth Management Statistics ................................................................... 423
20.13 Bandwidth Manager Monitor ........................................................................................ 424
ZyWALL 2WG User’s Guide
19
Table of Contents
Chapter 21
DNS ........................................................................................................................................ 427
21.1 DNS Overview ............................................................................................................... 427
21.2 DNS Server Address Assignment ................................................................................... 427
21.3 DNS Servers .................................................................................................................... 427
21.4 Address Record ............................................................................................................... 428
21.4.1 DNS Wildcard ......................................................................................................... 428
21.5 Name Server Record ....................................................................................................... 428
21.5.1 Private DNS Server ................................................................................................ 428
21.6 System Screen ................................................................................................................ 429
21.6.1 Adding an Address Record .................................................................................. 431
21.6.2 Inserting a Name Server Record .......................................................................... 432
21.7 DNS Cache .................................................................................................................... 433
21.8 Configure DNS Cache ..................................................................................................... 433
21.9 Configuring DNS DHCP ................................................................................................ 435
21.10 Dynamic DNS .............................................................................................................. 436
21.10.1 DYNDNS Wildcard ............................................................................................... 436
21.10.2 High Availability .................................................................................................... 437
21.11 Configuring Dynamic DNS ............................................................................................. 437
Chapter 22
Remote Management............................................................................................................ 439
22.1 Remote Management Overview ...................................................................................... 439
22.1.1 Remote Management Limitations .......................................................................... 440
22.1.2 System Timeout ..................................................................................................... 440
22.2 WWW (HTTP and HTTPS) ............................................................................................. 440
22.3 WWW .............................................................................................................................. 441
22.4 HTTPS Example .............................................................................................................. 443
22.4.1 Internet Explorer Warning Messages ..................................................................... 443
22.4.2 Netscape Navigator Warning Messages ................................................................ 443
22.4.3 Avoiding the Browser Warning Messages .............................................................. 444
22.4.4 Login Screen .......................................................................................................... 445
22.5 SSH .............................................................................................................................. 447
22.6 How SSH Works .............................................................................................................. 447
22.7 SSH Implementation on the ZyWALL .............................................................................. 448
22.7.1 Requirements for Using SSH ................................................................................. 448
22.8 Configuring SSH .............................................................................................................. 449
22.9 Secure Telnet Using SSH Examples ............................................................................... 450
22.9.1 Example 1: Microsoft Windows .............................................................................. 450
22.9.2 Example 2: Linux .................................................................................................... 450
22.10 Secure FTP Using SSH Example .................................................................................. 451
22.11 Telnet ........................................................................................................................... 452
22.12 Configuring TELNET ..................................................................................................... 452
20
ZyWALL 2WG User’s Guide
Table of Contents
22.13 FTP .............................................................................................................................. 453
22.14 SNMP .......................................................................................................................... 454
22.14.1 Supported MIBs .................................................................................................. 455
22.14.2 SNMP Traps ......................................................................................................... 456
22.14.3 REMOTE MANAGEMENT: SNMP ....................................................................... 456
22.15 DNS ............................................................................................................................. 457
22.16 Introducing Vantage CNM ............................................................................................. 458
22.17 Configuring CNM ........................................................................................................... 458
22.17.1 Additional Configuration for Vantage CNM .......................................................... 460
Chapter 23
UPnP ...................................................................................................................................... 461
23.1 Universal Plug and Play Overview ................................................................................ 461
23.1.1 How Do I Know If I'm Using UPnP? ....................................................................... 461
23.1.2 NAT Traversal ........................................................................................................ 461
23.1.3 Cautions with UPnP ............................................................................................... 461
23.1.4 UPnP and ZyXEL ................................................................................................... 462
23.2 Configuring UPnP ............................................................................................................ 462
23.3 Displaying UPnP Port Mapping .................................................................................... 463
23.4 Installing UPnP in Windows Example .............................................................................. 464
23.4.1 Installing UPnP in Windows Me ............................................................................. 465
23.4.2 Installing UPnP in Windows XP ............................................................................. 466
23.5 Using UPnP in Windows XP Example ............................................................................. 466
23.5.1 Auto-discover Your UPnP-enabled Network Device .............................................. 467
23.5.2 Web Configurator Easy Access ............................................................................. 468
Chapter 24
Custom Application ..............................................................................................................471
24.1 Custom Applicaton ......................................................................................................... 471
24.2 Custom Applicaton Configuration .................................................................................... 471
Chapter 25
ALG Screen ........................................................................................................................... 473
25.1 ALG Introduction ............................................................................................................. 473
25.1.1 ALG and NAT ......................................................................................................... 473
25.1.2 ALG and the Firewall .............................................................................................. 473
25.1.3 ALG and Multiple WAN .......................................................................................... 474
25.2 FTP .................................................................................................................................. 474
25.3 H.323 ............................................................................................................................... 474
25.4 RTP .................................................................................................................................. 474
25.4.1 H.323 ALG Details ................................................................................................. 474
25.5 SIP ................................................................................................................................... 476
25.5.1 STUN ..................................................................................................................... 476
ZyWALL 2WG User’s Guide
21
Table of Contents
25.5.2 SIP ALG Details ..................................................................................................... 476
25.5.3 SIP Signaling Session Timeout .............................................................................. 477
25.5.4 SIP Audio Session Timeout .................................................................................... 477
25.6 ALG Screen ..................................................................................................................... 477
Part V: Logs and Maintenance ............................................................ 479
Chapter 26
Logs Screens ........................................................................................................................481
26.1 Configuring View Log ...................................................................................................... 481
26.2 Log Description Example ................................................................................................. 482
26.2.1 About the Certificate Not Trusted Log .................................................................... 483
26.3 Configuring Log Settings ................................................................................................ 484
26.4 Configuring Reports ....................................................................................................... 487
26.4.1 Viewing Web Site Hits ............................................................................................ 489
26.4.2 Viewing Host IP Address ........................................................................................ 489
26.4.3 Viewing Protocol/Port ............................................................................................. 490
26.4.4 System Reports Specifications ............................................................................... 492
26.5 Log Descriptions .............................................................................................................. 492
26.6 Syslog Logs ..................................................................................................................... 508
Chapter 27
Maintenance .......................................................................................................................... 511
27.1 Maintenance Overview .....................................................................................................511
27.2 General Setup and System Name ....................................................................................511
27.2.1 General Setup ........................................................................................................511
27.3 Configuring Password .................................................................................................... 512
27.4 Time and Date ................................................................................................................ 513
27.5 Pre-defined NTP Time Server Pools ............................................................................... 516
27.5.1 Resetting the Time ................................................................................................. 516
27.5.2 Time Server Synchronization ................................................................................. 516
27.6 Introduction To Transparent Bridging ............................................................................... 517
27.7 Transparent Firewalls ...................................................................................................... 518
27.8 Configuring Device Mode (Router) ................................................................................. 518
27.9 Configuring Device Mode (Bridge) ................................................................................. 519
27.10 F/W Upload Screen ...................................................................................................... 521
27.11 Backup and Restore ..................................................................................................... 523
27.11.1 Backup Configuration ........................................................................................... 524
27.11.2 Restore Configuration .......................................................................................... 524
27.11.3 Back to Factory Defaults ..................................................................................... 525
27.12 Restart Screen .............................................................................................................. 525
22
ZyWALL 2WG User’s Guide
Table of Contents
27.13 Diagnostics ................................................................................................................... 526
Part VI: SMT.......................................................................................... 529
Chapter 28
Introducing the SMT .............................................................................................................531
28.1 Introduction to the SMT ...................................................................................................531
28.2 Accessing the SMT via the Console Port ........................................................................ 531
28.2.1 Initial Screen ..........................................................................................................531
28.2.2 Entering the Password ........................................................................................... 532
28.3 Navigating the SMT Interface .......................................................................................... 532
28.3.1 Main Menu ............................................................................................................. 533
28.3.2 SMT Menus Overview ............................................................................................ 535
28.4 Changing the System Password ..................................................................................... 537
28.5 Resetting the ZyWALL ..................................................................................................... 538
Chapter 29
SMT Menu 1 - General Setup ............................................................................................... 539
29.1 Introduction to General Setup .......................................................................................... 539
29.2 Configuring General Setup .............................................................................................. 539
29.2.1 Configuring Dynamic DNS ..................................................................................... 541
Chapter 30
WAN and Dial Backup Setup................................................................................................ 545
30.1 Introduction to WAN, 3G WAN and Dial Backup Setup ................................................... 545
30.2 WAN Setup ...................................................................................................................... 545
30.3 Dial Backup ..................................................................................................................... 546
30.3.1 Configuring Dial Backup in Menu 2 ........................................................................ 546
30.3.2 Advanced WAN Setup ........................................................................................... 547
30.3.3 Remote Node Profile (Backup ISP) ........................................................................ 549
30.3.4 Editing TCP/IP Options .......................................................................................... 551
30.3.5 Editing Login Script ................................................................................................ 552
30.3.6 Remote Node Filter ................................................................................................ 554
30.4 3G WAN ........................................................................................................................... 554
30.4.1 3G Modem Setup ................................................................................................... 554
30.4.2 Remote Node Profile (3G WAN) ............................................................................ 556
Chapter 31
LAN Setup.............................................................................................................................. 559
31.1 Introduction to LAN Setup ............................................................................................... 559
31.2 Accessing the LAN Menus .............................................................................................. 559
ZyWALL 2WG User’s Guide
23
Table of Contents
31.3 LAN Port Filter Setup ....................................................................................................... 559
31.4 TCP/IP and DHCP Ethernet Setup Menu ........................................................................ 560
31.4.1 IP Alias Setup ......................................................................................................... 563
Chapter 32
Internet Access ..................................................................................................................... 565
32.1 Introduction to Internet Access Setup .............................................................................. 565
32.2 Ethernet Encapsulation ................................................................................................... 565
32.3 Configuring the PPTP Client ............................................................................................ 567
32.4 Configuring the PPPoE Client ......................................................................................... 568
32.5 Basic Setup Complete ..................................................................................................... 569
Chapter 33
DMZ Setup ............................................................................................................................. 571
33.1 Configuring DMZ Setup ................................................................................................... 571
33.2 DMZ Port Filter Setup ...................................................................................................... 571
33.3 TCP/IP Setup ................................................................................................................... 572
33.3.1 IP Address ..............................................................................................................572
33.3.2 IP Alias Setup ......................................................................................................... 573
Chapter 34
Route Setup........................................................................................................................... 575
34.1 Configuring Route Setup ................................................................................................. 575
34.2 Route Assessment ..........................................................................................................575
34.3 Traffic Redirect ................................................................................................................ 576
34.4 Route Failover ................................................................................................................. 577
Chapter 35
Wireless Setup ...................................................................................................................... 579
35.1 TCP/IP Setup ................................................................................................................... 579
35.1.1 IP Address ..............................................................................................................579
35.1.2 IP Alias Setup ......................................................................................................... 580
Chapter 36
Remote Node Setup..............................................................................................................583
36.1 Introduction to Remote Node Setup ................................................................................ 583
36.2 Remote Node Setup ........................................................................................................ 583
36.3 Remote Node Profile Setup ............................................................................................. 583
36.3.1 Ethernet Encapsulation .......................................................................................... 584
36.3.2 PPPoE Encapsulation ............................................................................................ 585
36.3.3 PPTP Encapsulation .............................................................................................. 586
36.4 Edit IP .............................................................................................................................. 587
36.5 Remote Node Filter ......................................................................................................... 589
24
ZyWALL 2WG User’s Guide
Table of Contents
Chapter 37
IP Static Route Setup............................................................................................................ 591
37.1 IP Static Route Setup ...................................................................................................... 591
Chapter 38
Network Address Translation (NAT).................................................................................... 595
38.1 Using NAT ........................................................................................................................ 595
38.1.1 SUA (Single User Account) Versus NAT ................................................................ 595
38.1.2 Applying NAT ......................................................................................................... 595
38.2 NAT Setup ....................................................................................................................... 597
38.2.1 Address Mapping Sets ........................................................................................... 598
38.3 Configuring a Server behind NAT .................................................................................... 602
38.4 General NAT Examples ................................................................................................... 605
38.4.1 Internet Access Only .............................................................................................. 605
38.4.2 Example 2: Internet Access with a Default Server ................................................. 606
38.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............................. 607
38.4.4 Example 4: NAT Unfriendly Application Programs ................................................. 610
38.5 Trigger Port Forwarding ...................................................................................................612
38.5.1 Two Points To Remember About Trigger Ports ...................................................... 612
Chapter 39
Introducing the ZyWALL Firewall ........................................................................................615
39.1 Using ZyWALL SMT Menus ............................................................................................ 615
39.1.1 Activating the Firewall ............................................................................................ 615
Chapter 40
Filter Configuration............................................................................................................... 617
40.1 Introduction to Filters ....................................................................................................... 617
40.1.1 The Filter Structure of the ZyWALL ........................................................................ 618
40.2 Configuring a Filter Set .................................................................................................... 620
40.2.1 Configuring a Filter Rule ........................................................................................ 621
40.2.2 Configuring a TCP/IP Filter Rule ............................................................................ 622
40.2.3 Configuring a Generic Filter Rule ........................................................................... 624
40.3 Example Filter .................................................................................................................. 626
40.4 Filter Types and NAT ....................................................................................................... 628
40.5 Firewall Versus Filters ..................................................................................................... 628
40.5.1 Packet Filtering: ..................................................................................................... 628
40.5.2 Firewall ................................................................................................................... 629
40.6 Applying a Filter .............................................................................................................. 629
40.6.1 Applying LAN Filters ............................................................................................... 630
40.6.2 Applying DMZ Filters .............................................................................................. 630
40.6.3 Applying Remote Node Filters ............................................................................... 631
ZyWALL 2WG User’s Guide
25
Table of Contents
Chapter 41
SNMP Configuration.............................................................................................................633
41.1 SNMP Configuration ........................................................................................................633
41.2 SNMP Traps .................................................................................................................... 634
Chapter 42
System Information & Diagnosis.........................................................................................635
42.1 Introduction to System Status .......................................................................................... 635
42.2 System Status .................................................................................................................. 635
42.3 System Information and Console Port Speed .................................................................. 637
42.3.1 System Information ................................................................................................ 637
42.3.2 Console Port Speed ............................................................................................... 638
42.4 Log and Trace .................................................................................................................. 639
42.4.1 Viewing Error Log ................................................................................................... 639
42.4.2 Syslog Logging ....................................................................................................... 640
42.4.3 Call-Triggering Packet ............................................................................................ 643
42.5 Diagnostic ........................................................................................................................ 644
42.5.1 WAN DHCP ............................................................................................................ 645
Chapter 43
Firmware and Configuration File Maintenance..................................................................647
43.1 Introduction ...................................................................................................................... 647
43.2 Filename Conventions ..................................................................................................... 647
43.3 Backup Configuration ......................................................................................................648
43.3.1 Backup Configuration ............................................................................................. 648
43.3.2 Using the FTP Command from the Command Line ............................................... 649
43.3.3 Example of FTP Commands from the Command Line .......................................... 649
43.3.4 GUI-based FTP Clients .......................................................................................... 650
43.3.5 File Maintenance Over WAN .................................................................................. 650
43.3.6 Backup Configuration Using TFTP ......................................................................... 650
43.3.7 TFTP Command Example ...................................................................................... 651
43.3.8 GUI-based TFTP Clients ........................................................................................ 651
43.3.9 Backup Via Console Port ....................................................................................... 651
43.4 Restore Configuration ...................................................................................................... 652
43.4.1 Restore Using FTP ................................................................................................. 653
43.4.2 Restore Using FTP Session Example .................................................................... 654
43.4.3 Restore Via Console Port ....................................................................................... 654
43.5 Uploading Firmware and Configuration Files .................................................................. 655
43.5.1 Firmware File Upload ............................................................................................. 655
43.5.2 Configuration File Upload ....................................................................................... 656
43.5.3 FTP File Upload Command from the DOS Prompt Example ................................. 657
43.5.4 FTP Session Example of Firmware File Upload .................................................... 657
43.5.5 TFTP File Upload ................................................................................................... 657
26
ZyWALL 2WG User’s Guide
Table of Contents
43.5.6 TFTP Upload Command Example ......................................................................... 658
43.5.7 Uploading Via Console Port ................................................................................... 658
43.5.8 Uploading Firmware File Via Console Port ............................................................ 658
43.5.9 Example Xmodem Firmware Upload Using HyperTerminal ................................... 659
43.5.10 Uploading Configuration File Via Console Port .................................................... 659
43.5.11 Example Xmodem Configuration Upload Using HyperTerminal ........................... 660
Chapter 44
System Maintenance Menus 8 to 10....................................................................................661
44.1 Command Interpreter Mode ............................................................................................ 661
44.1.1 Command Syntax ................................................................................................... 662
44.1.2 Command Usage ................................................................................................... 662
44.2 Call Control Support ........................................................................................................ 663
44.2.1 Budget Management .............................................................................................. 663
44.2.2 Call History ............................................................................................................. 664
44.3 Time and Date Setting .....................................................................................................665
Chapter 45
Remote Management............................................................................................................ 669
45.1 Remote Management ...................................................................................................... 669
45.1.1 Remote Management Limitations .......................................................................... 671
Chapter 46
IP Policy Routing ..................................................................................................................673
46.1 IP Routing Policy Summary ............................................................................................. 673
46.2 IP Routing Policy Setup ...................................................................................................674
46.2.1 Applying Policy to Packets ..................................................................................... 676
46.3 IP Policy Routing Example .............................................................................................. 677
Chapter 47
Call Scheduling..................................................................................................................... 681
47.1 Introduction to Call Scheduling ........................................................................................ 681
Part VII: Troubleshooting and Specifications ................................... 685
Chapter 48
Troubleshooting....................................................................................................................687
48.1 Power, Hardware Connections, and LEDs ...................................................................... 687
48.2 ZyWALL Access and Login .............................................................................................. 688
48.3 Internet Access ................................................................................................................ 690
ZyWALL 2WG User’s Guide
27
Table of Contents
Chapter 49
Product Specifications.........................................................................................................693
49.1 General ZyWALL Specifications ...................................................................................... 693
49.2 Compatible 3G Cards ...................................................................................................... 696
49.3 3G Card Installation ......................................................................................................... 697
49.4 Wall-mounting Instructions .............................................................................................. 697
49.5 Power Adaptor Specifications .......................................................................................... 699
49.6 Cable Pin Assignments ................................................................................................... 700
Part VIII: Appendices and Index ......................................................... 703
Appendix A Pop-up Windows, JavaScripts and Java Permissions ...................................... 705
Appendix B Setting up Your Computer’s IP Address............................................................ 713
Appendix C IP Addresses and Subnetting ........................................................................... 729
Appendix D Common Services ............................................................................................737
Appendix E Wireless LANs ..................................................................................................741
Appendix F Importing Certificates ........................................................................................ 755
Appendix G Legal Information ..............................................................................................765
Appendix H Customer Support............................................................................................. 769
Index....................................................................................................................................... 775
28
ZyWALL 2WG User’s Guide

List of Figures

List of Figures
Figure 1 Secure Internet Access via Cable or DSL Modem ................................................................... 54
Figure 2 VPN Application ....................................................................................................................... 55
Figure 3 3G WAN Application ................................................................................................................. 55
Figure 4 Front Panel ............................................................................................................................... 56
Figure 5 Change Password Screen ........................................................................................................ 58
Figure 6 Replace Certificate Screen ....................................................................................................... 58
Figure 7 Example Xmodem Upload ........................................................................................................ 59
Figure 8 HOME Screen .......................................................................................................................... 60
Figure 9 Web Configurator HOME Screen in Router Mode .................................................................. 61
Figure 10 Web Configurator HOME Screen in Bridge Mode .................................................................. 67
Figure 11 HOME > Show Statistics ......................................................................................................... 74
Figure 12 HOME > Show Statistics > Line Chart .................................................................................... 75
Figure 13 HOME > DHCP Table ............................................................................................................. 76
Figure 14 HOME > VPN Status .............................................................................................................. 77
Figure 15 Home > Bandwidth Monitor .................................................................................................... 78
Figure 16 Wizard Setup Welcome .......................................................................................................... 81
Figure 17 ISP Parameters: Ethernet Encapsulation ...............................................................................82
Figure 18 ISP Parameters: PPPoE Encapsulation ................................................................................. 83
Figure 19 ISP Parameters: PPTP Encapsulation ...................................................................................85
Figure 20 Internet Access Wizard: Second Screen ................................................................................86
Figure 21 Internet Access Setup Complete ............................................................................................ 87
Figure 22 Internet Access Wizard: Registration ..................................................................................... 88
Figure 23 Internet Access Wizard: Registration in Progress .................................................................. 89
Figure 24 Internet Access Wizard: Status .............................................................................................. 89
Figure 25 Internet Access Wizard: Registration Failed ..........................................................................89
Figure 26 Internet Access Wizard: Registered Device ........................................................................... 90
Figure 27 Internet Access Wizard: Activated Services ...........................................................................90
Figure 28 VPN Wizard: Gateway Setting ............................................................................................... 91
Figure 29 VPN Wizard: Network Setting ................................................................................................ 92
Figure 30 VPN Wizard: IKE Tunnel Setting ............................................................................................ 94
Figure 31 VPN Wizard: IPSec Setting .................................................................................................... 95
Figure 32 VPN Wizard: VPN Status ....................................................................................................... 97
Figure 33 VPN Wizard Setup Complete ................................................................................................. 99
Figure 34 Firewall Rule for VPN ........................................................................................................... 102
Figure 35 SECURITY > VPN > VPN Rules (IKE) ................................................................................ 102
Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy ........................................... 103
Figure 37 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example .............................. 104
Figure 38 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy ............................................. 105
ZyWALL 2WG User’s Guide
29
List of Figures
Figure 39 SECURITY > FIREWALL > Rule Summary ......................................................................... 106
Figure 40 SECURITY > FIREWALL > Rule Summary > Edit: Allow ................................................... 107
Figure 41 SECURITY > FIREWALL > Rule Summary: Allow ............................................................... 108
Figure 42 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN .................................... 108
Figure 43 Tutorial Example: Using NAT with Static Public IP Addresses ............................................. 109
Figure 44 Tutorial Example: WAN Connection with a Static Public IP Address ....................................110
Figure 45 Tutorial Example: WAN 1 Screen .........................................................................................111
Figure 46 Tutorial Example: DNS > System .......................................................................................... 111
Figure 47 Tutorial Example: DNS > System Edit-1 ..............................................................................11 2
Figure 48 Tutorial Example: DNS > System Edit-2 ..............................................................................11 2
Figure 49 Tutorial Example: DNS > System: Done ..............................................................................113
Figure 50 Tutorial Example: Status ........................................................................................................113
Figure 51 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers .........................114
Figure 52 Tutorial Example: NAT > NAT Overview ...............................................................................115
Figure 53 Tutorial Example: NAT > Address Mapping ...........................................................................116
Figure 54 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) ...........................................116
Figure 55 Tutorial Example: NAT Address Mapping Edit: One-to-One (2) ...........................................117
Figure 56 Tutorial Example: NAT Address Mapping Edit: Many-to-One ..............................................117
Figure 57 Tutorial Example: NAT Address Mapping Done ..................................................................118
Figure 58 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer ...........................119
Figure 59 Tutorial Example: NAT Address Mapping Edit: Server ........................................................119
Figure 60 Tutorial Example: NAT Port Forwarding ............................................................................... 120
Figure 61 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer .......................... 120
Figure 62 Tutorial Example: Firewall Default Rule .............................................................................. 121
Figure 63 Tutorial Example: Firewall Rule: WAN1 to LAN .................................................................. 121
Figure 64 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server ...................... 122
Figure 65 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server ....................... 123
Figure 66 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server ....................... 124
Figure 67 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server ........................ 124
Figure 68 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server ....................... 125
Figure 69 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server ........................ 126
Figure 70 Tutorial Example: Firewall Rule Summary ........................................................................... 126
Figure 71 Tutorial Example: NAT Address Mapping Done: Game Playing ........................................ 128
Figure 72 Tutorial Example: Bandwidth Management .......................................................................... 129
Figure 73 Tutorial Example: Bandwidth Management Summary ........................................................ 130
Figure 74 Tutorial Example: Bandwidth Management Class Setup ..................................................... 130
Figure 75 Tutorial Example: Bandwidth Management Class Setup: VoIP ............................................ 131
Figure 76 Tutorial Example: Bandwidth Management Class Setup: FTP ............................................ 131
Figure 77 Tutorial Example: Bandwidth Management Class Setup: WWW ........................................ 132
Figure 78 Tutorial Example: Bandwidth Management Class Setup Done ............................................ 132
Figure 79 Tutorial Example: Bandwidth Management Monitor ............................................................. 133
Figure 80 SECURITY > CONTENT FILTER > General ........................................................................ 134
Figure 81 SECURITY > CONTENT FILTER > Policy ........................................................................... 135
30
ZyWALL 2WG User’s Guide
List of Figures
Figure 82 SECURITY > CONTENT FILTER > Policy > External Database (Default) .......................... 135
Figure 83 HOME > DHCP Table ........................................................................................................... 136
Figure 84 SECURITY > CONTENT FILTER > Policy ........................................................................... 136
Figure 85 SECURITY > CONTENT FILTER > Policy > Insert .............................................................. 137
Figure 86 SECURITY > CONTENT FILTER > Policy ........................................................................... 137
Figure 87 SECURITY > CONTENT FILTER > Policy > Schedule (Bob) .............................................. 138
Figure 88 SECURITY > CONTENT FILTER > Policy ........................................................................... 139
Figure 89 SECURITY > CONTENT FILTER > Policy > External Database (Bob) ............................... 139
Figure 90 REGISTRATION ................................................................................................................... 142
Figure 91 REGISTRATION: Registered Device ................................................................................... 143
Figure 92 REGISTRATION > Service ................................................................................................... 144
Figure 93 LAN and WAN ..................................................................................................................... 147
Figure 94 NETWORK > LAN ................................................................................................................ 151
Figure 95 NETWORK > LAN > Static DHCP ........................................................................................ 154
Figure 96 Physical Network & Partitioned Logical Networks ................................................................ 155
Figure 97 NETWORK > LAN > IP Alias ................................................................................................ 155
Figure 98 NETWORK > LAN > Port Roles ...........................................................................................157
Figure 99 Port Roles Change Complete ............................................................................................... 157
Figure 100 Bridge Loop: Bridge Connected to Wired LAN ................................................................... 159
Figure 101 NETWORK > Bridge ........................................................................................................... 162
Figure 102 NETWORK > Bridge > Port Roles ...................................................................................... 164
Figure 103 Port Roles Change Complete ............................................................................................. 164
Figure 104 Least Load First Example .................................................................................................. 167
Figure 105 Weighted Round Robin Algorithm Example ....................................................................... 168
Figure 106 Spillover Algorithm Example ............................................................................................... 168
Figure 107 Different WAN IP Addresses ............................................................................................. 169
Figure 108 NETWORK > WAN General ..............................................................................................171
Figure 109 Load Balancing: Least Load First ....................................................................................... 174
Figure 110 Load Balancing: Weighted Round Robin ............................................................................ 175
Figure 111 Load Balancing: Spillover .................................................................................................... 176
Figure 112 NETWORK > WAN > WAN 1 (Ethernet Encapsulation) .................................................. 179
Figure 113 NETWORK > WAN > WAN 1 (PPPoE Encapsulation) ...................................................... 182
Figure 114 NETWORK > WAN > WAN 1 (PPTP Encapsulation) ........................................................ 185
Figure 115 NETWORK > WAN > WAN 2 (3G WAN) ......................................................................... 190
Figure 116 Traffic Redirect WAN Setup ................................................................................................ 193
Figure 117 Traffic Redirect LAN Setup ................................................................................................. 194
Figure 118 NETWORK > WAN > Traffic Redirect ................................................................................. 194
Figure 119 NETWORK > WAN > Dial Backup .................................................................................... 195
Figure 120 NETWORK > WAN > Dial Backup > Edit ......................................................................... 198
Figure 121 NETWORK > DMZ ............................................................................................................ 202
Figure 122 NETWORK > DMZ > Static DHCP ................................................................................... 205
Figure 123 NETWORK > DMZ > IP Alias ............................................................................................ 206
Figure 124 DMZ Public Address Example ............................................................................................ 208
ZyWALL 2WG User’s Guide
31
List of Figures
Figure 125 DMZ Private and Public Address Example ........................................................................ 209
Figure 126 NETWORK > DMZ > Port Roles ....................................................................................... 210
Figure 127 Example of a Wireless Network ..........................................................................................211
Figure 128 NETWORK > WLAN .......................................................................................................... 213
Figure 129 NETWORK > WLAN > Static DHCP ................................................................................. 216
Figure 130 NETWORK > WLAN > IP Alias ......................................................................................... 217
Figure 131 WLAN Port Role Example ................................................................................................. 219
Figure 132 NETWORK > WLAN > Port Roles ..................................................................................... 220
Figure 133 NETWORK > WLAN > Port Roles: Change Complete ....................................................... 220
Figure 134 WIRELESS > Wi-Fi > Wireless Card ................................................................................ 224
Figure 135 Configuring SSID ................................................................................................................ 226
Figure 136 WIRELESS > Wi-Fi > Security ........................................................................................... 228
Figure 137 WIRELESS > Wi-Fi > Security: None ................................................................................. 229
Figure 138 WIRELESS > Wi-Fi > Security: WEP ................................................................................. 229
Figure 139 WIRELESS > Wi-Fi > Security: 802.1x Only ..................................................................... 230
Figure 140 WIRELESS > Wi-Fi > Security: 802.1x + Static WEP ........................................................ 231
Figure 141 WIRELESS > Wi-Fi > Security: WPA, WPA2 or WPA2-MIX .............................................. 232
Figure 142 WIRELESS > Wi-Fi > Security: WPA(2)-PSK ..................................................................... 234
Figure 143 NETWORK > WIRELESS CARD > MAC Filter .................................................................. 235
Figure 144 Default Firewall Action ........................................................................................................ 239
Figure 145 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 240
Figure 146 Default Block Traffic From WAN1 to DMZ Example ....................................................... 241
Figure 147 From LAN to VPN Example ............................................................................................... 243
Figure 148 Block DMZ to VPN Traffic by Default Example ............................................................... 244
Figure 149 From VPN to LAN Example ............................................................................................... 245
Figure 150 Block VPN to LAN Traffic by Default Example ............................................................... 246
Figure 151 From VPN to VPN Example .............................................................................................. 247
Figure 152 Block VPN to VPN Traffic by Default Example ............................................................... 247
Figure 153 Blocking All LAN to WAN IRC Traffic Example .................................................................. 248
Figure 154 Limited LAN to WAN IRC Traffic Example .......................................................................... 249
Figure 155 Using IP Alias to Solve the Triangle Route Problem .......................................................... 251
Figure 156 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 251
Figure 157 SECURITY > FIREWALL > Default Rule (Bridge Mode) .................................................... 254
Figure 158 SECURITY > FIREWALL > Rule Summary ....................................................................... 256
Figure 159 SECURITY > FIREWALL > Rule Summary > Edit ............................................................ 258
Figure 160 SECURITY > FIREWALL > Anti-Probing ........................................................................... 260
Figure 161 Three-Way Handshake ....................................................................................................... 261
Figure 162 SECURITY > FIREWALL > Threshold ............................................................................ 262
Figure 163 SECURITY > FIREWALL > Service ................................................................................... 264
Figure 164 Firewall Edit Custom Service ............................................................................................. 265
Figure 165 My Service Firewall Rule Example: Service ...................................................................... 266
Figure 166 My Service Firewall Rule Example: Edit Custom Service ................................................. 267
Figure 167 My Service Firewall Rule Example: Rule Summary ........................................................... 267
32
ZyWALL 2WG User’s Guide
List of Figures
Figure 168 My Service Firewall Rule Example: Rule Edit: Source and Destination Addresses .......... 268
Figure 169 My Service Firewall Rule Example: Edit Rule: Service Configuration ................................ 269
Figure 170 My Service Firewall Rule Example: Rule Summary: Completed ........................................ 270
Figure 171 Content Filtering Lookup Procedure ................................................................................... 272
Figure 172 SECURITY > CONTENT FILTER > General ...................................................................... 273
Figure 173 SECURITY > CONTENT FILTER > Policy ......................................................................... 276
Figure 174 SECURITY > CONTENT FILTER > Policy > General ........................................................ 277
Figure 175 SECURITY > CONTENT FILTER > Policy > External Database ....................................... 279
Figure 176 SECURITY > CONTENT FILTER > Policy > Customization .............................................. 286
Figure 177 SECURITY > CONTENT FILTER > Policy > Schedule ...................................................... 288
Figure 178 SECURITY > CONTENT FILTER > Object ........................................................................ 289
Figure 179 SECURITY > CONTENT FILTER > Cache ........................................................................ 292
Figure 180 myZyXEL.com: Login ......................................................................................................... 294
Figure 181 myZyXEL.com: Welcome ................................................................................................... 294
Figure 182 myZyXEL.com: Service Management ................................................................................ 295
Figure 183 Blue Coat: Login ................................................................................................................. 295
Figure 184 Content Filtering Reports Main Screen .............................................................................. 296
Figure 185 Blue Coat: Report Home .................................................................................................... 296
Figure 186 Global Report Screen Example .......................................................................................... 297
Figure 187 Requested URLs Example ................................................................................................. 298
Figure 188 Web Page Review Process Screen ................................................................................... 299
Figure 189 VPN: Example .................................................................................................................... 301
Figure 190 VPN: IKE SA and IPSec SA .............................................................................................. 302
Figure 191 Gateway and Network Policies .......................................................................................... 303
Figure 192 IPSec Fields Summary ..................................................................................................... 303
Figure 193 SECURITY > VPN > VPN Rules (IKE) .............................................................................. 304
Figure 194 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal ......................................... 305
Figure 195 IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange ...................................... 306
Figure 196 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication ............................................. 306
Figure 197 VPN/NAT Example ............................................................................................................. 309
Figure 198 IPSec High Availability ........................................................................................................311
Figure 199 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy ......................................... 313
Figure 200 Virtual Mapping of Local and Remote Network IP Addresses ............................................ 319
Figure 201 VPN: Transport and Tunnel Mode Encapsulation .............................................................. 320
Figure 202 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy ........................................... 322
Figure 203 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding ............. 327
Figure 204 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy ........................................ 328
Figure 205 VPN Rule Configured ......................................................................................................... 329
Figure 206 VPN Dial ............................................................................................................................. 329
Figure 207 VPN Tunnel Established ..................................................................................................... 330
Figure 208 VPN Log Example ............................................................................................................. 331
Figure 209 IKE/IPSec Debug Example ............................................................................................... 332
Figure 210 SECURITY > VPN > VPN Rules (Manual) ........................................................................ 334
ZyWALL 2WG User’s Guide
33
List of Figures
Figure 211 SECURITY > VPN > VPN Rules (Manual) > Edit .............................................................. 335
Figure 212 SECURITY > VPN > SA Monitor ...................................................................................... 338
Figure 213 Overlap in a Dynamic VPN Rule ........................................................................................ 339
Figure 214 Overlap in IP Alias and VPN Remote Networks ................................................................. 340
Figure 215 SECURITY > VPN > Global Setting ................................................................................. 340
Figure 216 Telecommuters Sharing One VPN Rule Example .............................................................. 342
Figure 217 Telecommuters Using Unique VPN Rules Example ........................................................... 343
Figure 218 VPN for Remote Management Example ............................................................................ 344
Figure 219 VPN Topologies .................................................................................................................. 345
Figure 220 Hub-and-spoke VPN Example ...........................................................................................346
Figure 221 Certificates on Your Computer ........................................................................................... 350
Figure 222 Certificate Details .............................................................................................................. 351
Figure 223 Certificate Configuration Overview ..................................................................................... 351
Figure 224 SECURITY > CERTIFICATES > My Certificates ............................................................... 352
Figure 225 SECURITY > CERTIFICATES > My Certificates > Details ................................................. 354
Figure 226 SECURITY > CERTIFICATES > My Certificates > Export ................................................. 356
Figure 227 SECURITY > CERTIFICATES > My Certificates > Import ................................................. 358
Figure 228 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 ............................... 359
Figure 229 SECURITY > CERTIFICATES > My Certificates > Create (Basic) .................................... 360
Figure 230 SECURITY > CERTIFICATES > My Certificates > Create (Advanced) ............................. 361
Figure 231 SECURITY > CERTIFICATES > Trusted CAs ................................................................... 365
Figure 232 SECURITY > CERTIFICATES > Trusted CAs > Details .................................................... 367
Figure 233 SECURITY > CERTIFICATES > Trusted CAs > Import ..................................................... 370
Figure 234 SECURITY > CERTIFICATES > Trusted Remote Hosts .................................................... 371
Figure 235 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import ..................................... 372
Figure 236 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details ..................................... 373
Figure 237 SECURITY > CERTIFICATES > Directory Servers ............................................................ 375
Figure 238 SECURITY > CERTIFICATES > Directory Server > Add ................................................... 376
Figure 239 SECURITY > AUTH SERVER > Local User Database ...................................................... 380
Figure 240 SECURITY > AUTH SERVER > RADIUS .......................................................................... 381
Figure 241 How NAT Works ................................................................................................................. 387
Figure 242 NAT Application With IP Alias ............................................................................................ 387
Figure 243 Port Restricted Cone NAT Example ................................................................................... 388
Figure 244 ADVANCED > NAT > NAT Overview .................................................................................. 390
Figure 245 ADVANCED > NAT > Address Mapping ............................................................................. 392
Figure 246 ADVANCED > NAT > Address Mapping > Edit .................................................................. 393
Figure 247 Multiple Servers Behind NAT Example .............................................................................. 396
Figure 248 Port Translation Example ................................................................................................... 397
Figure 249 ADVANCED > NAT > Port Forwarding ............................................................................... 398
Figure 250 Trigger Port Forwarding Process: Example ........................................................................ 399
Figure 251 ADVANCED > NAT > Port Triggering ................................................................................. 400
Figure 252 Example of Static Routing Topology ................................................................................... 401
Figure 253 ADVANCED > STATIC ROUTE > IP Static Route .............................................................. 402
34
ZyWALL 2WG User’s Guide
List of Figures
Figure 254 ADVANCED > STATIC ROUTE > IP Static Route > Edit .................................................... 403
Figure 255 ADVANCED > POLICY ROUTE > Policy Route Summary ................................................ 406
Figure 256 Edit IP Policy Route ............................................................................................................ 408
Figure 257 Subnet-based Bandwidth Management Example .............................................................. 412
Figure 258 ADVANCED > BW MGMT > Summary .............................................................................. 418
Figure 259 ADVANCED > BW MGMT > Class Setup .......................................................................... 419
Figure 260 ADVANCED > BW MGMT > Class Setup > Add Sub-Class .............................................. 421
Figure 261 ADVANCED > BW MGMT > Class Setup > Statistics ........................................................ 424
Figure 262 ADVANCED > BW MGMT > Monitor ................................................................................. 425
Figure 263 Private DNS Server Example ............................................................................................. 429
Figure 264 ADVANCED > DNS > System DNS ................................................................................... 430
Figure 265 ADVANCED > DNS > Add (Address Record) .................................................................... 431
Figure 266 ADVANCED > DNS > Insert (Name Server Record) .......................................................... 432
Figure 267 ADVANCED > DNS > Cache ............................................................................................. 434
Figure 268 ADVANCED > DNS > DHCP .............................................................................................. 435
Figure 269 ADVANCED > DNS > DDNS .............................................................................................. 437
Figure 270 Secure and Insecure Remote Management From the WAN .............................................. 439
Figure 271 HTTPS Implementation ...................................................................................................... 441
Figure 272 ADVANCED > REMOTE MGMT > WWW .......................................................................... 442
Figure 273 Security Alert Dialog Box (Internet Explorer) ...................................................................... 443
Figure 274 Security Certificate 1 (Netscape) ........................................................................................ 444
Figure 275 Security Certificate 2 (Netscape) ........................................................................................ 444
Figure 276 Example: Lock Denoting a Secure Connection .................................................................. 445
Figure 277 Replace Certificate ............................................................................................................. 446
Figure 278 Device-specific Certificate .................................................................................................. 446
Figure 279 Common ZyWALL Certificate ............................................................................................. 447
Figure 280 SSH Communication Over the WAN Example .................................................................. 447
Figure 281 How SSH Works ................................................................................................................. 448
Figure 282 ADVANCED > REMOTE MGMT > SSH ............................................................................. 449
Figure 283 SSH Example 1: Store Host Key ........................................................................................ 450
Figure 284 SSH Example 2: Test ........................................................................................................ 450
Figure 285 SSH Example 2: Log in ...................................................................................................... 451
Figure 286 Secure FTP: Firmware Upload Example ............................................................................ 452
Figure 287 ADVANCED > REMOTE MGMT > Telnet .......................................................................... 452
Figure 288 ADVANCED > REMOTE MGMT > FTP ............................................................................. 453
Figure 289 SNMP Management Model ................................................................................................ 455
Figure 290 ADVANCED > REMOTE MGMT > SNMP .......................................................................... 456
Figure 291 ADVANCED > REMOTE MGMT > DNS ............................................................................. 458
Figure 292 ADVANCED > REMOTE MGMT > CNM ............................................................................ 459
Figure 293 ADVANCED > UPnP .......................................................................................................... 462
Figure 294 ADVANCED > UPnP > Ports .............................................................................................. 463
Figure 295 ADVANCED > Custom APP ..............................................................................................472
Figure 296 H.323 ALG Example .......................................................................................................... 475
ZyWALL 2WG User’s Guide
35
List of Figures
Figure 297 H.323 with Multiple WAN IP Addresses ............................................................................ 475
Figure 298 H.323 Calls from the WAN
Figure 299 SIP ALG Example ............................................................................................................. 477
Figure 300 ADVANCED > ALG ........................................................................................................... 478
Figure 301 LOGS > View Log ........................................................................................................... 481
Figure 302 myZyXEL.com: Download Center ...................................................................................... 483
Figure 303 myZyXEL.com: Certificate Download ................................................................................. 484
Figure 304 LOGS > Log Settings ......................................................................................................... 485
Figure 305 LOGS > Reports ................................................................................................................ 488
Figure 306 LOGS > Reports: Web Site Hits Example .......................................................................... 489
Figure 307 LOGS > Reports: Host IP Address Example ...................................................................... 490
Figure 308 LOGS > Reports: Protocol/Port Example ........................................................................... 491
Figure 309 MAINTENANCE > General Setup ...................................................................................... 512
Figure 310 MAINTENANCE > Password ............................................................................................ 513
Figure 311 MAINTENANCE > Time and Date ...................................................................................... 514
Figure 312 Synchronization in Process ................................................................................................ 516
Figure 313 Synchronization is Successful ............................................................................................ 517
Figure 314 Synchronization Fail ........................................................................................................... 517
Figure 315 MAINTENANCE > Device Mode (Router Mode) ................................................................ 519
Figure 316 MAINTENANCE > Device Mode (Bridge Mode) ................................................................ 520
Figure 317 MAINTENANCE > Firmware Upload .................................................................................. 521
Figure 318 Firmware Upload In Process .............................................................................................. 522
Figure 319 Network Temporarily Disconnected ....................................................................................522
Figure 320 Firmware Upload Error ....................................................................................................... 523
Figure 321 MAINTENANCE > Backup and Restore ............................................................................. 523
Figure 322 Configuration Upload Successful ....................................................................................... 524
Figure 323 Network Temporarily Disconnected ....................................................................................524
Figure 324 Configuration Upload Error ................................................................................................. 525
Figure 325 Reset Warning Message .................................................................................................... 525
Figure 326 MAINTENANCE > Restart ................................................................................................. 526
Figure 327 MAINTENANCE > Diagnostics .........................................................................................527
Figure 328 Initial Screen ....................................................................................................................... 532
Figure 329 Password Screen .............................................................................................................. 532
Figure 330 Main Menu (Router Mode) ................................................................................................. 534
Figure 331 Main Menu (Bridge Mode) .................................................................................................. 534
Figure 332 Menu 23: System Password ............................................................................................... 537
Figure 333 Menu 1: General Setup (Router Mode) .............................................................................. 539
Figure 334 Menu 1: General Setup (Bridge Mode) .............................................................................. 540
Figure 335 Menu 1.1: Configure Dynamic DNS ................................................................................... 541
Figure 336 Menu 1.1.1: DDNS Host Summary .................................................................................... 542
Figure 337 Menu 1.1.1: DDNS Edit Host .............................................................................................. 543
Figure 338 MAC Address Cloning in WAN Setup ................................................................................. 545
Figure 339 Menu 2: Dial Backup Setup .............................................................................................. 547
with Multiple Outgoing Calls .................................................... 476
36
ZyWALL 2WG User’s Guide
List of Figures
Figure 340 Menu 2.1: Advanced WAN Setup ....................................................................................... 548
Figure 341 Menu 11.3: Remote Node Profile (Backup ISP) ................................................................ 549
Figure 342 Menu 11.3.2: Remote Node Network Layer Options .......................................................... 551
Figure 343 Menu 11.3.3: Remote Node Script .....................................................................................553
Figure 344 Menu 11.3.4: Remote Node Filter ...................................................................................... 554
Figure 345 3G Modem Setup in WAN Setup ...................................................................................... 555
Figure 346 Menu 11.2: Remote Node Profile (3G WAN) .................................................................... 556
Figure 347 Menu 3: LAN Setup ............................................................................................................ 559
Figure 348 Menu 3.1: LAN Port Filter Setup ........................................................................................ 560
Figure 349 Menu 3: TCP/IP and DHCP Setup .................................................................................... 560
Figure 350 Menu 3.2: TCP/IP and DHCP Ethernet Setup .................................................................... 561
Figure 351 Menu 3.2.1: IP Alias Setup ................................................................................................. 563
Figure 352 Menu 4: Internet Access Setup (Ethernet) ......................................................................... 566
Figure 353 Internet Access Setup (PPTP) ........................................................................................... 568
Figure 354 Internet Access Setup (PPPoE) ......................................................................................... 569
Figure 355 Menu 5: DMZ Setup .......................................................................................................... 571
Figure 356 Menu 5.1: DMZ Port Filter Setup ........................................................................................ 571
Figure 357 Menu 5: DMZ Setup ........................................................................................................... 572
Figure 358 Menu 5.2: TCP/IP and DHCP Ethernet Setup .................................................................... 572
Figure 359 Menu 5.2.1: IP Alias Setup ................................................................................................. 573
Figure 360 Menu 6: Route Setup ......................................................................................................... 575
Figure 361 Menu 6.1: Route Assessment ............................................................................................ 575
Figure 362 Menu 6.2: Traffic Redirect .................................................................................................. 576
Figure 363 Menu 6.3: Route Failover ................................................................................................... 577
Figure 364 Menu 7: WLAN Setup ......................................................................................................... 579
Figure 365 Menu 7.2: TCP/IP and DHCP Ethernet Setup .................................................................... 580
Figure 366 Menu 7.2.1: IP Alias Setup ................................................................................................. 581
Figure 367 Menu 11: Remote Node Setup ........................................................................................... 583
Figure 368 Menu 11.1: Remote Node Profile for Ethernet Encapsulation ............................................ 584
Figure 369 Menu 11.1: Remote Node Profile for PPPoE Encapsulation .............................................. 585
Figure 370 Menu 11.1: Remote Node Profile for PPTP Encapsulation ................................................ 587
Figure 371 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulation ............... 588
Figure 372 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation) .............................................. 590
Figure 373 Menu 11.1.4: Remote Node Filter (PPPoE or PPTP Encapsulation) ................................. 590
Figure 374 Menu 12: IP Static Route Setup ........................................................................................ 592
Figure 375 Menu 12. 1: Edit IP Static Route ........................................................................................ 592
Figure 376 Menu 4: Applying NAT for Internet Access ......................................................................... 596
Figure 377 Menu 11.1.2: Applying NAT to the Remote Node ............................................................... 596
Figure 378 Menu 15: NAT Setup .......................................................................................................... 597
Figure 379 Menu 15.1: Address Mapping Sets .................................................................................... 598
Figure 380 Menu 15.1.255: SUA Address Mapping Rules ................................................................... 598
Figure 381 Menu 15.1.1: First Set ........................................................................................................ 600
Figure 382 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set ......................................... 601
ZyWALL 2WG User’s Guide
37
List of Figures
Figure 383 Menu 15.2: NAT Server Sets .............................................................................................. 602
Figure 384 Menu 15.2.x: NAT Server Sets ........................................................................................... 603
Figure 385 15.2.x.x: NAT Server Configuration .................................................................................... 603
Figure 386 Menu 15.2.1: NAT Server Setup ....................................................................................... 604
Figure 387 Server Behind NAT Example .............................................................................................. 605
Figure 388 NAT Example 1 .................................................................................................................. 605
Figure 389 Menu 4: Internet Access & NAT Example .......................................................................... 606
Figure 390 NAT Example 2 .................................................................................................................. 606
Figure 391 Menu 15.2.1: Specifying an Inside Server .......................................................................... 607
Figure 392 NAT Example 3 .................................................................................................................. 608
Figure 393 Example 3: Menu 11.1.2 ..................................................................................................... 608
Figure 394 Example 3: Menu 15.1.1.1 ................................................................................................. 609
Figure 395 Example 3: Final Menu 15.1.1 ............................................................................................ 609
Figure 396 Example 3: Menu 15.2.1 .................................................................................................... 610
Figure 397 NAT Example 4 .................................................................................................................. 610
Figure 398 Example 4: Menu 15.1.1.1: Address Mapping Rule ............................................................611
Figure 399 Example 4: Menu 15.1.1: Address Mapping Rules .............................................................611
Figure 400 Menu 15.3.1: Trigger Port Setup ........................................................................................ 613
Figure 401 Menu 21: Filter and Firewall Setup ..................................................................................... 615
Figure 402 Menu 21.2: Firewall Setup .................................................................................................. 616
Figure 403 Outgoing Packet Filtering Process ..................................................................................... 617
Figure 404 Filter Rule Process ............................................................................................................. 619
Figure 405 Menu 21: Filter and Firewall Setup ..................................................................................... 620
Figure 406 Menu 21.1: Filter Set Configuration .................................................................................... 620
Figure 407 Menu 21.1.1.1: TCP/IP Filter Rule ..................................................................................... 622
Figure 408 Executing an IP Filter ......................................................................................................... 624
Figure 409 Menu 21.1.1.1: Generic Filter Rule .................................................................................... 625
Figure 410 Telnet Filter Example .......................................................................................................... 626
Figure 411 Example Filter: Menu 21.1.3.1 ............................................................................................ 627
Figure 412 Example Filter Rules Summary: Menu 21.1.3 .................................................................... 627
Figure 413 Protocol and Device Filter Sets .......................................................................................... 628
Figure 414 Filtering LAN Traffic ............................................................................................................ 630
Figure 415 Filtering DMZ Traffic ........................................................................................................... 630
Figure 416 Filtering Remote Node Traffic ............................................................................................. 631
Figure 417 Menu 22: SNMP Configuration ........................................................................................... 633
Figure 418 Menu 24: System Maintenance .......................................................................................... 635
Figure 419 Menu 24.1: System Maintenance: Status .......................................................................... 636
Figure 420 Menu 24.2: System Information and Console Port Speed ................................................. 637
Figure 421 Menu 24.2.1: System Maintenance: Information .............................................................. 638
Figure 422 Menu 24.2.2: System Maintenance: Change Console Port Speed .................................... 639
Figure 423 Menu 24.3: System Maintenance: Log and Trace .............................................................. 639
Figure 424 Examples of Error and Information Messages ................................................................... 640
Figure 425 Menu 24.3.2: System Maintenance: Syslog Logging ......................................................... 640
38
ZyWALL 2WG User’s Guide
List of Figures
Figure 426 Call-Triggering Packet Example ......................................................................................... 644
Figure 427 Menu 24.4: System Maintenance: Diagnostic .................................................................. 645
Figure 428 WAN & LAN DHCP ............................................................................................................. 645
Figure 429 Telnet into Menu 24.5 ......................................................................................................... 649
Figure 430 FTP Session Example ........................................................................................................ 649
Figure 431 System Maintenance: Backup Configuration ..................................................................... 652
Figure 432 System Maintenance: Starting Xmodem Download Screen ............................................... 652
Figure 433 Backup Configuration Example .......................................................................................... 652
Figure 434 Successful Backup Confirmation Screen ........................................................................... 652
Figure 435 Telnet into Menu 24.6 ......................................................................................................... 653
Figure 436 Restore Using FTP Session Example ................................................................................ 654
Figure 437 System Maintenance: Restore Configuration ..................................................................... 654
Figure 438 System Maintenance: Starting Xmodem Download Screen ............................................... 654
Figure 439 Restore Configuration Example ......................................................................................... 655
Figure 440 Successful Restoration Confirmation Screen ..................................................................... 655
Figure 441 Telnet Into Menu 24.7.1: Upload System Firmware ........................................................... 656
Figure 442 Telnet Into Menu 24.7.2: System Maintenance ................................................................. 656
Figure 443 FTP Session Example of Firmware File Upload ................................................................. 657
Figure 444 Menu 24.7.1 As Seen Using the Console Port ................................................................... 659
Figure 445 Example Xmodem Upload .................................................................................................. 659
Figure 446 Menu 24.7.2 As Seen Using the Console Port .................................................................. 660
Figure 447 Example Xmodem Upload .................................................................................................. 660
Figure 448 Command Mode in Menu 24 .............................................................................................. 661
Figure 449 Valid Commands ................................................................................................................ 662
Figure 450 Call Control ......................................................................................................................... 663
Figure 451 Budget Management .......................................................................................................... 664
Figure 452 Call History ......................................................................................................................... 665
Figure 453 Menu 24: System Maintenance .......................................................................................... 666
Figure 454 Menu 24.10 System Maintenance: Time and Date Setting ................................................ 666
Figure 455 Menu 24.11 – Remote Management Control ..................................................................... 670
Figure 456 Menu 25: Sample IP Routing Policy Summary .................................................................. 673
Figure 457 Menu 25.1: IP Routing Policy Setup ................................................................................... 675
Figure 458 Menu 25.1.1: IP Routing Policy Setup ................................................................................677
Figure 459 Example of IP Policy Routing ............................................................................................. 678
Figure 460 IP Routing Policy Example 1 .............................................................................................. 678
Figure 461 IP Routing Policy Example 2 .............................................................................................. 679
Figure 462 Schedule Setup .................................................................................................................. 681
Figure 463 Schedule Set Setup ............................................................................................................ 682
Figure 464 Applying Schedule Set(s) to a Remote Node (PPPoE) ...................................................... 683
Figure 465 Applying Schedule Set(s) to a Remote Node (PPTP) ........................................................ 684
Figure 466 Wall-mounting Example ...................................................................................................... 698
Figure 467 Masonry Plug and M4 Tap Screw .......................................................................................698
Figure 468 Console/Dial Backup Cable DB-9 End Pin Layout ............................................................. 700
ZyWALL 2WG User’s Guide
39
List of Figures
Figure 469 Pop-up Blocker ................................................................................................................... 705
Figure 470 Internet Options: Privacy .................................................................................................... 706
Figure 471 Internet Options: Privacy .................................................................................................... 707
Figure 472 Pop-up Blocker Settings ..................................................................................................... 707
Figure 473 Internet Options: Security ................................................................................................... 708
Figure 474 Security Settings - Java Scripting ....................................................................................... 709
Figure 475 Security Settings - Java ...................................................................................................... 709
Figure 476 Java (Sun) .......................................................................................................................... 710
Figure 477 Mozilla Firefox: Tools > Options ..........................................................................................711
Figure 478 Mozilla Firefox Content Security ..........................................................................................711
Figure 479 WIndows 95/98/Me: Network: Configuration ...................................................................... 714
Figure 480 Windows 95/98/Me: TCP/IP Properties: IP Address .......................................................... 715
Figure 481 Windows 95/98/Me: TCP/IP Properties: DNS Configuration .............................................. 716
Figure 482 Windows XP: Start Menu .................................................................................................... 717
Figure 483 Windows XP: Control Panel ............................................................................................... 717
Figure 484 Windows XP: Control Panel: Network Connections: Properties ......................................... 718
Figure 485 Windows XP: Local Area Connection Properties ............................................................... 718
Figure 486 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 719
Figure 487 Windows XP: Advanced TCP/IP Properties ....................................................................... 720
Figure 488 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 721
Figure 489 Macintosh OS 8/9: Apple Menu .......................................................................................... 722
Figure 490 Macintosh OS 8/9: TCP/IP ................................................................................................. 722
Figure 491 Macintosh OS X: Apple Menu ............................................................................................ 723
Figure 492 Macintosh OS X: Network .................................................................................................. 724
Figure 493 Red Hat 9.0: KDE: Network Configuration: Devices ......................................................... 725
Figure 494 Red Hat 9.0: KDE: Ethernet Device: General .................................................................. 725
Figure 495 Red Hat 9.0: KDE: Network Configuration: DNS ............................................................... 726
Figure 496 Red Hat 9.0: KDE: Network Configuration: Activate ........................................................ 726
Figure 497 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 ............................................... 727
Figure 498 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 ................................................... 727
Figure 499 Red Hat 9.0: DNS Settings in resolv.conf ........................................................................ 727
Figure 500 Red Hat 9.0: Restart Ethernet Card ................................................................................. 727
Figure 501 Red Hat 9.0: Checking TCP/IP Properties ....................................................................... 728
Figure 502 Network Number and Host ID ............................................................................................ 730
Figure 503 Subnetting Example: Before Subnetting ............................................................................ 732
Figure 504 Subnetting Example: After Subnetting ............................................................................... 733
Figure 505 Peer-to-Peer Communication in an Ad-hoc Network ......................................................... 741
Figure 506 Basic Service Set ............................................................................................................... 742
Figure 507 Infrastructure WLAN ........................................................................................................... 743
Figure 508 RTS/CTS ........................................................................................................................... 744
Figure 509 WPA(2) with RADIUS Application Example ....................................................................... 751
Figure 510 WPA(2)-PSK Authentication ............................................................................................... 752
Figure 511 Security Certificate ............................................................................................................. 755
40
ZyWALL 2WG User’s Guide
List of Figures
Figure 512 Login Screen ...................................................................................................................... 756
Figure 513 Certificate General Information before Import .................................................................... 756
Figure 514 Certificate Import Wizard 1 ................................................................................................. 757
Figure 515 Certificate Import Wizard 2 ................................................................................................. 757
Figure 516 Certificate Import Wizard 3 ................................................................................................. 758
Figure 517 Root Certificate Store ......................................................................................................... 758
Figure 518 Certificate General Information after Import ....................................................................... 759
Figure 519 ZyWALL Trusted CA Screen .............................................................................................. 760
Figure 520 CA Certificate Example ...................................................................................................... 761
Figure 521 Personal Certificate Import Wizard 1 .................................................................................. 761
Figure 522 Personal Certificate Import Wizard 2 .................................................................................. 762
Figure 523 Personal Certificate Import Wizard 3 .................................................................................. 762
Figure 524 Personal Certificate Import Wizard 4 .................................................................................. 763
Figure 525 Personal Certificate Import Wizard 5 .................................................................................. 763
Figure 526 Personal Certificate Import Wizard 6 .................................................................................. 763
Figure 527 Access the ZyWALL Via HTTPS ........................................................................................ 764
Figure 528 SSL Client Authentication ................................................................................................... 764
Figure 529 ZyWALL Secure Login Screen ........................................................................................... 764
ZyWALL 2WG User’s Guide
41
List of Figures
42
ZyWALL 2WG User’s Guide

List of Tables

List of Tables
Table 1 Front Panel Lights ..................................................................................................................... 56
Table 2 Title Bar: Web Configurator Icons ............................................................................................. 60
Table 3 Web Configurator HOME Screen in Router Mode .................................................................... 62
Table 4 Web Configurator HOME Screen in Bridge Mode .................................................................... 67
Table 5 Bridge and Router Mode Features Comparison ....................................................................... 70
Table 6 Screens Summary .................................................................................................................... 71
Table 7 HOME > Show Statistics ........................................................................................................... 75
Table 8 HOME > Show Statistics > Line Chart ...................................................................................... 76
Table 9 HOME > DHCP Table ............................................................................................................... 76
Table 10 HOME > VPN Status ............................................................................................................... 77
Table 11 ADVANCED > BW MGMT > Monitor ....................................................................................... 78
Table 12 ISP Parameters: Ethernet Encapsulation ...............................................................................82
Table 13 ISP Parameters: PPPoE Encapsulation ................................................................................. 84
Table 14 ISP Parameters: PPTP Encapsulation .................................................................................... 85
Table 15 Internet Access Wizard: Registration ...................................................................................... 88
Table 16 VPN Wizard: Gateway Setting ................................................................................................ 91
Table 17 VPN Wizard: Network Setting ................................................................................................. 92
Table 18 VPN Wizard: IKE Tunnel Setting ............................................................................................. 94
Table 19 VPN Wizard: IPSec Setting ..................................................................................................... 96
Table 20 VPN Wizard: VPN Status ........................................................................................................ 97
Table 21 REGISTRATION ................................................................................................................... 142
Table 22 REGISTRATION > Service ................................................................................................... 144
Table 23 NETWORK > LAN ................................................................................................................. 151
Table 24 NETWORK > LAN > Static DHCP ........................................................................................ 154
Table 25 NETWORK > LAN > IP Alias ................................................................................................ 156
Table 26 NETWORK > LAN > Port Roles ............................................................................................ 157
Table 27 STP Path Costs .................................................................................................................... 160
Table 28 STP Port States .................................................................................................................... 161
Table 29 NETWORK > Bridge ............................................................................................................. 162
Table 30 NETWORK > Bridge > Port Roles ........................................................................................164
Table 31 Least Load First: Example 1 ................................................................................................. 167
Table 32 Least Load First: Example 2 ................................................................................................. 167
Table 33 NETWORK > WAN General ................................................................................................. 172
Table 34 Load Balancing: Least Load First ......................................................................................... 174
Table 35 Load Balancing: Weighted Round Robin .............................................................................. 175
Table 36 Load Balancing: Spillover ...................................................................................................... 176
Table 37 Private IP Address Ranges ................................................................................................... 177
Table 38 NETWORK > WAN > WAN 1 (Ethernet Encapsulation) ....................................................... 179
ZyWALL 2WG User’s Guide
43
List of Tables
Table 39 NETWORK > WAN > WAN 1 (PPPoE Encapsulation) ......................................................... 182
Table 40 NETWORK > WAN > WAN 1 (PPTP Encapsulation) ............................................................ 185
Table 41 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies ......................................................... 188
Table 42 NETWORK > WAN > WAN 2 (3G WAN) .............................................................................. 190
Table 43 NETWORK > WAN > Traffic Redirect ................................................................................... 194
Table 44 NETWORK > WAN > Dial Backup ........................................................................................ 195
Table 45 NETWORK > WAN > Dial Backup > Edit .............................................................................. 199
Table 46 NETWORK > DMZ ................................................................................................................ 202
Table 47 NETWORK > DMZ > Static DHCP ........................................................................................ 205
Table 48 NETWORK > DMZ > IP Alias ............................................................................................... 206
Table 49 NETWORK > DMZ > Port Roles ...........................................................................................210
Table 50 NETWORK > WLAN ............................................................................................................. 213
Table 51 NETWORK > WLAN > Static DHCP ..................................................................................... 216
Table 52 NETWORK > WLAN > IP Alias ............................................................................................. 217
Table 53 NETWORK > WLAN > Port Roles ........................................................................................ 220
Table 54 Types of Encryption for Each Type of Authentication ........................................................... 222
Table 55 WIRELESS > Wi-Fi > Wireless Card .................................................................................... 224
Table 56 Configuring SSID .................................................................................................................. 227
Table 57 Security Modes ..................................................................................................................... 227
Table 58 WIRELESS > Wi-Fi > Security .............................................................................................. 228
Table 59 WIRELESS > Wi-Fi > Security: None ................................................................................... 229
Table 60 WIRELESS > Wi-Fi > Security: WEP .................................................................................... 230
Table 61 WIRELESS > Wi-Fi > Security: 802.1x Only ......................................................................... 230
Table 62 WIRELESS > Wi-Fi > Security: 802.1x + Static WEP ........................................................... 231
Table 63 WIRELESS > Wi-Fi > Security: WPA, WPA2 or WPA2-MIX ................................................. 233
Table 64 WIRELESS > Wi-Fi > Security: WPA(2)-PSK ....................................................................... 234
Table 65 WIRELESS > Wi-Fi > MAC Filter .......................................................................................... 235
Table 66 Blocking All LAN to WAN IRC Traffic Example ..................................................................... 249
Table 67 Limited LAN to WAN IRC Traffic Example ............................................................................ 249
Table 68 SECURITY > FIREWALL > Default Rule (Router Mode) ...................................................... 252
Table 69 SECURITY > FIREWALL > Default Rule (Bridge Mode) ...................................................... 254
Table 70 SECURITY > FIREWALL > Rule Summary .......................................................................... 256
Table 71 SECURITY > FIREWALL > Rule Summary > Edit ................................................................ 259
Table 72 SECURITY > FIREWALL > Anti-Probing .............................................................................. 261
Table 73 SECURITY > FIREWALL > Threshold .................................................................................. 263
Table 74 SECURITY > FIREWALL > Service ...................................................................................... 264
Table 75 SECURITY > FIREWALL > Service > Add ........................................................................... 266
Table 76 SECURITY > CONTENT FILTER > General ........................................................................ 273
Table 77 SECURITY > CONTENT FILTER > Policy ........................................................................... 276
Table 78 SECURITY > CONTENT FILTER > Policy > General ........................................................... 277
Table 79 SECURITY > CONTENT FILTER > Policy > External Database .......................................... 279
Table 80 SECURITY > CONTENT FILTER > Policy > Customization ................................................. 286
Table 81 SECURITY > CONTENT FILTER > Policy > Schedule ........................................................ 288
44
ZyWALL 2WG User’s Guide
List of Tables
Table 82 SECURITY > CONTENT FILTER > Object ........................................................................... 289
Table 83 SECURITY > CONTENT FILTER > Cache ........................................................................... 292
Table 84 SECURITY > VPN > VPN Rules (IKE) ................................................................................. 304
Table 85 VPN Example: Matching ID Type and Content ..................................................................... 307
Table 86 VPN Example: Mismatching ID Type and Content ............................................................... 307
Table 87 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy ............................................. 314
Table 88 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy .............................................. 323
Table 89 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding ................. 327
Table 90 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy ............................................ 328
Table 91 SECURITY > VPN > VPN Rules (Manual) ........................................................................... 334
Table 92 SECURITY > VPN > VPN Rules (Manual) > Edit ................................................................. 335
Table 93 SECURITY > VPN > SA Monitor ..........................................................................................338
Table 94 SECURITY > VPN > Global Setting ......................................................................................340
Table 95 Telecommuters Sharing One VPN Rule Example ................................................................. 342
Table 96 Telecommuters Using Unique VPN Rules Example ............................................................. 343
Table 97 SECURITY > CERTIFICATES > My Certificates .................................................................. 352
Table 98 SECURITY > CERTIFICATES > My Certificates > Details ................................................... 354
Table 99 SECURITY > CERTIFICATES > My Certificates > Export .................................................... 356
Table 100 SECURITY > CERTIFICATES > My Certificates > Import .................................................. 358
Table 101 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 ................................ 359
Table 102 SECURITY > CERTIFICATES > My Certificates > Create ................................................. 361
Table 103 SECURITY > CERTIFICATES > Trusted CAs .................................................................... 365
Table 104 SECURITY > CERTIFICATES > Trusted CAs > Details ..................................................... 367
Table 105 SECURITY > CERTIFICATES > Trusted CAs Import ......................................................... 370
Table 106 SECURITY > CERTIFICATES > Trusted Remote Hosts .................................................... 371
Table 107 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import ...................................... 372
Table 108 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details ..................................... 374
Table 109 SECURITY > CERTIFICATES > Directory Servers ............................................................ 376
Table 110 SECURITY > CERTIFICATES > Directory Server > Add .................................................... 377
Table 111 SECURITY > AUTH SERVER > Local User Database ....................................................... 381
Table 112 SECURITY > AUTH SERVER > RADIUS ........................................................................... 381
Table 113 NAT Definitions .................................................................................................................... 385
Table 114 NAT Mapping Types ............................................................................................................ 389
Table 115 ADVANCED > NAT > NAT Overview .................................................................................. 390
Table 116 ADVANCED > NAT > Address Mapping ............................................................................. 392
Table 117 ADVANCED > NAT > Address Mapping > Edit ................................................................... 394
Table 118 Services and Port Numbers ................................................................................................ 395
Table 119 ADVANCED > NAT > Port Forwarding ................................................................................ 398
Table 120 ADVANCED > NAT > Port Triggering ................................................................................. 400
Table 121 ADVANCED > STATIC ROUTE > IP Static Route .............................................................. 403
Table 122 ADVANCED > STATIC ROUTE > IP Static Route > Edit .................................................... 403
Table 123 ADVANCED > POLICY ROUTE > Policy Route Summary ................................................. 407
Table 124 ADVANCED > POLICY ROUTE > Edit ............................................................................... 408
ZyWALL 2WG User’s Guide
45
List of Tables
Table 125 Application and Subnet-based Bandwidth Management Example ..................................... 412
Table 126 Maximize Bandwidth Usage Example ................................................................................. 414
Table 127 Priority-based Allotment of Unused and Unbudgeted Bandwidth Example ........................ 414
Table 128 Fairness-based Allotment of Unused and Unbudgeted Bandwidth Example ..................... 415
Table 129 Bandwidth Borrowing Example ........................................................................................... 416
Table 130 Over Allotment of Bandwidth Example ............................................................................... 417
Table 131 ADVANCED > BW MGMT > Summary ............................................................................... 418
Table 132 ADVANCED > BW MGMT > Class Setup ........................................................................... 419
Table 133 ADVANCED > BW MGMT > Class Setup > Add Sub-Class ............................................... 421
Table 134 Services and Port Numbers ................................................................................................ 423
Table 135 ADVANCED > BW MGMT > Class Setup > Statistics ......................................................... 424
Table 136 ADVANCED > BW MGMT > Monitor .................................................................................. 425
Table 137 ADVANCED > DNS > System DNS .................................................................................... 430
Table 138 ADVANCED > DNS > Add (Address Record) ..................................................................... 432
Table 139 ADVANCED > DNS > Insert (Name Server Record) .......................................................... 433
Table 140 ADVANCED > DNS > Cache ..............................................................................................434
Table 141 ADVANCED > DNS > DHCP .............................................................................................. 435
Table 142 ADVANCED > DNS > DDNS .............................................................................................. 437
Table 143 ADVANCED > REMOTE MGMT > WWW ........................................................................... 442
Table 144 ADVANCED > REMOTE MGMT > SSH ............................................................................. 449
Table 145 ADVANCED > REMOTE MGMT > Telnet ........................................................................... 453
Table 146 ADVANCED > REMOTE MGMT > FTP .............................................................................. 454
Table 147 SNMP Traps ........................................................................................................................ 456
Table 148 ADVANCED > REMOTE MGMT > SNMP .......................................................................... 457
Table 149 ADVANCED > REMOTE MGMT > DNS ............................................................................. 458
Table 150 ADVANCED > REMOTE MGMT > CNM ............................................................................. 459
Table 151 ADVANCED > UPnP ........................................................................................................... 462
Table 152 ADVANCED > UPnP > Ports .............................................................................................. 463
Table 153 ADVANCED > Custom APP ................................................................................................ 472
Table 154 ADVANCED > ALG ............................................................................................................. 478
Table 155 LOGS > View Log ............................................................................................................... 482
Table 156 Log Description Example .................................................................................................... 482
Table 157 LOGS > Log Settings .......................................................................................................... 486
Table 158 LOGS > Reports ................................................................................................................. 488
Table 159 LOGS > Reports: Web Site Hits Report .............................................................................. 489
Table 160 LOGS > Reports: Host IP Address .....................................................................................490
Table 161 LOGS > Reports: Protocol/ Port .......................................................................................... 491
Table 162 Report Specifications .......................................................................................................... 492
Table 163 System Maintenance Logs .................................................................................................. 492
Table 164 System Error Logs .............................................................................................................. 494
Table 165 Access Control Logs ........................................................................................................... 494
Table 166 TCP Reset Logs .................................................................................................................. 495
Table 167 Packet Filter Logs ............................................................................................................... 495
46
ZyWALL 2WG User’s Guide
List of Tables
Table 168 ICMP Logs .......................................................................................................................... 495
Table 169 CDR Logs ........................................................................................................................... 496
Table 170 PPP Logs ............................................................................................................................ 496
Table 171 3G Logs .............................................................................................................................. 496
Table 172 UPnP Logs .......................................................................................................................... 498
Table 173 Content Filtering Logs ......................................................................................................... 498
Table 174 Attack Logs ......................................................................................................................... 499
Table 175 Remote Management Logs ................................................................................................. 500
Table 176 IPSec Logs .......................................................................................................................... 500
Table 177 IKE Logs ............................................................................................................................. 501
Table 178 PKI Logs ............................................................................................................................. 504
Table 179 Certificate Path Verification Failure Reason Codes ............................................................ 505
Table 180 ACL Setting Notes .............................................................................................................. 506
Table 181 ICMP Notes ......................................................................................................................... 506
Table 182 Syslog Logs ........................................................................................................................ 508
Table 183 RFC-2408 ISAKMP Payload Types .................................................................................... 509
Table 184 MAINTENANCE > General Setup ....................................................................................... 512
Table 185 MAINTENANCE > Password ..............................................................................................513
Table 186 MAINTENANCE > Time and Date ...................................................................................... 514
Table 187 MAC-address-to-port Mapping Table .................................................................................. 517
Table 188 MAINTENANCE > Device Mode (Router Mode) ................................................................. 519
Table 189 MAINTENANCE > Device Mode (Bridge Mode) ................................................................. 520
Table 190 MAINTENANCE > Firmware Upload .................................................................................. 522
Table 191 Restore Configuration ......................................................................................................... 524
Table 192 MAINTENANCE > Diagnostics ...........................................................................................527
Table 193 Main Menu Commands ....................................................................................................... 533
Table 194 Main Menu Summary .......................................................................................................... 534
Table 195 SMT Menus Overview ......................................................................................................... 535
Table 196 Menu 1: General Setup (Router Mode) ............................................................................... 539
Table 197 Menu 1: General Setup (Bridge Mode) ............................................................................... 540
Table 198 Menu 1.1: Configure Dynamic DNS .................................................................................... 541
Table 199 Menu 1.1.1: DDNS Host Summary ..................................................................................... 542
Table 200 Menu 1.1.1: DDNS Edit Host .............................................................................................. 543
Table 201 MAC Address Cloning in WAN Setup ................................................................................. 546
Table 202 Menu 2: Dial Backup Setup ................................................................................................ 547
Table 203 Advanced WAN Port Setup: AT Commands Fields ............................................................ 548
Table 204 Advanced WAN Port Setup: Call Control Parameters ........................................................ 549
Table 205 Menu 11.3: Remote Node Profile (Backup ISP) .................................................................. 550
Table 206 Menu 11.3.2: Remote Node Network Layer Options .......................................................... 551
Table 207 Menu 11.3.3: Remote Node Script ...................................................................................... 553
Table 208 3G Modem Setup in WAN Setup ........................................................................................ 555
Table 209 Menu 11.2: Remote Node Profile (3G WAN) ...................................................................... 556
Table 210 Menu 3.2: DHCP Ethernet Setup Fields ............................................................................. 561
ZyWALL 2WG User’s Guide
47
List of Tables
Table 211 Menu 3.2: LAN TCP/IP Setup Fields ...................................................................................562
Table 212 Menu 3.2.1: IP Alias Setup ................................................................................................. 563
Table 213 Menu 4: Internet Access Setup (Ethernet) ......................................................................... 566
Table 214 New Fields in Menu 4 (PPTP) Screen ................................................................................ 568
Table 215 New Fields in Menu 4 (PPPoE) screen ............................................................................... 569
Table 216 Menu 6.1: Route Assessment ............................................................................................. 576
Table 217 Menu 6.2: Traffic Redirect ................................................................................................... 576
Table 218 Menu 6.3: Route Failover .................................................................................................... 577
Table 219 Menu 11.1: Remote Node Profile for Ethernet Encapsulation ............................................. 584
Table 220 Fields in Menu 11.1 (PPPoE Encapsulation Specific) ......................................................... 586
Table 221 Menu 11.1: Remote Node Profile for PPTP Encapsulation ................................................. 587
Table 222 Remote Node Network Layer Options Menu Fields ............................................................ 588
Table 223 Menu 12. 1: Edit IP Static Route ......................................................................................... 592
Table 224 Applying NAT in Menus 4 & 11.1.2 ...................................................................................... 597
Table 225 SUA Address Mapping Rules ............................................................................................. 599
Table 226 Fields in Menu 15.1.1 .......................................................................................................... 600
Table 227 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set .......................................... 602
Table 228 15.2.x.x: NAT Server Configuration .................................................................................... 604
Table 229 Menu 15.3.1: Trigger Port Setup ......................................................................................... 613
Table 230 Abbreviations Used in the Filter Rules Summary Menu ..................................................... 621
Table 231 Rule Abbreviations Used .................................................................................................... 621
Table 232 Menu 21.1.1.1: TCP/IP Filter Rule ...................................................................................... 622
Table 233 Generic Filter Rule Menu Fields ......................................................................................... 625
Table 234 SNMP Configuration Menu Fields ....................................................................................... 633
Table 235 SNMP Traps ........................................................................................................................ 634
Table 236 System Maintenance: Status Menu Fields .......................................................................... 636
Table 237 Fields in System Maintenance: Information ........................................................................ 638
Table 238 System Maintenance Menu Syslog Parameters ................................................................. 640
Table 239 System Maintenance Menu Diagnostic ............................................................................... 646
Table 240 Filename Conventions ........................................................................................................ 648
Table 241 General Commands for GUI-based FTP Clients ................................................................ 650
Table 242 General Commands for GUI-based TFTP Clients .............................................................. 651
Table 243 Valid Commands ................................................................................................................. 662
Table 244 Budget Management ........................................................................................................... 664
Table 245 Call History .......................................................................................................................... 665
Table 246 Menu 24.10 System Maintenance: Time and Date Setting ................................................. 667
Table 247 Menu 24.11 – Remote Management Control ...................................................................... 670
Table 248 Menu 25: Sample IP Routing Policy Summary ................................................................... 673
Table 249 IP Routing Policy Setup ...................................................................................................... 674
Table 250 Menu 25.1: IP Routing Policy Setup ................................................................................... 675
Table 251 Menu 25.1.1: IP Routing Policy Setup ................................................................................677
Table 252 Schedule Set Setup ............................................................................................................ 682
Table 253 Hardware Specifications ..................................................................................................... 693
48
ZyWALL 2WG User’s Guide
List of Tables
Table 254 Firmware Specifications ...................................................................................................... 694
Table 255 Feature Specifications ......................................................................................................... 695
Table 256 3G Features Supported By Compatible 3G Cards .............................................................. 696
Table 257 Console Cable Pin Assignments ......................................................................................... 700
Table 258 Console Cable Pin Assignments ......................................................................................... 700
Table 259 Ethernet Cable Pin Assignments ........................................................................................ 701
Table 260 IP Address Network Number and Host ID Example ........................................................... 730
Table 261 Subnet Masks ..................................................................................................................... 731
Table 262 Maximum Host Numbers .................................................................................................... 731
Table 263 Alternative Subnet Mask Notation ....................................................................................... 731
Table 264 Subnet 1 .............................................................................................................................. 733
Table 265 Subnet 2 .............................................................................................................................. 734
Table 266 Subnet 3 .............................................................................................................................. 734
Table 267 Subnet 4 .............................................................................................................................. 734
Table 268 Eight Subnets ...................................................................................................................... 734
Table 269 24-bit Network Number Subnet Planning ............................................................................ 735
Table 270 16-bit Network Number Subnet Planning ............................................................................ 735
Table 271 Commonly Used Services ................................................................................................... 737
Table 272 IEEE 802.11g ...................................................................................................................... 745
Table 273 Wireless Security Levels ..................................................................................................... 746
Table 274 Comparison of EAP Authentication Types .......................................................................... 749
Table 275 Wireless Security Relational Matrix .................................................................................... 752
ZyWALL 2WG User’s Guide
49
List of Tables
50
ZyWALL 2WG User’s Guide
PART I

Introduction

Getting to Know Your ZyWALL (53)
Introducing the Web Configurator (57)
Wizard Setup (81)
Tutorial (101)
Registration (141)
51
52
CHAPTER 1

Getting to Know Your ZyWALL

This chapter introduces the main features and applications of the ZyWALL.

1.1 ZyWALL Internet Security Appliance Overview

The ZyWALL is loaded with security features including VPN, firewall, content filtering and certificates. The ZyWALL’s De-Militarized Zone (DMZ) increases LAN security by providing separate ports for connecting publicly accessible servers. The ZyWALL is designed for small and medium sized business that need the increased throughput and reliability of dual WAN interfaces and load balancing. The ZyWALL provides the option to change port roles from LAN to DMZ.
You can also deploy the ZyWALL as a transparent firewall in an existing network with minimal configuration.
The ZyWALL provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features.
The ZyWALL has a built-in wireless card that allows IEEE 802.11a, IEEE 802.11b or IEEE
802.11g compatible clients to securely communicate with the ZyWALL and access the wired network behind it. You can use the wireless card as part of the LAN, DMZ or WLAN.
Note: Only use firmware for your ZyWALL’s specific model.
See Chapter 49 on page 693 for a complete list of features.

1.2 Ways to Manage the ZyWALL

Use any of the following methods to manage the ZyWALL.
• Web Configurator. This is recommended for everyday management of the ZyWALL using a (supported) web browser.
• Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
• SMT. System Management Terminal is a text-based configuration menu that you can use to configure your device.
• FTP for firmware upgrades and configuration backup/restore.
• SNMP. The device can be monitored by an SNMP manager. See the SNMP chapter in this User’s Guide.
ZyWALL 2WG User’s Guide
53
Chapter 1 Getting to Know Your ZyWALL
• Vantage CNM (Centralized Network Management). The device can be remotely managed using a Vantage CNM server.

1.3 Good Habits for Managing the ZyWALL

Do the following things regularly to make the ZyWALL more secure and to manage the ZyWALL more effectively.
• Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
• Write down the password and put it in a safe place.
• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the ZyWALL to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the ZyWALL. You could simply restore your last configuration.

1.4 Applications for the ZyWALL

Here are some examples of what you can do with your ZyWALL.

1.4.1 Secure Broadband Internet Access via Cable or DSL Modem

For Internet access, connect the WAN Ethernet port to your existing Internet access gateway (company network, or your cable or DSL modem for example). Connect computers or servers to the LAN, DMZ or WLAN ports for shared Internet access.
The ZyWALL guarantees not only high speed Internet access, but secure internal network protection and traffic management as well.
Figure 1 Secure Internet Access via Cable or DSL Modem
54
ZyWALL 2WG User’s Guide

1.4.2 VPN Application

ZyWALL VPN is an ideal cost-effective way to securely connect branch offices, business partners and telecommuters over the Internet without the need (and expense) for leased lines between sites.
Figure 2 VPN Application

1.4.3 3G WAN Application

Chapter 1 Getting to Know Your ZyWALL
Insert a 3G card to have the ZyWALL (in router mode) wirelessly access the Internet via a 3G base station. See Section 8.13 on page 187 for more information about 3G.
With both the primary WAN (physical WAN port) and 3G WAN connections enabled, you can use load balancing to improve quality of service and maximize bandwidth utilization or set one of the WAN connections as a backup.
Figure 3 3G WAN Application
ZyWALL 2WG User’s Guide
55
Chapter 1 Getting to Know Your ZyWALL

1.4.4 Front Panel Lights

Figure 4 Front Panel
The following table describes the lights.
Table 1 Front Panel Lights
LED COLOR STATUS DESCRIPTION
PWR Off The ZyWALL is turned off.
Green On The ZyWALL is ready and running.
Flashing The ZyWALL is restarting.
Red On The power to the ZyWALL is too low.
LAN/DMZ 10/ 100
WAN Off The WAN connection is not ready, or has failed.
AUX Green Off The backup port is not connected.
WLAN Green Off The wireless LAN through the built-in wireless LAN card is
CARD Off There is no 3G card inserted in the ZyWALL.
Green On The ZyWALL has a successful 10Mbps Ethernet connection.
Orange On The ZyWALL has a successful 100Mbps Ethernet
Green On The ZyWALL has a successful 10Mbps WAN connection.
Orange On The ZyWALL has a successful 100Mbps WAN connection.
Green On A 3G card is inserted and detected by the ZyWALL.
Orange On The 3G WAN connection is ready.
Off The LAN/DMZ is not connected.
Flashing The 10M LAN is sending or receiving packets.
Flashing The 100M LAN is sending or receiving packets.
Flashing The 10M WAN is sending or receiving packets.
Flashing The 100M WAN is sending or receiving packets.
On The backup port is connected.
Flashing The backup port is sending or receiving packets.
On The wireless LAN through the built-in wireless LAN card is
Flashing The wireless LAN through the built-in wireless LAN card is
Flashing The 3G WAN is sending or receiving packets.
connection.
not ready, or has failed.
ready.
sending or receiving packets.
56
ZyWALL 2WG User’s Guide
CHAPTER 2
Introducing the Web
Configurator
This chapter describes how to access the ZyWALL web configurator and provides an overview of its screens.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy ZyWALL setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
See Appendix A on page 705 if you want to make sure these functions are allowed in Internet Explorer or Netscape Navigator.

2.2 Accessing the ZyWALL Web Configurator

" By default, the packets from WLAN to WLAN/ZyWALL are dropped and users
cannot configure the ZyWALL wirelessly.
1 Make sure your ZyWALL hardware is properly connected and prepare your computer/
computer network to connect to the ZyWALL (refer to the Quick Start Guide).
2 Launch your web browser. 3 Type "192.168.1.1" as the URL. 4 Type "1234" (default) as the password and click Login. In some versions, the default
password appears automatically - if this is the case, click Login.
ZyWALL 2WG User’s Guide
57
Chapter 2 Introducing the Web Configurator
5 You should see a screen asking you to change your password (highly recommended) as
shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.
Figure 5 Change Password Screen
6 Click Apply in the Replace Certificate screen to create a certificate using your
ZyWALL’s MAC address that will be specific to this device.
" If you do not replace the default certificate here or in the CERTIFICATES
screen, this screen displays every time you access the web configurator.
Figure 6 Replace Certificate Screen
7 You should now see the HOME screen (see Figure 9 on page 61).
" The management session automatically times out when the time period set in
the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyWALL if this happens to you.
58
ZyWALL 2WG User’s Guide

2.3 Resetting the ZyWALL

If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the back of the ZyWALL. Uploading this configuration file replaces the current configuration file with the factory­default configuration file. This means that you will lose all configurations that you had previously and the speed of the console port will be reset to the default of 9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will be reset to 1234, also.

2.3.1 Procedure To Use The Reset Button

Make sure the PWR LED is on (not blinking) before you begin this procedure.
1 Press the RESET button for ten seconds, and then release it. If the PWR LED begins to
blink, the defaults have been restored and the ZyWALL restarts. Otherwise, go to step 2.
2 Turn the ZyWALL off. 3 While pressing the RESET button, turn the ZyWALL on. 4 Continue to hold the RESET button. The PWR LED will begin to blink and flicker very
quickly after about 20 seconds. This indicates that the defaults have been restored and the ZyWALL is now restarting.
5 Release the RESET button and wait for the ZyWALL to finish restarting.
Chapter 2 Introducing the Web Configurator

2.3.2 Uploading a Configuration File Via Console Port

1 Download the default configuration file from the ZyXEL FTP site, unzip it and save it in
a folder.
2 Turn off the ZyWALL, begin a terminal emulation software session and turn on the
ZyWALL again. When you see the message "Press Any key to enter Debug Mode within 3 seconds", press any key to enter debug mode.
3 Enter "y" at the prompt below to go into debug mode. 4 Enter "atlc" after "Enter Debug Mode" message. 5 Wait for "Starting XMODEM upload" message before activating Xmodem upload on
your terminal. This is an example Xmodem configuration upload using HyperTerminal.
Figure 7 Example Xmodem Upload
Type the configuration file’s location, or click Browse to search for it.
Choose the Xmodem protocol.
Then click Send.
6 After successful firmware upload, enter "atgo" to restart the router.
ZyWALL 2WG User’s Guide
59
Chapter 2 Introducing the Web Configurator

2.4 Navigating the ZyWALL Web Configurator

The following summarizes how to navigate the web configurator from the HOME screen.
Figure 8 HOME Screen
A
C
B
As illustrated above, the main screen is divided into these parts:
A - title bar
B - main window
C - navigation panel
D - status bar

2.4.1 Title Bar

The title bar provides some icons in the upper right corner.
The icons provide the following functions.
Table 2 Title Bar: Web Configurator Icons
ICON DESCRIPTION
D
Wizard: Click this icon to open one of the web configurator wizards. See Chapter 3
on page 81 for more information.
Help: Click this icon to open the help page for the current screen.
60
ZyWALL 2WG User’s Guide

2.4.2 Main Window

The main window shows the screen you select in the navigation panel. It is discussed in more detail in the rest of this document.
Right after you log in, the HOME screen is displayed. The screen varies according to the device mode you select in the MAINTENANCE > Device Mode screen.
2.4.3 HOME Screen: Router Mode
The following screen displays when the ZyWALL is set to router mode. This screen displays general status information about the ZyWALL. The ZyWALL is set to router mode by default.
WAN 2 refers to the 3G card on the supported ZyWALL in router mode.
Figure 9 Web Configurator HOME Screen in Router Mode
Chapter 2 Introducing the Web Configurator
ZyWALL 2WG User’s Guide
61
Chapter 2 Introducing the Web Configurator
The following table describes the labels in this screen.
Table 3 Web Configurator HOME Screen in Router Mode
LABEL DESCRIPTION
Automatic Refresh Interval
Refresh Click this button to update the status screen statistics immediately.
System Information
System Name This is the System Name you enter in the MAINTENANCE > General screen. It
Model This is the model name of your ZyWALL.
Bootbase Version This is the bootbase version and the date created.
Firmware Version This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's
Up Time This field displays how long the ZyWALL has been running since it last started up.
System Time This field displays your ZyWALL’s present date (in yyyy-mm-dd format) and time
Device Mode This displays whether the ZyWALL is functioning as a router or a bridge. Click the
Firewall This displays whether or not the ZyWALL’s firewall is activated. Click the field
System Resources
Flash The first number shows how many megabytes of the flash the ZyWALL is using.
Memory The first number shows how many megabytes of the heap memory the ZyWALL
Sessions The first number shows how many sessions are currently open on the ZyWALL.
CPU This field displays what percentage of the ZyWALL’s processing ability is
Select a number of seconds or None from the drop-down list box to update all screen statistics automatically at the end of every time interval or to not update the screen statistics.
is for identification purposes. Click the field label to go to the screen where you can specify a name for this ZyWALL.
proprietary Network Operating System design. Click the field label to go to the screen where you can upload a new firmware file.
The ZyWALL starts up when you turn it on, when you restart it (MAINTENANCE > Restart), or when you reset it (see Section 2.3 on page 59).
(in hh:mm:ss format) along with the difference from the Greenwich Mean Time (GMT) zone. The difference from GMT is based on the time zone. It is also adjusted for Daylight Saving Time if you set the ZyWALL to use it. Click the field label to go to the screen where you can modify the ZyWALL’s date and time settings.
field label to go to the screen where you can configure the ZyWALL as a router or a bridge.
label to go to the screen where you can turn the firewall on or off.
is using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT, VPN and the firewall.
The second number shows the ZyWALL's total heap memory (in megabytes). The bar displays what percent of the ZyWALL's heap memory is in use. The bar
turns from green to red when the maximum is being approached.
This includes all sessions that are currently traversing the ZyWALL, terminating at the ZyWALL or Initiated from the ZyWALL
The second number is the maximum number of sessions that can be open at one time.
The bar displays what percent of the maximum number of sessions is in use. The bar turns from green to red when the maximum is being approached.
currently used. When this percentage is close to 100%, the ZyWALL is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications (for example, using bandwidth management).
62
ZyWALL 2WG User’s Guide
Chapter 2 Introducing the Web Configurator
Table 3 Web Configurator HOME Screen in Router Mode (continued)
LABEL DESCRIPTION
Interfaces This is the port type.
Click "+" to expand or "-" to collapse the IP alias drop-down lists. Hold your cursor over an interface’s label to display the interface’s MAC address. Click an interface’s label to go to the screen where you can configure settings for
that interface.
Status For the LAN, DMZ and WLAN ports, this displays the port speed and duplex
IP/Netmask This shows the port’s IP address and subnet mask.
IP Assignment For the WAN, if the ZyWALL gets its IP address automatically from an ISP, this
Renew If you are using Ethernet encapsulation and the WAN port is configured to get the
Security Services
Content Filter Expiration Date
Web Site Blocked This displays how many web site hits the ZyWALL has blocked since it last
3G WAN Interface Status
show detail.../hide detail...
setting. Ethernet port connections can be in half-duplex or full-duplex mode. Full­duplex refers to a device's ability to send and receive simultaneously, while half­duplex indicates that traffic can flow in only one direction at a time. The Ethernet port must use the same speed or duplex mode setting as the peer Ethernet port in order to connect.
For the WAN 1 and the Dial Backup ports, it displays the port speed and duplex setting if you’re using Ethernet encapsulation or the remote node name (configured through the SMT) for a PPP connection and Down (line is down or not connected), Idle (line (ppp) idle), Dial (starting to trigger a call) or Drop (dropping a call) if you’re using PPPoE encapsulation.
For the WAN 2 interface, it displays Connected when the 3G connection is up, Connecting when the 3G card is trying to connect to a network but has not received a response from the base station, Ready to Connect when the 3G connection is idle, Initializing when the ZyWALL is configuring the 3G card with AT commands, Disconnecting when the ZyWALL is dropping the 3G connection or Down when the 3G connection is down.
displays DHCP client when you’re using Ethernet encapsulation and IPCP Client when you’re using PPPoE or PPTP encapsulation. Static displays if the WAN port is using a manually entered static (fixed) IP address.
For the LAN, WLAN or DMZ, DHCP server displays when the ZyWALL is set to automatically give IP address information to the computers connected to the LAN. DHCP relay displays when the ZyWALL is set to forward IP address assignment requests to another DHCP server. Static displays if the LAN port is using a manually entered static (fixed) IP address. In this case, you must have another DHCP server on your LAN, or else the computers must be manually configured.
For the dial backup port, this shows N/A when dial backup is disabled and IPCP client when dial backup is enabled.
IP address automatically from the ISP, click Renew to release the WAN port’s dynamically assigned IP address and get the IP address afresh. Click Dial to dial up the PPTP, PPPoE, 3G WAN or dial backup connection. Click Drop to disconnect the PPTP, PPPoE, 3G WAN or dial backup connection.
This is the date the category-based content filtering service subscription expires. This displays License Inactive when the ZyWALL is not registered or the subscription service is not activated. Click the field label to go to the screen where you can update your service subscription.
started up. Disable displays when the feature is not activated. Not Supported displays when the ZyWALL is not registered. Click the field label to go to the screen where you can enable this feature.
The fields below display when a 3G card is inserted and WAN 2 is enabled.
Click show detail... to see more information about the 3G connection and 3G card. Click hide detail... to display less information about the 3G connection and 3G card.
ZyWALL 2WG User’s Guide
63
Chapter 2 Introducing the Web Configurator
Table 3 Web Configurator HOME Screen in Router Mode (continued)
LABEL DESCRIPTION
3G Connection Status
Service Provider This displays the name of your network service provider or Limited Service when
Roaming Network This field is available only when you insert a 3G card that supports the roaming
Dormant State This field is available only when you insert a 3G card that supports the dormant
Signal Strength This displays the signal strength of the wireless network in dBm. The status bar
Last Connection Up Time
Tx Bytes This displays the total number of data frames transmitted.
Rx Bytes This displays the total number of data frames received.
3G Card Manufacturer
3G Card Model This displays the model name of your 3G card.
3G Card Firmware Revision
3G Card IMEI This field is available only when you insert a GSM (Global System for Mobile
SIM Card IMSI This field is available only when you insert a GSM or UMTS 3G card.
This displays Down when the 3G connection is down or not activated. This displays Initializing when the ZyWALL is configuring the 3G card with AT
commands. This displays Ready to Connect when the 3G connection is idle before the
ZyWALL triggers a call. This displays Connecting when the 3G card is trying to connect to a network but
has not received a response from the base station. This displays Connected when the 3G connection is up. This displays Disconnecting when the ZyWALL is dropping the 3G connection. This field also displays whether the ZyWALL is connected to a UMTS/HSDPA
network or GPRS/EDGE network. This field also displays the type of the network to which the the ZyWALL is
connected. The network type varies depending on the 3G card you inserted and could be UMTS, HSDPA, GPRS or EDGE when you insert a GSM 3G card, or 1xRTT, EVDO Rev.0 or EVDO Rev.A when you insert a CDMA 3G card.
the signal strength is too low or the ISP is limiting your access.
feature. This displays whether the card is able to connect to other ISPs’ base stations.
state. This displays whether the card is in dormant state. When there is no data
transmitting, a card does not send a radio signal and is in dormant state to reduce bandwidth usage.
shows the strength of the signal. The signal strength mainly depends on the antenna output power and the distance between your ZyWALL and the service provider’s base station. You can see a signal strength indication even when the ZyWALL does not have a 3G connection (because the signal is still there even when the ZyWALL is not using it).
This displays how long the 3G connection has been up.
This displays the manufacturer of your 3G card.
This displays the version of the firmware currently used in the 3G card.
Communications) or UMTS (Universal Mobile Telecommunications System) 3G card.
This displays the International Mobile Equipment Identity (IMEI) which is the serial number of the GSM or UMTS 3G wireless card. The IMEI is a unique 15­digit number used to identify a mobile device.
This displays the International Mobile Subscriber Identity (IMSI) stored in the SIM (Subscriber Identity Module) card. The SIM card is installed in a mobile device and used for authenticating a customer to the carrier network. The IMSI is a unique 15-digit number used to identify a user on a network.
64
ZyWALL 2WG User’s Guide
Chapter 2 Introducing the Web Configurator
Table 3 Web Configurator HOME Screen in Router Mode (continued)
LABEL DESCRIPTION
3G Card ESN This field is available only when you insert a CDMA (Code Division Multiple
Access) 3G card. This shows the ESN (Electronic Serial Number) of the inserted CDMA 3G card.
The ESN is the serial number of a CDMA 3G card and is similar to the IMEI on a GSM or UMTS 3G card.
Enter PIN code again
Apply Click Apply to save the correct PIN code and replace the one you specified in the
PUK Code If you enter the PIN code incorrectly three times, the SIM card will be blocked by
New PIN Code Configure a PIN code for the SIM card. You can specify any four to eight digits to
Confirm New PIN Code
Apply Click Apply to save your changes in this section.
Reset budget counters, resume budget control
Resume budget control
Disable budget control
Apply Click Apply to save your changes in this section.
Enter modem unlock code
Apply Click Apply to save your changes in this section.
Remaining Time Budget
If the PIN code you specified in the WAN 2 screen is not the right one for the card you inserted, this field displays allowing you to enter the correct PIN code. Enter the PIN code (four to eight digits) for the inserted 3G card.
WAN 2 screen.
your ISP and you cannot use the account to access the Internet. You should get the PUK (Personal Unblocking Key) code (four to eight digits) from your ISP. Enter the PUK code to enable the SIM card. If an incorrect PUK code is entered 10 times, the SIM card will be disabled permanently. You then need to contact your ISP for a new SIM card.
have a new PIN code or enter the previous PIN code.
Enter the PIN code again for confirmation.
This field displays if you have enabled budget control but insert a 3G card with a different user account from the one for which you configured budget control.
Select this option to have the ZyWALL do budget calculation starting from 0 but use the previous settings.
This field displays if you have enabled budget control but insert a 3G card with a different user account from the one for which you configured budget control.
Select this option to have the ZyWALL keep the existing statistics and continue counting.
This field displays if you have enabled budget control but insert a 3G card with a different user account from the one for which you configured budget control.
Select this option to disable budget control. If you want to enable and configure new budget control settings for the new user
account, go to the WAN 2 screen. The ZyWALL keeps the existing statistics if you do not change the budget control
settings. You could reinsert the original card and enable budget control to have the ZyWALL continue counting the budget control statistics.
This field only displays when you insert a 3G card and the internal modem on the 3G card is blocked.
Enter a key to enable the internal modem on your 3G card. By default, the key is the last four digits of your phone number used to dial up the 3G connection. Otherwise, you need to get the key from your service provider.
This field is available only when you enable budget control in the 3G (WAN 2) screen.
This shows the amount of time (in hours and minutes) the 3G connection can still be used before the ZyWALL takes the actions you specified in the 3G (WAN 2) screen.
ZyWALL 2WG User’s Guide
65
Chapter 2 Introducing the Web Configurator
Table 3 Web Configurator HOME Screen in Router Mode (continued)
LABEL DESCRIPTION
Remaining Data Budget
This field is available only when you enable budget control in the Network > WAN > 3G (WAN 2) screen.
This shows how much data (in bytes) can still be transmitted through the 3G connection before the ZyWALL takes the actions you specified in the 3G (WAN 2) screen.
Note: The budget counters will not be reset when you restore the
factory defaults. The budget counters are saved to the flash every hour or when the 3G connection is dropped. If you restart the ZyWALL within one hour, any change in the counters will not be saved.
Reset time and data budget counters
Wi-Fi Information
Wi-Fi status This displays whether or not the wireless LAN card is activated.
SSID This displays a descriptive name used to identify the ZyWALL in the wireless
Bridge to This displays whether the wireless LAN card is used as part of the LAN, DMZ or
802.11 mode This displays the wireless standard (802.11a, 802.11b, 802.11g or 802.11b+g) of
Channel This displays the radio channel the ZyWALL is currently using for the wireless
Security mode This shows the type of wireless security the ZyWALL is using.
# of Associated Clients
Latest Alerts This table displays the five most recent alerts recorded by the ZyWALL. You can
Date/Time This is the date and time the alert was recorded.
Message This is the reason for the alert.
System Status
Port Statistics Click Port Statistics to see router performance statistics such as the number of
DHCP Table Click DHCP Table to show current DHCP client information.
VPN Click VPN to display the active VPN connections.
Bandwidth Click Bandwidth to view the ZyWALL’s bandwidth usage and allotments.
This button is available only when you enable budget control in the 3G (WAN 2) screen.
Click this button to reset the time and data budgets. The count starts over with the 3G connection’s full configured monthly time and data budgets. This does not affect the normal monthly budget restart.
LAN.
WLAN.
the wireless LAN.
LAN.
This shows the number of the wireless client(s) connected to the ZyWALL.
see more information in the View Log screen, such as the source and destination IP addresses and port numbers of the incoming packets.
packets sent and number of packets received for each port.
66
ZyWALL 2WG User’s Guide
2.4.4 HOME Screen: Bridge Mode
The following screen displays when the ZyWALL is set to bridge mode. In bridge mode, the ZyWALL functions as a transparent firewall (also known as a bridge firewall). The ZyWALL bridges traffic traveling between the ZyWALL's interfaces and still filters and inspects packets. You do not need to change the configuration of your existing network.
In bridge mode, the ZyWALL cannot get an IP address from a DHCP server. The LAN, WAN, DMZ and WLAN interfaces all have the same (static) IP address and subnet mask. You can configure the ZyWALL's IP address in order to access the ZyWALL for management. If you connect your computer directly to the ZyWALL, you also need to assign your computer a static IP address in the same subnet as the ZyWALL's IP address in order to access the ZyWALL.
You can use the firewall and VPN in bridge mode. See the user’s guide for a list of other features that are available in bridge mode.
Figure 10 Web Configurator HOME Screen in Bridge Mode
Chapter 2 Introducing the Web Configurator
The following table describes the labels in this screen.
Table 4 Web Configurator HOME Screen in Bridge Mode
LABEL DESCRIPTION
Automatic Refresh Interval
Refresh Click this button to update the screen’s statistics immediately.
System Information
ZyWALL 2WG User’s Guide
Select a number of seconds or None from the drop-down list box to update all screen statistics automatically at the end of every time interval or to not update the screen statistics.
67
Chapter 2 Introducing the Web Configurator
Table 4 Web Configurator HOME Screen in Bridge Mode (continued)
LABEL DESCRIPTION
System Name This is the System Name you enter in the MAINTENANCE > General screen. It is
for identification purposes. Click the field label to go to the screen where you can specify a name for this ZyWALL.
Model This is the model name of your ZyWALL.
Bootbase Ver si on
Firmware Ver si on
Up Time This field displays how long the ZyWALL has been running since it last started up.
System Time This field displays your ZyWALL’s present date (in yyyy-mm-dd format) and time
Device Mode This displays whether the ZyWALL is functioning as a router or a bridge. Click the
Firewall This displays whether or not the ZyWALL’s firewall is activated. Click the field label
System Resources
Flash The first number shows how many megabytes of the flash the ZyWALL is using.
Memory The first number shows how many megabytes of the heap memory the ZyWALL is
Sessions The first number shows how many sessions are currently open on the ZyWALL.
CPU This field displays what percentage of the ZyWALL’s processing ability is currently
Network Status
IP/Netmask Address
Gateway IP Address
This is the bootbase version and the date created.
This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Operating System design. Click the field label to go to the screen where you can upload a new firmware file.
The ZyWALL starts up when you turn it on, when you restart it (MAINTENANCE > Restart), or when you reset it (see Section 2.3 on page 59).
(in hh:mm:ss format) along with the difference from the Greenwich Mean Time (GMT) zone. The difference from GMT is based on the time zone. It is also adjusted for Daylight Saving Time if you set the ZyWALL to use it. Click the field label to go to the screen where you can modify the ZyWALL’s date and time settings.
field label to go to the screen where you can configure the ZyWALL as a router or a bridge.
to go to the screen where you can turn the firewall on or off.
using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT, VPN and the firewall.
The second number shows the ZyWALL's total heap memory (in megabytes). The bar displays what percent of the ZyWALL's heap memory is in use. The bar
turns from green to red when the maximum is being approached.
This includes all sessions that are currently traversing the ZyWALL, terminating at the ZyWALL or initiated from the ZyWALL
The second number is the maximum number of sessions that can be open at one time.
The bar displays what percent of the maximum number of sessions is in use. The bar turns from green to red when the maximum is being approached.
used. When this percentage is close to 100%, the ZyWALL is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications (for example, using bandwidth management.
This is the IP address and subnet mask of your ZyWALL in dotted decimal notation.
This is the gateway IP address.
68
ZyWALL 2WG User’s Guide
Chapter 2 Introducing the Web Configurator
Table 4 Web Configurator HOME Screen in Bridge Mode (continued)
LABEL DESCRIPTION
Rapid Spanning Tree Protocol
Bridge Priority This is the bridge priority of the ZyWALL. The bridge (or switch) with the lowest
Bridge Hello Time
Bridge Max Age This is the predefined interval that a bridge waits to get a Hello message (BPDU)
Forward Delay This is the forward delay interval.
Bridge Port This is the port type. Port types are: WAN, LAN, Wireless Card, DMZ and WLAN
Port Status For the WAN, LAN, DMZ, and WLAN Interfaces, this displays the port speed and
RSTP Status This is the RSTP status of the corresponding port.
RSTP Active This shows whether or not RSTP is active on the corresponding port.
RSTP Priority This is the RSTP priority of the corresponding port.
RSTP Path Cost This is the cost of transmitting a frame from the root bridge to the corresponding
Security Services
Content Filter Expiration Date
Web Site Blocked
Wi-Fi Information
Wi-Fi status This displays whether or not the wireless LAN card is activated.
SSID This displays a descriptive name used to identify the ZyWALL in the wireless LAN.
Bridge to This displays whether the wireless LAN card is used as part of the LAN, DMZ or
802.11 mode This displays the wireless standard (802.11a, 802.11b, 802.11g or 802.11b+g) of
Channel This displays the radio channel the ZyWALL is currently using for the wireless LAN.
Security mode This shows the type of wireless security the ZyWALL is using.
# of Associated Clients
Latest Alerts This table displays the five most recent alerts recorded by the ZyWALL. You can
Date/Time This is the date and time the alert was recorded.
Message This is the reason for the alert.
System Status
This shows whether RSTP (Rapid Spanning Tree Protocol) is active or not. The following labels or values relative to RSTP do not apply when RSTP is disabled.
bridge priority value in the network is the root bridge (the base of the spanning tree).
This is the interval of BPDUs (Bridge Protocol Data Units) from the root bridge.
from the root bridge.
Interface.
duplex setting. For the WAN port, it displays Down when the link is not ready or has failed. For the wireless card, it displays the maximum transmission rate when WLAN is enabled or Down when WLAN is disabled.
port.
This is the date the category-based content filtering service subscription expires. Click the field label to go to the screen where you can update your service subscription.
This displays how many web site hits the ZyWALL has blocked since it last started up. N/A displays when the service subscription has expired.
WLAN.
the wireless LAN.
This shows the number of the wireless client(s) connected to the ZyWALL.
see more information in the View Log screen, such as the source and destination IP addresses and port numbers of the incoming packets.
ZyWALL 2WG User’s Guide
69
Chapter 2 Introducing the Web Configurator
Table 4 Web Configurator HOME Screen in Bridge Mode (continued)
LABEL DESCRIPTION
Port Statistics Click Port Statistics to see router performance statistics such as the number of
packets sent and number of packets received for each port.
VPN Click VPN to display the active VPN connections.
Bandwidth Click Bandwidth to view the ZyWALL’s bandwidth usage and allotments.

2.4.5 Navigation Panel

After you enter the password, use the sub-menus on the navigation panel to configure ZyWALL features.
The following table lists the features available for each device mode.
Table 5 Bridge and Router Mode Features Comparison
FEATURE BRIDGE MODE ROUTER MODE
Internet Access Setup Wizard Y
VPN Setup Wizard Y Y
Port Statistics Y Y
DHCP Table Y
Registration Y Y
LAN Y
WAN Y
DMZ Y
Bridge Y
WLAN Y
3G Y
Wi-Fi Y Y
Firewall Y Y
Content Filter Y Y
VPN Y Y
Certificates Y Y
Authentication Server Y Y
NAT Y
Static Route Y
Policy Route Y
Bandwidth Management Y Y
DNS Y
Remote Management Y Y
UPnP Y
Custom APP Y Y
ALG Y Y
70
ZyWALL 2WG User’s Guide
Chapter 2 Introducing the Web Configurator
Table 5 Bridge and Router Mode Features Comparison
FEATURE BRIDGE MODE ROUTER MODE
Logs Y Y
Maintenance Y Y
Table Key: A Y in a mode’s column shows that the device mode has the specified feature. The information in this table was correct at the time of writing, although it may be subject to change.
The following table describes the sub-menus.
Table 6 Screens Summary
LINK TAB FUNCTION
HOME This screen shows the ZyWALL’s general device and network
status information. Use this screen to access the wizards, statistics and DHCP table.
REGISTRATIONRegistration Use this screen to register your ZyWALL and activate the trial
service subscriptions.
Service Use this to manage and update the service status and license
information.
NETWORK
LAN LAN Use this screen to configure LAN DHCP and TCP/IP settings.
Static DHCP Use this screen to assign fixed IP addresses on the LAN.
IP Alias Use this screen to partition your LAN interface into subnets.
Port Roles Use this screen to change the LAN/DMZ/WLAN port roles.
BRIDGE Bridge Use this screen to change the bridge settings on the ZyWALL.
Port Roles Use this screen to change the LAN/DMZ/WLAN port roles on the
WAN General This screen allows you to configure load balancing, route priority
WAN1 Use this screen to configure the WAN1 connection for Internet
3G (WAN 2) Use this screen to configure the WAN2 connection for Internet
Traffic Redirect
Dial Backup Use this screen to configure the backup WAN dial-up connection.
DMZ DMZ Use this screen to configure your DMZ connection.
Static DHCP Use this screen to assign fixed IP addresses on the DMZ.
IP Alias Use this screen to partition your DMZ interface into subnets.
Port Roles Use this screen to change the LAN/DMZ/WLAN port roles on the
WLAN WLAN Use this screen to configure your WLAN connection.
Static DHCP Use this screen to assign fixed IP addresses on the WLAN.
IP Alias Use this screen to partition your WLAN interface into subnets.
Port Roles Use this screen to change the LAN/DMZ/WLAN port roles on the
ZyWALL.
and connection test.
access.
access.
Use this screen to configure your traffic redirect properties and parameters.
ZyWALL.
ZyWALL.
ZyWALL 2WG User’s Guide
71
Chapter 2 Introducing the Web Configurator
Table 6 Screens Summary (continued)
LINK TAB FUNCTION
WIRELESS
3G (WAN 2) 3G (WAN 2) Use this screen to configure the WAN2 connection for Internet
Wi-Fi Wireless Card Use this screen to configure the wireless LAN settings.
Security Use this screen to configure the WLAN security settings.
MAC Filter Use this screen to change MAC filter settings on the ZyWALL
SECURITY
FIREWALL Default Rule Use this screen to activate/deactivate the firewall and the direction
Rule Summary This screen shows a summary of the firewall rules, and allows you
Anti-Probing Use this screen to change your anti-probing settings.
Threshold Use this screen to configure the threshold for DoS attacks.
Service Use this screen to configure custom services.
CONTENT FILTER
VPN VPN Rules
CERTIFICATES My Certificates Use this screen to view a summary list of certificates and manage
AUTH SERVER Local User
ADVANCED
General This screen allows you to enable content filtering and block certain
Categories Use this screen to select which categories of web pages to filter
Customization Use this screen to customize the content filter list.
Cache Use this screen to view and configure the ZyWALL’s URL caching.
(IKE)
VPN Rules (Manual)
SA Monitor Use this screen to display and manage active VPN connections.
Global Setting Use this screen to configure the IPSec timer settings.
Trusted CAs Use this screen to view and manage the list of the trusted CAs.
Trusted Remote Hosts
Directory Servers
Database
RADIUS Configure this screen to use an external server to authenticate
access.
of network traffic to which to apply the rule
to edit/add a firewall rule.
web features.
out, as well as to register for external database content filtering and view reports.
Use this screen to configure VPN connections using IKE key management and view the rule summary.
Use this screen to configure VPN connections using manual key management and view the rule summary.
certificates and certification requests.
Use this screen to view and manage the certificates belonging to the trusted remote hosts.
Use this screen to view and manage the list of the directory servers.
Use this screen to configure the local user account(s) on the ZyWALL.
wireless and/or VPN users.
72
ZyWALL 2WG User’s Guide
Chapter 2 Introducing the Web Configurator
Table 6 Screens Summary (continued)
LINK TAB FUNCTION
NAT NAT Overview Use this screen to enable NAT.
Address Mapping
Port Forwarding
Port Triggering
STATIC ROUTE IP Static Route Use this screen to configure IP static routes.
POLICY ROUTE Policy Route
BW MGMT Summary Use this screen to enable bandwidth management on an interface.
DNS System Use this screen to configure the address and name server
REMOTE MGMT
UPnP UPnP Use this screen to enable UPnP on the ZyWALL.
Custom APP Custom APP Use this screen to specify port numbers for the ZyWALL to monitor
ALG ALG Use this screen to allow certain applications to pass through the
Summary
Class Setup Use this screen to set up the bandwidth classes.
Monitor Use this screen to view the ZyWALL’s bandwidth usage and
Cache Use this screen to configure the DNS resolution cache.
DHCP Use this screen to configure LAN/DMZ/WLAN DNS information.
DDNS Use this screen to set up dynamic DNS.
WWW Use this screen to configure through which interface(s) and from
SSH Use this screen to configure through which interface(s) and from
TELNET Use this screen to configure through which interface(s) and from
FTP Use this screen to configure through which interface(s) and from
SNMP Use this screen to configure your ZyWALL’s settings for Simple
DNS Use this screen to configure through which interface(s) and from
CNM Use this screen to configure and allow your ZyWALL to be
Ports Use this screen to view the NAT port mapping rules that UPnP
Use this screen to configure network address translation mapping rules.
Use this screen to configure servers behind the ZyWALL.
Use this screen to change your ZyWALL’s port triggering settings.
Use this screen to view a summary list of all the policies and configure policies for use in IP policy routing.
allotments.
records.
which IP address(es) users can use HTTPS or HTTP to manage the ZyWALL.
which IP address(es) users can use Secure Shell to manage the ZyWALL.
which IP address(es) users can use Telnet to manage the ZyWALL.
which IP address(es) users can use FTP to access the ZyWALL.
Network Management Protocol management.
which IP address(es) users can send DNS queries to the ZyWALL.
managed by the Vantage CNM server.
creates on the ZyWALL.
for FTP, HTTP, SMTP, POP3, H323, and SIP traffic.
ZyWALL.
ZyWALL 2WG User’s Guide
73
Chapter 2 Introducing the Web Configurator
Table 6 Screens Summary (continued)
LINK TAB FUNCTION
LOGS View Log Use this screen to view the logs for the categories that you
Log Settings Use this screen to change your ZyWALL’s log settings.
Reports Use this screen to have the ZyWALL record and display the
MAINTENANCE General This screen contains administrative.
Password Use this screen to change your password.
Time and Date Use this screen to change your ZyWALL’s time and date.
Device Mode Use this screen to configure and have your ZyWALL work as a
F/W Upload Use this screen to upload firmware to your ZyWALL
Backup & Restore
Restart This screen allows you to reboot the ZyWALL without turning the
Diagnostics Use this screen to have the ZyWALL generate and send
LOGOUT Click this label to exit the web configurator.
selected.
network usage reports.
router or a bridge.
Use this screen to backup and restore the configuration or reset the factory defaults to your ZyWALL.
power off.
diagnostic files by e-mail and/or the console port.
2.4.6 Port Statistics
Click Port Statistics in the HOME screen. Read-only information here includes port status and packet specific statistics. The Automatic Refresh Interval field is configurable.
Figure 11 HOME > Show Statistics
74
ZyWALL 2WG User’s Guide
Chapter 2 Introducing the Web Configurator
The following table describes the labels in this screen.
Table 7 HOME > Show Statistics
LABEL DESCRIPTION
Click the icon to display the chart of throughput statistics in router mode.
Port These are the ZyWALL’s interfaces.
Status For the WAN interface(s) and the Dial Backup port, this displays the port speed and
TxPkts This is the number of transmitted packets on this port.
RxPkts This is the number of received packets on this port.
Collisions This displays the number of collisions on this port in bridge mode.
Tx B/s This displays the transmission speed in bytes per second on this port.
Rx B/s This displays the reception speed in bytes per second on this port.
Up Time This is the total amount of time the line has been up.
System Up Time This is the total time the ZyWALL has been on.
Automatic Refresh Interval
Refresh Click this button to update the screen’s statistics immediately.
duplex setting if you’re using Ethernet encapsulation or the remote node name for a PPP connection and Down (line is down or not connected), Idle (line (ppp) idle), Dial (starting to trigger a call) or Drop (dropping a call) if you’re using PPPoE encapsulation. Dial backup is not available in bridge mode.
For the LAN, DMZ and WLAN ports, this displays the port speed and duplex setting. For the WLAN card, this displays the transmission rate when WLAN is enabled or
Down when WLAN is disabled.
Select a number of seconds or None from the drop-down list box to update all screen statistics automatically at the end of every time interval or to not update the screen statistics.
2.4.7 Show Statistics: Line Chart
Click the icon in the Show Statistics screen when the ZyWALL is set to router mode. This screen shows you a line chart of each port’s throughput statistics.
Figure 12 HOME > Show Statistics > Line Chart
ZyWALL 2WG User’s Guide
75
Chapter 2 Introducing the Web Configurator
The following table describes the labels in this screen.
Table 8 HOME > Show Statistics > Line Chart
LABEL DESCRIPTION
Click the icon to go back to the Show Statistics screen.
Port Select the check box(es) to display the throughput statistics of the corresponding
interface(s).
B/s Specify the direction of the traffic for which you want to show throughput statistics in
Throughput Range
this table. Select Tx to display transmitted traffic throughput statistics and the amount of traffic
(in bytes). Select Rx to display received traffic throughput statistics and the amount of traffic (in bytes).
Set the range of the throughput (in B/s, KB/s or MB/s) to display. Click Set Range to save this setting back to the ZyWALL.
2.4.8 DHCP Table Screen
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyWALL as a DHCP server or disable it. When configured as a server, the ZyWALL provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Click Show DHCP Table in the HOME screen when the ZyWALL is set to router mode. Read-only information here relates to your DHCP status. The DHCP table shows current DHCP client information (including IP Address, Host Name and MAC Address) of all network clients using the ZyWALL’s DHCP server.
Figure 13 HOME > DHCP Table
The following table describes the labels in this screen.
Table 9 HOME > DHCP Table
LABEL DESCRIPTION
Interface Select LAN, DMZ or WLAN to show the current DHCP client information for the
specified interface.
# This is the index number of the host computer.
IP Address This field displays the IP address relative to the # field listed above.
Host Name This field displays the computer host name.
76
ZyWALL 2WG User’s Guide
Table 9 HOME > DHCP Table (continued)
LABEL DESCRIPTION
MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area
Reserve Select the check box in the heading row to automatically select all check boxes or
Refresh Click Refresh to reload the DHCP table.
2.4.9 VPN Status
Click VPN in the HOME screen. This screen displays read-only information about the active VPN connections. The Poll Interval(s) field is configurable. A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
Chapter 2 Introducing the Web Configurator
Network) is unique to your computer (six pairs of hexadecimal notation). A network interface card such as an Ethernet adapter has a hardwired address that is
assigned at the factory. This address follows an industry standard that ensures no other adapter has a similar address.
select the check box(es) in each entry to have the ZyWALL always assign the selected entry(ies)’s IP address(es) to the corresponding MAC address(es) (and host name(s)). You can select up to 128 entries in this table. After you click Apply, the MAC address and IP address also display in the corresponding LAN, DMZ or WLAN
Static DHCP screen (where you can edit them).
Figure 14 HOME > VPN Status
The following table describes the labels in this screen.
Table 10 HOME > VPN Status
LABEL DESCRIPTION
# This is the security association index number.
Name This field displays the identification name for this VPN policy.
Local Network This field displays the IP address of the computer using the VPN IPSec feature of
Remote Network This field displays IP address (in a range) of computers on the remote network
Encapsulation This field displays Tunn el or Transport mode.
your ZyWALL.
behind the remote IPSec router.
ZyWALL 2WG User’s Guide
77
Chapter 2 Introducing the Web Configurator
Table 10 HOME > VPN Status
LABEL DESCRIPTION
IPSec Algorithm This field displays the security protocols used for an SA.
Both AH and ESP increase ZyWALL processing requirements and communications latency (delay).
Automatic Refresh Interval
Refresh Click this button to update the screen’s statistics immediately.
Select a number of seconds or None from the drop-down list box to update all screen statistics automatically at the end of every time interval or to not update the screen statistics.
2.4.10 Bandwidth Monitor
Click Bandwidth in the HOME screen to display the bandwidth monitor. This screen displays the device’s bandwidth usage and allotments.
Figure 15 Home > Bandwidth Monitor
78
The following table describes the labels in this screen.
Tabl e 11 ADVANCED > BW MGMT > Monitor
LABEL DESCRIPTION
Interface Select an interface from the drop-down list box to view the bandwidth usage
of its bandwidth classes.
Class This field displays the name of the bandwidth class.
A Default Class automatically displays for all the bandwidth in the Root Class that is not allocated to bandwidth classes. If you do not enable maximize bandwidth usage on an interface, the ZyWALL uses the bandwidth in this default class to send traffic that does not match any of the bandwidth classes.
Budget (kbps) This field displays the amount of bandwidth allocated to the bandwidth class.
Current Usage (kbps) This field displays the amount of bandwidth that each bandwidth class is
using.
A
ZyWALL 2WG User’s Guide
Chapter 2 Introducing the Web Configurator
Tabl e 11 ADVANCED > BW MGMT > Monitor
LABEL DESCRIPTION
Automatic Refresh Interval
Refresh Click this button to update the screen’s statistics immediately.
A. If you allocate all the root class’s bandwidth to the bandwidth classes, the default class still displays a budget of 2
kbps (the minimum amount of bandwidth that can be assigned to a bandwidth class).
Select a number of seconds or None from the drop-down list box to update all screen statistics automatically at the end of every time interval or to not update the screen statistics.
ZyWALL 2WG User’s Guide
79
Chapter 2 Introducing the Web Configurator
80
ZyWALL 2WG User’s Guide
CHAPTER 3

Wizard Setup

This chapter provides information on the Wizard Setup screens in the web configurator. The Internet access wizard is only applicable when the ZyWALL is in router mode.

3.1 Wizard Setup Overview

The web configurator's setup wizards help you configure Internet and VPN connection settings.
In the HOME screen, click the wizard icon The following summarizes the wizards you can select:
• Internet Access Setup
Click this link to open a wizard to set up an Internet connection for WAN 1 (the WAN port) on the ZyWALL (in router mode).
• VPN Setup
Use VPN SETUP to configure a VPN connection that uses a pre-shared key. If you want to set the rule to use a certificate, please go to the VPN screens for configuration. See
Section 3.3 on page 90.
Figure 16 Wizard Setup Welcome
to open the Wizard Setup Welcome screen.

3.2 Internet Access

The Internet access wizard screen has three variations depending on what encapsulation type you use. Refer to information provided by your ISP to know what to enter in each field. Leave a field blank if you don’t have that information.
ZyWALL 2WG User’s Guide
81
Chapter 3 Wizard Setup

3.2.1 ISP Parameters

The ZyWALL offers three choices of encapsulation. They are Ethernet, PPTP or PPPoE.
The wizard screen varies according to the type of encapsulation that you select in the Encapsulation field.
3.2.1.1 Ethernet
For ISPs (such as Telstra) that send UDP heartbeat packets to verify that the customer is still online, please create a WAN-to-WAN/ZyWALL firewall rule for those packets. Contact your ISP to find the correct port number.
Choose Ethernet when the WAN port is used as a regular Ethernet.
Figure 17 ISP Parameters: Ethernet Encapsulation
82
The following table describes the labels in this screen.
Table 12 ISP Parameters: Ethernet Encapsulation
LABEL DESCRIPTION
ISP Parameters for Internet Access
Encapsulation You must choose the Ethernet option when the WAN port is used as a regular
Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection.
WAN IP Address Assignment
IP Address Assignment
Select Dynamic If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static If the ISP assigned a fixed IP address. The fields below are available only when you select Static.
ZyWALL 2WG User’s Guide
Table 12 ISP Parameters: Ethernet Encapsulation
LABEL DESCRIPTION
My WAN IP Address
My WAN IP Subnet Mask
Gateway IP Address
First DNS Server Second DNS
Server
Back Click Back to return to the previous wizard screen.
Apply Click Apply to save your changes and go to the next screen.
Enter your WAN IP address in this field.
Enter the IP subnet mask in this field.
Enter the gateway IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order to access it.
3.2.1.2 PPPoE Encapsulation
Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks.
Chapter 3 Wizard Setup
Figure 18 ISP Parameters: PPPoE Encapsulation
ZyWALL 2WG User’s Guide
83
Chapter 3 Wizard Setup
The following table describes the labels in this screen.
Table 13 ISP Parameters: PPPoE Encapsulation
LABEL DESCRIPTION
ISP Parameter for Internet Access
Encapsulation Choose an encapsulation method from the pull-down list box. PPP over Ethernet
Service Name Type the name of your service provider.
User Name Type the user name given to you by your ISP.
Password Type the password associated with the user name above.
Retype to Confirm
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically disconnects
WAN IP Address Assignment
IP Address Assignment
My WAN IP Address
First DNS Server Second DNS
Server
Back Click Back to return to the previous wizard screen.
Apply Click Apply to save your changes and go to the next screen.
forms a dial-up connection.
Type your password again for confirmation.
from the PPPoE server. The default time is 100 seconds.
Select Dynamic If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static If the ISP assigned a fixed IP address. The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order to access it.
3.2.1.3 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/ IP-based networks.
PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet.
" The ZyWALL supports one PPTP server connection at any given time.
84
ZyWALL 2WG User’s Guide
Figure 19 ISP Parameters: PPTP Encapsulation
Chapter 3 Wizard Setup
The following table describes the labels in this screen.
Table 14 ISP Parameters: PPTP Encapsulation
LABEL DESCRIPTION
ISP Parameters for Internet Access
Encapsulation Select PPTP from the drop-down list box. To configure a PPTP client, you must
User Name Type the user name given to you by your ISP.
Password Type the password associated with the User Name above.
Retype to Confirm Type your password again for confirmation.
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically
PPTP Configuration
My IP Address Type the (static) IP address assigned to you by your ISP.
ZyWALL 2WG User’s Guide
configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
disconnects from the PPTP server.
85
Chapter 3 Wizard Setup
Table 14 ISP Parameters: PPTP Encapsulation
LABEL DESCRIPTION
My IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
Server IP Address Type the IP address of the PPTP server.
Connection ID/ Name
WAN IP Address Assignment
IP Address Assignment
My WAN IP Address
First DNS Server Second DNS
Server
Back Click Back to return to the previous wizard screen.
Apply Click Apply to save your changes and go to the next screen.
Enter the connection ID or connection name in this field. It must follow the "c:id" and "n:name" format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your xDSL modem.
Select Dynamic If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static If the ISP assigned a fixed IP address. The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do
not configure a DNS server, you must know the IP address of a machine in order to access it.
3.2.2 Internet Access Wizard: Second Screen
Click Next to go to the screen where you can register your ZyWALL and activate the free content filtering trial application. Otherwise, click Skip to display the congratulations screen and click Close to complete the Internet access setup.
Figure 20 Internet Access Wizard: Second Screen
86
ZyWALL 2WG User’s Guide
Figure 21 Internet Access Setup Complete
Chapter 3 Wizard Setup
3.2.3 Internet Access Wizard: Registration
If you clicked Next in the previous screen (see Figure 20 on page 86), the following screen displays.
Use this screen to register the ZyWALL with myZyXEL.com. You must register your ZyWALL before you can activate trial applications of services like content filtering, anti­spam, anti-virus and IDP.
" If you want to activate a standard service with your iCard’s PIN number
(license key), use the REGISTRATION > Service screen.
ZyWALL 2WG User’s Guide
87
Chapter 3 Wizard Setup
Figure 22 Internet Access Wizard: Registration
The following table describes the labels in this screen.
Table 15 Internet Access Wizard: Registration
LABEL DESCRIPTION
Device Registration If you select Existing myZyXEL.com account, only the User Name and
New myZyXEL.com account
Existing myZyXEL.com account
User Name Enter a user name for your myZyXEL.com account. The name should be
Check Click this button to check with the myZyXEL.com database to verify the user
Password Enter a password of between six and 20 alphanumeric characters (and the
Confirm Password Enter the password again for confirmation.
E-Mail Address Enter your e-mail address. You can use up to 80 alphanumeric characters
Country Select your country from the drop-down box list.
Back Click Back to return to the previous screen.
Next Click Next to continue.
Password fields are available.
If you haven’t created an account at myZyXEL.com, select this option and configure the following fields to create an account and register your ZyWALL.
If you already have an account at myZyXEL.com, select this option and enter your user name and password in the fields below to register your ZyWALL.
from six to 20 alphanumeric characters (and the underscore). Spaces are not allowed.
name you entered has not been used.
underscore). Spaces are not allowed.
(periods and the underscore are also allowed) without spaces.
88
After you fill in the fields and click Next, the following screen shows indicating the registration is in progress. Wait for the registration progress to finish.
ZyWALL 2WG User’s Guide
Figure 23 Internet Access Wizard: Registration in Progress
3.2.4 Internet Access Wizard: Status
Chapter 3 Wizard Setup
This screen shows your device registration and service subscription status. Click Close to leave the wizard screen when the registration and activation are done.
Figure 24 Internet Access Wizard: Status
The following screen appears if the registration was not successful. Click Return to go back to the Device Registration screen and check your settings.
Figure 25 Internet Access Wizard: Registration Failed
ZyWALL 2WG User’s Guide
89
Chapter 3 Wizard Setup
3.2.5 Internet Access Wizard: Service Activation
If the ZyWALL has been registered, the Device Registration screen is read-only and the Service Activation screen appears indicating what trial applications are activated after you click Next.
Figure 26 Internet Access Wizard: Registered Device
Figure 27 Internet Access Wizard: Activated Services

3.3 VPN Wizard Gateway Setting

Use this screen to name the VPN gateway policy (IKE SA) and identify the IPSec routers at either end of the VPN tunnel.
Click VPN Setup in the Wizard Setup Welcome screen (Figure 16 on page 81) to open the VPN configuration wizard. The first screen displays as shown next.
90
ZyWALL 2WG User’s Guide
Chapter 3 Wizard Setup
Figure 28 VPN Wizard: Gateway Setting
The following table describes the labels in this screen.
Table 16 VPN Wizard: Gateway Setting
LABEL DESCRIPTION
Gateway Policy Property
Name Type up to 32 characters to identify this VPN gateway policy. You may use any
character, including spaces, but the ZyWALL drops trailing spaces.
Gateway Policy Setting
My ZyWALL When the ZyWALL is in router mode, enter the WAN IP address or the domain name
Remote Gateway Address
Back Click Back to return to the previous screen.
Next Click Next to continue.
of your ZyWALL or leave the field set to 0.0.0.0. The following applies if the My ZyWALL field is configured as 0.0.0.0:
When the WAN interface operation mode is set to Active/Passive, the ZyWALL uses the IP address (static or dynamic) of the WAN interface that is in use.
When the WAN interface operation mode is set to Active/Active, the ZyWALL uses the IP address (static or dynamic) of the primary (highest priority) WAN interface to set up the VPN tunnel as long as the corresponding WAN1 or WAN2 connection is up. If the corresponding WAN1 or WAN2 connection goes down, the ZyWALL uses the IP address of the other WAN interface.
If both WAN connections go down, the ZyWALL uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. See the chapter on WAN for details on dial backup and traffic redirect.
When the ZyWALL is in bridge mode, this field is read-only and displays the ZyWALL’s IP address.
Enter the WAN IP address or domain name of the remote IPSec router (secure gateway) in the field below to identify the remote IPSec router by its IP address or a domain name. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address.
ZyWALL 2WG User’s Guide
91
Chapter 3 Wizard Setup

3.4 VPN Wizard Network Setting

Use this screen to name the VPN network policy (IPSec SA) and identify the devices behind the IPSec routers at either end of a VPN tunnel.
Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time.
Figure 29 VPN Wizard: Network Setting
The following table describes the labels in this screen.
Table 17 VPN Wizard: Network Setting
LABEL DESCRIPTION
Network Policy Property
Active If the Active check box is selected, packets for the tunnel trigger the ZyWALL to build
Name Type up to 32 characters to identify this VPN network policy. You may use any
Network Policy Setting
Local Network Local IP addresses must be static and correspond to the remote IPSec router's
the tunnel. Clear the Active check box to turn the network policy off. The ZyWALL does not
apply the policy. Packets for the tunnel do not trigger the tunnel.
character, including spaces, but the ZyWALL drops trailing spaces.
configured remote IP addresses. Select Single for a single IP address. Select Range IP for a specific range of IP
addresses. Select Subnet to specify IP addresses on a network by their subnet mask.
92
ZyWALL 2WG User’s Guide
Table 17 VPN Wizard: Network Setting
LABEL DESCRIPTION
Starting IP Address
Ending IP Address/ Subnet Mask
Remote Network
Starting IP Address
Ending IP Address/ Subnet Mask
Back Click Back to return to the previous screen.
Next Click Next to continue.
When the Local Network field is configured to Single, enter a (static) IP address on the LAN behind your ZyWALL. When the Local Network field is configured to Range IP, enter the beginning (static) IP address, in a range of computers on the LAN behind your ZyWALL. When the Local Network field is configured to Subnet, this is a (static) IP address on the LAN behind your ZyWALL.
When the Local Network field is configured to Single, this field is N/A. When the Local Network field is configured to Range IP, enter the end (static) IP address, in a range of computers on the LAN behind your ZyWALL. When the Local Network field is configured to Subnet, this is a subnet mask on the LAN behind your ZyWALL.
Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses.
Select Single for a single IP address. Select Range IP for a specific range of IP addresses. Select Subnet to specify IP addresses on a network by their subnet mask.
When the Remote Network field is configured to Single, enter a (static) IP address on the network behind the remote IPSec router. When the Remote Network field is configured to Range IP, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router. When the Remote Network field is configured to Subnet, enter a (static) IP address on the network behind the remote IPSec router
When the Remote Network field is configured to Single, this field is N/A. When the Remote Network field is configured to Range IP, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router. When the Remote Network field is configured to Subnet, enter a subnet mask on the network behind the remote IPSec router.
Chapter 3 Wizard Setup

3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1)

Use this screen to specify the authentication, encryption and other settings needed to negotiate a phase 1 IKE SA.
ZyWALL 2WG User’s Guide
93
Chapter 3 Wizard Setup
Figure 30 VPN Wizard: IKE Tunnel Setting
The following table describes the labels in this screen.
Table 18 VPN Wizard: IKE Tunnel Setting
LABEL DESCRIPTION
Negotiation Mode Select Main Mode for identity protection. Select Aggressive Mode to allow
more incoming connections from dynamic IP addresses to use separate passwords.
Note: Multiple SAs (security associations) connecting through a
secure gateway must have the same negotiation mode.
Encryption Algorithm
Authentication Algorithm
Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to
SA Life Time (Seconds)
When DES is used for data communications, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. The DES encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It also requires more processing power, resulting in increased latency and decreased throughput. This implementation of AES uses a 128-bit key. AES is faster than
3DES.
MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash
algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security.
Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
Define the length of time before an IKE SA automatically renegotiates in this field. The minimum value is 180 seconds.
A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected.
94
ZyWALL 2WG User’s Guide
Table 18 VPN Wizard: IKE Tunnel Setting (continued)
LABEL DESCRIPTION
Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a
communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x (zero x), which is not counted as part of the 16 to 62 character range for the key. For example, in "0x0123456789ABCDEF", 0x denotes that the key is hexadecimal and 0123456789ABCDEF is the key itself.
Both ends of the VPN tunnel must use the same pre-shared key. You will receive a PYLD_MALFORMED (payload malformed) packet if the same pre­shared key is not used on both ends.
Back Click Back to return to the previous screen.
Next Click Next to continue.

3.6 VPN Wizard IPSec Setting (IKE Phase 2)

Use this screen to specify the authentication, encryption and other settings needed to negotiate a phase 2 IPSec SA.
Chapter 3 Wizard Setup
Figure 31 VPN Wizard: IPSec Setting
ZyWALL 2WG User’s Guide
95
Chapter 3 Wizard Setup
The following table describes the labels in this screen.
Table 19 VPN Wizard: IPSec Setting
LABEL DESCRIPTION
Encapsulation Mode Tunnel is compatible with NAT, Transport is not.
IPSec Protocol Select the security protocols used for an SA.
Encryption Algorithm When DES is used for data communications, both sender and receiver must
Authentication Algorithm
SA Life Time (Seconds)
Perfect Forward Secret (PFS)
Back Click Back to return to the previous screen.
Next Click Next to continue.
Tunnel mode encapsulates the entire IP packet to transmit it securely. A Tunnel mode is required for gateway services to provide access to internal systems. Tunnel mode is fundamentally an IP tunnel with authentication and encryption. Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Both AH and ESP increase ZyWALL processing requirements and communications latency (delay).
know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. The DES encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It also requires more processing power, resulting in increased latency and decreased throughput. This implementation of AES uses a 128-bit key. AES is faster than
3DES. Select NULL to set up a tunnel without encryption. When you select NULL, you do not enter an encryption key.
MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash
algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security.
Define the length of time before an IKE SA automatically renegotiates in this field. The minimum value is 180 seconds.
A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected.
Perfect Forward Secret (PFS) is disabled (None) by default in phase 2 IPSec SA setup. This allows faster IPSec setup, but is not so secure.
Select DH1 or DH2 to enable PFS. DH1 refers to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number (more secure, yet slower).

3.7 VPN Wizard Status Summary

This read-only screen shows the status of the current VPN setting. Use the summary table to check whether what you have configured is correct.
96
ZyWALL 2WG User’s Guide
Figure 32 VPN Wizard: VPN Status
Chapter 3 Wizard Setup
The following table describes the labels in this screen.
Table 20 VPN Wizard: VPN Status
LABEL DESCRIPTION
Gateway Policy Property
Name This is the name of this VPN gateway policy.
Gateway Policy Setting
My ZyWALL This is the WAN IP address or the domain name of your ZyWALL in router
Remote Gateway Address
Network Policy Property
Active This displays whether this VPN network policy is enabled or not.
Name This is the name of this VPN network policy.
ZyWALL 2WG User’s Guide
mode or the ZyWALL’s IP address in bridge mode.
This is the IP address or the domain name used to identify the remote IPSec router.
97
Chapter 3 Wizard Setup
Table 20 VPN Wizard: VPN Status (continued)
LABEL DESCRIPTION
Network Policy Setting
Local Network
Starting IP Address This is a (static) IP address on the LAN behind your ZyWALL.
Ending IP Address/ Subnet Mask
Remote Network
Starting IP Address This is a (static) IP address on the network behind the remote IPSec router.
Ending IP Address/ Subnet Mask
IKE Tunnel Setting (IKE Phase 1)
Negotiation Mode This shows Main Mode or Aggressive Mode. Multiple SAs connecting through
Encryption Algorithm
Authentication Algorithm
Key Group This is the key group you chose for phase 1 IKE setup.
SA Life Time (Seconds)
Pre-Shared Key This is a pre-shared key identifying a communicating party during a phase 1 IKE
IPSec Setting (IKE Phase 2)
Encapsulation Mode This shows Tunn el mode or Transport mode.
IPSec Protocol ESP or AH are the security protocols used for an SA.
Encryption Algorithm
Authentication Algorithm
SA Life Time (Seconds)
Perfect Forward Secret (PFS)
Back Click Back to return to the previous screen.
Finish Click Finish to complete and save the wizard setup.
When the local network is configured for a single IP address, this field is N/A. When the local network is configured for a range IP address, this is the end (static) IP address, in a range of computers on the LAN behind your ZyWALL. When the local network is configured for a subnet, this is a subnet mask on the LAN behind your ZyWALL.
When the remote network is configured for a single IP address, this field is N/A. When the remote network is configured for a range IP address, this is the end (static) IP address, in a range of computers on the network behind the remote IPSec router. When the remote network is configured for a subnet, this is a subnet mask on the network behind the remote IPSec router.
a secure gateway must have the same negotiation mode.
This is the method of data encryption. Options can be DES, 3DES or AES.
MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data.
This is the length of time before an IKE SA automatically renegotiates.
negotiation.
This is the method of data encryption. Options can be DES, 3DES, AES or
NULL.
MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash
algorithms used to authenticate packet data.
This is the length of time before an IKE SA automatically renegotiates.
Perfect Forward Secret (PFS) is disabled (None) by default in phase 2 IPSec SA setup. Otherwise, DH1 or DH2 are selected to enable PFS.
98
ZyWALL 2WG User’s Guide

3.8 VPN Wizard Setup Complete

Congratulations! You have successfully set up the VPN rule for your ZyWALL. If you already had VPN rules configured, the wizard adds the new VPN rule after the last existing VPN rule.
Figure 33 VPN Wizard Setup Complete
Chapter 3 Wizard Setup
ZyWALL 2WG User’s Guide
99
Chapter 3 Wizard Setup
100
ZyWALL 2WG User’s Guide
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use