1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. ZyXEL ZyWALL 2WE
  6. Compact manual

ZyXEL Communications ZyWall 2we Compact Manual

Hide thumbs Also See for ZyWall 2we:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
ZyWALL 2WE
Internet Security Gateway
Compact Guide
Version 3.62
April 2004

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications ZyWall 2we

Summary of Contents for ZyXEL Communications ZyWall 2we

  • Page 1 ZyWALL 2WE Internet Security Gateway Compact Guide Version 3.62 April 2004...

  • Page 2: Table Of Contents

    ZyWALL 2WE Table of Contents 1 Introducing the ZyWALL ......................4 2 Hardware ............................4 2.1 Rear Panel ..........................5 2.2 The Front Panel LEDs....................... 6 3 Setting Up Your Computer’s IP Address..................7 3.1 Windows NT/2000/XP ......................7 4 Configuring Your ZyWALL ......................9 4.1 Accessing Your ZyWALL Via Web Configurator..............
  • Page 3 ZyWALL 2WE 5.15 Configuring Customization ....................31 5.16 VPN Overview ........................32 5.17 Summary Screen........................32 5.18 Configuring VPN Policies..................... 35 5.18.1 X-Auth (Extended Authentication)................35 5.19 Viewing SA Monitor ......................39 5.20 UPnP Overview........................40 5.21 Configuring UPnP ......................... 40...

  • Page 4: Introducing The Zywall

    ZyWALL 2WE 1 Introducing the ZyWALL The ZyWALL 2WE is the ideal secure gateway for all data passing between the Internet and the LAN. By integrating NAT, firewall, VPN capability, and wireless LAN, ZyXEL’s ZyWALL 2WE is a complete security solution that protects your Intranet and efficiently manages data traffic on your network.

  • Page 5: Rear Panel

    ZyWALL 2WE 2.1 Rear Panel LABEL DESCRIPTION LAN 10/100M 1- Connect a computer to one of these ports with an Ethernet cable. These ports are auto- negotiating (can connect at 10 or 100Mbps) and auto-sensing (automatically adjust to the type of Ethernet cable you use (straight-through or crossover).

  • Page 6: The Front Panel Leds

    ZyWALL 2WE LABEL DESCRIPTION RESET You only need to use this button if you’ve forgotten the ZyWALL’s password. It returns the ZyWALL to the factory defaults (password is 1234, LAN IP address 192.168.1.1, terminal emulation settings as described above etc.; see your User’s Guide for details).

  • Page 7: Setting Up Your Computer's Ip Address

    ZyWALL 2WE COLOR STATUS MEANING Green The ZyWALL has a LAN connection of 10Mbps. 10/100M Orange The ZyWALL has a LAN connection of 100Mbps. Flashing The ZyWALL is sending/receiving packets. The ZyWALL does not have an Ethernet connection. 10/100M Green The WAN link is connected at 10Mbps.
  • Page 8 ZyWALL 2WE Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties screen opens (the General tab in Windows XP). - To have your computer assigned a dynamic IP address, click Obtain an IP address automatically.

  • Page 9: Configuring Your Zywall

    ZyWALL 2WE Refer to your User’s Guide for detailed IP address configuration for other Windows and Macintosh computer operating systems. 4 Configuring Your ZyWALL This Compact Guide shows you how to use the web configurator wizard only. See your User’s Guide for background information on all ZyWALL features and System Management Terminal (SMT) configuration.

  • Page 10: Internet Access Using The Wizard

    ZyWALL 2WE Step 4. You should now see the web configurator MAIN MENU screen. Click WIZARD to begin a series of screens to help you configure your ZyWALL for the first time. Click MAINTENANCE in the navigation panel to see ZyWALL performance statistics, upload firmware and back up, restore or upload a configuration file.
  • Page 11 ZyWALL 2WE System Name is for identification purposes. Enter your computer's "Computer Name". The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used.
  • Page 12 ZyWALL 2WE Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. Therefore you’ll also need a username and password and possibly the PPPoE service name. Your ISP will give you all needed information. Select Nailed Up Connection if you do not want the connection to the PPPoE server to time out.

  • Page 13: Test Your Internet Connection

    ZyWALL 2WE WAN IP Address Assignment Select Get automatically from ISP if your ISP did not assign you a fixed IP address. Select Use fixed IP address if the ISP assigned a fixed IP address and then enter your IP address and subnet mask in the next two fields.

  • Page 14: Check Your Wan Setup

    ZyWALL 2WE 4.4 Check Your WAN Setup Click WAN and then the WAN ISP and WAN IP tabs. The screens look very similar to screens 2 and 3 in the Wizard Setup. If the information is incorrect, make changes and click Apply.

  • Page 15: Advanced Configuration

    ZyWALL 2WE 5 Advanced Configuration This section shows you how to configure some of the advanced features of the ZyWALL. 5.1 Network Address Translation Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.
  • Page 16 ZyWALL 2WE The following table describes the fields in this screen. LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a default server IP address, then all packets received for ports not specified in this screen will be discarded.

  • Page 17: Wireless Lan Overview

    ZyWALL 2WE LABEL DESCRIPTION Server IP Enter the inside IP address of the server here. Address 5.3 Wireless LAN Overview This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as simple as two computers with wireless network interface cards (NICs) communicating in a peer-to- peer network or as complex as a number of computers with wireless NICs communicating through access points which bridge network traffic to the wired LAN.
  • Page 18 ZyWALL 2WE The following table describes the fields in this screen. LABEL DESCRIPTION EXAMPLE Enable Before you enable the wireless LAN you should configure some security by setting Wireless MAC filters and/or 802.1x security; otherwise your wireless LAN will be vulnerable (default) upon enabling it.

  • Page 19: Configuring Ieee 802.1X Authentication

    ZyWALL 2WE LABEL DESCRIPTION EXAMPLE Frag. The threshold (number of bytes) for the fragmentation boundary for directed 2432 Threshold messages. It is the maximum data fragment size that can be sent. Enter a value (default) between 256 and 2432. WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized Disable wireless stations from accessing data transmitted over the wireless network.

  • Page 20: Local User Database And Radius Overview

    ZyWALL 2WE The following table describes the fields in this screen. LABEL DESCRIPTION Authentication Select Authentication Required to authenticate all wireless clients before they can Type access the wired network. Select No Authentication Required to allow all wireless clients to access your wired network without authentication.

  • Page 21: Configuring Firewall

    ZyWALL 2WE When activated, the firewall allows all traffic to the Internet that originates from the LAN, and blocks all traffic to the LAN that originates from the Internet. In other words the ZyWALL will: Allow all sessions originating from the LAN to the WAN Deny all sessions originating from the WAN to the LAN LAN-to-WAN rules are local network to Internet firewall rules.
  • Page 22 ZyWALL 2WE The following table describes the fields in this screen. LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall. The ZyWALL performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
  • Page 23 ZyWALL 2WE LABEL DESCRIPTION Block/ Use the option buttons to select whether to Block (discard) or Forward (allow the Forward passage of) packets that are traveling in the selected direction. Select the check box to create a log (when the above action is taken) for packets that are traveling in the selected direction and do not match any of the rules below.

  • Page 24: Procedure For Configuring Firewall Rules

    ZyWALL 2WE 5.9 Procedure for Configuring Firewall Rules Follow these directions to create a new rule. Step 1. In the Summary screen, click the Insert button and enter the Rule Number before which you want the new rule to be located.
  • Page 25 ZyWALL 2WE The following table describes the fields in this screen. LABEL Description Active Check the Active check box to have the ZyWALL use this rule. Leave it unchecked if you do not want the ZyWALL to use the rule after you apply it...

  • Page 26: Configuring Source And Destination Addresses

    ZyWALL 2WE LABEL Description Source Address Click SrcAdd to add a new address, SrcEdit to edit an existing one or SrcDelete to delete one. Destination Click DestAdd to add a new address, DestEdit to edit an existing one or DestDelete to Address delete one.

  • Page 27: Content Filtering Overview

    ZyWALL 2WE The following table describes the fields in this screen. LABEL DESCRIPTION Address Type Do you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.50), a subnet or any IP address? Select an option from the drop-down list box that includes: Single Address, Range Address, Subnet Address and Any Address.

  • Page 28: Customize Web Site Access

    ZyWALL 2WE 5.11.3 Customize Web Site Access You can specify URLs to which the ZyWALL blocks access. You can alternatively block access to all URLs except ones that you specify. You can also have the ZyWALL block access to URLs that contain key words that you specify.

  • Page 29: Content Filtering With An External Server

    ZyWALL 2WE 5.12 Content Filtering with an External Server Your ZyWALL uses an application services company that provides outsourced content filtering. If you enable the content filter, your ZyWALL will have access to an external database, which contains dynamically updated ratings of millions of web sites. The content filtering lookup process is described below.
  • Page 30 ZyWALL 2WE Click Register to go to a web site where you can register for category-based content filtering (using an external database). You can use a trial application or register your iCard’s PIN. Refer to the web site’s on-line help for details.

  • Page 31: Configuring Customization

    ZyWALL 2WE The web site displays a registration successful web page. It may take up to another ten minutes for content filtering to be activated. You can manage your registration status or view content filtering reports after you register this device.

  • Page 32: Vpn Overview

    ZyWALL 2WE 5.16 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
  • Page 33 ZyWALL 2WE Local and remote IP addresses must be static. Click VPN to open the Summary screen. This is a read-only menu of your IPSec rules (tunnels). Edit or create an IPSec rule by selecting an index number and then clicking Edit to configure the associated submenus.
  • Page 34 ZyWALL 2WE LABEL DESCRIPTION The VPN policy index number Name This field displays the identification name for this VPN policy. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active. No signifies that this VPN policy is not active.

  • Page 35: Configuring Vpn Policies

    ZyWALL 2WE 5.18 Configuring VPN Policies 5.18.1 X-Auth (Extended Authentication) Extended authentication provides added security by allowing you to use usernames and passwords for VPN connections. This is especially helpful when multiple ZyWALLs use one VPN rule to connect to a single ZyWALL. An attacker cannot make a VPN connection without a valid username and password.
  • Page 36 ZyWALL 2WE...
  • Page 37 ZyWALL 2WE The following table describes the fields in this screen. LABEL DESCRIPTION Active Select this check box to activate this VPN tunnel. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select this check box to turn on the keep alive feature for this SA.
  • Page 38 ZyWALL 2WE LABEL DESCRIPTION My IP Address Enter the WAN IP address of your ZyWALL. The ZyWALL uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0. The VPN tunnel has to be rebuilt if this IP address changes.

  • Page 39: Viewing Sa Monitor

    ZyWALL 2WE LABEL DESCRIPTION IPSec Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields (described below).

  • Page 40: Upnp Overview

    ZyWALL 2WE When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. 5.20 UPnP Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.

  • Page 41: Troubleshooting

    ZyWALL 2WE LABEL DESCRIPTION Allow users to make Select this check box to allow UPnP-enabled applications to automatically configuration changes configure the ZyWALL so that they can communicate through the ZyWALL, for through UPnP example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device;...
  • Page 42 ZyWALL 2WE PROBLEM CORRECTIVE ACTION If the ISP checks the host name, enter your computer’s name (refer to the Wizard Setup section in the User’s Guide) in the System Name field in the first screen of the WIZARD. If the ISP checks the user ID, click WAN and then the ISP tab. Check your service type, user name, and password.

Table of Contents