Page 1 Vantage CNM Centralized Network Management User’s Guide Version 3.0 11/2007 Edition 1 www.zyxel.com...
Page 3: About This User's Guide
About This User's Guide The screens in Vantage CNM vary by device type and firmware version. The examples in this User’s Guide use one of the most comprehensive examples of each screen, not every variation for each device type and firmware version. If you are unable to find a specific screen or field in this User’s Guide, please see the User’s Guide for the device for more information.
Page 4 About This User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw Vantage CNM User’s Guide...
Page 5: Document Conventions
Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. Device icons are not an exact representations of your devices. Device (example) Server Telephone Computer Notebook computer DSLAM Switch Router Vantage CNM User’s Guide...
Page 7: Table Of Contents
Introducing Vantage CNM ... 31 Introduction ... 33 GUI Introduction ... 35 Device Operation ... 51 Load or Save Building Blocks (BB) ... 53 Device General Settings ... 55 Device Network Settings ... 59 Device Security Settings ... 109 Device Advanced Settings ... 185 Device Log ...
Page 8 Contents Overview About Vantage CNM ... 321 Account Management ... 323 Group ... 325 Account ... 329 Troubleshooting ... 333 Troubleshooting ... 335 Appendices and Index ... 339 Vantage CNM User’s Guide...
Page 9 About This User's Guide ... 3 Document Conventions... 5 Contents Overview ... 7 Chapter 1 Introducing Vantage CNM ... 31 1.1 Overview ... 31 1.2 Ways to Manage Vantage CNM ... 32 1.3 Suggestions for Using Vantage CNM ... 32 Part I: Introduction...
Page 10 5.3 WAN General (ZyNOS ZyWALL) ... 67 5.3.1 WAN1 (ZyNOS ZyWALL with one WAN port) ... 69 5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports) ... 77 5.3.3 Dial Backup (ZyNOS ZyWALL) ... 85 5.3.4 Advanced Modem Setup (ZyNOS ZyWALL) ... 87 5.3.5 Edit Dial Backup (ZyNOS ZyWALL) ...
Page 11 6.9 IDP Signatures ... 152 6.9.1 Attack Types ... 152 6.9.2 Intrusion Severity ... 154 6.9.3 Signature Actions ... 154 6.9.4 Configuring IDP Signatures ... 155 6.9.5 Query View ... 157 6.10 Signature Update ... 159 6.11 Content Filter ... 161 6.12 Content Filter General Screen ...
Page 12 Chapter 8 Device Log... 209 8.1 Device Log ... 209 Chapter 9 Device Configuration Management... 213 9.1 Synchronization ... 213 9.2 Configuration File Management ... 214 9.2.1 Backup & Restore (Device) ... 215 9.2.2 Backup a Device ... 216 9.2.3 Backup & Restore (Folder) ... 218 9.2.4 Group Backup (Folder) ...
Page 13 11.3 Signature Status ... 245 Part III: VPN Management ... 247 Chapter 12 VPN Community... 249 12.1 VPN Community ... 249 12.1.1 Add/Edit a VPN Community ... 250 Chapter 13 Installation Report ... 255 13.1 Installation Report ... 255 13.1.1 Show Detailed Installation Reportl ... 256 Chapter 14 VPN Monitor ...
Page 14 17.1.3 Alarm States ... 272 17.1.4 Unresolved Alarms ... 272 17.1.5 Responded Alarm ... 273 Part V: Log & Report... 277 Chapter 18 Device Operation Report... 279 18.1 Firmware Upgrade Report ... 279 18.1.1 Firmware Report Details ... 280 18.2 Configuration Report ... 281 18.2.1 Configuration Report Details ...
Page 15 21.5 Log Setting ... 305 21.6 VRPT Management ... 306 21.6.1 General ... 306 21.6.2 Add/Edit VRPT Management ... 307 21.7 Certificate Management Overview ... 308 21.7.1 Advantages of Certificates ... 308 21.7.2 Current Certificate Information ... 309 21.7.3 Create CSR ... 310 21.7.4 Import Certificate ...311 Chapter 22 Maintenance ...
Page 16 Part VIII: Troubleshooting ... 333 Chapter 29 Troubleshooting... 335 29.1 Vantage CNM Access and Login ... 335 29.2 Device Management ... 336 29.3 Device Firmware Management ... 336 29.4 Vantage Report ... 337 Part IX: Appendices and Index ... 339 Appendix A Product Specifications...
Page 17 Figure 1 Vantage CNM Application ... 31 Figure 2 Main Screen ... 35 Figure 3 Device Window: Topology ... 37 Figure 4 Folder Right-Click Options ... 39 Figure 5 Device Window: Topology: Right Click to Add a Folder ... 39 Figure 6 Device Window: Topology: Add Folder ...
Page 18 Figure 39 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) ... 83 Figure 40 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) Figure 41 Device Operation > Device Configuration > Network > WAN > Dial Backup > Advanced (ZyNOS ZyWALL) ...
Page 19 Figure 74 Device Operation > Device Configuration > Security > IDP > Signature (Query View) ... 157 Figure 75 Device Operation > Device Configuration > Security > Signature Update ... 160 Figure 76 Device Operation > Device Configuration > Security > Content Filter > General ... 162 Figure 77 Device Operation >...
Page 20 Figure 110 Device Operation > Configuration Management > Configuration File Management > Schedule List (Device) ... 221 Figure 111 Device Operation > Configuration Management > Configuration File Management > Schedule List (Folder) ... 222 Figure 112 Device Operation > Configuration Management > Configuration File Management > Schedule List (Folder) ...
Page 21 Figure 143 VPN Management > VPN Monitor > By Community > Show Detail ... 258 Figure 144 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic ... 259 Figure 145 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic > Logs .. 260 Figure 146 VPN Management >...
Page 22 Figure 180 CNM System Setting > Maintenance > System ... 313 Figure 181 CNM System Setting > Maintenance > System > Backup ... 314 Figure 182 CNM System Setting > Device Owner ... 315 Figure 183 CNM System setting > Device Owner > Add/Edit ... 316 Figure 184 CNM System Setting >...
Page 23 Figure 223 Network Number and Host ID ... 368 Figure 224 Subnetting Example: Before Subnetting ... 370 Figure 225 Subnetting Example: After Subnetting ... 371 Figure 226 IP Address Conflicts: Case A ... 375 Figure 227 IP Address Conflicts: Case B ... 376 Figure 228 IP Address Conflicts: Case C ...
Page 24 Vantage CNM User’s Guide...
Page 25 Table 1 Menu Bar Icon Description ... 36 Table 2 Title Bar Icon Description ... 37 Table 3 Device Window: Topology ... 38 Table 4 Device Window: Icons ... 38 Table 5 Device Window: Folder Icons ... 38 Table 6 Device Window: Device Icons ... 40 Table 7 Configuration Screen: Device List ...
Page 26 Table 37 Wireless Card: No Access 802.1x + Static WEP ... 106 Table 38 Wireless Card: No Access 802.1x + No WEP ... 106 Table 39 Device Operation > Device Configuration > Network > Wireless Card > MAC Filter ... 107 Table 40 Device Operation >...
Page 27 Table 75 Device Operation > Device Configuration > Security > X Auth > RADIUS ... 183 Table 76 Device Operation > Device Configuration > Advanced > NAT > NAT Overview ... 186 Table 77 Device Operation > Device Configuration > Advanced > NAT > Port Fowarding ... 188 Table 78 Device Operation >...
Page 28 Table 107 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit/ Save as ... 230 Table 108 Device Operation > Configuration Management > Building Block > Component BB ... 232 Table 109 Device Operation > Configuration Management > Building Block > Component BB > Add/Edit/ Save as ...
Page 29 Table 144 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Restore Report ... 289 Table 145 LOG & Report > CNM Logs ... 292 Table 146 CNM System Setting > Configuration > Servers > Configuration ... 300 Table 147 CNM System Setting >...
Page 30 Vantage CNM User’s Guide...
Page 31: Introducing Vantage Cnm
H A P T E R Introducing Vantage CNM This chapter introduces the main applications and features of Vantage CNM. It also introduces the ways you can manage Vantage CNM. 1.1 Overview Vantage Centralized Network Management (“Vantage CNM”) helps network administrators monitor and manage a distributed network of ZyXEL network devices.
Page 32: Ways To Manage Vantage Cnm
Chapter 1 Introducing Vantage CNM 1.2 Ways to Manage Vantage CNM Use the web configurator to access and manage Vantage CNM. See the Quick Start Guide for instructions to access the web configurator and this User’s Guide for more information about the screens.
Page 33: Introduction
Introduction Introducing Vantage CNM (31) GUI Introduction (35)
Page 35: Gui Introduction
H A P T E R See the Quick Start Guide for instructions about installing, setting up, and accessing Vantage CNM. This chapter introduces the Vantage CNM main screen. Figure 2 Main Screen The main screen consists of three main parts and are numbered in the sequence you typically follow to configure a device.
Page 36: Menu Bar
Chapter 2 GUI Introduction For security reasons, Vantage CNM automatically times out after fifteen minutes of inactivity. Log in again if this happens. Each part is discussed in more detail in the following sections. 2.1 Menu Bar The following table describes the icons in the menu bar. Table 1 Menu Bar Icon Description ICON DESCRIPTION...
Page 37: Title Bar
2.2 Title Bar The following table describes the icons in the title bar. Table 2 Title Bar Icon Description ICON DESCRIPTION This icon displays with a hi to the current login user. Click this icon to display the dashboard in the configuration window. Click this icon to open a window to display real-time Vantage CNM system logs.
Page 38 Chapter 2 GUI Introduction The following table describes the labels in the Device window. Table 3 Device Window: Topology LABEL DESCRIPTION Topology Click Topology to display device groups in a tree structure. Search Click Search to look for device(s). There are a couple icons in the device window that perform additional functions related to views.
Page 39: Figure 4 Folder Right-Click Options
Table 5 Device Window: Folder Icons (continued) Icon Status Off_ Alarm_Pending-Closed Off_ Alarm_Pending-Open You can right-click on a folder to see the following menu items. Some folders do not have every menu item. Click Settings to configure the Adobe flash player settings. Click About Adobe Flash Player 9 to connect to Adobe’s website for more information.
Page 40: Figure 7 Device Window: Topology: Delete Folder Warning
Chapter 2 GUI Introduction 4 A new folder icon displays. 2.3.1.1.2 Delete a Folder Deleting a folder also deletes all the associated device(s). Follow the steps below to delete a group. 1 In the device window, click Topology. 2 Right-click on a folder and click Delete Folder. 3 A warning screen displays.
Page 41: Figure 9 Device Right-Click Options
Table 6 Device Window: Device Icons (continued) Icon Not Yet Acquired On_Alarm Off_Alarm On_Pending Off_Pending On_Alarm_Pending Off_Alarm_Pending You can right-click on a device to see the following menu. Some menu items are not available for every device. Click Settings to configure Adobe flash player settings. Click About Adobe Flash Player 9 to connect to Adobe’s website for more information.
Page 42: Figure 11 Device Window: Topology: Add/Edit Device (Zynos)
Chapter 2 GUI Introduction Figure 11 Device Window: Topology: Add/Edit Device (ZyNOS) Figure 12 Device Window: Topology: Add/Edit Device (ZLD) The following table describes the labels in this screen. Table 7 Configuration Screen: Device List LABEL DESCRIPTION LAN MAC Enter the LAN MAC address of the device (without colons) in this field. Vantage CNM (Hex) uses the MAC address to identify the device, so make sure it is entered correctly.
Page 43 Table 7 Configuration Screen: Device List (continued) LABEL DESCRIPTION Firmware This field is only available for a ZyNOS device. Select the firmware version the device Version is currently using. The pull-down menu lists only supported firmware versions. Select Unknown if you don’t know the device’s firmware version or you cannot find your device’s current firmware version from the list.
Page 44: Figure 13 Device Window: Topology: Delete Device Warning
Chapter 2 GUI Introduction 4 After clicking Apply and a new device icon displays. 2.3.1.2.2 Delete a Device Follow the steps below to delete a group. 1 In the device window, click Topology. 2 Right-click on a device and click Delete Device. 3 A warning screen displays.
Page 45: Device Search
Figure 15 Device Window: Topology: Delete Device Warning 3 The device’s web configurator appears via a HTTP or HTTPS connection. You can change the device login setting by editing a device. Refer to 2.3.2 Device Search Use the Search function in the device window to look for device(s). 1 In the device window, click Search.
Page 46 Chapter 2 GUI Introduction Table 8 Navigation Panel: Menu Summary - Device Operation DEVICE OPERATION ZYNOS-BASED DEVICE Device Configuration Load or Save BB General System Tim Setting Network WLAN Wireless Card Port Roles Security Firewall Anti-Virus Anti-Spam Signature Update Content Filter X Auth Advanced Static Route...
Page 47 Table 9 Navigation Panel: Menu Summary - Others CNM SYSTEM SETTING Servers User Access Notification Log Setting VRPT Management Certificate Management Maintenance Device Owner Upgrade License About The following table describes the links in the navigation panel. Table 10 Navigation Panel Links LINK DESCRIPTION Device Operation...
Page 48: Security Risk Pop-Up Messages In Internet Explorer 7.0
Chapter 2 GUI Introduction Table 10 Navigation Panel Links (continued) LINK DESCRIPTION VRPT This function is available if any Vantage Report (VRPT) server is configured on the selected device. This link takes you to a screen where you can see reports generated by an associated VRPT server.
Page 49: Figure 17 Cnm System Setting > Configuration > Certificate Management > Create Csr
1 Click CNM System Setting in the menu bar. 2 Click Configuration > Certificate Management in the navigation panel. 3 Click Create CSR. The following screen appears. Figure 17 CNM System Setting > Configuration > Certificate Management > Create CSR 4 Type the IP address of the Vantage CNM server in the Common Name field.
Page 50: Figure 19 Cnm System Setting > Configuration > Certificate Management > Import Certificate
Chapter 2 GUI Introduction Figure 19 CNM System Setting > Configuration > Certificate Management > Import Certificate 8 Enter the signed certificate file path and click Apply. 9 Restart the Vantage CNM server. 10 Use the IP address and log into the Vantage CNM server. 11 In Internet Explorer 7.0, click View Certificates when the following screen appears.
Page 51: Device Operation
Device Operation This menu only appear if you select a device. For ZLD-based device, this menu appear when the device status is on. The menus and screens may vary depending on the device model you select. Table 8 on page 46 for the device model and the corresponding firmware version CNM supports.
Page 53: Figure 21 Device Operation > Device Configuration > Load Or Save Bb
H A P T E R Load or Save Building Blocks These menus only appear if you select a ZyNOS-based or a prestige device. 3.1 Load or Save BB Use this menu item to load building blocks to the selected device or to create building blocks from the current configuration of the selected device.
Page 54: Figure 22 Device Operation > Device Configuration > Load Or Save Bb > Load A Bb
Chapter 3 Load or Save Building Blocks (BB) Click the Load a BB icon to load a building block to the selected device. The following pop- up screen appears. Figure 22 Device Operation > Device Configuration > Load or Save BB > Load a BB Select the building block you want to load to the selected device, and click Apply.
Page 55: Device General Settings
H A P T E R Device General Settings This section configures device general settings. These menus only appear if you select a ZyNOS-based or a prestige device. For ZLD-based device, these menus appear when the device status is on. 4.0.1 System Use this screen to set the password, system name, domain name, idle timeout, and DNS servers for the device.
Page 56: Time Setting
Chapter 4 Device General Settings Table 11 Device Operation > Device Configuration > General > System (continued) FIELD Domain Name Administrator Inactivity Timer Apply Reset 4.0.2 Time Setting Use this screen to configure the time settings on the device. To open this screen, click Device Operation >...
Page 57 Table 12 Device Operation > Device Configuration > General > Time Setting (continued) LABEL DESCRIPTION Daylight Savings Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Page 58 Chapter 4 Device General Settings Vantage CNM User’s Guide...
Page 59: Device Network Settings
H A P T E R Device Network Settings The screens explained network settings such as LAN, WAN, wireless card. The menus and screens may vary for different ZyXEL products. For example, click Device Configuration > Network Interface for ZLD-based device’s network settings. This document uses the ZyNOS ZyWALL settings for each screen description.
Page 60: Figure 27 Device Operation > Device Configuration > Network > Lan > Lan
Chapter 5 Device Network Settings Figure 27 Device Operation > Device Configuration > Network > LAN > LAN The following table describes the fields in this screen. Table 13 Device Operation > Device Configuration > LAN > LAN LABEL DHCP Mode IP Pool Starting Address DHCP Server IP...
Page 61 Table 13 Device Operation > Device Configuration > LAN > LAN (continued) LABEL DESCRIPTION DHCP WINS Type the IP address of the WINS (Windows Internet Naming Service) server that Server 1, 2 you want to send to the DHCP clients. The WINS server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using.
Page 62: Lan (Prestige)
Chapter 5 Device Network Settings Table 13 Device Operation > Device Configuration > LAN > LAN (continued) LABEL Allow between LAN and WAN2 Allow between LAN and DMZ Allow between LAN and WLAN Apply Reset 5.2 LAN (Prestige) This section refers only to the LAN screen, but the information is applicable for the LAN, WLAN, and DMZ screens.
Page 63: Figure 28 Device Operation > Device Configuration > Network > Lan > Lan (Prestige)
Figure 28 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) The following table describes the fields in this screen. Table 14 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) LABEL DESCRIPTION DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
Page 64: Static Dhcp
Chapter 5 Device Network Settings Table 14 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) LABEL TCP/IP IP Address IP Subnet Mask RIP Direction RIP Version Multicast Any IP Setup Active Apply Reset 5.2.1 Static DHCP This section refers only to the LAN screen, but the information is applicable for the LAN, WLAN, and DMZ screens.
Page 65: Ip Alias
Use this screen to assign IP addresses to specific individual computers on the LAN based on their MAC addresses. To open this screen, click Device Operation in the menu bar, and click Device Configuration > Network > LAN > Static DHCP in the navigation panel. Figure 29 Device Operation >...
Page 66: Figure 30 Device Operation > Device Configuration > Network > Lan > Ip Alias
Chapter 5 Device Network Settings Figure 30 Device Operation > Device Configuration > Network > LAN > IP Alias The following table describes the fields in this screen Table 16 Device Operation > Device Configuration > Network > LAN > IP Alias LABEL IP Alias 1,2 IP Address...
Page 67: Wan General (Zynos Zywall)
5.3 WAN General (ZyNOS ZyWALL) This section gives configuration information on the fields displayed in this screen. To open this screen, click Device Operation in the menu bar, and click Device Configuration > Network > WAN > General in the navigation panel. Be careful when configuring a device’s WAN as an incorrect configuration could result in the device being inaccessible from Vantage CNM (or by the web configurator from the WAN) and may necessitate a site visit to correct.
Page 68 Chapter 5 Device Network Settings The following table describes the fields in this screen. Table 17 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) LABEL DESCRIPTION WAN Priority The default WAN connection is "1' as your broadband connection via the WAN port should always be your preferred method of accessing the WAN.
Page 69: Wan1 (Zynos Zywall With One Wan Port)
Table 17 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION Allow between Select this check box to forward NetBIOS packets from the WAN2 port to the DMZ WAN2 and port and from the DMZ port to WAN2. Clear this check box to block all NetBIOS packets going from the WAN2 port to the DMZ port and from DMZ port to WAN2.
Page 70 Chapter 5 Device Network Settings 5.3.1.1 Ethernet Encapsulation The following table describes the labels in the Ethernet encapsulation screen. Table 18 Device Operation > Device Configuration > Network > WAN > ISP (Ethernet) – ZyNOS ZyWALL (one WAN port) LABEL Encapsulation Service Type WAN:IP...
Page 71: Figure 33 Warning Message When Select Pppoe
Table 18 Device Operation > Device Configuration > Network > WAN > ISP (Ethernet) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the device. Reset Click Reset to begin configuring this screen afresh. 5.3.1.2 PPPoE Encapsulation The device supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 72: Figure 34 Device Operation > Device Configuration > Network > Wan > Wan1-Pppoe (Zynos Zywall With One Wan Port)
Chapter 5 Device Network Settings Figure 34 Device Operation > Device Configuration > Network > WAN > WAN1-PPPoE (ZyNOS ZyWALL with one WAN port) The following table describes the labels in the PPPoE screen. Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) – ZyNOS ZyWALL (one WAN port) LABEL DESCRIPTION...
Page 73 Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION Service Name Type the PPPoE service name provided to you. PPPoE uses a service name to identify and reach the PPPoE server. User Name Type the user name given to you by your ISP.
Page 74: Figure 35 Warning Message When Select Pptp
Chapter 5 Device Network Settings Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION Multicast Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 75: Figure 36 Device Operation > Device Configuration > Network > Wan > Wan1 - Pptp (Zynos Zywall With One Wan Port)
Figure 36 Device Operation > Device Configuration > Network > WAN > WAN1 - PPTP (ZyNOS ZyWALL with one WAN port) The following table describes the labels in the PPTP screen. Table 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS ZyWALL (one WAN port) LABEL WAN:ISP...
Page 76 Chapter 5 Device Network Settings Table 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS ZyWALL (one WAN port) (continued) LABEL PPTP User Name Password Retype to confirm Password Nailed-up Connection Idle Timeout My IP Address My IP Subnet Mask Server IP Address Connection ID/Name...
Page 77: Wan1 And Wan2 (Zynos Zywall With Two Wan Ports)
Table 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS ZyWALL (one WAN port) (continued) LABEL RIP Version Multicast Apply Reset 5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports) Since ZyWALL 4.00, the WAN screens are organized differently than the previous versions because it has two WAN ports.
Page 78: Figure 37 Device Operation > Device Configuration > Network > Wan > Wan1/2 (Zynos Zywall With Two Wan Ports)
Chapter 5 Device Network Settings Figure 37 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two WAN ports) The following table describes the labels in this screen. Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two WAN ports) LABEL DESCRIPTION...
Page 79 Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION Telia Login Type the domain name of the Telia login server, for example login1.telia.com. Server (Telia Login only) Relogin The Telia server logs the Vantage CNM out if the Vantage CNM does not log in Every(mins)
Page 80: Figure 38 Device Operation > Device Configuration > Network > Wan > Wan1/2 - Pppoe (Zynos Zywall With Two Wan Ports)
Chapter 5 Device Network Settings 5.3.2.2 PPPoE Encapsulation PPPoE (Point-to-Point Protocol over Ethernet) is an IETF standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS).
Page 81 The following table describes the labels in this screen. Table 22 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE (ZyNOS ZyWALL with two WAN ports) LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPPoE choice is for a dial-up connection using PPPoE. The router supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 82 Chapter 5 Device Network Settings Table 22 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
Page 83 Figure 39 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) The following table describes the labels in this screen. Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) LABEL DESCRIPTION...
Page 84 Chapter 5 Device Network Settings Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION PPTP User Name Type the user name given to you by your ISP. Password Type the password associated with the user name above.
Page 85: Dial Backup (Zynos Zywall)
Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the device sends (it recognizes both formats when receiving).
Page 86: Figure 40 Device Operation > Device Configuration > Network > Wan > Dial Backup (Zynos Zywall
Chapter 5 Device Network Settings Figure 40 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) The following table describes the labels in this screen. Table 24 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) LABEL Enable Dial Backup...
Page 87: Advanced Modem Setup (Zynos Zywall)
Table 24 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) (continued) LABEL Primary/Secondary Phone Number AT Command Initial String Advanced Modem Setup TCP/IP Options Budget Allocated Budget Period Idle Timeout Apply Reset 5.3.4 Advanced Modem Setup (ZyNOS ZyWALL) 5.3.4.1 AT Command Strings For regular telephone lines, the default Dial string tells the modem that the line uses tone dialing.
Page 88: Figure 41 Device Operation > Device Configuration > Network > Wan > Dial Backup > Advanced (Zynos Zywall)
Chapter 5 Device Network Settings 5.3.4.1.2 Response Strings The response strings tell the device the tags, or labels, immediately preceding the various call parameters sent from the WAN device. The response strings have not been standardized; please consult the documentation of your WAN device to find the correct tags. Click the Advanced button in the Advanced Modem Setup in the Dial Backup screen to display the Dial Backup Advanced screen shown next.
Page 89: Edit Dial Backup (Zynos Zywall)
Table 25 Device Operation > Device Configuration > Network > WAN > Dial Backup > Advanced (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION Drop DTR When Select this check box to have the device drop the DTR (Data Hang Up Terminal Ready) signal after the "AT Command String: Drop" is sent out.
Page 90: Figure 42 Device Operation > Device Configuration > Network > Wan > Dial Backup > Edit (Zynos Zywall)
Chapter 5 Device Network Settings Figure 42 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit (ZyNOS ZyWALL) The following table describes the fields in this screen. Table 26 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit – ZyNOS ZyWALL LABEL Get IP Address...
Page 91: Wan Setup (Prestige)
Table 26 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit – ZyNOS ZyWALL (continued) LABEL Enable RIP RIP Direction RIP Version Apply Reset 5.3.6 WAN Setup (Prestige) The fields in this screen vary depending on the mode and encapsulation. Select a device in the object tree and then select Device Operation >...
Page 92: Figure 43 Device Operation > Device Configuration > Network > Wan > Setup (Prestige)
Chapter 5 Device Network Settings Figure 43 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) The following table describes the fields in this screen. Table 27 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) LABEL Name Mode...
Page 93 Table 27 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) LABEL ATM QoS Type Cell Rate Peak Cell Rate Sustain Cell Rate Maximum Burst Size Login Information Service Name (Appears when you use PPPoE encapsulation) PPPoE + PPPoE_Client_PC (Appears when you use PPPoE encapsulation)
Page 94: Wan Backup (Prestige)
Chapter 5 Device Network Settings Table 27 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) LABEL Max Idle Timeout (Appears when you use PPPoA and PPPoE encapsulation) Zero Configuration Subnet Mask (Appears when you use ENET ENCAP encapsulation) ENET ENCAP Gateway (Appears when you use...
Page 95: Figure 44 Device Operation > Device Configuration > Network > Wan > Backup (Prestige)
Figure 44 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) The following table describes the fields in this screen. Table 28 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) LABEL Backup Type Check WAN IP Address1-3 Fail Tolerance...
Page 96 Chapter 5 Device Network Settings Table 28 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) LABEL Recovery Interval Timeout Traffic Redirect Traffic Active Metric Backup Gateway IP Dial Backup Dial Active Priority Port Speed User Name Password Pri Phone Advanced Backup...
Page 97: Advanced Wan Backup (Prestige)
5.3.8 Advanced WAN Backup (Prestige) Use this screen to edit your device’s advanced WAN backup settings. To open this screen, click WAN > Backup and the Advanced button. Figure 45 Device Operation > Device Configuration > Network > WAN > Backup > Advanced (Prestige) The following table describes the fields in this screen.
Page 98 Chapter 5 Device Network Settings Table 29 Device Operation > Device Configuration > Network > WAN Backup > Advanced (Prestige) (continued) LABEL Primary/ Secondary Phone Number AT Command Initial String Advanced Modem Setup TCP/IP Options Enable SUA Enable RIP RIP Direction RIP Version Enable Multicast Version...
Page 99: Advanced Modem Setup (Prestige)
Table 29 Device Operation > Device Configuration > Network > WAN Backup > Advanced (Prestige) (continued) LABEL Nailed-Up Connection Connect on Demand Max Idle Timeout Budget Allocated Budget Period Back Apply Reset 5.3.9 Advanced Modem Setup (Prestige) Click Edit in the Advanced Modem Setup field. See the section on ZyWALL advanced modem setup on page 87 5.4 Wireless Card...
Page 100: Figure 46 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card
Chapter 5 Device Network Settings Figure 46 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card The following table describes the fields in this screen. Table 30 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card LABEL DESCRIPTION...
Page 101: Advanced Wireless Security Settings
Table 30 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card (continued) LABEL DESCRIPTION Fragmentation This is the threshold (number of bytes) for the fragmentation boundary for directed Threshold messages. It is the maximum data fragment size that can be sent. Select the check box to change the default value and enter a value between 256 and 2432.
Page 102 Chapter 5 Device Network Settings Figure 47 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card (Advanced Wireless Security Settings) Vantage CNM User’s Guide...
Page 103 The following table describes the fields in these settings. Table 31 Wireless Card: Static WEP LABEL DESCRIPTION Security Select Static WEP from the drop-down list. WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized Encryption wireless stations from accessing data transmitted over the wireless network. Select 64-bit WEP or 128-bit WEP to enable data encryption.
Page 104 Chapter 5 Device Network Settings Table 33 Wireless Card: WPA LABEL DESCRIPTION Security Select WPA from the drop-down list. ReAuthentication Specify how often wireless stations have to resend user names and passwords in Timer (Seconds) order to stay connected. Enter a time interval between 10 and 65535 seconds. If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
Page 105 Table 35 Wireless Card: 802.1x + Static WEP LABEL DESCRIPTION Security Select 802.1x + Static WEP from the drop-down list. WEP Encryption WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized wireless stations from accessing data transmitted over the wireless network. Select 64-bit WEP or 128-bit WEP to enable data encryption.
Page 106: Mac Filter
Chapter 5 Device Network Settings Table 36 Wireless Card: 802.1x + No WEP (continued) LABEL DESCRIPTION Idle Timeout The Vantage CNM automatically disconnects a wireless station from the wireless (Seconds) network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again.
Page 107: Figure 48 Device Operation > Device Configuration > Network > Wireless Card > Mac Filter
Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the device via a wireless connection. This would lock you out. Figure 48 Device Operation > Device Configuration > Network > Wireless Card > MAC Filter The following table describes the fields in this screen.
Page 108 Chapter 5 Device Network Settings Vantage CNM User’s Guide...
Page 109: Device Security Settings
H A P T E R Device Security Settings The screens explained device security settings such as firewall, VPN, anti-virus, anti-spam, IDP, signature update, content filter and X-auth. The menus and screens may vary for different ZyXEL products. For example, click Device Operation in the menu bar and then click Device Configuration >...
Page 110: Figure 50 Device Operation > Device Configuration > Security > Firewall > Default Rule
Chapter 6 Device Security Settings Figure 50 Device Operation > Device Configuration > Security > Firewall > Default Rule The following table describes the labels in this screen. Table 40 Device Operation > Device Configuration > Security > Firewall > Default Rule LABEL Default Rule Setup Enable Firewall...
Page 111: Rule Summary
Table 40 Device Operation > Device Configuration > Security > Firewall > Default Rule LABEL From, To Apply Reset 6.1.2 Rule Summary Use the Insert button to add a new rule before an existing rule. Use Move to put an existing rule in a different place.
Page 112: Figure 51 Device Operation > Device Configuration > Security > Firewall > Rule Summary
Chapter 6 Device Security Settings Figure 51 Device Operation > Device Configuration > Security > Firewall > Rule Summary The following table describes the labels in this screen. Table 41 Device Operation > Device Configuration > Security > Firewall > Rule Summary LABEL Direction Summary Packet Direction...
Page 113: Add/Edit
Table 41 Device Operation > Device Configuration > Security > Firewall > Rule Summary LABEL Rule Summary Rule Name Active Source Address Destination Address Service Type Action Alert Insert Move Edit Remove 6.1.3 Add/Edit Each device has a different number of rules and custom ports; see the device User Guide for more details.
Page 114: Figure 52 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Edit
Chapter 6 Device Security Settings Figure 52 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Edit Vantage CNM User’s Guide...
Page 115 The following table describes the labels in this screen. Table 42 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Add/Edit LABEL DESCRIPTION Rule Name Enter a descriptive name of up to 31 printable ASCII characters (except Extended ASCII characters) for the firewall rule.
Page 116: Anti-Probing
Chapter 6 Device Security Settings Table 42 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Add/Edit (continued) LABEL DESCRIPTION Action for Use the drop-down list box to select what the firewall is to do with packets that Matched Packets match this rule.
Page 117: Threshold
The following table describes the labels in this screen. Table 43 Device Operation > Device Configuration > Security > Firewall > Anti-Probing LABEL DESCRIPTION Respond to PING Select the interfaces on which you want the device to reply to incoming Ping requests.
Page 118 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 44 Device Operation > Device Configuration > Security > Firewall > Threshold LABEL Disable DoS Attack Protection on Denial of Service Thresholds One Minute Low One Minute High Maximum Incomplete Low...
Page 119: Service
6.1.6 Service Click Device Operation in the menu bar and then click Device Configuration > Security > Firewall > Service in the navigation panel to open the screen as shown next. Use this screen to configure custom services for use in firewall rules or view the services that are predefined in the device.
Page 120: Figure 56 Device Operation > Device Configuration > Security > Firewall > Service > Add/Edit
Chapter 6 Device Security Settings Figure 56 Device Operation > Device Configuration > Security > Firewall > Service > Add/ Edit The following table describes the labels in this screen. Table 46 Device Operation > Device Configuration > Security > Firewall > Service > Add/ Edit LABEL Service Name...
Page 121: Ipsec High Availability
There are two sets of VPN screens, VPN version 1.0 and VPN version 1.1. The version depends on the device’s type and firmware version. 6.3 IPSec High Availability IPSec high availability (also known as VPN high availability) allows you to use a redundant (backup) VPN connection to another WAN interface on the remote IPSec router if the primary (regular) VPN connection goes down.
Page 122: Vpn Rules (Ike) > Gateway Policy Add/Edit
Chapter 6 Device Security Settings Figure 58 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) The following table describes the labels in this screen. Table 47 Device Operation > Device Configuration > Security > VPN > VPN Rules LABEL Name Local IP Address...
Page 123: Figure 59 Device Operation > Device Configuration > Security > Vpn > Vpn Rules (Ike) > Gateway Policy Add/Edit
Chapter 6 Device Security Settings Figure 59 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit Vantage CNM User’s Guide...
Page 124 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 48 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL Property NAT Traversal Name Gateway Policy Information My ZyWALL Address Type...
Page 125 Table 48 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL Remote Gateway Address Enable IPSec High Availability Redundant Remote Gateway Fail back to Primary Remote Gateway when possible Fail Back Check Interval* Authentication Key Pre-Shared Key...
Page 126 Chapter 6 Device Security Settings Table 48 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL Local ID Type Content Peer ID Type DESCRIPTION Select IP to identify this device by its IP address. Select DNS to identify this device by a domain name.
Page 127 Table 48 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL Content Extended Authentication Enable Extended Authentication Server Mode Client Mode User Name Vantage CNM User’s Guide DESCRIPTION The configuration of the peer content depends on the peer ID type. Do the following when you set Authentication Key to Pre-shared Key.
Page 128: Vpn Rules (Ike) > Network Policy Add/Edit
Chapter 6 Device Security Settings Table 48 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL Password IKE Proposal Negotiation Mode Encryption Algorithm Authentication Algorithm SA Life Time (Seconds) Key Group Enable Multiple Proposals Apply...
Page 129: Figure 60 Device Operation > Device Configuration > Security > Vpn > Vpn Rules (Ike) > Network Policy Add/Edit
Chapter 6 Device Security Settings Figure 60 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit Vantage CNM User’s Guide...
Page 130 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 49 Device Operation > Device Configuration > VPN > IKE IPSec LABEL Active Name Protocol Nailed-Up Allow NetBIOS Traffic Through IPSec Tunnel Check IPSec Tunnel Connectivity Ping this Address Gateway Policy...
Page 131 Table 49 Device Operation > Device Configuration > VPN > IKE IPSec (continued) LABEL DESCRIPTION Mapping Type Select One-to-One to translate a single (static) IP address on your LAN to a single virtual IP address. Select Many-to-One to translate a range of (static) IP addresses on your LAN to a single virtual IP address.
Page 132 Chapter 6 Device Security Settings Table 49 Device Operation > Device Configuration > VPN > IKE IPSec (continued) LABEL Ending IP Address/ Subnet Mask Local Port Remote Network Address Type Starting IP Address Ending IP Address/ Subnet Mask Remote Port IPSec Proposal Encapsulation Mode Active Protocol...
Page 133: Figure 61 Device Operation > Device Configuration > Security > Vpn > Vpn Rules (Ike) > Network Policy Move
Table 49 Device Operation > Device Configuration > VPN > IKE IPSec (continued) LABEL DESCRIPTION SA Life Time Define the length of time before an IPSec SA automatically renegotiates in this (Seconds) field. The minimum value is 180 seconds. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys.
Page 134: Vpn Rules (Manual)
Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Move LABEL Network Policy Information Name Local Network Remote Network Gateway Policy Information...
Page 135: Vpn Rules (Manual) > Add/Edit
The following table describes the labels in this screen. Table 51 Configuration > VPN > Manual-Key IPSec LABEL DESCRIPTION This is the VPN policy index number. Name This field displays the identification name for this VPN policy. Click the hyperlink to edit the VPN policy.
Page 136: Figure 63 Device Operation > Device Configuration > Security > Vpn > Vpn Rules (Manual) > Add/Edit
Chapter 6 Device Security Settings Figure 63 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit The following table describes the labels in this screen. Table 52 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) >...
Page 137 Table 52 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit (continued) LABEL Allow NetBIOS Traffic Through IPSec Tunnel Local / Remote Network Starting Address Ending Address/Subnet Mask Gateway Policy Information My ZyWALL Remote Gateway Address Manual Proposal Encapsulation Mode Active Protocol...
Page 138: Vpn Global Setting
Chapter 6 Device Security Settings Table 52 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit (continued) LABEL Encryption Algorithm Authentication Algorithm Encryption Key Authentication Key Apply Cancel 6.3.7 VPN Global Setting Select a device, click Device Operation > Device Configuration > Security > VPN > Global Setting tab to open the screen shown next.
Page 139: Figure 64 Device Operation > Device Configuration > Security > Vpn > Global Setting
Figure 64 Device Operation > Device Configuration > Security > VPN > Global Setting The following table describes the labels in this screen. Table 53 Device Operation > Device Configuration > Security > VPN > Global Setting LABEL Output Idle Timer Input Idle Timer Gateway Domain Name Update Timer...
Page 140: Anti-Virus
Chapter 6 Device Security Settings Table 53 Device Operation > Device Configuration > Security > VPN > Global Setting LABEL Adjust TCP Maximum Segment Size IPSec MSS Apply Reset 6.4 Anti-Virus This section shows you how to configure the Anti-Virus screens. These screens may vary depending on which model you’re configuring.
Page 141: Figure 65 Device Operation > Device Configuration > Security > Anti-Virus > General
Figure 65 Device Operation > Device Configuration > Security > Anti-Virus > General The following table describes the labels in this screen. Table 54 Device Operation > Device Configuration > Security > Anti-Virus > General LABEL DESCRIPTION General Setup Enable Anti-Virus Select this check box to check traffic for viruses.
Page 142: Anti-Spam
Chapter 6 Device Security Settings Table 54 Device Operation > Device Configuration > Security > Anti-Virus > General LABEL Active From, To Apply Reset 6.5 Anti-Spam This section shows you how to configure the Anti-Spam screens. These screens may vary depending on which model you’re configuring.
Page 143: Figure 66 Device Operation > Device Configuration > Security > Anti-Spam > General
Figure 66 Device Operation > Device Configuration > Security > Anti-Spam > General The following table describes the labels in this screen. Table 55 Device Operation > Device Configuration > Security > Anti-Spam > General LABEL General Setup Enable Anti-Spam Vantage CNM User’s Guide DESCRIPTION Select this check box to check traffic for spam SMTP (TCP port 25 and...
Page 144 Chapter 6 Device Security Settings Table 55 Device Operation > Device Configuration > Security > Anti-Spam > General LABEL From, To Action for Spam Mails X-Header Phishing Tag Spam Tag Forward SMTP & POP3 mail with tag in mail subject DESCRIPTION Select the directions of travel of packets that you want to check.
Page 145: Anti-Spam External Db Screen
Table 55 Device Operation > Device Configuration > Security > Anti-Spam > General LABEL Discard SMTP mail. Forward POP3 mail with tag in mail subject Action taken when mail sessions threshold is reached Apply Reset 6.5.2 Anti-Spam External DB Screen Click Device Operation >...
Page 146 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 56 Device Operation > Device Configuration > Security > Anti-Spam > External DB LABEL External Database Enable External Database Spam Threshold Action for No Spam Score Tag for No Spam Score...
Page 147: Anti-Spam Lists Screen
Table 56 Device Operation > Device Configuration > Security > Anti-Spam > External DB LABEL Apply Reset 6.6 Anti-Spam Lists Screen Click Device Operation > Device Configuration > Security > Anti-Spam > Lists to display the Anti-Spam Lists screen. Configure the whitelist to identify legitimate e-mail. Configure the blacklist to identify spam e-mail.
Page 148: Anti-Spam Lists Edit Screen
Chapter 6 Device Security Settings Table 57 Device Operation > Device Configuration > Security > Anti-Spam > Lists LABEL Content Modify Delete Insert Blacklist Use Blacklist Active Type Content Modify Delete Insert Apply Reset 6.6.1 Anti-Spam Lists Edit Screen To open this screen, click Insert or Edit in the Device Operation > Device Configuration > Security >...
Page 149: Figure 69 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/Edit
Figure 69 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/ Edit The following table describes the labels in this screen. Table 58 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/Edit LABEL DESCRIPTION Rule Edit...
Page 150 Chapter 6 Device Security Settings Table 58 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/Edit LABEL DESCRIPTION E-Mail Address This field displays when you select the E-Mail type. Enter an e-mail address or domain name (up to 63 ASCII characters). You can enter an individual e-mail address like abc@def.com.
Page 151: General Setup
6.7 IDP This section shows you how to configure the IDP screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 6.8 General Setup Use this screen to enable IDP on the device and choose what interface(s) you want to protect from intrusions.
Page 152: Idp Signatures
Chapter 6 Device Security Settings Table 59 Device Operation > Device Configuration > Security > IDP > General (continued) LABEL From, To Apply Reset 6.9 IDP Signatures The rules that define how to identify and respond to intrusions are called “signatures”. Click Device Operation >...
Page 153: Figure 71 Device Operation > Device Configuration > Security > Idp > Signature > Attack Types
Figure 71 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types The following table describes each attack type. Table 60 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types TYPE DESCRIPTION DDoS The goal of Denial of Service (DoS) attacks is not to steal information, but to...
Page 154: Intrusion Severity
Chapter 6 Device Security Settings Table 60 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types (continued) TYPE VirusWorm Porn WebAttacks SPAM 6.9.2 Intrusion Severity Intrusions are assigned a severity level based on the following table. The intrusion severity level then determines the default signature action.
Page 155: Configuring Idp Signatures
The following table describes signature actions. Table 62 Device Operation > Device Configuration > Security > IDP > Signature > Actions ACTION No Action Drop Packet Drop Session Reset Sender Reset Receiver Reset Both 6.9.4 Configuring IDP Signatures Use this screen to see the device’s “group view” signature screen where you can view signatures by attack type.
Page 156 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 63 Device Operation > Device Configuration > Security > IDP > Signature LABEL DESCRIPTION Switch to Click this hyperlink to go to a screen where you can search for signatures based on query view criteria other than attack type.
Page 157: Query View
6.9.5 Query View Use this screen to see the device’s “group view” signature screen, then click the Switch to query view link to go to this ‘query view” screen. Use this screen to search for signatures by criteria such as name, ID, severity, attack type, vulnerable attack platforms, whether or not they are active, log options, alert options or actions.
Page 158 Chapter 6 Device Security Settings Table 64 Device Operation > Device Configuration > Security > IDP > Signature (Query View) (continued) LABEL DESCRIPTION Signature Search Select this to search for signatures that match the criteria that you specify. Then by Attributes select the criteria to search for.
Page 159: Signature Update
Table 64 Device Operation > Device Configuration > Security > IDP > Signature (Query View) (continued) LABEL DESCRIPTION Select this check box to have a log generated when a match is found for a signature. Select the check box in the heading row to automatically select all check boxes or clear it to clear all entries on the current page.
Page 160: Figure 75 Device Operation > Device Configuration > Security > Signature Update
Chapter 6 Device Security Settings File-based anti-virus signatures (see the anti-virus chapter) are included with IDP signatures. When you download new signatures using the anti-virus Update screen, IDP signatures are also downloaded. The version number changes both in the anti-virus Update screen and this screen.
Page 161: Content Filter
Table 65 Device Operation > Device Configuration > Security > Signature Update LABEL DESCRIPTION Last Update This field displays the last date and time you downloaded new signatures to the device. It displays N/A if you have not downloaded any new signatures yet. Current IDP This field displays the number of IDP-related signatures.
Page 162: Figure 76 Device Operation > Device Configuration > Security > Content Filter > General
Chapter 6 Device Security Settings Content filtering allows you to block certain web features, such as Cookies, and/or block access to specific websites. Use this screen to enable content filtering, configure a schedule, and create a denial message. You can also choose specific computers to be included in or excluded from the content filtering configuration.
Page 163 Table 66 Device Operation > Device Configuration > Security > Content Filter > General LABEL Enable Content Filter for VPN traffic External Database Service General Setup Enable External Database Content Filtering Matched Web Pages Unrated Web Pages When Content Filter Server Is Unavailable Content Filter Server Unavailable Timeout...
Page 164 Chapter 6 Device Security Settings Table 66 Device Operation > Device Configuration > Security > Content Filter > General LABEL Enable Report Service External Database Service License Status License Status Message to display when a site is blocked Denied Access Message Redirect URL Apply...
Page 165: Content Filter Policy
6.13 Content Filter Policy This screen lists groups of content filtering settings called policies. Content filtering policies allow you to have different content filtering settings for different users or groups of users. For example, you may want to block most employees from accessing finance or stock websites, but allow the finance department to access these.
Page 166: Content Filter Policy: General
Chapter 6 Device Security Settings Table 67 Device Operation > Device Configuration > Security > Content Filter > Policy LABEL Schedule Move Remove 6.13.1 Content Filter Policy: General To open this screen, click Add or a policy’s general icon in the Device Operation > Device Configuration >...
Page 167 The following table describes the labels in this screen. Table 68 Device Operation > Device Configuration > Security > Content Filter > Policy > Add/ General LABEL Policy Name Active Restrict Web Features Address Setup Address Type Start IP Address End IP Address Subnet Mask Modify...
Page 168: Content Filter Policy: External Database
Chapter 6 Device Security Settings 6.13.2 Content Filter Policy: External Database To open this screen, click a policy’s external database icon in the Device Operation > Device Configuration > Security > Content Filter > Policy screen. Use this screen to edit which content categories the content filter policy blocks.
Page 169 Table 69 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL Adult/Mature Content Pornography Sex Education Intimate Apparel/Swimsuit Nudity Alcohol/Tobacco Illegal/Questionable Vantage CNM User’s Guide Chapter 6 Device Security Settings DESCRIPTION Selecting this category excludes pages that contain material of adult nature that does not necessarily contain excessive violence, sexual content, or nudity.
Page 170 Chapter 6 Device Security Settings Table 69 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL Gambling Violence/Hate/Racism Weapons Abortion Hacking Phishing Arts/Entertainment DESCRIPTION Selecting this category excludes pages where a user can place a bet or participate in a betting pool (including lotteries) online.
Page 171 Table 69 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL Business/Economy Alternative Spirituality/ Occult Illegal Drugs Education Cultural/Charitable Organization Financial Services Brokerage/Trading Online Games Government/Legal Vantage CNM User’s Guide Chapter 6 Device Security Settings DESCRIPTION Selecting this category excludes pages devoted to business firms, business information, economics, marketing, business management...
Page 172 Chapter 6 Device Security Settings Table 69 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL Military Political/Activist Groups Health Computers/Internet Search Engines/Portals Spyware/Malware Sources Spyware Effects/Privacy Concerns Job Search/Careers News/Media Personals/Dating Reference DESCRIPTION Selecting this category excludes pages that promote or provide information on military branches or armed services.
Page 173 Table 69 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL Open Image/Media Search Chat/Instant Messaging Email Blogs/Newsgroups Religion Social Networking Online Storage Remote Access Tools Shopping Auctions Real Estate Society/Lifestyle Vantage CNM User’s Guide Chapter 6 Device Security Settings DESCRIPTION Selecting this category excludes pages with image or video search...
Page 174 Chapter 6 Device Security Settings Table 69 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL Sexuality/Alternative Lifestyles Restaurants/Dining/Food Sports/Recreation/Hobbies Selecting this category excludes pages that promote or provide Travel Vehicles Humor/Jokes Software Downloads Pay to Surf Peer-to-Peer Streaming Media/MP3s...
Page 175: Content Filter Policy: Customization
6.13.3 Content Filter Policy: Customization To open this screen, click a policy’s customization icon in the Device Operation > Device Configuration > Security > Content Filter > Policy screen. Use this screen to select good (allowed) web site addresses for this policy and bad (blocked) web site addresses. You can also block web sites based on whether the web site’s address contains a keyword.
Page 176: Figure 80 Device Operation > Device Configuration > Security > Content Filter > Policy > Customizationl
Chapter 6 Device Security Settings Figure 80 Device Operation > Device Configuration > Security > Content Filter > Policy > Customizationl The following table describes the labels in this screen. Table 70 Device Operation > Device Configuration > Security > Content Filter > Policy > Customization LABEL Policy Name...
Page 177: Content Filter Policy: Schedule
Table 70 Device Operation > Device Configuration > Security > Content Filter > Policy > Customization LABEL Enable Web site customization Disable all Web traffic except for trusted Web sites Don't block Java/ActiveX/ Cookies/Web proxy to trusted Web sites Trusted Object Forbidden Object Block Web sites which contain these keywords.
Page 178: Figure 81 Device Operation > Device Configuration > Security > Content Filter > Policy > Schedulel
Chapter 6 Device Security Settings Figure 81 Device Operation > Device Configuration > Security > Content Filter > Policy > Schedulel The following table describes the labels in this screen. Table 71 Device Operation > Device Configuration > Security > Content Filter > Policy > Schedule LABEL Policy Name...
Page 179: Content Filter Objects
6.14 Content Filter Objects Use this screen to create a list of good (allowed) web site addresses, a list of bad (blocked) web site addresses, or block web sites based on whether the web site’s address contains a keyword.. To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration >...
Page 180: Content Filtering Cache
Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 72 Device Operation > Device Configuration > Security > Content Filter > Object LABEL Trusted Web Sites Add Trusted Web Site Trusted Web Sites Delete Forbidden Web Site List Add Forbidden Web Site Forbidden Web Sites...
Page 181: Local User Database
Use this screen to view and configure your device’s URL caching. You can also configure how long a categorized web site address remains in the cache as well as view those web site addresses to which access has been allowed or blocked based on the responses from the external content filtering server.
Page 182: Radius
Chapter 6 Device Security Settings To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration > X Auth > Local User in the navigation panel. Figure 84 Device Operation > Device Configuration > Security > X Auth > Local User The following table describes the labels in this screen.
Page 183: Figure 85 Device Operation > Device Configuration > Security > X Auth > Radius
Figure 85 Device Operation > Device Configuration > Security > X Auth > RADIUS The following table describes the fields in this screen. Table 75 Device Operation > Device Configuration > Security > X Auth > RADIUS LABEL Activate Authentication Server IP Port Activate Accounting...
Page 184 Chapter 6 Device Security Settings Vantage CNM User’s Guide...
Page 185: Device Advanced Settings
H A P T E R Device Advanced Settings Use these screens to configure Device advanced settings such as NAT, Static Route, DNS and Remote Management. 7.0.1 NAT This section shows you how to configure the NAT screens. These screens may vary depending on which model you’re configuring.
Page 186: Figure 86 Device Operation > Device Configuration > Advanced > Nat > Nat Overview
Chapter 7 Device Advanced Settings Figure 86 Device Operation > Device Configuration > Advanced > NAT > NAT Overview The following table describes the fields in this screen. Table 76 Device Operation > Device Configuration > Advanced > NAT > NAT Overview LABEL DESCRIPTION Global Setting...
Page 187: Port Forwarding
Table 76 Device Operation > Device Configuration > Advanced > NAT > NAT Overview LABEL DESCRIPTION Port Forwarding Click Copy to WAN 2 (or Copy to WAN 1) to duplicate this WAN port's NAT port Rules forwarding rules on the other WAN port. Note: Using the copy button overwrites the other WAN port's existing The copy button is best suited for initial NAT configuration where you have configured NAT port forwarding rules for one port and want to use similar rules for...
Page 188: Figure 87 Device Operation > Device Configuration > Advanced > Nat > Port Forwarding
Chapter 7 Device Advanced Settings Figure 87 Device Operation > Device Configuration > Advanced > NAT > Port Forwarding The following table describes the labels in this screen. Table 77 Device Operation > Device Configuration > Advanced > NAT > Port Fowarding LABEL DESCRIPTION WAN Interface...
Page 189: Address Mapping
7.3 Address Mapping Use this screen to configure various types of network address translation (NAT) on the device. To open this screen, click a device, click Device Operation in the menu bar, and then click Device Configuration > Advanced > NAT > Address Mapping in the navigation panel. Figure 88 Device Operation >...
Page 190: Edit Address Mapping Rule
Chapter 7 Device Advanced Settings Table 78 Device Operation > Device Configuration > Advanced > NAT > Address Mapping LABEL DESCRIPTION Remove Click Remove to delete the address-mapping rule. Apply Click Apply to save your changes back to the device. Cancel Click Cancel to close this screen without applying any changes.
Page 191: Trigger Port
Table 79 Device Operation > Device Configuration > Advanced > NAT > Address Mapping > Edit (continued) LABEL DESCRIPTION Local End IP This is the end Inside Local IP Address (ILA). If your rule is for all local IP addresses, then enter 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address.
Page 192: Edit Trigger Port Rule
Chapter 7 Device Advanced Settings Table 80 Device Operation > Device Configuration > Advanced > NAT > Trigger Port LABEL DESCRIPTION Start Port This field displays a port number or the starting port number in a range of port numbers. End Port This field displays a port number or the ending port number in a range of port numbers.
Page 193: Static Route
Table 81 Device Operation > Device Configuration > Advanced > NAT > Trigger Port > Edit LABEL DESCRIPTION Incoming Start Type a port number or the starting port number in a range of port numbers. Port Incoming End Type a port number or the ending port number in a range of port numbers. Port The trigger port is a port (or a range of ports) that causes (or triggers) the device to record the IP address of the LAN computer that sent the traffic to a server on the...
Page 194: Edit Static Route
Chapter 7 Device Advanced Settings The following table describes the labels in this screen. Table 82 Device Operation > Device Configuration > Advanced > Static Route LABEL DESCRIPTION This is the number of an individual entry. Route Name This is the name that describes or identifies this route. To delete a static route, erase the name and then click apply.
Page 195: Figure 94 Device Operation > Device Configuration > Advanced > Dns > Address Record
Table 83 Device Operation > Device Configuration > Advanced > Static Route > Edit LABEL DESCRIPTION Destination IP This parameter specifies the IP network address of the final destination. Routing is Address always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.
Page 196: Address Record
Chapter 7 Device Advanced Settings The following table describes the labels in this screen. Table 84 Device Operation > Device Configuration > Advanced > DNS > Address Record LABEL FQDN Wildcard IP Address Edit Remove 7.8.1 Add/Edit an Address Record Use this screen to create or edit an address record.
Page 197: Name Server Record
Table 85 Device Operation > Device Configuration > Advanced > DNS > Address Record > Add/Edit (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the device. Cancel Click Cancel to exit this screen without saving. 7.9 Name Server Record Use this screen to specify the IP address of a DNS server that the device can query to resolve domain names for features like VPN, DDNS, and the time server.
Page 198: Add/Edit A Name Server Record
Chapter 7 Device Advanced Settings 7.9.1 Add/Edit a Name Server Record Use this screen to create or edit a name server record. Figure 97 Device Operation > Device Configuration > Advanced > DNS > Name Server Record > Add/Edit The following table describes the labels in this screen. Table 87 Device Operation >...
Page 199: Cache
Table 87 Device Operation > Device Configuration > Advanced > DNS > Name Server Record > Add/Edit (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the device. Cancel Click Cancel to exit this screen without saving. 7.10 Cache Use this screen to configure a device’s DNS caching.
Page 200: Ddns
Chapter 7 Device Advanced Settings 7.11 DDNS Use this screen to configure your Dynamic DNS (DDNS) on the device. To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration > Advanced > DNS > DDNS. Figure 99 Device Operation >...
Page 201 Table 89 Device Operation > Device Configuration > Advanced > DNS > DDNS (continued) LABEL DESCRIPTION Offline This option is available when Custom is selected in the DDNS Type field. Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line.
Page 202: Dhcp
Chapter 7 Device Advanced Settings Figure 100 Device Operation > Device Configuration > Advanced > DNS > DHCP The following table describes the labels in this screen. Table 90 Device Operation > Device Configuration > Advanced > DNS > DHCP LABEL DNS Servers Assigned by DHCP...
Page 203: Remote Mgmt
7.13 Remote MGMT This section shows you how to configure the Remote MGMT screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 7.14 Remote MGMT Use this screen to configure the device’s remote management settings.
Page 204 Chapter 7 Device Advanced Settings The following table describes the labels in this screen. Table 91 Device Operation > Device Configuration > Advanced > Remote Management LABEL DESCRIPTION HTTPS Server Select the Server Certificate that the device will use to identify itself. The device is Certificate the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the device).
Page 205 Table 91 Device Operation > Device Configuration > Advanced > Remote Management LABEL DESCRIPTION Secure Client IP A secure client is a “trusted” computer that is allowed to communicate with the Address device using this service. Select All to allow any computer to access the device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the device using this service.
Page 206 Chapter 7 Device Advanced Settings Table 91 Device Operation > Device Configuration > Advanced > Remote Management LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Set Community Enter the Set community, which is the password for incoming Set requests from the management station.
Page 207 Chapter 7 Device Advanced Settings Vantage CNM User’s Guide...
Page 208 Chapter 7 Device Advanced Settings Vantage CNM User’s Guide...
Page 209: Device Log
H A P T E R This section shows you how to configure the Device Log screen. This screen may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 8.1 Device Log Use the Logging Options screen to configure to where the device is to send logs;...
Page 210 Chapter 8 Device Log Vantage CNM User’s Guide...
Page 211 The following table describes the labels in this screen. Table 92 Device Operation > Device Configuration > Device Log > Log Settings LABEL Address Info Mail Server Mail Subject Mail Sender Send Log To Send Alerts To Syslog Logging Active Syslog Server IP Address Log Facility...
Page 212 Chapter 8 Device Log Table 92 Device Operation > Device Configuration > Device Log > Log Settings (continued) LABEL Send Immediate Alert Log Consolidation Log Consolidation Active Log Consolidation Period Reports Setup Send Raw Traffic Statistics to Syslog Server Apply Reset DESCRIPTION Select the categories of alerts for which you want the device to instantly e-...
Page 213: Device Configuration Management
H A P T E R 9.1 Synchronization Data inconsistencies may occur if device configurations are made directly to the device instead of in Vantage CNM. Use this screen to resolve any data inconsistencies between the selected device and Vantage CNM. To use this screen, select a device, click Device Operation in the menu bar and click Configuration Management >...
Page 214: Configuration File Management
Chapter 9 Device Configuration Management Figure 104 Device Operation > Configuration Management > Synchronization (Customize) The following table describes the fields in this screen. Table 93 Device Operation > Configuration Management > Synchronization LABEL Device Overwrites Vantage CNM Vantage CNM Overwrites Device Synchronize All Customize...
Page 215: Backup & Restore (Device)
Before you restore a configuration file, make sure the new configuration does not prevent you from managing the device remotely, unless that is desired. Make sure you restore a configuration file to an appropriate model. Otherwise, you may damage the device or lock yourself out. You can create your own configuration file alias in Vantage CNM.
Page 216: Backup A Device
Chapter 9 Device Configuration Management Table 94 Device Operation > Configuration Management > Configuration File > Backup & Restore (Device) (continued) TYPE File Name Device Name Device Type FW Version Backup Time Description Admin Backup Restore Remove Total Records 9.2.2 Backup a Device Use this screen to manage configuration files uploaded to Vantage CNM for the selected device.
Page 217 Figure 106 Device Operation > Configuration Management > Configuration File Management > Backup (Device) The following table describes the fields in this screen Table 95 Device Operation > Configuration Management > Configuration File Management > Backup & Restore > Backup (Device) TYPE Backup File Name...
Page 218: Backup & Restore (Folder)
Chapter 9 Device Configuration Management 9.2.3 Backup & Restore (Folder) Use this screen to manage or restore configuration files uploaded to Vantage CNM for multiple devices in the selected folder. You cannot use this screen to manage or restore configuration files uploaded to Vantage CNM for a specific device (in other words, using Figure 106 on page active folder, click Device Operation in the menu bar and click Configuration Management >...
Page 219: Figure 108 Device Operation > Configuration Management >Configuration Management > Configuration File Management > Backup (Folder)
You have to select device(s) with Ready in the Status field before you can backup any configuration files. The backup takes some time depending on your network environment. Figure 108 Device Operation > Configuration Management >Configuration Management > Configuration File Management > Backup (Folder) The following table describes the fields in this screen.
Page 220: Group Restore (Folder)
Chapter 9 Device Configuration Management Table 97 Device Operation > Configuration Management > Configuration File Management > Backup (Folder) (continued) TYPE Backup Now Scheduled Time Device Name Device Type FW Version Status Total Records Backup Cancel 9.2.5 Group Restore (Folder) Use this screen to restore configuration files for one or more devices in the specified folder.
Page 221: Schedule List (Device)
The following table describes the fields in this screen. Table 98 Device Operation > Configuration Management > Configuration File Management > Restore (Folder) TYPE Group Restore Device Name Device Type FW Version Status Restore Cancel 9.3 Schedule List (Device) Use this screen to see or delete the scheduled configuration backups that have not performed yet.
Page 222: Schedule List (Folder)
Chapter 9 Device Configuration Management Table 99 Device Operation > Configuration Management > Configuration File Management > Schedule List (Device) (continued) TYPE Device Name Device Type FW Version Description Admin Remove Total Records 9.4 Schedule List (Folder) Use this screen to see or delete the scheduled configuration backup for a group that has not performed yet.
Page 223: Add/Edit Schedule List (Folder)
Table 100 Device Operation > Configuration Management > Configuration File Management > Schedule List (Folder) (continued) TYPE Edit Remove Total Records 9.4.1 Add/Edit Schedule List (Folder) Use this screen to add or edit an backup schedule for one or more devices in the selected set of configuration files.
Page 224: Signature Profile Management
Chapter 9 Device Configuration Management The following table describes the fields in this screen. Table 101 Device Operation > Configuration Management > Configuration File Management > Schedule List (Folder) TYPE Scheduled Backup Group File Name Description Scheduled Time Scheduled Time Device Name Device Type FW Version...
Page 225: Signature Profile Backup (Device)
Figure 113 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore The following table describes the fields in this screen. Table 102 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore TYPE IDP/Anti-Virus Page Size Profile Name...
Page 226: Signature Profile Restore (Folder)
Chapter 9 Device Configuration Management You cannot use this screen if the device’s Turbo Card is not installed. Figure 114 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore > Backup (Device) The following table describes the fields in this screen Table 103 Device Operation >...
Page 227: Reset To Factory
Figure 115 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore > Restore (Folder) The following table describes the fields in this screen Table 104 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore > Restore (Folder) TYPE Device Name Status...
Page 228: Configuration Building Block
Chapter 9 Device Configuration Management Figure 116 Device Operation > Configuration Management > Signature Profile Management > Reset to Factory The following table describes the fields in this screen Table 105 Device Operation > Configuration Management > Signature Profile Management > Reset to Factory TYPE IDP/Anti-Virus...
Page 229: Add/Edit A Configuration Bb
The following table describes the fields in this screen Table 106 Device Operation > Configuration Management > Building Block > Configuration TYPE Page Size Name Device Type Firmware Version Feature Description Edit Remove Save as Total Records 9.7 Add/Edit a Configuration BB Use this menu item to manage building blocks to the selected device.
Page 230: Figure 119 Device Operation > Configuration Management > Building Block > Configuration Bb > Edit
Chapter 9 Device Configuration Management Figure 119 Device Operation > Configuration Management > Building Block > Configuration BB > Edit Figure 120 Device Operation > Configuration Management > Building Block > Configuration BB > Save as The following table describes the fields in this screen Table 107 Device Operation >...
Page 231 Table 107 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit/Save as (continued) TYPE Feature Description Create Next Cancel Vantage CNM User’s Guide Chapter 9 Device Configuration Management DESCRIPTION Select the menu item the building block is for. If you select System, a screen displays (as Device Operation >...
Page 232: Component Bb
Chapter 9 Device Configuration Management 9.8 Component BB Use this menu item to manage component building blocks to the selected device. A component BB is a part of setting such as a myZyXEL.com account, an IP address, an IKE phase 1 or phase2 setting.
Page 233: Figure 122 Device Operation > Configuration Management > Building Block > Component Bb > Add/Edit Save As
Figure 122 Device Operation > Configuration Management > Building Block > Component BB > Add/Edit/Save as The following table describes the fields in this screen Table 109 Device Operation > Configuration Management > Building Block > Component BB > Add/Edit/Save as TYPE Name Component...
Page 234 Chapter 9 Device Configuration Management Vantage CNM User’s Guide...
Page 235: Firmware Management
H A P T E R Firmware Management 10.1 Firmware List Use this screen to upload device firmware to Vantage CNM. It is recommended administrators subscribe to a ZyXEL mailing list to be regularly informed of new firmware versions. All firmware files are downloaded to one repository within Vantage CNM. All firmware files are available to every administrator, regardless of domain.
Page 236: Add Firmware
Chapter 10 Firmware Management Table 110 Device Operation > Firmware Management > Firmware List (continued) TYPE Remove Total Records 10.1.1 Add Firmware Use this screen to select the firmware you want to upload to Vantage CNM. To open this screen, click Add in the Device Operation > Firmware Management > Firmware List screen.
Page 237: Scheduler List
10.2 Scheduler List Use this screen to look at and maintain the list of scheduled firmware upgrades in Vantage CNM. Once an upgrade is completed, Vantage CNM removes the upgrade record from this screen and adds it to the Log & Report > Operation Report > Firmware Upgrade Report. Section 18.1 on page Operation in the menu bar and then click Firmware Management >...
Page 238: Folder
Chapter 10 Firmware Management Consider the following when you decide to upgrade firmware. • It is advisable to upgrade firmware during periods of low network activity, since each device must restart after firmware upload. • You should also notify device owners before you begin the upload. See the CNM System Setting >...
Page 239: Device > Upgrade
The following table describes the fields in this screen. Table 112 Device Operation > Firmware Management > Firmware Upgrade (Device) TYPE DESCRIPTION This field displays the device number. FW Alias This is a descriptive name for the firmware. This is specified when the firmware is uploaded.
Page 240 Chapter 10 Firmware Management The following table describes the fields in this screen. Table 113 Device Operation > Firmware Management > Firmware Upgrade (Device) > Upgrade TYPE Device Information Device Name Device Type Current FW Version Upgrade Status Total Records Upgrade Time Upgrade Now Schedule Time...
Page 241: License Management
H A P T E R 11.1 Service Activiation Use this menu item to register the selected device and to activate subscription services. This menu item is available if you click a device. 11.1.1 Registration Use this screen to register the selected device on for subscription services, such as IDP and content filtering.
Page 242: Figure 130 Device Operation > License Management > Service Activiation > Registration > Save As A Bb
Chapter 11 License Management Figure 130 Device Operation > License Management > Service Activiation > Registration > Save as a BB Enter the name of the new building block, and click Apply. The name must be 1-32 alphanumeric characters or underscores (_). It cannot include spaces. The name is case- sensitive.
Page 243: Figure 131 Device Operation > License Management > Service Activation > Service
11.1.2 Service Use this screen to look at or update the current status of subscription services, such as IDP and content filtering, in the selected device. The Vantage CNM server must be connected to the Internet and have access to screen, click a device, click Device Operation in the menu bar and then click License Management >...
Page 244: License Status
Chapter 11 License Management 11.2 License Status Use this screen to look at the current status of licenses for subscription services, such as IDP and content filtering. To open this screen, click a device, click Device Operation in the menu bar and then click License Management >...
Page 245: Activate/Upgrade License
11.2.1 Activate/Upgrade License Use this screen to activate a trial version of the service, if available, or to apply a license for the service to the device. To open this screen, click Upgrade in the Device Operation > License Management > License Status screen. Figure 133 Device Operation >...
Page 246: Figure 134 Device Operation > License Management > Signature Status
Chapter 11 License Management Figure 134 Device Operation > License Management > Signature Status The following table describes the labels in this screen. Table 118 Device Operation > License Management > Signature Status LABEL DESCRIPTION Page Size Select this from the list box to set up to how many records you want to see in each page.
Page 247: Vpn Management
VPN Management The examples in this section use one of the most comprehensive examples of each screen, not every variation for each device type and firmware version. If you are unable to find a specific screen or field in this User’s Guide, please see the User’s Guide for the device for more information.
Page 249: Vpn Community
H A P T E R 12.1 VPN Community Use this menu item to manage VPN configuration between or among ZyXEL devices. To open this menu item, select the device, click VPN Management in the menu bar and then click VPN Community in the navigation panel.
Page 250: Add/Edit A Vpn Community
Chapter 12 VPN Community 12.1.1 Add/Edit a VPN Community Use this scree to configure VPN configuration between or among ZyXEL devices. We know almost all VPN parameter values should be the same in peer VPN gateways. This screen helps you to easily configure VPN settings in one screen and applies it to devices in one time. To open this menu item, click Add or Edit in the VPN Management >...
Page 251: Figure 137 Vpn Management > Vpn Community > Add/Edit > Load A Bb
Chapter 12 VPN Community Click the Load a BB icon to use phase 1 or phase 2 setting from an existing building block. The following pop-up screen appears. Figure 137 VPN Management > VPN Community > Add/Edit > Load a BB Select a building block from the list box, and click Apply.
Page 252 Chapter 12 VPN Community The following table describes the fields in this screen. Table 120 VPN Management > VPN Community > Add/Edit FIELD VPN Community Community Name Description Community Type Nail Up Allow NetBIOS Traffic Through IPSec Tunnel Enable inter-routing between spokes Member Gateways Hub Gateway...
Page 253 Table 120 VPN Management > VPN Community > Add/Edit (continued) FIELD Encryption Algorithm Authentication Algorithm SA Life Time (Seconds) Key Group Enable Multiple Proposals Phase 2 Active Protocol Encryption Algorithm Authentication Algorithm SA Life Time (Seconds) Vantage CNM User’s Guide DESCRIPTION Select which key size and encryption algorithm to use in the IKE SA.
Page 254 Chapter 12 VPN Community Table 120 VPN Management > VPN Community > Add/Edit (continued) FIELD Perfect Forward Secret (PFS) Enable Replay Detection Enable Multiple Proposals Apply Cancel DESCRIPTION Select whether or not you want to enable Perfect Forward Secrecy (PFS) and, if you do, which Diffie-Hellman key group to use for encryption.
Page 255: Installation Report
H A P T E R 13.1 Installation Report Use this screen to view the VPN community status between or among the devices. To open this screen, click a device or a folder, and then click VPN Management from the menu bar and then click Installation Report in the navigation panel.
Page 256: Show Detailed Installation Reportl
Chapter 13 Installation Report 13.1.1 Show Detailed Installation Reportl Use this screen to view whether the VPN communities have been applied successfully to all member gateways. To open this screen, click Show Detail in the VPN Management > Installation Report screen. Figure 141 VPN Management >...
Page 257: Vpn Monitor
H A P T E R 14.1 VPN Monitor Use this menu item to centrally and easily monitor all VPN community status among devices. You can check from a communities list (by community) or from a devices list (by device). 14.2 By Community Use this menu item to monitor all VPN community status.
Page 258: By Community > Show Detail
Chapter 14 VPN Monitor Table 123 VPN Management > VPN Monitor > By Community (continued) LABEL Community Name Community Type Up Tunnels Total Tunnels Show Detail Total Records 14.2.1 By Community > Show Detail Use this screen to monitor VPN tunnel status. To open this screen, click Show Detail in the VPN Management >...
Page 259: By Community > Show Detail > Diagnostic
Table 124 VPN Management > VPN Monitor > By Community > Show Detail LABEL Status Down/Up Time Diagnostic Total Records Refresh Back 14.2.2 By Community > Show Detail > Diagnostic Use this screen to perform diagnostic action for a disconnected tunnel. To open this screen, click Diagnostic in the VPN Management >...
Page 260: Figure 145 Vpn Management > Vpn Monitor > By Community > Show Detail > Diagnostic > Logs
Chapter 14 VPN Monitor Figure 145 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic > Logs The following table describes the fields in this screen. Table 125 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic > Logs LABEL Hide Cookie Log...
Page 261: By Device
14.3 By Device 14.3.1 VPN Tunnel Status Use this menu item to monitor all VPN tunnel status for devices. To open this screen, click a device or a folder, and then click VPN Management from the menu bar and click VPN Management >...
Page 262: Sa Monitor
Chapter 14 VPN Monitor Figure 147 VPN Management > VPN Monitor > By Device > VPN Tunnel Status > Search Special Tunnel The following table describes the fields in this screen. Table 127 VPN Management > VPN Monitor > By Device > VPN Tunnel Status > Search Special Tunnel LABEL Device Name...
Page 263: Figure 148 Vpn Management > Vpn Monitor > By Device > Sa Monitor
Figure 148 VPN Management > VPN Monitor > By Device > SA Monitor The following table describes the fields in this screen. Table 128 VPN Management > VPN Monitor > By Device > SA Monitor LABEL Page Size Device Name Device Type Up Tunnels Last Update Time...
Page 264 Chapter 14 VPN Monitor Vantage CNM User’s Guide...
Page 265: Monitor
Monitor Device Status Monitor (267) Device HA Status Monitor (269) Device Alarm (271)
Page 267: Device Status Monitor
H A P T E R Device Status Monitor This chapter describes the device status monitor. 15.1 Device Status This report shows a summary of device status. To open this screen, click Monitor in the menu bar and then click Device Status in the navigation panel. Right click on the screen and click Refresh to get latest device status.
Page 268 Chapter 15 Device Status Monitor Table 129 Monitor > Device Status LABEL DESCRIPTION Firmware This displays the firmware version number of the device. Version Status This displays the current status of the device. Online Time This displays how long the device has registered and connected to the Vantage CNM server since last booted up.
Page 269: Device Ha Status Monitor
H A P T E R Device HA Status Monitor This chapter describes the monitor for device high availability (HA) status on ZLD ZyWALL device(s) such as ZyWALL 1050 or ZyWALL USG series. 16.1 Device HA Status This report shows a summary of device status. To open this screen, select a ZLD device, click Monitor in the menu bar and then click Device HA Status in the navigation panel.
Page 270 Chapter 16 Device HA Status Monitor Table 130 Monitor > Device HA Status LABEL DESCRIPTION Status This field displays the device’s current HA status. If the device is a master deivce, the possible status are: • • If the device is a backup deivce, the possible status are: •...
Page 271: Device Alarm
H A P T E R 17.1 Device Alarm Alarms are time-critical information that the device automatically sends out at the time of occurrence. You may have administrators automatically e-mailed when an alarm occurs in the CNM System Setting > Configuration > Notification screen. See 304.
Page 272: Alarm States
Chapter 17 Device Alarm 17.1.3 Alarm States When an alarm is received by Vantage CNM, it can be in one of three states: Table 133 Alarm States STATE DESCRIPTION Active This is the initial state of an alarm, which means this alarm is new and no one has assumed responsibility for handling it yet.
Page 273: Responded Alarm
The following table describes the fields in this screen. Table 134 Monitor > Device Alarm > Unresolved Alarm STATE DESCRIPTION Device Name/ This field displays the selected device or folder. Folder Name Platform This is available if you select a folder. Select the platform you wish to view. Category Select the type of alarm you wish to view.
Page 274: Figure 152 Monitor > Device Alarm > Responded Alarm
Chapter 17 Device Alarm Figure 152 Monitor > Device Alarm > Responded Alarm The following table describes the fields in this screen. Table 135 Monitor > Device Alarm > Responded Alarm STATE Device Name/ Folder Name Platform Category Severity Time Period Responder Retrieve Page Size...
Page 275 Table 135 Monitor > Device Alarm > Responded Alarm (continued) STATE DESCRIPTION Response Time This field displays the time the alarm occurred. Clear Click this to remove the alarm from the monitor. See Total Records This entry displays the total number of records on the current page of the list. Clear All Click this to remove all of the alarms in the list from the monitor.
Page 276 Chapter 17 Device Alarm Vantage CNM User’s Guide...
Page 277: Log & Report
Log & Report Device Operation Report (279) CNM Logs (291) VRPT (293)
Page 279: Device Operation Report
H A P T E R Device Operation Report Use this menu items to see summary reports for the tasks you submit to the devices through Vantage CNM web configurator. 18.1 Firmware Upgrade Report Firmware Upgrade means that Vantage CNM signals the device to request a firmware FTP upload from Vantage CNM.
Page 280: Firmware Report Details
Chapter 18 Device Operation Report The following table describes the labels in this screen. Table 136 Log & Report > Operation Report > Firmware Upgrade Report LABEL DESCRIPTION Show by Select this to display the firmware upgrade by devices or by groups. Select device or group if you want to see the device firmware upgrade records which were applied based on a device or a folder.
Page 281: Configuration Report
The following table describes the labels in this screen. Table 137 Log & Report > Operation Report > Firmware Upgrade Report (Group) > Show Detail LABEL DESCRIPTION Device Type This is the type for the device. Upgrade To This displays the firmware version the device was upgraded to. Page Size Select this from the list box to set up how many records you want to see in each page.
Page 282: Configuration Report Details
Chapter 18 Device Operation Report Figure 157 Log & Report > Operation Report > Configuration Report (Group) The following table describes the labels in this screen. Table 138 Log & Report > Operation Report > Configuration Report LABEL DESCRIPTION Show by Select this to display the configuration operation list shown by devices or by groups.
Page 283: Figure 158 Log & Report > Operation Report > Configuration Report > Show Details
Figure 158 Log & Report > Operation Report > Configuration Report > Show Details The following table describes the labels in this screen. Table 139 Log & Report > Operation Report > Configuration Report > Show Details LABEL DESCRIPTION Device Name This field displays the device name of this report.
Page 284: Configuration File Backup Report
Chapter 18 Device Operation Report 18.3 Configuration File Backup Report Use this screen to look at configuration file backup records for a device or groups. Refer to Section 9.2.1 on page Operation Report > Configuration File Backup & Restore Report > Backup Report in the navigation panel.
Page 285: Configuration File Backup Report Details
The following table describes the labels in this screen. Table 140 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report LABEL DESCRIPTION Show by Select this to display the configuration operation list shown by devices or by groups.
Page 286: Configuration File Restore Report
Chapter 18 Device Operation Report Figure 161 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report (Group) > Show Detail The following table describes the labels in this screen. Table 141 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report (Group) >...
Page 287: Figure 162 Log & Report > Operation Report > Configuration File Backup & Restore Report > Restore Report (Device)
Figure 162 Log & Report > Operation Report > Configuration File Backup & Restore Report > Restore Report (Device) Figure 163 Log & Report > Operation Report > Configuration File Backup & Restore Report > Restore Report (Group) The following table describes the labels in this screen. Table 142 Log &...
Page 288: Signature Profile Backup Report
Chapter 18 Device Operation Report Table 142 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report (continued) LABEL DESCRIPTION Result This is available if you select showing by group. This is the result that displays how (Successful/ many operation has been successfully performed and the total operation requests.
Page 289: Signature Profile Restore Report
Table 143 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Backup Report (continued) LABEL DESCRIPTION Signature This displays the signature version of the profile the backup was requested. Version Type This displays the signature profile type of the operation. You can click the label to sort by this column.
Page 290 Chapter 18 Device Operation Report Table 144 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Restore Report (continued) LABEL DESCRIPTION This is the number of an individual entry. Action Time This field displays the date and time the operation was requested. You can click the label to sort by this column.
Page 291: Cnm Logs
H A P T E R 19.1 Vantage CNM Logs Use these screens to view and configure Vantage CNM system log preferences. 19.1.1 CNM Logs You can view system logs for previous day, the last two days or up to one week here. To open this screen, click Log &...
Page 292 Chapter 19 CNM Logs The following table describes the labels in this screen. Table 145 LOG & Report > CNM Logs LABEL Incident Severity Time Keyword Retrieve Page Size Time Severity Incident Message Total Records Clear Export DESCRIPTION Select one of the general categories of events whose logs you want to view from the first list box.
Page 293: Vrpt
H A P T E R The Report menu activates Vantage Report. This chapter introduces Vantage Report and its role in Vantage CNM. Then, it explains how to set up and start Vantage Report. Please refer to the Vantage Report 3.1 User’s Guide for more detailed information. 20.1 Vantage Report Overview This section introduces the standalone version of Vantage Report.
Page 294: Vantage Report In Vantage Cnm
Chapter 20 VRPT 20.2 Vantage Report in Vantage CNM Vantage Report in Vantage CNM is a special release for Vantage CNM only. No additional license is required to use it. Vantage Report in Vantage CNM generally supports the capabilities available in the professional version of standalone Vantage Report, including drill- down reports, reverse DNS lookup, web usage by category, anti-virus, anti-spam, and HTML reports by e-mail.
Page 295: Opening Vantage Report In Vantage Cnm
20.4 Opening Vantage Report in Vantage CNM After you set up a Vantage Report in Vantage CNM (see device that is managed by Vantage Report, and click Log & Report > VRPT. Then you can see the device’s relative reports displayed via Vantage Report in the Vantage CNM as shown next.
Page 296 Chapter 20 VRPT Vantage CNM User’s Guide...
Page 297: Cnm System Setting
CNM System Setting CNM System Setting (299) Maintenance (313) Device Owner (315) Vantage CNM Software Upgrade (317) License Upgrade (319) About Vantage CNM (321)
Page 299: Chapter 21 Cnm System Setting
H A P T E R Use these screens to configure Vantage CNM server settings such as servers configuration, system maintenance, create and define device owner, software upgrade, license management, and about. 21.1 Servers Configuration You can configure these servers as you install Vantage CNM (in the installation wizard) or after you install it in this screen.
Page 300: Figure 170 Cnm System Setting > Configuration > Servers > Configuration
Chapter 21 CNM System Setting Figure 170 CNM System Setting > Configuration > Servers > Configuration The following table describes the fields in this screen. Table 146 CNM System Setting > Configuration > Servers > Configuration LABEL Vantage CNM Server Public IP Address Web HTTPS Port Web HTTP Port...
Page 301: Vantage Cnm Server Public Ip Address
Table 146 CNM System Setting > Configuration > Servers > Configuration LABEL Password Apply Reset 21.1.1 Vantage CNM Server Public IP Address If you change the Vantage CNM server public IP address, then each (Vantage CNM- registered) device’s Manager IP address must change too. 1 Go to the CNM System Settings >...
Page 302: User Access
Chapter 21 CNM System Setting Figure 171 CNM System Setting > Configuration > Servers > Status The following table describes the fields in this screen. Table 147 CNM System Setting > Configuration > Servers > Status LABEL Vantage CNM Server public IP FTP server Mail Server...
Page 303: Notifications
User lockout is a protection mechanism to discourage brute-force password guessing attacks on a device’s management interface. You can specify a lockout period that must expire before entering a fourth password after three incorrect passwords have been entered. You can also force all administrators to periodically change their passwords in this screen.
Page 304: Figure 173 Cnm System Setting > Configuration > Notification
Chapter 21 CNM System Setting 21.4.1 Notifications Use this screen to decide who should receive e-mail for device and CNM events that may warrant immediate attention such as a VPN tunnel down or a device reboot or a CNM log purge notification.
Page 305: Log Setting
21.5 Log Setting Use this screen to set how many days the Vantage CNM server keeps the logs, alarms and reports. And to decide a threshold to indicate an alarm when a device’s alarm severity is higher than the selected level. You can also select what type of system logs you wish to log as shown in the following screen.
Page 306: Vrpt Management
Chapter 21 CNM System Setting 21.6 VRPT Management Vantage CNM also includes Vantage Report. See about Vantage Report in Vantage CNM. 21.6.1 General Use this screen to manage the Vantage Report instances in Vantage CNM. To open this screen, click CNM System Setting in the menu bar and then click Configuration > VRPT Management in the navigation panel.
Page 307: Add/Edit Vrpt Management
21.6.2 Add/Edit VRPT Management Use this screen to configure a VRPT server. To open this screen, click Add or Edit in the CNM System Setting > Configuration > VRPT Management screen. Figure 176 CNM System Setting > Configuration > VRPT Management > Add/Edit The following table describes the labels in this screen.
Page 308: Certificate Management Overview
Chapter 21 CNM System Setting 21.7 Certificate Management Overview Some devices can provide certificates (also called digital IDs) for users to authenticate the device. Certificates are based on public-private key pairs. A certificate contains the certificate owner's identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Page 309: Current Certificate Information
21.7.2 Current Certificate Information You can view your current certificate information in this screen, including certificate name, type, origin and duration of validity. Figure 177 CNM System Setting > Configuration > Certificate Management The following table describes the labels in this screen. Table 152 CNM System Setting >...
Page 310: Create Csr
Chapter 21 CNM System Setting Table 152 CNM System Setting > Configuration > Certificate Management (continued) LABEL Create CSR Import Certificate 21.7.3 Create CSR You can create certificates by entering the requested information into the fields below. Then click Apply. Figure 178 CNM System Setting >...
Page 311: Import Certificate
Table 153 Cnm system Setting > Configuration > Certificate Management > Create CSR LABEL Validity KeyStore Type Apply Cancel 21.7.4 Import Certificate In this screen, you can Browse for a certificate that has already been downloaded to your computer. Select Apply to complete the certificate import. Figure 179 CNM System Setting >...
Page 312 Chapter 21 CNM System Setting Vantage CNM User’s Guide...
Page 313: Maintenance
H A P T E R Use the Maintenance screens to manage, back up and restore Vantage CNM system backup files. Data maintenance includes device firmware and configuration files you have uploaded to the Vantage CNM server. You can back up or restore to your computer or Vantage CNM. You can choose what domain to back up by selecting a folder in the object tree.
Page 314: Backup
Chapter 22 Maintenance Table 155 CNM System Setting > Maintenance > System (continued) LABEL Restore Remove Upload 22.1.1 Backup Use this screen to save your current Vantage CNM system to the Vantage CNM server or your computer. You can enter extra information on the file in the Description text box. Backup configuration allows you to back up (save) the current configuration to a file on the Vantage CNM server.
Page 315: Device Owner
H A P T E R This screen list the address book which is a list of personal details of people of device owners. You can add, edit or remove a device owner in this screen. To associate a device owner with a device, select the person’s name in the Device Owner field when you add or edit a device (via right clicking your mouse) in the device window.
Page 316: Figure 183 Cnm System Setting > Device Owner > Add/Edit
Chapter 23 Device Owner Figure 183 CNM System setting > Device Owner > Add/Edit The following table describes the labels in this screen. Table 158 CNM System setting > Device Owner > Add/Edit LABEL Name Description Address Line1 Address Line2 City State Zip/Postal Code...
Page 317: Vantage Cnm Software Upgrade
H A P T E R Vantage CNM Software Upgrade Use this screen to view the current Vantage CNM software version or perform a software upgrade. To open this screen, click CNM System Setting in the menu bar and then click Upgrade in the navigation panel.
Page 318 Chapter 24 Vantage CNM Software Upgrade Vantage CNM User’s Guide...
Page 319: License Upgrade
H A P T E R Use this screen to renew a standard license key to continuely use Vantage CNM after the trial period or the old license key expires. Click CNM System Setting in the menu bar and then click License in the navigation panel to display the next screen.
Page 320: Figure 186 Cnm System Setting > License > Upgrade
Chapter 25 License Upgrade 25.0.1 License Upgrade License key is a licence to manage a specific number of ZyXEL devices. It can be found in the iCard. Type a license key to the License Key field and click Apply to increase the maximum device number the Vantage CNM is allowed to manage.
Page 321: About Vantage Cnm
H A P T E R Use this screen to see Vantage CNM’s software version, release date and the copyright. To open this screen, click CNM System Setting in the menu bar and then click About in the navigation panel. Figure 187 CNM System Setting >...
Page 322 Chapter 26 About Vantage CNM Vantage CNM User’s Guide...
Page 323: Account Management
Account Management Group (325) Account (329)
Page 325: Group
H A P T E R Use these screens to manage Vantage CNM user groups. A group is associated with the privilege you defined and it is for one management domain. After you create a group, you can associate the user(s) with this group before the user(s) can perform any functions in Vantage CNM.
Page 326: Add User Group
Chapter 27 Group The following table describes the fields in this screen. Table 160 Account Management > Group LABEL DESCRIPTION This is the number of an individual entry. Group Name This field displays the group name. Creator This field displays the user name who created the group. Description This is the description for the group.
Page 327 The following table describes the fields in this screen. Table 161 Account Management > Group > Add LABEL Basic Information Group Name Description Device Access Privileges Device Management (Add/ Delete/Edit Devices/Folders) Privileges Device Operation & VPN Management Monitor Log & Report CNM System Setting Account Management Receive Email Alerts...
Page 328 Chapter 27 Group Vantage CNM User’s Guide...
Page 329: Account
H A P T E R An account is a user with permissions inherited from the associated group. “Root” is the predefined administrator belonging to the Super group. Only “root” or any accounts belonging to Super group can do everything including managing the Vantage CNM system. Custom administrators have no predefined permissions.
Page 330: Add/Edit An Administrator Account
Chapter 28 Account Figure 190 Account Management > Account The following table describes the fields in this screen. Table 162 Account Management > Account LABEL DESCRIPTION This is the number of an individual entry. Username This is the administrator name for identification purposes. Group Name This is the group name the user belongs to.
Page 331: Figure 191 Account Management > Account > Add/Edit
Figure 191 Account Management > Account > Add/Edit The following table describes the fields in this screen. Table 163 Account Management > Account > Add/Edit LABEL DESCRIPTION Username Type the administrator login name associated with the password that you log into Vantage CNM with.
Page 332 Chapter 28 Account Vantage CNM User’s Guide...
Page 333: Troubleshooting
VIII Troubleshooting Troubleshooting (335)
Page 335: Chapter 29 Troubleshooting
H A P T E R This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Vantage CNM Access and Login • Vantage Report 29.1 Vantage CNM Access and Login See the Quick Start Guide for additional suggestions.
Page 336: Device Management
Chapter 29 Troubleshooting 29.2 Device Management One device always keeps in On_Pending status in the device window. How can I do? A device in the On_Pending status means there are some pending tasks the Vantage CNM should set but has not been set on the device. If the device keeps in the status for a long time (for example, over 30 minutes), this may cause the inconsistency between the Vantage CNM and the device.
Page 337: Vantage Report
29.4 Vantage Report There is no information in any report for my device. 1 If you just added the device, wait. See takes for information to appear in each report. 2 Click System > VRPT Management > General > Receiver Monitor. This screen keeps track of all the log entries received by the Vantage Report server.
Page 338 Chapter 29 Troubleshooting Vantage CNM User’s Guide...
Page 339: Appendices And Index
Appendices and Index Product Specifications (341) Setting up Your Computer’s IP Address (345) Pop-up Windows, Java Scripts and Java Permissions (361) IP Addresses and Subnetting (367) IP Address Assignment Conflicts (375) Common Services (379) Importing Certificates (383) Open Software Announcements (393) Legal Information (417) Customer Support (419) Index (425)
Page 341: Product Specifications
P P E N D I X Product Specifications This appendix summarizes Vantage CNM’s and Vantage Report’s specifications. Vantage CNM Specifications This section summarizes Vantage CNM’s specifications. Table 164 Firmware Specifications FEATURE Default User Name Default Password Object Tree View Device Registration Building Blocks (BB) Domain Administration...
Page 342: Appendix A Product Specifications
Appendix A Product Specifications Table 164 Firmware Specifications (continued) FEATURE Data Maintenance System Management Table 165 Feature Specifications FEATURE Number of Vantage CNM Log Entries Table 166 ZyXEL Device and the Corresponding Firmware Version Vantage CNM Supports ZYXEL DEVICE ZyNOS ZyWALL: ZyNOS (ZyXEL Networking Operation System) is a ZyXEL proprietary system. ZyWALL 2 ZyWALL 5 / 35 / 70 / 2 Plus ZyWALL 2WG...
Page 343 Table 167 Trusted CAs (Keystore type: jks, Keystore provider: SUN) (continued) thawtepersonalbasicca verisignclass1ca verisignclass1g2ca entrustsslca thawtepersonalfreemailca verisignclass3ca gtecybertrustca verisignclass2g3ca thawteserverca thawtepersonalpremiumca equifaxsecureca verisignclass3g2ca thawtepremiumserverca entrust2048ca entrustclientca verisignserverca baltimorecybertrustca valicertclass2ca geotrustglobalca gtecybertrust5ca starfieldclass2ca baltimorecodesigningca Vantage CNM User’s Guide Appendix A Product Specifications DATE MD5 FINGERPRINT Feb 13, 1999...
Page 344 Appendix A Product Specifications Table 167 Trusted CAs (Keystore type: jks, Keystore provider: SUN) (continued) equifaxsecureglobalebusinessca1 equifaxsecureebusinessca2 verisignclass2ca Vantage Report Specifications This section summarizes Vantage Report’s specifications. See specifications about the time it takes the Vantage Report server to process information from devices.
Page 345 P P E N D I X Setting up Your Computer’s IP All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 346: Appendix B Setting Up Your Computer's Ip Address
Appendix B Setting up Your Computer’s IP Address Figure 192 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 347: Figure 193 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
Page 348: Figure 194 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
Appendix B Setting up Your Computer’s IP Address Figure 194 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 349: Figure 195 Windows Xp: Start Menu
Figure 195 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 196 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Vantage CNM User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 350: Figure 197 Windows Xp: Control Panel: Network Connections: Properties
Appendix B Setting up Your Computer’s IP Address Figure 197 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 198 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 351: Figure 199 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Figure 199 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 352: Figure 200 Windows Xp: Advanced Tcp/Ip Properties
Appendix B Setting up Your Computer’s IP Address Figure 200 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 353: Figure 201 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Figure 201 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 354: Figure 202 Macintosh Os 8/9: Apple Menu
Appendix B Setting up Your Computer’s IP Address Figure 202 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 203 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: •...
Page 355: Figure 204 Macintosh Os X: Apple Menu
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your device and restart your computer (if prompted).
Page 356: Figure 205 Macintosh Os X: Network
Appendix B Setting up Your Computer’s IP Address Figure 205 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 357: Figure 206 Red Hat 9.0: Kde: Network Configuration: Devices
Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 358: Figure 208 Red Hat 9.0: Kde: Network Configuration: Dns
Appendix B Setting up Your Computer’s IP Address • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Page 359: Figure 210 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0
Figure 210 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter = followed by the IP address (in dotted decimal notation) and type IPADDR followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Page 360: Figure 214 Red Hat 9.0: Checking Tcp/Ip Properties
Appendix B Setting up Your Computer’s IP Address Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 214 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet inet addr:10.1.19.129 UP BROADCAST RUNNING MULTICAST RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100...
Page 361: Figure 215 Pop-Up Blocker
P P E N D I X Pop-up Windows, Java Scripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • Java Scripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 362: Appendix C Pop-Up Windows, Java Scripts And Java Permissions
Appendix C Pop-up Windows, Java Scripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 216 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 363: Figure 217 Internet Options: Privacy
Figure 217 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 218 Pop-up Blocker Settings Vantage CNM User’s Guide Appendix C Pop-up Windows, Java Scripts and Java Permissions...
Page 364: Figure 219 Internet Options: Security
Appendix C Pop-up Windows, Java Scripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. Java Scripts If pages of the web configurator do not display properly in Internet Explorer, check that Java Scripts are allowed.
Page 365: Figure 220 Security Settings - Java Scripting
Figure 220 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 366: Figure 222 Java (Sun)
Appendix C Pop-up Windows, Java Scripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 222 Java (Sun) Vantage CNM User’s Guide...
Page 367: Introduction To Ip Addresses
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 368: Appendix D Ip Addresses And Subnetting
Appendix D IP Addresses and Subnetting Figure 223 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 369 Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 173 Subnet Masks BINARY OCTET 8-bit mask 11111111 16-bit mask 11111111 24-bit mask 11111111...
Page 370: Figure 224 Subnetting Example: Before Subnetting
Appendix D IP Addresses and Subnetting Table 175 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 371: Figure 225 Subnetting Example: After Subnetting
Figure 225 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 372 Appendix D IP Addresses and Subnetting Table 177 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 Table 178 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address:...
Page 373 Table 180 Eight Subnets (continued) SUBNET SUBNET ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 181 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS The following table is a summary for subnet planning on a network with a 16-bit network number.
Page 374 Appendix D IP Addresses and Subnetting Table 182 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 375: Figure 226 Ip Address Conflicts: Case A
P P E N D I X IP Address Assignment This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The device is using the same LAN and WAN IP addresses The following figure shows an example where the device is using a WAN IP address that is the same as the IP address of a computer on the LAN.
Page 376: Appendix E Ip Address Assignment Conflicts
Appendix E IP Address Assignment Conflicts Figure 227 IP Address Conflicts: Case B To solve this problem, make sure the device LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP address is the same as the IP address of a network device not attached to the device.
Page 377: Figure 229 Ip Address Conflicts: Case D
Appendix E IP Address Assignment Conflicts Figure 229 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. Vantage CNM User’s Guide...
Page 378 Appendix E IP Address Assignment Conflicts Vantage CNM User’s Guide...
Page 379: Common Services
P P E N D I X The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
Page 380: Appendix F Common Services
Appendix F Common Services Table 183 Commonly Used Services (continued) NAME H.323 HTTP HTTPS ICMP IGMP (MULTICAST) User-Defined MSN Messenger NEW-ICQ NEWS NNTP PING POP3 PPTP PPTP_TUNNEL (GRE) RCMD REAL_AUDIO REXEC RLOGIN RTELNET PROTOCOL PORT(S) DESCRIPTION File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.
Page 381 Table 183 Commonly Used Services (continued) NAME PROTOCOL RTSP TCP/UDP SFTP SMTP SNMP TCP/UDP SNMP-TRAPS TCP/UDP SQL-NET TCP/UDP STRM WORKS SYSLOG TACACS TELNET TFTP VDOLIVE Vantage CNM User’s Guide Appendix F Common Services PORT(S) DESCRIPTION The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet.
Page 382 Appendix F Common Services Vantage CNM User’s Guide...
Page 383: Figure 230 Security Certificate
P P E N D I X Importing Certificates This appendix shows importing certificates examples using Internet Explorer 5. Import Vantage CNM Certificates into Netscape Navigator In Netscape Navigator, you can permanently trust the Vantage CNM’s server certificate by importing it into your operating system as a trusted certification authority. Select Accept This Certificate Permanently in the following screen to do this.
Page 384: Appendix G Importing Certificates
Appendix G Importing Certificates Figure 231 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 232 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard. Vantage CNM User’s Guide...
Page 385: Figure 233 Certificate Import Wizard 1
Figure 233 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next. Figure 234 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard. Vantage CNM User’s Guide Appendix G Importing Certificates...
Page 386: Figure 235 Certificate Import Wizard 3
Appendix G Importing Certificates Figure 235 Certificate Import Wizard 3 6 Click Yes to add the Vantage CNM certificate to the root store. Figure 236 Root Certificate Store Vantage CNM User’s Guide...
Page 387: Figure 237 Certificate General Information After Import
Figure 237 Certificate General Information after Import Enrolling and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the device. You must have imported at least one trusted CA to the device in order for the Authenticate Client Certificates to be active (see the Certificates chapter for details).
Page 388: Figure 238 Device's Trusted Ca Screen
Appendix G Importing Certificates Figure 238 Device’s Trusted CA Screen The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). Installing the CA’s Certificate 1 Double click the CA’s trusted certificate to produce a screen similar to the one shown next.
Page 389: Figure 239 Ca Certificate Example
Figure 239 CA Certificate Example 2 Click Install Certificate and follow the wizard as shown earlier in this appendix. Installing Your Personal Certificate(s) You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment.
Page 390: Figure 241 Personal Certificate Import Wizard 2
Appendix G Importing Certificates 2 The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. Figure 241 Personal Certificate Import Wizard 2 3 Enter the password given to you by the CA.
Page 391: Figure 243 Personal Certificate Import Wizard 4
Figure 243 Personal Certificate Import Wizard 4 5 Click Finish to complete the wizard and begin the import process. Figure 244 Personal Certificate Import Wizard 5 6 You should see the following screen when the certificate is correctly installed on your computer.
Page 392: Figure 246 Access The Device Via Https
Appendix G Importing Certificates Using a Certificate When Accessing the Device Example Use the following procedure to access the device via HTTPS. 1 Enter ‘https://device IP Address/ in your browser’s web address field. Figure 246 Access the Device Via HTTPS 2 When Authenticate Client Certificates is selected on the device, the following screen asks you to select a personal certificate to send to the device.
Page 393 No part may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, except the express written permission of ZyXEL Communications Corporation. This Product includes Castor under below license Copyright (C) 1999-2001 Intalio, Inc.
Page 394: Appendix H Open Software Announcements
Appendix H Open Software Announcements This Product includes ant-contrib 1.0b3 version, axis 1.2.1 version, a[ache-commoms quartz 1.5.2 version, log4j 102014 version, j2sh, xerces 2.8.1 version, apache-any 1.6.5 version, and apache-tomcat 5.0 version under Apache Software License Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1.
Page 395 Appendix H Open Software Announcements 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty- free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
Page 396 Appendix H Open Software Announcements 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
Page 397 Appendix H Open Software Announcements Products derived from this software may not be called "Apache", nor may "Apache" appear in their name, without prior written permission of the Apache Software Foundation. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Page 398 Appendix H Open Software Announcements To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you.
Page 399 Appendix H Open Software Announcements The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.
Page 400 Appendix H Open Software Announcements function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works.
Page 401 Appendix H Open Software Announcements 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.
Page 402 Appendix H Open Software Announcements 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License.
Page 403 Appendix H Open Software Announcements 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this.
Page 404 Appendix H Open Software Announcements When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs;...
Page 405 Appendix H Open Software Announcements b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
Page 406 Appendix H Open Software Announcements 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
Page 407 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this.
Page 408 Appendix H Open Software Announcements This software is provided "AS IS," without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC.
Page 409 Appendix H Open Software Announcements DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN MICROSYSTEMS, INC. OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN MICROSYSTEMS, INC.
Page 410 Appendix H Open Software Announcements software intended to supersede any component(s) of the Redistributables (unless otherwise specified in the applicable README file), (iii) you do not remove or alter any proprietary legends or notices contained in or on the Redistributables, (iv) you only distribute the Redistributables pursuant to a license agreement that protects Sun's interests consistent with the terms contained in the Agreement.
Page 411 8. Trademarks and Logos. You acknowledge and agree as between you and Sun that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET trademarks and all SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET-related trademarks, service marks, logos and other brand designations ("Sun Marks"), and you agree to comply with the Sun Trademark and Logo Usage Requirements currently located at http://www.sun.com/policies/trademarks.
Page 412 NOTE: Some components of the Vantage CNM 2.3 incorporate source code covered under the Apache License, GPL License, LGPL License, Sun License, and Castor License. To obtain the source code covered under those Licenses, please contact ZyXEL Communications Corporation at ZyXEL Technical Support.
Page 413 Appendix H Open Software Announcements The Software and Documentation contain material that is protected by United States Copyright Law and trade secret law, and by international treaty provisions. All rights not granted to you herein are expressly reserved by ZyXEL. You may not remove any proprietary notice of ZyXEL or any of its licensors from any copy of the Software or Documentation.
Page 414 Appendix H Open Software Announcements BUSINESS INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THE PROGRAM, OR FOR ANY CLAIM BY ANY OTHER PARTY, EVEN IF ZyXEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ZyXEL'S AGGREGATE LIABILITY WITH RESPECT TO ITS OBLIGATIONS UNDER THIS AGREEMENT OR OTHERWISE WITH RESPECT TO THE SOFTWARE AND DOCUMENTATION OR OTHERWISE SHALL BE EQUAL TO THE PURCHASE PRICE, BUT SHALL IN NO...
Page 415 Appendix H Open Software Announcements only be effective if it is in writing and signed by both parties hereto. If any part of this License Agreement is found invalid or unenforceable by a court of competent jurisdiction, the remainder of this License Agreement shall be interpreted so as to reasonably effect the intention of the parties.
Page 416 Appendix H Open Software Announcements Vantage CNM User’s Guide...
Page 418: Appendix I Legal Information
Appendix I Legal Information Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.
Page 419: Customer Support
• Sales E-mail: sales@zyxel.com.tw • Telephone: +886-3-578-3942 • Fax: +886-3-578-2439 • Web: www.zyxel.com, www.europe.zyxel.com • FTP: ftp.zyxel.com, ftp.europe.zyxel.com • Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan Costa Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.co.cr •...
Page 420: Appendix J Customer Support
Appendix J Customer Support • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • Telephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • Web: www.zyxel.dk • Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland •...
Page 421 India • Support E-mail: support@zyxel.in • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan •...
Page 422 Appendix J Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no • Telephone: +47-22-80-61-80 • Fax: +47-22-80-61-81 • Web: www.zyxel.no • Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland •...
Page 423 • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) Vantage CNM User’s Guide Appendix J Customer Support...
Page 424 Appendix J Customer Support Vantage CNM User’s Guide...
Page 425: Index
administrators idle timeout maximum number logged in root storing in address book super types of alarms classifications clearing notifying device owners 303, 304 states types of alternative subnet mask notation backing up (CNM configuration) building blocks applying 53, 228, 229, 232, 249, 250 saving current configuration as 249, 250 certificate...
Page 426 Index Hub & Spoke 251, 252 IANA icons devices folders views idle timeout 36, 302 IE 7.0 security risk messages inconsistencies between CNM and device Internet Assigned Numbers Authority See IANA IP address 299, 301 License Upgrade license status upgrade log messages managing Vantage CNM good habits...
Page 427 status system status monitor 288, 289 title bar 35, 36, 37 topology create a group folder delete a groupl remove a group folder trademarks unassociate a device User Lockout Vantage Report in Vantage CNM opening in Vantage CNM setting up setting up devices for setting up instances of typical application...
Page 428 Index Vantage CNM User’s Guide...
Page 429 Index Vantage CNM User’s Guide...
Page 430 Index Vantage CNM User’s Guide...

This manual is also suitable for:

Vantage cnm

ZyXEL Communications Centralized Network Management Vantage CNM User Manual

About this User's Guide

Document Conventions

Chapter 1 Introducing Vantage CNM

Introduction

Part I: Introduction

Chapter 2 GUI Introduction

Chapter 3 Load or Save Building Blocks (BB)

Device Operation

Chapter 4 Device General Settings

Chapter 5 Device Network Settings

Chapter 6 Device Security Settings

Chapter 7 Device Advanced Settings

Chapter 8

Device Log

Chapter 9 Device Configuration Management

Chapter 10 Firmware Management

Chapter 11 License Management

VPN Management

Chapter 12 VPN Community

Chapter 13 Installation Report

Chapter 14 VPN Monitor

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Centralized Network Management Vantage CNM

Summary of Contents for ZyXEL Communications Centralized Network Management Vantage CNM