1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. ZyWALL 10
  6. Reference manual

ZyXEL Communications ZyWall 10 Reference Manual

Internet security gateway
Hide thumbs Also See for ZyWall 10:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
ZyWALL 10/10W/50/100
Internet Security Gateway
Reference Guide
Versions 3.52 and 3.60
January 2003

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications ZyWall 10

Summary of Contents for ZyXEL Communications ZyWall 10

  • Page 1 ZyWALL 10/10W/50/100 Internet Security Gateway Reference Guide Versions 3.52 and 3.60 January 2003...

  • Page 2: Copyright

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
  • Page 3 ZyWALL 10~100 Series Internet Security Gateway Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operations.

  • Page 4: Information For Canadian Users

    ZyWALL 10~100 Series Internet Security Gateway Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction.

  • Page 5: Zyxel Limited Warranty

    ZyWALL 10~100 Series Internet Security Gateway ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon...

  • Page 6: Customer Support

    ZyWALL 10~100 Series Internet Security Gateway Customer Support When you contact your customer support representative please have the following information ready: Please have the following information ready when you contact customer support. • Product model and serial number. • Information in Menu 24.2.1 – System Information.

  • Page 7: Table Of Contents

    ZyWALL 10~100 Series Internet Security Gateway Table of Contents Copyright..............................ii Federal Communications Commission (FCC) Interference Statement..........iii Information for Canadian Users .......................iv ZyXEL Limited Warranty ..........................v Customer Support ............................vi List of Diagrams............................ix List of Charts ...............................x Preface ................................xii General Information ............................I Chapter 1 Setting up Your Computer’s IP Address ................
  • Page 8 ZyWALL 10~100 Series Internet Security Gateway Index ................................A viii Table of Contents...

  • Page 9: List Of Diagrams

    ZyWALL 10~100 Series Internet Security Gateway List of Diagrams Diagram B-1 Ideal Setup..........................2-1 Diagram B-2 “Triangle Route” Problem......................2-2 Diagram B-3 IP Alias ............................. 2-2 Diagram B-4 Gateways on the WAN Side ..................... 2-3 Diagram C-1 Big Picture— Filtering, Firewall, VPN and NAT ..............3-1 Diagram D-1 Peer-to-Peer Communication in an Ad-hoc Network...............

  • Page 10: List Of Charts

    ZyWALL 10~100 Series Internet Security Gateway List of Charts Chart H-1 Classes of IP Addresses .........................8-1 Chart H-2 Allowed IP Address Range By Class .....................8-2 Chart H-3 “Natural” Masks ..........................8-2 Chart H-4 Alternative Subnet Mask Notation....................8-3 Chart H-5 Subnet 1 ............................8-4 Chart H-6 Subnet 2 ............................8-4...
  • Page 11 ZyWALL 10~100 Series Internet Security Gateway Chart Q-11 Sample IPSec Logs During Packet Transmission ..............13-15 Chart Q-12 RFC-2408 ISAKMP Payload Types..................13-16 Chart Q-13 Log Categories and Available Settings..................13-17 Chart R-1 Brute-Force Password Guessing Protection Commands ............. 14-1...

  • Page 12: Preface

    This manual may refer to the ZyWALL 10/10W/50/100 Internet Security Gateway as the ZyWALL. This manual covers the ZyWALL 10, 10W, 50 and 100 models. Supported features and the details of the features, vary from model to model. Not every feature applies to every model; refer to the Model Comparison Chart in chapter 1 of the Web Configurator User’s Guide to see what features are specific to your ZyWALL...

  • Page 13: Syntax Conventions

    ZyWALL 10~100 Series Internet Security Gateway Syntax Conventions • “Enter” means for you to type one or more characters and press the carriage return. “Select” or “Choose” means for you to use one of the predefined choices. • The SMT menu titles and labels are in Bold Times New Roman font.

  • Page 15: General Information

    General Information Part I: General Information This part provides background information about setting up your computer’s IP address, triangle route, how functions are related, wireless LAN, 802.1x, PPPoE, PPTP and IP subnetting.

  • Page 17: Chapter 1 Setting Up Your Computer's Ip Address

    ZyWALL 10~100 Series Internet Security Gateway Chapter 1 Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
  • Page 18 ZyWALL 10~100 Series Internet Security Gateway The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add.
  • Page 19 ZyWALL 10~100 Series Internet Security Gateway Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
  • Page 20 ZyWALL 10~100 Series Internet Security Gateway Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add.
  • Page 21 ZyWALL 10~100 Series Internet Security Gateway For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. For Windows XP, click Network Right-click Local Area Connection and Connections. For Windows 2000/NT, click then click Properties. Network and Dial-up Connections.
  • Page 22 ZyWALL 10~100 Series Internet Security Gateway Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically.
  • Page 23 ZyWALL 10~100 Series Internet Security Gateway -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
  • Page 24 ZyWALL 10~100 Series Internet Security Gateway In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es),...
  • Page 25 ZyWALL 10~100 Series Internet Security Gateway Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. For dynamically assigned settings, select Using DHCP Server from the Configure: list.

  • Page 26: Macintosh Os X

    ZyWALL 10~100 Series Internet Security Gateway For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your ZyWALL in the Router address box.
  • Page 27 ZyWALL 10~100 Series Internet Security Gateway Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list.

  • Page 29: Chapter 2 Triangle Route

    ZyWALL 10~100 Series Internet Security Gateway Chapter 2 Triangle Route The Ideal Setup When the firewall is on, your ZyWALL acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyWALL to protect your LAN against attacks.
  • Page 30 ZyWALL 10~100 Series Internet Security Gateway Diagram 2-2 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your ZyWALL supports up to three logical LAN interfaces with the ZyWALL being the gateway for each logical network.
  • Page 31 ZyWALL 10~100 Series Internet Security Gateway Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your ZyWALL to your LAN.

  • Page 33: Chapter 3 The Big Picture

    ZyWALL 10~100 Series Internet Security Gateway Chapter 3 The Big Picture The following figure gives an overview of how filtering, the firewall, VPN and NAT are related. Diagram 3-1 Big Picture— Filtering, Firewall, VPN and NAT The Big Picture...

  • Page 35: Benefits Of A Wireless Lan

    ZyWALL 10~100 Series Internet Security Gateway Chapter 4 Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area.
  • Page 36 ZyWALL 10~100 Series Internet Security Gateway The IEEE 802.11 specifies three different transmission methods for the PHY, the layer responsible for transferring data between nodes. Two of the methods use spread spectrum RF signals, Direct Sequence Spread Spectrum (DSSS) and Frequency-Hopping Spread Spectrum (FHSS), in the 2.4 to 2.4825 GHz unlicensed ISM (Industrial, Scientific and Medical) band.

  • Page 37: Infrastructure Wireless Lan Configuration

    ZyWALL 10~100 Series Internet Security Gateway Diagram 4-1 Peer-to-Peer Communication in an Ad-hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs, multiple Access Points (APs) link the WLAN to the wired network and allow users to efficiently share network resources. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
  • Page 38 ZyWALL 10~100 Series Internet Security Gateway could be any type of network, it is almost invariably an Ethernet LAN. Mobile nodes can roam between Access Points and seamless campus-wide coverage is possible. Diagram 4-2 ESS Provides Campus-Wide Coverage The Big Picture...

  • Page 39: Chapter 5 Wireless Lan With Ieee 802.1X

    ZyWALL 10~100 Series Internet Security Gateway Chapter 5 Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
  • Page 40 ZyWALL 10~100 Series Internet Security Gateway • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients.

  • Page 41: Chapter 6 Pppoe

    ZyWALL 10~100 Series Internet Security Gateway Chapter 6 PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit), which connects to a DSL Access Concentrator where the PPP session terminates (see the next figure).

  • Page 42: How Pppoe Works

    ZyWALL 10~100 Series Internet Security Gateway How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.

  • Page 43: Chapter 7 Pptp

    ZyWALL 10~100 Series Internet Security Gateway Chapter 7 PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband...
  • Page 44 ZyWALL 10~100 Series Internet Security Gateway PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP Access Concentrator) and the PPTP user.
  • Page 45 ZyWALL 10~100 Series Internet Security Gateway Diagram 7-3 Example Message Exchange between PC and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header.
  • Page 47 ZyWALL 10~100 Series Internet Security Gateway Chapter 8 IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.

  • Page 48: Subnet Masks

    ZyWALL 10~100 Series Internet Security Gateway A class “B” address (16 host bits) can have 2 –2 or 65534 hosts. A class “A” address (24 host bits) can have 2 –2 hosts (approximately 16 million hosts). Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127.
  • Page 49 ZyWALL 10~100 Series Internet Security Gateway With subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of host ID. With subnetting, some of the host ID bits are converted into network number bits.
  • Page 50 ZyWALL 10~100 Series Internet Security Gateway The first three octets of the address make up the network number (class “C”). You want to have two separate networks. Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit.
  • Page 51 ZyWALL 10~100 Series Internet Security Gateway 192.168.1.0 with mask 255.255.255.128 is the subnet itself, and 192.168.1.127 with mask 255.255.255.128 is the directed broadcast address for the first subnet. Therefore, the lowest IP address that can be assigned to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254.

  • Page 52: Example Eight Subnets

    ZyWALL 10~100 Series Internet Security Gateway Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190 Chart 8-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 11000000 Subnet Mask (Binary) 11111111.11111111.11111111.

  • Page 53: Subnetting With Class A And Class B Networks

    ZyWALL 10~100 Series Internet Security Gateway Chart 8-12 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) Subnetting With Class A and Class B Networks.
  • Page 54 ZyWALL 10~100 Series Internet Security Gateway Chart 8-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 255.255.255.128 (/25) 255.255.255.192 1024 (/26) 255.255.255.224 2048 (/27) 255.255.255.240 4096 (/28) 255.255.255.248 8192 (/29) 255.255.255.252 16384 (/30) 255.255.255.254...

  • Page 55: Command And Log Information

    Command and Log Information Part II: Command and Log Information This part provides information on the command interpreter interface, firewall and NetBIOS commands and logs and password protection.

  • Page 57: Chapter 9 Command Interpreter

    ZyWALL 10~100 Series Internet Security Gateway Chapter 9 Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands.

  • Page 59: Chapter 10 Firewall Commands

    ZyWALL 10~100 Series Internet Security Gateway Chapter 10 Firewall Commands The following describes the firewall commands. See the Command Interpreter appendix for information on the command structure. Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall active <yes | This command turns the firewall on or off.
  • Page 60 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config display firewall e-mail This command shows all of the e-mail settings. config display firewall ? This command shows all of the available firewall sub commands. config edit firewall e-mail mail- This command sets the IP address to which the e- server <ip address of mail server>...
  • Page 61 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall attack send- This command enables or disables the immediate alert <yes | no> sending of DOS attack notification e-mail messages. config edit firewall attack block...
  • Page 62 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall set <set #> This command sets a name to identify a specified name <desired name> set. Config edit firewall set <set #> This command sets whether a packet is dropped or default-permit <forward | block>...
  • Page 63 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION Config edit firewall set <set #> This command sets whether a rule is enabled or rule <rule #> active <yes | no> not. Config edit firewall set <set #>...
  • Page 64 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall set <set #> This command sets a rule to have the ZyWALL rule <rule #> destaddr-range <start check for traffic going to this range of addresses.
  • Page 65 ZyWALL 10~100 Series Internet Security Gateway Firewall Commands 10-7...

  • Page 66: Chapter 11 Netbios Filter Commands

    ZyWALL 10~100 Series Internet Security Gateway This command gives a read-only list of the current NetBIOS filter modes for a ZyWALL that does not have DMZ. =============== NetBIOS Filter Status =============== LAN to WAN: Forward WAN to LAN: Forward IPSec Packets:...

  • Page 67: Netbios Filter Configuration

    ZyWALL 10~100 Series Internet Security Gateway Chart 11-1 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE WAN to DMZ This field displays whether NetBIOS packets are blocked or forwarded Forward from the WAN to the DMZ. DMZ to LAN This field displays whether NetBIOS packets are blocked or forwarded Forward from the DMZ to the LAN.
  • Page 68 ZyWALL 10~100 Series Internet Security Gateway <on|off> = For types 0 and 1, use on to enable the filter and block NetBIOS packets. Use off to disable the filter and forward NetBIOS packets. For type 6, use on to block NetBIOS packets from being sent through a VPN connection.

  • Page 69: Chapter 12 Boot Commands

    ZyWALL 10~100 Series Internet Security Gateway Chapter 12 Boot Commands The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware (ZyNOS) is started. When you start up your ZyWALL, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
  • Page 70 ZyWALL 10~100 Series Internet Security Gateway just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time...

  • Page 71: Chapter 13 Log Descriptions

    ZyWALL 10~100 Series Internet Security Gateway Chapter 13 Log Descriptions Chart 13-1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host.
  • Page 72 ZyWALL 10~100 Series Internet Security Gateway Chart 13-2 System Maintenance Logs TELNET Login Fail Someone has failed to log on to the router via telnet. FTP Login Someone has logged on to the router via ftp. Successfully FTP Login Fail Someone has failed to log on to the router via ftp.
  • Page 73 ZyWALL 10~100 Series Internet Security Gateway Chart 13-5 Attack Logs LOG MESSAGE DESCRIPTION attack IGMP The firewall detected an IGMP attack. attack ESP The firewall detected an ESP attack. attack GRE The firewall detected a GRE attack. attack OSPF The firewall detected an OSPF attack.
  • Page 74 ZyWALL 10~100 Series Internet Security Gateway Chart 13-5 Attack Logs LOG MESSAGE DESCRIPTION syn flood TCP The firewall detected a TCP syn flood attack. ports scan TCP The firewall detected a TCP port scan attack. teardrop TCP The firewall detected a TCP teardrop attack.
  • Page 75 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall default TCP access matched the default policy of the listed ACL set and the ZyWALL blocked or forwarded it according to the ACL set’s policy: TCP (set:%d) configuration.
  • Page 76 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule match: IGMP access matched the listed firewall rule and the ZyWALL blocked or forwarded it according to the rule’s configuration. IGMP (set:%d, rule:%d) Firewall rule match: ESP access matched the listed firewall rule and the ZyWALL blocked or forwarded it according to the rule’s configuration.
  • Page 77 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule NOT OSPF access did not match the listed firewall rule and the ZyWALL logged it. match: OSPF (set:%d, rule:%d) Firewall rule NOT Access did not match the listed firewall rule and the ZyWALL logged...
  • Page 78 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Filter match DROP ICMP access matched the listed filter rule and the ZyWALL dropped the packet to block access. <set %d/rule %d> Filter match DROP Access matched the listed filter rule and the ZyWALL dropped the packet to block access.
  • Page 79 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall sent TCP The firewall sent out TCP reset packets. reset packets Packet without a NAT The router blocked a packet that did not have a corresponding NAT table entry.
  • Page 80 ZyWALL 10~100 Series Internet Security Gateway Chart 13-7 ACL Setting Notes ACL SET DIRECTION DESCRIPTION NUMBER DMZ to ACL set 9 for packets traveling from the DMZ to the DM or the DMZ/ZyWALL ZyWALL. Chart 13-8 ICMP Notes TYPE CODE...
  • Page 81 ZyWALL 10~100 Series Internet Security Gateway Chart 13-8 ICMP Notes TYPE CODE DESCRIPTION Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message...

  • Page 82: Vpn Responder Ipsec Log

    ZyWALL 10~100 Series Internet Security Gateway Index: Date/Time: Log: ------------------------------------------------------------ 01 Jan 08:02:22 Send Main Mode request to <192.168.100.101> 01 Jan 08:02:22 Send:<SA> 01 Jan 08:02:22 Recv:<SA> 01 Jan 08:02:24 Send:<KE><NONCE> 01 Jan 08:02:24 Recv:<KE><NONCE> 01 Jan 08:02:26 Send:<ID><HASH> 01 Jan 08:02:26 Recv:<ID><HASH>...
  • Page 83 ZyWALL 10~100 Series Internet Security Gateway The following table shows sample log messages during IKE key exchange. Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION Send <Symbol> Mode request to <IP> The ZyWALL has started negotiation with the peer.
  • Page 84 ZyWALL 10~100 Series Internet Security Gateway Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Remote IP <IP start> / <IP end> If the security gateway is “0.0.0.0”, the ZyWALL will conflicts use the peer’s “Local Addr” as its “Remote Addr”. If a peer’s “Local Addr”...
  • Page 85 ZyWALL 10~100 Series Internet Security Gateway Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION vs. My Local <IP address> The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the local router.
  • Page 86 ZyWALL 10~100 Series Internet Security Gateway The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Chart 13-12 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association...

  • Page 87: Log Commands

    ZyWALL 10~100 Series Internet Security Gateway Log Commands Go to the command interpreter interface (the Command Interpreter Appendix explains how to access and use the commands). Configuring What You Want the ZyWALL to Log Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyWALL is to record.

  • Page 88: Log Command Example

    ZyWALL 10~100 Series Internet Security Gateway Use the sys logs display [log category] command to show the logs in an individual ZyWALL log category. Use the sys logs clear command to erase all of the ZyWALL’s logs. Log Command Example This example shows how to set the ZyWALL to record the access logs and alerts and then view the results.

  • Page 89: Chapter 14 Brute-Force Password Guessing Protection

    ZyWALL 10~100 Series Internet Security Gateway Chapter 14 Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the Command Interpreter appendix for information on the command structure.
  • Page 91 Command and Log Information Part II: Command and Log Information This part provides information on the command interpreter interface, firewall and NetBIOS commands and logs and password protection.
  • Page 93 ZyWALL 10~100 Series Internet Security Gateway Chapter 9 Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands.
  • Page 95 ZyWALL 10~100 Series Internet Security Gateway Chapter 10 Firewall Commands The following describes the firewall commands. See the Command Interpreter appendix for information on the command structure. Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall active <yes | This command turns the firewall on or off.
  • Page 96 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config display firewall e-mail This command shows all of the e-mail settings. config display firewall ? This command shows all of the available firewall sub commands. config edit firewall e-mail mail- This command sets the IP address to which the e- server <ip address of mail server>...
  • Page 97 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall attack send- This command enables or disables the immediate alert <yes | no> sending of DOS attack notification e-mail messages. config edit firewall attack block...
  • Page 98 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall set <set #> This command sets a name to identify a specified name <desired name> set. Config edit firewall set <set #> This command sets whether a packet is dropped or default-permit <forward | block>...
  • Page 99 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION Config edit firewall set <set #> This command sets whether a rule is enabled or rule <rule #> active <yes | no> not. Config edit firewall set <set #>...
  • Page 100 ZyWALL 10~100 Series Internet Security Gateway Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall set <set #> This command sets a rule to have the ZyWALL rule <rule #> destaddr-range <start check for traffic going to this range of addresses.

  • Page 101: Netbios Filter Commands

    ZyWALL 10~100 Series Internet Security Gateway Chapter 11 NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. See the Command Interpreter appendix for information on the command structure. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN.
  • Page 102 ZyWALL 10~100 Series Internet Security Gateway This command gives a read-only list of the current NetBIOS filter modes for a ZyWALL that does not have DMZ. =============== NetBIOS Filter Status =============== LAN to WAN: Forward WAN to LAN: Forward IPSec Packets:...
  • Page 103 ZyWALL 10~100 Series Internet Security Gateway Chart 11-1 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE WAN to DMZ This field displays whether NetBIOS packets are blocked or forwarded Forward from the WAN to the DMZ. DMZ to LAN This field displays whether NetBIOS packets are blocked or forwarded Forward from the DMZ to the LAN.
  • Page 104 ZyWALL 10~100 Series Internet Security Gateway <on|off> = For types 0 and 1, use on to enable the filter and block NetBIOS packets. Use off to disable the filter and forward NetBIOS packets. For type 6, use on to block NetBIOS packets from being sent through a VPN connection.
  • Page 105 ZyWALL 10~100 Series Internet Security Gateway Chapter 12 Boot Commands The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware (ZyNOS) is started. When you start up your ZyWALL, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
  • Page 106 ZyWALL 10~100 Series Internet Security Gateway just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time...
  • Page 107 ZyWALL 10~100 Series Internet Security Gateway Chapter 13 Log Descriptions Chart 13-1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host.
  • Page 108 ZyWALL 10~100 Series Internet Security Gateway Chart 13-2 System Maintenance Logs TELNET Login Fail Someone has failed to log on to the router via telnet. FTP Login Someone has logged on to the router via ftp. Successfully FTP Login Fail Someone has failed to log on to the router via ftp.
  • Page 109 ZyWALL 10~100 Series Internet Security Gateway Chart 13-5 Attack Logs LOG MESSAGE DESCRIPTION attack IGMP The firewall detected an IGMP attack. attack ESP The firewall detected an ESP attack. attack GRE The firewall detected a GRE attack. attack OSPF The firewall detected an OSPF attack.
  • Page 110 ZyWALL 10~100 Series Internet Security Gateway Chart 13-5 Attack Logs LOG MESSAGE DESCRIPTION syn flood TCP The firewall detected a TCP syn flood attack. ports scan TCP The firewall detected a TCP port scan attack. teardrop TCP The firewall detected a TCP teardrop attack.
  • Page 111 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall default TCP access matched the default policy of the listed ACL set and the ZyWALL blocked or forwarded it according to the ACL set’s policy: TCP (set:%d) configuration.
  • Page 112 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule match: IGMP access matched the listed firewall rule and the ZyWALL blocked or forwarded it according to the rule’s configuration. IGMP (set:%d, rule:%d) Firewall rule match: ESP access matched the listed firewall rule and the ZyWALL blocked or forwarded it according to the rule’s configuration.
  • Page 113 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule NOT OSPF access did not match the listed firewall rule and the ZyWALL logged it. match: OSPF (set:%d, rule:%d) Firewall rule NOT Access did not match the listed firewall rule and the ZyWALL logged...
  • Page 114 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Filter match DROP ICMP access matched the listed filter rule and the ZyWALL dropped the packet to block access. <set %d/rule %d> Filter match DROP Access matched the listed filter rule and the ZyWALL dropped the packet to block access.
  • Page 115 ZyWALL 10~100 Series Internet Security Gateway Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall sent TCP The firewall sent out TCP reset packets. reset packets Packet without a NAT The router blocked a packet that did not have a corresponding NAT table entry.
  • Page 116 ZyWALL 10~100 Series Internet Security Gateway Chart 13-7 ACL Setting Notes ACL SET DIRECTION DESCRIPTION NUMBER DMZ to ACL set 9 for packets traveling from the DMZ to the DM or the DMZ/ZyWALL ZyWALL. Chart 13-8 ICMP Notes TYPE CODE...
  • Page 117 ZyWALL 10~100 Series Internet Security Gateway Chart 13-8 ICMP Notes TYPE CODE DESCRIPTION Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message...
  • Page 118 ZyWALL 10~100 Series Internet Security Gateway Index: Date/Time: Log: ------------------------------------------------------------ 01 Jan 08:02:22 Send Main Mode request to <192.168.100.101> 01 Jan 08:02:22 Send:<SA> 01 Jan 08:02:22 Recv:<SA> 01 Jan 08:02:24 Send:<KE><NONCE> 01 Jan 08:02:24 Recv:<KE><NONCE> 01 Jan 08:02:26 Send:<ID><HASH> 01 Jan 08:02:26 Recv:<ID><HASH>...
  • Page 119 ZyWALL 10~100 Series Internet Security Gateway The following table shows sample log messages during IKE key exchange. Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION Send <Symbol> Mode request to <IP> The ZyWALL has started negotiation with the peer.
  • Page 120 ZyWALL 10~100 Series Internet Security Gateway Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Remote IP <IP start> / <IP end> If the security gateway is “0.0.0.0”, the ZyWALL will conflicts use the peer’s “Local Addr” as its “Remote Addr”. If a peer’s “Local Addr”...
  • Page 121 ZyWALL 10~100 Series Internet Security Gateway Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION vs. My Local <IP address> The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the local router.
  • Page 122 ZyWALL 10~100 Series Internet Security Gateway The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Chart 13-12 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association...
  • Page 123 ZyWALL 10~100 Series Internet Security Gateway Log Commands Go to the command interpreter interface (the Command Interpreter Appendix explains how to access and use the commands). Configuring What You Want the ZyWALL to Log Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyWALL is to record.
  • Page 124 ZyWALL 10~100 Series Internet Security Gateway Use the sys logs display [log category] command to show the logs in an individual ZyWALL log category. Use the sys logs clear command to erase all of the ZyWALL’s logs. Log Command Example This example shows how to set the ZyWALL to record the access logs and alerts and then view the results.
  • Page 125 ZyWALL 10~100 Series Internet Security Gateway Chapter 14 Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See the Command Interpreter appendix for information on the command structure.
  • Page 127 Index Part III: Index This part provides an Index of key terms.
  • Page 129 ZyWALL 10~100 Series Internet Security Gateway Index DSSS..See Direct Sequence Spread Spectrum Ad-hoc Configuration ........4-2 Alternative Subnet Mask Notation....8-3 e.g........See Syntax Conventions Encapsulation Basic Service Set..........4-2 PPP over Ethernet ........6-1 Big Picture ............3-1 Enter .......
  • Page 130 ZyWALL 10~100 Series Internet Security Gateway Infrastructure Configuration ......4-3 IP Addressing ..........8-1 Select ......See Syntax Conventions IP Classes............8-1 Service..............v Subnet Masks ...........8-2 Log Descriptions..........13-1 Subnetting............8-2 Support Disk............xii Network Topology With RADIUS Server Syntax Conventions..........xiii Example ............

This manual is also suitable for:

Zywall 100Zywall 10wZywall 50

Table of Contents