Page 1 ZyWALL 10/10W/50/100 Internet Security Gateway SMT User’s Guide Versions 3.52 and 3.60 January 2003...
Page 2 ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 3 ZyWALL 10~100 Series Internet Security Gateway Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operations.
Page 4 ZyWALL 10~100 Series Internet Security Gateway Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction.
Page 5: Zyxel Limited Warranty
ZyWALL 10~100 Series Internet Security Gateway ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon...
Page 6: Customer Support
ZyWALL 10~100 Series Internet Security Gateway Customer Support When you contact your customer support representative please have the following information ready: Please have the following information ready when you contact customer support. • Product model and serial number. • Information in Menu 24.2.1 – System Information.
Page 7: Table Of Contents
ZyWALL 10~100 Series Internet Security Gateway Table of Contents Copyright..............................ii Federal Communications Commission (FCC) Interference Statement..........iii Information for Canadian Users .......................iv ZyXEL Limited Warranty ..........................v Customer Support ............................vi List of Figures ............................xii List of Tables ............................xviii Preface ...............................xxi Initial Setup and Configuration........................
Page 8 ZyWALL 10~100 Series Internet Security Gateway Editing PPP Options ........................3-8 Editing TCP/IP Options ......................3-10 Editing Login Script........................3-11 3.10 Remote Node Filter.......................3-13 Chapter 4 LAN Setup..........................4-1 Introduction to LAN Setup ......................4-1 Accessing the LAN Menus ......................4-1 LAN Port Filter Setup.........................4-1 TCP/IP and DHCP Ethernet Setup Menu ...................4-2 Wireless LAN Setup ........................4-6...
Page 9 ZyWALL 10~100 Series Internet Security Gateway Chapter 8 IP Static Route Setup ......................8-1 IP Static Route Setup ......................... 8-1 Chapter 9 Network Address Translation (NAT) ................... 9-1 Using NAT..........................9-1 NAT Setup ..........................9-3 Configuring a Server behind NAT ..................... 9-9 General NAT Examples ......................
Page 10 ZyWALL 10~100 Series Internet Security Gateway Chapter 14 Firmware and Configuration File Maintenance ..............14-1 14.1 Filename Conventions ......................14-1 14.2 Backup Configuration......................14-2 14.3 Restore Configuration......................14-8 14.4 Uploading Firmware and Configuration Files ..............14-11 Chapter 15 System Maintenance & Information.................15-1 15.1 Command Interpreter Mode....................15-1 15.2...
Page 11 ZyWALL 10~100 Series Internet Security Gateway Chapter 20 SA Monitor ......................... 20-1 20.1 Introduction .......................... 20-1 20.2 Using SA Monitor ........................ 20-1 Chapter 21 Troubleshooting ......................... 21-1 23.1 Problems Starting Up the ZyWALL ..................21-1 21.1 Problems with the LAN Interface ..................21-2 21.2...
Page 12 ZyWALL 10~100 Series Internet Security Gateway List of Figures Figure 1-1 Initial Screen ..........................1-1 Figure 1-2 Password Screen ...........................1-2 Figure 1-3 Main Menu (ZyWALL 100) ......................1-3 Figure 1-4 Getting Started and Advanced Applications SMT Menus.............1-5 Figure 1-5 Advanced Management SMT Menus ....................1-6 Figure 1-6 Schedule Setup and IPSec VPN Configuration SMT Menus............1-7...
Page 13 ZyWALL 10~100 Series Internet Security Gateway Figure 4-6 Menu 3.5 – Wireless LAN Setup....................4-6 Figure 5-1 Menu 5: DMZ Setup........................5-1 Figure 5-2 Menu 5.1: DMZ Port Filter Setup ....................5-1 Figure 5-3 Menu 5: TCP/IP Setup........................5-2 Figure 5-4 Menu 5.2: TCP/IP Setup....................... 5-3 Figure 5-5 Menu 5.2.1: IP Alias Setup......................
Page 14 ZyWALL 10~100 Series Internet Security Gateway Figure 9-8 Menu 15.2: NAT Server Setup (ZyWALL 10) ................9-10 Figure 9-9 Multiple Servers Behind NAT Example..................9-10 Figure 9-10 NAT Example 1.........................9-11 Figure 9-11 Menu 4: Internet Access & NAT Example ................9-11 Figure 9-12 NAT Example 2.........................9-12 Figure 9-13 Menu 15.2: Specifying an Inside Server ...................9-13...
Page 15 ZyWALL 10~100 Series Internet Security Gateway Figure 11-11 Example Filter Rules Summary: Menu 21.1.3...............11-15 Figure 11-12 Protocol and Device Filter Sets .....................11-16 Figure 11-13 Filtering LAN Traffic ......................11-17 Figure 11-14Filtering DMZ Traffic......................11-18 Figure 11-15 Filtering Remote Node Traffic....................11-18 Figure 12-1 Menu 22: SNMP Configuration....................12-1 Figure 13-1 Menu 24: System Maintenance ....................
Page 16 ZyWALL 10~100 Series Internet Security Gateway Figure 14-11 Restore Configuration Example ....................14-11 Figure 14-12 Successful Restoration Confirmation Screen ................14-11 Figure 14-13 Telnet Into Menu 24.7.1: Upload System Firmware .............14-12 Figure 14-14 Telnet Into Menu 24.7.2: System Maintenance..............14-13 Figure 14-15 FTP Session Example of Firmware File Upload ..............14-14 Figure 14-16 Menu 24.7.1 As Seen Using the Console Port...............14-16...
Page 17 ZyWALL 10~100 Series Internet Security Gateway Figure 18-3 Applying Schedule Set(s) to a Remote Node (PPPoE)............. 18-4 Figure 18-4 Applying Schedule Set(s) to a Remote Node (PPTP)............... 18-5 Figure 19-1 VPN SMT Menu Tree....................... 19-1 Figure 19-2 Menu 27: VPN/IPSec Setup ..................... 19-2 Figure 19-3 Menu 27.1: IPSec Summary.....................
Page 18 ZyWALL 10~100 Series Internet Security Gateway List of Tables Table 1-1 Main Menu Commands ........................1-2 Table 1-2 Main Menu Summary ........................1-3 Table 2-1 General Setup Menu Field ......................2-1 Table 2-2 Configure Dynamic DNS Menu Fields...................2-3 Table 3-1 MAC Address Cloning in WAN Setup ...................3-2 Table 3-2 Menu 2: Dial Backup Setup......................3-3...
Page 19 ZyWALL 10~100 Series Internet Security Gateway Table 9-1 Applying NAT in Menus 4 & 11.3 ....................9-3 Table 9-2 SUA Address Mapping Rules......................9-5 Table 9-3 Fields in Menu 15.1.1 ........................9-7 Table 9-4 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set ..........9-8 Table 9-5 Menu 15.3—Trigger Port Setup Description ................
Page 20 ZyWALL 10~100 Series Internet Security Gateway Table 19-2 Menu 27.1.1: IPSec Setup......................19-6 Table 19-3 ......................19-12 Menu 27.1.1.1: IKE Setup Table 19-4 Active Protocol: Encapsulation and Security Protocol .............19-14 Table 19-5 Menu 27.1.1.2: Manual Setup....................19-14 Table 20-1 Menu 27.2: SA Monitor......................20-2 Table 21-1 Troubleshooting the Start-Up of Your ZyWALL ................21-1...
Page 21: Related Documentation
This manual may refer to the ZyWALL 10/10W/50/100 Internet Security Gateway as the ZyWALL. This manual covers the ZyWALL 10, 10W, 50 and 100 models. Supported features and the details of the features, vary from model to model. Not every feature applies to every model; refer to the Model Comparison Chart in chapter 1 of the Web Configurator User’s Guide to see what features are specific to your ZyWALL...
Page 22 ZyWALL 10~100 Series Internet Security Gateway • “Enter” means for you to type one or more characters and press the carriage return. “Select” or “Choose” means for you to use one of the predefined choices. • The SMT menu titles and labels are in Bold Times New Roman font.
Page 23 Initial Setup and Configuration Part I: Initial Setup and Configuration This part covers Introducing the SMT, SMT Menu 1 General Setup, WAN and Dial Backup Setup, LAN Setup, Wireless LAN Security, DMZ Setup, and Internet Access.
Page 25: Figure 1-1 Initial Screen
When you turn on your ZyWALL, it performs several internal tests as well as line initialization. After the tests, the ZyWALL asks you to press [ENTER] to continue, as shown next. Copyright (c) 1994 - 2002 ZyXEL Communications Corp. initialize ch =0, ethernet address: 00:a0:c5:41:51:61 initialize ch =1, ethernet address: 00:a0:c5:41:51:62 Press ENTER to continue...
Page 26: Figure 1-2 Password Screen
ZyWALL 10~100 Series Internet Security Gateway For your first login, enter the default password “1234”. As you type the password, the screen displays an “X” for each character you type. Please note that if there is no activity for longer than five minutes after you log in, your ZyWALL will automatically log you out and display a blank screen.
Page 27: Table 1-2 Main Menu Summary
Main Menu After you enter the password, the SMT displays the ZyWALL Main Menu, as shown next. Not all models have all the features shown. Copyright (c) 1994 - 2001 ZyXEL Communications Corp. ZyWALL 100 Main Menu Getting Started Advanced Management 1.
Page 28 ZyWALL 10~100 Series Internet Security Gateway Table 1-2 Main Menu Summary MENU TITLE FUNCTION LAN Setup Use this menu to apply LAN filters, configure LAN DHCP and TCP/IP settings and configure the wireless LAN port (not available on all models).
Page 29: Figure 1-4 Getting Started And Advanced Applications Smt Menus
ZyWALL 10~100 Series Internet Security Gateway 1.3.2 SMT Menus at a Glance The available SMT screens vary by ZyWALL model. The following SMT overview applies to the ZyWALL 100. Figure 1-4 Getting Started and Advanced Applications SMT Menus Introducing the SMT...
Page 30: Figure 1-5 Advanced Management Smt Menus
ZyWALL 10~100 Series Internet Security Gateway Figure 1-5 Advanced Management SMT Menus Introducing the SMT...
Page 31: Figure 1-6 Schedule Setup And Ipsec Vpn Configuration Smt Menus
ZyWALL 10~100 Series Internet Security Gateway Figure 1-6 Schedule Setup and IPSec VPN Configuration SMT Menus Changing the System Password Change the system password by following the steps shown next. Step 1. Enter 23 in the main menu to open Menu 23 - System Password as shown next.
Page 32: Figure 1-8 Example Xmodem Upload
ZyWALL 10~100 Series Internet Security Gateway Resetting the ZyWALL If you forget your password or cannot access the SMT menu, you will need to reload the factory-default configuration file or use the RESET button the back of the ZyWALL. Uploading this configuration file replaces the current configuration file with the factory-default configuration file.
Page 33: Procedure To Use The Reset Button
ZyWALL 10~100 Series Internet Security Gateway 1.5.2 Procedure To Use The Reset Button Make sure the SYS LED is on (not blinking) before you begin this procedure. Step 1. Press the RESET button for ten seconds, and then release it. If the SYS LED begins to blink, the defaults have been restored and the ZyWALL restarts.
Page 35: Figure 2-1 Menu 1: General Setup
ZyWALL 10~100 Series Internet Security Gateway Chapter 2 SMT Menu 1 - General Setup Menu 1 - General Setup contains administrative and system-related information. Introduction to General Setup Menu 1 - General Setup contains administrative and system-related information. Configuring General Setup Step 1.
Page 36: Figure 2-2 Configure Dynamic Dns
ZyWALL 10~100 Series Internet Security Gateway Table 2-1 General Setup Menu Field FIELD DESCRIPTION EXAMPLE Domain Name Enter the domain name (if you know it) here. If you leave this field zyxel.com.tw blank, the ISP may assign a domain name via DHCP. You can go to menu 24.8 and type "sys domain name"...
Page 37: Table 2-2 Configure Dynamic Dns Menu Fields
ZyWALL 10~100 Series Internet Security Gateway Table 2-2 Configure Dynamic DNS Menu Fields FIELD DESCRIPTION EXAMPLE Service Provider This is the name of your Dynamic DNS service provider. WWW.DynDNS.ORG (default) Active Press [SPACE BAR] to select Yes and then press [ENTER] to make dynamic DNS active.
Page 38 ZyWALL 10~100 Series Internet Security Gateway Table 2-2 Configure Dynamic DNS Menu Fields FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] to select Yes and then press [ENTER] to have the DDNS server automatically update the IP address of the host name(s) with the public IP address that the ZyWALL Use Server uses or is behind.
Page 39: Figure 3-1 Mac Address Cloning In Wan Setup
ZyWALL 10~100 Series Internet Security Gateway Chapter 3 WAN and Dial Backup Setup This chapter describes how to configure the WAN using menu 2 and dial-backup using menus 2.1 and 11.1. Dial-backup applies to the ZyWALL 100 and 10W (see Table 1-1 Model Specific Features in the Web Configuration User’s Guide).
Page 40: Table 3-1 Mac Address Cloning In Wan Setup
ZyWALL 10~100 Series Internet Security Gateway Table 3-1 MAC Address Cloning in WAN Setup FIELD DESCRIPTION EXAMPLE MAC Address Assigned By Press [SPACE BAR] and then [ENTER] to choose one of two methods IP address to assign a MAC Address. Choose Factory Default to select the factory attached on assigned default MAC Address.
Page 41: Figure 3-2 Menu 2: Dial Backup Setup
ZyWALL 10~100 Series Internet Security Gateway Menu 2 - WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Phone Number= Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Press ENTER to Confirm or ESC to Cancel: Figure 3-2 Menu 2: Dial Backup Setup The following table describes the fields in this screen.
Page 42: Figure 3-3 Menu 2.1 Advanced Wan Setup
ZyWALL 10~100 Series Internet Security Gateway Table 3-2 Menu 2: Dial Backup Setup FIELD DESCRIPTION EXAMPLE When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.
Page 43: Table 3-4 Advanced Wan Port Setup: Call Control Parameters
ZyWALL 10~100 Series Internet Security Gateway Table 3-3 Advanced WAN Port Setup: AT Commands Fields FIELD DESCRIPTION DEFAULT Drop Enter the AT Command string to drop a call. “~” represents a one +++ath second wait, e.g., “~~~+++~~ath” can be used if your modem has a slow response time.
Page 44: Figure 3-4 Menu 11.1 Remote Node Profile (Backup Isp)
ZyWALL 10~100 Series Internet Security Gateway Table 3-4 Advanced WAN Port Setup: Call Control Parameters FIELD DESCRIPTION DEFAULT Drop Timeout Enter a number of seconds for the ZyWALL to wait before dropping 20 seconds (sec) the DTR signal if it does not receive a positive disconnect confirmation.
Page 45 ZyWALL 10~100 Series Internet Security Gateway Table 3-5 Fields in Menu 11.1 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Active Press [SPACE BAR] and then [ENTER] to select Yes to enable the remote node or No to disable the remote node.
Page 46: Editing Ppp Options
ZyWALL 10~100 Series Internet Security Gateway Table 3-5 Fields in Menu 11.1 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Allocated Enter the maximum number of minutes that this remote node may be Budget called within the time period configured in the Period field. The default...
Page 47: Figure 3-5 Menu 11.2 - Remote Node Ppp Options
ZyWALL 10~100 Series Internet Security Gateway Menu 11.2 - Remote Node PPP Options Encapsulation= Standard PPP Compression= No Enter here to CONFIRM or ESC to CANCEL: Press Space Bar to Toggle. Figure 3-5 Menu 11.2 - Remote Node PPP Options This table describes the Remote Node PPP Options Menu, and contains instructions on how to configure the PPP options fields.
Page 48: Figure 3-7 Menu 11.3: Remote Node Network Layer Options
ZyWALL 10~100 Series Internet Security Gateway Editing TCP/IP Options Move the cursor to the Edit IP field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.3 - Network Layer Options. Menu 11.3 - Remote Node Network Layer Options Rem IP Addr= 0.0.0.0...
Page 49: Editing Login Script
ZyWALL 10~100 Series Internet Security Gateway Table 3-6 Remote Node Network Layer Options Menu Fields FIELD DESCRIPTION EXAMPLE Network Press [SPACE BAR] and then [ENTER] to select either Full Feature, None Address None or SUA Only. See the Network Address Translation (NAT) chapter...
Page 50 ZyWALL 10~100 Series Internet Security Gateway upper or lower case. Similarly, you specify “word: ” as the ‘Expect’ string and your password as the ‘Send’ string for the second prompt in set 2. You can use two variables, $USERNAME and $PASSWORD (all UPPER case), to represent the actual user name and password in the script, so they will not show in the clear.
Page 51: Figure 3-8 Menu 11.4 - Remote Node Setup Script
ZyWALL 10~100 Series Internet Security Gateway Menu 11.4 - Remote Node Script Active= No Set 1: Set 5: Expect= Expect= Send= Send= Set 2: Set 6: Expect= Expect= Send= Send= Set 3: Expect= Send= Set 4: Expect= Send= Enter here to CONFIRM or ESC to CANCEL: Figure 3-8 Menu 11.4 –...
Page 52: Figure 3-9 Menu 11.5: Remote Node Filter (Ethernet)
ZyWALL 10~100 Series Internet Security Gateway Use menu 11.5 to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote node and the ZyWALL to prevent certain packets from triggering calls. You can specify up to four filter sets separated by commas, for example, 1, 5, 9, 12, in each filter field.
Page 53: Figure 4-1 Menu 3: Lan Setup
ZyWALL 10~100 Series Internet Security Gateway Chapter 4 LAN Setup This chapter describes how to configure the LAN using Menu 3: LAN Setup. Wireless LAN is available on the ZyWALL 10W and 100 models. Introduction to LAN Setup This chapter describes how to configure the ZyWALL for LAN and wireless LAN connections.
Page 54: Figure 4-2 Menu 3.1: Lan Port Filter Setup
ZyWALL 10~100 Series Internet Security Gateway Menu 3.1 – LAN Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: Figure 4-2 Menu 3.1: LAN Port Filter Setup...
Page 55: Figure 4-4 Menu 3.2: Tcp/Ip And Dhcp Ethernet Setup
ZyWALL 10~100 Series Internet Security Gateway Menu 3.2 - TCP/IP and DHCP Ethernet Setup First address in DHCP= Server the IP Pool Configuration: Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0...
Page 56: Table 4-2 Lan Tcp/Ip Setup Menu Fields
ZyWALL 10~100 Series Internet Security Gateway Table 4-1 DHCP Ethernet Setup Menu Fields FIELD DESCRIPTION EXAMPLE DHCP Server If Relay is selected in the DHCP field above, then type the IP address Address of the actual, remote DHCP server here.
Page 57: Figure 4-5 Menu 3.2.1: Ip Alias Setup
ZyWALL 10~100 Series Internet Security Gateway 4.4.1 IP Alias Setup You must use menu 3.2 to configure the first network. Move the cursor to the Edit IP Alias field, press [SPACE BAR] to choose Yes and press [ENTER] to configure the second and third network.
Page 58: Figure 4-6 Menu 3.5 - Wireless Lan Setup
ZyWALL 10~100 Series Internet Security Gateway Table 4-3 IP Alias Setup Menu Fields FIELD DESCRIPTION EXAMPLE Incoming Enter the filter set(s) you wish to apply to the incoming traffic Protocol Filters between this node and the ZyWALL. Outgoing Enter the filter set(s) you wish to apply to the outgoing traffic Protocol Filters between this node and the ZyWALL.
Page 59: Table 4-4 Wireless Lan Setup Menu Fields
ZyWALL 10~100 Series Internet Security Gateway The settings of all client stations on the wireless LAN must match those of the ZyWALL. Follow the instructions in the next table on how to configure the wireless LAN parameters. Table 4-4 Wireless LAN Setup Menu Fields...
Page 61: Figure 5-1 Menu 5: Dmz Setup
ZyWALL 10~100 Series Internet Security Gateway Chapter 5 DMZ Setup This chapter describes how to configure the ZyWALL 100’s DMZ using Menu 5: DMZ Setup. Configuring DMZ Setup From the main menu, enter 5 to open Menu 5 – DMZ Setup.
Page 62: Figure 5-3 Menu 5: Tcp/Ip Setup
ZyWALL 10~100 Series Internet Security Gateway TCP/IP Setup For more detailed information about RIP setup, IP Multicast and IP alias, please refer to the LAN chapter. 5.3.1 IP Address From the main menu, enter 5 to open Menu 5 - DMZ Setup to configure TCP/IP (RFC 1155).
Page 63: Figure 5-4 Menu 5.2: Tcp/Ip Setup
ZyWALL 10~100 Series Internet Security Gateway Menu 5.2 - TCP/IP Ethernet Setup TCP/IP Setup: IP Address= ? IP Subnet Mask= RIP Direction= Both Version= RIP-1 Multicast= None Edit IP Alias= No Press ENTER to Confirm or ESC to Cancel: Figure 5-4 Menu 5.2: TCP/IP Setup The TCP/IP setup fields are the same as the ones in Menu 3.2 TCP/IP Ethernet Setup.
Page 64: Figure 5-5 Menu 5.2.1: Ip Alias Setup
ZyWALL 10~100 Series Internet Security Gateway Menu 5.2.1 - IP Alias Setup IP Alias 1= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol filters= N/A IP Alias 2= No...
Page 65: Table 6-1 Menu 4: Internet Access Setup Menu Fields
ZyWALL 10~100 Series Internet Security Gateway Chapter 6 Internet Access This chapter shows you how to configure your ZyWALL for Internet access. Introduction to Internet Access Setup Use information from your ISP along with the instructions in this chapter to set up your ZyWALL to access the Internet.
Page 66: Configuring The Pptp Client
ZyWALL 10~100 Series Internet Security Gateway Table 6-1 Menu 4: Internet Access Setup Menu Fields FIELD DESCRIPTION Encapsulation Press [SPACE BAR] and then press [ENTER] to choose Ethernet. The encapsulation method influences your choices for the IP Address field. Service Type...
Page 67: Figure 6-2 Internet Access Setup (Pptp)
ZyWALL 10~100 Series Internet Security Gateway the Encapsulation field in Menu 4 -Internet Access Setup to choose PPTP as your encapsulation option. This brings up the following screen. Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= PPTP Service Type= N/A...
Page 68: Figure 6-3 Internet Access Setup (Pppoe)
ZyWALL 10~100 Series Internet Security Gateway Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= PPPoE Service Type= N/A My Login= My Password= ******** Idle Timeout= 100 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A...
Page 69 Remote Node, IP Static Route, NAT, Firewall, Filters, SNMP Part II: Remote Node Setup, IP Static Route Setup, NAT, Firewall, Filters, SNMP This part covers Remote Node Setup, IP Static Route Setup and Network Address Translation, the ZyXEL firewall, filters and SNMP.
Page 71: Chapter 7 Remote Node Setup
ZyWALL 10~100 Series Internet Security Gateway Chapter 7 Remote Node Setup This chapter shows you how to configure a remote node. Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 72: Figure 7-1 Menu 11 Remote Node Setup
ZyWALL 10~100 Series Internet Security Gateway Menu 11 - Remote Node Setup 1. ChangeMe (ISP, SUA) 2. ________ Enter Node # to Edit: Figure 7-1 Menu 11 Remote Node Setup Remote Node Profile Setup The following explains how to configure the remote node profile menu.
Page 73: Figure 7-2 Menu 11.1: Remote Node Profile For Ethernet Encapsulation
ZyWALL 10~100 Series Internet Security Gateway Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes Encapsulation= Ethernet Edit IP= No Service Type= Standard Session Options: Service Name= N/A Edit Filter Sets= No Outgoing: My Login= N/A...
Page 74: Pppoe Encapsulation
ZyWALL 10~100 Series Internet Security Gateway Table 7-1 Fields in Menu 11.1 FIELD DESCRIPTION EXAMPLE My Password Enter the password assigned by your ISP when the ZyWALL calls ***** this remote node. Valid for PPPoE encapsulation only. Retype to Type your password again to make sure that you have entered it...
Page 75: Figure 7-3 Menu 11.1: Remote Node Profile For Pppoe Encapsulation
ZyWALL 10~100 Series Internet Security Gateway Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes Encapsulation= PPPoE Edit IP= No Service Type= Standard Telco Option: Service Name= Allocated Budget(min)= 0 Outgoing: Period(hr)= 0 My Login=...
Page 76: Table 7-2 Fields In Menu 11.1 (Pppoe Encapsulation Specific)
ZyWALL 10~100 Series Internet Security Gateway Metric See the Metric section in the WAN and Dial Backup Setup chapter for details on the Metric field. Table 7-2 Fields in Menu 11.1 (PPPoE Encapsulation Specific) FIELD DESCRIPTION EXAMPLE Authen This field sets the authentication protocol used for outgoing calls.
Page 77: Figure 7-4 Menu 11.1: Remote Node Profile For Pptp Encapsulation
ZyWALL 10~100 Series Internet Security Gateway Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes Encapsulation= PPTP Edit IP= No Service Type= Standard Telco Option: Service Name=N/A Allocated Budget(min)= 0 Outgoing= Period(hr)= 0 My Login=...
Page 78: Figure 7-5 Menu 11.3: Remote Node Network Layer Options For Ethernet Encapsulation
ZyWALL 10~100 Series Internet Security Gateway Table 7-3 Fields in Menu 11.1 (PPTP Encapsulation) FIELD DESCRIPTION EXAMPLE Nailed-Up Press [SPACE BAR] and then [ENTER] to select Yes if you want to Connections make the connection to this remote node a nailed-up connection.
Page 79 ZyWALL 10~100 Series Internet Security Gateway Table 7-4 Remote Node Network Layer Options Menu Fields FIELD DESCRIPTION EXAMPLE (Rem) IP If you have a Static IP Assignment, enter the subnet mask assigned to Subnet Mask you. Gateway IP This field is applicable to Ethernet encapsulation only. Enter the...
Page 80: Figure 7-6 Menu 11.5: Remote Node Filter (Ethernet Encapsulation)
ZyWALL 10~100 Series Internet Security Gateway Table 7-4 Remote Node Network Layer Options Menu Fields FIELD DESCRIPTION EXAMPLE Once you have completed filling in Menu 11.3 Remote Node Network Layer Options, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration and return to menu 11, or press [ESC] at any time to cancel.
Page 81: Figure 7-7 Menu 11.5: Remote Node Filter (Pppoe Or Pptp Encapsulation)
ZyWALL 10~100 Series Internet Security Gateway Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= Device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= Device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 7-7 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation)
Page 82: Figure 7-9 Menu 11.6: Traffic Redirect Setup
ZyWALL 10~100 Series Internet Security Gateway Table 7-5 Menu 11.1: Remote Node Profile (Traffic Redirect Field) FIELD DESCRIPTION EXAMPLE Edit Press [SPACE BAR] to select Yes or No. Traffic Select No (default) if you do not want to configure this feature.
Page 83: Table 7-6 Traffic Redirect Setup
ZyWALL 10~100 Series Internet Security Gateway Table 7-6 Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE Active Press [SPACE BAR] and select Yes (to enable) or No (to disable) traffic redirect setup. The default is No. When the Active field is Yes, you must configure every field in this screen unless you are using PPPoE or PPTP encapsulation (except Check WAN IP Address and Timeout).
Page 84 ZyWALL 10~100 Series Internet Security Gateway Table 7-6 Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE When you have completed this menu, press [ENTER] at the prompt “Press [ENTER] to confirm or [ESC] to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Page 85: Figure 8-1 Menu 12: Ip Static Route Setup (Zywall 10W)
ZyWALL 10~100 Series Internet Security Gateway Chapter 8 IP Static Route Setup This chapter shows you how to configure static routes with your ZyWALL. IP Static Route Setup Enter 12 from the main menu. Select one of the IP static routes as shown next to configure IP static routes in menu 12.
Page 86: Figure 8-2 Menu 12. 1: Edit Ip Static Route
ZyWALL 10~100 Series Internet Security Gateway Menu 12.1 - Edit IP Static Route Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to CONFIRM or ESC to CANCEL: Figure 8-2 Menu 12.
Page 87 ZyWALL 10~100 Series Internet Security Gateway Table 8-1 IP Static Route Menu Fields FIELD DESCRIPTION Private This parameter determines if the ZyWALL will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP broadcast.
Page 89: Chapter 9 Network Address Translation (Nat)
ZyWALL 10~100 Series Internet Security Gateway Chapter 9 Network Address Translation (NAT) This chapter discusses how to configure NAT on the ZyWALL. Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyWALL.
Page 90: Figure 9-1 Menu 4: Applying Nat For Internet Access
ZyWALL 10~100 Series Internet Security Gateway Menu 4 - Internet Access Setup ISP's Name= myISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Login Server IP= N/A IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A...
Page 91: Figure 9-2 Menu 11.3: Applying Nat To The Remote Node
ZyWALL 10~100 Series Internet Security Gateway Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= Full Feature Metric= N/A Private= N/A RIP Direction= None...
Page 92: Figure 9-3 Menu 15: Nat Setup
ZyWALL 10~100 Series Internet Security Gateway 11.3, the SMT will use Set 1. When you select SUA Only, the SMT will use the pre-configured Set 255 (read only). The server set is a list of LAN and DMZ servers mapped to external ports. To use this set, a server rule must be set up inside the NAT address mapping set.
Page 93: Figure 9-5 Menu 15.1.255: Sua Address Mapping Rules
ZyWALL 10~100 Series Internet Security Gateway SUA Address Mapping Set Enter 255 to display the next screen (see also section 9.1.1). The fields in this menu cannot be changed. Menu 15.1.255 - Address Mapping Rules Set Name= SUA Local Start IP...
Page 94: Figure 9-6 Menu 15.1.1: First Set
ZyWALL 10~100 Series Internet Security Gateway Table 9-2 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE Type These are the mapping types discussed above. Server allows us to Server specify multiple servers of different types behind NAT to this machine. See later for some examples.
Page 95: Table 9-3 Fields In Menu 15.1.1
ZyWALL 10~100 Series Internet Security Gateway The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed here. Ordering Your Rules Ordering your rules is important because the ZyWALL applies the rules in the order that you specify. When a rule matches the current packet, the ZyWALL takes the corresponding action and the remaining rules are ignored.
Page 96: Figure 9-7 Menu 15.1.1.1: Editing/Configuring An Individual Rule In A Set
ZyWALL 10~100 Series Internet Security Gateway An IP End address must be numerically greater than its corresponding IP Start address. Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= = N/A Global IP: Start= = N/A Press ENTER to Confirm or ESC to Cancel: Figure 9-7 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set...
Page 97: Configuring A Server Behind Nat
ZyWALL 10~100 Series Internet Security Gateway Table 9-4 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Once you have finished configuring a rule in this menu, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel.
Page 98: Figure 9-8 Menu 15.2: Nat Server Setup (Zywall 10)
0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 1026 1026 RR Reserved Press ENTER to Confirm or ESC to Cancel: Figure 9-8 Menu 15.2: NAT Server Setup (ZyWALL 10) Figure 9-9 Multiple Servers Behind NAT Example 9-10...
Page 99: Figure 9-11 Menu 4: Internet Access & Nat Example
ZyWALL 10~100 Series Internet Security Gateway General NAT Examples The following are some examples of NAT configuration. 9.4.1 Internet Access Only In the following Internet access example, you only need one rule where all your ILAs (Inside Local addresses) map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Page 100: Figure 9-12 Nat Example 2
ZyWALL 10~100 Series Internet Security Gateway From menu 4 shown above, simply choose the SUA Only option from the Network Address Translation field. This is the Many-to-One mapping discussed in section 9.4. The SUA Only read-only option from the Network Address Translation field in menus 4 and 11.3 is specifically pre-configured to handle this case.
Page 101: Figure 9-13 Menu 15.2: Specifying An Inside Server
ZyWALL 10~100 Series Internet Security Gateway Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 1026 1026 RR Reserved Press ENTER to Confirm or ESC to Cancel: Figure 9-13 Menu 15.2: Specifying an Inside Server...
Page 102: Figure 9-14 Nat Example 3
ZyWALL 10~100 Series Internet Security Gateway Figure 9-14 NAT Example 3 Step 1. In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 9-15.
Page 103: Figure 9-15 Example 3: Menu 11.3
ZyWALL 10~100 Series Internet Security Gateway Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= Full Feature Metric= N/A Private= N/A RIP Direction= None...
Page 104: Figure 9-17 Example 3: Final Menu 15.1.1
ZyWALL 10~100 Series Internet Security Gateway Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 1. 192.168.1.10 10.132.50.1 192.168.1.11 10.132.50.2 3. 0.0.0.0 255.255.255.255...
Page 105: Figure 9-19 Nat Example 4
ZyWALL 10~100 Series Internet Security Gateway 9.4.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-One-to-One mapping as port numbers do not change for Many-One-to-One (and One-to-One) NAT mapping types.
Page 106: Figure 9-20 Example 4: Menu 15.1.1.1: Address Mapping Rule
ZyWALL 10~100 Series Internet Security Gateway Menu 15.1.1.1 Address Mapping Rule Type= Many-One-to-One Local IP: Start= 192.168.1.10 = 192.168.1.12 Global IP: Start= 10.132.50.1 = 10.132.50.3 Press ENTER to Confirm or ESC to Cancel: Figure 9-20 Example 4: Menu 15.1.1.1: Address Mapping Rule After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.
Page 107: Figure 9-22 Trigger Port Forwarding Process: Example
ZyWALL 10~100 Series Internet Security Gateway the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a...
Page 108: Figure 9-23 Menu 15.3-Trigger Port Setup
ZyWALL 10~100 Series Internet Security Gateway 5. Only Jane can connect to the Real Audio server until the connection is closed or times out. The ZyWALL times out in three minutes with UDP (User Datagram Protocol) or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol).
Page 109: Table 9-5 Menu 15.3-Trigger Port Setup Description
ZyWALL 10~100 Series Internet Security Gateway Table 9-5 Menu 15.3—Trigger Port Setup Description FIELD DESCRIPTION EXAMPLE Rule This is the rule index number. Name Enter a unique name for identification purposes. You may enter up to 15 Real Audio characters in this field. All characters are permitted - including spaces.
Page 111: Figure 10-1 Menu 21: Filter And Firewall Setup
ZyWALL 10~100 Series Internet Security Gateway Chapter 10 Introducing the ZyWALL Firewall This chapter shows you how to get started with the ZyWALL firewall. 10.1 Using ZyWALL SMT Menus From the main menu enter 21 to go to Menu 21 - Filter Set and Firewall Configuration to display the screen shown next.
Page 112: Figure 10-2 Menu 21.2: Firewall Setup
ZyWALL 10~100 Series Internet Security Gateway 10.1.1 Activating the Firewall Enter option 2 in this menu to bring up the following screen. Press [SPACE BAR] and then [ENTER] to select Yes in the Active field to activate the firewall. The firewall must be active to protect against Denial of Service (DoS) attacks.
Page 113: Chapter 11 Filter Configuration
ZyWALL 10~100 Series Internet Security Gateway Chapter 11 Filter Configuration This chapter shows you how to create and apply filters. 11.1 Introduction to Filters Your ZyWALL uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering.
Page 114: Figure 11-1 Outgoing Packet Filtering Process
ZyWALL 10~100 Series Internet Security Gateway Call Filtering Active Data Built-in User-defined match match match Outgoing Initiate call default Data Call Filters Packet if line not up Call Filters (if applicable) Filtering Send packet and reset Idle Timer Match Match...
Page 115: Figure 11-2 Filter Rule Process
ZyWALL 10~100 Series Internet Security Gateway Start Packet into filter Fetch First Filter Set Filter Set Fetch Next Fetch First Filter Set Filter Rule Fetch Next Filter Rule Next filter Next Filter Set Rule Active? Available? Available? Execute Filter Rule...
Page 116: Figure 11-4 Menu 21: Filter And Firewall Setup
ZyWALL 10~100 Series Internet Security Gateway You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
Page 117: Table 11-1 Abbreviations Used In The Filter Rules Summary Menu
ZyWALL 10~100 Series Internet Security Gateway Step 4. Enter a descriptive name or comment in the Edit Comments field and press [ENTER]. Step 5. Press [ENTER] at the message [Press ENTER to confirm] to open Menu 21.1.1 - Filter Rules Summary.
Page 118: Table 11-2 Rule Abbreviations Used
ZyWALL 10~100 Series Internet Security Gateway Table 11-2 Rule Abbreviations Used ABBREVIATION DESCRIPTION Protocol Source Address Source Port number Destination Address Destination Port number Offset Length Refer to the next section for information on configuring the filter rules. 11.2.1 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.1 - Filter Rules Summary and press [ENTER] to...
Page 119: Figure 11-6 Menu 21.1.1.1: Tcp/Ip Filter Rule
ZyWALL 10~100 Series Internet Security Gateway To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next. Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1...
Page 120 ZyWALL 10~100 Series Internet Security Gateway Table 11-3 TCP/IP Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Port # Enter the destination port of the packets that you wish to filter. 0-65535 The range of this field is 0 to 65535. This field is ignored if it is...
Page 121 ZyWALL 10~100 Series Internet Security Gateway Table 11-3 TCP/IP Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS None Press [SPACE BAR] and then [ENTER] to select a logging option from the following: Action None – No packets will be logged. Matched Action Matched - Only packets that match the rule parameters will be logged.
Page 122: Figure 11-7 Executing An Ip Filter
ZyWALL 10~100 Series Internet Security Gateway Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src Not Matched IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest Not Matched IP Addr Matched Check Not Matched IP Protocol Matched Check Src &...
Page 123: Figure 11-8 Menu 21.1.4.1: Generic Filter Rule
ZyWALL 10~100 Series Internet Security Gateway 11.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
Page 124 ZyWALL 10~100 Series Internet Security Gateway Table 11-4 Generic Filter Rule Menu Fields Filter Use [SPACE BAR] and then [ENTER] to select a rule type. Parameters Generic Filter Type displayed below each type will be different. TCP/IP filter rules are used to Rule filter IP packets while generic filter rules allow filtering of non-IP packets.
Page 125: Figure 11-9 Telnet Filter Example
ZyWALL 10~100 Series Internet Security Gateway 11.3 Example Filter Let’s look at an example to block outside users from accessing the ZyWALL via telnet. Please see our included disk for more example filters. Figure 11-9 Telnet Filter Example Step 1.
Page 126: Figure 11-10 Example Filter: Menu 21.1.3.1
ZyWALL 10~100 Series Internet Security Gateway Step 6. Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as shown in the following figure. Press [SPACE BAR] and then Menu 21.1.3.1 - TCP/IP Filter Rule...
Page 127: Filter Types And Nat
ZyWALL 10~100 Series Internet Security Gateway Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F This shows you that you have M = N means an action can be taken immediately.
Page 128: Figure 11-12 Protocol And Device Filter Sets
ZyWALL 10~100 Series Internet Security Gateway Address Translation) is enabled, the inside IP address and port number are replaced on a connection-by- connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the ZyWALL applies the protocol filters to the “native”...
Page 129: Figure 11-13 Filtering Lan Traffic
ZyWALL 10~100 Series Internet Security Gateway If you do not activate the firewall, it is advisable to apply filters. 11.6.1 Applying LAN Filters LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security breaches.
Page 130: Figure 11-14Filtering Dmz Traffic
ZyWALL 10~100 Series Internet Security Gateway Menu 5.1 – DMZ Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: Figure 11-14Filtering DMZ Traffic 11.6.3 Applying Remote Node Filters Go to menu 11.5 (shown below –...
Page 131: Figure 12-1 Menu 22: Snmp Configuration
ZyWALL 10~100 Series Internet Security Gateway Chapter 12 SNMP Configuration This chapter explains SNMP configuration menu 22. SNMP is only available if TCP/IP is configured. 12.1 SNMP Configuration To configure SNMP, enter 22 from the main menu to display Menu 22 - SNMP Configuration as shown next.
Page 132: Table 12-2 Snmp Traps
ZyWALL 10~100 Series Internet Security Gateway Table 12-1 SNMP Configuration Menu Fields FIELD DESCRIPTION EXAMPLE Public Trap Type the Trap community, which is the password sent with each trap to the SNMP manager. Community Destination Type the IP address of the station to send your SNMP traps to.
Page 133: Chapter 16 Remote Management
System Maintenance Part III: System Maintenance This part covers system information and diagnosis, firmware and configuration file maintenance, as well as providing information on the system maintenance and information functions and how to configure remote management.
Page 135: Figure 13-1 Menu 24: System Maintenance
ZyWALL 10~100 Series Internet Security Gateway Chapter 13 System Information & Diagnosis This chapter covers SMT menus 24.1 to 24.4. DMZ applies to the ZyWALL 100. Wireless LAN and dial-backup apply to the ZyWALL 100 and 10W (see Table 1-1 Model Specific Features in the Web Configuration User’s Guide).
Page 136: Figure 13-2 Menu 24.1: System Maintenance: Status (Zywall 100)
ZyWALL 10~100 Series Internet Security Gateway monitor your ZyWALL. Specifically, it gives you information on your system firmware version, number of packets sent and number of packets received. To get to the System Status: Step 1. Enter number 24 to go to Menu 24 - System Maintenance.
Page 137: System Information And Console Port Speed
ZyWALL 10~100 Series Internet Security Gateway Table 13-1 System Maintenance: Status Menu Fields FIELD DESCRIPTION Shows the port speed and duplex setting if you’re using Ethernet Encapsulation Status and Down (line is down), idle (line (ppp) idle), dial (starting to trigger a call) and drop (dropping a call) if you’re using PPPoE Encapsulation.
Page 138: Figure 13-3 Menu 24.2: System Information And Console Port Speed
ZyWALL 10~100 Series Internet Security Gateway Step 1. Enter 24 to go to Menu 24 – System Maintenance. Step 2. Enter 2 to open Menu 24.2 - System Information and Console Port Speed. Step 3. From this menu you have two choices as shown in the next figure: Menu 24.2 - System Information and Console Port Speed...
Page 139: Figure 13-5 Menu 24.2.2: System Maintenance: Change Console Port Speed
ZyWALL 10~100 Series Internet Security Gateway Table 13-2 Fields in System Maintenance: Information FIELD DESCRIPTION Name This is the ZyWALL's system name + domain name assigned in menu 1. For example, System Name= xxx; Domain Name= baboo.mickey.com Name= xxx.baboo.mickey.com Routing Refers to the routing protocol used.
Page 140: Figure 13-6 Menu 24.3: System Maintenance: Log And Trace
ZyWALL 10~100 Series Internet Security Gateway 13.4 Log and Trace There are two logging facilities in the ZyWALL. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging.
Page 141: Figure 13-7 Examples Of Error And Information Messages
ZyWALL 10~100 Series Internet Security Gateway 0 Wed Aug 22 21:23:26 2001 PP17 INFO getDateTime fail: no server available 1 Wed Aug 22 21:23:26 2001 PP17 INFO adjtime task pause 60 seconds 2 Wed Aug 22 21:23:54 2001 PINI INFO...
Page 142: Table 13-3 System Maintenance Menu Syslog Parameters
ZyWALL 10~100 Series Internet Security Gateway You need to configure the UNIX syslog parameters described in the following table to activate syslog then choose what you want to log. Table 13-3 System Maintenance Menu Syslog Parameters PARAMETER DESCRIPTION UNIX Syslog: Active Press [SPACE BAR] and then [ENTER] to turn syslog on or off.
Page 143: Filter Log
ZyWALL 10~100 Series Internet Security Gateway 2. Packet triggered Packet triggered Message Format SdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String ); String = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) Data: We will send forty-eight Hex characters to the server Jul 19 11:28:39 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1,...
Page 144 ZyWALL 10~100 Series Internet Security Gateway 5. Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule | action] Src: Source Address spo: Source port (empty means no source port information)
Page 145: Figure 13-9 Call-Triggering Packet Example
ZyWALL 10~100 Series Internet Security Gateway IP Frame: ENET0-RECV Size: Time: 17:02:44.262 Frame Type: IP Header: IP Version Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Identification = 0x0002 (2) Flags = 0x00...
Page 146: Figure 13-10 Menu 24.4: System Maintenance: Diagnostic
ZyWALL 10~100 Series Internet Security Gateway Step 2. From this menu, select option 4. Diagnostic. This will open Menu 24.4 - System Maintenance - Diagnostic. Figure 13-10 Menu 24.4: System Maintenance: Diagnostic Menu 24.4 - System Maintenance - Diagnostic TCP/IP...
Page 147: Figure 13-11 Wan & Lan Dhcp
ZyWALL 10~100 Series Internet Security Gateway Figure 13-11 WAN & LAN DHCP The following table describes the diagnostic tests available in menu 24.4 for your ZyWALL and associated connections. Table 13-4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Enter 1 to ping any machine (with an IP address) on your LAN or WAN.
Page 149: Chapter 14 Firmware And Configuration File Maintenance
ZyWALL 10~100 Series Internet Security Gateway Chapter 14 Firmware and Configuration File Maintenance This chapter tells you how to back up and restore your configuration file as well as upload new firmware and a new configuration file. 14.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 150: Table 14-1 Filename Conventions
ZyWALL 10~100 Series Internet Security Gateway local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 - System Maintenance - Information to confirm that you have uploaded the correct firmware version.
Page 151: Figure 14-1 Telnet Into Menu 24.5
ZyWALL 10~100 Series Internet Security Gateway 14.2.1 Backup Configuration Follow the instructions as shown in the next screen. Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation.
Page 152: Figure 14-2 Ftp Session Example
ZyWALL 10~100 Series Internet Security Gateway 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 153: Backup Configuration Using Tftp
ZyWALL 10~100 Series Internet Security Gateway 1. The firewall is active (turn the firewall off in menu 21.2 or create a firewall rule to allow access from the WAN). 2. You have disabled Telnet service in menu 24.11. 3. You have applied a filter in menu 3.1 (LAN) or in menu 11.5 (WAN) to block Telnet service.
Page 154: Table 14-3 General Commands For Gui-Based Tftp Clients
ZyWALL 10~100 Series Internet Security Gateway 14.2.7 TFTP Command Example The following is an example TFTP command: tftp [-i] host get rom-0 config.rom Where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyWALL IP address, “get”...
Page 155: Figure 14-3 System Maintenance: Backup Configuration
ZyWALL 10~100 Series Internet Security Gateway Ready to backup Configuration via Xmodem. Do you want to continue (y/n): Figure 14-3 System Maintenance: Backup Configuration Step 2. The following screen indicates that the Xmodem download has started. You can enter ctrl-x to terminate operation any time.
Page 156: Restore Configuration
ZyWALL 10~100 Series Internet Security Gateway 14.3 Restore Configuration This section shows you how to restore a previously saved configuration. Note that this function erases the current configuration before restoring a previous back up configuration; please do not attempt to restore unless you have a backup configuration file stored on disk.
Page 157: Figure 14-7 Telnet Into Menu 24.6
ZyWALL 10~100 Series Internet Security Gateway Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
Page 158: Figure 14-8 Restore Using Ftp Session Example
ZyWALL 10~100 Series Internet Security Gateway 14.3.2 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.
Page 159: Figure 14-11 Restore Configuration Example
ZyWALL 10~100 Series Internet Security Gateway Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 14-11 Restore Configuration Example Step 4. After a successful restoration you will see the following screen. Press any key to restart the ZyWALL and return to the SMT menu.
Page 160: Figure 14-13 Telnet Into Menu 24.7.1: Upload System Firmware
ZyWALL 10~100 Series Internet Security Gateway WARNING! Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR ZyWALL. 14.4.1 Firmware File Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client.
Page 161: Figure 14-14 Telnet Into Menu 24.7.2: System Maintenance
ZyWALL 10~100 Series Internet Security Gateway 14.4.2 Configuration File Upload You see the following screen when you telnet into menu 24.7.2. Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1.
Page 162: Figure 14-15 Ftp Session Example Of Firmware File Upload
ZyWALL 10~100 Series Internet Security Gateway transfers the configuration file on the ZyWALL to your computer and renames it “config.rom.” See earlier in this chapter for more information on filename conventions. Step 7. Enter “quit” to exit the ftp prompt.
Page 163: Tftp Upload Command Example
ZyWALL 10~100 Series Internet Security Gateway Step 3. Enter the command “sys stdio 0” to disable the console timeout, so the TFTP transfer will not be interrupted. Enter “command sys stdio 5” to restore the five-minute console timeout (default) when the file transfer is complete.
Page 164: Figure 14-16 Menu 24.7.1 As Seen Using The Console Port
ZyWALL 10~100 Series Internet Security Gateway 14.4.8 Uploading Firmware File Via Console Port Step 1. Select 1 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.1 - System Maintenance - Upload System Firmware, and then follow the instructions as shown in the following screen.
Page 165: Figure 14-17 Example Xmodem Upload
ZyWALL 10~100 Series Internet Security Gateway 14.4.9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Type the firmware file’s location, or click Browse to look for it. Choose the Xmodem protocol. Then click Send.
Page 166: Figure 14-18 Menu 24.7.2 As Seen Using The Console Port
ZyWALL 10~100 Series Internet Security Gateway Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload system configuration file: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atlc" after "Enter Debug Mode" message.
Page 167: Figure 14-19 Example Xmodem Upload
ZyWALL 10~100 Series Internet Security Gateway Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 14-19 Example Xmodem Upload After the configuration upload process has completed, restart the ZyWALL by entering “atgo”.
Page 169: Chapter 15 System Maintenance & Information
ZyWALL 10~100 Series Internet Security Gateway Chapter 15 System Maintenance & Information This chapter leads you through SMT menus 24.8 to 24.10. The Real Time Chip (RTC) applies to the ZyWALL 100, 50 and 10W. 15.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main router firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
Page 170: Figure 15-2 Valid Commands
A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ?
Page 171: Figure 15-3 Call Control
ZyWALL 10~100 Series Internet Security Gateway Table 15-1 Valid Commands These commands display dial backup information and control dial backup connections. These commands display IP information and configure IP settings. ipsec These commands display IPSec information and configure IPSec settings.
Page 172: Figure 15-4 Budget Management
ZyWALL 10~100 Series Internet Security Gateway 15.2.1 Budget Management Menu 24.9.1 shows the budget management statistics for outgoing calls. Enter 1 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. Menu 24.9.1 - Budget Management...
Page 173: Figure 15-5 Call History
ZyWALL 10~100 Series Internet Security Gateway 15.2.2 Call History This is the second option in Menu 24.9 - System Maintenance - Call Control. It displays information about past incoming and outgoing calls. Enter 2 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu.
Page 174: Figure 15-6 Menu 24: System Maintenance
ZyWALL 10~100 Series Internet Security Gateway 15.3 Time and Date Setting The Real Time Chip (RTC) keeps track of the time and date (Not available on all models). There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyWALL.
Page 175: Figure 15-7 Menu 24.10 System Maintenance: Time And Date Setting
ZyWALL 10~100 Series Internet Security Gateway Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= NTP (RFC-1305) Time Server Address= tick.stdtime.gov.tw Current Time: 00 : 00 : 00 New Time (hh:mm:ss): 11 : 23 : 16...
Page 176: Resetting The Time
ZyWALL 10~100 Series Internet Security Gateway Table 15-4 Time and Date Setting Fields FIELD DESCRIPTION Time Zone Press [SPACE BAR] and then [ENTER] to set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Saving Daylight Saving Time is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daylight time in the evenings.
Page 177: Remote Management
ZyWALL 10~100 Series Internet Security Gateway Chapter 16 Remote Management This chapter covers remote management found in SMT menu 24.11. 16.1 Remote Management Remote management control is for managing Telnet, Web and FTP services. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.
Page 178: Figure 16-1 Menu 24.11 - Remote Management Control
ZyWALL 10~100 Series Internet Security Gateway To disable remote management of a service, select Disable in the corresponding Server Access field. Enter 11 from menu 24 to bring up Menu 24.11 – Remote Management Control. Menu 24.11 - Remote Management Control...
Page 179: Remote Management Limitations
ZyWALL 10~100 Series Internet Security Gateway 16.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: 1. A filter in menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service.
Page 181: Troubleshooting
IP Policy Routing, Call Scheduling, VPN/IPSec, and Troubleshooting Part IV: IP Policy Routing, Call Scheduling, VPN/IPSec, and Troubleshooting This part provides information on how to configure IP Policy Routing, call scheduling, VPN/IPSec and Troubleshooting.
Page 183: Chapter 17 Ip Policy Routing
ZyWALL 10~100 Series Internet Security Gateway Chapter 17 IP Policy Routing This chapter covers setting and applying policies used for IP routing. IP Policy Routing applies to the ZyWALL 100. 17.1 Introduction to IP Policy Routing Traditionally, routing is based on the destination address only and the ZyWALL takes the shortest path to forward a packet.
Page 184: Figure 17-2 Ip Routing Policy Setup
ZyWALL 10~100 Series Internet Security Gateway address and port, ToS and precedence (fields in the IP header) and length. The inclusion of length criterion is to differentiate between interactive and bulk traffic. Interactive applications, e.g., telnet, tend to have short packets, while bulk traffic, e.g., file transfer, tends to have large packets.
Page 185: Figure 17-4 Menu 25.1: Sample Ip Routing Policy Setup
ZyWALL 10~100 Series Internet Security Gateway Step 2. Type the index of the policy set you want to configure to open Menu 25.1 – IP Routing Policy Setup. Menu 25.1 shows the summary of a policy set, including the criteria and the action of a single policy, and whether a policy is active or not.
Page 186: Figure 17-5 Ip Routing Policy
ZyWALL 10~100 Series Internet Security Gateway Table 17-1 IP Routing Policy Setup ABBREVIATION MEANING Outgoing Type of service Outgoing Precedence Service Normal Minimum Delay Maximum Throughput Maximum Reliability Minimum Cost Type a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule.
Page 187 ZyWALL 10~100 Series Internet Security Gateway Table 17-2 IP Routing Policy FIELD DESCRIPTION Active Press [SPACE BAR] and then [ENTER] to select Yes to activate the policy. Criteria IP Protocol Enter a number that represents an IP layer 4 protocol, for example, UDP=17, TCP=6, ICMP=1 and Don’t care=0.
Page 188: Figure 17-6 Menu 3.2: Tcp/Ip And Dhcp Ethernet Setup
ZyWALL 10~100 Series Internet Security Gateway Table 17-2 IP Routing Policy FIELD DESCRIPTION When you have completed this menu, press [ENTER] at the prompt “Press [ENTER] to confirm or [ESC] to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Page 189: Figure 17-7 Example Of Ip Policy Routing
ZyWALL 10~100 Series Internet Security Gateway 17.6 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure.
Page 190: Figure 17-8 Ip Routing Policy Example
ZyWALL 10~100 Series Internet Security Gateway Menu 25.1.1 - IP Routing Policy Policy Set Name= set1 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 192.168.1.2 end= 192.168.1.64...
Page 191: Figure 17-9 Ip Routing Policy
ZyWALL 10~100 Series Internet Security Gateway Step 5. Create a rule in menu 25.1.1 for this set to route packets from any host (IP=0.0.0.0 means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100). Menu 25.1.1 - IP Routing Policy...
Page 192: Figure 17-10 Applying Ip Policies
ZyWALL 10~100 Series Internet Security Gateway Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 64 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1...
Page 193: Figure 18-1 Schedule Setup
ZyWALL 10~100 Series Internet Security Gateway Chapter 18 Call Scheduling Call scheduling allows you to dictate when a remote node should be called and for how long. 18.1 Introduction to Call Scheduling The call scheduling feature allows the ZyWALL to manage a remote node and dictate when a remote node should be called and for how long.
Page 194: Figure 18-2 Schedule Set Setup
ZyWALL 10~100 Series Internet Security Gateway To set up a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 - Schedule Set Setup as shown next. Menu 26.1 - Schedule Set Setup Active= Yes Start Date(yyyy/mm/dd) = 2000 –...
Page 195 ZyWALL 10~100 Series Internet Security Gateway Table 18-1Schedule Set Setup Fields FIELD DESCRIPTION OPTIONS Weekday: If you selected Weekly in the How Often field above, then select the day(s) when the set should activate (and recur) by going to that day(s) and pressing [SPACE BAR] to select Yes, then press [ENTER].
Page 196: Figure 18-3 Applying Schedule Set(S) To A Remote Node (Pppoe)
ZyWALL 10~100 Series Internet Security Gateway Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes Encapsulation= PPPoE Edit IP= No Service Type= Standard Telco Option: Service Name= Allocated Budget(min)= 0 Outgoing= Period(hr)= 0 My Login=...
Page 197: Figure 18-4 Applying Schedule Set(S) To A Remote Node (Pptp)
ZyWALL 10~100 Series Internet Security Gateway Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes Encapsulation= PPTP Edit IP= No Service Type= Standard Telco Option: Service Name=N/A Allocated Budget(min)= 0 Outgoing= Period(hr)= 0 My Login=...
Page 199: Figure 19-1 Vpn Smt Menu Tree
ZyWALL 10~100 Series Internet Security Gateway Chapter 19 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 19.1 Introduction The VPN/IPSec main SMT menu has these main submenus: 1. Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.
Page 200: Figure 19-2 Menu 27: Vpn/Ipsec Setup
ZyWALL 10~100 Series Internet Security Gateway Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor Enter Menu Selection Number: Figure 19-2 Menu 27: VPN/IPSec Setup 19.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 — IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
Page 201: Table 19-1 Menu 27.1: Ipsec Summary
ZyWALL 10~100 Series Internet Security Gateway Table 19-1 Menu 27.1: IPSec Summary FIELD DESCRIPTION EXAMPLE This is the VPN policy index number. Name This field displays the unique identification name for this VPN rule. The Taiwan name may be up to 32 characters long but only 10 characters will be displayed here.
Page 202 ZyWALL 10~100 Series Internet Security Gateway Table 19-1 Menu 27.1: IPSec Summary FIELD DESCRIPTION EXAMPLE IPSec This field displays the security protocols used for an SA. ESP provides ESP DES MD5 Algorithm confidentiality and integrity of data by encrypting the data and encapsulating it into IP packets.
Page 203 ZyWALL 10~100 Series Internet Security Gateway Table 19-1 Menu 27.1: IPSec Summary FIELD DESCRIPTION EXAMPLE Remote When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to 172.16.2.46 Addr End Single, this is the same (static) IP address as in the Remote Addr Start field.
Page 204: Ipsec Setup
ZyWALL 10~100 Series Internet Security Gateway 19.3 IPSec Setup Select Edit in the Select Command field; type the index number of a rule in the Select Rule field and press [ENTER] to edit the VPN using the menu shown next.
Page 205 ZyWALL 10~100 Series Internet Security Gateway Table 19-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE Keep Alive Press [SPACE BAR] to choose either Yes or No. Choose Yes and press [ENTER] to have the ZyWALL automatically re-initiate the SA after the SA lifetime times out, even if there is no traffic.
Page 206 ZyWALL 10~100 Series Internet Security Gateway Table 19-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE Peer ID type Press [SPACE BAR] to choose IP, DNS, or E-mail and press [ENTER]. Select IP to identify the remote IPSec router by its IP address.
Page 207 ZyWALL 10~100 Series Internet Security Gateway Table 19-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE IP Addr Start When the Addr Type field is configured to Single, enter a static IP 192.168.1.35 address on the LAN behind your ZyWALL. When the Addr Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on your LAN behind your ZyWALL.
Page 208 ZyWALL 10~100 Series Internet Security Gateway Table 19-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE IP Addr Start When the Addr Type field is configured to Single, enter a static IP 4.4.4.4 address on the network behind the remote IPSec router.
Page 209: Ike Setup
ZyWALL 10~100 Series Internet Security Gateway Table 19-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] to choose either IKE or Manual and then press Management [ENTER]. Manual is useful for troubleshooting if you have problems using IKE key management.
Page 210: Table 19-3 Menu 27.1.1.1: Ike Setup
ZyWALL 10~100 Series Internet Security Gateway Table 19-3 Menu 27.1.1.1: IKE Setup FIELD DESCRIPTION EXAMPLE Phase 1 Press [SPACE BAR] to choose from Main or Aggressive and then press Main Negotiation Mode [ENTER]. See earlier for a discussion of these modes. Multiple SAs connecting through a secure gateway must have the same negotiation mode.
Page 211: Manual Setup
ZyWALL 10~100 Series Internet Security Gateway Table 19-3 Menu 27.1.1.1: IKE Setup FIELD DESCRIPTION EXAMPLE Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
Page 212: Figure 19-6 Menu 27.1.1.2: Manual Setup
ZyWALL 10~100 Series Internet Security Gateway Table 19-4 Active Protocol: Encapsulation and Security Protocol MODE SECURITY PROTOCOL Tunnel Transport 19.5.2 Security Parameter Index (SPI) To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 – IPSec Setup press [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 27.1.1.2 –...
Page 213 ZyWALL 10~100 Series Internet Security Gateway Table 19-5 Menu 27.1.1.2: Manual Setup FIELD DESCRIPTION EXAMPLE Encryption Press [SPACE BAR] to choose from NULL, 3DES or DES and then press Algorithm [ENTER]. Fill in the Key1 field below when you choose DES and fill in fields Key1 to Key3 when you choose 3DES.
Page 215: Figure 20-1 Menu 27.2: Sa Monitor
ZyWALL 10~100 Series Internet Security Gateway Chapter 20 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 20.1 Introduction A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.
Page 216: Table 20-1 Menu 27.2: Sa Monitor
ZyWALL 10~100 Series Internet Security Gateway Table 20-1 Menu 27.2: SA Monitor FIELD DESCRIPTION EXAMPLE This is the security association index number. Name This field displays the identification name for this VPN policy. This name is Taiwan unique for each connection where the secure gateway IP address is a public static IP address.
Page 217: Table 21-1 Troubleshooting The Start-Up Of Your Zywall
ZyWALL 10~100 Series Internet Security Gateway Chapter 21 Troubleshooting This chapter covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Please see the included disk for further information. DMZ applies to the ZyWALL 100.
Page 218: Table 21-2 Troubleshooting The Lan Interface
ZyWALL 10~100 Series Internet Security Gateway 21.1 Problems with the LAN Interface Table 21-2 Troubleshooting the LAN Interface PROBLEM CORRECTIVE ACTION Cannot access Check your Ethernet cable type and connections. Refer to the Rear Panel and the ZyWALL Connections section in the Web Configurator User’s Guide for LAN connection from the LAN.
Page 219: Table 21-4 Troubleshooting The Wan Interface
ZyWALL 10~100 Series Internet Security Gateway 21.3 Problems with the WAN Interface Table 21-4 Troubleshooting the WAN interface PROBLEM CORRECTIVE ACTION Cannot get The WAN IP is provided when the ISP recognizes the user as an authorized user after WAN IP from verifying the MAC address, Host Name or User ID.
Page 220: Table 21-6 Troubleshooting The Password
ZyWALL 10~100 Series Internet Security Gateway 23.2 Problems with the Password Table 21-6 Troubleshooting the Password PROBLEM CORRECTIVE ACTION Cannot The Password field is case sensitive. Make sure that you enter the correct password access the using the proper casing.
Page 221 Index Part V: Index This part provides an index of key terms.
Page 223 ZyWALL 10~100 Series Internet Security Gateway Index Command Line ..........14-3 Access Point............. 4-7 Community ............ 12-1 Active..........3-7, 3-9, 7-3 Configuration File Allocated Budget ........3-8, 7-6 Backup ............14-2 AT command ........3-3, 3-4, 14-2 Maintenance..........14-1 Authen............3-7, 7-6 Connection ID/Name ........7-7 Authentication........3-7, 7-5, 7-6...
Page 224 ZyWALL 10~100 Series Internet Security Gateway Setup ............. 5-1, 5-2 Configuring ..........11-4 TCP/IP Setup ........See TCP/IP DMZ ............11-17 DMZ Setup ............5-1 Example............11-13 Generic Filter Rule ........11-11 Primary Server ..........4-3 Generic Rule..........11-11 Secondary Server ......... 4-3 NAT............11-15 Domain Name........13-3, 13-5 Remote Node..........11-18...
Page 225 ZyWALL 10~100 Series Internet Security Gateway IP Policy Routing (IPPR) Gateway IP Addr..........7-9 Applying an IP Policy........ 17-6 Gateway IP Address........6-2, 8-2 Ethernet IP Policies........17-6 General Setup........... 2-1 Gateway ............. 17-5 IP Pool ............. 4-3 Hidden Menus..........1-2 IP Ports ..........
Page 226 ZyWALL 10~100 Series Internet Security Gateway Log Facility............ 13-8 Network Address Translation......6-2 Login Name ......See My Login Name Network Address Translation (NAT) ....9-1 Login Screen........See Password Offline ..............2-3 MAC Address ........3-1, 3-2, 21-3 Outgoing Protocol Filters .........4-6 MAC service data unit ........4-7 Main Menu ............
Page 227 ZyWALL 10~100 Series Internet Security Gateway Rem IP Address ..........3-10 Server IP ............7-4 Rem Node Name........3-6, 3-9, 7-3 Service Name........... 7-3 Remote Management ........16-1 Service Set ............4-7 Remote Management Limitations ....16-3 Service Type ........6-2, 7-3, 21-3 Remote Node ...........
Page 228 ZyWALL 10~100 Series Internet Security Gateway TCP/IP filter rule ........... 11-6 WAN Interface ...........21-3 Terminal Emulation ......... 1-1 Type of Service ......17-1, 17-4, 17-5 TFTP.............. 14-5 File Upload ..........14-14 UNIX Syslog ........13-7, 13-8 GUI-based Clients ........14-6 Upload Firmware..........14-11...

This manual is also suitable for:

Zywall 10w Zywall 50 Zywall 100 Ppc 10

ZyXEL Communications ZyWall 10 User Manual

Chapter 1 Introducing the SMT

Chapter 2 SMT Menu 1 - General Setup

Chapter 3 WAN and Dial Backup Setup

Chapter 4 LAN Setup

Chapter 5 DMZ Setup

Chapter 6 Internet Access

Chapter 7 Remote Node Setup

Chapter 8 IP Static Route Setup

Chapter 9 Network Address Translation (NAT)

Chapter 10 Introducing the Zywall Firewall

Chapter 11 Filter Configuration

Chapter 12 SNMP Configuration

Chapter 16 Remote Management

Chapter 13 System Information & Diagnosis

Chapter 14 Firmware and Configuration File Maintenance

Chapter 15 System Maintenance & Information

Chapter 17 IP Policy Routing

Chapter 18 Call Scheduling

Chapter 19 Vpn/Ipsec Setup

Chapter 20 SA Monitor

Chapter 21 Troubleshooting

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications ZyWall 10

Summary of Contents for ZyXEL Communications ZyWall 10