Sign In
Upload
Manuals
Brands
ZyXEL Communications Manuals
Software
ZYWALL 2WG - V4.03
ZyXEL Communications ZYWALL 2WG - V4.03 Manuals
Manuals and User Guides for ZyXEL Communications ZYWALL 2WG - V4.03. We have
1
ZyXEL Communications ZYWALL 2WG - V4.03 manual available for free PDF download: User Manual
ZyXEL Communications ZYWALL 2WG - V4.03 User Manual (784 pages)
internet security appliance
Brand:
ZyXEL Communications
| Category:
Software
| Size: 24.7 MB
Table of Contents
About this User's Guide
3
Document Conventions
4
Safety Warnings
6
Table of Contents
9
Contents Overview
9
Table of Contents
11
List of Figures
29
List of Tables
43
Introduction
51
PART I Introduction
51
Chapter 1 Getting to Know Your Zywall
53
Zywall Internet Security Appliance Overview
53
Ways to Manage the Zywall
53
Good Habits for Managing the Zywall
54
Applications for the Zywall
54
Secure Broadband Internet Access Via Cable or DSL Modem
54
Figure 1 Secure Internet Access Via Cable or DSL Modem
54
VPN Application
55
WAN Application
55
Figure 2 VPN Application
55
Figure 3 3G WAN Application
55
Front Panel Lights
56
Figure 4 Front Panel
56
Table 1 Front Panel Lights
56
Chapter 2 Introducing the Web Configurator
57
Web Configurator Overview
57
Accessing the Zywall Web Configurator
57
Figure 5 Change Password Screen
58
Figure 6 Replace Certificate Screen
58
Resetting the Zywall
59
Procedure to Use the Reset Button
59
Uploading a Configuration File Via Console Port
59
Figure 7 Example Xmodem Upload
59
Navigating the Zywall Web Configurator
60
Title Bar
60
Figure 8 HOME Screen
60
Table 2 Title Bar: Web Configurator Icons
60
Main Window
61
HOME Screen: Router Mode
61
Figure 9 Web Configurator HOME Screen in Router Mode
61
Table 3 Web Configurator HOME Screen in Router Mode
62
HOME Screen: Bridge Mode
67
Figure 10 Web Configurator HOME Screen in Bridge Mode
67
Table 4 Web Configurator HOME Screen in Bridge Mode
67
Navigation Panel
70
Table 5 Bridge and Router Mode Features Comparison
70
Table 6 Screens Summary
71
Port Statistics
74
Figure 11 HOME > Show Statistics
74
Show Statistics: Line Chart
75
Figure 12 HOME > Show Statistics > Line Chart
75
Table 7 HOME > Show Statistics
75
DHCP Table Screen
76
Figure 13 HOME > DHCP Table
76
Table 8 HOME > Show Statistics > Line Chart
76
Table 9 HOME > DHCP Table
76
VPN Status
77
Figure 14 HOME > VPN Status
77
Table 10 HOME > VPN Status
77
Bandwidth Monitor
78
Figure 15 Home > Bandwidth Monitor
78
Table 11 ADVANCED > BW MGMT > Monitor
78
Wizard Setup
81
Chapter 3 Wizard Setup
81
Wizard Setup Overview
81
Internet Access
81
Figure 16 Wizard Setup Welcome
81
Figure 17 ISP Parameters: Ethernet Encapsulation
82
ISP Parameters
82
Table 12 ISP Parameters: Ethernet Encapsulation
82
Figure 18 ISP Parameters: Pppoe Encapsulation
83
Pptp Encapsulation
84
Table 13 ISP Parameters: Pppoe Encapsulation
84
Figure 19 ISP Parameters: PPTP Encapsulation
85
Table 14 ISP Parameters: PPTP Encapsulation
85
Figure 20 Internet Access Wizard: Second Screen
86
Internet Access Wizard: Second Screen
86
Figure 21 Internet Access Setup Complete
87
Internet Access Wizard: Registration
87
Figure 22 Internet Access Wizard: Registration
88
Table 15 Internet Access Wizard: Registration
88
Figure 23 Internet Access Wizard: Registration in Progress
89
Figure 24 Internet Access Wizard: Status
89
Figure 25 Internet Access Wizard: Registration Failed
89
Internet Access Wizard: Status
89
Internet Access Wizard: Service Activation
90
VPN Wizard Gateway Setting
90
Figure 26 Internet Access Wizard: Registered Device
90
Figure 27 Internet Access Wizard: Activated Services
90
Figure 28 VPN Wizard: Gateway Setting
91
Table 16 VPN Wizard: Gateway Setting
91
VPN Wizard Network Setting
92
Figure 29 VPN Wizard: Network Setting
92
Table 17 VPN Wizard: Network Setting
92
VPN Wizard IKE Tunnel Setting (IKE Phase 1)
93
Figure 30 VPN Wizard: IKE Tunnel Setting
94
Table 18 VPN Wizard: IKE Tunnel Setting
94
VPN Wizard Ipsec Setting (IKE Phase 2)
95
Figure 31 VPN Wizard: Ipsec Setting
95
VPN Wizard Status Summary
96
Table 19 VPN Wizard: Ipsec Setting
96
Figure 32 VPN Wizard: VPN Status
97
Table 20 VPN Wizard: VPN Status
97
VPN Wizard Setup Complete
99
Figure 33 VPN Wizard Setup Complete
99
Tutorial
101
Chapter 4 Tutorial
101
Security Settings for VPN Traffic
101
Firewall Rule for VPN Example
101
Configuring the VPN Rule
102
Figure 34 Firewall Rule for VPN
102
Figure 35 SECURITY > VPN > VPN Rules (IKE)
102
Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy
103
Figure 37 SECURITY > VPN > VPN Rules (IKE): with Gateway Policy Example
104
Configuring the Firewall Rules
105
Figure 38 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy
105
Figure 39 SECURITY > FIREWALL > Rule Summary
106
Figure 40 SECURITY > FIREWALL > Rule Summary > Edit: Allow
107
Figure 41 SECURITY > FIREWALL > Rule Summary: Allow
108
Figure 42 SECURITY > FIREWALL > Default Rule: Block from VPN to LAN
108
Using NAT with Multiple Public IP Addresses
109
Example Parameters and Scenario
109
Figure 43 Tutorial Example: Using NAT with Static Public IP Addresses
109
Configuring the WAN Connection with a Static IP Address
110
Figure 44 Tutorial Example: WAN Connection with a Static Public IP Address
110
Figure 45 Tutorial Example: WAN 1 Screen
111
Figure 46 Tutorial Example: DNS > System
111
Figure 47 Tutorial Example: DNS > System Edit-1
112
Figure 48 Tutorial Example: DNS > System Edit-2
112
Public IP Address Mapping
113
Figure 49 Tutorial Example: DNS > System: Done
113
Figure 50 Tutorial Example: Status
113
Figure 51 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers
114
Figure 52 Tutorial Example: NAT > NAT Overview
115
Figure 53 Tutorial Example: NAT > Address Mapping
116
Figure 54 Tutorial Example: NAT Address Mapping Edit: One-To-One (1)
116
Figure 55 Tutorial Example: NAT Address Mapping Edit: One-To-One (2)
117
Figure 56 Tutorial Example: NAT Address Mapping Edit: Many-To-One
117
Forwarding Traffic from the WAN to a Local Computer
118
Figure 57 Tutorial Example: NAT Address Mapping Done
118
Figure 58 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer
119
Figure 59 Tutorial Example: NAT Address Mapping Edit: Server
119
Allow WAN-To-LAN Traffic through the Firewall
120
Figure 60 Tutorial Example: NAT Port Forwarding
120
Figure 61 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer
120
Figure 62 Tutorial Example: Firewall Default Rule
121
Figure 63 Tutorial Example: Firewall Rule: WAN1 to LAN
121
Figure 64 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server
122
Figure 65 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server
123
Figure 66 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server
124
Figure 67 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server
124
Figure 68 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server
125
Figure 69 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server
126
Figure 70 Tutorial Example: Firewall Rule Summary
126
Testing the Connections
127
Using NAT with Multiple Game Players
127
How to Manage the Zywall's Bandwidth
128
Example Parameters and Scenario
128
Figure 71 Tutorial Example: NAT Address Mapping Done: Game Playing
128
Configuring Bandwidth Management Rules
129
Figure 72 Tutorial Example: Bandwidth Management
129
Figure 73 Tutorial Example: Bandwidth Management Summary
130
Figure 74 Tutorial Example: Bandwidth Management Class Setup
130
Figure 75 Tutorial Example: Bandwidth Management Class Setup: Voip
131
Figure 76 Tutorial Example: Bandwidth Management Class Setup: FTP
131
Figure 77 Tutorial Example: Bandwidth Management Class Setup: WWW
132
Figure 78 Tutorial Example: Bandwidth Management Class Setup Done
132
Configuring Content Filtering
133
Enable Content Filtering
133
Figure 79 Tutorial Example: Bandwidth Management Monitor
133
Block Categories of Web Content
134
Figure 80 SECURITY > CONTENT FILTER > General
134
Figure 81 SECURITY > CONTENT FILTER > Policy
135
Figure 82 SECURITY > CONTENT FILTER > Policy > External Database (Default)
135
Assign Bob's Computer a Specific IP Address
136
Create a Content Filter Policy for Bob
136
Figure 83 HOME > DHCP Table
136
Figure 84 SECURITY > CONTENT FILTER > Policy
136
Set the Content Filter Schedule
137
Figure 85 SECURITY > CONTENT FILTER > Policy > Insert
137
Figure 86 SECURITY > CONTENT FILTER > Policy
137
Block Categories of Web Content for Bob
138
Figure 87 SECURITY > CONTENT FILTER > Policy > Schedule (Bob)
138
Figure 88 SECURITY > CONTENT FILTER > Policy
139
Figure 89 SECURITY > CONTENT FILTER > Policy > External Database (Bob)
139
Registration
141
Chapter 5 Registration
141
Myzyxel.com Overview
141
Content Filtering Subscription Service
141
Registration
142
Figure 90 REGISTRATION
142
Table 21 REGISTRATION
142
Service
143
Figure 91 REGISTRATION: Registered Device
143
Figure 92 REGISTRATION > Service
144
Table 22 REGISTRATION > Service
144
Network and Wireless
145
Part II: Network and Wireless
145
LAN Screens
147
Chapter 6 LAN Screens
147
LAN, WAN and the Zywall
147
IP Address and Subnet Mask
147
Figure 93 LAN and WAN
147
Private IP Addresses
148
Dhcp
149
IP Pool Setup
149
RIP Setup
149
Multicast
149
Wins
150
Lan
150
Figure 94 NETWORK > LAN
151
Table 23 NETWORK > LAN
151
LAN Static DHCP
153
LAN IP Alias
154
Figure 95 NETWORK > LAN > Static DHCP
154
Table 24 NETWORK > LAN > Static DHCP
154
Figure 96 Physical Network & Partitioned Logical Networks
155
Figure 97 NETWORK > LAN > IP Alias
155
LAN Port Roles
156
Table 25 NETWORK > LAN > IP Alias
156
Figure 98 NETWORK > LAN > Port Roles
157
Figure 99 Port Roles Change Complete
157
Table 26 NETWORK > LAN > Port Roles
157
Bridge Screens
159
Chapter 7 Bridge Screens
159
Bridge Loop
159
Figure 100 Bridge Loop: Bridge Connected to Wired LAN
159
Spanning Tree Protocol (STP)
160
Rapid STP
160
STP Terminology
160
How STP Works
160
Table 27 STP Path Costs
160
STP Port States
161
Bridge
161
Table 28 STP Port States
161
Figure 101 NETWORK > Bridge
162
Table 29 NETWORK > Bridge
162
Bridge Port Roles
163
Figure 102 NETWORK > Bridge > Port Roles
164
Figure 103 Port Roles Change Complete
164
Table 30 NETWORK > Bridge > Port Roles
164
WAN Screens
165
Chapter 8 WAN Screens
165
WAN Overview
165
Multiple WAN
165
Load Balancing Introduction
166
Load Balancing Algorithms
166
Least Load First
166
Weighted Round Robin
167
Figure 104 Least Load First Example
167
Table 31 Least Load First: Example 1
167
Table 32 Least Load First: Example 2
167
Spillover
168
Figure 105 Weighted Round Robin Algorithm Example
168
Figure 106 Spillover Algorithm Example
168
WAN Interface to Local Host Mapping Timeout
169
Figure 107 Different WAN IP Addresses
169
TCP/IP Priority (Metric)
170
WAN General
170
Figure 108 NETWORK > WAN General
171
Table 33 NETWORK > WAN General
172
Configuring Load Balancing
174
Least Load First
174
Figure 109 Load Balancing: Least Load First
174
Table 34 Load Balancing: Least Load First
174
Weighted Round Robin
175
Figure 110 Load Balancing: Weighted Round Robin
175
Table 35 Load Balancing: Weighted Round Robin
175
Spillover
176
Figure 111 Load Balancing: Spillover
176
Table 36 Load Balancing: Spillover
176
WAN IP Address Assignment
177
DNS Server Address Assignment
177
Table 37 Private IP Address Ranges
177
WAN MAC Address
178
Wan 1
178
WAN Ethernet Encapsulation
178
Figure 112 NETWORK > WAN > WAN 1 (Ethernet Encapsulation)
179
Table 38 NETWORK > WAN > WAN 1 (Ethernet Encapsulation)
179
Pppoe Encapsulation
181
Figure 113 NETWORK > WAN > WAN 1 (Pppoe Encapsulation)
182
Table 39 NETWORK > WAN > WAN 1 (Pppoe Encapsulation)
182
PPTP Encapsulation
184
Figure 114 NETWORK > WAN > WAN 1 (PPTP Encapsulation)
185
Table 40 NETWORK > WAN > WAN 1 (PPTP Encapsulation)
185
Wan 2 (3G Wan)
187
Table 41 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies
188
Figure 115 NETWORK > WAN > WAN 2 (3G WAN)
190
Table 42 NETWORK > WAN > WAN 2 (3G WAN)
190
Traffic Redirect
193
Figure 116 Traffic Redirect WAN Setup
193
Configuring Traffic Redirect
194
Figure 117 Traffic Redirect LAN Setup
194
Figure 118 NETWORK > WAN > Traffic Redirect
194
Table 43 NETWORK > WAN > Traffic Redirect
194
Configuring Dial Backup
195
Figure 119 NETWORK > WAN > Dial Backup
195
Table 44 NETWORK > WAN > Dial Backup
195
Advanced Modem Setup
197
AT Command Strings
197
DTR Signal
198
Response Strings
198
Configuring Advanced Modem Setup
198
Figure 120 NETWORK > WAN > Dial Backup > Edit
198
Table 45 NETWORK > WAN > Dial Backup > Edit
199
DMZ Screens
201
Chapter 9 DMZ Screens
201
Dmz
201
Configuring DMZ
201
Figure 121 NETWORK > DMZ
202
Table 46 NETWORK > DMZ
202
DMZ Static DHCP
204
DMZ IP Alias
205
Figure 122 NETWORK > DMZ > Static DHCP
205
Table 47 NETWORK > DMZ > Static DHCP
205
Figure 123 NETWORK > DMZ > IP Alias
206
Table 48 NETWORK > DMZ > IP Alias
206
DMZ Public IP Address Example
207
DMZ Private and Public IP Address Example
208
Figure 124 DMZ Public Address Example
208
DMZ Port Roles
209
Figure 125 DMZ Private and Public Address Example
209
Figure 126 NETWORK > DMZ > Port Roles
210
Table 49 NETWORK > DMZ > Port Roles
210
Wireless LAN
211
Chapter 10 Wireless LAN
211
Wireless LAN Introduction
211
Figure 127 Example of a Wireless Network
211
Configuring WLAN
212
Figure 128 NETWORK > WLAN
213
Table 50 NETWORK > WLAN
213
WLAN Static DHCP
215
WLAN IP Alias
216
Figure 129 NETWORK > WLAN > Static DHCP
216
Table 51 NETWORK > WLAN > Static DHCP
216
Figure 130 NETWORK > WLAN > IP Alias
217
Table 52 NETWORK > WLAN > IP Alias
217
WLAN Port Roles
218
Figure 131 WLAN Port Role Example
219
Wireless Security Overview
220
Figure 132 NETWORK > WLAN > Port Roles
220
Figure 133 NETWORK > WLAN > Port Roles: Change Complete
220
Table 53 NETWORK > WLAN > Port Roles
220
MAC Address Filter
221
Ssid
221
User Authentication
221
Encryption
222
Table 54 Types of Encryption for each Type of Authentication
222
Additional Installation Requirements for Using 802.1X
223
Wireless Card
223
Figure 134 WIRELESS > Wi-Fi > Wireless Card
224
Table 55 WIRELESS > Wi-Fi > Wireless Card
224
Figure 135 Configuring SSID
226
SSID Profile
226
Configuring Wireless Security
227
Table 56 Configuring SSID
227
Table 57 Security Modes
227
Figure 136 WIRELESS > Wi-Fi > Security
228
No Security
228
Table 58 WIRELESS > Wi-Fi > Security
228
Figure 137 WIRELESS > Wi-Fi > Security: None
229
Figure 138 WIRELESS > Wi-Fi > Security: WEP
229
Static WEP
229
Table 59 WIRELESS > Wi-Fi > Security: None
229
Figure 139 WIRELESS > Wi-Fi > Security: 802.1X Only
230
IEEE 802.1X Only
230
Table 60 WIRELESS > Wi-Fi > Security: WEP
230
Table 61 WIRELESS > Wi-Fi > Security: 802.1X Only
230
Figure 140 WIRELESS > Wi-Fi > Security: 802.1X + Static WEP
231
IEEE 802.1X + Static WEP
231
Table 62 WIRELESS > Wi-Fi > Security: 802.1X + Static WEP
231
Figure 141 WIRELESS > Wi-Fi > Security: WPA, WPA2 or WPA2-MIX
232
Wpa, Wpa2, Wpa2-MIX
232
Table 63 WIRELESS > Wi-Fi > Security: WPA, WPA2 or WPA2-MIX
233
Wpa-Psk, Wpa2-Psk, Wpa2-Psk-MIX
233
Figure 142 WIRELESS > Wi-Fi > Security: WPA(2)-PSK
234
Table 64 WIRELESS > Wi-Fi > Security: WPA(2)-PSK
234
MAC Filter
235
Figure 143 NETWORK > WIRELESS CARD > MAC Filter
235
Table 65 WIRELESS > Wi-Fi > MAC Filter
235
Security
237
Part III: Security
237
Firewall
239
Chapter 11 Firewall
239
Firewall Overview
239
Figure 144 Default Firewall Action
239
Packet Direction Matrix
240
Figure 145 SECURITY > FIREWALL > Default Rule (Router Mode)
240
Figure 146 Default Block Traffic from WAN1 to DMZ Example
241
Packet Direction Examples
242
To VPN Packet Direction
243
Figure 147 from LAN to VPN Example
243
From VPN Packet Direction
244
Figure 148 Block DMZ to VPN Traffic by Default Example
244
Figure 149 from VPN to LAN Example
245
From VPN to VPN Packet Direction
246
Figure 150 Block VPN to LAN Traffic by Default Example
246
Figure 151 from VPN to VPN Example
247
Figure 152 Block VPN to VPN Traffic by Default Example
247
Security Considerations
248
Firewall Rules Example
248
Figure 153 Blocking All LAN to WAN IRC Traffic Example
248
Figure 154 Limited LAN to WAN IRC Traffic Example
249
Table 66 Blocking All LAN to WAN IRC Traffic Example
249
Table 67 Limited LAN to WAN IRC Traffic Example
249
Asymmetrical Routes
250
Asymmetrical Routes and IP Alias
250
Firewall Default Rule (Router Mode)
251
Figure 155 Using IP Alias to Solve the Triangle Route Problem
251
Figure 156 SECURITY > FIREWALL > Default Rule (Router Mode)
251
Table 68 SECURITY > FIREWALL > Default Rule (Router Mode)
252
Firewall Default Rule (Bridge Mode)
253
Figure 157 SECURITY > FIREWALL > Default Rule (Bridge Mode)
254
Table 69 SECURITY > FIREWALL > Default Rule (Bridge Mode)
254
Firewall Rule Summary
255
Figure 158 SECURITY > FIREWALL > Rule Summary
256
Table 70 SECURITY > FIREWALL > Rule Summary
256
Firewall Edit Rule
257
Figure 159 SECURITY > FIREWALL > Rule Summary > Edit
258
Table 71 SECURITY > FIREWALL > Rule Summary > Edit
259
Anti-Probing
260
Figure 160 SECURITY > FIREWALL > Anti-Probing
260
Firewall Thresholds
261
Figure 161 Three-Way Handshake
261
Table 72 SECURITY > FIREWALL > Anti-Probing
261
Threshold Values
262
Threshold Screen
262
Figure 162 SECURITY > FIREWALL > Threshold
262
Table 73 SECURITY > FIREWALL > Threshold
263
Service
264
Figure 163 SECURITY > FIREWALL > Service
264
Table 74 SECURITY > FIREWALL > Service
264
Figure 164 Firewall Edit Custom Service
265
Firewall Edit Custom Service
265
My Service Firewall Rule Example
266
Figure 165 My Service Firewall Rule Example: Service
266
Table 75 SECURITY > FIREWALL > Service > Add
266
Figure 166 My Service Firewall Rule Example: Edit Custom Service
267
Figure 167 My Service Firewall Rule Example: Rule Summary
267
Figure 168 My Service Firewall Rule Example: Rule Edit: Source and Destination Addresses
268
Figure 169 My Service Firewall Rule Example: Edit Rule: Service Configuration
269
Figure 170 My Service Firewall Rule Example: Rule Summary: Completed
270
Chapter 12 Content Filtering Screens
271
Content Filtering Overview
271
Restrict Web Features
271
Create a Filter List
271
Customize Web Site Access
271
Content Filtering with an External Database
271
Content Filter General Screen
272
Figure 171 Content Filtering Lookup Procedure
272
Figure 172 SECURITY > CONTENT FILTER > General
273
Table 76 SECURITY > CONTENT FILTER > General
273
Content Filter Policy
275
Figure 173 SECURITY > CONTENT FILTER > Policy
276
Table 77 SECURITY > CONTENT FILTER > Policy
276
Content Filter Policy: General
277
Figure 174 SECURITY > CONTENT FILTER > Policy > General
277
Table 78 SECURITY > CONTENT FILTER > Policy > General
277
Content Filter Policy: External Database
278
Figure 175 SECURITY > CONTENT FILTER > Policy > External Database
279
Table 79 SECURITY > CONTENT FILTER > Policy > External Database
279
Content Filter Policy: Customization
285
Figure 176 SECURITY > CONTENT FILTER > Policy > Customization
286
Table 80 SECURITY > CONTENT FILTER > Policy > Customization
286
Content Filter Policy: Schedule
287
Content Filter Object
288
Figure 177 SECURITY > CONTENT FILTER > Policy > Schedule
288
Table 81 SECURITY > CONTENT FILTER > Policy > Schedule
288
Figure 178 SECURITY > CONTENT FILTER > Object
289
Table 82 SECURITY > CONTENT FILTER > Object
289
Customizing Keyword Blocking URL Checking
290
Domain Name or IP Address URL Checking
290
Full Path URL Checking
291
File Name URL Checking
291
Content Filtering Cache
291
Figure 179 SECURITY > CONTENT FILTER > Cache
292
Table 83 SECURITY > CONTENT FILTER > Cache
292
Chapter 13 Content Filtering Reports
293
Checking Content Filtering Activation
293
Viewing Content Filtering Reports
293
Figure 180 Myzyxel.com: Login
294
Figure 181 Myzyxel.com: Welcome
294
Figure 182 Myzyxel.com: Service Management
295
Figure 183 Blue Coat: Login
295
Figure 184 Content Filtering Reports Main Screen
296
Figure 185 Blue Coat: Report Home
296
Figure 186 Global Report Screen Example
297
Web Site Submission
298
Figure 187 Requested Urls Example
298
Figure 188 Web Page Review Process Screen
299
Ipsec VPN
301
Chapter 14 Ipsec VPN
301
Ipsec VPN Overview
301
Figure 189 VPN: Example
301
Figure 190 VPN: IKE SA and Ipsec SA
302
IKE SA Overview
302
VPN Rules (IKE)
303
Figure 191 Gateway and Network Policies
303
Figure 192 Ipsec Fields Summary
303
Figure 193 SECURITY > VPN > VPN Rules (IKE)
304
Table 84 SECURITY > VPN > VPN Rules (IKE)
304
IKE SA Setup
305
IKE SA Proposal
305
Figure 194 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal
305
Figure 195 IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange
306
Figure 196 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication
306
Table 85 VPN Example: Matching ID Type and Content
307
Table 86 VPN Example: Mismatching ID Type and Content
307
Additional Ipsec VPN Topics
309
Figure 197 VPN/NAT Example
309
Ipsec High Availability
310
SA Life Time
310
Encryption and Authentication Algorithms
311
Figure 198 Ipsec High Availability
311
VPN Rules (IKE) Gateway Policy Edit
312
Figure 199 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy
313
Table 87 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy
314
Ipsec SA Overview
318
Local and Remote Networks
318
Virtual Address Mapping
319
Figure 200 Virtual Mapping of Local and Remote Network IP Addresses
319
Active Protocol
320
Encapsulation
320
Figure 201 VPN: Transport and Tunnel Mode Encapsulation
320
Ipsec SA Proposal and Perfect Forward Secrecy
321
VPN Rules (IKE) Network Policy Edit
321
Figure 202 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy
322
Table 88 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy
323
Network Policy Port Forwarding
326
Figure 203 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding
327
Table 89 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding
327
Network Policy Move
328
Figure 204 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy
328
Table 90 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy
328
Dialing the VPN Tunnel Via Web Configurator
329
Figure 205 VPN Rule Configured
329
Figure 206 VPN Dial
329
VPN Troubleshooting
330
VPN Log
330
Figure 207 VPN Tunnel Established
330
Ipsec Debug
331
Figure 208 VPN Log Example
331
Figure 209 Ike/Ipsec Debug Example
332
Ipsec SA Using Manual Keys
333
Ipsec SA Proposal Using Manual Keys
333
Authentication and the Security Parameter Index (SPI)
333
VPN Rules (Manual)
333
Figure 210 SECURITY > VPN > VPN Rules (Manual)
334
Table 91 SECURITY > VPN > VPN Rules (Manual)
334
VPN Rules (Manual) Edit
335
Figure 211 SECURITY > VPN > VPN Rules (Manual) > Edit
335
Table 92 SECURITY > VPN > VPN Rules (Manual) > Edit
335
VPN SA Monitor
338
VPN Global Setting
338
Local and Remote IP Address Conflict Resolution
338
Figure 212 SECURITY > VPN > SA Monitor
338
Table 93 SECURITY > VPN > SA Monitor
338
Figure 213 Overlap in a Dynamic VPN Rule
339
Figure 214 Overlap in IP Alias and VPN Remote Networks
340
Figure 215 SECURITY > VPN > Global Setting
340
Table 94 SECURITY > VPN > Global Setting
340
Telecommuter Vpn/Ipsec Examples
341
Telecommuters Sharing One VPN Rule Example
342
Telecommuters Using Unique VPN Rules Example
342
Figure 216 Telecommuters Sharing One VPN Rule Example
342
Table 95 Telecommuters Sharing One VPN Rule Example
342
Figure 217 Telecommuters Using Unique VPN Rules Example
343
Table 96 Telecommuters Using Unique VPN Rules Example
343
VPN and Remote Management
344
Hub-And-Spoke VPN
344
Figure 218 VPN for Remote Management Example
344
Figure 219 VPN Topologies
345
Hub-And-Spoke VPN Example
345
Figure 220 Hub-And-Spoke VPN Example
346
Hub-And-Spoke Example VPN Rule Addresses
346
Hub-And-Spoke VPN Requirements and Suggestions
346
Certificates
349
Chapter 15 Certificates
349
Certificates Overview
349
Advantages of Certificates
350
Self-Signed Certificates
350
Verifying a Certificate
350
Checking the Fingerprint of a Certificate on Your Computer
350
Figure 221 Certificates on Your Computer
350
Configuration Summary
351
Figure 222 Certificate Details
351
Figure 223 Certificate Configuration Overview
351
My Certificates
352
Figure 224 SECURITY > CERTIFICATES > My Certificates
352
Table 97 SECURITY > CERTIFICATES > My Certificates
352
My Certificate Details
354
Figure 225 SECURITY > CERTIFICATES > My Certificates > Details
354
Table 98 SECURITY > CERTIFICATES > My Certificates > Details
354
My Certificate Export
356
Certificate File Export Formats
356
Figure 226 SECURITY > CERTIFICATES > My Certificates > Export
356
Table 99 SECURITY > CERTIFICATES > My Certificates > Export
356
My Certificate Import
357
Certificate File Formats
357
Figure 227 SECURITY > CERTIFICATES > My Certificates > Import
358
Table 100 SECURITY > CERTIFICATES > My Certificates > Import
358
My Certificate Create
359
Figure 228 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12
359
Table 101 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12
359
Figure 229 SECURITY > CERTIFICATES > My Certificates > Create (Basic)
360
Figure 230 SECURITY > CERTIFICATES > My Certificates > Create (Advanced)
361
Table 102 SECURITY > CERTIFICATES > My Certificates > Create
361
Trusted Cas
364
Figure 231 SECURITY > CERTIFICATES > Trusted Cas
365
Table 103 SECURITY > CERTIFICATES > Trusted Cas
365
Trusted CA Details
366
Figure 232 SECURITY > CERTIFICATES > Trusted Cas > Details
367
Table 104 SECURITY > CERTIFICATES > Trusted Cas > Details
367
Trusted CA Import
369
Trusted Remote Hosts
370
Figure 233 SECURITY > CERTIFICATES > Trusted Cas > Import
370
Table 105 SECURITY > CERTIFICATES > Trusted Cas Import
370
Figure 234 SECURITY > CERTIFICATES > Trusted Remote Hosts
371
Table 106 SECURITY > CERTIFICATES > Trusted Remote Hosts
371
Trusted Remote Hosts Import
372
Figure 235 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import
372
Table 107 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import
372
Trusted Remote Host Certificate Details
373
Figure 236 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details
373
Table 108 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details
374
Directory Servers
375
Figure 237 SECURITY > CERTIFICATES > Directory Servers
375
Directory Server Add or Edit
376
Figure 238 SECURITY > CERTIFICATES > Directory Server > Add
376
Table 109 SECURITY > CERTIFICATES > Directory Servers
376
Table 110 SECURITY > CERTIFICATES > Directory Server > Add
377
Chapter 16 Authentication Server
379
Authentication Server Overview
379
Local User Database
379
Radius
379
Figure 239 SECURITY > AUTH SERVER > Local User Database
380
Radius
381
Figure 240 SECURITY > AUTH SERVER > RADIUS
381
Table 111 SECURITY > AUTH SERVER > Local User Database
381
Table 112 SECURITY > AUTH SERVER > RADIUS
381
Advanced
383
Part IV: Advanced
383
Chapter 17 Network Address Translation (NAT)
385
NAT Overview
385
NAT Definitions
385
Table 113 NAT Definitions
385
What NAT Does
386
How NAT Works
386
NAT Application
387
Figure 241 How NAT Works
387
Figure 242 NAT Application with IP Alias
387
Port Restricted Cone NAT
388
NAT Mapping Types
388
Figure 243 Port Restricted Cone NAT Example
388
Using NAT
389
SUA (Single User Account) Versus NAT
389
Table 114 NAT Mapping Types
389
NAT Overview Screen
390
Figure 244 ADVANCED > NAT > NAT Overview
390
Table 115 ADVANCED > NAT > NAT Overview
390
NAT Address Mapping
391
What NAT Does
391
Figure 245 ADVANCED > NAT > Address Mapping
392
Table 116 ADVANCED > NAT > Address Mapping
392
NAT Address Mapping Edit
393
Figure 246 ADVANCED > NAT > Address Mapping > Edit
393
Port Forwarding
394
Default Server IP Address
394
Table 117 ADVANCED > NAT > Address Mapping > Edit
394
Port Forwarding: Services and Port Numbers
395
Configuring Servers Behind Port Forwarding (Example)
395
Table 118 Services and Port Numbers
395
NAT and Multiple WAN
396
Port Translation
396
Figure 247 Multiple Servers Behind NAT Example
396
Port Forwarding Screen
397
Figure 248 Port Translation Example
397
Figure 249 ADVANCED > NAT > Port Forwarding
398
Table 119 ADVANCED > NAT > Port Forwarding
398
Port Triggering
399
Figure 250 Trigger Port Forwarding Process: Example
399
Figure 251 ADVANCED > NAT > Port Triggering
400
Table 120 ADVANCED > NAT > Port Triggering
400
Static Route
401
Chapter 18 Static Route
401
IP Static Route
401
Figure 252 Example of Static Routing Topology
401
IP Static Route
402
Figure 253 ADVANCED > STATIC ROUTE > IP Static Route
402
Figure 254 ADVANCED > STATIC ROUTE > IP Static Route > Edit
403
IP Static Route Edit
403
Table 121 ADVANCED > STATIC ROUTE > IP Static Route
403
Table 122 ADVANCED > STATIC ROUTE > IP Static Route > Edit
403
Policy Route
405
Chapter 19 Policy Route
405
Benefits
405
Routing Policy
405
IP Routing Policy Setup
406
Figure 255 ADVANCED > POLICY ROUTE > Policy Route Summary
406
Policy Route Edit
407
Table 123 ADVANCED > POLICY ROUTE > Policy Route Summary
407
Figure 256 Edit IP Policy Route
408
Table 124 ADVANCED > POLICY ROUTE > Edit
408
Bandwidth Management
411
Chapter 20 Bandwidth Management
411
Bandwidth Management Overview
411
Bandwidth Classes and Filters
411
Proportional Bandwidth Allocation
412
Application-Based Bandwidth Management
412
Subnet-Based Bandwidth Management
412
Application and Subnet-Based Bandwidth Management
412
Figure 257 Subnet-Based Bandwidth Management Example
412
Table 125 Application and Subnet-Based Bandwidth Management Example
412
Scheduler
413
Priority-Based Scheduler
413
Fairness-Based Scheduler
413
Maximize Bandwidth Usage
413
Reserving Bandwidth for Non-Bandwidth Class Traffic
413
Maximize Bandwidth Usage Example
414
Table 126 Maximize Bandwidth Usage Example
414
Table 127 Priority-Based Allotment of Unused and Unbudgeted Bandwidth Example
414
Bandwidth Borrowing
415
Bandwidth Borrowing Example
415
Table 128 Fairness-Based Allotment of Unused and Unbudgeted Bandwidth Example
415
Maximize Bandwidth Usage with Bandwidth Borrowing
416
Table 129 Bandwidth Borrowing Example
416
Over Allotment of Bandwidth
417
Configuring Summary
417
Table 130 over Allotment of Bandwidth Example
417
Figure 258 ADVANCED > BW MGMT > Summary
418
Table 131 ADVANCED > BW MGMT > Summary
418
Configuring Class Setup
419
Figure 259 ADVANCED > BW MGMT > Class Setup
419
Table 132 ADVANCED > BW MGMT > Class Setup
419
Bandwidth Manager Class Configuration
420
Figure 260 ADVANCED > BW MGMT > Class Setup > Add Sub-Class
421
Table 133 ADVANCED > BW MGMT > Class Setup > Add Sub-Class
421
Bandwidth Management Statistics
423
Table 134 Services and Port Numbers
423
Bandwidth Manager Monitor
424
Figure 261 ADVANCED > BW MGMT > Class Setup > Statistics
424
Table 135 ADVANCED > BW MGMT > Class Setup > Statistics
424
Figure 262 ADVANCED > BW MGMT > Monitor
425
Table 136 ADVANCED > BW MGMT > Monitor
425
Dns
427
Chapter 21 DNS
427
DNS Overview
427
DNS Server Address Assignment
427
DNS Servers
427
Address Record
428
DNS Wildcard
428
Name Server Record
428
Private DNS Server
428
System Screen
429
Figure 263 Private DNS Server Example
429
Figure 264 ADVANCED > DNS > System DNS
430
Table 137 ADVANCED > DNS > System DNS
430
Adding an Address Record
431
Figure 265 ADVANCED > DNS > Add (Address Record)
431
Figure 266 ADVANCED > DNS > Insert (Name Server Record)
432
Inserting a Name Server Record
432
Table 138 ADVANCED > DNS > Add (Address Record)
432
DNS Cache
433
Configure DNS Cache
433
Table 139 ADVANCED > DNS > Insert (Name Server Record)
433
Figure 267 ADVANCED > DNS > Cache
434
Table 140 ADVANCED > DNS > Cache
434
Configuring DNS DHCP
435
Figure 268 ADVANCED > DNS > DHCP
435
Table 141 ADVANCED > DNS > DHCP
435
Dynamic DNS
436
DYNDNS Wildcard
436
High Availability
437
Configuring Dynamic DNS
437
Figure 269 ADVANCED > DNS > DDNS
437
Table 142 ADVANCED > DNS > DDNS
437
Remote Management
439
Chapter 22 Remote Management
439
Remote Management Overview
439
Figure 270 Secure and Insecure Remote Management from the WAN
439
Remote Management Limitations
440
System Timeout
440
WWW (HTTP and HTTPS)
440
Www
441
Figure 271 HTTPS Implementation
441
Figure 272 ADVANCED > REMOTE MGMT > WWW
442
Table 143 ADVANCED > REMOTE MGMT > WWW
442
HTTPS Example
443
Internet Explorer Warning Messages
443
Netscape Navigator Warning Messages
443
Figure 273 Security Alert Dialog Box (Internet Explorer)
443
Avoiding the Browser Warning Messages
444
Figure 274 Security Certificate 1 (Netscape)
444
Figure 275 Security Certificate 2 (Netscape)
444
Login Screen
445
Figure 276 Example: Lock Denoting a Secure Connection
445
Figure 277 Replace Certificate
446
Figure 278 Device-Specific Certificate
446
Ssh
447
How SSH Works
447
Figure 279 Common Zywall Certificate
447
Figure 280 SSH Communication over the WAN Example
447
SSH Implementation on the Zywall
448
Requirements for Using SSH
448
Figure 281 How SSH Works
448
Configuring SSH
449
Figure 282 ADVANCED > REMOTE MGMT > SSH
449
Table 144 ADVANCED > REMOTE MGMT > SSH
449
Secure Telnet Using SSH Examples
450
Example 1: Microsoft Windows
450
Example 2: Linux
450
Figure 283 SSH Example 1: Store Host Key
450
Figure 284 SSH Example 2: Test
450
Secure FTP Using SSH Example
451
Figure 285 SSH Example 2: Log in
451
Telnet
452
Configuring TELNET
452
Figure 286 Secure FTP: Firmware Upload Example
452
Figure 287 ADVANCED > REMOTE MGMT > Telnet
452
Ftp
453
Figure 288 ADVANCED > REMOTE MGMT > FTP
453
Table 145 ADVANCED > REMOTE MGMT > Telnet
453
Snmp
454
Table 146 ADVANCED > REMOTE MGMT > FTP
454
Figure 289 SNMP Management Model
455
Supported Mibs
455
Figure 290 ADVANCED > REMOTE MGMT > SNMP
456
Remote Management: Snmp
456
SNMP Traps
456
Table 147 SNMP Traps
456
Dns
457
Table 148 ADVANCED > REMOTE MGMT > SNMP
457
Introducing Vantage CNM
458
Configuring CNM
458
Figure 291 ADVANCED > REMOTE MGMT > DNS
458
Table 149 ADVANCED > REMOTE MGMT > DNS
458
Figure 292 ADVANCED > REMOTE MGMT > CNM
459
Table 150 ADVANCED > REMOTE MGMT > CNM
459
Additional Configuration for Vantage CNM
460
Upnp
461
Chapter 23 Upnp
461
Universal Plug and Play Overview
461
How Do I Know if I'M Using Upnp
461
NAT Traversal
461
Cautions with Upnp
461
Upnp and Zyxel
462
Configuring Upnp
462
Figure 293 ADVANCED > Upnp
462
Table 151 ADVANCED > Upnp
462
Displaying Upnp Port Mapping
463
Figure 294 ADVANCED > Upnp > Ports
463
Table 152 ADVANCED > Upnp > Ports
463
Installing Upnp in Windows Example
464
Installing Upnp in Windows Me
465
Installing Upnp in Windows XP
466
Using Upnp in Windows XP Example
466
Auto-Discover Your Upnp-Enabled Network Device
467
Web Configurator Easy Access
468
Custom Application
471
Chapter 24 Custom Application
471
Custom Applicaton
471
Custom Applicaton Configuration
471
Figure 295 ADVANCED > Custom APP
472
Table 153 ADVANCED > Custom APP
472
ALG Screen
473
Chapter 25 ALG Screen
473
ALG Introduction
473
ALG and NAT
473
ALG and the Firewall
473
ALG and Multiple WAN
474
Ftp
474
474
474
Rtp
474
ALG Details
474
Figure 296 H.323 ALG Example
475
Figure 297 H.323 with Multiple WAN IP Addresses
475
Sip
476
Stun
476
SIP ALG Details
476
Figure 298 H.323 Calls from the WAN with Multiple Outgoing Calls
476
SIP Signaling Session Timeout
477
SIP Audio Session Timeout
477
ALG Screen
477
Figure 299 SIP ALG Example
477
Figure 300 ADVANCED > ALG
478
Table 154 ADVANCED > ALG
478
Logs and Maintenance
479
Part V: Logs and Maintenance
479
Logs Screens
481
Chapter 26 Logs Screens
481
Configuring View Log
481
Figure 301 LOGS > View Log
481
Log Description Example
482
Table 155 LOGS > View Log
482
Table 156 Log Description Example
482
About the Certificate Not Trusted Log
483
Figure 302 Myzyxel.com: Download Center
483
Configuring Log Settings
484
Figure 303 Myzyxel.com: Certificate Download
484
Figure 304 LOGS > Log Settings
485
Table 157 LOGS > Log Settings
486
Configuring Reports
487
Figure 305 LOGS > Reports
488
Table 158 LOGS > Reports
488
Figure 306 LOGS > Reports: Web Site Hits Example
489
Table 159 LOGS > Reports: Web Site Hits Report
489
Viewing Host IP Address
489
Viewing Web Site Hits
489
Figure 307 LOGS > Reports: Host IP Address Example
490
Table 160 LOGS > Reports: Host IP Address
490
Viewing Protocol/Port
490
Figure 308 LOGS > Reports: Protocol/Port Example
491
Table 161 LOGS > Reports: Protocol/ Port
491
System Reports Specifications
492
Log Descriptions
492
Table 162 Report Specifications
492
Table 163 System Maintenance Logs
492
Table 164 System Error Logs
494
Table 165 Access Control Logs
494
Table 166 TCP Reset Logs
495
Table 167 Packet Filter Logs
495
Table 168 ICMP Logs
495
Table 169 CDR Logs
496
Table 170 PPP Logs
496
Table 171 3G Logs
496
Table 172 Upnp Logs
498
Table 173 Content Filtering Logs
498
Table 174 Attack Logs
499
Table 175 Remote Management Logs
500
Table 176 Ipsec Logs
500
Table 177 IKE Logs
501
Table 178 PKI Logs
504
Table 179 Certificate Path Verification Failure Reason Codes
505
Table 180 ACL Setting Notes
506
Table 181 ICMP Notes
506
Syslog Logs
508
Table 182 Syslog Logs
508
Table 183 RFC-2408 ISAKMP Payload Types
509
Maintenance
511
Chapter 27 Maintenance
511
Maintenance Overview
511
General Setup and System Name
511
General Setup
511
Configuring Password
512
Figure 309 MAINTENANCE > General Setup
512
Table 184 MAINTENANCE > General Setup
512
Time and Date
513
Figure 310 MAINTENANCE > Password
513
Table 185 MAINTENANCE > Password
513
Figure 311 MAINTENANCE > Time and Date
514
Table 186 MAINTENANCE > Time and Date
514
Pre-Defined NTP Time Server Pools
516
Resetting the Time
516
Time Server Synchronization
516
Figure 312 Synchronization in Process
516
Introduction to Transparent Bridging
517
Figure 313 Synchronization Is Successful
517
Figure 314 Synchronization Fail
517
Table 187 MAC-Address-To-Port Mapping Table
517
Transparent Firewalls
518
Configuring Device Mode (Router)
518
Configuring Device Mode (Bridge)
519
Figure 315 MAINTENANCE > Device Mode (Router Mode)
519
Table 188 MAINTENANCE > Device Mode (Router Mode)
519
Figure 316 MAINTENANCE > Device Mode (Bridge Mode)
520
Table 189 MAINTENANCE > Device Mode (Bridge Mode)
520
F/W Upload Screen
521
Figure 317 MAINTENANCE > Firmware Upload
521
Figure 318 Firmware Upload in Process
522
Figure 319 Network Temporarily Disconnected
522
Table 190 MAINTENANCE > Firmware Upload
522
Backup and Restore
523
Figure 320 Firmware Upload Error
523
Figure 321 MAINTENANCE > Backup and Restore
523
Backup Configuration
524
Figure 322 Configuration Upload Successful
524
Figure 323 Network Temporarily Disconnected
524
Restore Configuration
524
Table 191 Restore Configuration
524
Back to Factory Defaults
525
Restart Screen
525
Figure 324 Configuration Upload Error
525
Figure 325 Reset Warning Message
525
Diagnostics
526
Figure 326 MAINTENANCE > Restart
526
Figure 327 MAINTENANCE > Diagnostics
527
Table 192 MAINTENANCE > Diagnostics
527
Smt
529
Part VI: SMT
529
Introducing the SMT
531
Chapter 28 Introducing the SMT
531
Introduction to the SMT
531
Accessing the SMT Via the Console Port
531
Initial Screen
531
Entering the Password
532
Navigating the SMT Interface
532
Figure 328 Initial Screen
532
Figure 329 Password Screen
532
Main Menu
533
Table 193 Main Menu Commands
533
Figure 330 Main Menu (Router Mode)
534
Figure 331 Main Menu (Bridge Mode)
534
Table 194 Main Menu Summary
534
SMT Menus Overview
535
Table 195 SMT Menus Overview
535
Changing the System Password
537
Figure 332 Menu 23: System Password
537
Resetting the Zywall
538
Chapter 29 SMT Menu 1 - General Setup
539
Introduction to General Setup
539
Configuring General Setup
539
Figure 333 Menu 1: General Setup (Router Mode)
539
Table 196 Menu 1: General Setup (Router Mode)
539
Figure 334 Menu 1: General Setup (Bridge Mode)
540
Table 197 Menu 1: General Setup (Bridge Mode)
540
Configuring Dynamic DNS
541
Figure 335 Menu 1.1: Configure Dynamic DNS
541
Table 198 Menu 1.1: Configure Dynamic DNS
541
Figure 336 Menu 1.1.1: DDNS Host Summary
542
Table 199 Menu 1.1.1: DDNS Host Summary
542
Figure 337 Menu 1.1.1: DDNS Edit Host
543
Table 200 Menu 1.1.1: DDNS Edit Host
543
Chapter 30 WAN and Dial Backup Setup
545
Introduction to WAN, 3G WAN and Dial Backup Setup
545
WAN Setup
545
Figure 338 MAC Address Cloning in WAN Setup
545
Dial Backup
546
Configuring Dial Backup in Menu 2
546
Table 201 MAC Address Cloning in WAN Setup
546
Advanced WAN Setup
547
Figure 339 Menu 2: Dial Backup Setup
547
Table 202 Menu 2: Dial Backup Setup
547
Figure 340 Menu 2.1: Advanced WAN Setup
548
Table 203 Advanced WAN Port Setup: at Commands Fields
548
Remote Node Profile (Backup ISP)
549
Figure 341 Menu 11.3: Remote Node Profile (Backup ISP)
549
Table 204 Advanced WAN Port Setup: Call Control Parameters
549
Table 205 Menu 11.3: Remote Node Profile (Backup ISP)
550
Editing TCP/IP Options
551
Figure 342 Menu 11.3.2: Remote Node Network Layer Options
551
Table 206 Menu 11.3.2: Remote Node Network Layer Options
551
Editing Login Script
552
Figure 343 Menu 11.3.3: Remote Node Script
553
Table 207 Menu 11.3.3: Remote Node Script
553
Remote Node Filter
554
Wan
554
Modem Setup
554
Figure 344 Menu 11.3.4: Remote Node Filter
554
Figure 345 3G Modem Setup in WAN Setup
555
Table 208 3G Modem Setup in WAN Setup
555
Remote Node Profile (3G WAN)
556
Figure 346 Menu 11.2: Remote Node Profile (3G WAN)
556
Table 209 Menu 11.2: Remote Node Profile (3G WAN)
556
LAN Setup
559
Chapter 31 LAN Setup
559
Introduction to LAN Setup
559
Accessing the LAN Menus
559
LAN Port Filter Setup
559
Figure 347 Menu 3: LAN Setup
559
TCP/IP and DHCP Ethernet Setup Menu
560
Figure 348 Menu 3.1: LAN Port Filter Setup
560
Figure 349 Menu 3: TCP/IP and DHCP Setup
560
Figure 350 Menu 3.2: TCP/IP and DHCP Ethernet Setup
561
Table 210 Menu 3.2: DHCP Ethernet Setup Fields
561
Table 211 Menu 3.2: LAN TCP/IP Setup Fields
562
Figure 351 Menu 3.2.1: IP Alias Setup
563
IP Alias Setup
563
Table 212 Menu 3.2.1: IP Alias Setup
563
Internet Access
565
Chapter 32 Internet Access
565
Introduction to Internet Access Setup
565
Ethernet Encapsulation
565
Figure 352 Menu 4: Internet Access Setup (Ethernet)
566
Table 213 Menu 4: Internet Access Setup (Ethernet)
566
Configuring the PPTP Client
567
Configuring the Pppoe Client
568
Figure 353 Internet Access Setup (PPTP)
568
Table 214 New Fields in Menu 4 (PPTP) Screen
568
Basic Setup Complete
569
Figure 354 Internet Access Setup (Pppoe)
569
Table 215 New Fields in Menu 4 (Pppoe) Screen
569
DMZ Setup
571
Chapter 33 DMZ Setup
571
Configuring DMZ Setup
571
DMZ Port Filter Setup
571
Figure 355 Menu 5: DMZ Setup
571
Figure 356 Menu 5.1: DMZ Port Filter Setup
571
TCP/IP Setup
572
IP Address
572
Figure 357 Menu 5: DMZ Setup
572
Figure 358 Menu 5.2: TCP/IP and DHCP Ethernet Setup
572
IP Alias Setup
573
Figure 359 Menu 5.2.1: IP Alias Setup
573
Route Setup
575
Chapter 34 Route Setup
575
Configuring Route Setup
575
Route Assessment
575
Figure 360 Menu 6: Route Setup
575
Figure 361 Menu 6.1: Route Assessment
575
Traffic Redirect
576
Figure 362 Menu 6.2: Traffic Redirect
576
Table 216 Menu 6.1: Route Assessment
576
Table 217 Menu 6.2: Traffic Redirect
576
Route Failover
577
Figure 363 Menu 6.3: Route Failover
577
Table 218 Menu 6.3: Route Failover
577
Wireless Setup
579
Chapter 35 Wireless Setup
579
TCP/IP Setup
579
IP Address
579
Figure 364 Menu 7: WLAN Setup
579
IP Alias Setup
580
Figure 365 Menu 7.2: TCP/IP and DHCP Ethernet Setup
580
Figure 366 Menu 7.2.1: IP Alias Setup
581
Remote Node Setup
583
Chapter 36 Remote Node Setup
583
Introduction to Remote Node Setup
583
Remote Node Profile Setup
583
Figure 367 Menu 11: Remote Node Setup
583
Ethernet Encapsulation
584
Figure 368 Menu 11.1: Remote Node Profile for Ethernet Encapsulation
584
Table 219 Menu 11.1: Remote Node Profile for Ethernet Encapsulation
584
Figure 369 Menu 11.1: Remote Node Profile for Pppoe Encapsulation
585
Pppoe Encapsulation
585
PPTP Encapsulation
586
Table 220 Fields in Menu 11.1 (Pppoe Encapsulation Specific)
586
Edit IP
587
Figure 370 Menu 11.1: Remote Node Profile for PPTP Encapsulation
587
Table 221 Menu 11.1: Remote Node Profile for PPTP Encapsulation
587
Figure 371 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulation
588
Table 222 Remote Node Network Layer Options Menu Fields
588
Remote Node Filter
589
Figure 372 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation)
590
Figure 373 Menu 11.1.4: Remote Node Filter (Pppoe or PPTP Encapsulation)
590
IP Static Route Setup
591
Chapter 37 IP Static Route Setup
591
Figure 374 Menu 12: IP Static Route Setup
592
Figure 375 Menu 12. 1: Edit IP Static Route
592
Table 223 Menu 12. 1: Edit IP Static Route
592
Network Address Translation (NAT)
595
Using NAT
595
SUA (Single User Account) Versus NAT
595
Applying NAT
595
Chapter 38 Network Address Translation (NAT)
596
Figure 376 Menu 4: Applying NAT for Internet Access
596
Figure 377 Menu 11.1.2: Applying NAT to the Remote Node
596
NAT Setup
597
Figure 378 Menu 15: NAT Setup
597
Table 224 Applying NAT in Menus 4 & 11.1.2
597
Address Mapping Sets
598
Figure 379 Menu 15.1: Address Mapping Sets
598
Figure 380 Menu 15.1.255: SUA Address Mapping Rules
598
Table 225 SUA Address Mapping Rules
599
Figure 381 Menu 15.1.1: First Set
600
Figure 382 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set
601
Table 226 Fields in Menu 15.1.1
601
Configuring a Server Behind NAT
602
Figure 383 Menu 15.2: NAT Server Sets
602
Table 227 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set
602
Figure 384 Menu 15.2.X: NAT Server Sets
603
Figure 385 15.2.X.X: NAT Server Configuration
603
Figure 386 Menu 15.2.1: NAT Server Setup
604
Table 228 15.2.X.X: NAT Server Configuration
604
General NAT Examples
605
Internet Access Only
605
Figure 387 Server Behind NAT Example
605
Figure 388 NAT Example 1
605
Example 2: Internet Access with a Default Server
606
Figure 389 Menu 4: Internet Access & NAT Example
606
Figure 390 NAT Example 2
606
Example 3: Multiple Public IP Addresses with Inside Servers
607
Figure 391 Menu 15.2.1: Specifying an Inside Server
607
Figure 392 NAT Example 3
608
Figure 393 Example 3: Menu 11.1.2
608
Figure 394 Example 3: Menu 15.1.1.1
609
Figure 395 Example 3: Final Menu 15.1.1
609
Example 4: NAT Unfriendly Application Programs
610
Figure 396 Example 3: Menu 15.2.1
610
Figure 397 NAT Example 4
610
Figure 398 Example 4: Menu 15.1.1.1: Address Mapping Rule
611
Figure 399 Example 4: Menu 15.1.1: Address Mapping Rules
611
Trigger Port Forwarding
612
Two Points to Remember about Trigger Ports
612
Figure 400 Menu 15.3.1: Trigger Port Setup
613
Table 229 Menu 15.3.1: Trigger Port Setup
613
Chapter 39 Introducing the Zywall Firewall
615
Using Zywall SMT Menus
615
Activating the Firewall
615
Figure 401 Menu 21: Filter and Firewall Setup
615
Figure 402 Menu 21.2: Firewall Setup
616
Filter Configuration
617
Chapter 40 Filter Configuration
617
Introduction to Filters
617
Figure 403 Outgoing Packet Filtering Process
617
The Filter Structure of the Zywall
618
Figure 404 Filter Rule Process
619
Configuring a Filter Set
620
Figure 405 Menu 21: Filter and Firewall Setup
620
Figure 406 Menu 21.1: Filter Set Configuration
620
Configuring a Filter Rule
621
Table 230 Abbreviations Used in the Filter Rules Summary Menu
621
Table 231 Rule Abbreviations Used
621
Configuring a TCP/IP Filter Rule
622
Figure 407 Menu 21.1.1.1: TCP/IP Filter Rule
622
Table 232 Menu 21.1.1.1: TCP/IP Filter Rule
622
Configuring a Generic Filter Rule
624
Figure 408 Executing an IP Filter
624
Figure 409 Menu 21.1.1.1: Generic Filter Rule
625
Table 233 Generic Filter Rule Menu Fields
625
Example Filter
626
Figure 410 Telnet Filter Example
626
Figure 411 Example Filter: Menu 21.1.3.1
627
Figure 412 Example Filter Rules Summary: Menu 21.1.3
627
Filter Types and NAT
628
Firewall Versus Filters
628
Packet Filtering
628
Figure 413 Protocol and Device Filter Sets
628
Firewall
629
Applying a Filter
629
Applying LAN Filters
630
Applying DMZ Filters
630
Figure 414 Filtering LAN Traffic
630
Figure 415 Filtering DMZ Traffic
630
Applying Remote Node Filters
631
Figure 416 Filtering Remote Node Traffic
631
SNMP Configuration
633
Chapter 41 SNMP Configuration
633
Figure 417 Menu 22: SNMP Configuration
633
Table 234 SNMP Configuration Menu Fields
633
SNMP Traps
634
Table 235 SNMP Traps
634
Chapter 42 System Information & Diagnosis
635
Introduction to System Status
635
System Status
635
Figure 418 Menu 24: System Maintenance
635
Figure 419 Menu 24.1: System Maintenance: Status
636
Table 236 System Maintenance: Status Menu Fields
636
System Information and Console Port Speed
637
System Information
637
Figure 420 Menu 24.2: System Information and Console Port Speed
637
Console Port Speed
638
Figure 421 Menu 24.2.1: System Maintenance: Information
638
Table 237 Fields in System Maintenance: Information
638
Log and Trace
639
Viewing Error Log
639
Figure 422 Menu 24.2.2: System Maintenance: Change Console Port Speed
639
Figure 423 Menu 24.3: System Maintenance: Log and Trace
639
Syslog Logging
640
Figure 424 Examples of Error and Information Messages
640
Figure 425 Menu 24.3.2: System Maintenance: Syslog Logging
640
Table 238 System Maintenance Menu Syslog Parameters
640
Call-Triggering Packet
643
Diagnostic
644
Figure 426 Call-Triggering Packet Example
644
Figure 427 Menu 24.4: System Maintenance: Diagnostic
645
Figure 428 WAN & LAN DHCP
645
Wan Dhcp
645
Table 239 System Maintenance Menu Diagnostic
646
Firmware and Configuration File Maintenance
647
Introduction
647
Filename Conventions
647
Backup Configuration
648
Table 240 Filename Conventions
648
Chapter 43 Firmware and Configuration File Maintenance
648
Using the FTP Command from the Command Line
649
Example of FTP Commands from the Command Line
649
Figure 429 Telnet into Menu 24.5
649
Figure 430 FTP Session Example
649
GUI-Based FTP Clients
650
File Maintenance over WAN
650
Backup Configuration Using TFTP
650
Table 241 General Commands for GUI-Based FTP Clients
650
TFTP Command Example
651
GUI-Based TFTP Clients
651
Backup Via Console Port
651
Table 242 General Commands for GUI-Based TFTP Clients
651
Restore Configuration
652
Figure 431 System Maintenance: Backup Configuration
652
Figure 432 System Maintenance: Starting Xmodem Download Screen
652
Figure 433 Backup Configuration Example
652
Figure 434 Successful Backup Confirmation Screen
652
Figure 435 Telnet into Menu 24.6
653
Restore Using FTP
653
Figure 436 Restore Using FTP Session Example
654
Figure 437 System Maintenance: Restore Configuration
654
Figure 438 System Maintenance: Starting Xmodem Download Screen
654
Restore Using FTP Session Example
654
Restore Via Console Port
654
Uploading Firmware and Configuration Files
655
Firmware File Upload
655
Figure 439 Restore Configuration Example
655
Figure 440 Successful Restoration Confirmation Screen
655
Configuration File Upload
656
Figure 441 Telnet into Menu 24.7.1: Upload System Firmware
656
Figure 442 Telnet into Menu 24.7.2: System Maintenance
656
FTP File Upload Command from the DOS Prompt Example
657
FTP Session Example of Firmware File Upload
657
TFTP File Upload
657
Figure 443 FTP Session Example of Firmware File Upload
657
TFTP Upload Command Example
658
Uploading Via Console Port
658
Uploading Firmware File Via Console Port
658
Example Xmodem Firmware Upload Using Hyperterminal
659
Uploading Configuration File Via Console Port
659
Figure 444 Menu 24.7.1 as Seen Using the Console Port
659
Figure 445 Example Xmodem Upload
659
Example Xmodem Configuration Upload Using Hyperterminal
660
Figure 446 Menu 24.7.2 as Seen Using the Console Port
660
Figure 447 Example Xmodem Upload
660
Chapter 44 System Maintenance Menus 8 to 10
661
Command Interpreter Mode
661
Figure 448 Command Mode in Menu 24
661
Command Syntax
662
Command Usage
662
Figure 449 Valid Commands
662
Table 243 Valid Commands
662
Call Control Support
663
Budget Management
663
Figure 450 Call Control
663
Call History
664
Figure 451 Budget Management
664
Table 244 Budget Management
664
Time and Date Setting
665
Figure 452 Call History
665
Table 245 Call History
665
Figure 453 Menu 24: System Maintenance
666
Figure 454 Menu 24.10 System Maintenance: Time and Date Setting
666
Table 246 Menu 24.10 System Maintenance: Time and Date Setting
667
Remote Management
669
Chapter 45 Remote Management
669
Figure 455 Menu 24.11 - Remote Management Control
670
Table 247 Menu 24.11 - Remote Management Control
670
Remote Management Limitations
671
IP Policy Routing
673
Chapter 46 IP Policy Routing
673
IP Routing Policy Summary
673
Figure 456 Menu 25: Sample IP Routing Policy Summary
673
Table 248 Menu 25: Sample IP Routing Policy Summary
673
IP Routing Policy Setup
674
Table 249 IP Routing Policy Setup
674
Figure 457 Menu 25.1: IP Routing Policy Setup
675
Table 250 Menu 25.1: IP Routing Policy Setup
675
Applying Policy to Packets
676
IP Policy Routing Example
677
Figure 458 Menu 25.1.1: IP Routing Policy Setup
677
Table 251 Menu 25.1.1: IP Routing Policy Setup
677
Figure 459 Example of IP Policy Routing
678
Figure 460 IP Routing Policy Example 1
678
Figure 461 IP Routing Policy Example 2
679
Call Scheduling
681
Chapter 47 Call Scheduling
681
Introduction to Call Scheduling
681
Figure 462 Schedule Setup
681
Figure 463 Schedule Set Setup
682
Table 252 Schedule Set Setup
682
Figure 464 Applying Schedule Set(S) to a Remote Node (Pppoe)
683
Figure 465 Applying Schedule Set(S) to a Remote Node (PPTP)
684
Troubleshooting and Specifications
685
Part VII: Troubleshooting and Specifications
685
Chapter 48 Troubleshooting
687
Power, Hardware Connections, and Leds
687
Zywall Access and Login
688
Internet Access
690
Chapter 49 Product Specifications
693
General Zywall Specifications
693
Table 253 Hardware Specifications
693
Table 255 Feature Specifications
695
Compatible 3G Cards
696
Table 256 3G Features Supported by Compatible 3G Cards
696
Card Installation
697
Wall-Mounting Instructions
697
Figure 466 Wall-Mounting Example
698
Figure 467 Masonry Plug and M4 Tap Screw
698
Power Adaptor Specifications
699
Cable Pin Assignments
700
Figure 468 Console/Dial Backup Cable DB-9 End Pin Layout
700
Table 257 Console Cable Pin Assignments
700
Table 258 Console Cable Pin Assignments
700
Table 259 Ethernet Cable Pin Assignments
701
Appendices and Index
703
Part VIII: Appendices and Index
703
Appendix A Pop-Up Windows, Javascripts and Java Permissions
705
Figure 469 Pop-Up Blocker
705
Figure 470 Internet Options: Privacy
706
Figure 471 Internet Options: Privacy
707
Figure 472 Pop-Up Blocker Settings
707
Figure 473 Internet Options: Security
708
Figure 474 Security Settings - Java Scripting
709
Figure 475 Security Settings - Java
709
Figure 476 Java (Sun)
710
Figure 477 Mozilla Firefox: Tools > Options
711
Figure 478 Mozilla Firefox Content Security
711
Appendix B Setting up Your Computer's IP Address
713
Figure 479 Windows 95/98/Me: Network: Configuration
714
Figure 480 Windows 95/98/Me: TCP/IP Properties: IP Address
715
Figure 481 Windows 95/98/Me: TCP/IP Properties: DNS Configuration
716
Figure 482 Windows XP: Start Menu
717
Figure 483 Windows XP: Control Panel
717
Figure 484 Windows XP: Control Panel: Network Connections: Properties
718
Figure 485 Windows XP: Local Area Connection Properties
718
Figure 486 Windows XP: Internet Protocol (TCP/IP) Properties
719
Figure 487 Windows XP: Advanced TCP/IP Properties
720
Figure 488 Windows XP: Internet Protocol (TCP/IP) Properties
721
Figure 489 Macintosh os 8/9: Apple Menu
722
Figure 490 Macintosh os 8/9: TCP/IP
722
Figure 491 Macintosh os X: Apple Menu
723
Figure 492 Macintosh os X: Network
724
Figure 493 Red hat 9.0: KDE: Network Configuration: Devices
725
Figure 494 Red hat 9.0: KDE: Ethernet Device: General
725
Figure 495 Red hat 9.0: KDE: Network Configuration: DNS
726
Figure 496 Red hat 9.0: KDE: Network Configuration: Activate
726
Figure 497 Red hat 9.0: Dynamic IP Address Setting in Ifconfig-Eth0
727
Figure 498 Red hat 9.0: Static IP Address Setting in Ifconfig-Eth0
727
Figure 499 Red hat 9.0: DNS Settings in Resolv.conf
727
Figure 500 Red hat 9.0: Restart Ethernet Card
727
Figure 501 Red hat 9.0: Checking TCP/IP Properties
728
Appendix C IP Addresses and Subnetting
729
Introduction to Ip Addresses
729
Figure 502 Network Number and Host ID
730
Table 260 IP Address Network Number and Host ID Example
730
Table 261 Subnet Masks
731
Table 262 Maximum Host Numbers
731
Table 263 Alternative Subnet Mask Notation
731
Figure 503 Subnetting Example: before Subnetting
732
Figure 504 Subnetting Example: after Subnetting
733
Table 264 Subnet 1
733
Table 265 Subnet 2
734
Table 266 Subnet 3
734
Table 267 Subnet 4
734
Table 268 Eight Subnets
734
Table 269 24-Bit Network Number Subnet Planning
735
Table 270 16-Bit Network Number Subnet Planning
735
Appendix D Common Services
737
Table 271 Commonly Used Services
737
Appendix E Wireless Lans
741
Figure 505 Peer-To-Peer Communication in an Ad-Hoc Network
741
Figure 506 Basic Service Set
742
Figure 507 Infrastructure WLAN
743
Figure 508 RTS/CTS
744
Fragmentation Threshold
744
Table 272 IEEE 802.11G
745
Preamble Type
745
Table 273 Wireless Security Levels
746
Dynamic Wep Key Exchange
749
Table 274 Comparison of EAP Authentication Types
749
Wpa and Wpa2
749
Types of Eap Authentication
747
Types of Radius Messages
747
Figure 509 WPA(2) with RADIUS Application Example
751
Figure 510 WPA(2)-PSK Authentication
752
Table 275 Wireless Security Relational Matrix
752
Antenna Characteristics
753
Antenna Gain
753
Appendix F Importing Certificates
755
Figure 511 Security Certificate
755
Figure 512 Login Screen
756
Figure 513 Certificate General Information before Import
756
Figure 514 Certificate Import Wizard 1
757
Figure 515 Certificate Import Wizard 2
757
Figure 516 Certificate Import Wizard 3
758
Figure 517 Root Certificate Store
758
Figure 518 Certificate General Information after Import
759
Figure 519 Zywall Trusted CA Screen
760
Figure 520 CA Certificate Example
761
Figure 521 Personal Certificate Import Wizard 1
761
Figure 522 Personal Certificate Import Wizard 2
762
Figure 523 Personal Certificate Import Wizard 3
762
Figure 524 Personal Certificate Import Wizard 4
763
Figure 525 Personal Certificate Import Wizard 5
763
Figure 526 Personal Certificate Import Wizard 6
763
Figure 527 Access the Zywall Via HTTPS
764
Figure 528 SSL Client Authentication
764
Figure 529 Zywall Secure Login Screen
764
Appendix G Legal Information
765
Zyxel Limited Warranty
767
Appendix H Customer Support
769
Index
775
Advertisement
Advertisement
Related Products
ZyXEL Communications ZYWALL 2WG - V4.04
ZyXEL Communications ZYWALL 2 WG
ZyXEL Communications ZyXEL ZyWALL 2WE
ZyXEL Communications Prestige 2304R-P1
ZyXEL Communications PRESTIGE 2000W V2
ZyXEL Communications ELITE 2864I
ZyXEL Communications 2002 Series
ZyXEL Communications ZyXEL Prestige 202
ZyXEL Communications Prestige 2602HW Series
ZyXEL Communications PRESTIGE 2602HWI
ZyXEL Communications Categories
Gateway
Network Router
Switch
Wireless Router
Adapter
More ZyXEL Communications Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL