Sign In
Upload
Manuals
Brands
ZyXEL Communications Manuals
Gateway
ZyXEL ZYWALL10
ZyXEL Communications ZyXEL ZYWALL10 Manuals
Manuals and User Guides for ZyXEL Communications ZyXEL ZYWALL10. We have
2
ZyXEL Communications ZyXEL ZYWALL10 manuals available for free PDF download: User Manual
ZyXEL Communications ZyXEL ZYWALL10 User Manual (536 pages)
Zyxel ZyWall Internet Security Gateway
Brand:
ZyXEL Communications
| Category:
Gateway
| Size: 11.39 MB
Table of Contents
Copyright
2
Information for Canadian Users
4
Zyxel Limited Warranty
5
Customer Support
6
Table of Contents
7
List of Figures
18
Preface
29
Related Documentation
29
Syntax Conventions
30
Getting Started
31
Chapter 1 Getting to Know Your Zywall
33
Zywall Internet Security Gateway Overview
33
Zywall Features
34
Pptp Encapsulation
36
Dynamic Dns Support
36
Traffic Redirect
37
Port Forwarding
37
Table 1-1 Model Specific Features
38
Figure 6-3 Wireless
39
Figure 7-1 DMZ
39
Table 6-1 Wireless
39
Applications for the Zywall
40
Figure 1-1 Secure Internet Access Via Cable, DSL or Wireless Modem
41
Figure 1-2 VPN Application
42
Chapter 2 Introducing the Web Configurator
43
Web Configurator Overview
43
Accessing the Zywall Web Configurator
43
Figure 2-1 Change Password Screen
43
Resetting the Zywall
44
Navigating the Zywall Web Configurator
45
Figure 2-2 Example Xmodem Upload
45
Figure 2-3 the MAIN MENU Screen of the Web Configurator
46
Chapter 3 Wizard Setup
47
Wizard Setup Overview
47
Wizard Setup: General Setup and System Name
47
Wizard Setup: Screen 2
48
Wizard Setup: Screen 3
48
Figure 3-2 Wizard 2: Ethernet Encapsulation
49
Table 3-1 Ethernet Encapsulation
49
Figure 3-3 Wizard 2: PPTP Encapsulation
51
Table 3-2 PPTP Encapsulation
51
Pppoe Encapsulation
52
Figure 3-4 Wizard2: Pppoe Encapsulation
53
Table 3-3 Pppoe Encapsulation
53
Table 3-4 Private IP Address Ranges
54
Dns Server Address Assignment
55
Ip Address and Subnet Mask
55
Table 3-5 Example of Network Properties for LAN Servers with Fixed IP Addresses
56
Table 3-6 WAN Setup
57
Figure 3-5 Wizard 3
57
Basic Setup Complete
58
System, LAN and Wireless LAN
59
Chapter 4 System Screens
61
System Overview
61
Configuring General Setup
61
Figure 4-1 System General Setup
61
Table 4-1 System General Setup
61
Dynamic DNS
62
Configuring Dynamic DNS
62
Figure 4-2 DDNS
63
Table 4-2 DDNS
63
Configuring Password
64
Figure 4-3 Password
64
Configuring Time Zone
65
Figure 4-4 Time Zone
65
Table 4-3 Password
65
Table 4-4 Time Zone
66
Chapter 5 LAN Screens
69
LAN Overview
69
DHCP Setup
69
Lan Tcp/Ip
69
Rip Setup
70
Configuring IP
71
Figure 5-1 IP
71
Table 5-1 IP
72
Configuring Static DHCP
73
Configuring IP Alias
74
Figure 5-2 Static DHCP
74
Table 5-2 Static DHCP
74
Figure 5-3 IP Alias
75
Table 5-3 IP Alias
75
Chapter 6 Wireless LAN Screens
77
Wireless LAN Overview
77
Wireless LAN Basics
77
Figure 6-1 RTS Threshold
78
Wireless Security
79
Figure 6-2 Zywall Wireless Security Levels
79
Configuring Wireless LAN
80
Configuring MAC Filter
82
Figure 6-4 MAC Address Filter
83
Table 6-2 MAC Address Filter
83
Overview
84
Radius
84
Figure 6-5 EAP Authentication
85
Local User Database
86
Configuring 802.1X
86
Figure 6-6 802.1X Authentication
86
Configuring Local User Database
87
Table 6-3 802.1X Authentication
87
Figure 6-7 Local User Database
88
Configuring RADIUS
89
Figure 6-8 RADIUS
89
Table 6-4 Local User Database
89
Table 6-5 RADIUS
90
DMZ and WAN
91
Chapter 7 DMZ Screens
93
DMZ Overview
93
Configuring DMZ
93
Table 7-1 DMZ
95
Chapter 8 WAN Screens
97
WAN Overview
97
TCP/IP Priority (Metric)
97
Configuring Route
97
Configuring WAN ISP
98
Figure 8-1 WAN Setup: Route
98
Table 8-1 WAN Setup: Route
98
Figure 8-2 Ethernet Encapsulation
99
Table 8-2 Ethernet Encapsulation
99
Figure 8-3 Pppoe Encapsulation
101
Table 8-3 Pppoe Encapsulation
101
Figure 8-4 PPTP Encapsulation
103
Table 8-4 PPTP Encapsulation
103
Service Type
104
Figure 8-5 RR Service Type
105
Table 8-5 RR Service Type
105
Configuring WAN IP
106
Figure 8-6 IP Setup
106
Table 8-6 IP Setup
107
Configuring WAN MAC
109
Figure 8-7 MAC Setup
109
Traffic Redirect
110
Figure 8-8 Traffic Redirect WAN Setup
110
Figure 8-9 Traffic Redirect LAN Setup
110
Configuring Traffic Redirect
111
Figure 8-10 Traffic Redirect
111
Table 8-7 Traffic Redirect
111
Configuring Dial Backup
112
Figure 8-11 Dial Backup Setup
113
Table 8-8Dial Backup Setup
114
Advanced Modem Setup
117
Configuring Advanced Modem Setup
117
Figure 8-12 Advanced Setup
118
Table 8-9 Advanced Setup
118
NAT and Static Route
121
Chapter 9 Network Address Translation (NAT) Screens
123
NAT Overview
123
What Nat Does
124
How Nat Works
124
Figure 9-1 How NAT Works
125
Figure 9-2 NAT Application with IP Alias
126
Table 9-2 NAT Mapping Types
127
Using NAT
128
SUA Server
128
Table 9-3 Services and Port Numbers
129
Configuring SUA Server
130
Figure 9-3 Multiple Servers Behind NAT Example
130
Figure 9-4 SUA/NAT Setup
131
Table 9-4 SUA/NAT Setup
131
Configuring Address Mapping
132
Figure 9-5 Address Mapping
133
Table 9-5 Address Mapping
133
Figure 9-6Address Mapping Edit
134
Configuring Trigger Port
135
Table 9-6 Address Mapping Edit
135
Figure 9-7 Trigger Port
137
Table 9-7 Trigger Port
137
Chapter 10 Static Route Screens
139
Static Route Overview
139
Configuring IP Static Route
139
Figure 10-1 Example of Static Routing Topology
139
Table 10-1 IP Static Route Summary
139
Figure 10-2 Edit IP Static Route
140
Table 10-2 Edit IP Static Route
141
Firewall and Content Filters
143
Chapter 11 Firewalls
145
Firewall Overview
145
Types of Firewalls
145
Introduction to Zyxel's Firewall
146
Denial of Service
147
Figure 11-1 Zywall Firewall Application
147
Table 11-1 Common IP Ports
148
Figure 11-2 Three-Way Handshake
149
Figure 11-3 SYN Flood
149
Figure 11-4 Smurf Attack
150
Table 11-2 ICMP Commands that Trigger Alerts
150
Stateful Inspection
151
Table 11-3 Legal Netbios Commands
151
Table 11-4 Legal SMTP Commands
151
Figure 11-5 Stateful Inspection
152
Stateful Inspection and the Zywall
153
Tcp Security
154
Guidelines for Enhancing Security with Your Firewall
155
Packet Filtering Vs Firewall
156
Chapter 12 Firewall Screens
159
Access Methods
159
Firewall Policies Overview
159
Rule Logic Overview
160
Security Ramifications
161
Key Fields for Configuring Rules
161
Connection Direction Examples
162
Figure 12-1 LAN to WAN Traffic
162
Configuring Firewall
163
Figure 12-2 WAN to LAN Traffic
163
Figure 12-3 Enabling the Firewall (Zywall 100)
164
Table 12-1 Firewall Rules Summary: First Screen
164
Configuring Firewall Rules
166
Table 12-2 Creating/Editing a Firewall Rule
167
Figure 12-4 Creating/Editing a Firewall Rule (Zywall100)
167
Configuring Source and Destination Addresses
168
Figure 12-5 Adding/Editing Source and Destination Addresses
169
Table 12-3 Adding/Editing Source and Destination Addresses
169
Example Firewall Rule
170
Figure 12-6 Creating/Editing a Custom Port
170
Table 12-4 Creating/Editing a Custom Port
170
Figure 12-7 Firewall IP Config Screen
171
Figure 12-8 Firewall Rule Edit IP Example
172
Figure 12-9 Edit Custom Port Example
172
Figure 12-10 Myservice Rule Configuration (Zywall100)
173
Figure 12-11 My Service Example Rule Summary (Zywall100)
174
Predefined Services
175
Table 12-5 Predefined Services
175
Alerts
177
Configuring Attack Alert
178
Figure 12-12 Attack Alert
180
Table 12-6 Attack Alert
180
Chapter 13 Content Filtering Screens
183
Content Filtering Overview
183
Configuring Categories
183
Figure 13-1Content Filter: Categories
184
Table 13-1 Content Filter: Categories
184
Configuring Free
187
Figure 13-2 Content Filter: Free
188
Table 13-2 Content Filter: Free
188
Configuring Icard
189
Figure 13-3 Content Filter: Icard
189
Table 13-3 Content Filter: Icard
189
Configuring List Update
190
Figure 13-4 Content Filter: List Update
190
Configuring Exempt Computers
191
Table 13-4 Content Filter: List Update
191
Figure 13-5 Content Filter: Exempt Zone
192
Table 13-5 Content Filter: Exempt Zone
192
Configuring Customize
193
Figure 13-6 Content Filter: Customize
194
Table 13-6 Content Filter: Customize
194
Configuring Keyword Blocking
196
Figure 13-7 Content Filter: Keyword Blocking
196
Table 13-7 Content Filter: Keyword Blocking
196
Vpn/Ipsec
199
Chapter 14 Introduction to Ipsec
201
VPN Overview
201
Figure 14-1 Encryption and Decryption
202
Ipsec Architecture
203
Figure 14-2 VPN Application
203
Figure 14-3 Ipsec Architecture
204
Encapsulation
205
Ipsec and NAT
205
Figure 14-4 Transport and Tunnel Mode Ipsec Encapsulation
205
Table 14-1 VPN and NAT
206
Chapter 15 VPN Screens
207
Vpn/Ipsec Overview
207
Ipsec Algorithms
207
My IP Address
208
Secure Gateway Address
208
Table 15-1 AH and ESP
208
Summary Screen
209
Figure 15-1 Ipsec Summary Fields
209
Figure 15-2 Summary
210
Table 15-2 Summary
210
Keep Alive
212
NAT Traversal
212
Figure 15-3 NAT Router between Ipsec Routers
212
ID Type and Content
213
Table 15-3 Local ID Type and Content Fields
213
Table 15-4 Peer ID Type and Content Fields
213
Table 15-5 Matching ID Type and Content Configuration Example
214
Table 15-6 Mismatching ID Type and Content Configuration Example
214
Pre-Shared Key
215
Editing VPN Policies
215
Figure 15-4 VPN IKE
216
Table 15-7 VPN IKE
217
IKE Phases
221
Figure 15-5 Two Phases to Set up the Ipsec SA
222
Configuring Advanced IKE Settings
223
Figure 15-6 VPN IKE: Advanced
224
Table 15-8 VPN IKE: Advanced
224
Manual Key Setup
227
Configuring Manual Key
227
Figure 15-7 Manual Setup
228
Table 15-9 VPN Manual Setup
228
Viewing SA Monitor
231
Figure 15-8 SA Monitor
232
Table 15-10 SA Monitor
232
Configuring Global Setting
233
Figure 15-9 Global Setting
233
Telecommuter Vpn/Ipsec Examples
234
Table 15-12 Telecommuter and Headquarters Configuration Example
234
Figure 15-10 Telecommuters Sharing One VPN Rule Example
235
VPN and Remote Management
236
Figure 15-11 Telecommuters Using Unique VPN Rules Example
236
Remote Management and Upnp
237
Chapter 16 Remote Management Screens
239
Remote Management Overview
239
Telnet
240
Configuring TELNET
241
Figure 16-1 Telnet Configuration on a TCP/IP Network
241
Figure 16-2 Telnet
241
Configuring FTP
242
Table 16-1 Telnet
242
Configuring WWW
243
Figure 16-3 FTP
243
Table 16-2 FTP
243
Figure 16-4 WWW
244
Table 16-3 WWW
244
Configuring SNMP
245
Figure 16-5 SNMP Management Model
245
Table 16-4 SNMP Traps
246
Configuring DNS
249
Table 16-5 SNMP
249
Configuring Security
250
Figure 16-7 DNS
250
Table 16-6 DNS
250
Figure 16-8 Security
251
Table 16-7 Security
251
Chapter 17 Upnp
253
Universal Plug and Play Overview
253
Upnp and Zyxel
254
Configuring Upnp
254
Figure 17-1 Configuring Upnp
255
Table 17-1 Configuring Upnp
255
Installing Upnp in Windows Example
256
Installing Upnp in Windows Xp
257
Using Upnp in Windows XP Example
258
Web Configurator Easy Access
260
Bandwidth Management
263
Chapter 18 Bandwidth Management Screens
265
Bandwidth Management Overview
265
Bandwidth Classes and Filters
265
Proportional Bandwidth Allocation
266
Bandwidth Management Usage Examples
266
Figure 18-1 Application-Based Bandwidth Management Example
267
Figure 18-2 Subnet-Based Bandwidth Management Example
267
Scheduler
268
Figure 18-3 Application and Subnet-Based Bandwidth Management Example
268
Table 18-1 Application and Subnet-Based Bandwidth Management Example
268
Maximize Bandwidth Usage
269
Figure 18-4 Bandwidth Allotment Example
270
Figure 18-5 Maximize Bandwidth Usage Example
271
Bandwidth Borrowing
272
Figure 18-6 Bandwidth Borrowing Example
273
Configuring Summary
274
Figure 18-7 Bandwidth Manager: Summary
275
Configuring Class Setup
276
Table 18-2 Bandwidth Manager: Summary
276
Figure 18-8 Bandwidth Manager: Class Setup
277
Table 18-3 Bandwidth Manager: Class Setup
277
Figure 18-9 Bandwidth Manager: Class Configuration
278
Figure 16-6 SNMP
280
Table 18-5Services and Port Numbers
280
Figure 18-10 Bandwidth Management Statistics
281
Table 18-6 Bandwidth Management Statistics
281
Configuring Monitor
282
Figure 18-11 Bandwidth Manager Monitor
282
Table 18-7 Bandwidth Manager Monitor
282
Logs
285
Chapter 19 Logs Screens
287
Configuring View Log
287
Figure 19-1 View Log
288
Configuring Log Settings
289
Table 19-1 View Log
289
Figure 19-2 Log Settings (Zywall 10W)
290
Table 19-2 Log Settings Screen (Zywall 10W)
291
Configuring Reports
292
Figure 19-3 Reports
293
Table 19-3 Reports
293
Figure 19-4 Web Site Hits Report Example
295
Table 19-4 Web Site Hits Report
295
Figure 19-5 Protocol/Port Report Example
296
Table 19-5 Protocol/ Port Report
296
Figure 19-6 LAN IP Address Report Example
297
Table 19-6 LAN IP Address Report
297
Table 19-7 Report Specifications
298
Maintenance
299
Chapter 20 Maintenance
301
Maintenance Overview
301
Status Screen
301
Figure 20-1 System Status
301
Table 20-1 System Status
302
Figure 20-2 System Status: Show Statistics
303
Table 20-2 System Status: Show Statistics
303
DHCP Table Screen
304
Figure 20-3 DHCP Table
304
Table 20-3 DHCP Table
304
F/W Upload Screen
305
Figure 20-4 Firmware Upgrade
305
Figure 20-5 Firmware Upgrade
306
Figure 20-6 Firmware Upload in Process
306
Figure 20-7 Network Temporarily Disconnected
306
Configuration Screen
307
Figure 20-8 Firmware Upload Error
307
Figure 20-9 Configuration
308
Figure 20-10 Reset Warning Message
309
Table 20-4 Restore Configuration
309
Figure 20-11 Configuration Upload Successful
310
Figure 20-12 Network Temporarily Disconnected
310
Figure 20-13 Configuration Upload Error
311
SMT General Configuration
313
Chapter 21 Introducing the SMT
315
Introduction to the SMT
315
Accessing the Console Port Via the Console Port
315
Figure 21-1 Initial Screen
315
Navigating the SMT Interface
316
Figure 21-2 Password Screen
316
Table 21-1 Main Menu Commands
316
Table 21-2 Main Menu Summary
317
Figure 21-3 Main Menu (Zywall 100)
317
Figure 21-4 Getting Started and Advanced Applications SMT Menus
319
Figure 21-5 Advanced Management SMT Menus
320
Changing the System Password
321
Figure 21-6 Schedule Setup and Ipsec VPN Configuration SMT Menus
321
Figure 21-7 Menu 23: System Password
321
Resetting the Zywall
322
Figure 21-8 Example Xmodem Upload
322
Chapter 22 SMT Menu 1 - General Setup
325
Introduction to General Setup
325
Configuring General Setup
325
Figure 22-1 Menu 1: General Setup
325
Table 22-1 General Setup Menu Field
325
Figure 22-2 Configure Dynamic DNS
326
Table 22-2 Configure Dynamic DNS Menu Fields
327
Chapter 23 WAN and Dial Backup Setup
329
Introduction to WAN and Dial Backup Setup
329
WAN Setup
329
Figure 23-1 MAC Address Cloning in WAN Setup
329
Dial Backup
330
Configuring Dial Backup in Menu 2
330
Table 23-1 MAC Address Cloning in WAN Setup
330
Figure 23-2 Menu 2: Dial Backup Setup
331
Table 23-2 Menu 2: Dial Backup Setup
331
Advanced WAN Setup
332
Figure 23-3 Menu 2.1 Advanced WAN Setup
332
Table 23-3 Advanced WAN Port Setup: at Commands Fields
332
Table 23-4 Advanced WAN Port Setup: Call Control Parameters
333
Remote Node Profile (Backup ISP)
334
Figure 23-4 Menu 11.1 Remote Node Profile (Backup ISP)
334
Table 23-5 Fields in Menu 11.1 Remote Node Profile (Backup ISP)
334
Editing PPP Options
336
Figure 23-5 Menu 11.2: Remote Node PPP Options
337
Figure 23-6 Remote Node PPP Options Menu Fields
337
Editing TCP/IP Options
338
Figure 23-7 Menu 11.3: Remote Node Network Layer Options
338
Table 23-6 Remote Node Network Layer Options Menu Fields
338
Editing Login Script
340
Remote Node Filter
342
Figure 23-8 Menu 11.4 - Remote Node Setup Script
342
Table 23-7 Remote Node Script Menu Fields
342
Figure 23-9 Menu 11.5: Dial Backup Remote Node Filter
343
Chapter 24 LAN Setup
345
Introduction to LAN Setup
345
Accessing the LAN Menus
345
LAN Port Filter Setup
345
Figure 24-1 Menu 3: LAN Setup
345
TCP/IP and DHCP Ethernet Setup Menu
346
Figure 24-2 Menu 3.1: LAN Port Filter Setup
346
Figure 24-3 Menu 3: TCP/IP and DHCP Setup
346
Figure 24-4 Menu 3.2: TCP/IP and DHCP Ethernet Setup
347
Table 24-1 DHCP Ethernet Setup Menu Fields
347
Table 24-2 LAN TCP/IP Setup Menu Fields
348
Figure 24-5 Menu 3.2.1: IP Alias Setup
349
Table 24-3 IP Alias Setup Menu Fields
349
Wireless LAN Setup
350
Figure 24-6 Menu 3.5 - Wireless LAN Setup
350
Table 24-4 Wireless LAN Setup Menu Fields
351
Chapter 25 DMZ Setup
353
Configuring DMZ Setup
353
DMZ Port Filter Setup
353
Figure 25-1 Menu 5: DMZ Setup
353
Figure 25-2 Menu 5.1: DMZ Port Filter Setup
353
TCP/IP Setup
354
Figure 25-3 Menu 5: TCP/IP Setup
354
Figure 25-4 Menu 5.2: TCP/IP Setup
355
Figure 25-5 Menu 5.2.1: IP Alias Setup
356
Chapter 26 Internet Access
357
Introduction to Internet Access Setup
357
Ethernet Encapsulation
357
Table 26-1 Menu 4: Internet Access Setup Menu Fields
357
Configuring the PPTP Client
359
Configuring the Pppoe Client
360
Figure 26-2 Internet Access Setup (PPTP)
360
Table 26-2 New Fields in Menu 4 (PPTP) Screen
360
Basic Setup Complete
361
Figure 26-3 Internet Access Setup (Pppoe)
361
Table 26-3 New Fields in Menu 4 (Pppoe) Screen
361
SMT Advanced Applications
363
Chapter 27 Remote Node Setup
365
Introduction to Remote Node Setup
365
Remote Node Setup
365
Remote Node Profile Setup
366
Figure 27-1 Menu 11 Remote Node Setup
366
Figure 27-2 Menu 11.1: Remote Node Profile for Ethernet Encapsulation
367
Figure 27-3 Menu 11.1: Remote Node Profile for Pppoe Encapsulation
369
Table 27-2 Fields in Menu 11.1 (Pppoe Encapsulation Specific)
370
Figure 27-4 Menu 11.1: Remote Node Profile for PPTP Encapsulation
371
Table 27-3 Fields in Menu 11.1 (PPTP Encapsulation)
371
Edit IP
372
Figure 27-5 Menu 11.3: Remote Node Network Layer Options for Ethernet Encapsulation
372
Table 27-4 Remote Node Network Layer Options Menu Fields
372
Remote Node Filter
374
Figure 27-6 Menu 11.5: Remote Node Filter (Ethernet Encapsulation)
375
Figure 27-7 Menu 11.5: Remote Node Filter (Pppoe or PPTP Encapsulation)
375
Figure 27-8 Menu 11.1: Remote Node Profile
376
Table 27-5 Menu 11.1: Remote Node Profile (Traffic Redirect Field)
376
Figure 27-9 Menu 11.6: Traffic Redirect Setup
377
Table 27-6 Traffic Redirect Setup
377
Chapter 28 IP Static Route Setup
379
IP Static Route Setup
379
Figure 28-1 Menu 12: IP Static Route Setup (Zywall 10W)
379
Figure 28-2 Menu 12. 1: Edit IP Static Route
380
Table 28-1 IP Static Route Menu Fields
380
Chapter 29 Network Address Translation (NAT)
383
Using NAT
383
Figure 29-1 Menu 4: Applying NAT for Internet Access
384
Figure 29-2 Menu 11.3: Applying NAT to the Remote Node
385
NAT Setup
386
Figure 29-3 Menu 15: NAT Setup
386
Figure 29-4 Menu 15.1: Address Mapping Sets
387
Figure 29-5 Menu 15.1.255: SUA Address Mapping Rules
387
Table 29-2 SUA Address Mapping Rules
387
Figure 29-6 Menu 15.1.1: First Set
388
Table 29-3 Fields in Menu 15.1.1
389
Figure 29-7 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set
390
Table 29-4 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set
390
Configuring a Server Behind NAT
391
Figure 29-8 Menu 15.2: NAT Server Setup (Zywall 10)
392
Figure 29-9 Multiple Servers Behind NAT Example
392
General NAT Examples
393
Figure 29-11 Menu 4: Internet Access & NAT Example
393
Figure 29-12 NAT Example 2
394
Figure 29-13 Menu 15.2: Specifying an Inside Server
395
Figure 29-14 NAT Example 3
396
Figure 29-15 Example 3: Menu 11.3
397
Figure 29-17 Example 3: Final Menu 15.1.1
398
Figure 29-19 NAT Example 4
399
Trigger Port Forwarding
400
Figure 29-20 Example 4: Menu 15.1.1.1: Address Mapping Rule
400
Figure 29-21 Example 4: Menu 15.1.1: Address Mapping Rules
400
Figure 29-22 Trigger Port Forwarding Process: Example
401
Figure 29-23 Menu 15.3-Trigger Port Setup
402
Table 29-5 Menu 15.3-Trigger Port Setup Description
403
Chapter 30 Introducing the Zywall Firewall
405
Using Zywall SMT Menus
405
Figure 30-1 Menu 21: Filter and Firewall Setup
405
Figure 30-2 Menu 21.2: Firewall Setup
406
Advertisement
ZyXEL Communications ZyXEL ZYWALL10 User Manual (267 pages)
Internet Security Gateway
Brand:
ZyXEL Communications
| Category:
Gateway
| Size: 2.97 MB
Table of Contents
Copyright
2
Federal Communications Commission (FCC) Interference Statement
3
Information for Canadian Users
4
Declaration of Conformity
5
Zyxel Limited Warranty
7
Customer Support
8
Table of Contents
9
List of Figures
17
Preface
27
Getting Started
29
Chapter 1 Getting to Know Your Zywall
31
The Zywall 10 Internet Security Gateway
31
Features of the Zywall 10
31
Firewall and Content Filters
31
Applications for Zywall 10
33
Broadband Internet Access Via Cable or Xdsl Modem
33
Figure 1-1 Secure Internet Access Via Cable
34
Figure 1-2 Secure Internet Access Via DSL
34
Chapter 2 Hardware Installation & Initial Setup
35
Front Panel Leds and Back Panel Ports
35
Front Panel Leds
35
Figure 2-1 Front Panel
35
Table 2-1 LED Functions
35
Zywall 10 Rear Panel and Connections
36
Figure 2-2 Zywall 10 Rear Panel and Connections
36
Additional Installation Requirements
37
Turn on Your Zywall
38
Navigating the SMT Interface
38
Figure 2-3 Initial Screen
38
Figure 2-4 Password Screen
38
Table 2-2 Main Menu Commands
39
Figure 2-5 Zywall 10 Main Menu
40
Main Menu
40
System Management Terminal Interface Summary
41
Table 2-3 Main Menu Summary
41
Figure 2-6 SMT Menus at a Glance
42
SMT Menus at a Glance
42
Changing the System Password
43
Resetting the Zywall
43
General Setup
43
Figure 2-7 Menu 23 - System Password
43
Dynamic DNS
44
Figure 2-8 Menu 1 - General Setup
44
Procedure for Configuring Menu 1
44
Configuring Dynamic DNS
45
Figure 2-9 Configure Dynamic DNS
45
Table 2-4 General Setup Menu Field
45
WAN Setup
46
Table 2-5 Configure Dynamic DNS Menu Fields
46
LAN Setup
47
Figure 2-10 Menu 2 - WAN Setup
47
Table 2-6 WAN Setup Menu Fields
47
Figure 2-11 Menu 3 - LAN Setup
48
Figure 2-12 Menu 3.1 - LAN Port Filter Setup
48
LAN Port Filter Setup
48
Chapter 3 Internet Access
49
TCP/IP and DHCP for LAN
49
Factory LAN Defaults
49
DHCP Configuration
49
IP Address and Subnet Mask
50
Private IP Addresses
50
RIP Setup
51
IP Multicast
51
IP Alias
52
TCP/IP and DHCP Ethernet Setup
52
Figure 3-1 Physical Network
52
Figure 3-3 Menu 3 - LAN Setup
53
Figure 3-4 Menu 3.2 - TCP/IP and DHCP Ethernet Setup
53
Table 3-1 DHCP Ethernet Setup Menu Fields
54
Table 3-2 LAN TCP/IP Setup Menu Fields
54
Figure 3-5 Menu 3.2.1 - IP Alias Setup
55
IP Alias Setup
55
Internet Access Setup
56
Ethernet Encapsulation
56
Table 3-3 IP Alias Setup Menu Fields
56
Figure 3-6 Menu 4 - Internet Access Setup (Ethernet)
57
Table 3-4 Internet Access Setup Menu Fields
57
PPTP Encapsulation
58
Configuring the PPTP Client
58
Pppoe Encapsulation
59
Figure 3-7 Internet Access Setup (PPTP)
59
Table 3-5 New Fields in Menu 4 (PPTP) Screen
59
Figure 3-8 Internet Access Setup (Pppoe)
60
Table 3-6 New Fields in Menu 4 (Pppoe) Screen
60
Basic Setup Complete
61
Advanced Applications
62
Chapter 4 Remote Node Setup
63
Remote Node Profile
63
Ethernet Encapsulation
63
Figure 4-1 Menu 11.1 - Remote Node Profile for Ethernet Encapsulation
63
Pppoe Encapsulation
65
Figure 4-2 Menu 11.1 - Remote Node Profile for Pppoe Encapsulation
65
Nailed-Up Connection
65
PPTP Encapsulation
66
Table 4-2 Fields in Menu 11.1 (Pppoe Encapsulation Specific)
66
Figure 4-3 Menu 11.1 - Remote Node Profile for PPTP Encapsulation
67
Table 4-3 Fields in Menu 11.1 (PPTP Encapsulation)
67
Editing TCP/IP Options (with Ethernet Encapsulation)
68
Figure 4-4 Menu 11.3 - Remote Node Network Layer Options
68
Table 4-4 Remote Node Network Layer Options Menu Fields
68
Editing TCP/IP Options (with PPTP Encapsulation)
69
Figure 4-5 Menu 11.3 - Remote Node Network Layer Options
70
Table 4-5 Remote Node Network Layer Options Menu Fields
70
Editing TCP/IP Options (with Pppoe Encapsulation)
71
Remote Node Filter
71
Figure 4-6 Menu 11.5 - Remote Node Filter (Ethernet Encapsulation)
72
Figure 4-7 Menu 11.5 - Remote Node Filter (Pppoe or PPTP Encapsulation)
72
Chapter 5 IP Static Route Setup
73
IP Static Route Setup
73
Figure 5-1 Example of Static Routing Topology
73
Figure 5-2 Menu 12 - IP Static Route Setup
74
Figure 5-3 Menu 12. 1 - Edit IP Static Route
74
Table 5-1 IP Static Route Menu Fields
75
Chapter 6 Network Address Translation (NAT)
77
Introduction
77
NAT Definitions
77
What NAT Does
77
Table 6-1 NAT Definitions
77
How NAT Works
78
Figure 6-1 How NAT Works
78
NAT Mapping Types
79
Table 6-2 NAT Mapping Types
79
SUA (Single User Account) Versus NAT
80
NAT Application
80
SMT Menus
81
Applying NAT in the SMT Menus
81
Figure 6-2 NAT Application
81
Figure 6-3 Menu 4 - Applying NAT for Internet Access
82
Figure 6-4 Menu 11.3 - Applying NAT to the Remote Node
82
Configuring NAT
83
Address Mapping Sets and NAT Server Sets
83
Figure 6-5 Menu 15 - NAT Setup
83
Figure 6-6 Menu 15.1 - Address Mapping Sets
84
Figure 6-7 Menu 15.1.255 - SUA Address Mapping Rules
84
Table 6-4 SUA Address Mapping Rules
85
Figure 6-8 Menu 15.1.1 - First Set
86
Figure 6-9 Menu 15.1.1.1 - Editing an Individual Rule in a Set
87
NAT Server Sets
88
Table 6-6 Menu 15.1.1.1 - Configuring an Individual Rule
88
Configuring a Server Behind NAT
89
Figure 6-10 Multiple Servers Behind NAT
89
Multiple Servers Behind NAT
89
Figure 6-11 Menu 15.2 - NAT Server Setup
90
Table 6-7 Services & Port Numbers
90
Examples
91
Internet Access Only
91
Figure 6-12 Nat Example
91
Figure 6-13 Menu 4 - Internet Access & NAT Example
91
Example 2: Internet Access with an Inside Server
92
Figure 6-14 Nat Example
92
Figure 6-15 Menu 15.2 - Specifying an Inside Server
92
Example 3: General Case
93
Figure 6-17 Example 3: Menu
94
Figure 6-18 Example 3: Menu
94
Example 4: NAT Unfriendly Application Programs
96
Figure 6-22 Example 4: Menu 15.1.1.1 - Address Mapping Rule
97
Figure 6-23 Example 4: Menu 15.1.1 - Address Mapping Rules
97
Advanced Management
98
Chapter 7 Filter Configuration
100
About Filtering
100
Figure 7-1 Outgoing Packet Filtering Process
100
The Filter Structure of the Zywall
101
Figure 7-2 Filter Rule Process
102
Configuring a Filter Set
103
Figure 7-4 Menu 21 - Filter and Firewall Setup
103
Figure 7-5 Menu 21.1 - Filter Set Configuration
103
Figure 7-6 Netbios_Wan Filter Rules Summary
104
Figure 7-7 Netbios _LAN Filter Rules Summary
104
Figure 7-8 TEL_FTP_WEB_WAN Filter Rules Summary
104
Filter Rules Summary Menu
105
Table 7-1 Abbreviations Used in the Filter Rules Summary Menu
105
Table 7-2 Rule Abbreviations Used
105
Configuring a Filter Rule
106
Figure 7-9 Menu 21.1.1.1 - TCP/IP Filter Rule
106
TCP/IP Filter Rule
106
Table 7-3 TCP/IP Filter Rule Menu Fields
107
Figure 7-10 Executing an IP Filter
109
Figure 7-11 Menu 21.4.1.1 - Generic Filter Rule
110
Generic Filter Rule
110
Table 7-4 Generic Filter Rule Menu Fields
111
Example Filter
112
Figure 7-12 Telnet Filter Example
112
Figure 7-13 Example Filter - Menu 21.1.1.1
113
Filter Types and NAT
114
Applying a Filter and Factory Defaults
115
LAN Traffic
115
Figure 7-15 Protocol and Device Filter Sets
115
Firewall
115
Figure 7-16 Filtering LAN Traffic
116
Figure 7-17 Filtering Remote Node Traffic
116
Remote Node Filters
116
Chapter 8 SNMP Configuration
118
About SNMP
118
Configuring SNMP
118
Figure 8-1 Menu 22 - SNMP Configuration
118
Table 8-1 SNMP Configuration Menu Fields
119
Chapter 9 System Information & Diagnosis
120
System Status
120
Figure 9-1 Menu 24 - System Maintenance
120
Figure 9-2 Menu 24.1 - System Maintenance - Status
121
Table 9-1 System Maintenance - Status Menu Fields
121
System Information and Console Port Speed
122
Figure 9-3 Menu 24.2 - System Information and Console Port Speed
122
Figure 9-4 Menu 24.2.1 - System Maintenance - Information
123
System Information
123
Table 9-2 Fields in System Maintenance - Information
123
Console Port Speed
124
Log and Trace
124
Viewing Error Log
124
Figure 9-5 Menu 24.2.2 - System Maintenance - Change Console Port Speed
124
UNIX Syslog
125
Figure 9-6 Menu 24.3 - System Maintenance - Log and Trace
125
Figure 9-7 Examples of Error and Information Messages
125
Figure 9-8 Menu 24.3.2 - System Maintenance - UNIX Syslog
125
Table 9-3 System Maintenance Menu Syslog Parameters
126
Packet Triggered
127
Firewall Log
128
Ppp Log
128
Call-Triggering Packet
129
Diagnostic
129
Figure 9-9 Call-Triggering Packet Example
129
Figure 9-10 Menu 24.4 - System Maintenance - Diagnostic
130
Wan Dhcp
130
Figure 9-11 WAN & LAN DHCP
131
Table 9-4 System Maintenance Menu Diagnostic
131
Chapter 10 Firmware and Configuration File Maintenance
132
Filename Conventions
132
Firmware Development
133
Backup Configuration
133
Figure 10-1 System Maintenance - Backup Configuration
133
Table 10-1 Filename Conventions
133
Backup Configuration Using Telnet
134
Example: Backup Configuration Using Hyperterminal
134
Figure 10-2 Example: Backup Configuration
134
Figure 10-4 Telnet into Menu 24.5 - Backup Configuration
134
Restore Configuration
135
Example: Restore Configuration Using Hyperterminal
135
Figure 10-5 System Maintenance - Restore Configuration
135
Figure 10-6 Example: Restore Configuration
135
Upload Firmware
136
Uploading the Router Firmware
136
Figure 10-8 Telnet into Menu 24.6 Restore Configuration
136
Figure 10-9 Menu 24.7 - System Maintenance - Upload Firmware
136
Example: Xmodem Upload Using Hyperterminal
137
Uploading Router Configuration File
137
Figure 10-10 Menu 24.7.1 - System Maintenance - Upload Router Firmware
137
Figure 10-11 Example: Xmodem Upload
137
TFTP File Transfer
138
Figure 10-12 Menu 24.7.2 - System Maintenance - Upload Router Configuration File
138
Example: TFTP Command
139
Table 10-2 Third Party TFTP Clients - General Commands
139
FTP File Transfer
140
Figure 10-13 Telnet into Menu
141
Figure 10-14 Telnet into Menu 24.7.2 - System Maintenance
141
Figure 10-15 FTP Session Example
142
Using the FTP Command from the DOS Prompt
142
Table 10-3 Third Party FTP Clients - General Fields
143
Chapter 11 System Maintenance & Information
144
Command Interpreter Mode
144
Figure 11-1 Command Mode in Menu
144
Figure 11-2 Valid Commands
144
Call Control Support
145
Budget Management
145
Figure 11-3 Call Control
145
Figure 11-4 Budget Management
145
Call History
146
Table 11-1 Budget Management
146
Figure 11-5 Call History
147
Table 11-2 Call History Fields
147
Time and Date Setting
147
Figure 11-6 Menu 24 - System Maintenance
148
Figure 11-7 Menu 24.10 System Maintenance - Time and Date Setting
148
How Often Does the Zywall Update the Time
149
Table 11-3 Time and Date Setting Fields
149
Figure 11-8 Menu 24.11 - Remote Management Control
150
Remote Management Setup
150
Table 11-4 Menu 24.11 - Remote Management Control
150
Boot Commands
151
Figure 11-9 Option to Enter Debug Mode
151
Figure 11-10 Boot Module Commands
152
Chapter 12 Telnet Configuration and Capabilities
154
About Telnet Configuration
154
Telnet under NAT
154
Telnet Capabilities
154
Single Administrator
154
Figure 12-1 Telnet Configuration on a TCP/IP Network
154
System Timeout
155
Telnet Behind the Firewall
155
Firewall and Content Filters
156
Chapter 13 What Is a Firewall
158
Types of Firewalls
158
Packet Filtering Firewalls
158
Application-Level Firewalls
158
Stateful Inspection Firewalls
159
Introduction to Zyxel's Firewall
159
Denial of Service
160
Basics
160
Figure 13-1 Zywall Firewall Application
160
Types of Dos Attacks
161
Table 13-1 Common IP Ports
161
Figure 13-2 Three-Way Handshake
162
Figure 13-3 SYN Flood
162
Stateful Inspection
163
Figure 13-4 Smurf Attack
163
Figure 13-5 Stateful Inspection
164
Stateful Inspection Process
164
Stateful Inspection & the Zywall
165
TCP Security
165
UDP/ICMP Security
166
Upper Layer Protocols
166
Guidelines for Enhancing Security with Your Firewall
166
Security in General
167
Chapter 14 Introducing the Zywall Firewall
170
SMT Menus
170
Figure 14-1 SMT Main Menu
170
Figure 14-2 Menu 21 - Filter and Firewall Setup
170
Attack Types
171
Figure 14-3 Menu 21.2 - Firewall Setup
171
View Firewall Log
171
Table 14-1 ICMP Commands that Trigger Alerts
172
Table 14-2 Legal Netbios Commands
172
Table 14-3 Legal SMTP Commands
172
Figure 14-4 View Firewall Log
173
Syn Flood
173
The Big Picture - Filtering, Firewall and NAT
174
Table 14-4 View Firewall Log
174
Packet Filtering Vs Firewall
175
Packet Filtering
175
Figure 14-5 Big Picture - Filtering, Firewall and NAT
175
Firewall
176
Chapter 15 Introducing the Zywall Web Configurator
178
Web Configurator Login and Welcome Screens
178
Figure 15-1 Login Screen as Seen in Netscape
178
Figure 15-2 Zywall Web Configurator Welcome Screen
179
Enabling the Firewall
180
E-Mail
180
What Are Alerts
180
Figure 15-3 Enabling the Firewall
180
What Are Logs
181
Figure 15-4 E-Mail Screen
181
Table 15-1 E-Mail
182
SMTP Error Messages
183
Example E-Mail Log
183
Table 15-2 SMTP Error Messages
183
Attack Alert
184
Threshold Values
184
Figure 15-5 E-Mail Log
184
Half-Open Sessions
185
Figure 15-6 Attack Alert
186
Table 15-3 Attack Alert
187
Advertisement
Related Products
ZyXEL Communications ZyWall1
ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0
ZyXEL Communications ZYWALL - CLI
ZyXEL Communications ZYWALL2 ET 2WE
ZyXEL Communications ZyWALL USG 50
ZyXEL Communications ZYWALL USG 20
ZyXEL Communications ZYWALL USG CLI
ZyXEL Communications ZYWALL 200
ZyXEL Communications ZyWALL 5 Series
ZyXEL Communications ZyWALL 35 Series
ZyXEL Communications Categories
Gateway
Network Router
Switch
Wireless Router
Adapter
More ZyXEL Communications Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL