ZyXEL Communications VANTAGE CNM - V3.1 User Manual

Centralized network management

Table of Contents

Quick Links

Download this manual

Vantage CNM

Centralized Network Management

User's Guide

Version 3.1

9/2008

Edition 2

www.zyxel.com

Table of Contents

Troubleshooting

Summary of Contents for ZyXEL Communications VANTAGE CNM - V3.1

Page 1 Vantage CNM Centralized Network Management User’s Guide Version 3.1 9/2008 Edition 2 www.zyxel.com...
Page 3: About This User's Guide
The User’s Guide for each device provides more information about the device, its features, and its configuration. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead.
Page 4 About This User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw Vantage CNM User’s Guide...
Page 5: Document Conventions
• Vantage Report may be referred to as “Vantage Report” or “VRPT” in this User’s Guide. • A device that is managed by Vantage CNM may be referred to as the “ZyXEL device,” “device,” or the “system” in this User’s Guide.
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. Device icons are not an exact representations of your devices. Device (example) Computer Notebook computer Server DSLAM Telephone Switch Router Vantage CNM User’s Guide...
Page 7: Contents Overview
Contents Overview Contents Overview Introducing Vantage CNM ......................33 Introduction ..........................35 GUI Introduction ........................37 Device Operation ........................55 Load or Save Building Blocks (BB) .................... 57 Device General Settings ......................59 Device Network Settings ......................63 Device Security Settings ......................117 Device Advanced Settings .......................
Page 8 Contents Overview License ..........................353 About CNM ..........................355 Account Management ......................357 User Group ..........................359 Account ............................ 363 Troubleshooting ........................367 Troubleshooting ........................369 Appendices and Index ......................373 Vantage CNM User’s Guide...
Page 9: Table Of Contents
About This User's Guide ......................3 Document Conventions......................5 Contents Overview ........................7 Chapter 1 Introducing Vantage CNM ...................... 33 1.1 Overview ..........................33 1.2 Ways to Manage Vantage CNM ..................34 1.3 Suggestions for Using Vantage CNM .................. 34 Part I: Introduction.................
Page 10 5.3 WAN General (ZyNOS ZyWALL) ..................71 5.3.1 WAN1 (ZyNOS ZyWALL with one WAN port) ............73 5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports) ........81 5.3.3 WAN2 (ZyNOS ZyWALL with 3G WAN) ..............89 5.3.4 Dial Backup (ZyNOS ZyWALL) .................. 94 5.3.5 Advanced Modem Setup (ZyNOS ZyWALL) ..............
Page 11 6.8 General Setup ........................159 6.9 IDP Signatures ........................160 6.9.1 Attack Types ......................160 6.9.2 Intrusion Severity ....................162 6.9.3 Signature Actions ....................162 6.9.4 Configuring IDP Signatures ..................163 6.9.5 Query View ....................... 165 6.9.6 Protocol Anomaly ..................... 167 6.10 Signature Update ......................
Page 12 7.14 Remote MGMT ........................ 212 Chapter 8 Device Log..........................217 8.1 Device Log ......................... 217 Chapter 9 Device Configuration Management..................221 9.1 Synchronization (Device) ....................221 9.2 Synchronization (Folder) ....................222 9.3 Configuration File Management ..................223 9.3.1 Backup & Restore (Device) ..................224 9.3.2 Backup a Device ......................
Page 13 11.1.2 Service ........................251 11.2 License Status ......................... 252 11.2.1 Activate/Upgrade License ..................253 11.3 Signature Status ......................253 Part III: VPN Management ..............255 Chapter 12 VPN Community........................257 12.1 VPN Community ......................257 12.1.1 Add/Edit a VPN Community ................... 258 Chapter 13 Installation Report ........................
Page 14 16.5 Alert Report ........................294 16.6 Monitor Setting ........................ 297 16.6.1 Notification Setting ....................297 16.6.2 Notification ......................298 16.6.3 Monitor Interval ..................... 299 Chapter 17 Device HA Status Monitor ....................301 17.1 Device HA Status ......................301 Chapter 18 Device Alarm .........................
Page 15 21.4 Opening Vantage Report in Vantage CNM ..............325 Part VI: CNM System Setting .............. 327 Chapter 22 CNM System Setting......................329 22.1 Servers Configuration ...................... 329 22.1.1 Vantage CNM Server Public IP Address ..............331 22.2 Servers Status ......................... 331 22.3 User Access ........................
Page 16 Chapter 27 About CNM ..........................355 27.1 About CNM ........................355 Part VII: Account Management ............357 Chapter 28 User Group ..........................359 28.1 Group ..........................359 28.1.1 Add User Group ..................... 360 Chapter 29 Account..........................363 29.1 “Root” Administrator ......................363 29.2 “Super”...
Page 17 Appendix F Common Services..................... 413 Appendix G Importing Certificates..................417 Appendix H Open Software Announcements............... 423 Appendix I Legal Information....................447 Appendix J Customer Support ..................... 449 Index............................455 Vantage CNM User’s Guide...
Page 18 Vantage CNM User’s Guide...
Page 19 Figure 1 Vantage CNM Application ......................33 Figure 2 Main Screen ..........................37 Figure 3 Device Window: Topology ....................... 39 Figure 4 Folder Right-Click Options ....................... 41 Figure 5 Device Window: Topology: Right Click to Add a Folder ............41 Figure 6 Device Window: Topology: Add Folder ...................
Page 20 Figure 39 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) ..................87 Figure 40 Device Configuration > Network > WAN > 3G(WAN 2) ............91 Figure 41 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) Figure 42 Device Operation >...
Page 21 Figure 74 Device Operation > Device Configuration > Security > IDP > Signature ......163 Figure 75 Device Operation > Device Configuration > Security > IDP > Signature (Query View) ..165 Figure 76 Device Operation > Device Configuration > Security > IDP > Anomaly ....... 167 Figure 77 Device Operation >...
Page 22 Figure 111 Device Operation > Configuration Management >Configuration Management > Configuration File Management > Backup (Folder) ................228 Figure 112 Device Operation > Configuration Management > Configuration File Management > Restore (Folder) ........................229 Figure 113 Device Operation > Configuration Management > Configuration File Management > Schedule List (Device) ........................
Page 23 Figure 143 VPN Management > Installation Report ................263 Figure 144 VPN Management > Installation Report > Show Detail ............264 Figure 145 VPN Management > VPN Monitor > By Community ............265 Figure 146 VPN Management > VPN Monitor > By Community > Show Detail ........266 Figure 147 VPN Management >...
Page 24 Figure 185 Log & Report > Operation Report > Configuration Report (Device) ........311 Figure 186 Log & Report > Operation Report > Configuration Report (Group) ........312 Figure 187 Log & Report > Operation Report > Configuration Report > Show Details ......313 Figure 188 Log &...
Page 25 Figure 222 Account Management > Group > Add ................360 Figure 223 Account Management > Account ..................364 Figure 224 Account Management > Account > Add/Edit ..............365 Figure 225 WIndows 95/98/Me: Network: Configuration ..............380 Figure 226 Windows 95/98/Me: TCP/IP Properties: IP Address ............381 Figure 227 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ..........
Page 26 Figure 265 Certificate General Information before Import ..............418 Figure 266 Certificate Import Wizard 1 ....................419 Figure 267 Certificate Import Wizard 2 ....................419 Figure 268 Certificate Import Wizard 3 ....................420 Figure 269 Root Certificate Store ......................420 Figure 270 Certificate General Information after Import ...............
Page 27 Table 1 Menu Bar Icon Description ....................... 38 Table 2 Title Bar Icon Description ......................39 Table 3 Device Window: Topology ......................40 Table 4 Device Window: Icons ......................40 Table 5 Device Window: Folder Icons ....................40 Table 6 Device Window: Device Icons ....................42 Table 7 Configuration Screen: Device List ....................
Page 28 Table 37 Wireless Card: 802.1x + Static WEP ..................114 Table 38 Wireless Card: 802.1x + No WEP ..................114 Table 39 Wireless Card: No Access 802.1x + Static WEP ..............115 Table 40 Wireless Card: No Access 802.1x + No WEP ..............115 Table 41 Device Operation >...
Page 29 Table 74 Device Operation > Device Configuration > Security > Content Filter > Policy > Schedule . 187 Table 75 Device Operation > Device Configuration > Security > Content Filter > Object ....189 Table 76 Device Operation > Device Configuration > Security > Content Filter > Cache ....190 Table 77 Device Operation >...
Page 30 Table 108 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore > Restore (Folder) ..................236 Table 109 Device Operation > Configuration Management > Signature Profile Management > Reset to Factory ........................237 Table 110 Device Operation > Configuration Management > Building Block > Configuration BB ..237 Table 111 Device Operation >...
Page 31 Table 147 Monitor > 3G Monitor > Monitor Setting > Notification Setting .......... 297 Table 148 Monitor > 3G Monitor > Monitor Setting > Monitor Interval ..........299 Table 149 Monitor > Device HA Status ....................301 Table 150 Monitor > Device Alarm > Alarm Severity ................303 Table 151 Monitor >...
Page 32 Table 187 Firmware Specifications ..................... 375 Table 188 Feature Specifications ......................376 Table 189 ZyXEL Device and the Corresponding Firmware Version Vantage CNM Supports ... 376 Table 190 Trusted CAs (Keystore type: jks, Keystore provider: SUN) ..........376 Table 191 Port Number Specifications ....................378 Table 192 System Notifications Specifications ..................
Page 33: Introducing Vantage Cnm
Vantage CNM. 1.1 Overview Vantage Centralized Network Management (“Vantage CNM”) helps network administrators monitor and manage a distributed network of ZyXEL network devices. A typical application is shown in the following example. Figure 1 Vantage CNM Application In this example, you use the Vantage CNM web configurator (A) to access the Vantage CNM server (B).
Page 34: Ways To Manage Vantage Cnm
Chapter 1 Introducing Vantage CNM 1.2 Ways to Manage Vantage CNM Use the web configurator to access and manage Vantage CNM. See the Quick Start Guide for instructions to access the web configurator and this User’s Guide for more information about the screens.
Page 35: Part I Introduction
Introduction Introducing Vantage CNM (33) GUI Introduction (37)
Page 37: Chapter 2 Gui Introduction
H A P T E R GUI Introduction See the Quick Start Guide for instructions about installing, setting up, and accessing Vantage CNM. This chapter introduces the Vantage CNM main screen. Figure 2 Main Screen The main screen consists of three main parts and are numbered in the sequence you typically follow to configure a device.
Page 38: Menu Bar
Chapter 2 GUI Introduction 5 Configuration window: Displays the configuration screens that you set for Vantage CNM or a selected device. For security reasons, Vantage CNM automatically times out after fifteen minutes of inactivity. Log in again if this happens. Each part is discussed in more detail in the following sections.
Page 39: Title Bar
Chapter 2 GUI Introduction 2.2 Title Bar The following table describes the icons in the title bar. Table 2 Title Bar Icon Description ICON DESCRIPTION This icon displays with a hi to the current login user. Click this icon to display the dashboard in the configuration window. Click this icon to open a window to display real-time Vantage CNM system logs.
Page 40 Chapter 2 GUI Introduction The following table describes the labels in the Device window. Table 3 Device Window: Topology LABEL DESCRIPTION Topology Click Topology to display device groups in a tree structure. Search Click Search to look for device(s). There are a couple icons in the device window that perform additional functions related to views.
Page 41 Chapter 2 GUI Introduction Table 5 Device Window: Folder Icons (continued) Icon Status Description Off_ Alarm_Pending-Closed This is a closed folder, which contains one or some offline devices. Some devices with an alarm while some with pending tasks. Off_ Alarm_Pending-Open This is a opened folder, which contains one or some offline devices.
Page 42 Chapter 2 GUI Introduction 2.3.1.1.2 Delete a Folder Deleting a folder also deletes all the associated device(s). Follow the steps below to delete a group. 1 In the device window, click Topology. 2 Right-click on a folder and click Delete Folder. 3 A warning screen displays.
Page 43 Chapter 2 GUI Introduction Table 6 Device Window: Device Icons (continued) Icon Description On_Alarm This is a device turned on with an alarm. Off_Alarm This is a device turned off with an alarm. On_Pending This is a device turned on with pending tasks. Off_Pending This is a device turned off with pending tasks.
Page 44 Chapter 2 GUI Introduction Figure 11 Device Window: Topology: Add/Edit Device (ZyNOS) Figure 12 Device Window: Topology: Add/Edit Device (ZLD) The following table describes the labels in this screen. Table 7 Configuration Screen: Device List LABEL DESCRIPTION LAN MAC Enter the LAN MAC address of the device (without colons) in this field. Vantage CNM (Hex) uses the MAC address to identify the device, so make sure it is entered correctly.
Page 45 Unknown if you don’t know the device’s firmware version or you cannot find your device’s current firmware version from the list. Note: Not all ZyXEL devices can work with Vantage CNM. See Quick Start Guide for the supported device models and firmware versions.
Page 46 Chapter 2 GUI Introduction 4 After clicking Apply and a new device icon displays. 2.3.1.2.2 Delete a Device Follow the steps below to delete a group. 1 In the device window, click Topology. 2 Right-click on a device and click Delete Device. 3 A warning screen displays.
Page 47: Device Search
Chapter 2 GUI Introduction Figure 15 Device Window: Topology: Delete Device Warning 3 The device’s web configurator appears via a HTTP or HTTPS connection. You can change the device login setting by editing a device. Refer to Figure 11 on page 2.3.2 Device Search Use the Search function in the device window to look for device(s).
Page 48 Chapter 2 GUI Introduction Table 8 Navigation Panel: Menu Summary - Device Operation DEVICE OPERATION ZYNOS-BASED DEVICE ZLD-BASED DEVICE PRESTIGE Device Configuration Device Configuration Device Configuration Load or Save BB Network Load or Save BB General Interface General System Routing System Tim Setting Time Setting...
Page 49 Chapter 2 GUI Introduction Following are the other menus. Table 9 Navigation Panel: Menu Summary - Others VPN MANAGEMENT MONITOR LOG & REPORT VPN Community Device Status Operation Report Installation Report 3G Monitor Firmware Upgrade Report Configuration Report VPN Monitor 3G Summary Configuration File Backup &...
Page 50 Chapter 2 GUI Introduction Table 10 Navigation Panel Links (continued) LINK DESCRIPTION Device Status This link takes you to a screen where you can monitor device general information (ex. firmware version, WAN IP address, LAN MAC address, and so on) and current status.
Page 51: Security Risk Pop-Up Messages In Internet Explorer 7.0
Chapter 2 GUI Introduction click a sub-menu in the navigation panel, the corresponding information displays in the configuration window. If you select VPN Management, Log & Report (sub-menu VRPT), CNM System Setting or Account Management in the menu bar, click a sub-menu in the navigation panel, the corresponding information displays in the configuration window.
Page 52 Chapter 2 GUI Introduction Figure 18 CNM System Setting > Configuration > Certificate Management > Create CSR > CSR Key 7 The Certificate Management screen appears. Click Import Certificate. The following screen appears. Figure 19 CNM System Setting > Configuration > Certificate Management > Import Certificate 8 Enter the signed certificate file path and click Apply.
Page 53 Chapter 2 GUI Introduction 12 Certificate screen appears. Click Install Certificate and follow instruction to install the new certificate. Vantage CNM User’s Guide...
Page 54 Chapter 2 GUI Introduction Vantage CNM User’s Guide...
Page 55: Part Ii: Device Operation
Device Operation This menu only appear if you select a device. For ZLD-based device, this menu appear when the device status is on. The menus and screens may vary depending on the device model you select. Table 8 on page 48 for the device model and the corresponding firmware version CNM supports.
Page 57: Load Or Save Building Blocks (Bb)
H A P T E R Load or Save Building Blocks (BB) A BB is a building block used to build a device configuration using Vantage CNM. A device BB is a combination of configuration BBs, which vary by model. A device can have only one Device BB.
Page 58 Chapter 3 Load or Save Building Blocks (BB) Figure 21 Device Operation > Device Configuration > Load or Save BB This screen displays the type of the selected device, each type of building block, and a summary of the information in each type of building block. Click the Load a BB icon to load a building block to the selected device.
Page 59: Device General Settings
H A P T E R Device General Settings This section configures device general settings. 4.1 System Use this screen to set the password, system name, domain name, idle timeout, and DNS servers for the device. Please see the device’s User’s Guide for more information about any of these screens or fields.
Page 60: Time Setting
Chapter 4 Device General Settings Table 11 Device Operation > Device Configuration > General > System (continued) FIELD DESCRIPTION Apply Click this to save your changes to the device. Reset Click this to begin configuring the screen afresh. 4.2 Time Setting Use this screen to configure the time settings on the device.
Page 61 Chapter 4 Device General Settings Table 12 Device Operation > Device Configuration > General > Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the first Sunday of April.
Page 62 Chapter 4 Device General Settings Vantage CNM User’s Guide...
Page 63: Device Network Settings
Device Network Settings The screens explained network settings such as LAN, WAN, wireless card. The menus and screens may vary for different ZyXEL products. For example, click Device Configuration > Network Interface for ZLD-based device’s network settings. This document uses the ZyNOS ZyWALL settings for each screen description. For ZLD-based settings, please see device’s User’s Guide for the detailed information.
Page 64 Chapter 5 Device Network Settings Figure 27 Device Operation > Device Configuration > Network > LAN > LAN (ZyNOS ZyWALL) Vantage CNM User’s Guide...
Page 65 Chapter 5 Device Network Settings The following table describes the fields in this screen. Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL) LABEL DESCRIPTION DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (workstations) to obtain TCP/IP configuration at startup from a server.
Page 66 Chapter 5 Device Network Settings Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL) LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the device sends (it recognizes both formats when receiving). RIP-1 is universally supported but RIP-2 carries more information.
Page 67: Lan (Prestige)
Chapter 5 Device Network Settings Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL) LABEL DESCRIPTION Allow between LAN Select this check box to forward NetBIOS packets from the LAN to the WLAN and WLAN and from the WLAN to the LAN. Clear this check box to block all NetBIOS packets going from the LAN to the WLAN and from the WLAN to the LAN.
Page 68 Chapter 5 Device Network Settings The following table describes the fields in this screen. Table 14 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) LABEL DESCRIPTION DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
Page 69: Static Dhcp
Chapter 5 Device Network Settings Table 14 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) LABEL DESCRIPTION Active Select this option to activate the Any-IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the device are not in the same subnet.
Page 70: Ip Alias
Chapter 5 Device Network Settings Table 15 Device Operation > Device Configuration > Network > LAN > Static DHCP LABEL DESCRIPTION Apply Click this to save your changes back to the device. Reset Click this to begin configuring this screen afresh. 5.2.2 IP Alias This section refers only to the LAN screen, but the information is applicable for the LAN, WLAN, and DMZ screens.
Page 71: Wan General (Zynos Zywall)
Chapter 5 Device Network Settings Table 16 Device Operation > Device Configuration > Network > LAN > IP Alias (continued) LABEL DESCRIPTION IP Subnet Mask The device automatically calculates the subnet mask based how many aliases you select. See also the appendices for more information on IP subnetting. RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers.
Page 72 Chapter 5 Device Network Settings Figure 31 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) The following table describes the fields in this screen. Table 17 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) LABEL DESCRIPTION...
Page 73: Wan1 (Zynos Zywall With One Wan Port)
Chapter 5 Device Network Settings Table 17 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION Fail Tolerance Type the number of times the device may attempt and fail to connect to the Internet before traffic is forwarded to the backup gateway.
Page 74 Chapter 5 Device Network Settings Figure 32 Device Operation > Device Configuration > Network > WAN > WAN1 (ZyNOS ZyWALL with one WAN port) 5.3.1.1 Ethernet Encapsulation The following table describes the labels in the Ethernet encapsulation screen. Table 18 Device Operation > Device Configuration > Network > WAN > ISP (Ethernet) – ZyNOS ZyWALL (one WAN port) LABEL DESCRIPTION...
Page 75 Chapter 5 Device Network Settings Table 18 Device Operation > Device Configuration > Network > WAN > ISP (Ethernet) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION Advanced Setup RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
Page 76 Chapter 5 Device Network Settings By implementing PPPoE directly on the device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. Select PPP Over Ethernet from the Encapsulation field.
Page 77 Chapter 5 Device Network Settings The following table describes the labels in the PPPoE screen. Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) – ZyNOS ZyWALL (one WAN port) LABEL DESCRIPTION WAN:ISP Encapsulation The PPPoE choice is for a dial-up connection using PPPoE. The router supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 78 Chapter 5 Device Network Settings Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
Page 79 Chapter 5 Device Network Settings Figure 36 Device Operation > Device Configuration > Network > WAN > WAN1 - PPTP (ZyNOS ZyWALL with one WAN port) The following table describes the labels in the PPTP screen. Table 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS ZyWALL (one WAN port) LABEL DESCRIPTION...
Page 80 Chapter 5 Device Network Settings Table 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION PPTP User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above.
Page 81: Wan1 And Wan2 (Zynos Zywall With Two Wan Ports)
Chapter 5 Device Network Settings Table 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the device sends (it recognizes both formats when receiving).
Page 82 Chapter 5 Device Network Settings Figure 37 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two WAN ports) The following table describes the labels in this screen. Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two WAN ports) LABEL DESCRIPTION...
Page 83 Chapter 5 Device Network Settings Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION Relogin The Telia server logs the Vantage CNM out if the Vantage CNM does not log in Every(mins) periodically.
Page 84 Chapter 5 Device Network Settings For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection.
Page 85 Chapter 5 Device Network Settings The following table describes the labels in this screen. Table 22 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE (ZyNOS ZyWALL with two WAN ports) LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPPoE choice is for a dial-up connection using PPPoE.
Page 86 Chapter 5 Device Network Settings Table 22 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
Page 87 Chapter 5 Device Network Settings Figure 39 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) The following table describes the labels in this screen. Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) LABEL DESCRIPTION...
Page 88 Chapter 5 Device Network Settings Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION PPTP User Name Type the user name given to you by your ISP. Password Type the password associated with the user name above.
Page 89: Wan2 (Zynos Zywall With 3G Wan)
Chapter 5 Device Network Settings Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the device sends (it recognizes both formats when receiving).
Page 90 Chapter 5 Device Network Settings If the signal strength of a 3G network is too low, the 3G card may switch to an available 2.5G or 2.75G network. See the following table for a comparison between 2G, 2.5G, 2.75G, 3G and 3.5G wireless technologies.
Page 91 Chapter 5 Device Network Settings Figure 40 Device Configuration > Network > WAN > 3G(WAN 2) Vantage CNM User’s Guide...
Page 92 Chapter 5 Device Network Settings The following table describes the labels in this screen. Table 25 Device Configuration > WAN > 3G(WAN2) LABEL DESCRIPTION WAN2 Setup Enable Select this option to enable WAN 2. 3G Card The fields below display only when you enable WAN 2. Configuration 3G Wireless Card This displays the manufacturer and model name of your 3G card if you inserted...
Page 93 Chapter 5 Device Network Settings Table 25 Device Configuration > WAN > 3G(WAN2) (continued) LABEL DESCRIPTION PIN Code A PIN (Personal Identification Number) code is a key to a 3G card. Without the PIN code, you cannot use the 3G card. Enter the PIN code (four to eight digits, 0000 for example) provided by your ISP.
Page 94: Dial Backup (Zynos Zywall)
Chapter 5 Device Network Settings Table 25 Device Configuration > WAN > 3G(WAN2) (continued) LABEL DESCRIPTION Data Budget Select this check box and specify how much downstream and/or upstream data (in Mbytes) can be transmitted via the 3G connection within one month. Select Download to set a limit on the downstream traffic (from the ISP to the selected device).
Page 95 Chapter 5 Device Network Settings Figure 41 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) The following table describes the labels in this screen. Table 26 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) LABEL DESCRIPTION...
Page 96: Advanced Modem Setup (Zynos Zywall)
Chapter 5 Device Network Settings Table 26 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION Primary/Secondary Type the first (primary) phone number from the ISP for this remote node. If Phone Number the Primary Phone number is busy or does not answer, the device dials the Secondary Phone number if available.
Page 97 Chapter 5 Device Network Settings 5.3.5.1.2 Response Strings The response strings tell the device the tags, or labels, immediately preceding the various call parameters sent from the WAN device. The response strings have not been standardized; please consult the documentation of your WAN device to find the correct tags. Click the Advanced button in the Advanced Modem Setup in the Dial Backup screen to display the Dial Backup Advanced screen shown next.
Page 98: Edit Dial Backup (Zynos Zywall)
Chapter 5 Device Network Settings Table 27 Device Operation > Device Configuration > Network > WAN > Dial Backup > Advanced (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION EXAMPLE Drop DTR When Select this check box to have the device drop the DTR (Data Hang Up Terminal Ready) signal after the "AT Command String: Drop"...
Page 99 Chapter 5 Device Network Settings Figure 43 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit (ZyNOS ZyWALL) The following table describes the fields in this screen. Table 28 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit – ZyNOS ZyWALL LABEL DESCRIPTION...
Page 100: Wan Setup (Prestige)
Chapter 5 Device Network Settings Table 28 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit – ZyNOS ZyWALL (continued) LABEL DESCRIPTION Enable RIP Select this check box to turn on RIP (Routing Information Protocol), which allows a router to exchange routing information with other routers.
Page 101 Chapter 5 Device Network Settings Figure 44 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) The following table describes the fields in this screen. Table 29 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) LABEL DESCRIPTION Name...
Page 102 Chapter 5 Device Network Settings Table 29 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) LABEL DESCRIPTION ATM QoS Type Select CBR (Constant Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail.
Page 103: Wan Backup (Prestige)
Chapter 5 Device Network Settings Table 29 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) LABEL DESCRIPTION Max Idle Timeout Specify an idle time-out in the Max Idle Timeout field when you select (Appears when you use Connect on Demand.
Page 104 Chapter 5 Device Network Settings Figure 45 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) The following table describes the fields in this screen. Table 30 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) LABEL DESCRIPTION Backup Type...
Page 105 Chapter 5 Device Network Settings Table 30 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) LABEL DESCRIPTION Recovery Interval When the device is using a lower priority connection (usually a WAN backup connection), it periodically checks to whether or not it can use a higher priority connection.
Page 106: Advanced Wan Backup (Prestige)
Chapter 5 Device Network Settings 5.3.9 Advanced WAN Backup (Prestige) Use this screen to edit your device’s advanced WAN backup settings. To open this screen, select a device, click Advanced in the Device Operation > Device Configuration > Network > WAN > Backup screen. Figure 46 Device Operation >...
Page 107 Chapter 5 Device Network Settings Table 31 Device Operation > Device Configuration > Network > WAN Backup > Advanced (Prestige) (continued) LABEL DESCRIPTION Primary/ Secondary Type the first (primary) phone number from the ISP for this remote node. If the Phone Number primary phone number is busy or does not answer, your device dials the secondary phone number if available.
Page 108: Advanced Modem Setup (Prestige)
Chapter 5 Device Network Settings Table 31 Device Operation > Device Configuration > Network > WAN Backup > Advanced (Prestige) (continued) LABEL DESCRIPTION Nailed-Up Select Nailed-Up Connection when you want your connection up all the time. Connection The device will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
Page 109 Chapter 5 Device Network Settings Figure 47 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card The following table describes the fields in this screen. Table 32 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card LABEL DESCRIPTION...
Page 110: Advanced Wireless Security Settings
Otherwise, select the security you need and see the following sections for more information. Note: The installed ZyXEL wireless card may not support all of the wireless security features you can configure in the Vantage CNM.
Page 111 Chapter 5 Device Network Settings Figure 48 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card (Advanced Wireless Security Settings) Vantage CNM User’s Guide...
Page 112 Chapter 5 Device Network Settings The following table describes the fields in these settings. Table 33 Wireless Card: Static WEP LABEL DESCRIPTION Security Select Static WEP from the drop-down list. WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized Encryption wireless stations from accessing data transmitted over the wireless network.
Page 113 Chapter 5 Device Network Settings Table 35 Wireless Card: WPA LABEL DESCRIPTION Security Select WPA from the drop-down list. ReAuthentication Specify how often wireless stations have to resend user names and passwords in Timer (Seconds) order to stay connected. Enter a time interval between 10 and 65535 seconds. If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
Page 114 Chapter 5 Device Network Settings Table 37 Wireless Card: 802.1x + Static WEP LABEL DESCRIPTION Security Select 802.1x + Static WEP from the drop-down list. WEP Encryption WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized wireless stations from accessing data transmitted over the wireless network. Select 64-bit WEP or 128-bit WEP to enable data encryption.
Page 115: Mac Filter
Chapter 5 Device Network Settings Table 38 Wireless Card: 802.1x + No WEP (continued) LABEL DESCRIPTION Idle Timeout The Vantage CNM automatically disconnects a wireless station from the wireless (Seconds) network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again.
Page 116 Chapter 5 Device Network Settings Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the device via a wireless connection. This would lock you out. Figure 49 Device Operation > Device Configuration > Network > Wireless Card > MAC Filter The following table describes the fields in this screen.
Page 117: Device Security Settings
The screens explained device security settings such as firewall, VPN, anti-virus, anti-spam, IDP, signature update, content filter and X-auth. The menus and screens may vary for different ZyXEL products. For example, click Device Operation in the menu bar and then click Device Configuration > VPN > IPSec VPN in the navigation panel for ZLD-based device’s network settings.
Page 118 Chapter 6 Device Security Settings Figure 51 Device Operation > Device Configuration > Security > Firewall > Default Rule The following table describes the labels in this screen. Table 42 Device Operation > Device Configuration > Security > Firewall > Default Rule LABEL DESCRIPTION Default Rule Setup...
Page 119: Rule Summary
Chapter 6 Device Security Settings Table 42 Device Operation > Device Configuration > Security > Firewall > Default Rule LABEL DESCRIPTION From, To Set the firewall’s default actions based on the direction of travel of packets. Here are some example descriptions of the directions of travel.
Page 120 Chapter 6 Device Security Settings Figure 52 Device Operation > Device Configuration > Security > Firewall > Rule Summary The following table describes the labels in this screen. Table 43 Device Operation > Device Configuration > Security > Firewall > Rule Summary LABEL DESCRIPTION Direction Summary...
Page 121: Add/Edit A Rule
Chapter 6 Device Security Settings Table 43 Device Operation > Device Configuration > Security > Firewall > Rule Summary LABEL DESCRIPTION Rule Summary The following fields summarize the rules you have created that apply to traffic traveling in the selected packet direction. The firewall rules that you configure (summarized below) take priority over the general firewall action settings above.
Page 122 Chapter 6 Device Security Settings Figure 53 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Edit Vantage CNM User’s Guide...
Page 123 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 44 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Add/Edit LABEL DESCRIPTION Rule Name Enter a descriptive name of up to 31 printable ASCII characters (except Extended ASCII characters) for the firewall rule.
Page 124: Anti-Probing
Chapter 6 Device Security Settings Table 44 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Add/Edit (continued) LABEL DESCRIPTION Action for Use the drop-down list box to select what the firewall is to do with packets that Matched Packets match this rule.
Page 125: Threshold
Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 45 Device Operation > Device Configuration > Security > Firewall > Anti-Probing LABEL DESCRIPTION Respond to PING Select the interfaces on which you want the device to reply to incoming Ping requests.
Page 126 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 46 Device Operation > Device Configuration > Security > Firewall > Threshold LABEL DESCRIPTION Disable DoS Attack Select the interface(s) (or VPN tunnels) for which you want the device to not use Protection on the Denial of Service protection thresholds.
Page 127: Service
Chapter 6 Device Security Settings 6.1.6 Service Click Device Operation in the menu bar and then click Device Configuration > Security > Firewall > Service in the navigation panel to open the screen as shown next. Use this screen to configure custom services for use in firewall rules or view the services that are predefined in the device.
Page 128: Vpn
Chapter 6 Device Security Settings Figure 57 Device Operation > Device Configuration > Security > Firewall > Service > Add/ Edit The following table describes the labels in this screen. Table 48 Device Operation > Device Configuration > Security > Firewall > Service > Add/ Edit LABEL DESCRIPTION...
Page 129: Ipsec High Availability
Chapter 6 Device Security Settings There are two sets of VPN screens, VPN version 1.0 and VPN version 1.1. The version depends on the device’s type and firmware version. 6.3 IPSec High Availability IPSec high availability (also known as VPN high availability) allows you to use a redundant (backup) VPN connection to another WAN interface on the remote IPSec router if the primary (regular) VPN connection goes down.
Page 130: Add/Edit An Ike Gateway Policy
Chapter 6 Device Security Settings Figure 59 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) The following table describes the labels in this screen. Table 49 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) Description LABEL This is the VPN policy index number.
Page 131 Chapter 6 Device Security Settings Figure 60 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit Vantage CNM User’s Guide...
Page 132 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Property NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers.
Page 133 Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Remote Gateway Type the WAN IP address or the domain name (up to 31 characters) of the Address IPSec router with which you're making the VPN connection.
Page 134 Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Local ID Type Select IP to identify this device by its IP address. Select DNS to identify this device by a domain name. Select E-mail to identify this device by an e-mail address.
Page 135 Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Content The configuration of the peer content depends on the peer ID type. Do the following when you set Authentication Key to Pre-shared Key. •...
Page 136: Add/Edit An Ike Network Policy
Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Password Enter the corresponding password for the above user name. The password can be up to 31 case-sensitive ASCII characters, but spaces are not allowed. IKE Proposal Negotiation Mode Select Main or Aggressive from the drop-down list box.
Page 137 Chapter 6 Device Security Settings Figure 61 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit Vantage CNM User’s Guide...
Page 138 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit LABEL DESCRIPTION Active If the Active check box is selected, packets for the tunnel trigger the device to build the tunnel.
Page 139 Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION Mapping Type Select One-to-One to translate a single (static) IP address on your LAN to a single virtual IP address.
Page 140 Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION Ending IP Address/ When the Address Type field is configured to Single Address, this field is N/A. Subnet Mask When the Address Type field is configured to Range Address, enter the end (static) IP address, in a range of computers on the LAN behind your device.
Page 141: Move An Ike Network Policy
Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION SA Life Time Define the length of time before an IPSec SA automatically renegotiates in this (Seconds) field.
Page 142: Vpn Rules (Manual)
Chapter 6 Device Security Settings Figure 62 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Move The following table describes the labels in this screen. Table 52 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Move LABEL DESCRIPTION...
Page 143 Chapter 6 Device Security Settings Figure 63 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) The following table describes the labels in this screen. Table 53 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) LABEL DESCRIPTION This is the VPN policy index number.
Page 144: Add/Edit An Manual Vpn Rule
Chapter 6 Device Security Settings Table 53 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) LABEL DESCRIPTION Edit Click this to modify an existing VPN policy. Remove Select a policy and click Remove to delete the VPN policy. A window displays asking you to confirm that you want to delete the VPN rule.
Page 145 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy.
Page 146: Vpn Global Setting
Chapter 6 Device Security Settings Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit (continued) LABEL DESCRIPTION Encryption Algorithm Select DES, 3DES or NULL from the drop-down list box. When you use DES or 3DES, both sender and receiver must know the Encryption Key, which can be used to encrypt and decrypt the messages.
Page 147 Chapter 6 Device Security Settings Figure 65 Device Operation > Device Configuration > Security > VPN > Global Setting The following table describes the labels in this screen. Table 55 Device Operation > Device Configuration > Security > VPN > Global Setting LABEL DESCRIPTION Output Idle Timer...
Page 148: Anti-Virus
Chapter 6 Device Security Settings Table 55 Device Operation > Device Configuration > Security > VPN > Global Setting LABEL DESCRIPTION Adjust TCP Maximum The TCP packets are larger after the device encrypts them for VPN. The Segment Size device fragments packets that are larger than a connection’s MTU (Maximum Transmit Unit).
Page 149 Chapter 6 Device Security Settings Figure 66 Device Operation > Device Configuration > Security > Anti-Virus > General The following table describes the labels in this screen. Table 56 Device Operation > Device Configuration > Security > Anti-Virus > General LABEL DESCRIPTION General Setup...
Page 150: Anti-Spam
Chapter 6 Device Security Settings Table 56 Device Operation > Device Configuration > Security > Anti-Virus > General LABEL DESCRIPTION Active Select Active to enable the anti-virus scanner for the selected service. From, To Select the directions of travel of packets that you want to check. Select or clear a row or column’s first check box (with the interface label) to select or clear the interface’s whole row or column.
Page 151 Chapter 6 Device Security Settings Figure 67 Device Operation > Device Configuration > Security > Anti-Spam > General The following table describes the labels in this screen. Table 57 Device Operation > Device Configuration > Security > Anti-Spam > General LABEL DESCRIPTION General Setup...
Page 152 Chapter 6 Device Security Settings Table 57 Device Operation > Device Configuration > Security > Anti-Spam > General LABEL DESCRIPTION From, To Select the directions of travel of packets that you want to check. Select or clear a row or column’s first check box (with the interface label) to select or clear the interface’s whole row or column.
Page 153: Anti-Spam External Db Screen
Chapter 6 Device Security Settings Table 57 Device Operation > Device Configuration > Security > Anti-Spam > General LABEL DESCRIPTION Discard SMTP mail. Select this radio button to have the device discard spam SMTP e-mail. The Forward POP3 mail device will still forward spam POP3 e-mail with the tag that you define. with tag in mail subject Action taken when mail The anti-spam feature limits the number of concurrent e-mail sessions.
Page 154 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 58 Device Operation > Device Configuration > Security > Anti-Spam > External DB LABEL DESCRIPTION External Database Enable External Enable the anti-spam external database feature to have the device calculate Database a digest of an e-mail and send it to an anti-spam external database.
Page 155: Anti-Spam Lists Screen
Chapter 6 Device Security Settings Table 58 Device Operation > Device Configuration > Security > Anti-Spam > External DB LABEL DESCRIPTION Apply Click this to save your changes back to the device. Reset Click this to begin configuring this screen afresh. 6.6 Anti-Spam Lists Screen Click Device Operation >...
Page 156: Anti-Spam Lists Edit Screen
Chapter 6 Device Security Settings Table 59 Device Operation > Device Configuration > Security > Anti-Spam > Lists LABEL DESCRIPTION Content This field displays the source IP address, source e-mail address, MIME header or subject content for which the entry checks. Modify Click the Edit icon to change the entry.
Page 157 Chapter 6 Device Security Settings Figure 70 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/ Edit The following table describes the labels in this screen. Table 60 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/ Edit LABEL DESCRIPTION...
Page 158 Chapter 6 Device Security Settings Table 60 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/Edit (continued) LABEL DESCRIPTION E-Mail Address This field displays when you select the E-Mail type. Enter an e-mail address or domain name (up to 63 ASCII characters). You can enter an individual e-mail address like abc@def.com.
Page 159: Idp
Chapter 6 Device Security Settings 6.7 IDP This section shows you how to configure the IDP screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 6.8 General Setup Use this screen to enable IDP on the device and choose what interface(s) you want to protect from intrusions.
Page 160: Idp Signatures
Chapter 6 Device Security Settings Table 61 Device Operation > Device Configuration > Security > IDP > General (continued) LABEL DESCRIPTION From, To Select the check box to apply IDP to packets based on the direction of travel. Select or clear a row or column’s first check box (with the interface label) to select or clear the interface’s whole row or column.
Page 161 Chapter 6 Device Security Settings Figure 72 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types The following table describes each attack type. Table 62 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types TYPE DESCRIPTION...
Page 162: Intrusion Severity
Chapter 6 Device Security Settings Table 62 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types (continued) TYPE DESCRIPTION VirusWorm A computer virus is a small program designed to corrupt and/or alter the operation of other legitimate programs. A worm is a program that is designed to copy itself from one computer to another on a network.
Page 163: Configuring Idp Signatures
Chapter 6 Device Security Settings The following table describes signature actions. Table 64 Device Operation > Device Configuration > Security > IDP > Signature > Actions ACTION DESCRIPTION No Action The intrusion is detected but no action is taken. Drop Packet The packet is silently discarded.
Page 164 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 65 Device Operation > Device Configuration > Security > IDP > Signature LABEL DESCRIPTION Switch to Click this hyperlink to go to a screen where you can search for signatures based on query view criteria other than attack type.
Page 165: Query View
Chapter 6 Device Security Settings 6.9.5 Query View Use this screen to see the device’s “group view” signature screen, then click the Switch to query view link to go to this ‘query view” screen. Use this screen to search for signatures by criteria such as name, ID, severity, attack type, vulnerable attack platforms, whether or not they are active, log options, alert options or actions.
Page 166 Chapter 6 Device Security Settings Table 66 Device Operation > Device Configuration > Security > IDP > Signature (Query View) (continued) LABEL DESCRIPTION Severity Search for signatures by severity level(s) (see Table 63 on page 162). Type Search for signatures by attack type(s) (see Table 62 on page 161).
Page 167: Protocol Anomaly
Chapter 6 Device Security Settings Table 66 Device Operation > Device Configuration > Security > IDP > Signature (Query View) (continued) LABEL DESCRIPTION Alert You can only edit the Alert check box when the corresponding Log check box is selected. Select this check box to have an e-mail sent when a match is found for a signature.
Page 168 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 67 Device Operation > Device Configuration > Security > IDP > Anomaly TYPE DESCRIPTION HTTP Inspection/TCP Decoder/UDP Decoder/ICMP Decoder Name This is the name of the protocol anomaly rule. Click a name to display more detailed information on a rule.
Page 169: Signature Update
Click this button to begin configuring this screen afresh. 6.10 Signature Update The device comes with built-in signatures created by the ZyXEL Security Response Team (ZSRT). These are regularly updated as new intrusions evolve. Use the Update screen to immediately download or schedule new signature downloads.
Page 170 This field displays the signatures version number currently used by the device. Version This number is defined by the ZyXEL Security Response Team (ZSRT) who maintain and update them. This number increments as new signatures are added, so you should refer to this number regularly.
Page 171: Content Filter
Chapter 6 Device Security Settings Table 68 Device Operation > Device Configuration > Security > Signature Update LABEL DESCRIPTION Service Status This field displays License Inactive if you have not yet activated your trial or iCard license at myZyXEL.com. It displays License Inactive and an expiration date if your trial or iCard license has expired (the expiration date is the date it expired).
Page 172 Chapter 6 Device Security Settings Figure 78 Device Operation > Device Configuration > Security > Content Filter > General The following table describes the labels in this screen. Table 69 Device Operation > Device Configuration > Security > Content Filter > General LABEL DESCRIPTION General Setup...
Page 173 Chapter 6 Device Security Settings Table 69 Device Operation > Device Configuration > Security > Content Filter > General LABEL DESCRIPTION Matched Web Pages Select Block to prevent users from accessing web pages that match the categories that you select below. When external database content filtering blocks access to a web page, it displays the denied access message that you configured in the CONTENT FILTER General screen along with the category of the blocked web page.
Page 174: Content Filter Policy
Chapter 6 Device Security Settings Table 69 Device Operation > Device Configuration > Security > Content Filter > General LABEL DESCRIPTION License Status This read-only field displays the status of your category-based content filtering (using an external database) service subscription. License Inactive displays if you have not registered and activated the category-based content filtering service.
Page 175 Chapter 6 Device Security Settings Figure 79 Device Operation > Device Configuration > Security > Content Filter > Policy The following table describes the labels in this screen. Table 70 Device Operation > Device Configuration > Security > Content Filter > Policy LABEL DESCRIPTION This is the index number of the entry.
Page 176: Content Filter Policy: General
Chapter 6 Device Security Settings 6.13.1 Content Filter Policy: General To open this screen, click Add or a policy’s general icon in the Device Operation > Device Configuration > Security > Content Filter > Policy screen. Use this screen to restrict web features and edit the source (user) addresses or ranges of addresses to which the content filter policy applies.
Page 177: Content Filter Policy: External Database
Chapter 6 Device Security Settings Table 71 Device Operation > Device Configuration > Security > Content Filter > Policy > Add/ General LABEL DESCRIPTION Restrict Web Features Select the check box(es) to restrict a feature. When you try to access a page containing a restricted feature, the whole page will be blocked or the restricted feature part of the web page will appear blank or grayed out.
Page 178 Chapter 6 Device Security Settings Figure 81 Device Operation > Device Configuration > Security > Content Filter > Policy > External Databasel The following table describes the labels in this screen. Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION...
Page 179 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Sex Education Selecting this category excludes pages that provide graphic information (sometimes graphic) on reproduction, sexual development, safe sex practices, sexuality, birth control, and sexual development.
Page 180 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Hacking Selecting this category excludes pages that distribute, promote, or provide hacking tools and/or information which may help gain unauthorized access to computer systems and/or computerized communication systems.
Page 181 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Online Games Selecting this category excludes pages that provide information and support game playing or downloading, video games, computer games, electronic games, tips, and advice on games or how to obtain cheat codes.
Page 182 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION News/Media Selecting this category excludes pages that primarily report information or comments on current events or contemporary issues of the day. It also includes radio stations and magazines.
Page 183 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Auctions Selecting this category excludes pages that support the offering and purchasing of goods between individuals. This does not include classified advertisements.
Page 184: Content Filter Policy: Customization
Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Web Advertisements Selecting this category excludes pages that provide online advertisements or banners. This does not include advertising servers that serve adult-oriented advertisements.
Page 185 Chapter 6 Device Security Settings Figure 82 Device Operation > Device Configuration > Security > Content Filter > Policy > Customizationl The following table describes the labels in this screen. Table 73 Device Operation > Device Configuration > Security > Content Filter > Policy > Customization LABEL DESCRIPTION...
Page 186: Content Filter Policy: Schedule
Chapter 6 Device Security Settings Table 73 Device Operation > Device Configuration > Security > Content Filter > Policy > Customization LABEL DESCRIPTION Enable Web site Select this check box to allow trusted web sites and block forbidden web customization sites.
Page 187 Chapter 6 Device Security Settings Figure 83 Device Operation > Device Configuration > Security > Content Filter > Policy > Schedulel The following table describes the labels in this screen. Table 74 Device Operation > Device Configuration > Security > Content Filter > Policy > Schedule LABEL DESCRIPTION...
Page 188: Content Filter Objects
Chapter 6 Device Security Settings 6.14 Content Filter Objects Use this screen to create a list of good (allowed) web site addresses, a list of bad (blocked) web site addresses, or block web sites based on whether the web site’s address contains a keyword.. To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration >...
Page 189: Content Filtering Cache
Enter host names such as www.good-site.com into this text field. Do not enter the complete URL of the site – that is, do not include “http://”. All subdomains are allowed. For example, entering “zyxel.com” also allows “www.zyxel.com”, “partner.zyxel.com”, “press.zyxel.com”, etc.
Page 190: Auth
Chapter 6 Device Security Settings Use this screen to view and configure your device’s URL caching. You can also configure how long a categorized web site address remains in the cache as well as view those web site addresses to which access has been allowed or blocked based on the responses from the external content filtering server.
Page 191: Radius
Chapter 6 Device Security Settings Figure 86 Device Operation > Device Configuration > Security > X Auth > Local User The following table describes the labels in this screen. Table 77 Device Operation > Device Configuration > Security > X Auth > Local User LABEL DESCRIPTION Active...
Page 192 Chapter 6 Device Security Settings Figure 87 Device Operation > Device Configuration > Security > X Auth > RADIUS The following table describes the fields in this screen. Table 78 Device Operation > Device Configuration > Security > X Auth > RADIUS LABEL DESCRIPTION Activate Authentication...
Page 193: Device Advanced Settings
H A P T E R Device Advanced Settings Use these screens to configure Device advanced settings such as NAT, Static Route, DNS and Remote Management. 7.0.1 NAT This section shows you how to configure the NAT screens. These screens may vary depending on which model you’re configuring.
Page 194 Chapter 7 Device Advanced Settings Figure 88 Device Operation > Device Configuration > Advanced > NAT > NAT Overview The following table describes the fields in this screen. Table 79 Device Operation > Device Configuration > Advanced > NAT > NAT Overview LABEL DESCRIPTION Global Setting...
Page 195: Port Forwarding
Chapter 7 Device Advanced Settings Table 79 Device Operation > Device Configuration > Advanced > NAT > NAT Overview LABEL DESCRIPTION Port Forwarding Click Copy to WAN 2 (or Copy to WAN 1) to duplicate this WAN port's NAT port Rules forwarding rules on the other WAN port.
Page 196 Chapter 7 Device Advanced Settings Figure 89 Device Operation > Device Configuration > Advanced > NAT > Port Forwarding The following table describes the labels in this screen. Table 80 Device Operation > Device Configuration > Advanced > NAT > Port Fowarding LABEL DESCRIPTION WAN Interface...
Page 197: Address Mapping
Chapter 7 Device Advanced Settings 7.3 Address Mapping Use this screen to configure various types of network address translation (NAT) on the device. To open this screen, click a device, click Device Operation in the menu bar, and then click Device Configuration >...
Page 198: Edit An Address Mapping Rule
One-to-one NAT mapping type. 2. Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (in other words, PAT, or port address translation), ZyXEL's Single User Account feature that previous routers supported only.
Page 199: Trigger Port
2. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (in other words, PAT, or port address translation), ZyXEL's Single User Account feature. 3. Many-to-Many Ov (Overload): Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses.
Page 200 Chapter 7 Device Advanced Settings Figure 92 Device Operation > Device Configuration > Advanced > NAT > Trigger Port The following table describes the labels in this screen. Table 83 Device Operation > Device Configuration > Advanced > NAT > Trigger Port LABEL DESCRIPTION Select a WAN port to use the port triggering rule.
Page 201: Edit A Trigger Port Rule
Chapter 7 Device Advanced Settings 7.4.1 Edit a Trigger Port Rule Use this screen to edit a trigger port forwarding rule on the device. To open this screen, click Configuration > NAT, select SUA Only or Full Feature, click Edit, select Trigger Port, and click the Index field for the rule.
Page 202: Static Route
Chapter 7 Device Advanced Settings 7.6 Static Route Use this screen to tell the device about networks that are not directly connected to the device. To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration >...
Page 203 Chapter 7 Device Advanced Settings Figure 95 Device Operation > Device Configuration > Advanced > Static Route > Edit The following table describes the labels in this screen. Table 86 Device Operation > Device Configuration > Advanced > Static Route > Edit LABEL DESCRIPTION Route Name...
Page 204: Dns
Chapter 7 Device Advanced Settings 7.7 DNS This section shows you how to configure the DNS screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 7.8 Address Record Use this screen to map a fully-qualified domain name (FQDN) to an IP address.
Page 205: Name Server Record
For example, www.zyxel.com.tw is a fully qualified domain name, where “www” is the host, “zyxel” is the second-level domain, and “com.tw” is the top level domain. IP Address If this entry is for one of the WAN ports, select the WAN port.
Page 206: Add/Edit A Name Server Record
This is the number of an individual entry. Domain Zone A domain zone is a fully qualified domain name without the host. For example, zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully qualified domain name. From This field displays whether the IP address of a DNS server is from a WAN interface (and which it is) or specified by the user.
Page 207 A domain zone is a fully qualified domain name without the host. For example, zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully qualified domain name. For example, whenever the device receives needs to resolve a zyxel.com.tw domain name, it can send a query to the recorded name server IP address.
Page 208: Cache
Chapter 7 Device Advanced Settings 7.10 Cache Use this screen to configure a device’s DNS caching. To open this screen, click a device, click Device Operation and then click Device Configuration > Advanced > DNS > Cache in the navigation panel. Figure 100 Device Operation >...
Page 209 Chapter 7 Device Advanced Settings Figure 101 Device Operation > Device Configuration > Advanced > DNS > DDNS The following table describes the labels in this screen. Table 92 Device Operation > Device Configuration > Advanced > DNS > DDNS LABEL DESCRIPTION Account Setup...
Page 210: Dhcp
Chapter 7 Device Advanced Settings Table 92 Device Operation > Device Configuration > Advanced > DNS > DDNS (continued) LABEL DESCRIPTION Wildcard Select the check box to enable DYNDNS Wildcard. WAN Interface Select the WAN port to use for updating the IP address of the domain name. IP Address Update Select Use WAN IP Address to have the device update the domain name with Policy...
Page 211 Chapter 7 Device Advanced Settings Figure 102 Device Operation > Device Configuration > Advanced > DNS > DHCP The following table describes the labels in this screen. Table 93 Device Operation > Device Configuration > Advanced > DNS > DHCP LABEL DESCRIPTION DNS Servers...
Page 212: Remote Mgmt
Chapter 7 Device Advanced Settings 7.13 Remote MGMT This section shows you how to configure the Remote MGMT screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 7.14 Remote MGMT Use this screen to configure the device’s remote management settings.
Page 213 Chapter 7 Device Advanced Settings The following table describes the labels in this screen. Table 94 Device Operation > Device Configuration > Advanced > Remote Management LABEL DESCRIPTION HTTPS Server Select the Server Certificate that the device will use to identify itself. The device is Certificate the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the device).
Page 214 Chapter 7 Device Advanced Settings Table 94 Device Operation > Device Configuration > Advanced > Remote Management LABEL DESCRIPTION Secure Client IP A secure client is a “trusted” computer that is allowed to communicate with the Address device using this service. Select All to allow any computer to access the device using this service.
Page 215 Chapter 7 Device Advanced Settings Table 94 Device Operation > Device Configuration > Advanced > Remote Management LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests.
Page 216 Chapter 7 Device Advanced Settings Vantage CNM User’s Guide...
Page 217: Chapter 8 Device Log
H A P T E R Device Log This section shows you how to configure the Device Log screen. This screen may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 8.1 Device Log Use the Logging Options screen to configure to where the device is to send logs;...
Page 218 Chapter 8 Device Log Vantage CNM User’s Guide...
Page 219 Chapter 8 Device Log The following table describes the labels in this screen. Table 95 Device Operation > Device Configuration > Device Log LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 220 Chapter 8 Device Log Table 95 Device Operation > Device Configuration > Device Log (continued) LABEL DESCRIPTION Send Immediate Alert Select the categories of alerts for which you want the device to instantly e- mail alerts to the e-mail address specified in the Send Alerts To field. Log Consolidation Log Consolidation Some logs (such as the Attacks logs) may be so numerous that it becomes...
Page 221: Device Configuration Management
H A P T E R Device Configuration Management 9.1 Synchronization (Device) Data inconsistencies may occur if device configurations are made directly to the device instead of in Vantage CNM. Use this screen to resolve any data inconsistencies between the selected device and Vantage CNM.
Page 222: Synchronization (Folder)
Chapter 9 Device Configuration Management Figure 106 Device Operation > Configuration Management > Synchronization (Customize) The following table describes the fields in this screen. Table 96 Device Operation > Configuration Management > Synchronization LABEL DESCRIPTION Device Overwrites Select this radio button to have Vantage CNM pull all current device Vantage CNM configurations into Vantage CNM.
Page 223: Configuration File Management
Chapter 9 Device Configuration Management Figure 107 Device Operation > Configuration Management > Synchronization (Folder) The following table describes the fields in this screen. Table 97 Device Operation > Configuration Management > Synchronization (Folder) LABEL DESCRIPTION Device(s) Overwrite Select this radio button to have Vantage CNM pull all current device Vantage CNM configurations in the selected folder into Vantage CNM.
Page 224: Backup & Restore (Device)
Chapter 9 Device Configuration Management You can create your own configuration file alias in Vantage CNM. This may make it easier to distinguish between configuration files. The menu item displays different screens depending on whether you selected a device or a folder before you clicked this menu item.
Page 225: Backup A Device
Chapter 9 Device Configuration Management Table 98 Device Operation > Configuration Management > Configuration File > Backup & Restore (Device) (continued) TYPE DESCRIPTION Backup Click Backup to display a screen where you can back up the configuration file for the device. Restore Click Restore to restore an existing configuration file to the device.
Page 226: Backup & Restore (Folder)
Chapter 9 Device Configuration Management The following table describes the fields in this screen Table 99 Device Operation > Configuration Management > Configuration File Management > Backup & Restore > Backup (Device) TYPE DESCRIPTION Backup File Name Type in the name of the configuration file you want to create. The name must be 1-20 characters long, and you cannot use spaces or the \ / : * ? <...
Page 227: Group Backup (Folder)
Chapter 9 Device Configuration Management The following table describes the fields in this screen. Table 100 Device Operation > Configuration Management > Configuration File Management > Backup & Restore (Folder) TYPE DESCRIPTION Page Size Select how many records you want to see in each page. This is the number of an individual entry.
Page 228 Chapter 9 Device Configuration Management Figure 111 Device Operation > Configuration Management >Configuration Management > Configuration File Management > Backup (Folder) The following table describes the fields in this screen. Table 101 Device Operation > Configuration Management > Configuration File Management >...
Page 229: Group Restore (Folder)
Chapter 9 Device Configuration Management Table 101 Device Operation > Configuration Management > Configuration File Management > Backup (Folder) (continued) TYPE DESCRIPTION FW Version This displays the firmware version of the device. Status This displays the current status of the device. You can only backup the configuration file of a device that is Ready.
Page 230: Schedule List (Device)
Chapter 9 Device Configuration Management Table 102 Device Operation > Configuration Management > Configuration File Management > Restore (Folder) (continued) TYPE DESCRIPTION Restore Select the check box next to one or more devices and click this to restore the configuration files for the selected devices. Note: You have to select a device with Ready status in the Status field before you can restore any configuration files.
Page 231: Schedule List (Folder)
Chapter 9 Device Configuration Management 9.5 Schedule List (Folder) Use this screen to see or delete the scheduled configuration backup for a group that has not performed yet. To open this screen, select a folder, and then click Configuration Management > Configuration File Management > Schedule List. Figure 114 Device Operation >...
Page 232 Chapter 9 Device Configuration Management Figure 115 Device Operation > Configuration Management > Configuration File Management > Schedule List (Folder) The following table describes the fields in this screen. Table 105 Device Operation > Configuration Management > Configuration File Management >...
Page 233: Signature Profile Management
Chapter 9 Device Configuration Management Table 105 Device Operation > Configuration Management > Configuration File Management > Schedule List (Folder) (continued) TYPE DESCRIPTION FW Version This displays the firmware version of the device. Status This displays the current status of the device. You can only backup the configuration file of a device that is Ready.
Page 234: Signature Profile Backup (Device)
Chapter 9 Device Configuration Management The following table describes the fields in this screen. Table 106 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore TYPE DESCRIPTION IDP/Anti-Virus Select the service whose configuration and signatures you want to manage. Page Size Select how many records you want to see in each page.
Page 235: Signature Profile Restore (Folder)
Chapter 9 Device Configuration Management Figure 117 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore > Backup (Device) The following table describes the fields in this screen Table 107 Device Operation > Configuration Management > Signature Profile Management >...
Page 236: Reset To Factory
Chapter 9 Device Configuration Management Figure 118 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore > Restore (Folder) The following table describes the fields in this screen Table 108 Device Operation > Configuration Management > Signature Profile Management >...
Page 237: Configuration Building Block
Chapter 9 Device Configuration Management Figure 119 Device Operation > Configuration Management > Signature Profile Management > Reset to Factory The following table describes the fields in this screen Table 109 Device Operation > Configuration Management > Signature Profile Management >...
Page 238: Add/Edit A Configuration Bb
Chapter 9 Device Configuration Management Table 110 Device Operation > Configuration Management > Building Block > Configuration BB (continued) TYPE DESCRIPTION Name This displays the name of the configuration BB. Device Type This displays the type of the device that the building block was associated to and entered when it is created.
Page 239 Chapter 9 Device Configuration Management Figure 122 Device Operation > Configuration Management > Building Block > Configuration BB > Edit Figure 123 Device Operation > Configuration Management > Building Block > Configuration BB > Save as The following table describes the fields in this screen Table 111 Device Operation >...
Page 240 Chapter 9 Device Configuration Management Table 111 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit/Save As (continued) TYPE DESCRIPTION Feature Select the menu item the building block is for. If you select System, a screen displays (as Device Operation > Device Configuration >...
Page 241: Component Bb
Chapter 9 Device Configuration Management 9.9 Component BB Use this menu item to manage component building blocks to the selected device. A component BB is a part of setting such as a myZyXEL.com account, an IP address, an IKE phase 1 or phase2 setting.
Page 242 Chapter 9 Device Configuration Management Figure 125 Device Operation > Configuration Management > Building Block > Component BB > Add/Edit/Save as The following table describes the fields in this screen Table 113 Device Operation > Configuration Management > Building Block > Component BB >...
Page 243: Chapter 10 Firmware Management
Use this screen to upload device firmware to Vantage CNM. It is recommended administrators subscribe to a ZyXEL mailing list to be regularly informed of new firmware versions. All firmware files are downloaded to one repository within Vantage CNM. All firmware files are available to every administrator, regardless of domain.
Page 244: Add Firmware
Chapter 10 Firmware Management Table 114 Device Operation > Firmware Management > Firmware List (continued) TYPE DESCRIPTION Remove Click to delete a selected firmware from your Vantage CNM firmware management. Total Records This entry displays the total number of records on the current page of the list. 10.1.1 Add Firmware Use this screen to select the firmware you want to upload to Vantage CNM.
Page 245: Scheduler List
Click to cancel or delete the selected upgrade(s) from Vantage CNM. 10.3 Firmware Upgrade Use this menu item to upload ZyXEL device firmware from Vantage CNM to one or more devices. You have to use the Device Operation > Firmware Management > Firmware List menu item to upload firmware files from the ZyXEL FTP site (or other source) to Vantage CNM first.
Page 246: Firmware Upgrade (Folder)
Chapter 10 Firmware Management • It is advisable to upgrade firmware during periods of low network activity, since each device must restart after firmware upload. • You should also notify device owners before you begin the upload. See the CNM System Setting >...
Page 247: Firmware Upgrade (Device) > Upgrade
Vantage CNM should automatically detect firmware for the device selected. Uploading incorrect firmware may damage the device. FW Version This field displays ZyXEL device firmware version. It is blank if the device has not been registered. FW Release Time This field displays the date the firmware was created.
Page 248 Vantage CNM should automatically detect firmware for the device selected. Uploading incorrect firmware may damage the device. Current FW Version This field displays the firmware version the ZyXEL device is using. It is blank if the device has not been registered. Upgrade Status This field displays the device’s current status.
Page 249: Chapter 11 License Management
H A P T E R License Management 11.1 Service Activation Use this menu item to register the selected device and to activate subscription services. This menu item is available if you click a device. 11.1.1 Registration Use this screen to register the selected device on www.myzyxel.com and to activate free trials for subscription services, such as IDP and content filtering.
Page 250 Chapter 11 License Management Figure 133 Device Operation > License Management > Service Activiation > Registration > Save as a BB Enter the name of the new building block, and click Apply. The name must be 1-32 alphanumeric characters or underscores (_). It cannot include spaces. The name is case- sensitive.
Page 251: Service
Chapter 11 License Management 11.1.2 Service Use this screen to look at or update the current status of subscription services, such as IDP and content filtering, in the selected device. The Vantage CNM server must be connected to the Internet and have access to www.myzyxel.com to update the current status.
Page 252: License Status
Chapter 11 License Management 11.2 License Status Use this screen to look at the current status of licenses for subscription services, such as IDP and content filtering. To open this screen, click a device, click Device Operation in the menu bar and then click License Management >...
Page 253: Activate/Upgrade License
Chapter 11 License Management 11.2.1 Activate/Upgrade License Use this screen to activate a trial version of the service, if available, or to apply a license for the service to the device. To open this screen, click Upgrade in the Device Operation > License Management >...
Page 254 This field displays the signatures version number currently used by the device. Version This number is defined by the ZyXEL Security Response Team (ZSRT) who maintains and updates them. This number increments as new signatures are added, so you should refer to this number regularly.
Page 255: Part Iii: Vpn Management
VPN Management The examples in this section use one of the most comprehensive examples of each screen, not every variation for each device type and firmware version. If you are unable to find a specific screen or field in this User’s Guide, please see the User’s Guide for the device for more information.
Page 257: Chapter 12 Vpn Community
VPN Community 12.1 VPN Community Use this menu item to manage VPN configuration between or among ZyXEL devices. To open this menu item, select the device, click VPN Management in the menu bar and then click VPN Community in the navigation panel.
Page 258: Add/Edit A Vpn Community
Chapter 12 VPN Community 12.1.1 Add/Edit a VPN Community Use this scree to configure VPN configuration between or among ZyXEL devices. We know almost all VPN parameter values should be the same in peer VPN gateways. This screen helps you to easily configure VPN settings in one screen and applies it to devices in one time. To open this menu item, click Add or Edit in the VPN Management >...
Page 259 Chapter 12 VPN Community Click the Load a BB icon to use phase 1 or phase 2 setting from an existing building block. The following pop-up screen appears. Figure 140 VPN Management > VPN Community > Add/Edit > Load a BB Select a building block from the list box, and click Apply.
Page 260 Chapter 12 VPN Community The following table describes the fields in this screen. Table 124 VPN Management > VPN Community > Add/Edit FIELD DESCRIPTION VPN Community Community Name Type a name to identify this VPN community. Description Type a descriptive note for the VPN community. Community Type Select a VPN community type such as Full Mesh, Hub &...
Page 261 Chapter 12 VPN Community Table 124 VPN Management > VPN Community > Add/Edit (continued) FIELD DESCRIPTION Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA. Choices are: DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm AES - a 128-bit key with the AES encryption algorithm The Vantage CNM and the remote IPSec router must use the same...
Page 262 Chapter 12 VPN Community Table 124 VPN Management > VPN Community > Add/Edit (continued) FIELD DESCRIPTION Perfect Forward Select whether or not you want to enable Perfect Forward Secrecy (PFS) Secret (PFS) and, if you do, which Diffie-Hellman key group to use for encryption. Choices are: NONE - disable PFS DH1 - enable PFS and use a 768-bit random number...
Page 263: Chapter 13 Installation Report
H A P T E R Installation Report 13.1 Installation Report Use this screen to view the VPN community status between or among the devices. To open this screen, click a device or a folder, and then click VPN Management from the menu bar and then click Installation Report in the navigation panel.
Page 264 Chapter 13 Installation Report Figure 144 VPN Management > Installation Report > Show Detail The following table describes the fields in this screen. Table 126 VPN Management > Installation Report FIELD DESCRIPTION Refresh Interval Set how often the Vantage CNM should update the information in this screen. Click Refresh Now to update the information right away.
Page 265: Chapter 14 Vpn Monitor
H A P T E R VPN Monitor Use this menu item to centrally and easily monitor all VPN community status among devices. You can check from a communities list (by community) or from a devices list (by device). 14.1 Monitor VPN by Community Use this menu item to monitor all VPN community status.
Page 266: Show Detailed Vpn Community
Chapter 14 VPN Monitor Table 127 VPN Management > VPN Monitor > By Community (continued) LABEL DESCRIPTION Community Type This displays an VPN community type such as Full Mesh, Hub & Spoke, or Remote Access. Up Tunnels This displays how many tunnels has been successfully established. Total Tunnels This displays how many tunnels in total are configured in this VPN community.
Page 267: Vpn Tunnel Diagnostics
Chapter 14 VPN Monitor Table 128 VPN Management > VPN Monitor > By Community > Show Detail LABEL DESCRIPTION Diagnostic This icon is available when the tunnel is disconnected. Click this to open a screen where you can perform diagnostic action. Total Records This entry displays the total number of records on the current page of the list.
Page 268 Chapter 14 VPN Monitor Figure 148 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic > Logs The following table describes the fields in this screen. Table 129 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic > Logs LABEL DESCRIPTION...
Page 269: Monitor Vpn By Device
Chapter 14 VPN Monitor 14.2 Monitor VPN by Device 14.2.1 VPN Tunnel Status Use this menu item to monitor all VPN tunnel status for devices. To open this screen, click a device or a folder, and then click VPN Management from the menu bar and click VPN Monitor >...
Page 270: Sa Monitor
Chapter 14 VPN Monitor Figure 150 VPN Management > VPN Monitor > By Device > VPN Tunnel Status > Search Special Tunnel The following table describes the fields in this screen. Table 131 VPN Management > VPN Monitor > By Device > VPN Tunnel Status > Search Special Tunnel LABEL DESCRIPTION...
Page 271 Chapter 14 VPN Monitor Figure 151 VPN Management > VPN Monitor > By Device > SA Monitor The following table describes the fields in this screen. Table 132 VPN Management > VPN Monitor > By Device > SA Monitor LABEL DESCRIPTION Page Size Select how many records you want to see in each page.
Page 272 Chapter 14 VPN Monitor Vantage CNM User’s Guide...
Page 273: Part Iv: Monitor
Monitor Device Status Monitor (275) 3G Monitor (277) Device HA Status (301) Device Alarm (303)
Page 275: Chapter 15 Device Status Monitor
H A P T E R Device Status Monitor This chapter discusses how you can look at runtime and statistical information from Vantage CNM and its managed devices. 15.1 Device Status This report shows a summary of the status of Vantage CNM and it’s managed devices. Click Monitor >...
Page 276 Chapter 15 Device Status Monitor The following table describes the labels in this screen. Table 133 Monitor > Device Status LABEL DESCRIPTION Page Size Select how many records you want to see in each page. Device Name This is the name of the device where the 3G card is installed. Click the device name to locate and highlight the device in the device window.
Page 277: Monitor
H A P T E R 3G Monitor This chapter discusses how you can look at read-only information related to the 3G (Third Generation) card(s) installed as LAN backup(s) on Vantage CNM’s monitored device(s). Read more information about 3G wireless technology in Section 5.3.3 on page To look at reports for all devices in one screen, select root in the device window before accessing the Monitor menu as shown in the next figure.
Page 278: Summary
Chapter 16 3G Monitor 16.1 Summary Use this screen to look at a summary of devices managed by Vantage CNM that support 3G monitoring. Click Monitor > 3G Monitor > Summary to open the screen as shown next. Figure 155 Monitor > 3G Monitor > Summary The following table describes the labels in this screen.
Page 279: Show Detail
Chapter 16 3G Monitor Table 134 Monitor > 3G Monitor > Summary LABEL DESCRIPTION 3G Total Tx This shows the total outgoing traffic bytes of the 3G connection. This value is cumulative from the day the device is registered to Vantage CNM. 3G Total Rx This shows the total incoming traffic bytes of the 3G connection.
Page 280 Chapter 16 3G Monitor The following table describes the labels in this screen. Table 135 Monitor > 3G Monitor > Show Details (3G down, Budget Control enabled) LABEL DESCRIPTION Device Name This is the name of the device where the 3G card is installed. 3G Connection This displays Down when the 3G connection is down or not activated.
Page 281 Chapter 16 3G Monitor Table 135 Monitor > 3G Monitor > Show Details (3G down, Budget Control enabled) LABEL DESCRIPTION 3G Card IMSI This field is available only when you insert a GSM or UMTS 3G card. This displays the International Mobile Subscriber Identity (IMSI) stored in the SIM (Subscriber Identity Module) card.
Page 282 Chapter 16 3G Monitor Figure 158 Monitor > 3G Monitor > Show Details (3G up, Budget Control enabled) The following table describes the labels in this screen. Table 136 Monitor > 3G Monitor > Show Details (3G up, Budget Control enabled) LABEL DESCRIPTION Data Budget...
Page 283 Chapter 16 3G Monitor Figure 159 Monitor > 3G Monitor > Show Details (3G up, Budget Control not enabled) Refer to Table 135 on page 280 for descriptions of the other fields in this screen. 16.1.1.5 3G without SIM card inserted The 3G card does not have a SIM (Subscriber Identity Module) inserted.
Page 284 Chapter 16 3G Monitor 16.1.1.6 3G is not enabled in 3G(WAN) screen There is a 3G card inserted in the device but the 3G(WAN 2) option is not enabled in the Device Configuration > Network > WAN > 3G(WAN 2) screen (see Section 5.3.3 on page 89).
Page 285 Chapter 16 3G Monitor Figure 163 Monitor > 3G Monitor > Show Details (Wrong PIN entered thrice) The following table describes the labels in this screen. Table 137 Monitor > 3G Monitor > Show Details (Wrong PIN entered thrice) LABEL DESCRIPTION PUK Code Enter the PUK code to unlock the 3G card.
Page 286 Chapter 16 3G Monitor The following table describes the labels in this screen. Table 138 Monitor > 3G Monitor > Show Details (PUK code accepted) LABEL DESCRIPTION Restart budget calculation using Click this if you want to set the data and time budget back to inserted 3G card the full allocated value.
Page 287: Availability Report
Chapter 16 3G Monitor 16.2 Availability Report Use this screen to look at the 3G connection history of a Vantage CNM-managed device. You can see the uptime percentage of a device’s 3G connection from the current date, going as far back as the previous month. Vantage CNM stores two months of data. You can also check the date and time when a 3G connection has been stopped.
Page 288 Chapter 16 3G Monitor If you are viewing the report for a single device, the following screen displays. Figure 168 Monitor > 3G Monitor > Availability Report (Single device, 7 Days) The following table describes the labels in this screen. Table 140 Monitor >...
Page 289 Chapter 16 3G Monitor Table 140 Monitor > 3G Monitor > Availability Report LABEL DESCRIPTION This is the index number of the entry. Connection This is the date and time when the 3G connection is started. The date is in Year:Month:Day format. The time is in XXhr(s) YYmin(s) ZZsec(s) format.
Page 290: Radio Report
Chapter 16 3G Monitor 16.3 Radio Report Use this screen to view the 3G connection signal strength and quality of a Vantage CNM- managed device. Click Monitor > 3G Monitor > Radio Report. When viewing the records for all devices, the following screen displays.
Page 291 Chapter 16 3G Monitor Figure 171 Monitor > 3G Monitor > Radio Report > Statistics (Folder List) The following table describes the labels in this screen. Table 142 Monitor > 3G Monitor > Radio Report > Statistics (Folder List) LABEL DESCRIPTION Signal Quality Diagram Device Name...
Page 292 Chapter 16 3G Monitor When viewing the signal strength and quality report for a particular device, click Monitor > 3G Monitor > Radio Report. The following screen displays. Figure 172 Monitor > 3G Monitor > Radio Report (Single Device) The following table describes the labels in this screen. Table 143 Monitor >...
Page 293: Traffic Report
Chapter 16 3G Monitor 16.4 Traffic Report Use this screen to view the 3G connection incoming or outgoing traffic for a Vantage CNM- managed device. This does not show up in the 3G Monitor navigation panel when you are in the root profile in the device window.
Page 294: Alert Report
Chapter 16 3G Monitor Table 144 Monitor > 3G Monitor > Traffic Report LABEL DESCRIPTION graph The graph displays the report information visually. It shows the incoming/outgoing traffic of the 3G connection in a line graph. The unit of measurement used is B/s (Bytes per seconds). The graph’s time coverage can span one day or seven days, depending on the day range you choose.
Page 295 Chapter 16 3G Monitor When viewing the alert report for a particular device, click Monitor > 3G Monitor > Alert Report. The following screen displays. Figure 175 Monitor > 3G Monitor > Alert Report (Single device) The following table describes the labels in this screen. Table 146 Monitor >...
Page 296 Chapter 16 3G Monitor Table 146 Monitor > 3G Monitor > Alert Report (Single Device) LABEL DESCRIPTION Customize Click this to see all the recorded events in the device. Additional fields (that is, the fields inside the box in Figure 175 on page 295) appear when this option is selected, as follows: •...
Page 297: Monitor Setting
Chapter 16 3G Monitor 16.6 Monitor Setting Use these screens to set up e-mail notification settings when certain conditions are met by the managed devices and the Vantage CNM. You can customize who receives the e-mail messages, what events you are notified of, and what the e-mail message contains. You can also set the time interval when your Vantage CNM monitors the managed devices.
Page 298: Notification
Chapter 16 3G Monitor 16.6.2 Notification Use this screen to customize the notification message that you want to receive from Vantage CNM. Click the Go to configure notification content link in 3G Monitor > Monitor Setting > Notification Setting. The following screen displays. Figure 177 Monitor >...
Page 299: Monitor Interval
Chapter 16 3G Monitor 16.6.3 Monitor Interval Use this screen to specify the time interval that the Vantage CNM accounts before updating its reports. Click Monitor > 3G Monitor > Monitor Setting > Monitor Interval. The following screen displays. Figure 178 Monitor > 3G Monitor > Monitor Setting > Monitor Interval The following table describes the labels in this screen.
Page 300 Chapter 16 3G Monitor Vantage CNM User’s Guide...
Page 301: Device Ha Status Monitor
H A P T E R Device HA Status Monitor This chapter describes the monitor for device high availability (HA) status on ZLD ZyWALL device(s) such as ZyWALL 1050 or ZyWALL USG series. 17.1 Device HA Status This report shows a summary of device status. To open this screen, select a ZLD device, click Monitor in the menu bar and then click Device HA Status in the navigation panel.
Page 302 Chapter 17 Device HA Status Monitor Table 149 Monitor > Device HA Status LABEL DESCRIPTION Status This field displays the device’s current HA status. If the device is a master device, the possible status are: • Active: All VRRP interfaces status on the device are active. •...
Page 303: Chapter 18 Device Alarm
H A P T E R Device Alarm 18.1 Device Alarm Introduction Alarms are time-critical information that the device automatically sends out at the time of occurrence. You may have administrators automatically e-mailed when an alarm occurs in the CNM System Setting > Configuration > Notification screen. See Section 22.4.1 on page 334.
Page 304 Chapter 18 Device Alarm Figure 180 Monitor > Device Alarm > Unresolved Alarm The following table describes the fields in this screen. Table 151 Monitor > Device Alarm > Unresolved Alarm STATE DESCRIPTION Device Name/ This field displays the selected device or folder. Folder Name Platform This is available if you select a folder.
Page 305: Responded Alarm
Chapter 18 Device Alarm Table 151 Monitor > Device Alarm > Unresolved Alarm (continued) STATE DESCRIPTION Destination This field lists the destination IP address and the port number of the incoming packet. Respond Click this to take responsibility for finding the cause of this alarm and move this record from this screen to the Device Alarm >...
Page 306 Chapter 18 Device Alarm Table 152 Monitor > Device Alarm > Responded Alarm (continued) STATE DESCRIPTION Category Select the type of alarm you wish to view. Severity Select the severity of alarm you wish to view. Time Period Select the time period for which you wish to view alarms. Responder Select alarms based on the administrator who is supposed to respond to them.
Page 307 Log & Report Device Operation Report (309) CNM Logs (321) VRPT (323)
Page 309: Part V: Log & Report
H A P T E R Device Operation Report Use this menu items to see summary reports for the tasks you submit to the devices through Vantage CNM web configurator. 19.1 Firmware Upgrade Report Firmware Upgrade means that Vantage CNM signals the device to request a firmware FTP upload from Vantage CNM.
Page 310: Firmware Report Details
Chapter 19 Device Operation Report The following table describes the labels in this screen. Table 153 Log & Report > Operation Report > Firmware Upgrade Report LABEL DESCRIPTION Show by Select this to display the firmware upgrade by devices or by groups. Select device or group if you want to see the device firmware upgrade records which were applied based on a device or a folder.
Page 311: Configuration Report
Chapter 19 Device Operation Report The following table describes the labels in this screen. Table 154 Log & Report > Operation Report > Firmware Upgrade Report (Group) > Show Detail LABEL DESCRIPTION Device Type This is the type for the device. Upgrade To This displays the firmware version the device was upgraded to.
Page 312: Configuration Report Details
Chapter 19 Device Operation Report Figure 186 Log & Report > Operation Report > Configuration Report (Group) The following table describes the labels in this screen. Table 155 Log & Report > Operation Report > Configuration Report LABEL DESCRIPTION Show by Select this to display the configuration operation list shown by devices or by groups.
Page 313 Chapter 19 Device Operation Report Figure 187 Log & Report > Operation Report > Configuration Report > Show Details The following table describes the labels in this screen. Table 156 Log & Report > Operation Report > Configuration Report > Show Details LABEL DESCRIPTION Device Name...
Page 314: Configuration File Backup Report
Chapter 19 Device Operation Report 19.3 Configuration File Backup Report Use this screen to look at configuration file backup records for a device or groups. Refer to Section 9.3.1 on page 224. To open this screen, click Log & Report in the menu bar and then Operation Report >...
Page 315: Configuration File Backup Report Details
Chapter 19 Device Operation Report The following table describes the labels in this screen. Table 157 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report LABEL DESCRIPTION Show by Select this to display the configuration operation list shown by devices or by groups.
Page 316: Configuration File Restore Report
Chapter 19 Device Operation Report Figure 190 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report (Group) > Show Detail The following table describes the labels in this screen. Table 158 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report (Group) >...
Page 317 Chapter 19 Device Operation Report Figure 191 Log & Report > Operation Report > Configuration File Backup & Restore Report > Restore Report (Device) Figure 192 Log & Report > Operation Report > Configuration File Backup & Restore Report > Restore Report (Group) The following table describes the labels in this screen.
Page 318: Signature Profile Backup Report
Chapter 19 Device Operation Report Table 159 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report (continued) LABEL DESCRIPTION Result This is available if you select showing by group. This is the result that displays how (Successful/ many operation has been successfully performed and the total operation requests.
Page 319: Signature Profile Restore Report
Chapter 19 Device Operation Report Table 160 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Backup Report (continued) LABEL DESCRIPTION Signature This displays the signature version of the profile the backup was requested. Version Type This displays the signature profile type of the operation.
Page 320 Chapter 19 Device Operation Report Table 161 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Restore Report (continued) LABEL DESCRIPTION This is the number of an individual entry. Action Time This field displays the date and time the operation was requested. You can click the label to sort by this column.
Page 321: Chapter 20 Cnm Logs
H A P T E R CNM Logs 20.1 Vantage CNM Logs Use these screens to view and configure Vantage CNM system log preferences. 20.1.1 CNM Logs You can view system logs for previous day, the last two days or up to one week here. To open this screen, click Log &...
Page 322 Chapter 20 CNM Logs The following table describes the labels in this screen. Table 162 Log & Report > CNM Logs LABEL DESCRIPTION Incident Select one of the general categories of events whose logs you want to view from the first list box. Select a more specific type of event whose logs you want to view from the second list box.
Page 323: Vrpt
H A P T E R VRPT The Report menu activates Vantage Report. This chapter introduces Vantage Report and its role in Vantage CNM. Then, it explains how to set up and start Vantage Report. Please refer to the Vantage Report 3.1 User’s Guide for more detailed information. 21.1 Vantage Report Overview This section introduces the standalone version of Vantage Report.
Page 324: Vantage Report In Vantage Cnm
Chapter 21 VRPT 21.2 Vantage Report in Vantage CNM Vantage Report in Vantage CNM is a special release for Vantage CNM only. No additional license is required to use it. Vantage Report in Vantage CNM generally supports the capabilities available in the professional version of standalone Vantage Report, including drill- down reports, reverse DNS lookup, web usage by category, anti-virus, anti-spam, and HTML reports by e-mail.
Page 325: Opening Vantage Report In Vantage Cnm
Chapter 21 VRPT 2 Click CNM System Setting > VRPT Management > Add. Configure the Vantage Report instance in Vantage CNM, and select the devices that should send log messages to the Vantage Report instance. See Section 22.6 on page 337.
Page 326 Chapter 21 VRPT Vantage CNM User’s Guide...
Page 327: Part Vi: Cnm System Setting
CNM System Setting CNM System Setting (329) Maintenance (345) Device Owner (349) Vantage CNM Software Upgrade (351) License (353) About CNM (355)
Page 329: Chapter 22 Cnm System Setting
H A P T E R CNM System Setting Use these screens to configure Vantage CNM server settings such as servers configuration, system maintenance, create and define device owner, software upgrade, license management, and about. 22.1 Servers Configuration You can configure these servers as you install Vantage CNM (in the installation wizard) or after you install it in this screen.
Page 330 Chapter 22 CNM System Setting Figure 199 CNM System Setting > Configuration > Servers > Configuration The following table describes the fields in this screen. Table 163 CNM System Setting > Configuration > Servers > Configuration LABEL DESCRIPTION Vantage CNM Server Public IP Address Select User Defined and type the public IP address the Vantage CNM server uses to communicate with managed devices.
Page 331: Vantage Cnm Server Public Ip Address
Vantage CNM public IP address and then click Apply. • For Prestige, go to command line and enter cnm managerIp x.x.x.x on the ZyXEL device where x.x.x.x is the public IP address of the Vantage CNM server. 4 Restart managed devices or restart Vantage CNM (see and 4b) to reset the communication between Vantage CNM and devices.
Page 332: User Access
Chapter 22 CNM System Setting Figure 200 CNM System Setting > Configuration > Servers > Status The following table describes the fields in this screen. Table 164 CNM System Setting > Configuration > Servers > Status LABEL DESCRIPTION Vantage CNM Server This field displays the IP address of the communications server.
Page 333: Notifications
Chapter 22 CNM System Setting User lockout is a protection mechanism to discourage brute-force password guessing attacks on a device’s management interface. You can specify a lockout period that must expire before entering a fourth password after three incorrect passwords have been entered. You can also force all administrators to periodically change their passwords in this screen.
Page 334: Notifications Settings
Chapter 22 CNM System Setting 22.4.1 Notifications Settings Use this screen to decide who should receive e-mail for device and CNM events that may warrant immediate attention such as a VPN tunnel down or a device reboot or a CNM log purge notification.
Page 335 Chapter 22 CNM System Setting 22.4.1.1 Email Customization Use this screen to customize the notification e-mail that Vantage CNM sends out. Select the event for which you want to customize the e-mail message and click the icon in the E-mail Customization table column found in CNM System Setting > Configuration > Notification.
Page 336: Log Setting
Chapter 22 CNM System Setting 22.5 Log Setting Use this screen to set how long the Vantage CNM server stores logs and reports and which events the Vantage CNM records logs for. To open this screen, click CNM System Setting in the menu bar and then click Configuration >...
Page 337: Vrpt Management
Chapter 22 CNM System Setting The following table describes the labels in this screen. Table 168 CNM System Setting > Configuration > Log Setting LABEL DESCRIPTION Log & Report Stores Enter the maximum days the Vantage CNM stores device logs, CNM system logs, CNM reports.
Page 338: Add/Edit Vrpt Management
Chapter 22 CNM System Setting Table 169 CNM System Setting > Configuration > VRPT Management (continued) LABEL DESCRIPTION Compatible This field indicates if the connected device is compatible with Vantage CNM. Status This field displays the status of the Vantage Report instance. The bulb lights on when the Vantage CNM is able to connect to the Vantage Report server.
Page 339: Certificate Management Overview
Chapter 22 CNM System Setting Table 170 CNM System Setting > Configuration > VRPT Management > Add/Edit LABEL DESCRIPTION Add Devices to VRPT Server Click the icon and the associated devices screen appears where you can select associated device(s) to this VRPT server. Click Add to return to the previous screen and the selected device(s) display in the Associated Devices field.
Page 340: Advantages Of Certificates
Chapter 22 CNM System Setting A certification path is the hierarchy of certification authority certificates that validate a certificate. The device does not trust a certificate if any certificate on its path has expired or been revoked. Certification authorities maintain directory servers with databases of valid and revoked certificates.
Page 341: Create Csr
Chapter 22 CNM System Setting The following table describes the labels in this screen. Table 171 CNM System Setting > Configuration > Certificate Management LABEL DESCRIPTION Certificate Name This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name.
Page 342 Chapter 22 CNM System Setting Figure 208 CNM System Setting > Configuration > Certificate Management > Create CSR The following table describes the labels in this screen. Table 172 CNM System Setting > Configuration > Certificate Management > Create CSR LABEL DESCRIPTION Certificate Alias...
Page 343: Import Certificate
Chapter 22 CNM System Setting 22.7.4 Import Certificate In this screen, you can Browse for a certificate that has already been downloaded to your computer. Select Apply to complete the certificate import. Figure 209 CNM System Setting > Configuration > Certificate Management > Import Certificate The following table describes the labels in this screen.
Page 344 Chapter 22 CNM System Setting Vantage CNM User’s Guide...
Page 345: Chapter 23 Maintenance
H A P T E R Maintenance Use the Maintenance screens to manage, back up and restore Vantage CNM system backup files. Data maintenance includes device firmware and configuration files you have uploaded to the Vantage CNM server. You can back up or restore to your computer or Vantage CNM. You can choose what domain to back up by selecting a folder in the object tree.
Page 346: Backup
Chapter 23 Maintenance Table 174 CNM System Setting > Maintenance > System (continued) LABEL DESCRIPTION Restore Click this to restore a system backup file. Note: System will kick out all on-line users before restoring a system backup file. After restoring, Vantage CNM shuts down automatically.
Page 347: Device Maintenance
Chapter 23 Maintenance 23.2 Device Maintenance Use this screen to export or import a device list file from/to the Vantage CNM. It’s convenient for you to rebuild the managed device information quickly at one time if you want to reinstall the Vantage CNM on the same or another computer.
Page 348 Chapter 23 Maintenance Figure 214 CNM System Setting > Maintenance > Device List Import Successful Vantage CNM User’s Guide...
Page 349: Chapter 24 Device Owner
H A P T E R Device Owner 24.1 Device Owner This screen list the address book which is a list of personal details of people of device owners. You can add, edit or remove a device owner in this screen. To associate a device owner with a device, select the person’s name in the Device Owner field when you add or edit a device (via right clicking your mouse) in the device window.
Page 350 Chapter 24 Device Owner Figure 216 CNM System setting > Device Owner > Add/Edit The following table describes the labels in this screen. Table 178 CNM System Setting > Device Owner > Add/Edit LABEL DESCRIPTION Name Type the person’s name. Description Type some extra information about the person.
Page 351: Vantage Cnm Software Upgrade
H A P T E R Vantage CNM Software Upgrade 25.1 CNM Software Upgrade Use this screen to view the current Vantage CNM software version or perform a software upgrade. Enter the full path of a software file in your computer or click Browse... to locate a software file.
Page 352 Chapter 25 Vantage CNM Software Upgrade Vantage CNM User’s Guide...
Page 353: Chapter 26 License
H A P T E R License 26.1 CNM Licence Use this screen to renew a standard license key to continuely use Vantage CNM after the trial period or the old license key expires. Click CNM System Setting in the menu bar and then click License in the navigation panel to display the next screen.
Page 354: License Upgrade
Chapter 26 License 26.1.1 License Upgrade License key is a licence to manage a specific number of ZyXEL devices. It can be found in the iCard. Type a license key to the License Key field and click Apply to increase the maximum device number the Vantage CNM is allowed to manage.
Page 355: Chapter 27 About Cnm
H A P T E R About CNM 27.1 About CNM Use this screen to see Vantage CNM’s software version, release date and the copyright. To open this screen, click CNM System Setting in the menu bar and then click About in the navigation panel.
Page 356 Chapter 27 About CNM Vantage CNM User’s Guide...
Page 357: Part Vii: Account Management
Account Management User Group (359) Account (363)
Page 359: Chapter 28 User Group
H A P T E R User Group Use these screens to manage Vantage CNM user groups. A group is associated with the privilege you defined and it is for one management domain. After you create a group, you can associate the user(s) with this group before the user(s) can perform any functions in Vantage CNM.
Page 360: Add User Group
Chapter 28 User Group The following table describes the fields in this screen. Table 183 Account Management > Group LABEL DESCRIPTION This is the number of an individual entry. Group Name This field displays the group name. Creator This field displays the user name who created the group. Description This is the description for the group.
Page 361 Chapter 28 User Group The following table describes the fields in this screen. Table 184 Account Management > Group > Add LABEL DESCRIPTION Basic Information Group Name Type a group name for this temperlate. Description Type the description for the group. Device Access Privileges Click the icon and the associated devices screen appears where...
Page 362 Chapter 28 User Group Vantage CNM User’s Guide...
Page 363: Chapter 29 Account
H A P T E R Account An account is a user with permissions inherited from the associated group. “Root” is the predefined administrator belonging to the Super group. Only “root” or any accounts belonging to Super group can do everything including managing the Vantage CNM system. Custom administrators have no predefined permissions.
Page 364: Account
Chapter 29 Account 29.3 Account Use this screen to display a list of all administrators and root. To open this screen, click Account Management in the menu bar and then click Account in the navigation panel. Figure 223 Account Management > Account The following table describes the fields in this screen.
Page 365 Chapter 29 Account Figure 224 Account Management > Account > Add/Edit The following table describes the fields in this screen. Table 186 Account Management > Account > Add/Edit LABEL DESCRIPTION Username Type the administrator login name associated with the password that you log into Vantage CNM with.
Page 366 Chapter 29 Account Vantage CNM User’s Guide...
Page 367: Part Viii: Troubleshooting
VIII Troubleshooting Troubleshooting (369)
Page 369: Chapter 30 Troubleshooting
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into following categories. • Vantage CNM Access and Login • Device Management • Device Firmware Management • Vantage Report 30.1 Vantage CNM Access and Login See the Quick Start Guide for additional suggestions.
Page 370: Device Management
Chapter 30 Troubleshooting 30.2 Device Management One device always keeps in On_Pending status in the device window. How can I do? A devices with the On_Pending status means there are some pending tasks the Vantage CNM should set but has not set to the device. If the device keeps in the status for a long time (for example, over 30 minutes), this may cause inconsistency between the Vantage CNM and the device.
Page 371: Vantage Report
Chapter 30 Troubleshooting 30.4 Vantage Report There is no information in any report for my device. 1 If you just added the device, wait for at least 5 minutes for information to appear in each report. 2 Click CNM System Setting > Configuration > VRPT Management, Make sure the Vangtage Report server’s status is on and your device has been successfully associated to it (click the edit icon and see if your device is in the Associated Devices list.
Page 372 Chapter 30 Troubleshooting Vantage CNM User’s Guide...
Page 373: Part Ix: Appendices And Index
Appendices and Index Product Specifications (375) Setting up Your Computer’s IP Address (379) Pop-up Windows, Java Scripts and Java Permissions (395) IP Addresses and Subnetting (401) IP Address Assignment Conflicts (409) Common Services (413) Importing Certificates (417) Open Software Announcements (423) Legal Information (447) Customer Support (449) Index (455)
Page 375: Appendix A Product Specifications
P P E N D I X Product Specifications This appendix summarizes Vantage CNM’s and Vantage Report’s specifications. Vantage CNM Specifications This section summarizes Vantage CNM’s specifications. Table 187 Firmware Specifications FEATURE DESCRIPTION Default User Name root Default Password root Object Tree View Three defined views: Account, Type, and Main Status icons...
Page 376 FEATURE DESCRIPTION Number of Vantage CNM 1,000,000 Log Entries Table 189 ZyXEL Device and the Corresponding Firmware Version Vantage CNM Supports ZYXEL DEVICE FIRMWARE VERSION ZyNOS ZyWALL: ZyNOS (ZyXEL Networking Operation System) is a ZyXEL proprietary system. ZyWALL 2 3.62 ZyWALL 5 / 35 / 70 / 2 Plus 4.00 or later...
Page 377 Appendix A Product Specifications Table 190 Trusted CAs (Keystore type: jks, Keystore provider: SUN) (continued) DATE MD5 FINGERPRINT entrustgsslca Jan 9, 2003 9D:66:6A:CC:FF:D5:F5:43:B4:BF: 8C:16:D1:2B:A8:99 thawtepersonalbasicca Feb 13, 1999 E6:0B:D2:C9:CA:2D:88:DB:1A:71: 0E:4B:78:EB:02:41 verisignclass1ca Mar 26, 2004 97:60:E8:57:5F:D3:50:47:E5:43: 0C:94:36:8A:B0:62 verisignclass1g2ca Mar 26, 2004 DB:23:3D:F9:69:FA:4B:B9:95:80: 44:73:5E:7D:41:83 entrustsslca...
Page 378 Appendix A Product Specifications Table 190 Trusted CAs (Keystore type: jks, Keystore provider: SUN) (continued) DATE MD5 FINGERPRINT baltimorecodesigningca May 10, 2002 90:F5:28:49:56:D1:5D:2C:B0:53: D4:4B:EF:6F:90:22 equifaxsecureglobalebusinessca1 Jul 19, 2003 8F:5D:77:06:27:C4:98:3C:5B:93: 78:E7:D7:7D:9B:CC equifaxsecureebusinessca2 Jul 19, 2003 AA:BF:BF:64:97:DA:98:1D:6F:C6: 08:3A:95:70:33:CA verisignclass2ca Oct 27, 2003 B3:9C:25:B1:C3:2E:32:53:80:15: 30:9D:4D:02:77:3E Vantage Report Specifications...
Page 379: Appendix B Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 380 Appendix B Setting up Your Computer’s IP Address Figure 225 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 381 Appendix B Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. •...
Page 382 Appendix B Setting up Your Computer’s IP Address Figure 227 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 383 Appendix B Setting up Your Computer’s IP Address Figure 228 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 229 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Vantage CNM User’s Guide...
Page 384 Appendix B Setting up Your Computer’s IP Address Figure 230 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 231 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 385 Appendix B Setting up Your Computer’s IP Address Figure 232 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 386 Appendix B Setting up Your Computer’s IP Address Figure 233 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 387 Appendix B Setting up Your Computer’s IP Address Figure 234 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
Page 388 Appendix B Setting up Your Computer’s IP Address Figure 235 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 236 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: •...
Page 389 Appendix B Setting up Your Computer’s IP Address • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your device in the Router address box. 5 Close the TCP/IP Control Panel.
Page 390 Appendix B Setting up Your Computer’s IP Address Figure 238 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 391 Appendix B Setting up Your Computer’s IP Address Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 392 Appendix B Setting up Your Computer’s IP Address • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Page 393 Appendix B Setting up Your Computer’s IP Address Figure 243 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter in the field. Type static BOOTPROTO= = followed by the IP address (in dotted decimal notation) and type IPADDR NETMASK...
Page 394 Appendix B Setting up Your Computer’s IP Address Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 247 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:10.1.19.129 Bcast:10.1.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...
Page 395: Appendix C Pop-Up Windows, Java Scripts And Java Permissions
P P E N D I X Pop-up Windows, Java Scripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • Java Scripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 396 Appendix C Pop-up Windows, Java Scripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 249 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 397 Appendix C Pop-up Windows, Java Scripts and Java Permissions Figure 250 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites.
Page 398 Appendix C Pop-up Windows, Java Scripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. Java Scripts If pages of the web configurator do not display properly in Internet Explorer, check that Java Scripts are allowed.
Page 399 Appendix C Pop-up Windows, Java Scripts and Java Permissions Figure 253 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Page 400 Appendix C Pop-up Windows, Java Scripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 255 Java (Sun) Vantage CNM User’s Guide...
Page 401: Appendix D Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 402 Appendix D IP Addresses and Subnetting Figure 256 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 403 Appendix D IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 196 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Page 404 Appendix D IP Addresses and Subnetting Table 198 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.192 1100 0000 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 405 Appendix D IP Addresses and Subnetting Figure 258 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 406 Appendix D IP Addresses and Subnetting Table 200 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 201 Subnet 3...
Page 407 Appendix D IP Addresses and Subnetting Table 203 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 204 24-bit Network Number Subnet Planning NO.
Page 408 Appendix D IP Addresses and Subnetting Table 205 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 409: Appendix E Ip Address Assignment Conflicts
P P E N D I X IP Address Assignment Conflicts This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The device is using the same LAN and WAN IP addresses The following figure shows an example where the device is using a WAN IP address that is the same as the IP address of a computer on the LAN.
Page 410 Appendix E IP Address Assignment Conflicts Figure 260 IP Address Conflicts: Case B To solve this problem, make sure the device LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP address is the same as the IP address of a network device not attached to the device.
Page 411 Appendix E IP Address Assignment Conflicts Figure 262 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. Vantage CNM User’s Guide...
Page 412 Appendix E IP Address Assignment Conflicts Vantage CNM User’s Guide...
Page 413: Appendix F Common Services
7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Page 414 Appendix F Common Services Table 206 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web.
Page 415 Appendix F Common Services Table 206 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP Simple File Transfer Protocol. SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet.
Page 416 Appendix F Common Services Vantage CNM User’s Guide...
Page 417: Appendix G Importing Certificates
P P E N D I X Importing Certificates This appendix shows importing certificates examples using Netscape Navigator and Internet Explorer 5. This appendix uses the ZyWALL 70 as an example. Other models should be similar. Import Vantage CNM’s Certificates into Netscape Navigator In Netscape Navigator, you can permanently trust the Vantage CNM’s server certificate by importing it into your operating system as a trusted certification authority.
Page 418 Appendix G Importing Certificates 1 In Internet Explorer, double click the lock shown in the following screen. Figure 264 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 265 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard. Vantage CNM User’s Guide...
Page 419 Appendix G Importing Certificates Figure 266 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next. Figure 267 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard. Vantage CNM User’s Guide...
Page 420 Appendix G Importing Certificates Figure 268 Certificate Import Wizard 3 6 Click Yes to add the Vantage CNM certificate to the root store. Figure 269 Root Certificate Store Vantage CNM User’s Guide...
Page 421 Appendix G Importing Certificates Figure 270 Certificate General Information after Import Vantage CNM User’s Guide...
Page 422 Appendix G Importing Certificates Vantage CNM User’s Guide...
Page 423: Appendix H Open Software Announcements
No part may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, except the express written permission of ZyXEL Communications Corporation. This Product includes Castor under below license Copyright (C) 1999-2001 Intalio, Inc.
Page 424 Appendix H Open Software Announcements This Product includes ant-contrib 1.0b3 version, axis 1.2.1 version, a[ache-commoms quartz 1.5.2 version, log4j 102014 version, j2sh, xerces 2.8.1 version, apache-any 1.6.5 version, and apache-tomcat 5.0 version under Apache Software License Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1.
Page 425 Appendix H Open Software Announcements 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty- free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
Page 426 Appendix H Open Software Announcements 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
Page 427 Appendix H Open Software Announcements Products derived from this software may not be called "Apache", nor may "Apache" appear in their name, without prior written permission of the Apache Software Foundation. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Page 428 Appendix H Open Software Announcements To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you.
Page 429 Appendix H Open Software Announcements The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.
Page 430 Appendix H Open Software Announcements function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works.
Page 431 Appendix H Open Software Announcements 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.
Page 432 Appendix H Open Software Announcements 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License.
Page 433 Appendix H Open Software Announcements License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.
Page 434 Appendix H Open Software Announcements The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it.
Page 435 Appendix H Open Software Announcements 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty;...
Page 436 Appendix H Open Software Announcements received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.
Page 437 Appendix H Open Software Announcements 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
Page 438 Appendix H Open Software Announcements Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: • Redistribution of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 439 Appendix H Open Software Announcements -Neither the name of or trademarks of Sun may be used to endorse or promote products including or derived from the Java Software technology without specific prior written permission; and -Redistributions of source or binary code must contain the above copyright notice, this notice and the following disclaimers: THIS SOFTWARE IS PROVIDED "AS IS,"...
Page 440 Appendix H Open Software Announcements significant and primary functionality to the Software, (iii) you do not distribute additional software intended to replace any component(s) of the Software (unless otherwise specified in the applicable README file), (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that protects Sun's interests consistent with the terms contained in this Agreement, and (vi) you agree.
Page 441 Appendix H Open Software Announcements 7. Distribution by Publishers. This section pertains to your distribution of the Software with your printed book or magazine (as those terms are commonly used in the industry) relating to Java technology ("Publication"). Subject to and conditioned upon your compliance with the restrictions and obligations contained in the Agreement, in addition to the license granted in Paragraph 1 above, Sun hereby grants to you a non-exclusive, nontransferable limited right to reproduce complete and unmodified copies of the Software on electronic media (the "Media")
Page 442 TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM. IF YOU DO NOT AGREE TO THESE TERMS, THEN ZyXEL, INC. IS UNWILLING TO LICENSE THE SOFTWARE TO YOU, IN WHICH EVENT YOU SHOULD RETURN THE UNINSTALLED SOFTWARE AND PACKAGING TO THE PLACE FROM WHICH IT WAS ACQUIRED, AND YOUR MONEY WILL BE REFUNDED.
Page 443 License Agreement remains in full force and effect. Ownership of the Software, Documentation and all intellectual property rights therein shall remain at all times with ZyXEL. Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement.
Page 444 This License Agreement is effective until it is terminated. You may terminate this License Agreement at any time by destroying or returning to ZyXEL all copies of the Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement.
Page 445 Appendix H Open Software Announcements destroy or return to ZyXEL all copies of the Software and Documentation and to certify in writing that all known copies, including backup copies, have been destroyed. All provisions relating to confidentiality, proprietary rights, and non-disclosure shall survive the termination of this Software License Agreement.
Page 446 Appendix H Open Software Announcements Vantage CNM User’s Guide...
Page 447: Appendix I Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 448 This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.
Page 449: Appendix J Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php).
Page 450 • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France Vantage CNM User’s Guide...
Page 451 • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • Support E-mail: support@zyxel.co.jp •...
Page 452 • Sales E-mail: sales@zyxel.com.my • Telephone: +603-8076-9933 • Fax: +603-8076-9833 • Web: http://www.zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: support@zyxel.com •...
Page 453 • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • Telephone: +65-6899-6678 • Fax: +65-6899-8887 • Web: http://www.zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es •...
Page 454 • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 0845 122 0301 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) Vantage CNM User’s Guide...
Page 455: Index
Index Index Numerics create a group folder customer support introduction 3G. see third generation delete a device group device owners alarms 333, 334 notifications 333, 334 administrators storing in address book idle timeout device search maximum number logged in device window 37, 39 root search...
Page 456 Index icons maximum number of online users right-click menu bar FTP server myzyxel.com Full Mesh 259, 260 function window navigation panel 37, 47 group configuration 311, 314, 316 notifications 333, 334 SMTP server h_CNMSystem_DevOwner Hub & Spoke 259, 260 object pane devices IANA PIN code...
Page 457 Index monitoring pre-shared key restoring VPN Community updating Installation Report SMTP server status monitor 318, 319 subnet subnet mask subnetting subscription services warranty activating note monitoring licenses web configurator notifications 333, 334 device window upgrading devices super administrators function window icons 38, 39 syntax conventions...
Page 458 Index Vantage CNM User’s Guide...
Page 459 Index Vantage CNM User’s Guide...
Page 460 Index Vantage CNM User’s Guide...

This manual is also suitable for:

Vantage cnm

ZyXEL Communications VANTAGE CNM - V3.1 User Manual

Chapter 1 Introducing Vantage CNM

Chapter 2 GUI Introduction

Chapter 3 Load or Save Building Blocks (BB)

Chapter 4 Device General Settings

Chapter 5 Device Network Settings

Chapter 6 Device Security Settings

Chapter 7 Device Advanced Settings

Chapter 8 Device Log

Chapter 9 Device Configuration Management

Chapter 10 Firmware Management

Chapter 11 License Management

Chapter 12 VPN Community

Chapter 13 Installation Report

Chapter 14 VPN Monitor

Chapter 15 Device Status Monitor

Chapter 16 Monitor

Chapter 17 Device HA Status Monitor

Chapter 18 Device Alarm

Chapter 19 Device Operation Report

Chapter 20 CNM Logs

Chapter 21 VRPT

Chapter 22 CNM System Setting

Chapter 23 Maintenance

Chapter 24 Device Owner

Chapter 25 Vantage CNM Software Upgrade

Chapter 26 License

Chapter 27 About CNM

Chapter 28 User Group

Chapter 29 Account

Chapter 30 Troubleshooting

Appendix A Product Specifications

Appendix B Setting up Your Computer's IP Address

Appendix C Pop-Up Windows, Java Scripts and Java Permissions

Appendix D IP Addresses and Subnetting

Appendix E IP Address Assignment Conflicts

Appendix F Common Services

Appendix G Importing Certificates

Appendix H Open Software Announcements

Appendix I Legal Information

Appendix J Customer Support

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications VANTAGE CNM - V3.1

Summary of Contents for ZyXEL Communications VANTAGE CNM - V3.1