1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Firewall
  5. ZyWALL SSL 10
  6. Support notes

ZyXEL Communications ZYWALL SSL 10 Support Notes

Integrated ssl-vpn appliance
Hide thumbs Also See for ZYWALL SSL 10:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
ZyWALL SSL 10 Support Notes

ZyWALL SSL 10

Integrated SSL-VPN Appliance
Support Notes
Revision 2.01
April. 2007
1
All contents copyright (c) 2006 ZyXEL Communications Corporation.

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications ZYWALL SSL 10

Summary of Contents for ZyXEL Communications ZYWALL SSL 10

  • Page 1: Zywall Ssl

    ZyWALL SSL 10 Support Notes ZyWALL SSL 10 Integrated SSL-VPN Appliance Support Notes Revision 2.01 April. 2007 All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 2: Table Of Contents

    A06. How do I know I am using PPPoE? ..............95 A07. Why does my Internet Service Provider use PPPoE? ........95 A08. How can I configure the ZyWALL?..............95 A09. What can we do with ZyWALL?..............96 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 3 D04. What is the order of user authentication? ............101 E. EPC(End Point Check) FAQ..................101 E1. What is EPC on ZyWALL SSL10?..............101 E2. What are the checking items of EPC on ZyWALL SSL 10? ......102 All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 4: Deployment

    Customers who already installed a ZyWALL or a third party’s firewall, like SonicWALL TZ170 or Juniper 5GT ZyWALL UTM or the third party’s firewall provides security inspection such as Anti-Virus/IDP/firewall. See following figure to show you the topology for example. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 5 Anti-Virus, IDP and etc. In this way, MIS administrator will take it easy to eliminate the worry that remote “trust” PC may distribute virus or attacks to internal network. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 6 Configuration on ZyWALL UTM Step1. Check if the WAN, LAN, DMZ IP address has been proper configured. 1) Go to the GUI > Network > DMZ, configure the DMZ IP address as 192.168.3.1. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 7 2) Go to the GUI > Network > DMZ > Port Roles, define the port 4 belongs to DMZ zone. 3) Go to the GUI > Network > WAN > WAN1, configure the WAN IP address as a proper one(ex. 172.120.1.10 in this example). All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 8 4) Go to the GUI > Network > LAN, configure the LAN IP address as 192.168.1.1. Step2. Check if the Internet access is available on both LAN and DMZ network by ping from a LAN host and a DMZ host. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 9 But if IT staff needs to access the ZyWALL UTM by HTTPS, they can use https://IP_address:10443 (which the IP_address could be the ZyWALL’s LAN or DMZ or WAN IP address depending on your remote management setting). All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 10 For example, if you have configured WAN1 IP forward port 443 to another web server, (ex. 192.168.3.10). We could use WAN2 interface (ex. IP address is 10.59.1.30) to forward 443 to ZyWALL SSL10 as following figure. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 11 2) Then press Yes button to accept the system alert. 3) If you are the first time to configure ZyWALL SSL 10, the following page will be shown. Choose Setup Wizard button to enter wizard. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 12 But if it’s not your first time to configure ZyWALL SSL 10, the system will login to Advanced Setup page. Click the Wizard icon on the right top of page after successfully login. 4) Choose the default "Install on Gateway’s DMZ Port" and press Next button. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 13 ZyWALL SSL 10 Support Notes All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 14 5) Then choose "Static" for the device’s WAN IP assignment for this example. Configure the IP address setting as shown below. Press Next button. 6) We create one SSL VPN user for this example. Enter the username and password. Press Next button. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 15 The remote users IP address pool should be different than VPN network. Like in this example, we use 192.168.1.0/24 for VPN network and remote users IP pool ranging from 192.168.10.200 to 192.168.10.250. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 16 SSL-VPN license later, press Finish button. Note: Please make sure the Internet access is available before pressing activate SSL-VPN license since the system will send the registration information to http://www.myZyXEL.com. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 17 SSL-VPN node licenses after registering successfully. Press Finished button to submit the information. Then you will complete the registration and initial setup. Simulate a Internet host to access ZyWALL SSL 10 via the ZyWALL All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 18 Application and File Sharing list as below. Besides, the user will find his PC got a PPP IP address (ex. 192.168.1.200) in the PC’s network connections after successfully login. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 19 CuteFTP) to access the server. If IT stuff would like to pre-configure some access links for remote user’s quick view, he needs further configuration. Please refer to chapter 2 for the detail. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 20: Nat Mode

    ZyWALL. The ZyWALL SSL 10 is put at behind the main office’s gateway. Remote users could either access the main office’s LAN resource or access the remote office’s LAN resource via IPSec VPN All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 21 PC to configure ZyWALL SSL 10 without any security concern, leave it just as default ‘I am connecting via my own computer’. Otherwise, choose ‘I am connecting via Public computer’ instead. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 22 2) Then press Yes button to accept the system alert. 3) If you are the first time to configure ZyWALL SSL 10, the following page will be shown. Choose Setup Wizard button to enter wizard. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 23 But if it’s not your first time to configure ZyWALL SSL 10, the system will login to Advanced Setup page. Click the Wizard icon on the right top of page after successfully login. 4) Choose “Install as New Gateway“ and press Next button. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 24 6) Configure the LAN IP assignment and the DHCP setting. Press Next button. It will pop up a warning message to remind you the LAN IP address will be changed. Your LAN PC needs to release and renew a new IP address from DHCP. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 25 ZyWALL SSL 10 Support Notes 7) In this example, we create one SSL VPN user as the figure below. Press Next button. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 26 IP address will be assigned to the remote SSL VPN users from the device in Full Tunneling mode. Note2: The remote users IP pool should be different than the VPN network. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 27 However, if you want to activate SSL-VPN license later, press Finish button. Note: Please make sure the Internet access is available before pressing activate SSL-VPN license since the system will send the registration information to http://www.myZyXEL.com. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 28 Application and File Sharing list since it needs further configuration. To configure more users or groups and to specify a certain application for remote user’s access, please refer to the additional configuration in the chapter 2. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 29: Integrated Application

    The company already deployed a Microsoft AD server for user management and authentication and the ZyWALL SSL10 also used this server for user authentication. There are three user groups pre configured in the AD; they are RD, sales and outsider. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 30: External Authentication

    ZyWALL SSL10 local database. ZyWALL SSL10 provides a user friendly interface to configure the external database connection. 2.1.1 External Authentication configuration Please login to ZyWALL SSL10 web GUI and switch to System > AAA Server All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 31: User/Group Configuration

    AD administrator for these parameters. Remember to click “OK” button to save the configuration. 2.1.2 User/Group configuration All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 32 Add the RD group, because the group member had pre-configured in the AD server thus choose the option of “Group in the AAA server”. Click OK to save the configuration. Follow the same steps to add the Sales group. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 33: Objects Configuration

    We can check the user/group general page and found the three groups already settled. 2.2 Objects Configuration 2.2.1 SSL Application Object Please switch to Object > SSL Application and click the Add icon to add a new application. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 34 IP 192.168.1.10 and port 8080 and then we should type http://192.168.1.10:8080. The ZyWALL SSL10 will access server port 80 or port 443 if the address starts with http:// or https:// and doesn’t specific the port number. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 35 Please be noticed; fill in the folder name straight like doc/ when share server is Windows OS and add a ‘/’ before the name like /doc/ in Linux system. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 36 ZyWALL SSL 10 Support Notes All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 37: Vpn Network Object

    Please switch to Object > VPN Network and click the Add icon to add a new VPN network. Fill in the Name for this VPN network and the network address and the netmask. For example, we have one subnet called RD_subnet and address is 192.168.2.0/255.255.255.0. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 38: Endpoint Security Object

    Check Anti Virus Auto Protect × × ν Check Browser manufactory × × × Check Browser Version × × × We will start to configure three endpoint security policies for each user/group one by one. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 39 In order to secure our network; we will limit their application type in Web application only and checks if their windows version and service pack follow our policy. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 40 Email or normal web connection. Thus, we hope they can access our internal network via SSL tunnel. We will define more end point security requirements because sales are not only allowed to access web application also some internal resources. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 41 We will check the windows version and service pack for OS level and check the client security like personal firewall, antivirus software and signature update. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 42: Private Ip Pool Object

    192.168.2.0/255.255.255.0. The DNS option is used when customer have an internal DNS server to resolve the internal FQDN hostname to IP address. The DNS server and WINS server are optional and it is not necessary to fill in these fields. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 43: Ssl Policy Configuration

    VPN network. Outsider SSL Policy Switch to SSL configuration page and add a new SSL policy for outsider. The outsider uses the endpoint security object outsider that we configured in previous section. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 44 They are only allowed to use the web application “Quick_Order” and we won’t assign them an internal VPN network. Sales SSL Policy Add another new SSL policy for sales. The sales use the endpoint security object sales that we configured in previous section. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 45 RD can use the most internal application like security telnat connection-SSH and VPN network. They are allowed to use the internal Linux server with SSH and file sharing server “NAS”. We also assign them an internal VPN network and they will use the predefined All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 46 Later on, user can add new policy or edit existing policy in this page. Now, we already finished the SSL environment setup and the remote user can start to enjoy the internal resource with highly security protect. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 47: Ssl Vpn Solution

    We would suggest to integrate a ZyWALL SSL10 with a ZyWALL UTM or 3 party’s UTM firewall. The AV/IDP function will block abnormal traffic when virus or intrusions are detected. Application Diagram: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 48 PCs without the user aware of it. IT staff would like to enable Anti-Virus/IDP inspection functions on ZyWALL UTM device for SSL-VPN traffic. Configuration information in this example: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 49 443 traffic to the ZyWALL SSL 10 (192.168.3.2) Step2. Make sure firewall rule allow SSL traffic from WAN to DMZ. Go to menu Security > Firewall, the traffic from WAN1 to DMZ is permitted by default as following figure. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 50 This is to make sure all HTTPS traffic via port 443 will be forwarded to ZyWALL SSL 10. But when IT staff needs to access the ZyWALL UTM by HTTPS, they can use https://IP_address:10443 (which the IP_address could be the ZyWALL’s LAN or DMZ or All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 51 For example, if you have to configure WAN1 IP forward port 443 to another web server, (ex. 192.168.3.10). We could use WAN2 interface (ex. IP address is 10.59.1.30) to forward 443 to ZyWALL SSL10 as following figure. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 52 ZyWALL. This stream based AV scan engine can precisely detect virus/worms and then destroy these infected files before they reach intranet hosts. Setup the IDP service to prevent the attacks All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 53 SMTP mails traffic can be protected from virus infection. And the system can give a warning to IT staff if a virus is found. 6. Click on the Apply button to save the settings. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 54 Note: Remember to make sure the AV signatures are most updated thereby the ZyWALL UTM AV engine can stay in the best status. (The “update” can be done manually or automatically). The AV signature update page All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 55 ZyWALL SSL 10 Support Notes All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 56: Seamless Integrate Ssl Vpn Into Your Existing Ipsec Vpn

    SSL VPN solution for remote users to access FTP, Mail, Web servers in main office and also to access the FTP server in the remote branch office. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 57 Configure the ZyWALL SSL 10 in DMZ mode by using Wizard On two ZyWALL devices Configure IPSec VPN settings Configure NAT port forwarding policy Configure Security policy rules . See the following step-by-step configuration. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 58 If ZyWALL is used as Internet gateway and public IP address is assigned on ZyWALL’s WAN interface. ZyWALL uses this public WAN IP address for terminating the VPN tunnels from remote VPN gateways. In following example, local VPN gateway (ZyWALL) uses a static public IP address. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 59 DDNS server. Therefore the peer VPN gateway can resolve ZyWALL’s IP address to make a VPN tunnel. In following example, local VPN gateway (ZyWALL) uses a dynamic WAN IP address All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 60 WAN interface when the specified WAN interface is not available. Therefore, the next coming VPN connection will go through second WAN interface. Configure ZyWALL behind NAT Router This section describes an example configuration ZyWALL behind NAT Router (Internet All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 61 NAT router. For example, the NAT router has a different interface (e.g. leased line, ISDN) which are not supported by IPSec gateway. This example gives some guideline for configuring ZyWALL behind NAT router. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 62 IPSec traffic will be encapsulated in UDP packet to avoid traversal problem on NAT routers. 4) Under VPN->Gateway Policy-> Gateway Policy Information configure the private IP address as “My Address” on local ZyWALL gateway (behind NAT router). All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 63 But when IT staff needs to access the ZyWALL UTM by HTTPS, they can use https://IP_address:10443 (which the IP_address could be the ZyWALL’s LAN or DMZ or WAN IP address depending on server access setting). All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 64 For example, if you have configured WAN1 IP forward port 443 to another web server, (ex. 192.168.3.10). We could use WAN2 interface (ex. IP address is 10.59.1.30) to forward 443 to ZyWALL SSL10 as following figure. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 65 “HTTPS” (port 443). 3) ZyWALL also can inspect packet/mails from WAN to DMZ by IDP/AV and AS features. The configuration is similar to the firewall rule setting. There is a traffic direction matrix All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 66 ZyWALL SSL 10 Support Notes available in IDP/AV and AS General configuration page. Used the check box to decide if the traffic from WAN to DMZ needs to be inspected by scan engine. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 67: Integration: Sonicwall+Zywall Ssl10

    Please refer to the chapter one to configure ZyWALL SSL10 in DMZ mode. Configuration on SonicWALL TZ170 Step1. Check if the WAN, LAN, DMZ IP addresses have been proper configured. 1) Connect the Ethernet cables as following All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 68 1) Go to menu Firewall > Access Rules and click Add button. Configure it as following figure. (Create the service “SSL” for TCP port 443 traffic) Then you will see the rule is created as follow. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 69 443 will be forwarded to ZyWALL SSL 10. But if IT staff needs to access the SonicWALL by HTTPS, they can use https://IP_address:10443 (which the IP_address might be SonicWALL’s LAN, DMZ or WAN IP address depending on your remote management setting). Apply the setting then. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 70 ZyWALL SSL 10 Support Notes Step5. Access https://172.120.1.10 from an Internet PC’s IE browser. The ZyWALL SSL10’s login page will be displayed for your to login. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 71: Integration: Netscreen+Zywall Ssl10

    Configuration on ZyWALL SSL10 Please refer to the chapter one to configure ZyWALL SSL10 in DMZ mode. Configuration on Netscreen 5GT Step1. Check if the WAN, LAN, DMZ IP addresses have been proper configured. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 72 1) In the menu Network > Interface, click “Edit” on the ‘untrust’ interface. 2) Choose the VIP on the top and choose “Same as the untrusted interface IP address”. Click Add button. 3) Click New VIP Service button. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 73 1) Go to menu Policies, choose from “Untrust” to “Trust” zone and click the New button at the top corner. 2) Configure it as shown in the figure in red shape below. Other settings just leave it as default and click Advanced button then. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 74 IP_address might be Netcreen’s LAN or WAN IP address depending on your management setting). Apply the setting then. Step5. Access https://172.120.1.10 from an Internet PC’s IE browser. The ZyWALL SSL10’s login page will be displayed for your login. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 75: Integration With Nsa-2400 For File Sharing

    ZyWALL SSL 10 Support Notes 3.5 Integration with NSA-2400 for file sharing ZyXEL NSA-2400 is a storage host. Data storage and access is one of the application for remote users to access. However, it may store important and sensitive data which IT administer need to provide a security mechanism to forbidden un-trusted user’s access.
  • Page 76 2) Go to menu Sharing > Shares, press ‘Add a New Share’ button. Enter the sharing information and give full access to the user, Tom. See following figure. Press Apply button. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 77 Note: It’s better to path by click the Browse button. For example, create ‘Tom-folder’ under the path, volume1. Step2. Test if it does work by link to \\<NSA-2400’s IP-address> from your PC via IE browser as following figure. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 78 Click OK button. 4) Go to menu SSL, modify the existed setting which we created via Wizard just now. Check the available user(Tom) and the SSL application(Tom-folder) we just created. Click OK button. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 79 Configuration on ZyWALL UTM Step1. Create port forwarding rule. 4) Go to the GUI menu ADVANCED > NAT > Port Forwarding, add one rule to forward port 443 traffic to the ZyWALL SSL 10 (192.168.3.2) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 80 After that, you will get the result as following figure. Step3. Change the remote management port on ZyWALL UTM 1). Switch to menu ADVANCED > REMOTE MGMT > WWW, change the ZyWALL All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 81 For example, if you have to configure WAN1 IP forward port 443 to another web server, (ex. 192.168.3.10). We could use WAN2 interface (ex. IP address is 10.59.1.30) to forward 443 to ZyWALL SSL10 as following figure. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 82 That is access those server NOT through ZyWALL SSL10 portal.) 1) Go to menu Advanced > Static Route, click the modify icon to add a static route. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 83 WAN >> Remote user client). Remote User login 1) Remote user open an IE browser to link to https://172.120.1.10, it will display the ZyWALL SSL10 login page. 2) Enter the username and password. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 84 3) You will enter the portal, continue to click three times ‘Yes’ button and one time ‘continue’ button. 4) Then switch to ‘File Sharing’ by click the button at the top. 5) Click the ‘Tom-folder’ icon, it will bring you to the NSA-2400’s login page as below. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 85 ZyWALL SSL 10 Support Notes 6) Enter the username and password, you will get the All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 86: Best Practice: Stronger Password Security

    Configure the Authenex Server to accept the communication with ZyWALL SSL10 and assign the token bound with the user Simulate the access from a remote user Configuration on ZyWALL SSL10 Step1. Create a group All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 87 1). Go to GUI > Object > SSL Application, create one application rule by clicking the add icon. 2). Choose type with File_Sharing and fill out the FTP server’s IP address as following. Fill out the file server information as following. Click OK then. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 88 Step3. Create a SSL policy 1). Go to GUI > SSL > Policy, create a SSL policy by clicking the add icon. Check the user and the file sharing application that we just created. Click Ok. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 89 “localhost” or “127.0.0.1” for the IP address. After the IP address, append with “:8080/asas/” where the 8080 is the server’s default port number. Login the server by type the password you set. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 90 ZyWALL SSL10 and the Authenex server. 3). Go to Manage Users > Add User, create a user ‘guest’ and binds it with the group ‘testzywall’ and the resource ‘zywallssl10’ we just created. Click Add button. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 91 Then edit the user and check the Assign only Users A-Keys option. Click Update User button. 4). Go to Manage A-Keys > Assign A-Keys. Bind a certain token’s A-key to the user. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 92 6). Restart the service by choose your PC’s Start > Authenex > ASAS_3.0 > Restart Authenex Radius Server Access from a remote user 1). Login to ZyWALL SSL10 by typing the username, password and the six number generated from your token. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 93 ZyWALL SSL 10 Support Notes 2). After successful login, you could see the file sharing link from the interface. Double click it to access the file server. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 94: Faq

    PPP dialer such as 'Dial-Up Networking' user interface. PPPoE supports a broad range of existing applications and service including authentication, accounting, secure access and configuration management. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 95: A05. Does The Zywall Support Pppoe

    A08. How can I configure the ZyWALL? Telnet remote management- CLI command line Web browser- web server embedded for easy configurations All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 96: A09. What Can We Do With Zywall

    They will be able to retrieve their individual private and secure e-mail, if they have been assigned the proper access right. If your company does not have a domain name, it means that your ISP provides you with a All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 97: A13. What Dhcp Capability Does The Zywall Support

    Currently, there are various ways that ISPs control their users. That is, the WAN IP is provided only when the user is checked as an authorized user. The ISPs currently use three ways: All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 98: A16. What Is Bootp/Dhcp

    WinXP/2000 and WinNT clients use DHCP to request an internal IP address, while WFW and WinSock clients use BOOTP. TCP/IP clients may specify their own IP or utilize BOOTP/DHCP to request an IP address. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 99: Firmware Upgrade Faq

    ZyWALL security appliances and security services. It eliminates the hassle of registering individual ZyWALL appliances and upgrades to streamline the management of all your ZyWALL security services. Instead of registering each ZyWALL product individually, using myZyXEL.com you have a All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 100: C03. How To Activate The Ssl-Vpn License

    (2)Some applications, like Applets, Flash, do not work since them need to connect to the external server. (3)We cannot guarantee every web pages in the world to be able to display correctly. We recommend using full tunneling mode to display all pages properly. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 101: D03. Ssl Vpn Vs. Pptp Vpn

    If the protection configured requires a specific process not to be running, the system can ask the user to halt the process. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 102: E2. What Are The Checking Items Of Epc On Zywall Ssl 10

    - File system entries - Process table entries [3] Session Information Protection - Cleaning browser caches, history, cookies, credentials (IE only) - Disabling auto-completion [4] Web-page protection - Encrypted view-source (IE only) All contents copyright (c) 2006 ZyXEL Communications Corporation.

Table of Contents