Page 1 Vantage CNM Centralized Network Management Default Login Details IP Address https://localhost https://{Vantage CNM Server’s IP address} User Name root Password root www.zyxel.com Software Version 3.2 Edition 1, 7/2009 www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...
Page 3: About This User's Guide
Please refer to www.zyxel.com for additional support documentation and product certifications. Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Vantage CNM User’s Guide...
Page 4 About This User's Guide Need More Help? More help is available at www.zyxel.com. • Download Library Search for the latest product updates and documentation from this link. Read the Tech Doc Overview to find out how to efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in order to better understand how to use your product.
Page 5: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. Device icons are not an exact representations of your devices. Device (example) Computer Notebook computer Server DSLAM Telephone Switch Router Vantage CNM User’s Guide...
Page 7: Contents Overview
Contents Overview Contents Overview Introducing Vantage CNM ......................21 Introduction ..........................23 GUI Introduction ........................25 Device Configuration (ZyNOS and Prestige) ............... 45 Load or Save Building Blocks (BB) .................... 47 Device General Settings ......................51 Device Network Settings ......................55 Device Security Settings ......................
Page 8 Contents Overview Device HA Status Monitor ......................527 Device Alarm ........................... 529 Log & Report ........................535 Device Operation Report ......................537 CNM Logs ..........................553 VRPT ............................555 CNM System Setting ......................559 CNM System Setting ......................561 Maintenance ..........................581 Device Owner ..........................
Page 9: Table Of Contents
About This User's Guide ......................3 Document Conventions......................5 Contents Overview ........................7 Chapter 1 Introducing Vantage CNM ...................... 21 1.1 Overview ..........................21 1.2 Ways to Manage Vantage CNM ................... 22 1.3 Suggestions for Using Vantage CNM .................. 22 Part I: Introduction.................
Page 10 5.3 WAN General (ZyNOS ZyWALL) ..................65 5.3.1 WAN1 (ZyNOS ZyWALL with one WAN port) ............69 5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports) ......... 78 5.3.3 WAN2 (ZyNOS ZyWALL with 3G WAN) ..............87 5.3.4 Dial Backup (ZyNOS ZyWALL) .................. 96 5.3.5 Advanced Modem Setup (ZyNOS ZyWALL) ..............
Page 11 6.8 General Setup ........................174 6.9 IDP Signatures ........................176 6.9.1 Attack Types ......................176 6.9.2 Intrusion Severity ....................178 6.9.3 Signature Actions ....................178 6.9.4 Configuring IDP Signatures ..................179 6.9.5 Query View ....................... 181 6.9.6 Protocol Anomaly ..................... 184 6.10 Signature Update ......................
Page 12 7.14 Remote MGMT ........................ 236 Chapter 8 Device Log..........................241 8.1 Device Log ......................... 241 Part III: Device Configuration (ZLD) ........... 245 Chapter 9 Device Network Settings ...................... 247 9.1 Ethernet (ZLD ZyWALL) ....................247 9.1.1 Ethernet Edit ......................248 9.1.2 Adding Virtual Interfaces ..................
Page 13 10.1 The Firewall Screen ......................315 10.1.1 The Firewall Edit Screen ..................318 10.2 The Session Limit Screen ....................319 10.2.1 The Session Limit Add/Edit Screen ............... 321 Chapter 11 IPSec VPN..........................323 11.1 The IPSec VPN Connection Screen ................323 11.1.1 The IPSec VPN Connection Add/Edit Screen ............
Page 14 14.6.1 The Service Group Add/Edit Screen ..............378 14.7 The Schedule Summary Screen ..................379 14.7.1 The One-Time Schedule Add/Edit Screen ............. 380 14.7.2 The Recurring Schedule Add/Edit Screen ............. 381 ..............................383 Chapter 15 AAA ............................385 15.1 Configuring Active Directory or LDAP Default Server Settings ........385 15.2 Active Directory or LDAP Group Summary Screen ............
Page 15 17.5.1 Add/Edit Schedule List (Folder) ................421 17.6 Signature Profile Management ..................423 17.6.1 Signature Profile Backup & Restore (Device) ............423 17.6.2 Signature Profile Backup & Restore (Folder) ............425 17.6.3 Signature Profile Restore (Folder) ................. 427 17.6.4 Restore to Device ....................429 17.6.5 Signature Profile Backup (Device) .................
Page 16 Chapter 20 VPN Community........................475 20.1 VPN Community ......................475 20.1.1 Add/Edit a VPN Community ................... 476 Chapter 21 Installation Report ........................ 483 21.1 Installation Report ......................483 21.1.1 Show Detailed Installation Reportl ................. 484 Chapter 22 VPN Monitor .......................... 485 22.1 Monitor VPN by Community ....................
Page 17 25.1 Device HA Status ......................527 Chapter 26 Device Alarm ......................... 529 26.1 Device Alarm Introduction ....................529 26.1.1 Alarm Severity ......................529 26.1.2 Unresolved Alarms ....................529 26.1.3 Responded Alarm ....................532 Part VII: Log & Report................535 Chapter 27 Device Operation Report......................
Page 18 30.1.1 Vantage CNM Server Public IP Address ..............563 30.2 Servers Status ......................... 564 30.3 User Access ........................565 30.4 Notifications ........................566 30.4.1 Notifications Settings ..................... 567 30.5 Log Setting ........................569 30.6 VRPT Management ......................571 30.6.1 Add/Edit VRPT Management ................. 573 30.7 Certificate Management Overview ..................
Page 19 36.1 Group ..........................595 36.1.1 Add User Group ..................... 596 Chapter 37 Account..........................599 37.1 “Root” Administrator ......................599 37.2 “Super” Administrators ..................... 599 37.3 Account ..........................600 37.3.1 Add/Edit an Administrator Account ................ 601 Part X: Troubleshooting ..............603 Chapter 38 Troubleshooting........................
Page 20 New Template User’s Guide...
Page 21: Introducing Vantage Cnm
H A P T E R Introducing Vantage CNM This chapter introduces the main applications and features of Vantage CNM. It also introduces the ways you can manage Vantage CNM. 1.1 Overview Vantage Centralized Network Management (“Vantage CNM”) helps network administrators monitor and manage a distributed network of ZyXEL network devices.
Page 22: Ways To Manage Vantage Cnm
Chapter 1 Introducing Vantage CNM content filtering, on one or more devices. See Appendix A on page 611 for a complete list of features and supported devices. 1.2 Ways to Manage Vantage CNM Use the web configurator to access and manage Vantage CNM. See the Quick Start Guide for instructions to access the web configurator and this User’s Guide for more information about the screens.
Page 23: Part I Introduction
Introduction Introducing Vantage CNM (21) GUI Introduction (25)
Page 25: Chapter 2 Gui Introduction
H A P T E R GUI Introduction See the Quick Start Guide for instructions about installing, setting up, and accessing Vantage CNM. This chapter introduces the Vantage CNM main screen. Figure 2 Main Screen The main screen consists of three main parts and are numbered in the sequence you typically follow to configure a device.
Page 26: Menu Bar
Chapter 2 GUI Introduction Device window: Displays the devices that are managed by the Vantage CNM. You can also configure and view the logical groupings of the managed devices. This is also known as OTV (Object Tree View). Navigation panel: Displays the navigation links that you use to access configuration, log or status screens.
Page 27: Title Bar
Chapter 2 GUI Introduction Note: When you click a menu icon, an introduction for the menu and its corresponding navigation panel menus appear in the configuration window. See Table 8 on page 2.2 Title Bar The following table describes the icons in the title bar. Table 2 Title Bar Icon Description ICON DESCRIPTION...
Page 28 Chapter 2 GUI Introduction In the Topology screen, you can only view the folder(s) or device(s) for your login account group. You cannot view the folders created by another user group. Figure 3 Device Window: Topology The following table describes the labels in the Device window. Table 3 Device Window: Topology LABEL DESCRIPTION...
Page 29 Chapter 2 GUI Introduction 2.3.1.1 Folders Folders are represented by the following icons in the device window. Table 5 Device Window: Folder Icons Icon Status Description On-Closed This is a closed folder, which contains online devices. On-Open This is a opened folder, which contains online devices. Off-Closed This is a closed folder, which contains one or some offline devices.
Page 30 Chapter 2 GUI Introduction settings. Click About Adobe Flash Player 9 to connect to Adobe’s website for more information. Figure 4 Folder Right-Click Options 2.3.1.1.1 Add a Folder Topology folders allow you to group managed devices logically. You can add or delete device(s) in a folder.
Page 31 Chapter 2 GUI Introduction In the device window, click Topology. Right-click on a folder and click Delete Folder. A warning screen displays. Click OK to delete. Click Cancel to close this screen without deleting the selected folder. Figure 7 Device Window: Topology: Delete Folder Warning 2.3.1.1.3 Edit a Folder When you edit a folder, you can rename the folder or modify its description..
Page 32 Chapter 2 GUI Introduction Table 6 Device Window: Device Icons (continued) Icon Description Not Yet Acquired This is a device never registered itself to Vantage CNM since it is added in the device window. On_Alarm This is a device turned on with an alarm. Off_Alarm This is a device turned off with an alarm.
Page 33 Chapter 2 GUI Introduction The screen displays in the configuration window as shown. Figure 11 Device Window: Topology: Add/Edit Device (ZyNOS) Figure 12 Device Window: Topology: Add/Edit Device (ZLD) Vantage CNM User’s Guide...
Page 34 Chapter 2 GUI Introduction The following table describes the labels in this screen. Table 7 Configuration Screen: Device List LABEL DESCRIPTION LAN MAC Enter the LAN MAC address of the device (without colons) in this field. (Hex) Vantage CNM uses the MAC address to identify the device, so make sure it is entered correctly.
Page 35 Chapter 2 GUI Introduction Table 7 Configuration Screen: Device List (continued) LABEL DESCRIPTION Device This field is only available for a ZLD device. Type the administrator’s login Login password of the device in this field. Password Device HA This field is only available for a ZLD device. Select this if you want to monitor the device’s device HA status from the Vantage CNM.
Page 36: Device Search
Chapter 2 GUI Introduction Right-click on a device and click Cut Device. Right-click on a folder you want to move the device to and click Paste Device. The device re-associates to another folder. The following figure shows you an example to move a device from one folder to another.
Page 37: Navigation Panel And Configuration Window
Chapter 2 GUI Introduction In the device window, click Search. Figure 16 Device Window: Search Specify the search criteria (such as the device type, device status, etc.) and click Search. Vantage CNM displays the device(s) that match any of the search criteria. 2.4 Navigation Panel and Configuration Window Use this panel to navigate to and display the screens.
Page 38 Chapter 2 GUI Introduction Table 8 Navigation Panel: Menu Summary - Device Operation DEVICE OPERATION ZYNOS-BASED DEVICE ZLD-BASED DEVICE PRESTIGE Device Configuration Device Configuration Device Configuration Load or Save BB Network Load or Save BB General Interface General System Routing System Tim Setting Firewall...
Page 39 Chapter 2 GUI Introduction Following are the other menus. Table 9 Navigation Panel: Menu Summary - Others VPN MANAGEMENT MONITOR LOG & REPORT VPN Community Device Status Operation Report Installation Report 3G Monitor Firmware Upgrade Report Configuration Report VPN Monitor 3G Summary Configuration File Backup Availability Report...
Page 40 Chapter 2 GUI Introduction Table 10 Navigation Panel Links (continued) LINK DESCRIPTION License This link takes you to a screen where you can register a user account and Management activate UTM services to myZyXEL.com for the selected device. You also can manage UTM services license and monitor signature status for the device.
Page 41: Security Risk Pop-Up Messages In Internet Explorer 7.0
Chapter 2 GUI Introduction Table 10 Navigation Panel Links (continued) LINK DESCRIPTION Group This link takes you to a screen where you can define group privilege and manage (add/edit/remove) groups. Account This link takes you to a screen where you can manage (add/edit/kick out/remove) user accounts.
Page 42 Chapter 2 GUI Introduction Click Create CSR. The following screen appears. Figure 17 CNM System Setting > Configuration > Certificate Management > Create Type the IP address of the Vantage CNM server in the Common Name field. This is the IP address you use to log in (http://your IP address:8080/vantage).
Page 43 Chapter 2 GUI Introduction The Certificate Management screen appears. Click Import Certificate. The following screen appears. Figure 19 CNM System Setting > Configuration > Certificate Management > Import Certificate Enter the signed certificate file path and click Apply. Restart the Vantage CNM server. 10 Use the IP address and log into the Vantage CNM server.
Page 44 Chapter 2 GUI Introduction 12 Certificate screen appears. Click Install Certificate and follow instruction to install the new certificate. Vantage CNM User’s Guide...
Page 45: Part Ii: Device Configuration (Zynos And Prestige)
Device Configuration (ZyNOS and Prestige) Device General Settings (51) Note: This menu only appears when you select a ZyNOS device. See Device Device Network Settings (55) Configuration (ZLD) for ZLD-based devices. Device Security Settings (123) Note: The menus and screens may vary Device Advanced Settings (215) depending on the device model you select.
Page 47: Load Or Save Building Blocks (Bb)
H A P T E R Load or Save Building Blocks (BB) A BB is a building block used to build a device configuration using Vantage CNM. A device BB is a combination of configuration BBs, which vary by model. A device can have only one Device BB.
Page 48 Chapter 3 Load or Save Building Blocks (BB) click Device Operation in the menu bar and then click Device Configuration > Load or Save BB in the navigation panel. Figure 21 Device Operation > Device Configuration > Load or Save BB This screen displays the type of the selected device, each type of building block, and a summary of the information in each type of building block.
Page 49 Chapter 3 Load or Save Building Blocks (BB) Enter the name of the new building block, and click Apply. The name must be 1- 32 alphanumeric characters or underscores (_). It cannot include spaces. The name is case-sensitive. If you have an existing BB, the Select a BB field appears. You can replace an existing BB with the current configuration by selecting it from the Select a BB field and click Apply.
Page 50 Chapter 3 Load or Save Building Blocks (BB) Vantage CNM User’s Guide...
Page 51: Device General Settings
H A P T E R Device General Settings This section configures device general settings. 4.1 System Use this screen to set the password, system name, domain name, idle timeout, and DNS servers for the device. Please see the device’s User’s Guide for more information about any of these screens or fields.
Page 52: Time Setting
Chapter 4 Device General Settings Table 11 Device Operation > Device Configuration > General > System (continued) FIELD DESCRIPTION Administrator Set how long a management session can remain idle before it Inactivity Timer expires. After it expires, you have to log back into the device. Apply Click this to save your changes to the device.
Page 53 Chapter 4 Device General Settings The following table describes the fields in this screen. Table 12 Device Operation > Device Configuration > General > Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your timeserver sends when you turn on the device.
Page 54 Chapter 4 Device General Settings Table 12 Device Operation > Device Configuration > General > Time Setting LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format.
Page 55: Device Network Settings
H A P T E R Device Network Settings The screens explained network settings on ZyNOS ZyWALL and Prestige such as LAN, WAN, wireless card. 5.1 LAN (ZyNOS ZyWALL) Note: This section refers only to the LAN screen, but the information is applicable for the LAN, WLAN, and DMZ screens.
Page 56 Chapter 5 Device Network Settings Operation in the menu bar, and click Device Configuration > Network > LAN > LAN in the navigation panel. Figure 26 Device Operation > Device Configuration > Network > LAN > LAN (ZyNOS ZyWALL) Vantage CNM User’s Guide...
Page 57 Chapter 5 Device Network Settings The following table describes the fields in this screen. Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL) LABEL DESCRIPTION DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (workstations) to obtain TCP/IP configuration at startup from a server.
Page 58 Chapter 5 Device Network Settings Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL) LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the device sends (it recognizes both formats when receiving).
Page 59: Lan (Prestige)
Chapter 5 Device Network Settings Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL) LABEL DESCRIPTION Allow between Select this check box to forward NetBIOS packets from the LAN to LAN and WAN2 WAN port 2 and from WAN port 2 to the LAN. If your firewall is enabled with the default policy set to block WAN port 2 to LAN traffic, you also need to enable the default WAN port 2 to LAN firewall rule that forwards NetBIOS traffic.
Page 60 Chapter 5 Device Network Settings in the menu bar, and click Device Configuration > Network > LAN > LAN in the navigation panel. Figure 27 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) Vantage CNM User’s Guide...
Page 61 Chapter 5 Device Network Settings The following table describes the fields in this screen. Table 14 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) LABEL DESCRIPTION DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
Page 62: Static Dhcp
Chapter 5 Device Network Settings Table 14 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) (continued) LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the device sends (it recognizes both formats when receiving).
Page 63: Ip Alias
Chapter 5 Device Network Settings menu bar, and click Device Configuration > Network > LAN > Static DHCP in the navigation panel. Figure 28 Device Operation > Device Configuration > Network > LAN > Static DHCP The following table describes the fields in this screen. Table 15 Device Operation >...
Page 64 Chapter 5 Device Network Settings open this screen, click Device Operation > Device Configuration > Network > LAN > IP Alias. Figure 29 Device Operation > Device Configuration > Network > LAN > IP Alias The following table describes the fields in this screen. Table 16 Device Operation >...
Page 65: Wan General (Zynos Zywall)
Chapter 5 Device Network Settings Table 16 Device Operation > Device Configuration > Network > LAN > IP Alias LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the device sends (it recognizes both formats when receiving).
Page 66 Chapter 5 Device Network Settings Note: Be careful when configuring a device’s WAN as an incorrect configuration could result in the device being inaccessible from Vantage CNM (or by the web configurator from the WAN) and may necessitate a site visit to correct. Figure 30 Device Operation >...
Page 67 Chapter 5 Device Network Settings The following table describes the fields in this screen. Table 17 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) LABEL DESCRIPTION WAN Priority The default WAN connection is "1' as your broadband connection via the WAN port should always be your preferred method of accessing the WAN.
Page 68 Chapter 5 Device Network Settings Table 17 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION Allow Select this check box to forward NetBIOS packets from the WAN2 port to between the LAN port and from the LAN port to WAN2. If your firewall is enabled WAN2 and with the default policy set to block WAN port 2 to LAN traffic, you also need to enable the default WAN2 to LAN firewall rule that forwards...
Page 69: Wan1 (Zynos Zywall With One Wan Port)
Chapter 5 Device Network Settings 5.3.1 WAN1 (ZyNOS ZyWALL with one WAN port) The screen differs by the encapsulation type chosen. Figure 31 Device Operation > Device Configuration > Network > WAN > WAN1 (ZyNOS ZyWALL with one WAN port) 5.3.1.1 Ethernet Encapsulation The following table describes the labels in the Ethernet encapsulation screen.
Page 70 Chapter 5 Device Network Settings Table 18 Device Operation > Device Configuration > Network > WAN > ISP (Ethernet) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION WAN IP Address Select Get automatically from ISP If your ISP did not assign you a Assignment fixed IP address.
Page 71 Chapter 5 Device Network Settings 5.3.1.2 PPPoE Encapsulation The device supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE.
Page 72 Chapter 5 Device Network Settings Select PPP Over Ethernet from the Encapsulation field. A warning message appears. Click OK. Figure 32 Warning Message When Select PPPoE Figure 33 Device Operation > Device Configuration > Network > WAN > WAN1- PPPoE (ZyNOS ZyWALL with one WAN port) Vantage CNM User’s Guide...
Page 73 Chapter 5 Device Network Settings The following table describes the labels in the PPPoE screen. Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) – ZyNOS ZyWALL (one WAN port) LABEL DESCRIPTION WAN:ISP Encapsulation The PPPoE choice is for a dial-up connection using PPPoE. The router supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 74 Chapter 5 Device Network Settings Table 19 Device Operation > Device Configuration > Network > WAN > ISP (PPPoE) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
Page 75 Chapter 5 Device Network Settings Select PPP Over Ethernet from the Encapsulation field. A warning message appears. Click OK. Figure 34 Warning Message When Select PPTP Figure 35 Device Operation > Device Configuration > Network > WAN > WAN1 - PPTP (ZyNOS ZyWALL with one WAN port) Vantage CNM User’s Guide...
Page 76 Chapter 5 Device Network Settings The following table describes the labels in the PPTP screen. Table 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS ZyWALL (one WAN port) LABEL DESCRIPTION WAN:ISP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Page 77 Chapter 5 Device Network Settings Table 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) – ZyNOS ZyWALL (one WAN port) (continued) LABEL DESCRIPTION Private This parameter determines if the device will include the route to this remote node in its RIP broadcasts.
Page 78: Wan1 And Wan2 (Zynos Zywall With Two Wan Ports)
Chapter 5 Device Network Settings 5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports) Since ZyWALL 4.00, the WAN screens are organized differently than the previous versions because it has two WAN ports. Use the WAN1 and WAN2 tabs to configure the WAN1 and WAN2 ports.
Page 79 Chapter 5 Device Network Settings Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION Service Type Choose from Standard, RR-Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login.
Page 80 Chapter 5 Device Network Settings Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the Vantage CNM sends (it recognizes both formats when receiving).
Page 81 Chapter 5 Device Network Settings does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. Figure 37 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE (ZyNOS ZyWALL with two WAN ports) Vantage CNM User’s Guide...
Page 82 Chapter 5 Device Network Settings The following table describes the labels in this screen. Table 22 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE (ZyNOS ZyWALL with two WAN ports) LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPPoE choice is for a dial-up connection using PPPoE.
Page 83 Chapter 5 Device Network Settings Table 22 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPPoE (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
Page 84 Chapter 5 Device Network Settings PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. Figure 38 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) Vantage CNM User’s Guide...
Page 85 Chapter 5 Device Network Settings The following table describes the labels in this screen. Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) LABEL DESCRIPTION WAN: ISP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Page 86 Chapter 5 Device Network Settings Table 23 Device Operation > Device Configuration > Network > WAN > WAN1/2 - PPTP (ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION Private This parameter determines if the device will include this route to a remote node in its RIP broadcasts.
Page 87: Wan2 (Zynos Zywall With 3G Wan)
Chapter 5 Device Network Settings 5.3.3 WAN2 (ZyNOS ZyWALL with 3G WAN) 3G (Third Generation) is a digital, packet-switched wireless technology. Bandwidth usage is optimized as multiple users share the same channel and bandwidth is only allocated to users when they send data. It allows fast transfer of voice and non-voice data and provides broadband Internet access to mobile devices.
Page 88 Chapter 5 Device Network Settings If the signal strength of a 3G network is too low, the 3G card may switch to an available 2.5G or 2.75G network. See the following table for a comparison between 2G, 2.5G, 2.75G, 3G and 3.5G wireless technologies. Table 24 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies MOBILE PHONE AND DATA STANDARDS DATA...
Page 89 Chapter 5 Device Network Settings After you insert a 3G card in a device, the 3G connection becomes WAN 2. Refer to the device’s User’s Guide for the type of 3G cards that you can use in the device along with the corresponding supported features. Note: You must install a 3G card in the selected device before using this WAN 2.
Page 90 Chapter 5 Device Network Settings Note: The WAN 1 and WAN 2 IP addresses of the device with multiple WAN interfaces must be on different subnets. Vantage CNM User’s Guide...
Page 91 Chapter 5 Device Network Settings Figure 39 Device Configuration > Network > WAN > 3G(WAN 2) Vantage CNM User’s Guide...
Page 92 Chapter 5 Device Network Settings The following table describes the labels in this screen. Table 25 Device Configuration > WAN > 3G(WAN2) LABEL DESCRIPTION WAN2 Setup Enable Select this option to enable WAN 2. 3G Card The fields below display only when you enable WAN 2. Configuration 3G Wireless This displays the manufacturer and model name of your 3G card if you...
Page 93 Chapter 5 Device Network Settings Table 25 Device Configuration > WAN > 3G(WAN2) (continued) LABEL DESCRIPTION Authentication The selected device supports PAP (Password Authentication Protocol) Type and CHAP (Challenge Handshake Authentication Protocol). CHAP is more secure than PAP; however, PAP is readily available on more platforms. Use the drop-down list box to select an authentication protocol for outgoing calls.
Page 94 Chapter 5 Device Network Settings Table 25 Device Configuration > WAN > 3G(WAN2) (continued) LABEL DESCRIPTION Advanced Setup Enable NAT Network Address Translation (NAT) allows the translation of an Internet (Network protocol address used within one network (for example a private IP Address address used in a local network) to a different IP address known within Translation)
Page 95 Chapter 5 Device Network Settings Table 25 Device Configuration > WAN > 3G(WAN2) (continued) LABEL DESCRIPTION Reset time and This button is available only when you enable budget control in this data budget screen. counters Click this button to reset the time and data budgets immediately. The count starts over with the 3G connection’s full configured monthly time and data budgets.
Page 96: Dial Backup (Zynos Zywall)
Chapter 5 Device Network Settings 5.3.4 Dial Backup (ZyNOS ZyWALL) Vantage CNM can communicate with the device using Dial Backup if the main WAN connection goes down. Use this screen to configure Dial Backup on the device. Figure 40 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) The following table describes the labels in this screen.
Page 97 Chapter 5 Device Network Settings Table 26 Device Operation > Device Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION Authentication Type Use the drop-down list box to select an authentication protocol for outgoing calls. Options are: CHAP/PAP - The device accepts either CHAP or PAP when requested by this remote node.
Page 98: Advanced Modem Setup (Zynos Zywall)
Chapter 5 Device Network Settings 5.3.5 Advanced Modem Setup (ZyNOS ZyWALL) 5.3.5.1 AT Command Strings For regular telephone lines, the default Dial string tells the modem that the line uses tone dialing. ATDT is the command for a switch that requires tone dialing. If your switch requires pulse dialing, change the string to ATDP.
Page 99 Chapter 5 Device Network Settings Note: Consult the manual of your WAN device connected to your dial backup port for specific AT commands. Figure 41 Device Operation > Device Configuration > Network > WAN > Dial Backup > Advanced (ZyNOS ZyWALL) The following table describes the labels in this screen.
Page 100: Edit Dial Backup (Zynos Zywall)
Chapter 5 Device Network Settings Table 27 Device Operation > Device Configuration > Network > WAN > Dial Backup > Advanced (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION EXAMPLE Dial Timeout Type a number of seconds for the device to try to set up (sec) an outgoing call before timing out (stopping).
Page 101 Chapter 5 Device Network Settings The following table describes the fields in this screen. Table 28 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit – ZyNOS ZyWALL LABEL DESCRIPTION Get IP Address Type the login name assigned by your ISP for this remote node. Automatically from Remote Server Use Fixed IP Address Select this check box if your ISP assigned you a fixed IP address,...
Page 102: Wan Setup (Prestige)
Chapter 5 Device Network Settings Table 28 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit – ZyNOS ZyWALL (continued) LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the device sends (it recognizes both formats when receiving).
Page 103 Chapter 5 Device Network Settings menu bar and then click Device Configuration > Network > WAN > Setup in the navigation panel. Figure 43 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) The following table describes the fields in this screen. Table 29 Device Operation >...
Page 104 Chapter 5 Device Network Settings Table 29 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) (continued) LABEL DESCRIPTION Multiplex Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.
Page 105 Chapter 5 Device Network Settings Table 29 Device Operation > Device Configuration > Network > WAN > Setup (Prestige) (continued) LABEL DESCRIPTION IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Page 106: Wan Backup (Prestige)
Chapter 5 Device Network Settings 5.3.8 WAN Backup (Prestige) Use this screen to change your device’s WAN backup settings. To open this screen, select a device, click Device Operation in the menu bar and then click Device Configuration > Network > WAN > Backup in the navigation panel. Figure 44 Device Operation >...
Page 107 Chapter 5 Device Network Settings The following table describes the fields in this screen. Table 30 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) LABEL DESCRIPTION Backup Type Select the method that the device uses to check the DSL connection.
Page 108 Chapter 5 Device Network Settings Table 30 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) (continued) LABEL DESCRIPTION Backup Gateway IP Type the IP address of your backup gateway in dotted decimal notation. The device automatically forwards traffic to this IP address if the device's Internet connection terminates.
Page 109: Advanced Wan Backup (Prestige)
Chapter 5 Device Network Settings 5.3.9 Advanced WAN Backup (Prestige) Use this screen to edit your device’s advanced WAN backup settings. To open this screen, select a device, click Advanced in the Device Operation > Device Configuration > Network > WAN > Backup screen. Figure 45 Device Operation >...
Page 110 Chapter 5 Device Network Settings Table 31 Device Operation > Device Configuration > Network > WAN Backup > Advanced (Prestige) (continued) LABEL DESCRIPTION Primary/ Type the first (primary) phone number from the ISP for this remote Secondary Phone node. If the primary phone number is busy or does not answer, your Number device dials the secondary phone number if available.
Page 111: Advanced Modem Setup (Prestige)
Chapter 5 Device Network Settings Table 31 Device Operation > Device Configuration > Network > WAN Backup > Advanced (Prestige) (continued) LABEL DESCRIPTION Multicast Version Select IGMP-v1 or IGMP-v2. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use.
Page 112: Wireless Card
Chapter 5 Device Network Settings 5.4 Wireless Card This section shows you how to configure the Wireless Card screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 5.4.1 Wireless and Wireless Security Settings This screen depends on the device type and firmware version.
Page 113 Chapter 5 Device Network Settings Table 32 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card (continued) LABEL DESCRIPTION Hide ESSID Select this check box to hide the ESSID in so a station cannot obtain the ESSID through AP scanning.
Page 114 Chapter 5 Device Network Settings Table 32 Device Operation > Device Configuration > Network > Wireless Card > Wireless Card (continued) LABEL DESCRIPTION Security Select one of the security settings. No Security Static WEP WPA-PSK 802.1x + Dynamic WEP 802.1x + Static WEP 802.1x + No WEP No Access 802.1x + Static WEP No Access 802.1x + No WEP...
Page 115: Advanced Wireless Security Settings
Chapter 5 Device Network Settings 5.4.2 Advanced Wireless Security Settings Use these screens to configure wireless security settings. To see these settings, select any option from the Security field in the Device Operation > Device Configuration > Network > Wireless Card > Wireless Card screen. Figure 47 Device Operation >...
Page 116 Chapter 5 Device Network Settings Wireless Card (Advanced Wireless Security Settings) Vantage CNM User’s Guide...
Page 117 Chapter 5 Device Network Settings The following table describes the fields in these settings. Table 33 Wireless Card: Static WEP LABEL DESCRIPTION Security Select Static WEP from the drop-down list. WEP (Wired Equivalent Privacy) provides data encryption to prevent Encryption unauthorized wireless stations from accessing data transmitted over the wireless network.
Page 118 Chapter 5 Device Network Settings Table 34 Wireless Card: WPA-PSK (continued) LABEL DESCRIPTION Idle Timeout The Vantage CNM automatically disconnects a wireless station from the (Seconds) wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again.
Page 119 Chapter 5 Device Network Settings Table 36 Wireless Card: 802.1x + Dynamic WEP LABEL DESCRIPTION Security Select 802.1x + Dynamic WEP from the drop-down list. ReAuthenticati Specify how often wireless stations have to resend user names and on Timer passwords in order to stay connected. Enter a time interval between 10 (Seconds) and 65535 seconds.
Page 120 Chapter 5 Device Network Settings Table 37 Wireless Card: 802.1x + Static WEP (continued) LABEL DESCRIPTION ReAuthenticati Specify how often wireless stations have to resend user names and on Timer passwords in order to stay connected. Enter a time interval between 10 (Seconds) and 65535 seconds.
Page 121: Mac Filter
Chapter 5 Device Network Settings Table 39 Wireless Card: No Access 802.1x + Static WEP LABEL DESCRIPTION Security Select No Access 802.1x + Static WEP from the drop-down list. WEP (Wired Equivalent Privacy) provides data encryption to prevent Encryption unauthorized wireless stations from accessing data transmitted over the wireless network.
Page 122 Chapter 5 Device Network Settings Note: Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the device via a wireless connection. This would lock you out. Figure 48 Device Operation > Device Configuration > Network > Wireless Card > MAC Filter The following table describes the fields in this screen.
Page 123: Device Security Settings
H A P T E R Device Security Settings The screens explained device security settings such as firewall, VPN, anti-virus, anti-spam, IDP, signature update, content filter and X-auth. 6.1 Firewall This section shows you how to configure the Firewall screens. These screens may vary depending on which model you’re configuring.
Page 124 Chapter 6 Device Security Settings To open this screen, click Device Operation in the menu bar and then click Device Configuration > Security > Firewall > Default Rule in the navigation panel. Figure 49 Device Operation > Device Configuration > Security > Firewall > Default Rule The following table describes the labels in this screen.
Page 125 Chapter 6 Device Security Settings Table 42 Device Operation > Device Configuration > Security > Firewall > Default Rule (continued) LABEL DESCRIPTION From, To Set the firewall’s default actions based on the direction of travel of packets. Here are some example descriptions of the directions of travel.
Page 126: Rule Summary
Chapter 6 Device Security Settings Table 42 Device Operation > Device Configuration > Security > Firewall > Default Rule (continued) LABEL DESCRIPTION Apply Click this to save your changes back to the device. Reset Click this to reset this screen to its last saved values. 6.1.2 Rule Summary Use the Insert button to add a new rule before an existing rule.
Page 127 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 43 Device Operation > Device Configuration > Security > Firewall > Rule Summary LABEL DESCRIPTION Direction Summary Firewall rules are grouped based on the direction of travel of packets to which they apply.
Page 128: Add/Edit A Rule
Chapter 6 Device Security Settings Table 43 Device Operation > Device Configuration > Security > Firewall > Rule Summary (continued) LABEL DESCRIPTION Action This field displays whether the firewall silently discards packets (Drop), discards packets and sends a TCP reset packet or an ICMP destination-unreachable message to the sender (Reject) or allows the passage of packets (Permit).
Page 129 Chapter 6 Device Security Settings Figure 50 on page 126, click Edit to modify an existing firewall rule or click Insert to create a new firewall rule. Figure 51 Device Operation > Device Configuration > Security > Firewall > Rule Summary >...
Page 130 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 44 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Add/Edit LABEL DESCRIPTION Rule Name Enter a descriptive name of up to 31 printable ASCII characters (except Extended ASCII characters) for the firewall rule.
Page 131: Anti-Probing
Chapter 6 Device Security Settings Table 44 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Add/Edit (continued) LABEL DESCRIPTION Log Packet This field determines if a log for packets that match the rule is created Information (Yes) or not (No).
Page 132: Threshold
Chapter 6 Device Security Settings Ping requests and whether or not the device is to respond to probing for unused ports. Figure 52 Device Operation > Device Configuration > Security > Firewall > Anti- Probing The following table describes the labels in this screen. Table 45 Device Operation >...
Page 133 Chapter 6 Device Security Settings screen. The global values specified for the threshold and timeout apply to all TCP connections. Figure 53 Device Operation > Device Configuration > Security > Firewall > Threshold The following table describes the labels in this screen. Table 46 Device Operation >...
Page 134 Chapter 6 Device Security Settings Table 46 Device Operation > Device Configuration > Security > Firewall > Threshold (continued) LABEL DESCRIPTION One Minute High This is the rate of new half-open sessions per minute that causes the firewall to start deleting half-open sessions. When the rate of new connection attempts rises above this number, the device deletes half- open sessions as required to accommodate new connection attempts.
Page 135: Service
Chapter 6 Device Security Settings 6.1.6 Service Click Device Operation in the menu bar and then click Device Configuration > Security > Firewall > Service in the navigation panel to open the screen as shown next. Use this screen to configure custom services for use in firewall rules or view the services that are predefined in the device.
Page 136 Chapter 6 Device Security Settings screen as shown next. Use this screen to configure a custom service entry not is not predefined in the device. Figure 55 Device Operation > Device Configuration > Security > Firewall > Service > Add/Edit The following table describes the labels in this screen.
Page 137: Vpn
Chapter 6 Device Security Settings 6.2 VPN This section shows you how to configure the VPN screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. There are two sets of VPN screens, VPN version 1.0 and VPN version 1.1.
Page 138: Vpn Rules (Ike)
Chapter 6 Device Security Settings 6.3.1 VPN Rules (IKE) To open this screen, select a device, click Device Operation in the menu bar and then click Device Operation > Device Configuration > Security > VPN in the navigation panel. Figure 57 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) The following table describes the labels in this screen.
Page 139: Add/Edit An Ike Gateway Policy
Chapter 6 Device Security Settings 6.3.2 Add/Edit an IKE Gateway Policy In the VPN Rule (IKE) screen, click Add in the top of the column or click Edit from a existing gateway policy to display the Gateway Policy screen. Figure 58 Device Operation > Device Configuration > Security > VPN > VPN Rules Vantage CNM User’s Guide...
Page 140 Chapter 6 Device Security Settings (IKE) > Gateway Policy Add/Edit Vantage CNM User’s Guide...
Page 141 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Property NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers.
Page 142 Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION My DDNS Domain This field is enabled if My ZyWALL Address Type is IP Address. Name Select the DDNS domain name associated with the device in the VPN tunnel.
Page 143 Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Pre-Shared Key Select the Pre-Shared Key radio button and type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation.
Page 144 Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Peer ID Type Select from the following when you set Authentication Key to Pre-shared Key. •...
Page 145 Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Content The configuration of the peer content depends on the peer ID type. Do the following when you set Authentication Key to Pre-shared Key.
Page 146 Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Server Mode Select Server Mode to have this device authenticate extended authentication clients that request this VPN connection. You must also configure the extended authentication clients’...
Page 147 Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION SA Life Time Define the length of time before an IKE SA automatically (Seconds) renegotiates in this field.
Page 148: Add/Edit An Ike Network Policy
Chapter 6 Device Security Settings 6.3.3 Add/Edit an IKE Network Policy In the VPN Rule (IKE) screen, click the Add icon from a gateway policy or click Edit from an existing network policy to display the Network Policy screen. Figure 59 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) >...
Page 149 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit LABEL DESCRIPTION Active If the Active check box is selected, packets for the tunnel trigger the device to build the tunnel.
Page 150 Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION Active Enable this feature to have the device use virtual (translated) IP addresses for the local network for the VPN connection. You do not configure the Local Network fields when you enable virtual address mapping.
Page 151 Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION Virtual Ending IP When you select Many One-to-One in the Type field, enter the Address ending (static) IP address of a range of translated IP addresses.
Page 152 Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION Starting IP When the Address Type field is configured to Single Address, enter Address a (static) IP address on the network behind the remote IPSec router.
Page 153 Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION Perfect Forward Select whether or not you want to enable Perfect Forward Secrecy Secret (PFS) (PFS) and, if you do, which Diffie-Hellman key group to use for encryption.
Page 154: Move An Ike Network Policy
Chapter 6 Device Security Settings 6.3.4 Move an IKE Network Policy In the VPN Rule (IKE) screen, click the move icon to display the screen shown next.Use this screen to associate a network policy to a gateway policy. Figure 60 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) >...
Page 155 Chapter 6 Device Security Settings Rules screen. This is a read-only menu of your IPSec rules (tunnels). Edit an IPSec rule by clicking the edit icon to configure the associated submenus. You may want to configure a VPN rule that uses manual key management if you are having problems with IKE key management.
Page 156 Chapter 6 Device Security Settings Table 53 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) LABEL DESCRIPTION Remote IP This is the IP address(es) of computer(s) on the remote network behind Address the remote IPSec router. This field displays N/A when the Remote Gateway Address field displays 0.0.0.0.
Page 157: Add/Edit An Manual Vpn Rule
Chapter 6 Device Security Settings 6.3.6 Add/Edit an Manual VPN Rule To open this screen, click Add or Edit in the Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) screen. Use this screen to configure a new or an existing manual VPN rule. Figure 62 Device Operation >...
Page 158 Chapter 6 Device Security Settings Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit (continued) LABEL DESCRIPTION Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the Vantage CNM drops trailing spaces.
Page 159 Chapter 6 Device Security Settings Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit (continued) LABEL DESCRIPTION Active Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH.
Page 160: Vpn Global Setting
Chapter 6 Device Security Settings 6.3.7 VPN Global Setting Select a device, click Device Operation > Device Configuration > Security > VPN > Global Setting tab to open the screen shown next. Use this screen to change your device’s global settings. Figure 63 Device Operation >...
Page 161 Chapter 6 Device Security Settings Table 55 Device Operation > Device Configuration > Security > VPN > Global Setting (continued) LABEL DESCRIPTION Gateway Domain This field is applicable when you enter a domain name to identify Name Update Timer the device and/or the remote secure gateway. Enter the time period (between 2 and 60 minutes) to wait before the device updates the domain name and IP address mapping through a DNS server.
Page 162: Anti-Virus
Chapter 6 Device Security Settings 6.4 Anti-Virus This section shows you how to configure the Anti-Virus screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 6.4.1 General Anti-Virus Setup Click Device Operation in the menu bar and then click Device Configuration >...
Page 163 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 56 Device Operation > Device Configuration > Security > Anti-Virus > General LABEL DESCRIPTION General Setup Enable Anti- Select this check box to check traffic for viruses. The anti-virus scanner Virus works on the following.
Page 164: Anti-Spam
Chapter 6 Device Security Settings Table 56 Device Operation > Device Configuration > Security > Anti-Virus > General (continued) LABEL DESCRIPTION From, To Select the directions of travel of packets that you want to check. Select or clear a row or column’s first check box (with the interface label) to select or clear the interface’s whole row or column.
Page 165 Chapter 6 Device Security Settings Spam General screen. Use this screen to turn the anti-spam feature on or off and set how the device treats spam. Figure 65 Device Operation > Device Configuration > Security > Anti-Spam > General The following table describes the labels in this screen. Table 57 Device Operation >...
Page 166 Chapter 6 Device Security Settings Table 57 Device Operation > Device Configuration > Security > Anti-Spam > General (continued) LABEL DESCRIPTION From, To Select the directions of travel of packets that you want to check. Select or clear a row or column’s first check box (with the interface label) to select or clear the interface’s whole row or column.
Page 167: Anti-Spam External Db Screen
Chapter 6 Device Security Settings Table 57 Device Operation > Device Configuration > Security > Anti-Spam > General (continued) LABEL DESCRIPTION Phishing Tag Enter a message or label (up to 16 ASCII characters) to add to the mail subject of e-mails that the anti-spam external database classifies as phishing.
Page 168 Chapter 6 Device Security Settings score is received. You must register for this service before you can use it (see the chapter on registration for details). Figure 66 Device Operation > Device Configuration > Security > Anti-Spam > External DB The following table describes the labels in this screen.
Page 169 Chapter 6 Device Security Settings Table 58 Device Operation > Device Configuration > Security > Anti-Spam > External DB (continued) LABEL DESCRIPTION Action for No Spam Use this field to configure what the device does if it does not receive Score a valid response from the anti-spam external database.
Page 170: Anti-Spam Lists Screen
Chapter 6 Device Security Settings Table 58 Device Operation > Device Configuration > Security > Anti-Spam > External DB (continued) LABEL DESCRIPTION Apply Click this to save your changes back to the device. Reset Click this to begin configuring this screen afresh. 6.6 Anti-Spam Lists Screen Click Device Operation >...
Page 171: Anti-Spam Lists Edit Screen
Chapter 6 Device Security Settings Table 59 Device Operation > Device Configuration > Security > Anti-Spam > Lists LABEL DESCRIPTION Active This field shows whether or not an entry is turned on. Type This field displays whether the entry is based on the e-mail’s source IP address, source e-mail address, an MIME header or the e-mail’s subject.
Page 172 Chapter 6 Device Security Settings the sender’s IP address or e-mail address. You can also create entries that check for particular MIME headers, MIME header values or specific subject text. Figure 68 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/Edit The following table describes the labels in this screen.
Page 173 Chapter 6 Device Security Settings Table 60 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/Edit (continued) LABEL DESCRIPTION IP Address This field displays when you select the IP type. Enter an IP address in dotted decimal notation. IP Subnet Mask This field displays when you select the IP type.
Page 174: Idp
Chapter 6 Device Security Settings Table 60 Device Operation > Device Configuration > Security > Anti-Spam > Lists > Add/Edit (continued) LABEL DESCRIPTION Subject This field displays when you select the Subject type. Enter up to 63 ASCII characters of text to check for in the e-mail headers. Spaces are allowed.
Page 175 Chapter 6 Device Security Settings Operation in the menu bar and then click Device Configuration > Security > IDP > General in the navigation panel. Figure 69 Device Operation > Device Configuration > Security > IDP > General The following table describes the labels in this screen. Table 61 Device Operation >...
Page 176: Idp Signatures
Chapter 6 Device Security Settings Table 61 Device Operation > Device Configuration > Security > IDP > General LABEL DESCRIPTION From, To Select the check box to apply IDP to packets based on the direction of travel. Select or clear a row or column’s first check box (with the interface label) to select or clear the interface’s whole row or column.
Page 177 Chapter 6 Device Security Settings To see signatures for a specific intrusion type, select that type from the Attack Type list box. Figure 70 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types The following table describes each attack type. Table 62 Device Operation >...
Page 178: Intrusion Severity
Chapter 6 Device Security Settings Table 62 Device Operation > Device Configuration > Security > IDP > Signature > Attack Types (continued) TYPE DESCRIPTION IM (Instant Messaging) refers to chat applications. Chat is real-time communication between two or more users via networks-connected computers.
Page 179: Configuring Idp Signatures
Chapter 6 Device Security Settings to be taken when a packet or stream matches a signature. The following figure and table describes these actions. Note that in addition to these actions, a log may be generated or an alert sent, if those check boxes are selected and the signature is enabled.
Page 180 Chapter 6 Device Security Settings Operation > Configuration Management > Signature Profile Management > Reset to Factory or Backup & Restore screen. Figure 72 Device Operation > Device Configuration > Security > IDP > Signature The following table describes the labels in this screen. Table 65 Device Operation >...
Page 181: Query View
Chapter 6 Device Security Settings Table 65 Device Operation > Device Configuration > Security > IDP > Signature LABEL DESCRIPTION Active Select the check box in the heading row to automatically select all check boxes and enable all signatures. Clear it to clear all entries and disable all signatures on the current page. For example, you could clear all check boxes for signatures that targets operating systems not in your network.
Page 182 Chapter 6 Device Security Settings Use this screen to search for signatures by criteria such as name, ID, severity, attack type, vulnerable attack platforms, whether or not they are active, log options, alert options or actions. Figure 73 Device Operation > Device Configuration > Security > IDP > Signature (Query View) The following table describes the fields in this screen.
Page 183 Chapter 6 Device Security Settings Table 66 Device Operation > Device Configuration > Security > IDP > Signature (Query View) (continued) LABEL DESCRIPTION Type Search for signatures by attack type(s) (see Table 62 on page 177). Attack types are known as policy types in the group view screen. Platform Search for signatures created to prevent intrusions targeting specific operating system(s).
Page 184: Protocol Anomaly
Chapter 6 Device Security Settings Table 66 Device Operation > Device Configuration > Security > IDP > Signature (Query View) (continued) LABEL DESCRIPTION Select this check box to have a log generated when a match is found for a signature. Select the check box in the heading row to automatically select all check boxes or clear it to clear all entries on the current page.
Page 185 Chapter 6 Device Security Settings To open this screen, click Device Operation in the menu bar, select a device, then click Device Configuration > Security > IDP > Anomaly. Figure 74 Device Operation > Device Configuration > Security > IDP > Anomaly The following table describes the labels in this screen.
Page 186: Signature Update
Chapter 6 Device Security Settings Table 67 Device Operation > Device Configuration > Security > IDP > Anomaly TYPE DESCRIPTION Select the head of the Log column to generate logs for all rules included in an anomaly detection method. Select Log to generate a log when a match is found for the corresponding rule.
Page 187 Chapter 6 Device Security Settings When scheduling signature updates, you should choose a day and time when your network is least busy so as to minimize disruption to your network. Your custom signature configurations are not over-written when you download new signatures. File-based anti-virus signatures (see the anti-virus chapter) are included with IDP signatures.
Page 188 Chapter 6 Device Security Settings Table 68 Device Operation > Device Configuration > Security > Signature Update LABEL DESCRIPTION Release Date This field displays the time (hour, minutes second) and date (month, date, year) that the above signature set was created. Last Update This field displays the last date and time you downloaded new signatures to the device.
Page 189: Content Filter
Chapter 6 Device Security Settings 6.11 Content Filter This section shows you how to configure the Content Filter screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 6.12 Content Filter General Screen Click Device Operation in the menu bar and then click Device Configuration >...
Page 190 Chapter 6 Device Security Settings Use this screen to enable content filtering, configure a schedule, and create a denial message. You can also choose specific computers to be included in or excluded from the content filtering configuration. Figure 76 Device Operation > Device Configuration > Security > Content Filter > General The following table describes the labels in this screen.
Page 191 Chapter 6 Device Security Settings Table 69 Device Operation > Device Configuration > Security > Content Filter > General (continued) LABEL DESCRIPTION Enable Content Filter Select this check box to have the content filter apply to traffic that for VPN traffic the device sends out through a VPN tunnel or receives through a VPN tunnel.
Page 192 Chapter 6 Device Security Settings Table 69 Device Operation > Device Configuration > Security > Content Filter > General (continued) LABEL DESCRIPTION Content Filter Server Specify a number of seconds (1 to 30) for the Vantage CNM to wait Unavailable Timeout for a response from the external content filtering server.
Page 193: Content Filter Policy
Chapter 6 Device Security Settings Table 69 Device Operation > Device Configuration > Security > Content Filter > General (continued) LABEL DESCRIPTION Redirect URL Enter the URL of the web page to which you want to send users when their web access is blocked by content filtering. The web page you specify here opens in a new frame below the denied access message.
Page 194: Content Filter Policy: General
Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 70 Device Operation > Device Configuration > Security > Content Filter > Policy LABEL DESCRIPTION This is the index number of the entry. Name This is the name of the content filter policy. Active This field displays whether a content filter policy is turned on (Y) or not (N).
Page 195 Chapter 6 Device Security Settings screen to restrict web features and edit the source (user) addresses or ranges of addresses to which the content filter policy applies. Figure 78 Device Operation > Device Configuration > Security > Content Filter > Policy >...
Page 196 Chapter 6 Device Security Settings Table 71 Device Operation > Device Configuration > Security > Content Filter > Policy > Add/General LABEL DESCRIPTION Restrict Web Features Select the check box(es) to restrict a feature. When you try to access a page containing a restricted feature, the whole page will be blocked or the restricted feature part of the web page will appear blank or grayed out.
Page 197: Content Filter Policy: External Database
Chapter 6 Device Security Settings 6.13.2 Content Filter Policy: External Database To open this screen, click a policy’s external database icon in the Device Opera- tion > Device Configuration > Security > Content Filter > Policy screen. Use this screen to edit which content categories the content filter policy blocks. Figure 79 Device Operation >...
Page 198 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Adult/Mature Content Selecting this category excludes pages that contain material of adult nature that does not necessarily contain excessive violence, sexual content, or nudity.
Page 199 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Violence/Hate/Racism Selecting this category excludes pages that depict extreme physical harm to people or property, or that advocate or provide instructions on how to cause such harm.
Page 200 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Education Selecting this category excludes pages that offer educational information, distance learning and trade school information or programs.
Page 201 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Spyware/Malware Selecting this category excludes pages which distribute spyware Sources and other malware. Spyware is defined as software which takes control of your computer, modifies computer settings, collects or reports personal information, or misrepresents itself by tricking users to install, download, or enter personal information.
Page 202 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Email Selecting this category excludes pages offering web-based e- mail services, such as online e-mail reading, e-cards, and mailing list services.
Page 203 Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Sexuality/Alternative Selecting this category excludes pages that provide information, Lifestyles promote, or cater to gays, lesbians, swingers, other sexual orientations or practices, or a particular fetish.
Page 204: Content Filter Policy: Customization
Chapter 6 Device Security Settings Table 72 Device Operation > Device Configuration > Security > Content Filter > Policy > External Database LABEL DESCRIPTION Web Hosting Selecting this category excludes pages of organizations that provide top-level domain pages, as well as web communities or hosting services.
Page 205 Chapter 6 Device Security Settings Note: Use the Device Operation > Device Configuration > Security > Content Filter > Object screen (see Section 6.14 on page 208) to first configure the master lists of trusted (allowed) web sites,forbidden (blocked) web sites, and keywords.
Page 206 Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 73 Device Operation > Device Configuration > Security > Content Filter > Policy > Customization LABEL DESCRIPTION Policy Name This is the name of the content filter policy that you are configuring.
Page 207: Content Filter Policy: Schedule
Chapter 6 Device Security Settings 6.13.4 Content Filter Policy: Schedule To open this screen, click a policy’s schedule icon in the Device Operation > Device Configuration > Security > Content Filter > Policy screen. Use this screen to set for which days and times the policy applies. Figure 81 Device Operation >...
Page 208: Content Filter Objects
Chapter 6 Device Security Settings Table 74 Device Operation > Device Configuration > Security > Content Filter > Policy > Schedule LABEL DESCRIPTION Customization Select this option to have content filtering only active during the specified time interval(s) of the specified day(s). In the Begin Time and End Time fields, enter the time period(s), in 24-hour format, for individual day(s) of the week.
Page 209 Chapter 6 Device Security Settings Note: To use this screens settings in content filtering, you must use the Device Operation > Device Configuration > Security > Content Filter > Policy > Customization screen to set individual policies to add or remove specific sites or keywords for individual policies.
Page 210: Content Filtering Cache
Chapter 6 Device Security Settings Table 75 Device Operation > Device Configuration > Security > Content Filter > Object LABEL DESCRIPTION Click this button when you have finished adding the host name in the text field above. Delete Select a web site name from the Trusted Web Site List, and then click this button to delete it from that list.
Page 211: Auth
Chapter 6 Device Security Settings You can remove individual entries from the cache. When you do this, the device queries the external content filtering database the next time someone tries to access that web site. This allows you to check whether a web site’s category has been changed.
Page 212: Radius
Chapter 6 Device Security Settings To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration > X Auth > Local User in the navigation panel. Figure 84 Device Operation > Device Configuration > Security > X Auth > Local User The following table describes the labels in this screen.
Page 213 Chapter 6 Device Security Settings To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration > Security > X Auth > RADIUS in the navigation panel. Figure 85 Device Operation > Device Configuration > Security > X Auth > RADIUS The following table describes the fields in this screen.
Page 214 Chapter 6 Device Security Settings Table 78 Device Operation > Device Configuration > Security > X Auth > RADIUS LABEL DESCRIPTION Port The default port of the RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so with additional information.
Page 215: Device Advanced Settings
H A P T E R Device Advanced Settings Use these screens to configure device advanced settings such as NAT, Static Route, DNS and Remote Management. 7.0.1 NAT This section shows you how to configure the NAT screens. These screens may vary depending on which model you’re configuring.
Page 216 Chapter 7 Device Advanced Settings Operation in the menu bar, and then click Device Configuration > Advanced > NAT > NAT Overview in the navigation panel. Figure 86 Device Operation > Device Configuration > Advanced > NAT > NAT Overview The following table describes the fields in this screen.
Page 217 Chapter 7 Device Advanced Settings Table 79 Device Operation > Device Configuration > Advanced > NAT > NAT Overview (continued) LABEL DESCRIPTION Port Click Copy to WAN 2 (or Copy to WAN 1) to duplicate this WAN port's Forwarding NAT port forwarding rules on the other WAN port. Rules Note: Using the copy button overwrites the other WAN port's existing rules.
Page 218: Port Forwarding
Chapter 7 Device Advanced Settings 7.2 Port Forwarding Use this screen to configure port forwarding on the device. To open this screen, click a device, click Device Operation in the menu bar, and then click Device Configuration > Advanced > NAT > Port Forwarding in the navigation panel. Figure 87 Device Operation >...
Page 219: Address Mapping
Chapter 7 Device Advanced Settings Table 80 Device Operation > Device Configuration > Advanced > NAT > Port Fowarding (continued) LABEL DESCRIPTION Port Enter the port number here to which you want the device to translate the Translation incoming port. For a range of ports, you only need to enter the first (start/end) number of the range to which you want the incoming ports translated, the device automatically calculates the last port of the translated port...
Page 220 Chapter 7 Device Advanced Settings Table 81 Device Operation > Device Configuration > Advanced > NAT > Address Mapping (continued) LABEL DESCRIPTION Local Start IP This refers to the Inside Local Address (ILA), which is the starting local IP address. Local IP addresses are N/A for Server port mapping. Local End IP This is the end Inside Local Address (ILA).
Page 221: Edit An Address Mapping Rule
Chapter 7 Device Advanced Settings 7.3.1 Edit an Address Mapping Rule Use this screen to edit an address mapping rule on the device. To open this screen, click Edit for a rule in the Device Operation > Device Configuration > Advanced >...
Page 222: Trigger Port
Chapter 7 Device Advanced Settings Table 82 Device Operation > Device Configuration > Advanced > NAT > Address Mapping > Edit (continued) LABEL DESCRIPTION Global End IP This is the ending Inside Global IP Address (IGA). This field is N/A for One-to-One, Many-to-One and Server mapping types.
Page 223: Edit A Trigger Port Rule
Chapter 7 Device Advanced Settings Table 83 Device Operation > Device Configuration > Advanced > NAT > Trigger Port (continued) LABEL DESCRIPTION Start Port This field displays a port number or the starting port number in a range of port numbers. End Port This field displays a port number or the ending port number in a range of port numbers.
Page 224: Static Route
Chapter 7 Device Advanced Settings The following table describes the labels in this screen. Table 84 Device Operation > Device Configuration > Advanced > NAT > Trigger Port > Edit LABEL DESCRIPTION Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces.
Page 225 Chapter 7 Device Advanced Settings menu bar and then click Device Configuration > Advanced > Static Route in the navigation panel. Figure 92 Device Operation > Device Configuration > Advanced > Static Route The following table describes the labels in this screen. Table 85 Device Operation >...
Page 226: Edit A Static Route
Chapter 7 Device Advanced Settings 7.6.1 Edit a Static Route Use this screen to edit a static route in the device. To open this screen, select a static route, and click Edit in the Device Operation > Device Configuration > Advanced >...
Page 227: Dns
Chapter 7 Device Advanced Settings Table 86 Device Operation > Device Configuration > Advanced > Static Route > Edit (continued) LABEL DESCRIPTION Private This parameter determines if the device will include this route to a remote node in its RIP broadcasts. Select this check box to keep this route private and not included in RIP broadcasts.
Page 228: Add/Edit An Address Record
Chapter 7 Device Advanced Settings Table 87 Device Operation > Device Configuration > Advanced > DNS > Address Record (continued) LABEL DESCRIPTION Wildcard This column displays whether or not the DNS wildcard feature is enabled for this domain name. IP Address This is the IP address of a host.
Page 229: Name Server Record
Chapter 7 Device Advanced Settings 7.9 Name Server Record Use this screen to specify the IP address of a DNS server that the device can query to resolve domain names for features like VPN, DDNS, and the time server. To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration >...
Page 230: Add/Edit A Name Server Record
Chapter 7 Device Advanced Settings 7.9.1 Add/Edit a Name Server Record Use this screen to create or edit a name server record. Figure 97 Device Operation > Device Configuration > Advanced > DNS > Name Server Record > Add/Edit Vantage CNM User’s Guide...
Page 231 Chapter 7 Device Advanced Settings The following table describes the labels in this screen. Table 90 Device Operation > Device Configuration > Advanced > DNS > Name Server Record > Add/Edit LABEL DESCRIPTION Domain Zone This field is optional. A domain zone is a fully qualified domain name without the host. For example, zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully qualified domain name.
Page 232: Cache
Chapter 7 Device Advanced Settings 7.10 Cache Use this screen to configure a device’s DNS caching. To open this screen, click a device, click Device Operation and then click Device Configuration > Advanced > DNS > Cache in the navigation panel. Figure 98 Device Operation >...
Page 233: Ddns
Chapter 7 Device Advanced Settings 7.11 DDNS Use this screen to configure your Dynamic DNS (DDNS) on the device. To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration > Advanced > DNS > DDNS. Figure 99 Device Operation >...
Page 234 Chapter 7 Device Advanced Settings Table 92 Device Operation > Device Configuration > Advanced > DNS > DDNS LABEL DESCRIPTION This is the number of an individual entry. Domain Name Enter the host names in these fields. DDNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
Page 235: Dhcp
Chapter 7 Device Advanced Settings Table 92 Device Operation > Device Configuration > Advanced > DNS > DDNS LABEL DESCRIPTION Apply Click this to save your changes back to the device. Reset Click this to begin configuring this screen afresh. 7.12 DHCP Use this screen to configure the DNS server information that the device sends to DHCP clients on the LAN, DMZ or WLAN.
Page 236: Remote Mgmt
Chapter 7 Device Advanced Settings Table 93 Device Operation > Device Configuration > Advanced > DNS > DHCP LABEL DESCRIPTION Select From ISP if your ISP dynamically assigns DNS server information (and the device's WAN IP address). Use the drop-down list box to select a DNS server IP address that the ISP assigns in the field to the right.
Page 237 Chapter 7 Device Advanced Settings Note: It is recommended that you disable Telnet and FTP when you configure SSH for secure connections. Figure 101 Device Operation > Device Configuration > Advanced > Remote Management Vantage CNM User’s Guide...
Page 238 Chapter 7 Device Advanced Settings The following table describes the labels in this screen. Table 94 Device Operation > Device Configuration > Advanced > Remote Management LABEL DESCRIPTION HTTPS Server Select the Server Certificate that the device will use to identify itself. Certificate The device is the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the...
Page 239 Chapter 7 Device Advanced Settings Table 94 Device Operation > Device Configuration > Advanced > Remote Management (continued) LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 240 Chapter 7 Device Advanced Settings Table 94 Device Operation > Device Configuration > Advanced > Remote Management (continued) LABEL DESCRIPTION Secure Client A secure client is a “trusted” computer that is allowed to communicate IP Address with the device using this service. Select All to allow any computer to access the device using this service.
Page 241: Chapter 8 Device Log
H A P T E R Device Log This section shows you how to configure the Device Log screen. This screen may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 8.1 Device Log Use the Logging Options screen to configure to where the device is to send logs;...
Page 242 Chapter 8 Device Log Vantage CNM User’s Guide...
Page 243 Chapter 8 Device Log The following table describes the labels in this screen. Table 95 Device Operation > Device Configuration > Device Log LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 244 Chapter 8 Device Log Table 95 Device Operation > Device Configuration > Device Log (continued) LABEL DESCRIPTION SMTP Authentication SMTP (Simple Mail Transfer Protocol) is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. Select the check box to activate SMTP authentication.
Page 245: Part Iii: Device Configuration (Zld)
Device Configuration (ZLD) Note: This menu only appears when you select a ZLD-based device and the device status is on. See Device Configuration (ZyNOS and Prestige) for ZyNOS devices. Note: The menus and screens may vary depending on the device model you select.
Page 247: Device Network Settings
H A P T E R Device Network Settings The screens explained network settings such as Interface and Routing for ZLD- based ZyWALLs. The menus and screens may vary depending on your device model. 9.1 Ethernet (ZLD ZyWALL) This screen lists every Ethernet interface and virtual interface created on top of Ethernet interfaces.
Page 248: Ethernet Edit
Chapter 9 Device Network Settings Table 96 Device Operation > Device Configuration > Network > Interface > Ethernet (ZLD ZyWALL) (continued) LABEL DESCRIPTION IP Address This field displays the current IP address of the interface. If the IP address is 0.0.0.0, the interface does not have an IP address yet. This screen also shows whether the IP address is a static IP address (STATIC) or dynamically assigned (DHCP).
Page 249 Chapter 9 Device Network Settings The screen for each interface may vary depending on your device model and the interface’s role. Figure 104 Device Operation > Device Configuration > Network > Interface > Ethernet > Edit (WAN) Vantage CNM User’s Guide...
Page 250 Chapter 9 Device Network Settings Figure 105 Device Operation > Device Configuration > Network > Interface > Ethernet > Edit (non-WAN) Vantage CNM User’s Guide...
Page 251 Chapter 9 Device Network Settings The following table describes the fields in this screen. Table 97 Device Operation > Device Configuration > Network > Interface > Ethernet > Edit LABEL DESCRIPTION Ethernet Interface Properties Enable Select this to enable this interface. Clear this to disable this interface. Interface This field is read-only.
Page 252 Chapter 9 Device Network Settings Table 97 Device Operation > Device Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION Downstream This is reserved for future use. Bandwidth Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface.
Page 253 Chapter 9 Device Network Settings Table 97 Device Operation > Device Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION Authentication Select an authentication method, or disable authentication. To exchange OSPF routing information with peer border routers, you must use the same authentication method that they use.
Page 254 Chapter 9 Device Network Settings Table 97 Device Operation > Device Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION Relay Server Enter the IP address of a DHCP server for the network. Relay Server This field is optional. Enter the IP address of another DHCP server for the network.
Page 255: Adding Virtual Interfaces
Chapter 9 Device Network Settings 9.1.2 Adding Virtual Interfaces This screen lets you configure IP address assignment and interface parameters for virtual interfaces. To access this screen, click an Add icon next to an Ethernet interface, VLAN interface, or bridge interface in the respective interface summary screen.
Page 256: Wlan General
Chapter 9 Device Network Settings Table 98 Device Operation > Device Configuration > Network > Interface > Ethernet > Add (continued) LABEL DESCRIPTION Interface This field is read-only. It displays the name of the virtual interface, Name which is automatically derived from the underlying Ethernet interface, VLAN interface, or bridge interface.
Page 257 Chapter 9 Device Network Settings Note: This screen is only available on ZyWALLs that support WLAN. Figure 108 Device Operation > Device Configuration > Network > Interface > WLAN > General The following table describes the fields in this screen. Table 99 Device Operation >...
Page 258 Chapter 9 Device Network Settings Table 99 Device Operation > Device Configuration > Network > Interface > WLAN > General (continued) LABEL DESCRIPTION 802.11 Band Select whether you will let wireless clients connect to the ZyWALL using IEEE 802.11b, IEEE 802.11g, or both. Select b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyWALL.
Page 259: Wlan Add/Edit Screen
Chapter 9 Device Network Settings Table 99 Device Operation > Device Configuration > Network > Interface > WLAN > General (continued) LABEL DESCRIPTION Add icon This column lets you create, edit, remove, activate, and deactivate WLAN interfaces. To create an interface, click the Add icon at the top of the column. To activate or deactivate an interface, click the Active icon next to it.
Page 260 Chapter 9 Device Network Settings • WPA2-PSK and WPA-PSK do not employ user authentication and are known as the personal version of WPA. • WEP is better than no security, but it is still possible for unauthorized devices to figure out the original information pretty quickly. Click the Add (or Edit) icon next to a wireless interface in the Device Operation >...
Page 261 Chapter 9 Device Network Settings The following table describes the general wireless LAN labels. Table 101 Network > Interface > WLAN > Add (No Security) LABEL DESCRIPTION General Settings Enable Select this option to turn on the wireless LAN interface. Interface Interface Specify a number from 1~8 to complete the name for this wireless...
Page 262 Chapter 9 Device Network Settings Table 101 Network > Interface > WLAN > Add (No Security) (continued) LABEL DESCRIPTION Security Type Use this field to select the type of security to use for this wireless LAN interface. Select none to not use any security. See the following sections for details on the other security types.
Page 263 Chapter 9 Device Network Settings Table 101 Network > Interface > WLAN > Add (No Security) (continued) LABEL DESCRIPTION Relay Server 1 Enter the IP address of a DHCP server for the network. Relay Server 2 This field is optional. Enter the IP address of another DHCP server for the network.
Page 264 Chapter 9 Device Network Settings Table 101 Network > Interface > WLAN > Add (No Security) (continued) LABEL DESCRIPTION Direction This field is effective when RIP is enabled. Select the RIP direction from the drop-down list box. BiDir - This interface sends and receives routing information. In-Only - This interface receives routing information.
Page 265: Wlan Add/Edit: Wep Security
Chapter 9 Device Network Settings Table 101 Network > Interface > WLAN > Add (No Security) (continued) LABEL DESCRIPTION Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. 9.2.2 WLAN Add/Edit: WEP Security WEP provides a mechanism for encrypting data using encryption keys.
Page 266: Wlan Add/Edit: Wpa-Psk/Wpa2-Psk Security
Chapter 9 Device Network Settings The following table describes the WEP-related wireless LAN security labels. See Table 101 on page 261 for information on the 802.1x fields. Table 102 Device Operation > Device Configuration > Network > Interface > WLAN >...
Page 267: Wlan Add/Edit: Wpa/Wpa2 Security
Chapter 9 Device Network Settings The following table describes the WPA-PSK/WPA2-PSK-related wireless LAN security labels. Table 103 Device Operation > Device Configuration > Network > Interface > WLAN > General > Add (WPA-PSK/WPA2-PSK Security) LABEL DESCRIPTION Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same.
Page 268 Chapter 9 Device Network Settings Select WPA-Enterprise or WPA2-Enterprise as the Security Type. The following figure shows the security fields. Figure 112 Device Operation > Device Configuration > Network > Interface > WLAN > General > Add (WPA/WPA2 Security) The following table describes the WPA/WPA2-related wireless LAN security labels. Table 104 Device Operation >...
Page 269: Wlan Interface Mac Filter
Chapter 9 Device Network Settings Table 104 Device Operation > Device Configuration > Network > Interface > WLAN > General > Add (WPA/WPA2 Security) (continued) LABEL DESCRIPTION TTLS Certificate This field displays if you select Authentication Method. Select the certificate the ZyWALL uses to authenticate itself to the wireless clients.
Page 270 Chapter 9 Device Network Settings To display your ZyWALL’s MAC filter settings, click Device Operation > Device Configuration > Network > Interface > WLAN > MAC Filter. The screen appears as shown. Figure 113 Device Operation > Device Configuration > Network > Interface > WLAN >...
Page 271: Mac Filter Add/Edit Screen
Chapter 9 Device Network Settings 9.2.6 MAC Filter Add/Edit Screen Every IEEE 802.11b or IEEE 802.11g device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen.
Page 272: Vlan Summary Screen
Chapter 9 Device Network Settings 9.3 VLAN Summary Screen This screen lists every VLAN interface and virtual interface created on top of VLAN interfaces. To access this screen, click Device Operation > Device Configuration > Network > Interface > VLAN. Figure 115 Device Operation >...
Page 273 Chapter 9 Device Network Settings Edit icon next to a VLAN interface in the Device Operation > Device Configuration > Network > Interface > VLAN screen. The following screen appears. Figure 116 Device Operation > Device Configuration > Network > Interface > VLAN >...
Page 274 Chapter 9 Device Network Settings Figure 117 Device Operation > Device Configuration > Network > Interface > VLAN > Add/Edit - DHCP Server Settings Figure 118 Device Operation > Device Configuration > Network > Interface > VLAN > Add/Edit - DHCP Relay Settings Each field is explained in the following table.
Page 275 Chapter 9 Device Network Settings Table 108 Device Operation > Device Configuration > Network > Interface > VLAN > Add/Edit (continued) LABEL DESCRIPTION IP Address This field is enabled if you select Use Fixed IP Address. Enter the IP address for this interface. Subnet Mask This field is enabled if you select Use Fixed IP Address.
Page 276 Chapter 9 Device Network Settings Table 108 Device Operation > Device Configuration > Network > Interface > VLAN > Add/Edit (continued) LABEL DESCRIPTION These fields appear if the ZyWALL is a DHCP Server. IP Pool Start Enter the IP address from which the ZyWALL begins allocating IP Address addresses.
Page 277: Bridge Summary
Chapter 9 Device Network Settings Table 108 Device Operation > Device Configuration > Network > Interface > VLAN > Add/Edit (continued) LABEL DESCRIPTION Enable Select this to turn on the connection check. Check Method Select the method that the gateway allows. Select icmp to have the ZyWALL regularly ping the gateway you specify to make sure it is still available.
Page 278: Bridge Add/Edit
Chapter 9 Device Network Settings Table 109 Device Operation > Device Configuration > Network > Interface > Bridge LABEL DESCRIPTION IP Address This field displays the current IP address of the interface. If the IP address is 0.0.0.0, the interface does not have an IP address yet. This screen also shows whether the IP address is a static IP address (STATIC) or dynamically assigned (DHCP).
Page 279 Chapter 9 Device Network Settings Edit icon in the Device Operation > Device Configuration > Network > Interface > Bridge screen. The following screen appears. Figure 120 Device Operation > Device Configuration > Network > Interface > Bridge > Add/Edit Vantage CNM User’s Guide...
Page 280 Chapter 9 Device Network Settings Each field is described in the table below. Table 110 Device Operation > Device Configuration > Network > Interface > Bridge > Add/Edit LABEL DESCRIPTION Bridge Interface Properties Enable Select this to enable or clear this to disable this interface. Interface This field is read-only if you are editing the interface.
Page 281 Chapter 9 Device Network Settings Table 110 Device Operation > Device Configuration > Network > Interface > Bridge > Add/Edit (continued) LABEL DESCRIPTION Upstream Enter the maximum amount of traffic, in kilobits per second, the Bandwidth ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576.
Page 282 Chapter 9 Device Network Settings Table 110 Device Operation > Device Configuration > Network > Interface > Bridge > Add/Edit (continued) LABEL DESCRIPTION First DNS Specify the IP addresses up to three DNS servers for the DHCP clients Server to use. Use one of the following ways to specify these IP addresses. Second DNS Server Custom Defined - enter a static IP address.
Page 283: Pppoe/Pptp Interface Summary
Chapter 9 Device Network Settings Table 110 Device Operation > Device Configuration > Network > Interface > Bridge > Add/Edit (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. 9.5 PPPoE/PPTP Interface Summary Note: You must set up an ISP account before you create a PPPoE/PPTP interface.
Page 284: Pppoe/Pptp Interface Edit
Chapter 9 Device Network Settings Table 111 Device Operation > Device Configuration > Network > Interface > PPPoE/ PPTP (continued) LABEL DESCRIPTION Base Interface This field displays the interface on the top of which the PPPoE/PPTP interface is. Account Profile This field is not available for all ZLD-based ZyWALL.
Page 285 Chapter 9 Device Network Settings Note: Fields may vary in this screen depending on different ZyWALL models. Figure 123 Device Operation > Device Configuration > Network > Interface > PPPoE/PPTP > Edit Vantage CNM User’s Guide...
Page 286 Chapter 9 Device Network Settings Figure 124 Device Operation > Device Configuration > Network > Interface > PPPoE/PPTP > Add (USG1000) Each field is explained in the following table. Table 112 Device Operation > Device Configuration > Network > Interface > PPP > Edit >...
Page 287 Chapter 9 Device Network Settings Table 112 Device Operation > Device Configuration > Network > Interface > PPP > Edit > Configuration (continued) LABEL DESCRIPTION Nailed-Up Select this if the PPPoE/PPTP connection should always be up. Clear this to have the ZyWALL establish the PPPoE/PPTP connection only when there is traffic.
Page 288 Chapter 9 Device Network Settings Table 112 Device Operation > Device Configuration > Network > Interface > PPP > Edit > Configuration (continued) LABEL DESCRIPTION Compression Select On button to turn on stac compression, and select Off to turn off stac compression. Stac compression is a data compression technique capable of compressing data by a factor of about four.
Page 289 Chapter 9 Device Network Settings Table 112 Device Operation > Device Configuration > Network > Interface > PPP > Edit > Configuration (continued) LABEL DESCRIPTION Check Period Enter the number of seconds between connection check attempts. Check Timeout Enter the number of seconds to wait for a response before the attempt is a failure.
Page 290: Auxiliary Interface
Chapter 9 Device Network Settings 9.6 Auxiliary Interface Use the Auxiliary screen to configure the ZyWALL’s auxiliary interface. Click Device Operation > Device Configuration > Network > Interface > Auxiliary to open it. Figure 125 Device Operation > Device Configuration > Network > Interface > Auxiliary Each field is described in the table below.
Page 291 Chapter 9 Device Network Settings Table 113 Device Operation > Device Configuration > Network > Interface > Auxiliary (continued) LABEL DESCRIPTION Initial String Enter the AT command string to initialize the external modem. the most common string, but you should check the manual for the external modem for additional commands.
Page 292: The Trunk Summary Screen
Chapter 9 Device Network Settings 9.7 The Trunk Summary Screen Click Device Operation > Device Configuration > Network > Interface > Trunk to open the Trunk screen. This screen lists the configured trunks and the load balancing algorithm that each is configured to use. Figure 126 Device Operation >...
Page 293 Chapter 9 Device Network Settings The following table describes the items in this screen. Table 114 Device Operation > Device Configuration > Network > Interface > Trunk LABEL DESCRIPTION Enable Link Select this option to have the ZyWALL send all of each local computer’s Sticking traffic through one WAN interface for the number of seconds that you specify.
Page 294: Configuring A Trunk
Chapter 9 Device Network Settings 9.8 Configuring a Trunk Click Device Operation > Device Configuration > Network > Interface > Trunk and then the Edit icon to open the following screen. Use this screen to configure load balancing settings for each interface. Figure 128 Device Operation >...
Page 295 Chapter 9 Device Network Settings > Edit - Spillover Each field is described in the table below. Table 115 Device Operation > Device Configuration > Network > Interface > Trunk > Edit LABEL DESCRIPTION Name This is read-only if you are editing an existing trunk. When adding a new trunk, enter a descriptive name for this trunk.
Page 296 Chapter 9 Device Network Settings Table 115 Device Operation > Device Configuration > Network > Interface > Trunk > Edit (continued) LABEL DESCRIPTION Mode Select Active to have the ZyWALL always attempt to use this connection. Select Passive to have the ZyWALL only use this connection when all of the connections set to active are down.
Page 297: The Trunk Member List Screen
Chapter 9 Device Network Settings 9.8.1 The Trunk Member List Screen Use this screen to add or remove interface(s) into or from the selected trunk. Click the Add icon in the Device Operation > Device Configuration > Network > Interface > Trunk > Edit sreen to open the following screen. Figure 131 Device Operation >...
Page 298: Interface Summary Screen
Chapter 9 Device Network Settings 9.9 Interface Summary Screen This screen lists all of the selected ZyWALL’s interfaces and gives packet statistics for them. Click Device Operation > Device Configuration > Network > Interface > Summary to access this screen. Figure 132 Device Operation >...
Page 299 Chapter 9 Device Network Settings Each field is described in the following table. Table 117 Device Operation > Device Configuration > Network > Interface > Summary LABEL DESCRIPTION Name This field displays the name of each interface. If there is a Expand icon (plus-sign) next to the name, click this to look at the status of virtual interfaces on top of this interface.
Page 300: Policy Route Screen
Chapter 9 Device Network Settings Table 117 Device Operation > Device Configuration > Network > Interface > Summary (continued) LABEL DESCRIPTION HA Status This field displays the status of the interface in the virtual router. Active - This interface is the master interface in the virtual router. Stand-By - This interface is a backup interface in the virtual router.
Page 301 Chapter 9 Device Network Settings • Limiting the amount of bandwidth available and setting a priority for traffic. IPPR follows the existing packet filtering facility of RAS in style and in implementation. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order.
Page 302 Chapter 9 Device Network Settings Table 118 Device Operation > Device Configuration > Network > Routing > Policy Route (continued) LABEL DESCRIPTION Schedule This is the name of the schedule object. none means the route is active at all times if enabled. Incoming This is the interface on which the packets are received.
Page 303: Policy Route Edit Screen
Chapter 9 Device Network Settings 9.10.1 Policy Route Edit Screen Click the Add or Edit icon in the Device Operation > Device Configuration > Network > Routing to open the Policy Route Edit screen. Use this screen to configure or edit a policy route. Figure 134 Device Operation >...
Page 304 Chapter 9 Device Network Settings Table 119 Device Operation > Device Configuration > Network > Routing > Policy Route > Edit (continued) LABEL DESCRIPTION Description Enter a descriptive name of up to 31 printable ASCII characters for the policy. Criteria User Select a user name or user group from which the packets are sent.
Page 305 Chapter 9 Device Network Settings Table 119 Device Operation > Device Configuration > Network > Routing > Policy Route > Edit (continued) LABEL DESCRIPTION Source Select none to not use NAT for the route. Network Select outgoing-interface to use the IP address of the outgoing Address interface as the source IP address of the packets that matches this Translation...
Page 306: Ip Static Route Screen
Chapter 9 Device Network Settings Table 119 Device Operation > Device Configuration > Network > Routing > Policy Route > Edit (continued) LABEL DESCRIPTION Maximum Specify the maximum bandwidth (from 1 to 1048576) allowed for the Bandwidth route in kbps. If you enter 0 here, there is no bandwidth limitation for the route.
Page 307: Static Route Add/Edit Screen
Chapter 9 Device Network Settings The following table describes the labels in this screen. Table 120 Device Operation > Device Configuration > Network > Routing > Static Route LABEL DESCRIPTION Page Size Select how many entries you want to display on each page. This is the number of an individual static route.
Page 308: The Rip Screen
Chapter 9 Device Network Settings The following table describes the labels in this screen. Table 121 Device Operation > Device Configuration > Network > Routing > Static Route > Add LABEL DESCRIPTION Destination IP This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Page 309 Chapter 9 Device Network Settings Click Device Operation > Device Configuration > Network > Routing > RIP to open the following screen. Figure 137 Device Operation > Device Configuration > Network > Routing > RIP The following table describes the labels in this screen. Table 122 Device Operation >...
Page 310: The Ospf Screen
Chapter 9 Device Network Settings Table 122 Device Operation > Device Configuration > Network > Routing Protocol > RIP (continued) LABEL DESCRIPTION Metric Type the cost for routes provided by the indicated source. The metric represents the “cost” of transmission for routing purposes. RIP routing uses hop count as the measurement of cost, with 1 usually used for directly connected networks.
Page 311 Chapter 9 Device Network Settings The following table describes the labels in this screen. See Section 9.13.1 on page for more information as well. Table 123 Device Operation > Device Configuration > Network > Routing Protocol > OSPF LABEL DESCRIPTION OSPF Router ID Select the 32-bit ID the ZyWALL uses in the OSPF AS.
Page 312: The Ospf Area Add/Edit Screen
Chapter 9 Device Network Settings Table 123 Device Operation > Device Configuration > Network > Routing Protocol > OSPF (continued) LABEL DESCRIPTION Apply Click this button to save your changes to the ZyWALL. Reset Click this button to return the screen to its last-saved settings. 9.13.1 The OSPF Area Add/Edit Screen The OSPF Area Add/Edit screen allows you to create a new area or edit an existing one.
Page 313 Chapter 9 Device Network Settings Table 124 Device Operation > Device Configuration > Network > Routing > OSPF > Add/Edit (continued) LABEL DESCRIPTION Authentication Select the default authentication method used in the area. This authentication protects the integrity, but not the confidentiality, of routing updates.
Page 314 Chapter 9 Device Network Settings Table 124 Device Operation > Device Configuration > Network > Routing > OSPF > Add/Edit (continued) LABEL DESCRIPTION This field is available if the Authentication is MD5. Type the default Authentication password for MD5 authentication in the area. The password can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
Page 315: Firewall
H A P T E R Firewall This section shows you how to configure the Firewall screens. These screens may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 10.1 The Firewall Screen Click Device Operation >...
Page 316 Chapter 10 Firewall The following table describes the labels in this screen. Table 125 Device Operation > Device Cofniguration > Firewall LABEL DESCRIPTION Global Setting Enable Select this check box to activate the firewall. The ZyWALL performs Firewall access control when the firewall is activated. Allow If an alternate gateway on the LAN has an IP address in the same subnet Asymmetrical...
Page 317 Chapter 10 Firewall Table 125 Device Operation > Device Cofniguration > Firewall (continued) LABEL DESCRIPTION Priority This is the position of your firewall rule in the global rule list (including all through-ZyWALL and to-ZyWALL rules). The ordering of your rules is important as rules are applied in sequence.
Page 318: The Firewall Edit Screen
Chapter 10 Firewall 10.1.1 The Firewall Edit Screen In the Device Operation > Device Cofniguration > Firewall screen, click the Edit or Add icon to display the Firewall Rule Edit screen. Refer to the following table for information on the labels. Figure 141 Device Operation >...
Page 319: The Session Limit Screen
Chapter 10 Firewall Table 126 Device Operation > Device Cofniguration > Firewall > Edit (continued) LABEL DESCRIPTION User This field is not available when you are configuring a to-ZyWALL rule. Select a user name or user group to which to apply the rule. Select Create Object to configure a new user account.
Page 320 Chapter 10 Firewall for all users and individual limits for specific users, addresses, or both. The individual limit takes priority if you apply both. Figure 142 Device Operation > Device Cofniguration > Firewall > Session Limit The following table describes the labels in this screen. Table 127 Device Operation >...
Page 321: The Session Limit Add/Edit Screen
Chapter 10 Firewall Table 127 Device Operation > Device Cofniguration > Firewall > Session Limit LABEL DESCRIPTION Add icon Click the Add icon in the heading row to add a new first entry. Click the Edit icon to go to the screen where you can edit the rule on the ZyWALL.
Page 322 Chapter 10 Firewall The following table describes the labels in this screen. Table 128 Device Operation > Device Cofniguration > Firewall > Session Limit > Edit LABEL DESCRIPTION Enable Rule Select this check box to turn on this session limit rule. Description Enter information to help you identify this rule.
Page 323: Chapter 11 Ipsec Vpn
H A P T E R IPSec VPN The screens explained device IPSec VPN settings. 11.1 The IPSec VPN Connection Screen Click Device Operation > Device Configuration > VPN > IPSec VPN to open the VPN Connection screen. The VPN Connection screen lists the VPN connection policies and their associated VPN gateway(s), and various settings.
Page 324 Chapter 11 IPSec VPN The VPN wizard automatically creates a corresponding policy route. If you create the VPN connection in the VPN > IPSec VPN screens, you need to manually create a corresponding policy route. Figure 144 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection Each field is discussed in the following table.
Page 325: The Ipsec Vpn Connection Add/Edit Screen
Chapter 11 IPSec VPN Table 129 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection (continued) LABEL DESCRIPTION VPN Gateway This field displays the associated VPN gateway(s). If there is no VPN gateway, this field displays “manual key”. Encapsulation This field displays what encapsulation the IPSec SA uses.
Page 326 Chapter 11 IPSec VPN Figure 145 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (IKE) Vantage CNM User’s Guide...
Page 327 Chapter 11 IPSec VPN Each field is described in the following table. Table 130 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (IKE) LABEL DESCRIPTION VPN Connection Enable Select this to activate or clear this to deactivate this VPN rule. Connection Type the name used to identify this IPSec SA.
Page 328 Chapter 11 IPSec VPN Table 130 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (IKE) (continued) LABEL DESCRIPTION Encryption This field is applicable when the Active Protocol is ESP. Select which key size and encryption algorithm to use in the IPSec SA. Choices are: NULL - no encryption key or algorithm DES - a 56-bit key with the DES encryption algorithm...
Page 329 Chapter 11 IPSec VPN Table 130 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (IKE) (continued) LABEL DESCRIPTION Policy Click Advanced to display more settings. Click Basic to display fewer settings. Local Policy Select the address or address group corresponding to the local network.
Page 330 Chapter 11 IPSec VPN Table 130 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (IKE) (continued) LABEL DESCRIPTION Check Timeout Enter the number of seconds to wait for a response before the attempt is a failure. Check Fail Enter the number of consecutive failures allowed before the ZyWALL Tolerance...
Page 331: Ipsec Vpn Connection Add/Edit (Manual Key)
Chapter 11 IPSec VPN Table 130 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (IKE) (continued) LABEL DESCRIPTION SNAT Select the address object that represents the translated source address (or select Create Object to configure a new one). This is the address that hides the original source address.
Page 332 Chapter 11 IPSec VPN Note: Only use manual key as a temporary solution, because it is not as secure as a regular IPSec SA. Figure 146 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (Manual Key) This table describes labels specific to manual key configuration.
Page 333 Chapter 11 IPSec VPN Table 131 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (Manual Key) (continued) LABEL DESCRIPTION Encryption This field is applicable when the Active Protocol is ESP. Select which Algorithm key size and encryption algorithm to use in the IPSec SA.
Page 334 Chapter 11 IPSec VPN Table 131 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (Manual Key) (continued) LABEL DESCRIPTION Encryption This field is applicable when you select an Encryption Algorithm. Enter the encryption key, which depends on the encryption algorithm. DES - type a unique key 8-32 characters long 3DES - type a unique key 24-32 characters long AES128 - type a unique key 16-32 characters long...
Page 335: The Vpn Gateway Screen
Chapter 11 IPSec VPN 11.2 The VPN Gateway Screen The VPN Gateway summary screen displays the IPSec VPN gateway policies in the ZyWALL, as well as the ZyWALL’s address, remote IPSec router’s address, and associated VPN connections for each one. In addition, it also lets you activate and deactivate each VPN gateway.
Page 336: The Vpn Gateway Add/Edit Screen
Chapter 11 IPSec VPN Table 132 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway (continued) LABEL DESCRIPTION Add icon This column provides icons to add, edit, and remove VPN gateways. To add a VPN gateway, click the Add icon at the top of the column. The VPN Gateway Add/Edit screen appears.
Page 337 Chapter 11 IPSec VPN Figure 148 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway > Edit Vantage CNM User’s Guide...
Page 338 Chapter 11 IPSec VPN Each field is described in the following table. Table 133 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway > Edit LABEL DESCRIPTION VPN Gateway Enable Select this to activate or clear this to deactivate this VPN gateway. VPN Gateway Type the name used to identify this VPN gateway.
Page 339 Chapter 11 IPSec VPN Table 133 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Key Group Select which Diffie-Hellman key group (DHx) you want to use for encryption keys. Choices are: DH1 - use a 768-bit random number DH2 - use a 1024-bit random number DH5 - use a 1536-bit random number...
Page 340 Chapter 11 IPSec VPN Table 133 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Secure Select how the IP address of the remote IPSec router in the IKE SA is Gateway defined.
Page 341 Chapter 11 IPSec VPN Table 133 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Local ID Type This field is read-only if the ZyWALL and remote IPSec router use certificates to identify each other. Select which type of identification is used to identify the ZyWALL during authentication.
Page 342 Chapter 11 IPSec VPN Table 133 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Peer ID This field is disabled if the Peer ID Type is Any. Type the identity of Content the remote IPSec router during authentication.
Page 343: The Vpn Concentrator Screen
Chapter 11 IPSec VPN Table 133 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Client Mode Select this radio button if the ZyWALL provides a username and password to the remote IPSec router for authentication. You also have to provide the User Name and the Password.
Page 344 Chapter 11 IPSec VPN routes in each spoke router, depending on the IP addresses and subnets of each spoke. However a VPN concentrator is not for every situation. The hub router is a single failure point, so a VPN concentrator is not as appropriate if the connection between spoke routers cannot be down occasionally (maintenance, for example).
Page 345: The Vpn Concentrator Add/Edit Screen
Chapter 11 IPSec VPN 11.3.1 The VPN Concentrator Add/Edit Screen The VPN Concentrator Add/Edit screen allows you to create a new VPN concentrator or edit an existing one. To access this screen, go to the VPN Concentrator summary screen (see Section 11.3 on page 343), and click either the Add icon or an Edit icon.
Page 346 Chapter 11 IPSec VPN Vantage CNM User’s Guide...
Page 347: Ssl Vpn
H A P T E R SSL VPN 12.1 Overview Use SSL VPN to allow users to use a web browser for secure remote user login (the remote users do not need a VPN router or VPN client software. 12.2 The SSL Access Privilege Screen Click Device Operation >...
Page 348 Chapter 12 SSL VPN Table 136 Device Operation > Device Configuration > VPN > SSL VPN > Access Privilege LABEL DESCRIPTION Application This field displays the descriptive name of the SSL application object this policy uses. Add icon This column provides icons to add, edit, and remove policies. To add a new policy, click the Add icon at the top of the column.
Page 349: The Ssl Access Policy Add/Edit Screen
Chapter 12 SSL VPN 12.2.1 The SSL Access Policy Add/Edit Screen To create a new or edit an existing SSL access policy, click the Add or Edit icon in the Access Privilege screen. Figure 153 Device Operation > Device Configuration > VPN > SSL VPN > Access Privilege >...
Page 350 Chapter 12 SSL VPN The following table describes the labels in this screen. Table 137 Device Operation > Device Configuration > VPN > SSL VPN > Access Privilege > Add/Edit LABEL DESCRIPTION Configuration Enable Select this option to activate this SSL access policy. Name Enter a descriptive name to identify this policy.
Page 351: The Ssl Global Setting Screen
Chapter 12 SSL VPN Table 137 Device Operation > Device Configuration > VPN > SSL VPN > Access Privilege > Add/Edit (continued) LABEL DESCRIPTION Apply Click Apply to save the changes and return to the main Access Privilege screen. Cancel Click Cancel to discard all changes and return to the main Access Privilege screen.
Page 352 Chapter 12 SSL VPN Table 138 Device Operation > Device Configuration > VPN > SSL VPN > Global Setting (continued) LABEL DESCRIPTION Logout Message Specify a message to display on the screen when a user logs out and the SSL VPN connection is terminated successfully. You can enter up to 60 characters (“a-z”, A-Z”, “0-9”) with spaces allowed.
Page 353: Chapter 13 L2Tp Vpn
H A P T E R L2TP VPN 13.1 Overview L2TP VPN lets remote users use the L2TP and IPSec client software included with their computers’ operating systems to securely connect to the network behind the ZyWALL. The remote users do not need their own IPSec gateways or VPN client software.
Page 354 Chapter 13 L2TP VPN Note: Disconnect any existing L2TP VPN sessions before modifying L2TP VPN settings. The remote users must make any needed matching configuration changes and re-establish the sessions using the new settings. Figure 156 Device Operation > Device Configuration > VPN > L2TP VPN The following table describes the fields in this screen.
Page 355 Chapter 13 L2TP VPN Table 139 Device Operation > Device Configuration > VPN > L2TP VPN (continued) LABEL DESCRIPTION First DNS Server Specify the IP addresses of DNS servers to assign to the remote users. (Optional), You can specify these IP addresses two ways. Second DNS Custom Defined - enter a static IP address.
Page 356 Chapter 13 L2TP VPN Vantage CNM User’s Guide...
Page 357: Object
H A P T E R Object The screens explained settings about user/group, address, service, schedule, AAA server, authentication method, certificate and SSL application objects. The menus and screens may vary depending on your device model. 14.1 User Summary Screen The User screen provides a summary of all user accounts.
Page 358: User Add/Edit Screen
Chapter 14 Object Table 140 Device Operation > Device Configuration > Object > User/Group LABEL DESCRIPTION Add icon This column provides icons to add, edit, and remove users. To add a user, click the Add icon at the top of the column. The User Add/Edit screen appears.
Page 359 Chapter 14 Object To access this screen, go to the User screen (see Section 14.1 on page 357), and click either the Add icon or an Edit icon. Figure 158 Device Operation > Device Configuration > Object > User/Group > User >...
Page 360: User Group Summary Screen
Chapter 14 Object Table 141 Device Operation > Device Configuration > Object > User/Group > User > Add/Edit (continued) LABEL DESCRIPTION Lease Time Enter the number of minutes this user has to renew the current session before the user is logged out. You can specify 1 to 1440 minutes. You can enter 0 to make the number of minutes unlimited.
Page 361: Group Add/Edit Screen
Chapter 14 Object The following table describes the labels in this screen. See Section 14.2.1 on page for more information as well. Table 142 Device Operation > Device Configuration > Object > User/Group > Group LABEL DESCRIPTION Page Size Select how many entries you want to display on each page. This field is a sequential value, and it is not associated with a specific user group.
Page 362: Setting Screen
Chapter 14 Object The following table describes the labels in this screen. Table 143 Device Operation > Device Configuration > Object > User/Group > Group > Add LABEL DESCRIPTION Group Name Type the name for this user group. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 363 Chapter 14 Object To access this screen, login to the Web Configurator, and click Device Operation > Device Configuration > Object > Object > User/Group > Setting. Figure 161 Device Operation > Device Configuration > Object > User/Group > Setting Vantage CNM User’s Guide...
Page 364 Chapter 14 Object The following table describes the labels in this screen. Table 144 Device Operation > Device Configuration > Object > User/Group > Setting LABEL DESCRIPTION User Authentication Timeout Settings User Authentication This authentication timeout settings are used by default when you Timeout Settings create a new user account.
Page 365 Chapter 14 Object Table 144 Device Operation > Device Configuration > Object > User/Group > Setting (continued) LABEL DESCRIPTION User idle timeout This is applicable for access users. This field is effective when Enable user idle detection is checked. Type the number of minutes each access user can be logged in and idle before the ZyWALL automatically logs out the access user.
Page 366: Default User Authentication Timeout Settings Edit Screens
Chapter 14 Object Table 144 Device Operation > Device Configuration > Object > User/Group > Setting (continued) LABEL DESCRIPTION Schedule This field displays the schedule object that specifies when this condition applies. It displays none if this condition always applies. Source This field displays the source address object of traffic to which this condition applies.
Page 367 Chapter 14 Object To access this screen, go to the Device Operation > Device Configuration > Object > User/Group > Setting screen (see Section 14.3 on page 362), and click one of the User Authentication Timeout Settings section’s Edit icons. Figure 162 Device Operation >...
Page 368: Force User Authentication Policy Add/Edit Screen
Chapter 14 Object 14.3.2 Force User Authentication Policy Add/Edit Screen Use this screen to specify a condition when users must log in or do not have to log in to the ZyWALL before their HTTP traffic can pass through the ZyWALL. Figure 163 Device Operation >...
Page 369: Address Summary Screen
Chapter 14 Object 14.4 Address Summary Screen The address screens are used to create, maintain, and remove addresses. There are the types of address objects. • HOST - a host address is defined by an IP Address. • RANGE - a range address is defined by a Starting IP Address and an Ending IP Address.
Page 370: Address Add/Edit Screen
Chapter 14 Object Table 147 Object > Address > Address (continued) LABEL DESCRIPTION Address This field displays the IP addresses represented by each address object. If the object’s settings are based on one of the ZyWALL’s interfaces, the name of the interface displays first followed by the object’s current address settings.
Page 371: Address Group Summary Screen
Chapter 14 Object The following table describes the labels in this screen. Table 148 Device Operation > Device Configuration > Object > Address > Address > Add/Edit LABEL DESCRIPTION Name Type the name used to refer to the address. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 372 Chapter 14 Object Address > Group. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 166 Device Operation > Device Configuration > Object > Address > Group The following table describes the labels in this screen.
Page 373: Address Group Add/Edit Screen
Chapter 14 Object 14.4.3 Address Group Add/Edit Screen The Address Group Add/Edit screen allows you to create a new address group or edit an existing one. To access this screen, go to the Address Group screen (see Section 14.4.2 on page 371), and click either the Add icon or an Edit icon.
Page 374: The Service Summary Screen
Chapter 14 Object 14.5 The Service Summary Screen The Service summary screen provides a summary of all services and their definitions. In addition, this screen allows you to add, edit, and remove services. To access this screen, log in to the Web Configurator, and click Device Operation >...
Page 375: The Service Add/Edit Screen
Chapter 14 Object Table 151 Device Operation > Device Configuration > Object > Service > Service LABEL DESCRIPTION Add icon This column provides icons to add, edit, and remove services. To add a service, click the Add icon at the top of the column. The Service Add/Edit screen appears.
Page 376: The Service Group Summary Screen
Chapter 14 Object The following table describes the labels in this screen. Table 152 Device Operation > Device Configuration > Object > Service > Service > Add/Edit LABEL DESCRIPTION Name Type the name used to refer to the service. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 377 Chapter 14 Object To access this screen, log in to the Web Configurator, and click Device Operation > Device Configuration > Object > Service > Service Group. Figure 170 Device Operation > Device Configuration > Object > Service > Service Group The following table describes the labels in this screen.
Page 378: The Service Group Add/Edit Screen
Chapter 14 Object 14.6.1 The Service Group Add/Edit Screen The Service Group Add/Edit screen allows you to create a new service group or edit an existing one. To access this screen, go to the Service Group screen (see Section 14.6 on page 376), and click either the Add icon or an Edit icon.
Page 379: The Schedule Summary Screen
Chapter 14 Object 14.7 The Schedule Summary Screen The Schedule summary screen provides a summary of all schedules in the ZyWALL. To access this screen, click Device Operation > Device Configuration > Object > Schedule. Figure 172 Device Operation > Device Configuration > Object > Schedule The following table describes the labels in this screen.
Page 380: The One-Time Schedule Add/Edit Screen
Chapter 14 Object Table 155 Device Operation > Device Configuration > Object > Schedule LABEL DESCRIPTION Recurring Use this section to configure recurring schedules. For example, a schedule starts at 23:00 and stops at 23:30 on Mondays. This field is a sequential value, and it is not associated with a specific schedule.
Page 381: The Recurring Schedule Add/Edit Screen
Chapter 14 Object The following table describes the labels in this screen. Table 156 Device Operation > Device Configuration > Object > Schedule > Add/Edit (One Time) LABEL DESCRIPTION Configuration Name Type the name used to refer to the one-time schedule. You may use 1- 31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 382 Chapter 14 Object (see Section 14.7 on page 379), and click either the Add icon or an Edit icon in the Recurring section. Figure 174 Device Operation > Device Configuration > Object > Schedule > Edit (Recurring) The Year, Month, and Day columns are not used in recurring schedules and are disabled in this screen.
Page 383 Chapter 14 Table 157 Device Operation > Device Configuration > Object > Schedule > Edit (Recurring) (continued) LABEL DESCRIPTION Stop Type the hour and minute when the schedule ends each day. Year - disabled Month - disabled Day - disabled Hour - 0 - 23 Minute - 0 - 59 The Hour and Minute fields are both required.
Page 384 Chapter 14 Vantage CNM User’s Guide...
Page 385: Aaa
H A P T E R 15.1 Configuring Active Directory or LDAP Default Server Settings Use this screen to configure the Active Directory or LDAP default server settings. To access this screen, click Device Operation > Device Configuration > Object > AAA Server > Active Directory (or LDAP). Figure 175 Device Operation >...
Page 386: Active Directory Or Ldap Group Summary Screen
Chapter 15 AAA Table 158 Device Operation > Device Configuration > Object > AAA Server > Active Directory (or LDAP) > Default (continued) LABEL DESCRIPTION Bind DN Specify the bind DN for logging into the AD or LDAP server. Enter up to 127 alphanumerical characters.
Page 387 Chapter 15 AAA Click Device Operation > Device Configuration > Object > AAA Server > Active Directory (or LDAP) > Group to display the screen as shown next. Figure 176 Device Operation > Device Configuration > Object > AAA Server > Active Directory (or LDAP) >...
Page 388: Creating An Active Directory Or Ldap Group
Chapter 15 AAA 15.2.1 Creating an Active Directory or LDAP Group Use this screen to create an Active Directory or LDAP group. To access this screen, click an Add icon in the Device Operation > Device Configuration > Object > AAA Server >...
Page 389 Chapter 15 AAA Table 160 Device Operation > Device Configuration > Object > AAA Server > Active Directory (or LDAP) > Group > Add (continued) LABEL DESCRIPTION Bind DN Specify the bind DN for logging into the AD or LDAP server. Enter up to 127 alphanumerical characters.
Page 390: Configuring A Default Radius Server
Chapter 15 AAA 15.3 Configuring a Default RADIUS Server User this screen to configure the default external RADIUS server to use for user authentication. Click Device Operation > Device Configuration > Object > AAA Server > RADIUS to display the screen as shown. Figure 178 Device Operation >...
Page 391: Configuring A Group Of Radius Servers
Chapter 15 AAA 15.3.1 Configuring a Group of RADIUS Servers You can configure a group of RADIUS servers in the RADIUS > Group screen. This is useful if you have more than one authentication server for user authentication in a network. Click Device Operation >...
Page 392: Adding A Radius Server Member
Chapter 15 AAA 15.3.2 Adding a RADIUS Server Member Use this screen to create or edit a RADIUS server member. Click the Add icon or an Edit icon in the Device Operation > Device Configuration > Object > AAA Server > RADIUS > Group screen to display the screen as shown next. Figure 180 Device Operation >...
Page 393: Viewing Authentication Method Objects
Chapter 15 AAA Table 163 Device Operation > Device Configuration > Object > AAA Server > RADIUS > Group > Add/Edit (continued) LABEL DESCRIPTION Members Enter the IP address (in dotted decimal notation) or the domain name (up to 63 alphanumeric characters) of a RADIUS server. Authentication The default port of the RADIUS server for authentication is 1812.
Page 394: Creating An Authentication Method Object
Chapter 15 AAA Table 164 Device Operation > Device Configuration > Object > Auth. Method LABEL DESCRIPTION Add icon Click Add to add a new entry. Click Edit to edit the settings of an entry. Click Remove to remove an entry. Total Records This field displays the total number of authentication method entries.
Page 395 Chapter 15 AAA Click OK to save the settings or click Cancel to discard all changes and return to the previous screen. Figure 182 Device Operation > Device Configuration > Object > Auth. Method > Add The following table describes the labels in this screen. Table 165 Device Operation >...
Page 396: The My Certificates Screen
Chapter 15 AAA 15.6 The My Certificates Screen Click Device Operation > Device Configuration > Object > Certificate > My Certificates to open the My Certificates screen. This is the ZyWALL’s summary list of certificates and certification requests. Figure 183 Device Operation > Device Configuration > Object > Certificate > My Certificates The following table describes the labels in this screen.
Page 397: Isp Account Summary
Chapter 15 AAA Table 166 Device Operation > Device Configuration > Object > Certificate > My Certificates (continued) LABEL DESCRIPTION Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country).
Page 398: Isp Account Edit
Chapter 15 AAA Table 167 Device Operation > Device Configuration > Object > ISP Account LABEL DESCRIPTION Add icon This column provides icons to add, edit, and remove ISP accounts. To add information about a new ISP account, click the Add icon at the top of the column.
Page 399 Chapter 15 AAA The following table describes the labels in this screen. Table 168 Device Operation > Device Configuration > Object > ISP Account > Add/ Edit LABEL DESCRIPTION Profile Name This field is read-only if you are editing an existing account. Type in the profile name of the ISP account.
Page 400: The Ssl Application Screen
Chapter 15 AAA Table 168 Device Operation > Device Configuration > Object > ISP Account > Add/ Edit (continued) LABEL DESCRIPTION Compression Select On button to turn on stac compression, and select Off to turn off stac compression. Stac compression is a data compression technique capable of compressing data by a factor of about four.
Page 401: Creating/Editing A Web-Based Ssl Application Object
Chapter 15 AAA Table 169 Device Operation > Device Configuration > Object > SSL Application LABEL DESCRIPTION Type This field shows whether the object is a file-sharing, web-server, Outlook Web Access, Virtual Network Computing, or Remote Desktop Protocol SSL application. Add icon This column provides icons to add, edit, and remove SSL application objects.
Page 402 Chapter 15 AAA Table 170 Device Operation > Device Configuration > Object > SSL Application > Add/Edit: Web Application LABEL DESCRIPTION Server Type Specify the type of service for this SSL application. Select Web Server to allow access to the specified web site hosted on the local network.
Page 403: Creating/Editing A File Sharing Ssl Application Object
Chapter 15 AAA Table 170 Device Operation > Device Configuration > Object > SSL Application > Add/Edit: Web Application LABEL DESCRIPTION Apply Click Apply to save the changes and return to the main SSL Application Configuration screen. Cancel Click Cancel to discard the changes and return to the main SSL Application Configuration screen.
Page 404 Chapter 15 AAA Table 171 Device Operation > Device Configuration > Object > SSL Application > Add/Edit: File Sharing LABEL DESCRIPTION Shared Path Specify the IP address, domain name or NetBIOS name (computer name) of the file server and the name of the share to which you want to allow user access.
Page 405: Chapter 16 Maintenance
H A P T E R Maintenance This section shows you how to configure the Device Log screen. This screen may vary depending on which model you’re configuring. Please see the device’s User’s Guide for more information about any of these screens or fields. 16.1 Edit Remote Server Log Settings The Log Settings Edit screen controls the detailed settings for each log in the remote server (syslog).
Page 406 Chapter 16 Maintenance The following table describes the labels in this screen. Table 172 Maintenance > Log > Log Setting LABEL DESCRIPTION Log Settings for Remote Server X Active Select this check box to send log information according to the information in this section.
Page 407: Part Iv: Configuration, Firmware And Licence Management
Configuration, Firmware and Licence Management Note: The examples in this section use one of the most comprehensive examples of each screen, not every variation for each device type and firmware version. If you are unable to find a specific screen or field in this User’s Guide, please see the User’s Guide for the device for more information.
Page 409: Configuration Management
H A P T E R Configuration Management The screens explained synchronization settings between Vantage CNM and devices, backup/restore device configuration file, backup/restore anti-virus or IDP signature profiles, and manage building blocks. 17.1 Synchronization (Device) Data inconsistencies may occur if device configurations are made directly to the device instead of in Vantage CNM.
Page 410 Chapter 17 Configuration Management If you are not sure how to resolve inconsistencies between the device and Vantage CNM, you might access the device’s web configurator and compare the settings in the web configurator to the settings in Vantage CNM before you use this function. Figure 190 Device Operation >...
Page 411: Synchronization (Folder)
Chapter 17 Configuration Management The following table describes the fields in this screen. Table 173 Device Operation > Configuration Management > Synchronization LABEL DESCRIPTION Device Select this radio button to have Vantage CNM pull all current device Overwrites configurations into Vantage CNM. The current device configuration Vantage CNM "overwrites"...
Page 412: Configuration File Management
Chapter 17 Configuration Management The following table describes the fields in this screen. Table 174 Device Operation > Configuration Management > Synchronization (Folder) LABEL DESCRIPTION Device(s) Select this radio button to have Vantage CNM pull all current device Overwrite configurations in the selected folder into Vantage CNM. The current Vantage CNM devices’...
Page 413: Backup & Restore (Device)
Chapter 17 Configuration Management 17.3.1 Backup & Restore (Device) Use this screen to back up and restore configuration files for a specific device. The configuration files may be stored in the Vantage CNM server or on the computer from which you access Vantage CNM. To open this screen, select a device, click Device Operation in the menu bar and then click Configuration Management >...
Page 414: Backup A Device
Chapter 17 Configuration Management Table 175 Device Operation > Configuration Management > Configuration File > Backup & Restore (Device) (continued) TYPE DESCRIPTION Remove Click this to remove an existing configuration file from the Vantage CNM server. Total Records This entry displays the total number of records on the current page of the file list.
Page 415: Backup & Restore (Folder)
Chapter 17 Configuration Management Table 176 Device Operation > Configuration Management > Configuration File Management > Backup & Restore > Backup (Device) (continued) TYPE DESCRIPTION Description Enter a descriptive note for the file. Backup Time Backup Now Select this radio box to perform the backup after you click Backup. Scheduled Time Select this radio box to define a time or a periodical time Vantage CNM server automatically perform backup for this device.
Page 416: Group Backup (Folder)
Chapter 17 Configuration Management Table 177 Device Operation > Configuration Management > Configuration File Management > Backup & Restore (Folder) (continued) TYPE DESCRIPTION Group File Name This displays the name of the set of configuration files. Description This field displays the description of the set of configuration files. Admin This field displays the administrator who performed the backup of the configuration files.
Page 417 Chapter 17 Configuration Management Note: The backup takes some time depending on your network environment. Figure 197 Device Operation > Configuration Management >Configuration Management > Configuration File Management > Backup (Folder) The following table describes the fields in this screen. Table 178 Device Operation >...
Page 418: Group Restore (Folder)
Chapter 17 Configuration Management Table 178 Device Operation > Configuration Management > Configuration File Management > Backup (Folder) (continued) TYPE DESCRIPTION Scheduled Time Select this radio box to define a time or a periodical time Vantage CNM server automatically perform backup for the device(s). Select One Time from the list box if you want this backup schedule is applied one time, or select Weekly or Monthly to specify how often you want the backup schedule is applied periodically.
Page 419: Schedule List (Device)
Chapter 17 Configuration Management The following table describes the fields in this screen. Table 179 Device Operation > Configuration Management > Configuration File Management > Restore (Folder) TYPE DESCRIPTION Group Restore This is the number of an individual entry. Device Name This displays the name of the device that was backed up.
Page 420: Schedule List (Folder)
Chapter 17 Configuration Management The following table describes the fields in this screen. Table 180 Device Operation > Configuration Management > Configuration File Management > Schedule List (Device) TYPE DESCRIPTION Schedule List This is the number of an individual entry. File Name This displays the name of the configuration file.
Page 421: Add/Edit Schedule List (Folder)
Chapter 17 Configuration Management The following table describes the fields in this screen. Table 181 Device Operation > Configuration Management > Configuration File Management > Schedule List (Folder) TYPE DESCRIPTION Page Size Select how many records you want to see in each page. Schedule List This is the number of an individual entry.
Page 422 Chapter 17 Configuration Management Configuration Management > Configuration File Management > Schedule List, and then click Add. Figure 201 Device Operation > Configuration Management > Configuration File Management > Schedule List (Folder) The following table describes the fields in this screen. Table 182 Device Operation >...
Page 423: Signature Profile Management
Chapter 17 Configuration Management Table 182 Device Operation > Configuration Management > Configuration File Management > Schedule List (Folder) (continued) TYPE DESCRIPTION Scheduled Time Select this radio box to define a time or a periodical time Vantage CNM server automatically perform backup for the device(s). Select One Time from the list box if you want this backup schedule is applied one time, or select Weekly or Monthly to specify how often you want the backup schedule is applied periodically.
Page 424 Chapter 17 Configuration Management Management > Signature Profile Management > Backup & Restore in the navigation panel. Figure 202 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore (ZyNOS ZyWALL) Figure 203 Device Operation > Configuration Management > Signature Profile Management >...
Page 425: Signature Profile Backup & Restore (Folder)
Chapter 17 Configuration Management Table 183 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore (continued) TYPE DESCRIPTION Signature Version This field displays the version of signature. Description This displays a description that was entered at the time of backup. Admin This field displays the administrator who performed the backup.
Page 426 Chapter 17 Configuration Management menu bar and then click Configuration Management > Signature Profile Management > Backup & Restore in the navigation panel. Figure 204 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore (Folder-ZLD) Figure 205 Device Operation > Configuration Management > Signature Profile Management >...
Page 427: Signature Profile Restore (Folder)
Chapter 17 Configuration Management Table 184 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore (Folder) (continued) TYPE DESCRIPTION Device Name This is the name of the a device from which the signature profile was backed up. Device Type This is the model name of the device.
Page 428 Chapter 17 Configuration Management Restore in the Device Operation > Configuration Management > Signature Profile Management > Backup & Restore screen. Figure 206 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore > Restore (Folder-ZyNOS) Figure 207 Device Operation > Configuration Management > Signature Profile Management >...
Page 429: Restore To Device
Chapter 17 Configuration Management Table 185 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore > Restore (Folder) (continued) TYPE DESCRIPTION Base Profile This field is available when you select a signature profile on a ZLD- based ZyWALL.
Page 430: Signature Profile Backup (Device)
Chapter 17 Configuration Management Table 186 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore > Restore > Next or Restore (continued) TYPE DESCRIPTION Total Records This entry displays the total number of records on the current page of the device list.
Page 431: Reset To Factory
Chapter 17 Configuration Management 17.6.6 Reset to Factory Use this screen to restore anti-virus or IDP configuration to factory default to a device. You can track the status and look at the results of this operation in the Operation Report. See Section 27.6 on page 549.
Page 432 Chapter 17 Configuration Management then click Configuration Management > Building Block > Configuration BB in the navigation panel. Figure 211 Device Operation > Configuration Management > Building Block > Configuration BB The following table describes the fields in this screen Table 189 Device Operation >...
Page 433: Add/Edit A Configuration Bb
Chapter 17 Configuration Management 17.8 Add/Edit a Configuration BB Use this menu item to manage building blocks to the selected device. To open this menu item, click Add, Edit or Save as in the Device Operation > Configuration Management > Building Block > Configuration BB screen. Figure 212 Device Operation >...
Page 434 Chapter 17 Configuration Management The following table describes the fields in this screen. Table 190 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit/Save As TYPE DESCRIPTION Name Enter a unique name for the building block. The name must be 1-32 alphanumeric characters, dashes (-) or underscores (_).
Page 435 Chapter 17 Configuration Management Table 190 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit/Save As (continued) TYPE DESCRIPTION Feature Select the menu item the building block is for, the corresponding screen (as the following screens) displays after you click Create. Refer to Device Operation >...
Page 436: Create A Schedule Configuration Bb (Zld)
Chapter 17 Configuration Management Table 190 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit/Save As (continued) TYPE DESCRIPTION Create This is available when you add or copy a configuration BB using save as. Click this to create the building block, if necessary, and edit the detailed configuration for the selected device type, firmware version, and menu item.
Page 437: Create A User Configuration Bb (Zld)
Chapter 17 Configuration Management The following table describes the fields in this screen. Table 191 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit (ZLD Schedule) > Create TYPE DESCRIPTION Configuration Schedule Type Select One Time to configure a schedule at a specific time. For example, a schedule starts at 2009/7/20 23:00 and stops at 2009/ 7/20 23:30.
Page 438 Chapter 17 Configuration Management Edit screen, the following screen appears. Use this menu item to create a user configuration building block. Figure 216 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit (ZLD User) > Create The following table describes the fields in this screen.
Page 439: Create An Address Configuration Bb (Zld)
Chapter 17 Configuration Management Table 192 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit (ZLD User) > Create (continued) TYPE DESCRIPTION Lease Time Enter the number of minutes this user has to renew the current session before the user is logged out.
Page 440: Create A Service Configuration Bb (Zld)
Chapter 17 Configuration Management The following table describes the fields in this screen. Table 193 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit (ZLD Address) > Create TYPE DESCRIPTION Address Type Select the type of address you want to create. Choices are: HOST, RANGE, SUBNET.
Page 441: Component Bb
Chapter 17 Configuration Management Edit screen, the following screen appears. Use this menu item to create a service configuration building block. Figure 218 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit (ZLD Service) > Create The following table describes the fields in this screen.
Page 442 Chapter 17 Configuration Management device, click Device Operation in the menu bar and then click Configuration Management > Building Block > Component BB in the navigation panel. Figure 219 Device Operation > Configuration Management > Building Block > Component BB The following table describes the fields in this screen Table 195 Device Operation >...
Page 443: Add/Edit/Save As A Component Bb
Chapter 17 Configuration Management 17.10 Add/Edit/Save as a Component BB Use this menu item to add, edit, or copy a building block to the selected device. To open this menu item, click Add, Edit, or Save as in the Device Operation > Configuration Management >...
Page 444: Add/Edit A Firewall Rule Group
Chapter 17 Configuration Management Device Operation in the menu bar and then click Configuration Management > ZLD Firewall Rule Group Configuration in the navigation panel. Figure 221 Device Operation > Configuration Management > ZLD Firewall Rule Group Configuration The following table describes the fields in this screen. Table 197 Device Operation >...
Page 445 Chapter 17 Configuration Management Device Operation > Configuration Management > ZLD Firewall Rule Group Configuration screen. Figure 222 Device Operation > Configuration Management > ZLD Firewall Rule Group Configuration > Add/Edit Vantage CNM User’s Guide...
Page 446 Chapter 17 Configuration Management The following table describes the fields in this screen Table 198 Device Operation > Configuration Management > ZLD Firewall Rule Group Configuration > Add/Edit TYPE DESCRIPTION Group Firewall Rule Configuration Group Firewall Enter a descriptive name of up to 32 characters for this firewall rule. Rule Name You can use alphanumeric characters, underline (_) and hyphen (-).
Page 447 Chapter 17 Configuration Management Table 198 Device Operation > Configuration Management > ZLD Firewall Rule Group Configuration > Add/Edit (continued) TYPE DESCRIPTION Source Address Select a source address or address group for whom this rule applies. If you want to use an address object hat has been configured on the ZyWALL, select Use Address object in device and type the object’s name (case insensitive).
Page 448 Chapter 17 Configuration Management Table 198 Device Operation > Configuration Management > ZLD Firewall Rule Group Configuration > Add/Edit (continued) TYPE DESCRIPTION This is the number of an individual entry. Device Name This field displays the name of ZLD-based ZyWALL(s) to which this rule applies.
Page 449: Chapter 18 Firmware Management
H A P T E R Firmware Management 18.1 Firmware List Use this screen to upload device firmware to Vantage CNM. It is recommended administrators subscribe to a ZyXEL mailing list to be regularly informed of new firmware versions. All firmware files are downloaded to one repository within Vantage CNM. All firmware files are available to every administrator, regardless of domain.
Page 450: Add Firmware
Chapter 18 Firmware Management Table 199 Device Operation > Firmware Management > Firmware List (continued) TYPE DESCRIPTION FW Version This field displays ZyXEL device firmware version. FW Release Time This field displays the date the firmware was created. Click Add to proceed to the next screen. Remove Click to delete a selected firmware from your Vantage CNM firmware management.
Page 451: Scheduler List
Chapter 18 Firmware Management 18.2 Scheduler List Use this screen to look at and maintain the list of scheduled firmware upgrades in Vantage CNM. Once an upgrade is completed, Vantage CNM removes the upgrade record from this screen and adds it to the Log & Report > Operation Report > Firmware Upgrade Report.
Page 452: Firmware Upgrade (Folder)
Chapter 18 Firmware Management Management > Firmware List menu item to upload firmware files from the ZyXEL FTP site (or other source) to Vantage CNM first. See Section 18.1 on page 449. Consider the following when you decide to upgrade firmware. •...
Page 453: Firmware Upgrade (Device)
Chapter 18 Firmware Management 18.3.2 Firmware Upgrade (Device) Use this screen to upgrade a firmware to the selected device. To open this screen, select a device in the device window, click Device Operation in the menu bar, and then click Firmware Management > Firmware Upgrade. Figure 227 Device Operation >...
Page 454 Chapter 18 Firmware Management in the Device Operation > Firmware Management > Firmware Upgrade screen (Refer to Figure 227 on page 453 Figure 228 Device Operation > Firmware Management > Firmware Upgrade (Device) > Upgrade The following table describes the fields in this screen. Table 202 Device Operation >...
Page 455 Chapter 18 Firmware Management Table 202 Device Operation > Firmware Management > Firmware Upgrade (Device) > Upgrade TYPE DESCRIPTION Upgrade Now Select this if you want to perform the firmware upgrade right away. Schedule Time Select this radio box to define a time Vantage CNM server automatically perform upgrade for the device(s).
Page 456 Chapter 18 Firmware Management Vantage CNM User’s Guide...
Page 457: License Management
H A P T E R License Management 19.1 Service Activation Use this menu item to register the selected device and to activate subscription services. Note: This menu item is available if you click a device. 19.1.1 Registration Use this screen to register the selected device on www.myzyxel.com and to activate free trials for subscription services, such as IDP and content filtering.
Page 458 Chapter 19 License Management and then click License Management > Service Activation > Registration in the navigation panel. Figure 229 Device Operation > License Management > Service Activation > Registration (ZyNOS ZyWALL) Figure 230 Device Operation > License Management > Service Activation > Registration (ZLD ZyWALL) Vantage CNM User’s Guide...
Page 459 Chapter 19 License Management Click the Save as a BB icon to save the current configuration of the selected device as a building block. The following pop-up screen appears. Figure 231 Device Operation > License Management > Service Activiation > Registration >...
Page 460: Service
Chapter 19 License Management Table 203 Device Operation > License Management > Service Activation > Registration (continued) LABEL DESCRIPTION Anti Spam 3-month Select the check box to activate a trial. The trial period starts the Trial day you activate the trial. IDP/AV 3-month Select the check box to activate a trial.
Page 461 Chapter 19 License Management Operation in the menu bar and then click License Management > Service Activation > Service in the navigation panel Figure 232 Device Operation > License Management > Service Activation > Service (ZyNOS ZyWALL) Figure 233 Device Operation > License Management > Service Activation > Service (ZLD ZyWALL) The following table describes the labels in this screen.
Page 462: License Status
Chapter 19 License Management Table 204 Device Operation > License Management > Service Activation > Service LABEL DESCRIPTION Registration Type This field displays whether you applied for a trial application (Trial) or registered a service with your iCard’s PIN number (Standard). In addition for a ZLD-based ZyWALL, this field is blank when a service is not activated.
Page 463 Chapter 19 License Management Operation in the menu bar and then click License Management > License Status in the navigation panel. Figure 234 Device Operation > License Management > License Status (ZyNOS ZyWALL) Figure 235 Device Operation > License Management > License Status (ZLD ZyWALL) The following table describes the labels in this screen.
Page 464 Chapter 19 License Management Table 205 Device Operation > License Management > License Status (continued) LABEL DESCRIPTION Service This field displays the name of the selected service(s). Status This field displays the current status of the license is available (Active) or not (Inactive) for this service on this device (for a ZyNOS ZyWALL).
Page 465: Activate/Upgrade License
Chapter 19 License Management 19.2.1 Activate/Upgrade License Use this screen to activate a trial version of the service, if available, or to apply a license for the service to the device. To open this screen, click Upgrade in the Device Operation > License Management > License Status screen. Figure 236 Device Operation >...
Page 466: License Status (Folder)
Chapter 19 License Management 19.3 License Status (Folder) Use this screen to look at the license status for subscription service(s) on ZyWALLs under a folder that you selected. You can also search specific license information based on your input criteria. To open this screen, click a folder and then click Device Operation >...
Page 467 Chapter 19 License Management Figure 239 Device Operation > License Management > License Status (Folder) > ZyNOS Series The following table describes the labels in this screen. Table 207 Device Operation > License Management > License Status (Folder) > ZLD/ZyNOS Series LABEL DESCRIPTION Service...
Page 468 Chapter 19 License Management Table 207 Device Operation > License Management > License Status (Folder) > ZLD/ZyNOS Series (continued) LABEL DESCRIPTION Registration This field displays the type of license that is currently on the device. This Type is based on the last license that was set up on the device. For example, if you start with a trial version and upgrade to a standard license, this field shows the standard license.
Page 469: Signature Status (Device)
Chapter 19 License Management 19.4 Signature Status (Device) Use this screen to look at the current status of signatures for subscription services, such as IDP and anti-virus. To open this screen, click Device Operation in the menu bar and then click License Management > Signature Status. Figure 240 Device Operation >...
Page 470 Chapter 19 License Management Table 208 Device Operation > License Management > Signature Status (continued) LABEL DESCRIPTION Current This field displays the signatures version number currently used by the Pattern Version device. This number is defined by the ZyXEL Security Response Team (ZSRT) who maintains and updates them.
Page 471: Signature Status (Folder)
Chapter 19 License Management 19.5 Signature Status (Folder) Use this screen to look at the current status of signatures for subscription services on ZyWALLs under a folder that you selected. To open this screen, click on a folder and then click Device Operation > License Management > Signature Status. Figure 242 Device Operation >...
Page 472 Chapter 19 License Management Table 209 Device Operation > License Management > Signature Status (Folder) LABEL DESCRIPTION Current This field displays the signatures version number currently used by the Pattern Version device. This number is defined by the ZyXEL Security Response Team (ZSRT) who maintains and updates them.
Page 473: Vpn Management
VPN Management Note: The examples in this section use one of the most comprehensive examples of each screen, not every variation for each device type and firmware version. If you are unable to find a specific screen or field in this User’s Guide, please see the User’s Guide for the device for more information.
Page 475: Chapter 20 Vpn Community
H A P T E R VPN Community 20.1 VPN Community Use this menu item to manage VPN configuration between or among ZyXEL devices. To open this menu item, select the device, click VPN Management in the menu bar and then click VPN Community in the navigation panel. Figure 244 VPN Management >...
Page 476: Add/Edit A Vpn Community
Chapter 20 VPN Community Table 210 VPN Management > VPN Community (continued) FIELD DESCRIPTION Remove Click this to delete a VPN community setting. Total Records This entry displays the total number of records on the current page of the list. 20.1.1 Add/Edit a VPN Community Use this scree to configure VPN configuration between or among ZyXEL devices.
Page 477 Chapter 20 VPN Community and applies it to devices in one time. To open this menu item, click Add or Edit in the VPN Management > VPN Community screen. Figure 245 VPN Management > VPN Community > Add/Edit Vantage CNM User’s Guide...
Page 478 Chapter 20 VPN Community Click the Load a BB icon to use phase 1 or phase 2 setting from an existing building block. The following pop-up screen appears. Figure 246 VPN Management > VPN Community > Add/Edit > Load a BB Select a building block from the list box, and click Apply.
Page 479 Chapter 20 VPN Community Some fields display vary depends on the community type you selected as shown next. Figure 248 VPN Community Types Full Mesh Hub & Spoke Remote Access The following table describes the fields in this screen. Table 211 VPN Management > VPN Community > Add/Edit FIELD DESCRIPTION VPN Community...
Page 480 Chapter 20 VPN Community Table 211 VPN Management > VPN Community > Add/Edit (continued) FIELD DESCRIPTION Hub Gateway This is avaialble if you select the Hub & Spoke community type. You have to select only one device in this section. Spoke Gateways This is avaialble if you select the Hub &...
Page 481 Chapter 20 VPN Community Table 211 VPN Management > VPN Community > Add/Edit (continued) FIELD DESCRIPTION SA Life Time Define the length of time before an IKE SA automatically (Seconds) renegotiates in this field. It may range from 180 to 3,000,000 seconds (almost 35 days).
Page 482 Chapter 20 VPN Community Table 211 VPN Management > VPN Community > Add/Edit (continued) FIELD DESCRIPTION Perfect Forward Select whether or not you want to enable Perfect Forward Secrecy Secret (PFS) (PFS) and, if you do, which Diffie-Hellman key group to use for encryption.
Page 483: Chapter 21 Installation Report
H A P T E R Installation Report 21.1 Installation Report Use this screen to view the VPN community status between or among the devices. To open this screen, click a device or a folder, and then click VPN Management from the menu bar and then click Installation Report in the navigation panel.
Page 484: Show Detailed Installation Reportl
Chapter 21 Installation Report 21.1.1 Show Detailed Installation Reportl Use this screen to view whether the VPN communities have been applied successfully to all member gateways. To open this screen, click Show Detail in the VPN Management > Installation Report screen. Figure 250 VPN Management >...
Page 485: Vpn Monitor
H A P T E R VPN Monitor Use this menu item to centrally and easily monitor all VPN community status among devices. You can check from a communities list (by community) or from a devices list (by device). 22.1 Monitor VPN by Community Use this menu item to monitor all VPN community status.
Page 486: Show Detailed Vpn Community
Chapter 22 VPN Monitor The following table describes the fields in this screen. Table 214 VPN Management > VPN Monitor > By Community LABEL DESCRIPTION VPN Community This section displays you how many VPN communities in total are Summary available and how many tunnels in each community type such as Full Mesh, Hub &...
Page 487: Vpn Tunnel Diagnostics
Chapter 22 VPN Monitor The following table describes the fields in this screen. Table 215 VPN Management > VPN Monitor > By Community > Show Detail LABEL DESCRIPTION Community Name This field displays the name of the VPN community. Page Size Select how many records you want to see in each page.
Page 488 Chapter 22 VPN Monitor In this example, the ZW35-TW’s VPN is triggered manually. Then you can see both two devices’ logs and finally they establish the VPN tunnel successfully. Figure 254 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic >...
Page 489: Monitor Vpn By Device
Chapter 22 VPN Monitor Table 216 VPN Management > VPN Monitor > By Community > Show Detail > Diagnostic > Logs (continued) LABEL DESCRIPTION Total Records This entry displays the total number of records on the current page of the list. Back Click this to return to the previous screen.
Page 490: Search Vpn Tunnels
Chapter 22 VPN Monitor Table 217 VPN Management > VPN Monitor > By Device > VPN Tunnel Status LABEL DESCRIPTION Community Type This displays an VPN community type such as Full Mesh, Hub & Spoke, or Remote Access. Up Tunnels This displays how many tunnels has been successfully established.
Page 491: Sa Monitor
Chapter 22 VPN Monitor Table 218 VPN Management > VPN Monitor > By Device > VPN Tunnel Status > Search Special Tunnel LABEL DESCRIPTION This is the number of an individual entry. Device Name This displays the name of the device the VPN tunnel is configured for.
Page 492 Chapter 22 VPN Monitor Table 219 VPN Management > VPN Monitor > By Device > SA Monitor LABEL DESCRIPTION Show Detail Click this to see the detailed VPN settings of the device. See Section 22.1.1 on page 486. Total Records This entry displays the total number of records on the current page of the list.
Page 493: Part Vi: Monitor
Monitor Device Status Monitor (495) 3G Monitor (497) Device HA Status (527) Device Alarm (529)
Page 495: Chapter 23 Device Status Monitor
H A P T E R Device Status Monitor This chapter discusses how you can look at runtime and statistical information from Vantage CNM and its managed devices. 23.1 Device Status This report shows a summary of the status of Vantage CNM and it’s managed devices.
Page 496 Chapter 23 Device Status Monitor The following table describes the labels in this screen. Table 220 Monitor > Device Status LABEL DESCRIPTION Page Size Select how many records you want to see in each page. Device Name This is the name of the device where the 3G card is installed. Click the device name to locate and highlight the device in the device window.
Page 497: Chapter 24 3G Monitor
H A P T E R 3G Monitor This chapter discusses how you can look at read-only information related to the 3G (Third Generation) card(s) installed as LAN backup(s) on Vantage CNM’s monitored device(s). Read more information about 3G wireless technology in Section 5.3.3 on page To look at reports for all devices in one screen, select root in the device window before accessing the Monitor menu as shown in the next figure.
Page 498: Summary
Chapter 24 3G Monitor Note that an additional item in the navigation panel called Traffic Report also appears. Figure 260 Viewing reports for a single device (Single device) 24.1 Summary Use this screen to look at a summary of devices managed by Vantage CNM that support 3G monitoring.
Page 499 Chapter 24 3G Monitor The following table describes the labels in this screen. Table 221 Monitor > 3G Monitor > Summary LABEL DESCRIPTION Page Size Select how many records you want to see in each page. Show Details icon This icon is present if the device is registered, currently online and has a 3G card installed.
Page 500: Show Detail
Chapter 24 3G Monitor Table 221 Monitor > 3G Monitor > Summary LABEL DESCRIPTION View Click the “Show Detail” icon to view other information about the 3G card. Refer to Section 24.1.1 on page 500 for the Show Detail screen. Total Records This shows how many records there are in all.
Page 501 Chapter 24 3G Monitor The following table describes the labels in this screen. Table 222 Monitor > 3G Monitor > Show Details (3G down, Budget Control enabled) LABEL DESCRIPTION Device Name This is the name of the device where the 3G card is installed. 3G Connection This displays Down when the 3G connection is down or not activated.
Page 502 Chapter 24 3G Monitor Table 222 Monitor > 3G Monitor > Show Details (3G down, Budget Control enabled) LABEL DESCRIPTION 3G Card This displays the manufacturer of your 3G card. Manufacturer 3G Card Model This displays the model name of your 3G card. 3G Card This displays the version of the firmware currently used in the 3G card.
Page 503 Chapter 24 3G Monitor 24.1.1.2 3G connection is down, Budget Control is not enabled The 3G connection is down and you did not enable budget control in the Device Configuration > Network > WAN > 3G(WAN 2) screen (see Section 5.3.3 on page 87).
Page 504 Chapter 24 3G Monitor 24.1.1.3 3G connection is up, Budget Control is enabled The 3G connection is up and you enabled budget control in the Device Configuration > Network > WAN > 3G(WAN 2) screen (see Section 5.3.3 on page 87).
Page 505 Chapter 24 3G Monitor 24.1.1.4 3G connection is up, Budget Control is not enabled The 3G connection is up and you did not enable budget control in the Device Configuration > Network > WAN > 3G(WAN 2) screen (see Section 5.3.3 on page 87).
Page 506 Chapter 24 3G Monitor 24.1.1.6 3G is not enabled in 3G(WAN) screen There is a 3G card inserted in the device but the 3G(WAN 2) option is not enabled in the Device Configuration > Network > WAN > 3G(WAN 2) screen (see Section 5.3.3 on page 87).
Page 507 Chapter 24 3G Monitor 24.1.1.7.1 PIN error lockout There is PIN code error and you have entered the wrong PIN code three times. The Show Detail screen displays as follows. Figure 269 Monitor > 3G Monitor > Show Details (Wrong PIN entered thrice) The following table describes the labels in this screen.
Page 508 Chapter 24 3G Monitor 24.1.1.7.2 PUK code accepted You enter the correct PUK code (see Section 24.1.1.7.1 on page 507). The following screen appears. Figure 270 Monitor > 3G Monitor > Show Details (PUK code accepted) The following table describes the labels in this screen. Table 225 Monitor >...
Page 509: Availability Report
Chapter 24 3G Monitor 24.1.1.8 CDMA card modem is not active The Code Division Multiple Access (CDMA) card modem is not active. The Show Detail screen displays as follows. Figure 271 Monitor > 3G Monitor > Show Details (CDMA card modem is not active 24.1.1.9 CDMA card modem is locked The CDMA card modem is locked.
Page 510 Chapter 24 3G Monitor data. You can also check the date and time when a 3G connection has been stopped. Click Monitor > 3G Monitor > Availability Report. If you are viewing the reports for all devices (i.e., selecting root in the Topology navigation panel), the following screen displays.
Page 511 Chapter 24 3G Monitor If you are viewing the report for a single device, the following screen displays. Figure 274 Monitor > 3G Monitor > Availability Report (Single device, 7 Days) The following table describes the labels in this screen. Table 227 Monitor >...
Page 512 Chapter 24 3G Monitor Table 227 Monitor > 3G Monitor > Availability Report LABEL DESCRIPTION Availability State This bar graph shows either the Last 7 Days (default view) or Diagram Last 30 Days of 3G connection uptime diagram. Choose what day range you want in the Options column of Availability Statistics.
Page 513: Radio Report
Chapter 24 3G Monitor If you want to see up time statistics for the last thirty days, click the Last 30 Days link in the Options column. The following screen displays. Figure 275 Monitor > 3G Monitor > Availability Report (Single device, 30 Days) Refer to Figure 227 on page 511 to read the descriptions of the labels in this...
Page 514 Chapter 24 3G Monitor Click Monitor > 3G Monitor > Radio Report. When viewing the records for all devices, the following screen displays. Figure 276 Monitor > 3G Monitor > Radio Report (Folder list) Vantage CNM User’s Guide...
Page 515 Chapter 24 3G Monitor The following table describes the labels in this screen. Table 228 Monitor > 3G Monitor > Radio Report (Folder list) LABEL DESCRIPTION Current Time This shows the date and time of viewing. The date is in Year:Month:Day format.
Page 516 Chapter 24 3G Monitor Figure 277 Monitor > 3G Monitor > Radio Report > Statistics (Folder List) The following table describes the labels in this screen. Table 229 Monitor > 3G Monitor > Radio Report > Statistics (Folder List) LABEL DESCRIPTION Signal Quality Diagram Device Name...
Page 517 Chapter 24 3G Monitor When viewing the signal strength and quality report for a particular device, click Monitor > 3G Monitor > Radio Report. The following screen displays. Figure 278 Monitor > 3G Monitor > Radio Report (Single Device) The following table describes the labels in this screen. Table 230 Monitor >...
Page 518: Traffic Report
Chapter 24 3G Monitor 24.4 Traffic Report Use this screen to view the 3G connection incoming or outgoing traffic for a Vantage CNM-managed device. Note: This does not show up in the 3G Monitor navigation panel when you are in the root profile in the device window.
Page 519: Alert Report
Chapter 24 3G Monitor Table 231 Monitor > 3G Monitor > Traffic Report LABEL DESCRIPTION graph The graph displays the report information visually. It shows the incoming/outgoing traffic of the 3G connection in a line graph. The unit of measurement used is B/s (Bytes per seconds).
Page 520 Chapter 24 3G Monitor Table 232 Monitor > 3G Monitor > Alert Report (Folder List) LABEL DESCRIPTION Device Name This is the name of the device where the 3G card is installed. Alert Number This indicates how many alerts under the 3G category a device has generated.
Page 521 Chapter 24 3G Monitor When viewing the alert report for a particular device, click Monitor > 3G Monitor > Alert Report. The following screen displays. Figure 281 Monitor > 3G Monitor > Alert Report (Single device) The following table describes the labels in this screen. Table 233 Monitor >...
Page 522 Chapter 24 3G Monitor Table 233 Monitor > 3G Monitor > Alert Report (Single Device) LABEL DESCRIPTION Customize Click this to see all the recorded events in the device. Additional fields (that is, the fields inside the box in Figure 281 on page 521) appear when this option is selected, as follows: •...
Page 523: Monitor Setting
Chapter 24 3G Monitor 24.6 Monitor Setting Use these screens to set up e-mail notification settings when certain conditions are met by the managed devices and the Vantage CNM. You can customize who receives the e-mail messages, what events you are notified of, and what the e- mail message contains.
Page 524: Notification
Chapter 24 3G Monitor The following table describes the labels in this screen. Table 234 Monitor > 3G Monitor > Monitor Setting > Notification Setting LABEL DESCRIPTION Notification trigger Select the trigger events of which you want to be notified. events •...
Page 525 Chapter 24 3G Monitor Click the Go to configure notification content link in 3G Monitor > Monitor Setting > Notification Setting. The following screen displays. Figure 283 Monitor > 3G Monitor > Notification > Notification Refer to Table 253 on page 567 for the descriptions of the fields in this screen.
Page 526: Monitor Interval
Chapter 24 3G Monitor 24.6.3 Monitor Interval Use this screen to specify the time interval that the Vantage CNM accounts before updating its reports. Click Monitor > 3G Monitor > Monitor Setting > Monitor Interval. The following screen displays. Figure 284 Monitor > 3G Monitor > Monitor Setting > Monitor Interval The following table describes the labels in this screen.
Page 527: Device Ha Status Monitor
H A P T E R Device HA Status Monitor This chapter describes the monitor for device high availability (HA) status on ZLD ZyWALL device(s) such as ZyWALL 1050 or ZyWALL USG series. 25.1 Device HA Status This report shows a summary of device status. To open this screen, select a ZLD device, click Monitor in the menu bar and then click Device HA Status in the navigation panel.
Page 528 Chapter 25 Device HA Status Monitor Table 236 Monitor > Device HA Status LABEL DESCRIPTION Status This field displays the device’s current HA status. If the device is a master device, the possible status are: • Active: All VRRP interfaces status on the device are active. •...
Page 529: Chapter 26 Device Alarm
H A P T E R Device Alarm 26.1 Device Alarm Introduction Alarms are time-critical information that the device automatically sends out at the time of occurrence. You may have administrators automatically e-mailed when an alarm occurs in the CNM System Setting > Configuration > Notification screen.
Page 530 Chapter 26 Device Alarm click a folder or a device, and then click Monitor in the menu bar, click Device Alarm > Unresolved Alarm in the navigation panel. Figure 286 Monitor > Device Alarm > Unresolved Alarm The following table describes the fields in this screen. Table 238 Monitor >...
Page 531 Chapter 26 Device Alarm Table 238 Monitor > Device Alarm > Unresolved Alarm (continued) STATE DESCRIPTION Severity This field displays the alarm severity. See Section 26.1.1 on page 529 for more information. Time This field displays the time the alarm occurred. Message This field displays the reason the alarm occurred.
Page 532: Responded Alarm
Chapter 26 Device Alarm 26.1.3 Responded Alarm Responded alarms are alarms that have been responded by an administrator. Figure 287 Monitor > Device Alarm > Responded Alarm The following table describes the fields in this screen. Table 239 Monitor > Device Alarm > Responded Alarm STATE DESCRIPTION Device Name/...
Page 533 Chapter 26 Device Alarm Table 239 Monitor > Device Alarm > Responded Alarm (continued) STATE DESCRIPTION Time This field displays the time the alarm occurred. Message This field displays the reason the alarm occurred. Source This field lists the source IP address and the port number of the incoming packet.
Page 534 Chapter 26 Device Alarm Vantage CNM User’s Guide...
Page 535: Part Vii: Log & Report
Log & Report Device Operation Report (537) CNM Logs (553) VRPT (555)
Page 537: Device Operation Report
H A P T E R Device Operation Report Use this menu items to see summary reports for the tasks you submit to the devices through Vantage CNM web configurator. 27.1 Firmware Upgrade Report Firmware Upgrade means that Vantage CNM signals the device to request a firmware FTP upload from Vantage CNM.
Page 538: Firmware Report Details
Chapter 27 Device Operation Report The following table describes the labels in this screen. Table 240 Log & Report > Operation Report > Firmware Upgrade Report LABEL DESCRIPTION Show by Select this to display the firmware upgrade by devices or by groups. Select device or group if you want to see the device firmware upgrade records which were applied based on a device or a folder.
Page 539 Chapter 27 Device Operation Report this report, click Show Detail in the Log & Report > Operation Report > Firmware Upgrade Report screen showing by group. Figure 290 Log & Report > Operation Report > Firmware Upgrade Report (Group) > Show Detail The following table describes the labels in this screen.
Page 540: Configuration Report
Chapter 27 Device Operation Report 27.2 Configuration Report Use this screen to look at operation records for a device or groups. To open this screen, click Log & Report > Operation Report > Configuration Report. Figure 291 Log & Report > Operation Report > Configuration Report (Device) Figure 292 Log &...
Page 541 Chapter 27 Device Operation Report Table 242 Log & Report > Operation Report > Configuration Report (continued) LABEL DESCRIPTION Action Time This is available if you select showing by group. This field displays the date and time the operation was requested. Device Type This displays the device type.
Page 542: Configuration Report Details
Chapter 27 Device Operation Report 27.2.1 Configuration Report Details Use this screen to look at the detailed status of an configuration operation. To open this screen, click Log & Report > Operation Report > Configuration Report, and then click Show Details next to the device. Figure 293 Log &...
Page 543: Configuration File Backup Report
Chapter 27 Device Operation Report Table 243 Log & Report > Operation Report > Configuration Report > Show Details LABEL DESCRIPTION Operation Type This field displays the operation type of the configuration operation. SET display means this operation was performed from Vantage CNM to the device.
Page 544 Chapter 27 Device Operation Report the menu bar and then Operation Report > Configuration File Backup & Restore Report > Backup Report in the navigation panel. Figure 294 Log & Report > Operation Report > Configuration File Backup & Restore Report >...
Page 545: Configuration File Backup Report Details
Chapter 27 Device Operation Report The following table describes the labels in this screen. Table 244 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report LABEL DESCRIPTION Show by Select this to display the configuration operation list shown by devices or by groups.
Page 546: Configuration File Restore Report
Chapter 27 Device Operation Report Report in the menu bar and then click Operation Report > Configuration File Backup & Restore Report > Backup Report. Figure 296 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report (Group) > Show Detail The following table describes the labels in this screen.
Page 547 Chapter 27 Device Operation Report the menu bar and then click Operation Report > Configuration File Backup & Restore Report > Restore Report in the navigation panel. Figure 297 Log & Report > Operation Report > Configuration File Backup & Restore Report >...
Page 548: Signature Profile Backup Report
Chapter 27 Device Operation Report Table 246 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report (continued) LABEL DESCRIPTION Device Type This displays the device type. You can click the label to sort by this column.
Page 549: Signature Profile Restore Report
Chapter 27 Device Operation Report The following table describes the labels in this screen. Table 247 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Backup Report LABEL DESCRIPTION Page Size Select how many records you want to see in each page. This is the number of an individual entry.
Page 550 Chapter 27 Device Operation Report bar and then click Operation Report > Signature Profile Backup & Restore Report > Restore Report in the navigation panel. Figure 300 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Restore Report The following table describes the labels in this screen.
Page 551 Chapter 27 Device Operation Report Table 248 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Restore Report (continued) LABEL DESCRIPTION Admin This field displays the name of the administrator who performed the operation. Toal Records This entry displays the total number of records on the current page of the list.
Page 552 Chapter 27 Device Operation Report Vantage CNM User’s Guide...
Page 553: Chapter 28 Cnm Logs
H A P T E R CNM Logs 28.1 Vantage CNM Logs Use these screens to view and configure Vantage CNM system log preferences. 28.1.1 CNM Logs You can view system logs for previous day, the last two days or up to one week here.
Page 554 Chapter 28 CNM Logs The following table describes the labels in this screen. Table 249 Log & Report > CNM Logs LABEL DESCRIPTION Incident Select one of the general categories of events whose logs you want to view from the first list box. Select a more specific type of event whose logs you want to view from the second list box.
Page 555: Chapter 29 Vrpt
H A P T E R VRPT The Report menu activates Vantage Report. This chapter introduces Vantage Report and its role in Vantage CNM. Then, it explains how to set up and start Vantage Report. Please refer to the Vantage Report 3.1 User’s Guide for more detailed information.
Page 556: Vantage Report In Vantage Cnm
Chapter 29 VRPT 29.2 Vantage Report in Vantage CNM Vantage Report in Vantage CNM is a special release for Vantage CNM only. No additional license is required to use it. Vantage Report in Vantage CNM generally supports the capabilities available in the professional version of standalone Vantage Report, including drill-down reports, reverse DNS lookup, web usage by category, anti-virus, anti-spam, and HTML reports by e-mail.
Page 557: Opening Vantage Report In Vantage Cnm
Chapter 29 VRPT Note: Vantage Report has Standalone and Vantage CNM versions. Make sure you install the Vantage Report in Vantage CNM version which is in the same package of Vantage CNM. Vantage CNM cannot work with Vantage Report Standalone version. Click CNM System Setting >...
Page 558 Chapter 29 VRPT If the device is not managed by any Vantage Report instance yet, the Vantage Report window does not open, an error message appears to say this device is not associated with the Vantage Report. Note: Refer to Vantage Report User’s Guide for more detailed information. Vantage CNM User’s Guide...
Page 559: Part Viii: Cnm System Setting
VIII CNM System Setting CNM System Setting (561) Maintenance (581) Device Owner (585) Vantage CNM Software Upgrade (587) License (589) About CNM (591)
Page 561: Chapter 30 Cnm System Setting
H A P T E R CNM System Setting Use these screens to configure Vantage CNM server settings such as servers configuration, system maintenance, create and define device owner, software upgrade, license management, and about. 30.1 Servers Configuration You can configure these servers as you install Vantage CNM (in the installation wizard) or after you install it in this screen.
Page 562 Chapter 30 CNM System Setting Note: Make sure the FTP account’s permission includes Files (read/write/delete), Directories (list/create/delete) and Sub-directories (inherit). Figure 305 CNM System Setting > Configuration > Servers > Configuration The following table describes the fields in this screen. Table 250 CNM System Setting >...
Page 563: Vantage Cnm Server Public Ip Address
Chapter 30 CNM System Setting Table 250 CNM System Setting > Configuration > Servers > Configuration LABEL DESCRIPTION Internal IP or If your FTP server is in the same private network as the Vantage Domain Name CNM server, select this and type the IP address or domain name of the FTP server.
Page 564: Servers Status
Chapter 30 CNM System Setting Right-click the Vantage CNM icon in the system tray and select STOP. Right-click the icon again and select START. When you register new devices with Vantage CNM, make sure the new device can ping the Vantage CNM server (the new Vantage CNM Public IP address) and then set the device’s Manager IP address correspondingly.
Page 565: User Access
Chapter 30 CNM System Setting The following table describes the fields in this screen. Table 251 CNM System Setting > Configuration > Servers > Status LABEL DESCRIPTION Vantage CNM Server This field displays the IP address of the communications server. public IP If the COM server is on the same computer as Vantage CNM, then this address is the same IP address as that of the Vantage...
Page 566: Notifications
Chapter 30 CNM System Setting Setting in the menu bar and then click Configuration > User Access in the navigation panel. Figure 307 CNM System Setting > Configuration > User Access The following table describes the fields in this screen. Table 252 CNM System Setting >...
Page 567: Notifications Settings
Chapter 30 CNM System Setting 30.4.1 Notifications Settings Use this screen to decide who should receive e-mail for device and CNM events that may warrant immediate attention such as a VPN tunnel down or a device reboot or a CNM log purge notification. Device Owner is a variable that refers to the e-mail address of the device owner (configured in the Device Owner screen).
Page 568 Chapter 30 CNM System Setting Table 253 CNM System Setting > Configuration > Notification (continued) LABEL DESCRIPTION Apply Click this to save your settings in Vantage CNM. Reset Click this to begin configuring the screen afresh. 30.4.1.1 Email Customization Use this screen to customize the notification e-mail that Vantage CNM sends out. Select the event for which you want to customize the e-mail message and click the icon in the E-mail Customization table column found in CNM System Setting >...
Page 569: Log Setting
Chapter 30 CNM System Setting Table 254 CNM System Setting > Configuration > Notification > Email Customization LABEL DESCRIPTION variable legend This is a list of the variables used in the e-mail message. Apply Click this to save your settings. Cancel Click this to clear the changes you have made and go back to the previous screen.
Page 570 Chapter 30 CNM System Setting CNM System Setting in the menu bar and then click Configuration > Log Setting in the navigation panel. Figure 310 CNM System Setting > Configuration > Log Setting Vantage CNM User’s Guide...
Page 571: Vrpt Management
Chapter 30 CNM System Setting The following table describes the labels in this screen. Table 255 CNM System Setting > Configuration > Log Setting LABEL DESCRIPTION Log & Report Stores Enter the maximum days the Vantage CNM stores device logs, CNM system logs, CNM reports.
Page 572 Chapter 30 CNM System Setting The following table describes the labels in this screen. Table 256 CNM System Setting > Configuration > VRPT Management LABEL DESCRIPTION This is the number of an individual entry. Name This field displays the name of the Vantage Report instance in Vantage CNM.
Page 573: Add/Edit Vrpt Management
Chapter 30 CNM System Setting 30.6.1 Add/Edit VRPT Management Use this screen to configure a VRPT server. To open this screen, click Add or Edit in the CNM System Setting > Configuration > VRPT Management screen. Figure 312 CNM System Setting > Configuration > VRPT Management > Add/Edit The following table describes the labels in this screen.
Page 574: Certificate Management Overview
Chapter 30 CNM System Setting Table 257 CNM System Setting > Configuration > VRPT Management > Add/Edit LABEL DESCRIPTION Add Devices to VRPT Click the icon and the associated devices screen appears Server where you can select associated device(s) to this VRPT server. Click Add to return to the previous screen and the selected device(s) display in the Associated Devices field.
Page 575: Advantages Of Certificates
Chapter 30 CNM System Setting Jenny receives the message and uses Tim's public key to decrypt it. Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny's public key to decrypt the message. The device uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection.
Page 576: Current Certificate Information
Chapter 30 CNM System Setting 30.7.2 Current Certificate Information You can view your current certificate information in this screen, including certificate name, type, origin and duration of validity. Figure 313 CNM System Setting > Configuration > Certificate Management The following table describes the labels in this screen. Table 258 CNM System Setting >...
Page 577: Create Csr
Chapter 30 CNM System Setting Table 258 CNM System Setting > Configuration > Certificate Management LABEL DESCRIPTION Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a "Not Yet Valid!" message if the certificate has not yet become applicable.
Page 578: Import Certificate
Chapter 30 CNM System Setting Table 259 CNM System Setting > Configuration > Certificate Management > Create CSR (continued) LABEL DESCRIPTION Organization Unit Type the organization unit (for example, department or division) in this field. You can use 1-32 alphanumeric characters, underscores (_), or dashes (-).
Page 579 Chapter 30 CNM System Setting The following table describes the labels in this screen. Table 260 CNM System Setting > Configuration > Certificate Management > Import Certificate LABEL DESCRIPTION Input Certificate Input Your Certificate Type in the location of the certificate you want to upload in Path this field or click Browse ...
Page 580 Chapter 30 CNM System Setting Vantage CNM User’s Guide...
Page 581: Chapter 31 Maintenance
H A P T E R Maintenance Use the Maintenance screens to manage, back up and restore Vantage CNM system backup files. Data maintenance includes device firmware and configuration files you have uploaded to the Vantage CNM server. You can back up or restore to your computer or Vantage CNM.
Page 582: Backup
Chapter 31 Maintenance Table 261 CNM System Setting > Maintenance > System (continued) LABEL DESCRIPTION Admin This field displays who created the system backup file. Backup Click this to create a system backup file. Restore Click this to restore a system backup file. Note: System will kick out all on-line users before restoring a system backup file.
Page 583: Device Maintenance
Chapter 31 Maintenance The following table describes the fields in this screen. Table 262 CNM System Setting > Maintenance > System > Backup LABEL DESCRIPTION File Name Type up to 35 alphanumberic charactors for this backup file name. Space is not allowed. Description Type up to 255 charactors for the file backup description.
Page 584 Chapter 31 Maintenance After click Import, you may get the following error message if any device(s) in the imported list have already existed in the Vantage CNM. You can edit the device list file, remove the duplicated device information and import again. Figure 319 CNM System Setting >...
Page 585: Device Owner
H A P T E R Device Owner 32.1 Device Owner This screen list the address book which is a list of personal details of people of device owners. You can add, edit or remove a device owner in this screen. To associate a device owner with a device, select the person’s name in the Device Owner field when you add or edit a device (via right clicking your mouse) in the device window.
Page 586: Add/Edit A Device Owner
Chapter 32 Device Owner 32.1.1 Add/Edit a Device Owner Use this screen to add or edit an entry in the address book. To open this screen, click Add to create a new entry or click Edit to modify an existing entry on the Device Owner screen.
Page 587: Vantage Cnm Software Upgrade
H A P T E R Vantage CNM Software Upgrade 33.1 CNM Software Upgrade Use this screen to view the current Vantage CNM software version or perform a software upgrade. Enter the full path of a software file in your computer or click Browse...
Page 588 Chapter 33 Vantage CNM Software Upgrade Vantage CNM User’s Guide...
Page 589: License
H A P T E R License 34.1 CNM Licence Use this screen to renew a standard license key to continuely use Vantage CNM after the trial period or the old license key expires. Click CNM System Setting in the menu bar and then click License in the navigation panel to display the next screen.
Page 590: License Upgrade
Chapter 34 License 34.1.1 License Upgrade License key is a licence to manage a specific number of ZyXEL devices. It can be found in the iCard. Type a license key to the License Key field and click Apply to increase the maximum device number the Vantage CNM is allowed to manage. Click Upgrade in the CNM System Setting >...
Page 591: Chapter 35 About Cnm
H A P T E R About CNM 35.1 About CNM Use this screen to see Vantage CNM’s software version, release date and the copyright. To open this screen, click CNM System Setting in the menu bar and then click About in the navigation panel. Figure 326 CNM System Setting >...
Page 592 Chapter 35 About CNM Vantage CNM User’s Guide...
Page 593: Part Ix: Account Management
Account Management User Group (595) Account (599)
Page 595: User Group
H A P T E R User Group Use these screens to manage Vantage CNM user groups. A group is associated with the privilege you defined and it is for one management domain. After you create a group, you can associate the user(s) with this group before the user(s) can perform any functions in Vantage CNM.
Page 596: Add User Group
Chapter 36 User Group Table 270 Account Management > Group (continued) LABEL DESCRIPTION Edit Click this to modify an existing group. Remove Click this to delete a group. Note: You cannot remove the Super group. 36.1.1 Add User Group Use this screen to create or edit a “user group” (administrator permission template).
Page 597 Chapter 36 User Group Table 271 Account Management > Group > Add (continued) LABEL DESCRIPTION Device Access Privileges Click the icon and the associated devices screen appears where you can select associated device(s) this user group is allowed to access to. Click Add to return to the previous screen and the selected device(s) display in the Associated Folders/Devices field.
Page 598 Chapter 36 User Group Vantage CNM User’s Guide...
Page 599: Chapter 37 Account
H A P T E R Account An account is a user with permissions inherited from the associated group. “Root” is the predefined administrator belonging to the Super group. Only “root” or any accounts belonging to Super group can do everything including managing the Vantage CNM system.
Page 600: Account
Chapter 37 Account Super permissions are pre-defined in Vantage CNM and are not editable by Vantage CNM Administrators. A “super” Administrator cannot edit any Vantage CNM system settings, but can view (read only) Vantage CNM system status and Vantage CNM logs (but cannot purge or change log options).
Page 601: Add/Edit An Administrator Account
Chapter 37 Account 37.3.1 Add/Edit an Administrator Account Click Add in the Account Management > Account screen to create a new Administrator account or click Edit to modify an existing Administrator account. Use this screen to edit the password, contact information or define the group for an Administrator.
Page 602 Chapter 37 Account Table 273 Account Management > Account > Add/Edit (continued) LABEL DESCRIPTION Country Select the country where this person is located. Telephone Type the complete telephone number including area codes for this Number Administrator. Description Type some extra information about the Administrator. Apply Click this to save your settings in Vantage CNM.
Page 603: Part X: Troubleshooting
Troubleshooting Troubleshooting (605)
Page 605: Chapter 38 Troubleshooting
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into following categories. • Vantage CNM Access and Login • Device Management • Device Firmware Management • Vantage Report 38.1 Vantage CNM Access and Login See the Quick Start Guide for additional suggestions.
Page 606: Device Management
Chapter 38 Troubleshooting Make sure you have entered the user name and password correctly. The user name and password are case-sensitive, so make sure [Caps Lock] is not on. If this does not work, contact the network administrator or local vendor. 38.2 Device Management One device always keeps in On_Pending status in the device window.
Page 607: Vantage Report
Chapter 38 Troubleshooting Make sure if you have configured the FTP information properly in the CNM System Setting > Configuration > Servers > Configuration. You can use the CNM System Setting > Configuration > Servers > Configuration > Status screen to check if the connection is ok between the Vantage CNM and the FTP server.
Page 608 Chapter 38 Troubleshooting Make sure you have selected the associated devices in the Associated Devices in the CNM System Setting > Configuration > VRPT Management > Edit screen. See Section 30.6.1 on page 573. Make sure there are log entries or traffic statistics for the report dates you selected.
Page 609: Part Xi: Appendices And Index
Appendices and Index Product Specifications (611) Setting up Your Computer’s IP Address (617) Pop-up Windows, Java Scripts and Java Permissions (635) IP Addresses and Subnetting (643) IP Address Assignment Conflicts (653) Common Services (657) Importing Certificates (661) Open Software Announcements (667) Legal Information (695) Index (697)
Page 611: Appendix A Product Specifications
P P E N D I X Product Specifications This appendix summarizes Vantage CNM’s and Vantage Report’s specifications. Vantage CNM Specifications This section summarizes Vantage CNM’s specifications. Table 274 Firmware Specifications FEATURE DESCRIPTION Default User Name root Default Password root Object Tree View Three defined views: Account, Type, and Main Status icons...
Page 612 Appendix A Product Specifications Table 274 Firmware Specifications (continued) FEATURE DESCRIPTION Monitoring and Alarm monitor Notifications Status monitor for urgent alerts E-mail alerts Logs Vantage CNM logs Vantage Report for device logs Data Maintenance Back up and restore entire Vantage CNM configuration System Management Vantage CNM server IP address FTP server...
Page 613 Appendix A Product Specifications Table 277 Trusted CAs (Keystore type: jks, Keystore provider: SUN) (continued) DATE MD5 FINGERPRINT verisignclass2g2ca Mar 26, 2004 2D:BB:E5:25:D3:D1:65:82:3A:B7: 0E:FA:E6:EB:E2:E1 verisignclass3g3ca Mar 26, 2004 CD:68:B6:A7:C7:C4:CE:75:E0:1D: 4F:57:44:61:92:09 godaddyclass2ca Jan 12, 2005 91:DE:06:25:AB:DA:FD:32:17:0C: BB:25:17:2A:84:67 entrustglobalclientca Jan 9, 2003 9A:77:19:18:ED:96:CF:DF:1B:B7: 0E:F5:8D:B9:88:2E mykey...
Page 614 Appendix A Product Specifications Table 277 Trusted CAs (Keystore type: jks, Keystore provider: SUN) (continued) DATE MD5 FINGERPRINT verisignserverca Jun 30, 1998 74:7B:82:03:43:F0:00:9E:6B:B3: EC:47:BF:85:A5:93 baltimorecybertrustca May 10, 2002 AC:B6:94:A5:9C:17:E0:D7:91:52: 9B:B1:97:06:A6:E4 valicertclass2ca Jan 12, 2005 A9:23:75:9B:BA:49:36:6E:31:C2: DB:F2:E7:66:BA:87 geotrustglobalca Jul 19, 2003 F7:75:AB:29:FB:51:4E:B7:77:5E: FF:05:3C:99:8E:F5 gtecybertrust5ca...
Page 615 Appendix A Product Specifications Table 280 Feature Specifications (continued) FEATURE SPECIFICATION Maximum Number of Entries in the Table at the Bottom of Each Statistical Report Log Consolidation Frequency 4 minutes Table 281 Default Access Administrator’s username root Administrator’s password root Configurator Access https:// {VRPT_public_IP}:8088/vrpt...
Page 616 Appendix A Product Specifications Vantage CNM User’s Guide...
Page 617: Appendix B Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 618 Appendix B Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 331 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.
Page 619 Appendix B Setting up Your Computer’s IP Address Select Microsoft from the list of manufacturers. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: Click Add. Select Client and then click Add. Select Microsoft from the list of manufacturers.
Page 620 Appendix B Setting up Your Computer’s IP Address Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 333 Windows 95/98/Me: TCP/IP Properties: DNS Configuration Click the Gateway tab.
Page 621 Appendix B Setting up Your Computer’s IP Address Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 334 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT).
Page 622 Appendix B Setting up Your Computer’s IP Address Right-click Local Area Connection and then click Properties. Figure 336 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 337 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 623 Appendix B Setting up Your Computer’s IP Address • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. •...
Page 624 Appendix B Setting up Your Computer’s IP Address • Click OK when finished. Figure 339 Windows XP: Advanced TCP/IP Properties In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 625 Appendix B Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 340 Windows XP: Internet Protocol (TCP/IP) Properties Click OK to close the Internet Protocol (TCP/IP) Properties window. Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
Page 626 Appendix B Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 341 Macintosh OS 8/9: Apple Menu Vantage CNM User’s Guide...
Page 627 Appendix B Setting up Your Computer’s IP Address Select Ethernet built-in from the Connect via list. Figure 342 Macintosh OS 8/9: TCP/IP For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: •...
Page 628 Appendix B Setting up Your Computer’s IP Address Macintosh OS X Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 343 Macintosh OS X: Apple Menu Click Network in the icon bar. • Select Automatic from the Location list. •...
Page 629 Appendix B Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your device in the Router address box. Click Apply Now and close the window.
Page 630 Appendix B Setting up Your Computer’s IP Address Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 346 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list.
Page 631 Appendix B Setting up Your Computer’s IP Address Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 348 Red Hat 9.0: KDE: Network Configuration: Activate After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Page 632 Appendix B Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Page 633 Appendix B Setting up Your Computer’s IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 353 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:10.1.19.129 Bcast:10.1.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...
Page 634 Appendix B Setting up Your Computer’s IP Address Vantage CNM User’s Guide...
Page 635: Appendix C Pop-Up Windows, Java Scripts And Java Permissions
P P E N D I X Pop-up Windows, Java Scripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • Java Scripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 636 Appendix C Pop-up Windows, Java Scripts and Java Permissions In Internet Explorer, select Tools, Internet Options, Privacy. Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 355 Internet Options: Privacy Click Apply to save this setting.
Page 637 Appendix C Pop-up Windows, Java Scripts and Java Permissions Select Settings…to open the Pop-up Blocker Settings screen. Figure 356 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. Vantage CNM User’s Guide...
Page 638 Appendix C Pop-up Windows, Java Scripts and Java Permissions Click Add to move the IP address to the list of Allowed sites. Figure 357 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. Java Scripts If pages of the web configurator do not display properly in Internet Explorer, check that Java Scripts are allowed.
Page 639 Appendix C Pop-up Windows, Java Scripts and Java Permissions In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 358 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default).
Page 640 Appendix C Pop-up Windows, Java Scripts and Java Permissions Click OK to close the window. Figure 359 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM.
Page 641 Appendix C Pop-up Windows, Java Scripts and Java Permissions Click OK to close the window. Figure 360 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. Vantage CNM User’s Guide...
Page 642 Appendix C Pop-up Windows, Java Scripts and Java Permissions Click OK to close the window. Figure 361 Java (Sun) Vantage CNM User’s Guide...
Page 643: Appendix D Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 644 Appendix D IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 362 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Page 645 Appendix D IP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a “1”...
Page 646 Appendix D IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
Page 647 Appendix D IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 363 Subnetting Example: Before Subnetting You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).
Page 648 Appendix D IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 364 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of –...
Page 649 Appendix D IP Addresses and Subnetting Each subnet contains 6 host ID bits, giving 2 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 286 Subnet 1 IP/SUBNET MASK NETWORK NUMBER...
Page 650 Appendix D IP Addresses and Subnetting Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 290 Eight Subnets SUBNET LAST BROADCAST...
Page 651 Appendix D IP Addresses and Subnetting Table 292 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.224.0 (/19) 8190 255.255.240.0 (/20) 4094 255.255.248.0 (/21) 2046 255.255.252.0 (/22) 1022 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26)
Page 652 Appendix D IP Addresses and Subnetting Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: •...
Page 653: Appendix E Ip Address Assignment Conflicts
P P E N D I X IP Address Assignment Conflicts This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The device is using the same LAN and WAN IP addresses The following figure shows an example where the device is using a WAN IP address that is the same as the IP address of a computer on the LAN.
Page 654 Appendix E IP Address Assignment Conflicts Case B: The Device LAN IP address conflicts with the DHCP client IP address In the following figure, the device is acting as a DHCP server. The device assigns an IP address, which is the same as its LAN port IP address, to a DHCP client attached to the LAN.
Page 655 Appendix E IP Address Assignment Conflicts Case D: Two or more subscribers have the same IP address. By converting all private IP addresses to the WAN IP address, the device allows subscribers with different network configurations to access the Internet. However, there are situations where two or more subscribers are using the same private IP address.
Page 656 Appendix E IP Address Assignment Conflicts Vantage CNM User’s Guide...
Page 657: Appendix F Common Services
P P E N D I X Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/ code numbers and services, visit the IANA (Internet Assigned Number Authority) web site.
Page 658 Appendix F Common Services Table 293 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION User-Defined The IPSEC ESP (Encapsulation (IPSEC_TUNNEL) Security Protocol) tunneling protocol uses this service. FINGER Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.
Page 659 Appendix F Common Services Table 293 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION PPTP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. PPTP_TUNNEL User-Defined PPTP (Point-to-Point Tunneling (GRE) Protocol) enables secure transfer of data over public networks.
Page 660 Appendix F Common Services Table 293 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution.
Page 661: Appendix G Importing Certificates
P P E N D I X Importing Certificates This appendix shows importing certificates examples using Netscape Navigator and Internet Explorer 5. This appendix uses the ZyWALL 70 as an example. Other models should be similar. Import Vantage CNM’s Certificates into Netscape Navigator In Netscape Navigator, you can permanently trust the Vantage CNM’s server certificate by importing it into your operating system as a trusted certification authority.
Page 662 Appendix G Importing Certificates To have Internet Explorer trust a Vantage CNM certificate issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted certification authority. The following example procedure shows how to import the Vantage CNM’s (self- signed) server certificate into your operating system as a trusted certification authority.
Page 663 Appendix G Importing Certificates Click Next to begin the Install Certificate wizard. Figure 372 Certificate Import Wizard 1 Select where you would like to store the certificate and then click Next. Figure 373 Certificate Import Wizard 2 Vantage CNM User’s Guide...
Page 664 Appendix G Importing Certificates Click Finish to complete the Import Certificate wizard. Figure 374 Certificate Import Wizard 3 Vantage CNM User’s Guide...
Page 665 Appendix G Importing Certificates Click Yes to add the Vantage CNM certificate to the root store. Figure 375 Root Certificate Store Figure 376 Certificate General Information after Import Vantage CNM User’s Guide...
Page 666 Appendix G Importing Certificates Vantage CNM User’s Guide...
Page 667: Appendix H Open Software Announcements
P P E N D I X Open Software Announcements Notice Information herein is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, except the express written permission of ZyXEL Communications Corporation.
Page 668 Appendix H Open Software Announcements IN NO EVENT SHALL INTALIO, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,...
Page 669 Appendix H Open Software Announcements "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
Page 670 Appendix H Open Software Announcements 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works hereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License;...
Page 671 Appendix H Open Software Announcements Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
Page 672 Appendix H Open Software Announcements The names "Apache" and "Apache Software Foundation" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact apache@apache.org. Products derived from this software may not be called "Apache", nor may "Apache"...
Page 673 Appendix H Open Software Announcements The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
Page 674 Appendix H Open Software Announcements Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License.
Page 675 Appendix H Open Software Announcements may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.
Page 676 Appendix H Open Software Announcements entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole.
Page 677 Appendix H Open Software Announcements covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not.
Page 678 Appendix H Open Software Announcements must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
Page 679 Appendix H Open Software Announcements you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all.
Page 680 Appendix H Open Software Announcements 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/ OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Page 681 Appendix H Open Software Announcements When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs;...
Page 682 Appendix H Open Software Announcements 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty;...
Page 683 Appendix H Open Software Announcements a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium...
Page 684 Appendix H Open Software Announcements 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License.
Page 685 Appendix H Open Software Announcements NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/ OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"...
Page 686 Appendix H Open Software Announcements This software is provided "AS IS," without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC.
Page 687 Appendix H Open Software Announcements THIS SOFTWARE IS PROVIDED "AS IS," WITHOUT A WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC.
Page 688 Appendix H Open Software Announcements that (i) you distribute the Software complete and unmodified (unless otherwise specified in the applicable README file) and only bundled as part of, and for the sole purpose of running, your Programs, (ii) the Programs add significant and primary functionality to the Software, (iii) you do not distribute additional software intended to replace any component(s) of the Software (unless otherwise specified in the applicable README file), (iv) you do not remove or alter any proprietary...
Page 689 Appendix H Open Software Announcements Software may automatically download, install, and execute software applications from sources other than Sun ("Other Software"). Sun makes no representations of a relationship of any kind to licensors of Other Software. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED...
Page 690 Appendix H Open Software Announcements Changed name on LICENSE to be lawyerriffic Line 1 Copyright (c) 2005, the Lawrence Journal-World 2 All rights reserved. 4 Redistribution and use in source and binary forms, with or without modification, 5 are permitted provided that the following conditions are met: 1.
Page 691 26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS NOTE: Some components of the Vantage CNM 2.3 incorporate source code covered under the Apache License, GPL License, LGPL License, Sun License, and Castor License. To obtain the source code covered under those Licenses, please contact ZyXEL Communications Corporation at ZyXEL Technical Support.
Page 692 Appendix H Open Software Announcements You have no ownership rights in the Software. Rather, you have a license to use the Software as long as this License Agreement remains in full force and effect. Ownership of the Software, Documentation and all intellectual property rights therein shall remain at all times with ZyXEL.
Page 693 Appendix H Open Software Announcements WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET ANY REQUIREMENTS OR NEEDS YOU MAY HAVE, OR THAT THE SOFTWARE WILL OPERATE ERROR FREE, OR IN AN UNINTERUPTED FASHION, OR THAT ANY DEFECTS OR ERRORS IN THE SOFTWARE WILL BE CORRECTED, OR THAT THE SOFTWARE IS COMPATIBLE WITH ANY PARTICULAR PLATFORM.
Page 694 Appendix H Open Software Announcements 10. Termination This License Agreement is effective until it is terminated. You may terminate this License Agreement at any time by destroying or returning to ZyXEL all copies of the Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement.
Page 695: Appendix I Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 696 Appendix I Legal Information equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 697: Index
Index Index address objects Numerics and firewall 319, 447 and force user authentication policies and NAT introduction and policy routes 304, 368 3G. see third generation HOST RANGE SUBNET types of admin users multiple logins administrators Bind DN 386, 389 idle timeout Distinguished Name, see DN maximum number logged in...
Page 698 Index search topology unassociate a device 35, 36 backing up (CNM configuration) devices bandwidth management activating subscription services and policy routes firmware 449, 451, 495, 527, 537 maximize bandwidth usage group configuration 540, 543, 546 Bind DN 386, 389 icons building blocks inconsistencies with CNM applying...
Page 699 Index filter, MAC address firewall actions 319, 447 IANA and address groups 319, 447 icons and address objects 319, 447 devices and logs 319, 447 folders and port triggering views and schedules 318, 446 idle timeout 26, 565 and service groups 319, 447 IE 7.0 security risk messages and services...
Page 700 Index CHAP/PAP maximum number of online users MPPE menu bar MSCHAP Microsoft MSCHAP-V2 Challenge-Handshake Authentication Protocol (MSCHAP) 291, 399 ISP accounts Challenge-Handshake Authentication Protocol Version 2 (MSCHAP-V2) authentication type 291, 399 Point-to-Point Encryption (MPPE) encryption method stac compression MPPE (Microsoft Point-to-Point Encryption) 288, 400 MSCHAP (Microsoft Challenge-Handshake Authentication Protocol)
Page 701 Index PFS (Perfect Forward Secrecy) and OSPF and static routes PIN code authentication PIN. see Personal Identification Number redistribute ping check 253, 276, 282 rom files. See configuration files. policy enforcement in IPSec root administrator policy routes Routing Information Protocol, see RIP actions and address objects 304, 368...
Page 702 Index SSL application object transport encapsulation file sharing application triangle routes summary allowing through the firewall web-based trunks SSL policy and policy routes member interface mode edit member interfaces SSL VPN tunnel encapsulation see also SSL stac compression 288, 400 static routes and interfaces and RIP...
Page 703 Index Installation Report VPN concentrator advantages and IPSec SA policy enforcement disadvantages VPN connections and policy routes VRPT (Vantage Report) warranty note web configurator device window devices function window icons 26, 27 timeout title bar 26, 27 web-based SSL application create WEP encryption 119, 121...

This manual is also suitable for:

Vantage cnm

ZyXEL Communications Vantage CNM 2.3 User Manual

About this User's Guide

Document Conventions

Contents Overview

Chapter 1 Introducing Vantage CNM

PART I Introduction

Chapter 2 GUI Introduction

Chapter 3 Load or Save Building Blocks (BB)

Part II: Device Configuration (Zynos and Prestige)

Load or Save Building Blocks (BB)

Chapter 4 Device General Settings

Chapter 5 Device Network Settings

Chapter 6 Device Security Settings

Chapter 7 Device Advanced Settings

Chapter 8 Device Log

Part III: Device Configuration (ZLD)

Chapter 9 Device Network Settings

Chapter 10 Firewall

Chapter 11 Ipsec VPN

Chapter 12 SSL VPN

Chapter 13 L2TP VPN

Chapter 14 Object

Chapter 15 AAA

Chapter 16 Maintenance

Part IV: Configuration, Firmware and Licence Management

Chapter 17 Configuration Management

Chapter 18 Firmware Management

Chapter 19 License Management

VPN Management

Chapter 20 VPN Community

Chapter 21 Installation Report

Chapter 22 VPN Monitor

Part VI: Monitor

Chapter 23 Device Status Monitor

Chapter 24 3G Monitor

Chapter 25

Device HA Status Monitor

Chapter 26 Device Alarm

Part VII: Log & Report

Chapter 27 Device Operation Report

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Vantage CNM 2.3

Summary of Contents for ZyXEL Communications Vantage CNM 2.3