ZyXEL Communications ZyWALL 5 User Manual page 31

ZyWALL 5 Internet Security Appliance
to-site lines. The ZyWALL VPN is based on the IPSec standard and is fully interoperable with other
IPSec-based VPN products.
X-Auth (Extended Authentication)
X-Auth provides added security for VPN by requiring each VPN client to use a username and
password.
Certificates
The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates are based
on public-private key pairs. Certificates provide a way to exchange public keys for use in
authentication.
SSH
The ZyWALL uses the SSH (Secure Shell) secure communication protocol to provide secure
encrypted communication between two hosts over an unsecured network.
HTTPS
HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol that
encrypts and decrypts web sessions. Use HTTPS for secure web configurator access to the ZyWALL
Firewall
The ZyWALL is a stateful inspection firewall with DoS (Denial of Service) protection. By default,
when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is
initiated from the LAN. The ZyWALL firewall supports TCP/UDP inspection, DoS detection and
prevention, real time alerts, reports and logs.
Content Filtering
The ZyWALL can block web features such as ActiveX controls, Java applets and cookies, as well as
disable web proxies. The ZyWALL can block or allow access to web sites that you specify. The
ZyWALL can also block access to web sites containing keywords that you specify. You can define
time periods and days during which content filtering is enabled and include or exclude a range of users
on the LAN from content filtering.
You can also subscribe to category-based content filtering that allows your ZyWALL to check web
sites against an external database of dynamically updated ratings of millions of web sites.
Universal Plug and Play (UPnP)
Using the standard TCP/IP protocol, the ZyWALL and other UPnP-enabled devices can dynamically
join a network, obtain an IP address and convey its capabilities to other devices on the network.
RADIUS (RFC2138, 2139)
RADIUS (Remote Authentication Dial In User Service) server enables authentication, authorization
and accounting for your wireless network.
IEEE 802.1x for Network Security
The ZyWALL supports the IEEE 802.1x standard that works with the IEEE 802.11 to enhance user
authentication. With the local user profile, the ZyWALL allows you to configure up 32 user profiles
without a network authentication server. In addition, centralized user and accounting management is
possible on an optional network authentication server.
Getting to Know Your ZyWALL 1-3