ZyXEL Communications ZyWALL 2 Compact Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. ADSL 2+ Security Gateway
  6. Compact manual
ZyXEL Communications ZyWALL 2 Compact Manual

ZyXEL Communications ZyWALL 2 Compact Manual

Internet security gateway
Hide thumbs Also See for ZyWALL 2:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
ZyWALL 2
Internet Security Gateway
Compact Guide
Version 3.62
April 2004

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ZyWALL 2 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications ZyWALL 2

Summary of Contents for ZyXEL Communications ZyWALL 2

  • Page 1 ZyWALL 2 Internet Security Gateway Compact Guide Version 3.62 April 2004...

  • Page 2: Table Of Contents

    ZyWALL 2 Table of Contents 1 Introducing the ZyWALL ......................4 2 Hardware ............................4 2.1 Rear Panel ..........................5 2.2 The Front Panel LEDs....................... 5 3 Setting Up Your Computer’s IP Address..................7 3.1 Windows 2000/NT/XP ......................7 4 Configuring Your ZyWALL ......................9 4.1 Accessing Your ZyWALL Via Web Configurator..............
  • Page 3 ZyWALL 2 5.14 Configuring VPN Policies..................... 32 5.14.1 X-Auth (Extended Authentication)................32 5.14.2 Certificates........................32 5.15 Viewing SA Monitor ......................40 5.16 Remote Management......................40 5.16.1 HTTPS........................... 41 5.16.2 SSH..........................41 5.17 UPnP Overview........................41 5.18 Configuring UPnP ......................... 41...

  • Page 4: Introducing The Zywall

    ZyWALL 2 1 Introducing the ZyWALL The ZyWALL 2 is the ideal secure gateway for all data passing between the Internet and the LAN. By integrating NAT, firewall and VPN capability, ZyXEL’s ZyWALL 2 is a complete security solution that protects your Intranet and efficiently manages data traffic on your network. The embedded web configurator is easy to operate and totally independent of the operating system platform you use.

  • Page 5: Rear Panel

    ZyWALL 2 2.1 Rear Panel LABEL DESCRIPTION LAN 10/100M 1- Connect a computer to one of these ports with an Ethernet cable. These ports are auto- negotiating (can connect at 10 or 100Mbps) and auto-sensing (automatically adjust to the type of Ethernet cable you use (straight-through or crossover).
  • Page 6 ZyWALL 2 COLOR STATUS MEANING Green The ZyWALL is turned on. The ZyWALL is turned off. Green The ZyWALL is not ready or failed. The ZyWALL is ready and running. Flashing The ZyWALL is rebooting. The power to the ZyWALL is too low.

  • Page 7: Setting Up Your Computer's Ip Address

    ZyWALL 2 3 Setting Up Your Computer’s IP Address Skip this section if your computer is already set up to accept a dynamic IP address. This is the default for most new computers. The ZyWALL is already set up to assign your computer an IP address. Use this section to set up your computer to receive an IP address or assign it a static IP address in the 192.168.1.2 to...
  • Page 8 ZyWALL 2 The Internet Protocol TCP/IP Properties screen opens (the General tab in Windows XP). - To have your computer assigned a dynamic IP address, click Obtain an IP address automatically. -To configure a static IP address, click Use the following IP Address and fill in the IP address (choose one from192.168.1.2 to 192.168.1.254), Subnet mask...

  • Page 9: Configuring Your Zywall

    ZyWALL 2 Checking Your Computer’s IP Address In the computer, click Start, (All) Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press ENTER. Your computer’s IP address must be in the correct range (192.168.1.2 to 192.168.1.254) with subnet mask 255.255.255.0 in order to communicate with the ZyWALL.
  • Page 10 ZyWALL 2 Step 6. Click Apply in the Replace Certificate screen to create a certificate using your ZyWALL’s MAC address that will be specific to this device. This feature is not available on the ZyWALL 2WE. Step 7. You should now see the web configurator MAIN MENU screen.

  • Page 11: Internet Access Using The Wizard

    ZyWALL 2 Click WIZARD for initial configuration including general setup, ISP Parameters for Internet Access and WAN IP/DNS/MAC Address Assignment. Use the submenus to configure ZyWALL features. Click LOGOUT at any Click MAINTENANCE to view information about your ZyWALL or time to exit the web upgrade configuration/firmware files.
  • Page 12 ZyWALL 2 System Name is for identification purposes. Enter your computer's "Computer Name". The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used.
  • Page 13 ZyWALL 2 Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. Therefore you’ll also need a username and password and possibly the PPPoE service name. Your ISP will give you all needed information. Select Nailed Up Connection if you do not want the connection to the PPPoE server to time out.

  • Page 14: Test Your Internet Connection

    ZyWALL 2 WAN IP Address Assignment Select Get automatically from ISP if your ISP did not assign you a fixed IP address. Select Use fixed IP address if the ISP assigned a fixed IP address and then enter your IP address and subnet mask in the next two fields.

  • Page 15: Check Your Wan Setup

    ZyWALL 2 4.4 Check Your WAN Setup Click WAN and then the WAN ISP and WAN IP tabs. The screens look very similar to screens 2 and 3 in the Wizard Setup. If the information is incorrect, make changes and click Apply.

  • Page 16: Advanced Configuration

    ZyWALL 2 5 Advanced Configuration This section shows you how to configure some of the advanced features of the ZyWALL. 5.1 Network Address Translation Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.
  • Page 17 ZyWALL 2 The following table describes the fields in this screen. LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a default server IP address, then all packets received for ports not specified in this screen will be discarded.

  • Page 18: Firewall Overview

    ZyWALL 2 LABEL DESCRIPTION Server IP Enter the inside IP address of the server here. Address 5.3 Firewall Overview The ZyWALL firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated. The ZyWALL’s purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet.

  • Page 19: Configuring Firewall

    ZyWALL 2 5.4 Configuring Firewall Click FIREWALL to open the Summary screen. Enable (or activate) the firewall by selecting the Enable Firewall check box as seen in the following screen. The following table describes the fields in this screen. LABEL...
  • Page 20 ZyWALL 2 LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyWALL's memory for recording firewall rules Storage Space in it is currently using. When you are using 80% or less of the storage space, the bar is green.

  • Page 21: Procedure For Configuring Firewall Rules

    ZyWALL 2 LABEL DESCRIPTION Move Select a rule’s Index option button and type a number for where you want to put that rule. Click Move to move the rule to the number that you typed. The ordering of your rules is important as they are applied in order of their numbering.
  • Page 22 ZyWALL 2 The following table describes the fields in this screen. LABEL DESCRIPTION Active Check the Active check box to have the ZyWALL use this rule. Leave it unchecked if you do not want the ZyWALL to use the rule after you apply it...

  • Page 23: Configuring Source And Destination Addresses

    ZyWALL 2 LABEL DESCRIPTION Source Address Click SrcAdd to add a new address, SrcEdit to edit an existing one or SrcDelete to delete one. Destination Click DestAdd to add a new address, DestEdit to edit an existing one or DestDelete Address to delete one.

  • Page 24: Content Filtering Overview

    ZyWALL 2 The following table describes the fields in this screen. LABEL DESCRIPTION Address Type Do you want your rule to apply to packets with a particular (single) IP address, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.50), a subnet or any IP address? Select an...

  • Page 25: Customize Web Site Access

    ZyWALL 2 5.7.3 Customize Web Site Access You can specify URLs to which the ZyWALL blocks access. You can alternatively block access to all URLs except ones that you specify. You can also have the ZyWALL block access to URLs that contain key words that you specify.

  • Page 26: Content Filtering With An External Server

    ZyWALL 2 5.8 Content Filtering with an External Server Your ZyWALL uses an application services company that provides outsourced content filtering. If you enable the content filter, your ZyWALL will have access to an external database, which contains dynamically updated ratings of millions of web sites. The content filtering lookup process is described below.
  • Page 27 ZyWALL 2 Click Register to go to a web site where you can register for category-based content filtering (using an external database). You can use a trial application or register your iCard’s PIN. Refer to the web site’s on-line help for details.

  • Page 28: Configuring Customization

    ZyWALL 2 The web site displays a registration successful web page. It may take up to another ten minutes for content filtering to be activated. You can manage your registration status or view content filtering reports after you register this device.

  • Page 29: Vpn Overview

    ZyWALL 2 5.12 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the...

  • Page 30: Summary Screen

    ZyWALL 2 5.13 Summary Screen The following figure provides an example of a VPN application. Local and remote IP addresses must be static. Click VPN to open the Summary screen. This is a read-only menu of your IPSec rules (tunnels).
  • Page 31 ZyWALL 2 The following table describes the fields in this screen. LABEL DESCRIPTION This field displays the VPN rule number. Name This field displays the identification name for this VPN policy. Active Y signifies that this VPN rule is active.

  • Page 32: Configuring Vpn Policies

    ZyWALL 2 LABEL DESCRIPTION IPSec This field displays the security protocols used for an SA. Algorithm Both AH and ESP increase ZyWALL processing requirements and communications latency (delay). Secure This is the static WAN IP address or URL of the remote IPSec router. This field displays Gateway 0.0.0.0 when you configure the Secure Gateway Address field in the Edit VPN Rule screen...
  • Page 33 ZyWALL 2 Click Edit on the Summary screen to edit VPN policies.
  • Page 34 ZyWALL 2 The following table describes the fields in this screen. LABEL DESCRIPTION Select this check box to activate this VPN tunnel. This option determines whether a VPN rule is Active applied before a packet leaves the firewall. Select this check box to turn on the keep alive feature for this SA.
  • Page 35 ZyWALL 2 Client Mode Select Client Mode to have your ZyWALL use a username and password when initiating this VPN connection to the extended authentication server ZyWALL. Only a VPN extended authentication client can initiate this VPN connection. User Name Enter a user name for your ZyWALL to be authenticated by the external extended authentication server.
  • Page 36 ZyWALL 2 Remote: Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway Address field is configured to 0.0.0.0. In this case only the remote IPSec router can initiate the VPN.
  • Page 37 ZyWALL 2 Certificate Select the Certificate radio button to identify the ZyWALL by a certificate. Use the drop-down list box to select the certificate to use for this VPN tunnel. You must have certificates already configured in the My Certificates screen. Click My Certificates to go to the My Certificates screen where you can view the ZyWALL's list of certificates.
  • Page 38 ZyWALL 2 Content The configuration of the peer content depends on the peer ID type. Do the following when you set Authentication Method to Pre-shared Key. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the ZyWALL will use the address in the...
  • Page 39 ZyWALL 2 Secure Gateway Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with which you're Address making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the Key Management (or IPSec Keying Mode) field must be set to IKE).

  • Page 40: Viewing Sa Monitor

    ZyWALL 2 5.15 Viewing SA Monitor A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. In the web configurator, click VPN and the SA Monitor tab to view Security Associations.

  • Page 41: Https

    ZyWALL 2 5.16.1 HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web sessions. Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed).
  • Page 42 ZyWALL 2 The following table describes the fields in this screen. LABEL DESCRIPTION Device Name This identifies the device in UPnP applications. Enable the Universal Plug Select this checkbox to activate UPnP. Be aware that anyone could use a UPnP...

  • Page 43: Troubleshooting

    ZyWALL 2 6 Troubleshooting For advanced troubleshooting help, see the Logs section in the User’s Guide. PROBLEM CORRECTIVE ACTION None of the LEDs turn Make sure that you have the correct power adaptor connected to the ZyWALL and on when you turn on plugged in to an appropriate power source.

Table of Contents