ZyXEL ZyWALL 2 Plus Manuel d'utilisateur

www.zyxel.comZyWALL 2 PlusInternet Security ApplianceUser’s GuideVersion 4.0312/2007Edition 1

Table of ContentsZyWALL 2 Plus User’s Guide102.4.6 Port Statistics ...

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide100Figure 45 Tutorial Example: DNS > System Edit-1 9 Enter the rule number (2) where you want to put

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide101Figure 47 Tutorial Example: DNS > System: Done 11 Go to the Home screen to check your WAN connec

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide102" The one-to-one NAT address mapping rules are for both incoming and outgoing connections. The Zy

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide103Figure 50 Tutorial Example: NAT > NAT Overview 3 Click the Address Mapping tab.4 Click the first

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide104Figure 52 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) 6 Click the second rule’s Edit

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide10510 After the configurations, the Address Mapping screen looks as shown. You still have one IP address

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide106Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click ADVANCED >

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide107Figure 58 Tutorial Example: NAT Port Forwarding4.2.5 Allow WAN-to-LAN Traffic through the Firewall

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide108Figure 60 Tutorial Example: Firewall Default Rule 3 Go to the Rule Summary screen.4 Select WAN to LA

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide109Figure 62 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server 7 Select HTTP(TCP

Table of ContentsZyWALL 2 Plus User’s Guide11Chapter 5Registration...

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide110Figure 63 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server 8 Click the insert

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide111Figure 64 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server 9 Select Any(All

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide11210Click the insert icon to configure a firewall rule to allow FTP traffic from the WAN to the FTP serv

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide113Figure 67 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server 12When you are do

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide1144.2.6 Testing the Connections1 Open the web browser on one of the local computers and enter any web s

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide115Figure 69 Tutorial Example: NAT Address Mapping Done: Game Playing " To allow traffic from th

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide116Figure 70 Tutorial Example: Bandwidth ManagementThe following table shows the example information yo

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide117Figure 71 Tutorial Example: Bandwidth Management Summary 7 Click the Class Setup tab.8 Select the W

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide118Figure 73 Tutorial Example: Bandwidth Management Class Setup: VoIP12Click the Add Sub-Class button t

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide119Figure 75 Tutorial Example: Bandwidth Management Class Setup: WWW 14When you are finished, the Clas

Table of ContentsZyWALL 2 Plus User’s Guide128.5 DNS Server Address Assignment ...

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide120Figure 77 Tutorial Example: Bandwidth Management Monitor4.5 Configuring Content FilteringYou can us

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide1211 Click SECURITY > CONTENT FILTER. 2 Enable the content filter and external database content filte

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide122Figure 79 SECURITY > CONTENT FILTER > Policy2 Select Active.3 Select the categories to block.4

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide1234.5.3 Assign Bob’s Computer a Specific IP AddressYou will configure a content filtering policy for t

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide1245 Click Apply.Figure 83 SECURITY > CONTENT FILTER > Policy > Insert4.5.5 Set the Content F

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide125Figure 85 SECURITY > CONTENT FILTER > Policy > Schedule (Bob)4.5.6 Block Categories of We

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide1264 Click Apply.Figure 87 SECURITY > CONTENT FILTER > Policy > External Database (Bob)

ZyWALL 2 Plus User’s Guide127CHAPTER 5 Registration5.1 myZyXEL.com overviewmyZyXEL.com is ZyXEL’s online services center where you can register your

Chapter 5 RegistrationZyWALL 2 Plus User’s Guide1285.2 RegistrationUse this screen to register your ZyWALL with myZyXEL.com and activate the content

Chapter 5 RegistrationZyWALL 2 Plus User’s Guide129" If the ZyWALL is registered already, this screen is read-only and indicates whether trial s

Table of ContentsZyWALL 2 Plus User’s Guide1311.3.2 From VPN Packet Direction ...

Chapter 5 RegistrationZyWALL 2 Plus User’s Guide130Figure 90 REGISTRATION > ServiceThe following table describes the labels in this screen. Table

131PART IINetworkLAN Screens (133)Bridge Screens (145)WAN Screens (151)DMZ Screens (171)Wireless LAN (181)

132

ZyWALL 2 Plus User’s Guide133CHAPTER 6 LAN ScreensThis chapter describes how to configure LAN settings. This chapter is only applicable when the ZyWA

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide134Where you obtain your network number depends on your particular situation. If the ISP or your networ

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide1356.3 DHCP The ZyWALL can use DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) to a

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide136224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide137Figure 92 NETWORK > LANThe following table describes the labels in this screen.Table 22 NETW

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide138Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a network

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide1396.8 LAN Static DHCPThis table allows you to assign IP addresses on the LAN to specific individual

Table of ContentsZyWALL 2 Plus User’s Guide14Chapter 14IPSec VPN...

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide140The following table describes the labels in this screen.6.9 LAN IP Alias IP alias allows you to pa

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide141Figure 95 NETWORK > LAN > IP AliasThe following table describes the labels in this screen.T

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide1426.10 LAN Port RolesUse the Port Roles screen to set ports as part of the LAN, DMZ and/or WLAN inter

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide143After you change the LAN/DMZ/WLAN port roles and click Apply, please wait for few seconds until the

Chapter 6 LAN ScreensZyWALL 2 Plus User’s Guide144

ZyWALL 2 Plus User’s Guide145CHAPTER 7 Bridge ScreensThis chapter describes how to configure bridge settings. This chapter is only applicable when th

Chapter 7 Bridge ScreensZyWALL 2 Plus User’s Guide1467.2 Spanning Tree Protocol (STP)STP detects and breaks network loops and provides backup links b

Chapter 7 Bridge ScreensZyWALL 2 Plus User’s Guide147Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge

Chapter 7 Bridge ScreensZyWALL 2 Plus User’s Guide148Figure 99 NETWORK > BridgeThe following table describes the labels in this screen.Table 28

Chapter 7 Bridge ScreensZyWALL 2 Plus User’s Guide1497.4 Bridge Port Roles Use the Port Roles screen to set ports as part of the LAN, DMZ and/or WLA

Table of ContentsZyWALL 2 Plus User’s Guide1515.3 Verifying a Certificate ...

Chapter 7 Bridge ScreensZyWALL 2 Plus User’s Guide150Figure 100 NETWORK > Bridge > Port RolesThe following table describes the labels in this

ZyWALL 2 Plus User’s Guide151CHAPTER 8 WAN ScreensThis chapter describes how to configure WAN settings. 8.1 WAN Overview• Use the Route screen to co

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide152Figure 102 NETWORK > WAN Route The following table describes the labels in this screen.Table 30

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide1538.4 WAN IP Address Assignment Every computer on the Internet must have a unique IP address. If you

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide1543 You can manually enter the IP addresses of other DNS servers. These servers can be public or priva

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide155Figure 103 NETWORK > WAN > WAN (Ethernet Encapsulation) The following table describes the

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide156Relogin Every(min) (Telia Login only)The Telia server logs the ZyWALL out if the ZyWALL does not

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide1578.7.2 PPPoE EncapsulationThe ZyWALL supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide158Figure 104 NETWORK > WAN > WAN (PPPoE Encapsulation) The following table describes the label

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide159Authentication TypeUse the drop-down list box to select an authentication protocol for outgoing cal

Table of ContentsZyWALL 2 Plus User’s Guide1617.3 NAT Overview Screen ...

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide1608.7.3 PPTP EncapsulationPoint-to-Point Tunneling Protocol (PPTP) is a network protocol that enables

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide161Figure 105 NETWORK > WAN > WAN (PPTP Encapsulation) The following table describes the label

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide162Authentication TypeUse the drop-down list box to select an authentication protocol for outgoing call

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide1638.8 Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the ZyWALL ca

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide164Figure 106 Traffic Redirect WAN SetupIP alias allows you to avoid triangle route security issues w

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide165The following table describes the labels in this screen.8.10 Configuring Dial BackupClick NETWORK

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide166Figure 109 NETWORK > WAN > Dial Backup The following table describes the labels in this scr

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide167Primary/ Secondary Phone NumberType the first (primary) phone number from the ISP for this remote n

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide1688.11 Advanced Modem Setup 8.11.1 AT Command StringsFor regular telephone lines, the default Dial

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide1698.11.3 Response StringsThe response strings tell the ZyWALL the tags, or labels, immediately prece

Table of ContentsZyWALL 2 Plus User’s Guide1720.1 DNS Overview ...

Chapter 8 WAN ScreensZyWALL 2 Plus User’s Guide170Drop DTR When Hang UpSelect this check box to have the ZyWALL drop the DTR (Data Terminal Ready) sig

ZyWALL 2 Plus User’s Guide171CHAPTER 9 DMZ ScreensThis chapter describes how to configure the ZyWALL’s DMZ.9.1 DMZ The DeMilitarized Zone (DMZ) pro

Chapter 9 DMZ ScreensZyWALL 2 Plus User’s Guide172Figure 111 NETWORK > DMZ The following table describes the labels in this screen. Table 38 NE

Chapter 9 DMZ ScreensZyWALL 2 Plus User’s Guide173Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a networ

Chapter 9 DMZ ScreensZyWALL 2 Plus User’s Guide1749.3 DMZ Static DHCP This table allows you to assign IP addresses on the DMZ to specific individual

Chapter 9 DMZ ScreensZyWALL 2 Plus User’s Guide175The following table describes the labels in this screen.9.4 DMZ IP Alias IP alias allows you to p

Chapter 9 DMZ ScreensZyWALL 2 Plus User’s Guide176Figure 113 NETWORK > DMZ > IP Alias The following table describes the labels in this screen.

Chapter 9 DMZ ScreensZyWALL 2 Plus User’s Guide1779.5 DMZ Public IP Address ExampleThe following figure shows a simple network setup with public IP

Chapter 9 DMZ ScreensZyWALL 2 Plus User’s Guide178Figure 115 DMZ Private and Public Address Example9.7 DMZ Port Roles Use the Port Roles screen to

Chapter 9 DMZ ScreensZyWALL 2 Plus User’s Guide179Figure 116 NETWORK > DMZ > Port Roles The following table describes the labels in this scre

Table of ContentsZyWALL 2 Plus User’s Guide1821.14.2 SNMP Traps ...

Chapter 9 DMZ ScreensZyWALL 2 Plus User’s Guide180

ZyWALL 2 Plus User’s Guide181CHAPTER 10 Wireless LANThis chapter discusses how to configure wireless LAN on the ZyWALL.10.1 Wireless LAN Introductio

Chapter 10 Wireless LANZyWALL 2 Plus User’s Guide182Figure 117 NETWORK > WLAN The following table describes the labels in this screen.Table 42

Chapter 10 Wireless LANZyWALL 2 Plus User’s Guide183Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a netw

Chapter 10 Wireless LANZyWALL 2 Plus User’s Guide18410.3 WLAN Static DHCP This table allows you to assign IP addresses on the WLAN to specific indiv

Chapter 10 Wireless LANZyWALL 2 Plus User’s Guide185The following table describes the labels in this screen.10.4 WLAN IP Alias IP alias allows you

Chapter 10 Wireless LANZyWALL 2 Plus User’s Guide186Figure 119 NETWORK > WLAN > IP Alias The following table describes the labels in this scre

Chapter 10 Wireless LANZyWALL 2 Plus User’s Guide18710.5 WLAN Port Roles Use the Port Roles screen to set ports as part of the LAN, DMZ and/or WLAN

Chapter 10 Wireless LANZyWALL 2 Plus User’s Guide188Figure 121 NETWORK > WLAN > Port Roles The following table describes the labels in this sc

189PART IIISecurityFirewall (191)Content Filtering Screens (223)Content Filtering Reports (245)IPSec VPN (253)Certificates (295)Authentication Se

Table of ContentsZyWALL 2 Plus User’s Guide19Part V: Logs and Maintenance... 417Chapter 25

190

ZyWALL 2 Plus User’s Guide191CHAPTER 11 FirewallThis chapter shows you how to configure your ZyWALL’s firewall.11.1 Firewall Overview The networking

Chapter 11 FirewallZyWALL 2 Plus User’s Guide192Your customized rules take precedence and override the ZyWALL’s default settings. The ZyWALL checks th

Chapter 11 FirewallZyWALL 2 Plus User’s Guide193Packets have a source and a destination. The packet direction matrix in the lower part of the screen

Chapter 11 FirewallZyWALL 2 Plus User’s Guide194By default, the ZyWALL allows packets traveling in the following directions.:By default, the ZyWALL dr

Chapter 11 FirewallZyWALL 2 Plus User’s Guide195See Chapter 4 on page 89 for information about packets traveling to or from the VPN tunnels.11.3.1 T

Chapter 11 FirewallZyWALL 2 Plus User’s Guide196In order to do this, you would configure the SECURITY > FIREWALL > Default Rule screen as follow

Chapter 11 FirewallZyWALL 2 Plus User’s Guide197Figure 128 From VPN to LAN Example In order to do this, you would configure the SECURITY > FIREW

Chapter 11 FirewallZyWALL 2 Plus User’s Guide19811.3.3 From VPN To VPN Packet Direction From VPN To VPN firewall rules apply to traffic that comes in

Chapter 11 FirewallZyWALL 2 Plus User’s Guide199Figure 131 Block VPN to VPN Traffic by Default Example 11.4 Security Considerations" Incor

Table of ContentsZyWALL 2 Plus User’s Guide20Chapter 27Introducing the SMT ...

Chapter 11 FirewallZyWALL 2 Plus User’s Guide200Once these questions have been answered, adding rules is simply a matter of entering the information i

Chapter 11 FirewallZyWALL 2 Plus User’s Guide201Now you configure a LAN to WAN firewall rule that allows IRC traffic from the IP address of the CEO’s

Chapter 11 FirewallZyWALL 2 Plus User’s Guide202Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing throu

Chapter 11 FirewallZyWALL 2 Plus User’s Guide203Figure 135 SECURITY > FIREWALL > Default Rule (Router Mode)The following table describes the

Chapter 11 FirewallZyWALL 2 Plus User’s Guide20411.8 Firewall Default Rule (Bridge Mode) Click SECURITY > FIREWALL to open the Default Rule scree

Chapter 11 FirewallZyWALL 2 Plus User’s Guide205Figure 136 SECURITY > FIREWALL > Default Rule (Bridge Mode)The following table describes the

Chapter 11 FirewallZyWALL 2 Plus User’s Guide20611.9 Firewall Rule Summary Click SECURITY > FIREWALL > Rule Summary to open the screen. This sc

Chapter 11 FirewallZyWALL 2 Plus User’s Guide207" The ordering of your rules is very important as rules are applied in the order that they are l

Chapter 11 FirewallZyWALL 2 Plus User’s Guide20811.9.1 Firewall Edit Rule In the Rule Summary screen, click the edit icon or the insert icon to disp

Chapter 11 FirewallZyWALL 2 Plus User’s Guide209Figure 138 SECURITY > FIREWALL > Rule Summary > Edit

Table of ContentsZyWALL 2 Plus User’s Guide2131.4 Configuring the PPPoE Client ...

Chapter 11 FirewallZyWALL 2 Plus User’s Guide210The following table describes the labels in this screen. Table 51 SECURITY > FIREWALL > Rule

Chapter 11 FirewallZyWALL 2 Plus User’s Guide21111.10 Anti-Probing Click SECURITY > FIREWALL > Anti-Probing to open the following screen. Con

Chapter 11 FirewallZyWALL 2 Plus User’s Guide212The following table describes the labels in this screen. 11.11 Firewall Thresholds For DoS attacks

Chapter 11 FirewallZyWALL 2 Plus User’s Guide21311.11.1 Threshold ValuesIf everything is working properly, you probably do not need to change the th

Chapter 11 FirewallZyWALL 2 Plus User’s Guide214The following table describes the labels in this screen. Table 53 SECURITY > FIREWALL > Thresh

Chapter 11 FirewallZyWALL 2 Plus User’s Guide21511.13 Service Click SECURITY > FIREWALL > Service to open the screen as shown next. Use this s

Chapter 11 FirewallZyWALL 2 Plus User’s Guide21611.13.1 Firewall Edit Custom Service Click SECURITY > FIREWALL > Service > Add to display th

Chapter 11 FirewallZyWALL 2 Plus User’s Guide21711.14 My Service Firewall Rule ExampleThe following Internet firewall rule example allows a hypothet

Chapter 11 FirewallZyWALL 2 Plus User’s Guide2184 Click the insert icon at the top of the row to create the new firewall rule before the others.Figure

Chapter 11 FirewallZyWALL 2 Plus User’s Guide219" Custom services show up with an * before their names in the Services list boxes and the Rule S

Table of ContentsZyWALL 2 Plus User’s Guide2236.4.2 Example 2: Internet Access with a Default Server ...

Chapter 11 FirewallZyWALL 2 Plus User’s Guide220Figure 148 My Service Firewall Rule Example: Edit Rule: Service ConfigurationRule 1 allows a My Serv

Chapter 11 FirewallZyWALL 2 Plus User’s Guide221Figure 149 My Service Firewall Rule Example: Rule Summary: Completed

Chapter 11 FirewallZyWALL 2 Plus User’s Guide222

ZyWALL 2 Plus User’s Guide223CHAPTER 12 Content Filtering ScreensThis chapter provides an overview of content filtering.12.1 Content Filtering Overv

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide224Figure 150 Content Filtering Lookup Procedure1 A computer behind the ZyWALL tries t

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide225Figure 151 SECURITY > CONTENT FILTER > GeneralThe following table describes

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide226Matched Web Pages Select Block to prevent users from accessing web pages that match t

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide22712.4 Content Filter Policy Click SECURITY > CONTENT FILTER > Policy to disp

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide228Figure 152 SECURITY > CONTENT FILTER > PolicyThe following table describes th

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide22912.5 Content Filter Policy: General Click SECURITY > CONTENT FILTER > Policy

Table of ContentsZyWALL 2 Plus User’s Guide2340.4.2 Syslog Logging ...

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide23012.6 Content Filter Policy: External Database Click SECURITY > CONTENT FILTER >

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide231Figure 154 SECURITY > CONTENT FILTER > Policy > External DatabaseThe foll

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide232Sex Education Selecting this category excludes pages that provide graphic information

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide233Hacking Selecting this category excludes pages that distribute, promote, or provide

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide234Government/Legal Selecting this category excludes pages sponsored by or which provide

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide235Reference Selecting this category excludes pages containing personal, professional,

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide236Society/Lifestyle Selecting this category excludes pages providing information on mat

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide23712.7 Content Filter Policy: Customization Click SECURITY > CONTENT FILTER > P

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide238Figure 155 SECURITY > CONTENT FILTER > Policy > CustomizationThe following

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide23912.8 Content Filter Policy: Schedule Click SECURITY > CONTENT FILTER > Policy

Table of ContentsZyWALL 2 Plus User’s Guide2442.2.2 Call History ...

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide240Figure 156 SECURITY > CONTENT FILTER > Policy > ScheduleThe following tabl

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide241" To use this screens settings in content filtering, you must use the SECURITY

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide24212.10 Customizing Keyword Blocking URL CheckingYou can use commands to set how much

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide24312.10.2 Full Path URL CheckingFull path URL checking has the ZyWALL check the chara

Chapter 12 Content Filtering ScreensZyWALL 2 Plus User’s Guide244Figure 158 SECURITY > CONTENT FILTER > CacheThe following table describes the

ZyWALL 2 Plus User’s Guide245CHAPTER 13 Content Filtering ReportsThis chapter describes how to view content filtering reports after you have activate

Chapter 13 Content Filtering ReportsZyWALL 2 Plus User’s Guide246Figure 159 myZyXEL.com: Login3 A welcome screen displays. Click your ZyWALL’s model

Chapter 13 Content Filtering ReportsZyWALL 2 Plus User’s Guide247Figure 161 myZyXEL.com: Service Management5 Enter your ZyXEL device's MAC add

Chapter 13 Content Filtering ReportsZyWALL 2 Plus User’s Guide248Figure 163 Content Filtering Reports Main Screen8 Select items under Global Reports

Chapter 13 Content Filtering ReportsZyWALL 2 Plus User’s Guide249Figure 165 Global Report Screen Example11 You can click a category in the Categori

Table of ContentsZyWALL 2 Plus User’s Guide25Index...

Chapter 13 Content Filtering ReportsZyWALL 2 Plus User’s Guide250Figure 166 Requested URLs Example13.3 Web Site SubmissionYou may find that a web s

Chapter 13 Content Filtering ReportsZyWALL 2 Plus User’s Guide251Figure 167 Web Page Review Process Screen3 Type the web site’s URL in the field an

Chapter 13 Content Filtering ReportsZyWALL 2 Plus User’s Guide252

ZyWALL 2 Plus User’s Guide253CHAPTER 14 IPSec VPNThis chapter explains how to set up and maintain IPSec VPNs in the ZyWALL. First, it provides an ove

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide254A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA)

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide255You can usually provide a static IP address or a domain name for the ZyWALL. Sometimes, your ZyWALL

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide256Figure 172 SECURITY > VPN > VPN Rules (IKE) The following table describes the labels in this

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide25714.3 IKE SA Setup This section provides more details about IKE SAs.14.3.1 IKE SA ProposalThe IKE

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide258" Both routers must use the same encryption algorithm, authentication algorithm, and DH key grou

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide259" The ZyWALL and the remote IPSec router must use the same pre-shared key.Router identity consi

Table of ContentsZyWALL 2 Plus User’s Guide26

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide260• Instead of using the pre-shared key, the ZyWALL and remote IPSec router check each other’s certific

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide261Step 2: The remote IPSec router selects an acceptable proposal and sends it back to the ZyWALL. It a

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide26214.4.1 SA Life TimeSAs have a lifetime that specifies how long the SA lasts until it times out. When

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide263Figure 177 IPSec High AvailabilityWhen setting up an IPSec high availability VPN tunnel, the remot

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide26414.5 VPN Rules (IKE) Gateway Policy Edit In the VPN Rule (IKE) screen, click the add gateway policy

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide265Figure 178 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide266The following table describes the labels in this screen. Table 67 SECURITY > VPN > VPN Rules

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide267Fall back to Primary Remote Gateway when possibleSelect this to have the ZyWALL change back to using

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide268Peer ID Type Select from the following when you set Authentication Key to Pre-shared Key.Select IP to

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide269Server Mode Select Server Mode to have this ZyWALL authenticate extended authentication clients that

List of FiguresZyWALL 2 Plus User’s Guide27List of FiguresFigure 1 Secure Internet Access via Cable, DSL or Wireless Modem ...

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide27014.6 IPSec SA Overview Once the ZyWALL and remote IPSec router have established the IKE SA, they

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide271In most cases you should use virtual address mapping (see Section 14.6.2 on page 271) to avoid overl

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide27214.6.3 Active ProtocolThe active protocol controls the format of each packet. It also specifies how

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide273In transport mode, the encapsulation depends on the active protocol. With AH, the ZyWALL includes pa

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide274Figure 181 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide275The following table describes the labels in this screen. Table 68 SECURITY > VPN > VPN Rules

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide276Port Forwarding RulesIf you are configuring a Many-to-One rule, click this button to go to a screen w

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide277Ending IP Address/Subnet MaskWhen the Address Type field is configured to Single Address, this field

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide27814.8 Network Policy Port Forwarding Click SECURITY > VPN and the add network policy ( ) icon in

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide279Figure 182 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding Th

List of FiguresZyWALL 2 Plus User’s Guide28Figure 39 SECURITY > FIREWALL > Rule Summary: Allow ...

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide28014.9 Network Policy Move Click the move ( ) icon in the VPN Rules (IKE) screen to display the VPN

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide28114.10 IPSec SA Using Manual Keys You might set up an IPSec SA using manual keys when you want to

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide282Figure 184 SECURITY > VPN > VPN Rules (Manual) The following table describes the labels in th

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide28314.12 VPN Rules (Manual) Edit Click the edit icon on the VPN Rules (Manual) screen to open the fo

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide284Local Network Specify the IP addresses of the devices behind the ZyWALL that can use the VPN tunnel.

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide28514.13 VPN SA Monitor In the web configurator, click SECURITY > VPN > SA Monitor. Use this sc

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide286Figure 186 SECURITY > VPN > SA Monitor The following table describes the labels in this scre

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide287Figure 187 Overlap in a Dynamic VPN Rule• Setting Local and Remote IP Address Conflict Resolution

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide288Figure 189 SECURITY > VPN > Global Setting The following table describes the labels in this

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide28914.15 Telecommuter VPN/IPSec ExamplesThe following examples show how multiple telecommuters can mak

List of FiguresZyWALL 2 Plus User’s Guide29Figure 82 SECURITY > CONTENT FILTER > Policy ...

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide29014.15.2 Telecommuters Using Unique VPN Rules ExampleIn this example the telecommuters (A, B and C in

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide29114.16 VPN and Remote ManagementYou can allow someone to use a service (like Telnet or HTTP) through

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide292Figure 192 VPN for Remote Management Example14.17 Hub-and-spoke VPNHub-and-spoke VPN connects VPN

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide29314.17.1 Hub-and-spoke VPN ExampleThe following figure shows a basic hub-and-spoke VPN. Branch offic

Chapter 14 IPSec VPNZyWALL 2 Plus User’s Guide29414.17.3 Hub-and-spoke VPN Requirements and SuggestionsConsider the following when implementing a hub

ZyWALL 2 Plus User’s Guide295CHAPTER 15 CertificatesThis chapter gives background information about public-key certificates and explains how to use t

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide296Certification authorities maintain directory servers with databases of valid and revoked certifica

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide297Figure 196 Certificate Details 4 Use a secure method to verify that the certificate owner has t

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide29815.5 My Certificates Click SECURITY > CERTIFICATES > My Certificates to open the My Certifi

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide299Subject This field displays identifying information about the certificate’s owner, such as CN (Co

About This User's GuideZyWALL 2 Plus User’s Guide3About This User's GuideIntended AudienceThis manual is intended for people who want to c

List of FiguresZyWALL 2 Plus User’s Guide30Figure 125 Default Block Traffic From WAN to DMZ Example ...

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide30015.6 My Certificate Details Click SECURITY > CERTIFICATES > My Certificates to open the My

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide301Type This field displays general information about the certificate. CA-signed means that a Certif

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide30215.7 My Certificate Export Click SECURITY > CERTIFICATES > My Certificates and then a cert

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide303The following table describes the labels in this screen. 15.8 My Certificate Import Click SECUR

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide304• Binary PKCS#12: This is a format for transferring public key and private key certificates. The p

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide305Figure 202 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12The following ta

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide306Figure 203 SECURITY > CERTIFICATES > My Certificates > Create (Basic)

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide307Figure 204 SECURITY > CERTIFICATES > My Certificates > Create (Advanced)The following

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide308Common Name Select a radio button to identify the certificate’s owner by IP address, domain name

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide309Subject Alternative NameSelect a radio button to identify the certificate’s owner by IP address,

List of FiguresZyWALL 2 Plus User’s Guide31Figure 168 VPN: Example ...

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide310After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyW

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide311Figure 205 SECURITY > CERTIFICATES > Trusted CAsThe following table describes the labels

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide31215.11 Trusted CA Details Click SECURITY > CERTIFICATES > Trusted CAs to open the Trusted C

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide313The following table describes the labels in this screen. Table 84 SECURITY > CERTIFICATES &

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide31415.12 Trusted CA Import Click SECURITY > CERTIFICATES > Trusted CAs to open the Trusted C

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide315Figure 207 SECURITY > CERTIFICATES > Trusted CAs > ImportThe following table describes

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide316The following table describes the labels in this screen. 15.14 Trusted Remote Host Certificate D

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide317Figure 209 SECURITY > CERTIFICATES > Trusted Remote Hosts > DetailsThe following table

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide318Version This field displays the X.509 version number. Serial Number This field displays the certif

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide31915.15 Trusted Remote Hosts Import Click SECURITY > CERTIFICATES > Trusted Remote Hosts t

List of FiguresZyWALL 2 Plus User’s Guide32Figure 211 SECURITY > CERTIFICATES > Directory Servers ...

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide32015.16 Directory Servers Click SECURITY > CERTIFICATES > Directory Servers to open the Dire

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide32115.17 Directory Server Add or Edit Click SECURITY > CERTIFICATES > Directory Servers to

Chapter 15 CertificatesZyWALL 2 Plus User’s Guide322Server Port This field displays the default server port number of the protocol that you select in

ZyWALL 2 Plus User’s Guide323CHAPTER 16 Authentication ServerThis chapter discusses how to configure the ZyWALL’s authentication server feature.16.1

Chapter 16 Authentication ServerZyWALL 2 Plus User’s Guide324Sent by an access point requesting authentication.• Access-RejectSent by a RADIUS server

Chapter 16 Authentication ServerZyWALL 2 Plus User’s Guide325Figure 213 SECURITY > AUTH SERVER > Local User DatabaseThe following table descr

Chapter 16 Authentication ServerZyWALL 2 Plus User’s Guide32616.3 RADIUS Click SECURITY > AUTH SERVER > RADIUS to open the RADIUS screen. Con

Chapter 16 Authentication ServerZyWALL 2 Plus User’s Guide327Key Enter a password (up to 31 alphanumeric characters) as the key to be shared between

Chapter 16 Authentication ServerZyWALL 2 Plus User’s Guide328

329PART IVAdvancedNetwork Address Translation (NAT) (331)Static Route (347)Bandwidth Management (351)DNS (365)Remote Management (377)UPnP (399)A

List of FiguresZyWALL 2 Plus User’s Guide33Figure 254 ADVANCED > REMOTE MGMT > SSH ...

330

ZyWALL 2 Plus User’s Guide331CHAPTER 17 Network Address Translation(NAT)This chapter discusses how to configure NAT on the ZyWALL.17.1 NAT Overview

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide332" NAT never changes the IP address (either local or global) of an outsid

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide333Figure 215 How NAT Works 17.1.4 NAT ApplicationThe following figure illus

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide33417.1.5 Port Restricted Cone NATZyWALL ZyNOS version 4.00 and later uses port

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide335• Server: This type allows you to specify inside servers of different servic

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide336Selecting SUA means (latent) multiple WAN-to-LAN and WAN-to-DMZ address trans

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide33717.4 NAT Address Mapping Click ADVANCED > NAT > Address Mapping to

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide338Figure 219 ADVANCED > NAT > Address MappingThe following table descri

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide33917.4.2 NAT Address Mapping Edit Click the edit icon to display the NAT Add

List of FiguresZyWALL 2 Plus User’s Guide34Figure 297 MAINTENANCE > Diagnostics ...

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide340The following table describes the labels in this screen. 17.5 Port Forwardi

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide341" If you do not assign a Default Server IP address, the ZyWALL discards

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide342The following example has two web servers on a LAN. Server A uses IP address

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide343Figure 223 ADVANCED > NAT > Port ForwardingThe following table descr

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide34417.7 Port Triggering Some services use a dedicated range of ports on the c

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide345Figure 225 ADVANCED > NAT > Port Triggering The following table desc

Chapter 17 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide346

ZyWALL 2 Plus User’s Guide347CHAPTER 18 Static RouteThis chapter shows you how to configure static routes for your ZyWALL.18.1 IP Static Route The

Chapter 18 Static RouteZyWALL 2 Plus User’s Guide34818.2 IP Static Route Click ADVANCED > STATIC ROUTE to open the IP Static Route screen (some o

Chapter 18 Static RouteZyWALL 2 Plus User’s Guide34918.2.1 IP Static Route Edit Click the edit icon in the IP Static Route screen. The screen show

List of FiguresZyWALL 2 Plus User’s Guide35Figure 340 Menu 12. 1: Edit IP Static Route ...

Chapter 18 Static RouteZyWALL 2 Plus User’s Guide350

ZyWALL 2 Plus User’s Guide351CHAPTER 19 Bandwidth ManagementThis chapter describes the functions and configuration of bandwidth management with multi

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide35219.3 Proportional Bandwidth AllocationBandwidth management allows you to define how much

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide35319.7 SchedulerThe scheduler divides up an interface’s bandwidth among the bandwidth clas

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide3542 Do not enable the interface’s Maximize Bandwidth Usage option.3 Do not enable bandwidth

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide35519.7.5.2 Fairness-based Allotment of Unused and Unbudgeted BandwidthThe following table

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide356Refer to the product specifications in the appendix to see how many class levels you can c

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide357If you use VoIP and NetMeeting at the same time, the device allocates up to 500 Kbps of b

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide35819.12 Configuring Class Setup The Class Setup screen displays the configured bandwidth c

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide359The following table describes the labels in this screen.19.12.1 Bandwidth Manager Class

List of FiguresZyWALL 2 Plus User’s Guide36Figure 383 Menu 24: System Maintenance ...

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide360Figure 232 ADVANCED > BW MGMT > Class Setup > Add Sub-ClassThe following table

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide361Service This field simplifies bandwidth class configuration by allowing you to select a p

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide36219.12.2 Bandwidth Management Statistics Click ADVANCED > BW MGMT > Class Setup

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide363The following table describes the labels in this screen.19.13 Bandwidth Manager Monitor

Chapter 19 Bandwidth ManagementZyWALL 2 Plus User’s Guide364The following table describes the labels in this screen.Table 113 ADVANCED > BW MGMT

ZyWALL 2 Plus User’s Guide365CHAPTER 20 DNSThis chapter shows you how to configure the DNS screens.20.1 DNS Overview DNS (Domain Name System) is fo

Chapter 20 DNSZyWALL 2 Plus User’s Guide36620.4 Address RecordAn address record contains the mapping of a fully qualified domain name (FQDN) to an IP

Chapter 20 DNSZyWALL 2 Plus User’s Guide367Figure 235 Private DNS Server Example" If you do not specify an Intranet DNS server on the remote n

Chapter 20 DNSZyWALL 2 Plus User’s Guide368The following table describes the labels in this screen.20.6.1 Adding an Address Record Click Add in the

Chapter 20 DNSZyWALL 2 Plus User’s Guide369An address record contains the mapping of a fully qualified domain name (FQDN) to an IP address. Configure

List of FiguresZyWALL 2 Plus User’s Guide37Figure 426 Wall-mounting Example ...

Chapter 20 DNSZyWALL 2 Plus User’s Guide370Figure 238 ADVANCED > DNS > Insert (Name Server Record)The following table describes the labels in

Chapter 20 DNSZyWALL 2 Plus User’s Guide37120.7 DNS Cache DNS cache is the temporary storage area where a router stores responses from DNS servers.

Chapter 20 DNSZyWALL 2 Plus User’s Guide372The following table describes the labels in this screen.20.9 Configuring DNS DHCP Click ADVANCED > DNS

Chapter 20 DNSZyWALL 2 Plus User’s Guide373Figure 240 ADVANCED > DNS > DHCPThe following table describes the labels in this screen.Table 118

Chapter 20 DNSZyWALL 2 Plus User’s Guide37420.10 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynam

Chapter 20 DNSZyWALL 2 Plus User’s Guide375Figure 241 ADVANCED > DNS > DDNSThe following table describes the labels in this screen.Table 119

Chapter 20 DNSZyWALL 2 Plus User’s Guide376IP Address Update PolicySelect Use WAN IP Address to have the ZyWALL update the domain name with the WAN po

ZyWALL 2 Plus User’s Guide377CHAPTER 21 Remote ManagementThis chapter provides information on the Remote Management screens.21.1 Remote Management O

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide3783 Telnet4 HTTPS and HTTP21.1.1 Remote Management LimitationsRemote management does not work

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide3791 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the

List of FiguresZyWALL 2 Plus User’s Guide38Figure 469 Certificate Import Wizard 3 ...

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide380The following table describes the labels in this screen. 21.4 HTTPS ExampleIf you haven’t c

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide38121.4.1 Internet Explorer Warning MessagesWhen you attempt to access the ZyWALL HTTPS server

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide382Figure 246 Security Certificate 1 (Netscape)Figure 247 Security Certificate 2 (Netscape)2

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide383• Click CERTIFICATES. Find the certificate and check its Subject column. CN stands for certi

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide384Figure 249 Replace CertificateClick Apply in the Replace Certificate screen to create a cer

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide38521.5 SSH You can use SSH (Secure SHell) to securely access the ZyWALL’s SMT or command li

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide386The SSH client sends a connection request to the SSH server. The server identifies itself wit

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide387Figure 254 ADVANCED > REMOTE MGMT > SSHThe following table describes the labels in t

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide388Figure 255 SSH Example 1: Store Host KeyEnter the password to log in to the ZyWALL. The SMT

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide389Figure 257 SSH Example 2: Log in3 The SMT main menu displays next. 21.10 Secure FTP Using

List of TablesZyWALL 2 Plus User’s Guide39List of TablesTable 1 Front Panel LEDs ...

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide39021.11 Telnet You can use Telnet to access the ZyWALL’s SMT or command line interface. Speci

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide39121.13 FTP You can use FTP (File Transfer Protocol) to upload and download the ZyWALL’s fi

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide39221.14 SNMP Simple Network Management Protocol is a protocol used for exchanging management

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide393SNMP itself is a simple request/response protocol based on the manager/agent model. The mana

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide394Figure 262 ADVANCED > REMOTE MGMT > SNMPThe following table describes the labels in t

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide39521.15 DNS DNS (Domain Name System) maps a domain name to its corresponding IP address and

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide39621.17 Configuring CNM Vantage CNM is disabled on the device by default. Click ADVANCED >

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide39721.17.1 Additional Configuration for Vantage CNMIf you have NAT routers or firewalls betwee

Chapter 21 Remote ManagementZyWALL 2 Plus User’s Guide398

ZyWALL 2 Plus User’s Guide399CHAPTER 22 UPnPThis chapter introduces the Universal Plug and Play feature. This chapter is only applicable when the ZyW

Document ConventionsZyWALL 2 Plus User’s Guide4Document ConventionsWarnings and NotesThese are how warnings and notes are shown in this User’s Guide.

List of TablesZyWALL 2 Plus User’s Guide40Table 39 NETWORK > DMZ > Static DHCP ...

Chapter 22 UPnPZyWALL 2 Plus User’s Guide400When a UPnP device joins a network, it announces its presence with a multicast message. For security reaso

Chapter 22 UPnPZyWALL 2 Plus User’s Guide40122.3 Displaying UPnP Port Mapping Click ADVANCED > UPnP > Ports to display the UPnP Ports screen

Chapter 22 UPnPZyWALL 2 Plus User’s Guide40222.4 Installing UPnP in Windows ExampleThis section shows how to install UPnP in Windows Me and Windows X

Chapter 22 UPnPZyWALL 2 Plus User’s Guide40322.4.1 Installing UPnP in Windows MeFollow the steps below to install UPnP in Windows Me. 1 Click Start,

Chapter 22 UPnPZyWALL 2 Plus User’s Guide40422.4.2 Installing UPnP in Windows XPFollow the steps below to install UPnP in Windows XP.22.5 Using UPnP

Chapter 22 UPnPZyWALL 2 Plus User’s Guide40522.5.1 Auto-discover Your UPnP-enabled Network Device1 Click Start and Control Panel. Double-click Netwo

Chapter 22 UPnPZyWALL 2 Plus User’s Guide406" When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted

Chapter 22 UPnPZyWALL 2 Plus User’s Guide407Follow the steps below to access the web configurator.1 Click Start and then Control Panel. 2 Double-clic

Chapter 22 UPnPZyWALL 2 Plus User’s Guide4086 Right-click the icon for your ZyXEL device and select Properties. A properties window displays with basi

ZyWALL 2 Plus User’s Guide409CHAPTER 23 Custom ApplicationThis chapter covers how to set the ZyWALL’s to monitor custom port numbers for specific app

List of TablesZyWALL 2 Plus User’s Guide41Table 82 SECURITY > CERTIFICATES > My Certificates > Create ...

Chapter 23 Custom ApplicationZyWALL 2 Plus User’s Guide410Figure 267 ADVANCED > Custom APP The following table describes the labels in this scree

ZyWALL 2 Plus User’s Guide411CHAPTER 24 ALG ScreenThis chapter covers how to use the ZyWALL’s ALG feature to allow certain applications to pass throu

Chapter 24 ALG ScreenZyWALL 2 Plus User’s Guide41224.2 FTPFile Transfer Protocol (FTP) is an Internet file transfer service that operates on the Inte

Chapter 24 ALG ScreenZyWALL 2 Plus User’s Guide413• The ZyWALL can also apply bandwidth management to traffic that goes through the H.323 ALG.24.5 S

Chapter 24 ALG ScreenZyWALL 2 Plus User’s Guide414Figure 269 SIP ALG Example 24.5.3 SIP Signaling Session TimeoutMost SIP clients have an “expire”

Chapter 24 ALG ScreenZyWALL 2 Plus User’s Guide415Figure 270 ADVANCED > ALG The following table describes the labels in this screen. Table 131

Chapter 24 ALG ScreenZyWALL 2 Plus User’s Guide416

417PART VLogs and MaintenanceLogs Screens (419)Maintenance (447)

418

ZyWALL 2 Plus User’s Guide419CHAPTER 25 Logs ScreensThis chapter contains information about configuring general log settings and viewing the ZyWALL’s

List of TablesZyWALL 2 Plus User’s Guide42Table 125 ADVANCED > REMOTE MGMT > SNMP ...

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide420The following table describes the labels in this screen. 25.2 Log Description ExampleThe follo

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide42125.2.1 About the Certificate Not Trusted LogmyZyXEL.com and the update server use certificates s

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide422Figure 273 myZyXEL.com: Certificate Download25.3 Configuring Log Settings To change your ZyWALL

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide423Figure 274 LOGS > Log Settings

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide424The following table describes the labels in this screen. Table 134 LOGS > Log SettingsLABEL D

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide42525.4 Configuring Reports The Reports screen displays which computers on the LAN, DMZ or WLAN se

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide426Figure 275 LOGS > Reports " Enabling the ZyWALL’s reporting function decreases the overa

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide427" All of the recorded reports data is erased when you turn off the ZyWALL.25.4.1 Viewing We

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide428" Computers take turns using dynamically assigned LAN, DMZ or WLAN IP addresses. The ZyWALL c

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide429Figure 278 LOGS > Reports: Protocol/Port ExampleThe following table describes the labels in

List of TablesZyWALL 2 Plus User’s Guide43Table 168 MAINTENANCE > Diagnostics ...

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide43025.4.4 System Reports SpecificationsThe following table lists detailed specifications on the repo

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide431Time initialized by NTP serverThe router got the time and date from the NTP server.Connect to Day

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide432 Table 141 System Error LogsLOG MESSAGE DESCRIPTION%s exceeds the max. number of session per hos

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide433 For type and code details, see Table 157 on page 443.Table 143 TCP Reset LogsLOG MESSAGE DES

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide434 Packet without a NAT table entry blocked: ICMPThe router blocked a packet that didn’t have a c

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide435 For type and code details, see Table 157 on page 443.Table 149 Content Filtering LogsLOG MESS

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide436ip spoofing - WAN [ TCP | UDP | IGMP | ESP | GRE | OSPF ]The firewall detected an IP spoofing atta

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide437 Table 151 Remote Management LogsLOG MESSAGE DESCRIPTIONRemote Management: FTP denied Attempted

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide438 Table 153 IKE LogsLOG MESSAGE DESCRIPTIONActive connection allowed exceededThe IKE process for

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide439Remote IP <Remote IP> / <Remote IP> conflictsThe security gateway is set to “0.0.0.0”

List of TablesZyWALL 2 Plus User’s Guide44Table 211 System Maintenance Menu Diagnostic ...

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide440Rule [%d] Phase 2 authentication algorithm mismatchThe listed rule’s IKE phase 2 authentication al

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide441 Table 154 PKI LogsLOG MESSAGE DESCRIPTIONEnrollment successful The SCEP online certificate enr

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide442 Table 155 Certificate Path Verification Failure Reason CodesCODE DESCRIPTION1 Algorithm mismatc

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide443 (L to L/ZW) LAN to LAN/ZyWALLACL set for packets traveling from the LAN to the LAN or the ZyWALL

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide444 0 Time to live exceeded in transit1 Fragment reassembly time exceeded12 Parameter Problem0 Pointe

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide44525.6 Syslog LogsThere are two types of syslog: event logs and traffic logs. The device generate

Chapter 25 Logs ScreensZyWALL 2 Plus User’s Guide446The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the

ZyWALL 2 Plus User’s Guide447CHAPTER 26 MaintenanceThis chapter displays information on the maintenance screens.26.1 Maintenance OverviewThe mainten

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide448Figure 279 MAINTENANCE > General SetupThe following table describes the labels in this screen.

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide449Figure 280 MAINTENANCE > Password The following table describes the labels in this screen.

45PART IIntroduction and RegistrationGetting to Know Your ZyWALL (47)Introducing the Web Configurator (51)Wizard Setup (69)Tutorials (89)Registrat

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide450Figure 281 MAINTENANCE > Time and DateThe following table describes the labels in this screen.

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide451Time Protocol Select the time service protocol that your time server uses. Not all time servers su

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide45226.5 Pre-defined NTP Time Server PoolsWhen you turn on the ZyWALL for the first time, the date and

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide453Figure 283 Synchronization is SuccessfulIf the update was not successful, the following screen a

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide454For example, if a bridge receives a frame via port 1 from host A (MAC address 00a0c5123478), the br

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide455Figure 285 MAINTENANCE > Device Mode (Router Mode)The following table describes the labels in

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide456In bridge mode, the ZyWALL functions as a transparent firewall (also known as a bridge firewall). T

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide45726.10 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system m

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide458The following table describes the labels in this screen.1 Do not turn off the ZyWALL while firmware

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide459Figure 290 Firmware Upload Error26.11 Backup and Restore See Section 41.5 on page 579 for tran

46

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide46026.11.1 Backup Configuration Backup configuration allows you to back up (save) the ZyWALL’s curren

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide461If you uploaded the default configuration file you may need to change the IP address of your compu

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide462Figure 296 MAINTENANCE > Restart 26.13 DiagnosticsUse the Diagnostics screen to have the ZyWA

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide463Figure 297 MAINTENANCE > Diagnostics The following table describes the labels in this screen

Chapter 26 MaintenanceZyWALL 2 Plus User’s Guide464Day for Diagnostics Use the drop down list box to select which day of the week to generate and send

465PART VISMTIntroducing the SMT (467)SMT Menu 1 - General Setup (475)WAN and Dial Backup Setup (481)LAN Setup (491)Internet Access (497)DMZ Setu

466

ZyWALL 2 Plus User’s Guide467CHAPTER 27 Introducing the SMTThis chapter explains how to access the System Management Terminal and gives an overview o

Chapter 27 Introducing the SMTZyWALL 2 Plus User’s Guide468Figure 298 Initial Screen27.2.2 Entering the PasswordThe login screen appears after you

Chapter 27 Introducing the SMTZyWALL 2 Plus User’s Guide46927.3.1 Main MenuAfter you enter the password, the SMT displays the ZyWALL Main Menu, as s

ZyWALL 2 Plus User’s Guide47CHAPTER 1 Getting to Know Your ZyWALLThis chapter introduces the main features and applications of the ZyWALL.1.1 ZyWALL

Chapter 27 Introducing the SMTZyWALL 2 Plus User’s Guide470Figure 301 Main Menu (Bridge Mode)The following table describes the fields in this menu.

Chapter 27 Introducing the SMTZyWALL 2 Plus User’s Guide47127.3.2 SMT Menus OverviewThe following table gives you an overview of your ZyWALL’s vario

Chapter 27 Introducing the SMTZyWALL 2 Plus User’s Guide47227.4 Changing the System PasswordChange the system password by following the steps shown n

Chapter 27 Introducing the SMTZyWALL 2 Plus User’s Guide473Note that as you type a password, the screen displays an “x” for each character you type.2

Chapter 27 Introducing the SMTZyWALL 2 Plus User’s Guide474

ZyWALL 2 Plus User’s Guide475CHAPTER 28 SMT Menu 1 - General SetupMenu 1 - General Setup contains administrative and system-related information.28.1

Chapter 28 SMT Menu 1 - General SetupZyWALL 2 Plus User’s Guide476Figure 304 Menu 1: General Setup (Bridge Mode)The following table describes the fi

Chapter 28 SMT Menu 1 - General SetupZyWALL 2 Plus User’s Guide477Figure 305 Menu 1.1: Configure Dynamic DNSFollow the instructions in the next tab

Chapter 28 SMT Menu 1 - General SetupZyWALL 2 Plus User’s Guide478Figure 306 Menu 1.1.1: DDNS Host SummaryThe following table describes the fields i

Chapter 28 SMT Menu 1 - General SetupZyWALL 2 Plus User’s Guide479Figure 307 Menu 1.1.1: DDNS Edit HostThe following table describes the fields in

Chapter 1 Getting to Know Your ZyWALLZyWALL 2 Plus User’s Guide48Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem1.2.2 VPN Applicat

Chapter 28 SMT Menu 1 - General SetupZyWALL 2 Plus User’s Guide480The IP address updates when you reconfigure menu 1 or perform DHCP client renewal.Us

ZyWALL 2 Plus User’s Guide481CHAPTER 29 WAN and Dial Backup SetupThis chapter describes how to configure the WAN using menu 2 and dial-backup using m

Chapter 29 WAN and Dial Backup SetupZyWALL 2 Plus User’s Guide482The following table describes the fields in this screen.29.3 Dial BackupThe Dial Bac

Chapter 29 WAN and Dial Backup SetupZyWALL 2 Plus User’s Guide483Figure 309 Menu 2: Dial Backup Setup The following table describes the fields in

Chapter 29 WAN and Dial Backup SetupZyWALL 2 Plus User’s Guide484To edit the advanced setup for the Dial Backup port, move the cursor to the Edit Adva

Chapter 29 WAN and Dial Backup SetupZyWALL 2 Plus User’s Guide48529.6 Remote Node Profile (Backup ISP)On the ZyWALL, enter 2 in Menu 11 - Remote Nod

Chapter 29 WAN and Dial Backup SetupZyWALL 2 Plus User’s Guide486The following table describes the fields in this menu.Table 181 Menu 11.3: Remote N

Chapter 29 WAN and Dial Backup SetupZyWALL 2 Plus User’s Guide48729.7 Editing TCP/IP OptionsMove the cursor to the Edit IP field in menu 11.2, then

Chapter 29 WAN and Dial Backup SetupZyWALL 2 Plus User’s Guide48829.8 Editing Login ScriptFor some remote gateways, text login is required before PPP

Chapter 29 WAN and Dial Backup SetupZyWALL 2 Plus User’s Guide489after you enter the password, then you should create a third set to match the final

Chapter 1 Getting to Know Your ZyWALLZyWALL 2 Plus User’s Guide491.4 Good Habits for Managing the ZyWALLDo the following things regularly to make th

Chapter 29 WAN and Dial Backup SetupZyWALL 2 Plus User’s Guide490Figure 314 Menu 11.2.4: Remote Node FilterMenu 11.2.4 - Remote Node FilterInput Fil

ZyWALL 2 Plus User’s Guide491CHAPTER 30 LAN SetupThis chapter describes how to configure the LAN using Menu 3 - LAN Setup.30.1 Introduction to LAN S

Chapter 30 LAN SetupZyWALL 2 Plus User’s Guide492Figure 316 Menu 3.1: LAN Port Filter Setup 30.4 TCP/IP and DHCP Ethernet Setup MenuFrom the main m

Chapter 30 LAN SetupZyWALL 2 Plus User’s Guide493Figure 318 Menu 3.2: TCP/IP and DHCP Ethernet SetupFollow the instructions in the next table on ho

Chapter 30 LAN SetupZyWALL 2 Plus User’s Guide494Use the instructions in the following table to configure TCP/IP parameters for the LAN port." LA

Chapter 30 LAN SetupZyWALL 2 Plus User’s Guide49530.4.1 IP Alias SetupIP alias allows you to partition a physical network into different logical net

Chapter 30 LAN SetupZyWALL 2 Plus User’s Guide496

ZyWALL 2 Plus User’s Guide497CHAPTER 31 Internet AccessThis chapter shows you how to configure your ZyWALL for Internet access.31.1 Introduction to

Chapter 31 Internet AccessZyWALL 2 Plus User’s Guide498The following table describes the fields in this menu.Table 187 Menu 4: Internet Access Setup

Chapter 31 Internet AccessZyWALL 2 Plus User’s Guide49931.3 Configuring the PPTP Client" The ZyWALL supports only one PPTP server connection at

Document ConventionsZyWALL 2 Plus User’s Guide5Icons Used in FiguresFigures in this User’s Guide may use the following generic icons. The ZyWALL icon

Chapter 1 Getting to Know Your ZyWALLZyWALL 2 Plus User’s Guide50WAN 10/100 Off The WAN connection is not ready, or has failed.Green On The ZyWALL has

Chapter 31 Internet AccessZyWALL 2 Plus User’s Guide500Figure 322 Internet Access Setup (PPPoE)The following table contains instructions about the n

ZyWALL 2 Plus User’s Guide501CHAPTER 32 DMZ SetupThis chapter describes how to configure the ZyWALL’s DMZ using Menu 5 - DMZ Setup.32.1 Configuring

Chapter 32 DMZ SetupZyWALL 2 Plus User’s Guide50232.3 TCP/IP SetupFor more detailed information about RIP setup, IP multicast and IP alias, please re

Chapter 32 DMZ SetupZyWALL 2 Plus User’s Guide503" DMZ, WLAN and LAN IP addresses must be on separate subnets. You must also configure NAT for t

Chapter 32 DMZ SetupZyWALL 2 Plus User’s Guide504

ZyWALL 2 Plus User’s Guide505CHAPTER 33 Wireless SetupUse menu 7 to configure the IP address for ZyWALL’s WLAN interface, other TCP/IP and DHCP setti

Chapter 33 Wireless SetupZyWALL 2 Plus User’s Guide506Figure 329 Menu 7.2: TCP/IP and DHCP Ethernet SetupThe DHCP and TCP/IP setup fields are the sa

Chapter 33 Wireless SetupZyWALL 2 Plus User’s Guide507Figure 330 Menu 7.2.1: IP Alias SetupRefer to Table 186 on page 495 for instructions on confi

Chapter 33 Wireless SetupZyWALL 2 Plus User’s Guide508

ZyWALL 2 Plus User’s Guide509CHAPTER 34 Remote Node SetupThis chapter shows you how to configure a remote node.34.1 Introduction to Remote Node Setu

ZyWALL 2 Plus User’s Guide51CHAPTER 2 Introducing the WebConfiguratorThis chapter describes how to access the ZyWALL web configurator and provides an

Chapter 34 Remote Node SetupZyWALL 2 Plus User’s Guide51034.3.1 Ethernet EncapsulationThere are three variations of menu 11.1 depending on whether yo

Chapter 34 Remote Node SetupZyWALL 2 Plus User’s Guide51134.3.2 PPPoE EncapsulationThe ZyWALL supports PPPoE (Point-to-Point Protocol over Ethernet)

Chapter 34 Remote Node SetupZyWALL 2 Plus User’s Guide512Figure 333 Menu 11.1: Remote Node Profile for PPPoE Encapsulation34.3.2.1 Outgoing Authent

Chapter 34 Remote Node SetupZyWALL 2 Plus User’s Guide51334.3.2.3 MetricSee Section 8.2 on page 151 for details on the Metric field.34.3.3 PPTP Enc

Chapter 34 Remote Node SetupZyWALL 2 Plus User’s Guide514Figure 334 Menu 11.1: Remote Node Profile for PPTP EncapsulationThe next table shows how to

Chapter 34 Remote Node SetupZyWALL 2 Plus User’s Guide515Figure 335 Menu 11.1.2: Remote Node Network Layer Options for Ethernet EncapsulationThis m

Chapter 34 Remote Node SetupZyWALL 2 Plus User’s Guide51634.5 Remote Node FilterMove the cursor to the field Edit Filter Sets in menu 11.1, and then

Chapter 34 Remote Node SetupZyWALL 2 Plus User’s Guide517Figure 337 Menu 11.1.4: Remote Node Filter (PPPoE or PPTP Encapsulation)34.6 Traffic Redi

Chapter 34 Remote Node SetupZyWALL 2 Plus User’s Guide518Check WAN IP AddressEnter the IP address of a reliable nearby computer (for example, your ISP

ZyWALL 2 Plus User’s Guide519CHAPTER 35 IP Static Route SetupThis chapter shows you how to configure static routes with your ZyWALL.35.1 IP Static R

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide525 You should see a screen asking you to change your password (highly recommended

Chapter 35 IP Static Route SetupZyWALL 2 Plus User’s Guide520Figure 340 Menu 12. 1: Edit IP Static Route`The following table describes the IP Static

ZyWALL 2 Plus User’s Guide521CHAPTER 36 Network Address Translation(NAT)This chapter discusses how to configure NAT on the ZyWALL.36.1 Using NAT&quo

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide522Figure 341 Menu 4: Applying NAT for Internet AccessThe following figure sho

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide523The following table describes the fields in this menu.36.2 NAT SetupUse the

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide524Figure 344 Menu 15.1: Address Mapping Sets36.2.1.1 SUA Address Mapping Set

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide52536.2.1.2 User-Defined Address Mapping SetsNow look at option 1 in menu 15.1

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide526Figure 346 Menu 15.1.1: First Set" The Type, Local and Global Start/En

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide527" You must press [ENTER] at the bottom of the screen to save the whole

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide52836.3 Configuring a Server behind NAT" If you do not assign a Default Se

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide529Figure 349 15.2.1: NAT Server ConfigurationThe following table describes t

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide532.3 Resetting the ZyWALLIf you forget your password or cannot access the web c

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide530Figure 350 Menu 15.2: NAT Server Setup You assign the private network IP ad

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide531Figure 352 NAT Example 1Figure 353 Menu 4: Internet Access & NAT Exa

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide53236.4.2 Example 2: Internet Access with a Default Server Figure 354 NAT Exa

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide5332 Map the second IGA to our second inside FTP server for FTP traffic in both

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide534Figure 357 Example 3: Menu 11.1.2The following figure shows how to configur

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide535Figure 359 Example 3: Final Menu 15.1.1Now configure the IGA3 to map to ou

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide53636.4.4 Example 4: NAT Unfriendly Application ProgramsSome applications do no

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide537Figure 363 Example 4: Menu 15.1.1: Address Mapping Rules36.5 Trigger Port

Chapter 36 Network Address Translation (NAT)ZyWALL 2 Plus User’s Guide538" Only one LAN computer can use a trigger port (range) at a time.Enter 3

ZyWALL 2 Plus User’s Guide539CHAPTER 37 Introducing the ZyWALL FirewallThis chapter shows you how to get started with the ZyWALL firewall.37.1 Using

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide542.4 Navigating the ZyWALL Web ConfiguratorThe following summarizes how to navig

Chapter 37 Introducing the ZyWALL FirewallZyWALL 2 Plus User’s Guide540Figure 366 Menu 21.2: Firewall Setup" Configure the firewall rules using

ZyWALL 2 Plus User’s Guide541CHAPTER 38 Filter ConfigurationThis chapter shows you how to create and apply filters.38.1 Introduction to FiltersYour

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide54238.1.1 The Filter Structure of the ZyWALLA filter set consists of one or more filter rule

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide543Figure 368 Filter Rule Process You can apply up to four filter sets to a particular por

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide54438.2 Configuring a Filter SetThe ZyWALL includes filtering for NetBIOS over TCP/IP packet

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide545Figure 371 Menu 21.1.1: Filter Rules SummaryThis screen shows the summary of the existi

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide546Refer to the next section for information on configuring the filter rules.38.2.1 Configur

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide547The following table describes how to configure your TCP/IP filter rule.Table 204 Menu 2

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide548The following figure illustrates the logic flow of an IP filter.Figure 373 Executing an

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide54938.2.3 Configuring a Generic Filter Rule This section shows you how to configure a gener

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide552.4.2 Main WindowThe main window shows the screen you select in the navigation

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide55038.3 Example FilterLet’s look at an example to block outside users from accessing the ZyW

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide551Figure 376 Example Filter: Menu 21.1.3.1The port number for the Telnet service (TCP pro

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide552After you’ve created the filter set, you must apply it. 1 Enter 11 from the main menu to g

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide55338.5.1.1 When To Use Filtering1 To block/allow LAN packets by their MAC addresses.2 To b

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide554" If you do not activate the firewall, it is advisable to apply filters.38.6.1 Apply

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide55538.6.3 Applying Remote Node FiltersGo to menu 11.1.4 (shown below – note that call filte

Chapter 38 Filter ConfigurationZyWALL 2 Plus User’s Guide556

ZyWALL 2 Plus User’s Guide557CHAPTER 39 SNMP ConfigurationThis chapter explains SNMP configuration menu 22.39.1 SNMP ConfigurationTo configure SNMP,

Chapter 39 SNMP ConfigurationZyWALL 2 Plus User’s Guide55839.2 SNMP Traps The ZyWALL will send traps to the SNMP manager when any one of the followin

ZyWALL 2 Plus User’s Guide559CHAPTER 40 System Information & DiagnosisThis chapter covers SMT menus 24.1 to 24.4.40.1 Introduction to System Sta

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide56Firmware Version This is the ZyNOS Firmware version and the date created. ZyNOS

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide5603 There are three commands in Menu 24.1 - System Maintenance - Status. Enter

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide56140.3 System Information and Console Port SpeedThis section describes your

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide562The following table describes the fields in this screen.40.3.2 Console Port

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide5633 Select the first option from Menu 24.3 - System Maintenance - Log and Tra

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide564You need to configure the syslog parameters described in the following table

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide5652 Packet triggered3 Filter log Packet triggered Message FormatSdcmdSyslogSe

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide5664 PPP log 5 Firewall log40.4.3 Call-Triggering PacketCall-Triggering Packet

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide567Figure 391 Call-Triggering Packet Example40.5 DiagnosticThe diagnostic f

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide568Figure 392 Menu 24.4: System Maintenance: Diagnostic40.5.1 WAN DHCPDHCP f

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide569WAN DHCP Renewal Enter 3 to renew your WAN DHCP settings.PPPoE/PPTP Setup T

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide572.4.4 HOME Screen: Bridge Mode The following screen displays when the ZyWAL

Chapter 40 System Information & DiagnosisZyWALL 2 Plus User’s Guide570

ZyWALL 2 Plus User’s Guide571CHAPTER 41 Firmware and Configuration FileMaintenanceThis chapter tells you how to back up and restore your configuratio

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide572The following table is a summary. Please note that the internal fil

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide573Figure 394 Telnet into Menu 24.541.3.2 Using the FTP Command fr

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide57441.3.3 Example of FTP Commands from the Command Line Figure 395

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide57541.3.6 Backup Configuration Using TFTPThe ZyWALL supports the up/

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide576Refer to Section 41.3.5 on page 574 to read about configurations th

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide5774 After a successful backup you will see the following screen. Pre

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide578Figure 400 Telnet into Menu 24.61 Launch the FTP client on your c

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide57941.4.3 Restore Via Console PortRestore configuration via console

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide58You can use the firewall and VPN in bridge mode. See the user’s guide for a list

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide580" WARNING!Do not interrupt the file transfer process as this m

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide581Figure 407 Telnet Into Menu 24.7.2: System Maintenance To upload

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide58241.5.4 FTP Session Example of Firmware File UploadFigure 408 FTP

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide58341.5.6 TFTP Upload Command ExampleThe following is an example TFT

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide584Figure 410 Example Xmodem Upload After the firmware upload proces

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide58541.5.11 Example Xmodem Configuration Upload Using HyperTerminalCl

Chapter 41 Firmware and Configuration File MaintenanceZyWALL 2 Plus User’s Guide586

ZyWALL 2 Plus User’s Guide587CHAPTER 42 System Maintenance Menus 8 to10This chapter leads you through SMT menus 24.8 to 24.10.42.1 Command Interpret

Chapter 42 System Maintenance Menus 8 to 10ZyWALL 2 Plus User’s Guide58842.1.1 Command SyntaxThe command keywords are in courier new font.Enter the c

Chapter 42 System Maintenance Menus 8 to 10ZyWALL 2 Plus User’s Guide58942.2 Call Control SupportThe ZyWALL provides two call control functions: bud

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide59System Time This field displays your ZyWALL’s present date (in yyyy-mm-dd forma

Chapter 42 System Maintenance Menus 8 to 10ZyWALL 2 Plus User’s Guide590The total budget is the time limit on the accumulated time for outgoing calls

Chapter 42 System Maintenance Menus 8 to 10ZyWALL 2 Plus User’s Guide591The following table describes the fields in this screen.42.3 Time and Date S

Chapter 42 System Maintenance Menus 8 to 10ZyWALL 2 Plus User’s Guide592Figure 419 Menu 24.10 System Maintenance: Time and Date SettingThe following

Chapter 42 System Maintenance Menus 8 to 10ZyWALL 2 Plus User’s Guide593Start Date (mm-nth-week-hr)Configure the day and time when Daylight Saving Ti

Chapter 42 System Maintenance Menus 8 to 10ZyWALL 2 Plus User’s Guide594

ZyWALL 2 Plus User’s Guide595CHAPTER 43 Remote ManagementThis chapter covers remote management found in SMT menu 24.11.43.1 Remote ManagementRemote

Chapter 43 Remote ManagementZyWALL 2 Plus User’s Guide596Figure 420 Menu 24.11 – Remote Management ControlThe following table describes the fields i

Chapter 43 Remote ManagementZyWALL 2 Plus User’s Guide59743.1.1 Remote Management LimitationsRemote management over LAN or WAN will not work when:1

Chapter 43 Remote ManagementZyWALL 2 Plus User’s Guide598

ZyWALL 2 Plus User’s Guide599CHAPTER 44 Call SchedulingCall scheduling allows you to dictate when a remote node should be called and for how long.44.

Safety WarningsZyWALL 2 Plus User’s Guide6Safety Warnings1 For your safety, be sure to read and follow all warning notices and instructions.• Do NOT u

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide602.4.5 Navigation PanelAfter you enter the password, use the sub-menus on the na

Chapter 44 Call SchedulingZyWALL 2 Plus User’s Guide600" To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] or

Chapter 44 Call SchedulingZyWALL 2 Plus User’s Guide601Once your schedule sets are configured, you must then apply them to the desired remote node(s)

Chapter 44 Call SchedulingZyWALL 2 Plus User’s Guide602Figure 424 Applying Schedule Set(s) to a Remote Node (PPTP) Menu 11.1 - Remote No

603PART VIITroubleshooting and SpecificationsTroubleshooting (605)Product Specifications (613)

604

ZyWALL 2 Plus User’s Guide605CHAPTER 45 TroubleshootingThis chapter offers some suggestions to solve problems you might encounter. The potential prob

Chapter 45 TroubleshootingZyWALL 2 Plus User’s Guide60645.2 ZyWALL Access and LoginV I forgot the IP address for the ZyWALL.1 The default IP address

Chapter 45 TroubleshootingZyWALL 2 Plus User’s Guide6076 If the problem continues, contact the network administrator or vendor, or try one of the adv

Chapter 45 TroubleshootingZyWALL 2 Plus User’s Guide608See the troubleshooting suggestions for I cannot see or access the Login screen in the web conf

Chapter 45 TroubleshootingZyWALL 2 Plus User’s Guide609The username and password apply to PPPoE and PPPoA encapsulation only. Make sure that you have

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide61Table Key: A Y in a mode’s column shows that the device mode has the specified

Chapter 45 TroubleshootingZyWALL 2 Plus User’s Guide610interfering with the wireless network (for example, microwaves, other wireless networks, and so

Chapter 45 TroubleshootingZyWALL 2 Plus User’s Guide611Restart your computer.V I cannot open special applications such as white board, file transfer

Chapter 45 TroubleshootingZyWALL 2 Plus User’s Guide612

ZyWALL 2 Plus User’s Guide613CHAPTER 46 Product Specificationshis chapter gives details about your ZyWALL’s hardware and firmware features.46.1 Gene

Chapter 46 Product SpecificationsZyWALL 2 Plus User’s Guide614Device Management Use the web configurator to easily configure the rich range of feature

Chapter 46 Product SpecificationsZyWALL 2 Plus User’s Guide615 46.2 Cable Pin AssignmentsIn a serial communications connection, generally a computer

Chapter 46 Product SpecificationsZyWALL 2 Plus User’s Guide616Figure 425 Console/Dial Backup Cable DB-9 End Pin Layout Table 224 Console Cable Pi

Chapter 46 Product SpecificationsZyWALL 2 Plus User’s Guide61746.3 Wall-mounting InstructionsComplete the following steps to hang your ZyWALL on a w

Chapter 46 Product SpecificationsZyWALL 2 Plus User’s Guide618Figure 426 Wall-mounting ExampleThe following are dimensions of an M4 tap screw and ma

619PART VIIIAppendices and Index" The appendices provide general information. Some details may not apply to your ZyWALL.Setting up Your Computer’

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide62WAN Route This screen allows you to configure route priority.WAN Use this scr

620

ZyWALL 2 Plus User’s Guide621APPENDIX A Setting up Your Computer’s IPAddressAll computers must have a 10M or 100M Ethernet adapter card and TCP/IP in

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide622Figure 428 WIndows 95/98/Me: Network: ConfigurationInstalling Component

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide623Configuring 1 In the Network window Configuration tab, select your netwo

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide624Figure 430 Windows 95/98/Me: TCP/IP Properties: DNS Configuration4 Clic

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide625Figure 431 Windows XP: Start Menu2 In the Control Panel, double-click

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide626Figure 433 Windows XP: Control Panel: Network Connections: Properties4

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide627Figure 435 Windows XP: Internet Protocol (TCP/IP) Properties6 If you

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide628Figure 436 Windows XP: Advanced TCP/IP Properties7 In the Internet Prot

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide629Figure 437 Windows XP: Internet Protocol (TCP/IP) Properties8 Click OK

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide63AUTH SERVER Local User DatabaseUse this screen to configure the local user acco

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide630Figure 438 Macintosh OS 8/9: Apple Menu2 Select Ethernet built-in from

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide631• Type your IP address in the IP Address box.• Type your subnet mask in

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide632Figure 441 Macintosh OS X: Network4 For statically assigned settings, d

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide633" Make sure you are logged in as the root administrator. Using the

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide634• If you have a dynamic IP address, click Automatically obtain IP address

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide635Figure 446 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 •

Appendix A Setting up Your Computer’s IP AddressZyWALL 2 Plus User’s Guide636Verifying SettingsEnter ifconfig in a terminal screen to check your TCP/I

ZyWALL 2 Plus User’s Guide637APPENDIX B Pop-up Windows, JavaScriptsand Java PermissionsIn order to use the web configurator you need to allow:• Web b

Appendix B Pop-up Windows, JavaScripts and Java PermissionsZyWALL 2 Plus User’s Guide6382 Clear the Block pop-ups check box in the Pop-up Blocker sect

Appendix B Pop-up Windows, JavaScripts and Java PermissionsZyWALL 2 Plus User’s Guide639Figure 453 Internet Options: Privacy3 Type the IP address o

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide642.4.6 Port Statistics Click Port Statistics in the HOME screen. Read-only info

Appendix B Pop-up Windows, JavaScripts and Java PermissionsZyWALL 2 Plus User’s Guide6405 Click Close to return to the Privacy screen. 6 Click Apply t

Appendix B Pop-up Windows, JavaScripts and Java PermissionsZyWALL 2 Plus User’s Guide641Figure 456 Security Settings - Java ScriptingJava Permissio

Appendix B Pop-up Windows, JavaScripts and Java PermissionsZyWALL 2 Plus User’s Guide642JAVA (Sun)1 From Internet Explorer, click Too ls, Internet Opt

Appendix B Pop-up Windows, JavaScripts and Java PermissionsZyWALL 2 Plus User’s Guide643Figure 459 Mozilla Firefox: Tools > OptionsClick Content

Appendix B Pop-up Windows, JavaScripts and Java PermissionsZyWALL 2 Plus User’s Guide644

ZyWALL 2 Plus User’s Guide645APPENDIX C IP Addresses and SubnettingThis appendix introduces IP addresses and subnet masks. IP addresses identify indi

Appendix C IP Addresses and SubnettingZyWALL 2 Plus User’s Guide646Figure 461 Network Number and Host IDHow much of the IP address is the network nu

Appendix C IP Addresses and SubnettingZyWALL 2 Plus User’s Guide647Subnet masks are expressed in dotted decimal notation just like IP addresses. The

Appendix C IP Addresses and SubnettingZyWALL 2 Plus User’s Guide648SubnettingYou can use subnetting to divide one network into multiple sub-networks.

Appendix C IP Addresses and SubnettingZyWALL 2 Plus User’s Guide649Figure 463 Subnetting Example: After SubnettingIn a 25-bit subnet the host ID ha

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide652.4.7 DHCP Table Screen DHCP (Dynamic Host Configuration Protocol, RFC 2131

Appendix C IP Addresses and SubnettingZyWALL 2 Plus User’s Guide650Example: Eight SubnetsSimilarly, use a 27-bit mask to create eight subnets (000, 00

Appendix C IP Addresses and SubnettingZyWALL 2 Plus User’s Guide651Subnet PlanningThe following table is a summary for subnet planning on a network w

Appendix C IP Addresses and SubnettingZyWALL 2 Plus User’s Guide652Configuring IP AddressesWhere you obtain your network number depends on your partic

ZyWALL 2 Plus User’s Guide653APPENDIX D Common ServicesThe following table lists some commonly-used services and their associated protocols and port

Appendix D Common ServicesZyWALL 2 Plus User’s Guide654Table 238 Commonly Used ServicesNAME PROTOCOL PORT(S) DESCRIPTIONAH (IPSEC_TUNNEL)User-Define

Appendix D Common ServicesZyWALL 2 Plus User’s Guide655NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgrou

Appendix D Common ServicesZyWALL 2 Plus User’s Guide656TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in

ZyWALL 2 Plus User’s Guide657APPENDIX E Importing CertificatesThis appendix shows importing certificates examples using Internet Explorer 5.Import Zy

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide658Figure 465 Login Screen2 Click Install Certificate to open the Install Certificate wiz

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide659Figure 467 Certificate Import Wizard 14 Select where you would like to store the cert

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide662.4.8 VPN StatusClick VPN in the HOME screen when the ZyWALL is set to router m

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide660Figure 469 Certificate Import Wizard 36 Click Yes to add the ZyWALL certificate to th

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide661Figure 471 Certificate General Information after ImportEnrolling and Importing SSL Cl

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide662Figure 472 ZyWALL Trusted CA ScreenThe CA sends you a package containing the CA’s trus

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide663Figure 473 CA Certificate Example2 Click Install Certificate and follow the wizard as

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide664Figure 474 Personal Certificate Import Wizard 12 The file name and path of the certifi

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide665Figure 476 Personal Certificate Import Wizard 34 Have the wizard determine where the

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide666Figure 478 Personal Certificate Import Wizard 56 You should see the following screen w

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide667Figure 481 SSL Client Authentication3 You next see the ZyWALL login screen.Figure 482

Appendix E Importing CertificatesZyWALL 2 Plus User’s Guide668

ZyWALL 2 Plus User’s Guide669APPENDIX F Legal InformationCopyrightCopyright © 2007 by ZyXEL Communications Corporation.The contents of this publicati

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide672.4.9 Bandwidth Monitor Click Bandwidth in the HOME screen to display the band

Appendix F Legal InformationZyWALL 2 Plus User’s Guide670If this device does cause harmful interference to radio/television reception, which can be de

Appendix F Legal InformationZyWALL 2 Plus User’s Guide671ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced product

Appendix F Legal InformationZyWALL 2 Plus User’s Guide672

ZyWALL 2 Plus User’s Guide673APPENDIX G Customer SupportPlease have the following information ready when you contact customer support.Required Inform

Appendix G Customer SupportZyWALL 2 Plus User’s Guide674• Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, C

Appendix G Customer SupportZyWALL 2 Plus User’s Guide675India• Support E-mail: [email protected]• Sales E-mail: [email protected]• Telephone: +91-11-3088

Appendix G Customer SupportZyWALL 2 Plus User’s Guide676• Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806-2001, U.S.A.N

Appendix G Customer SupportZyWALL 2 Plus User’s Guide677Sweden• Support E-mail: [email protected]• Sales E-mail: [email protected]• Telephone: +46-31-744

Appendix G Customer SupportZyWALL 2 Plus User’s Guide678

IndexZyWALL 2 Plus User’s Guide679IndexNumerics9600 baud 467Aactive protocol 272AH 272and encapsulation 272ESP 272Address Assignment 365address assign

Chapter 2 Introducing the Web ConfiguratorZyWALL 2 Plus User’s Guide68Automatic Refresh Interval Select a number of seconds or None from the drop-down

IndexZyWALL 2 Plus User’s Guide680CHAP 486, 513CNM 396command interpreter mode 587command line 573commandsFTP 573computer names 136, 138configuration

IndexZyWALL 2 Plus User’s Guide681ESSID 610Ethernetencapsulation 70, 497, 510extended authentication 260FF/W version 562factory defaults 461factory-de

IndexZyWALL 2 Plus User’s Guide682encryption algorithms 257, 263extended authentication 260ID content 259ID type 259IP address, remote IPSec router 25

IndexZyWALL 2 Plus User’s Guide683configuring 523default server IP address 340definitions 331examples 530how NAT works 332in the SMT 521inside global

IndexZyWALL 2 Plus User’s Guide684limitations 378, 597secure FTP using SSH 389secure telnet using SSH 387SNMP 392SSH 385SSH implementation 386system t

IndexZyWALL 2 Plus User’s Guide685static route 347, 519stop bit 467STP 146BPDU 146Hello BPDU 147how it works 146Max Age 147port states 147STUN 413SUA

IndexZyWALL 2 Plus User’s Guide686network policy 80, 256, 273overlap 271pre-shared key 267proposal 257remote IPSec router 253remote network 253remote

ZyWALL 2 Plus User’s Guide69CHAPTER 3 Wizard SetupThis chapter provides information on the Wizard Setup screens in the web configurator. The Inter

Contents OverviewZyWALL 2 Plus User’s Guide7Contents OverviewIntroduction and Registration ...

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide703.2 Internet Access The Internet access wizard screen has three variations depending on what encaps

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide713.2.1.2 PPPoE Encapsulation Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up c

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide72Figure 16 ISP Parameters: PPPoE EncapsulationThe following table describes the labels in this scre

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide733.2.1.3 PPTP EncapsulationPoint-to-Point Tunneling Protocol (PPTP) is a network protocol that enab

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide74Figure 17 ISP Parameters: PPTP EncapsulationThe following table describes the labels in this scree

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide753.2.2 Internet Access Wizard: Second ScreenClick Next to go to the screen where you can register y

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide76Figure 19 Internet Access Setup Complete3.2.3 Internet Access Wizard: RegistrationIf you clicked

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide77Figure 20 Internet Access Wizard: RegistrationThe following table describes the labels in this sc

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide78Figure 21 Internet Access Wizard: Registration in ProgressClick Close to leave the wizard screen w

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide79Figure 24 Internet Access Wizard: Registered DeviceFigure 25 Internet Access Wizard: Activated

Contents OverviewZyWALL 2 Plus User’s Guide8SMT ...

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide80Figure 26 VPN Wizard: Gateway SettingThe following table describes the labels in this screen.3.4

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide81Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can ha

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide823.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1)Use this screen to specify the authentication, encry

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide83The following table describes the labels in this screen.3.6 VPN Wizard IPSec Setting (IKE Phase 2)

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide84Figure 29 VPN Wizard: IPSec SettingThe following table describes the labels in this screen.Table 1

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide853.7 VPN Wizard Status SummaryThis read-only screen shows the status of the current VPN setting. Us

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide86The following table describes the labels in this screen.Table 19 VPN Wizard: VPN StatusLABEL DESCR

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide873.8 VPN Wizard Setup CompleteCongratulations! You have successfully set up the VPN rule for your Z

Chapter 3 Wizard SetupZyWALL 2 Plus User’s Guide88

ZyWALL 2 Plus User’s Guide89CHAPTER 4 TutorialsThis chapter describes • how to apply security settings to VPN traffic.• how to set up your ZyWALL if

Table of ContentsZyWALL 2 Plus User’s Guide9Table of ContentsAbout This User's Guide ...

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide90Figure 32 Firewall Rule for VPN4.1.2 Configuring the VPN RuleThis section shows how to configure a V

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide91Figure 34 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy 3 Click the Add Network P

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide92Figure 35 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example 4 Use this screen to s

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide93Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy 4.1.3 Configuring the Fir

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide941 Click Security > Firewall > Rule Summary. 2 Select VPN to LAN as the packet direction and click

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide95Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow 5 The rule displays in the summa

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide96Figure 39 SECURITY > FIREWALL > Rule Summary: Allow4.1.3.2 Default Firewall Rule to Block Othe

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide974.2 Using NAT with Multiple Public IP AddressesThis section shows you examples of how to set up your

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide984.2.2 Configuring the WAN Connection with a Static IP AddressThe following table shows the information

Chapter 4 TutorialsZyWALL 2 Plus User’s Guide99Figure 43 Tutorial Example: WAN Screen 6 Click ADVANCED > DNS.7 The System screen displays. Click