Zyxel-communications Internet Security Gateway ZyWALL 2 Series Instrukcja Użytkownika Strona 1

ZyWALL 2 Series Internet Security Gateway User’s Guide Version 3.62 June 2004

ZyWALL 2 Series User’s Guide x Table of Contents 14.13 Configuring Advanced IKE Setup ...

ZyWALL 2 Series User’s Guide 6-16 WAN Screens Figure 6-9 Traffic Redirect The following table describes the fields in this screen. Table 6-8 Traffi

ZyWALL 2 Series User’s Guide WAN Screens 6-17 Table 6-8 Traffic Redirect LABEL DESCRIPTION Check WAN IP Address Configuration of this field is option

ZyWALL 2 Series User’s Guide 6-18 WAN Screens Figure 6-10 Dial Backup Setup

ZyWALL 2 Series User’s Guide WAN Screens 6-19 The following table describes the labels in this screen. Table 6-9 Dial Backup Setup LABEL DESCRIPTION

ZyWALL 2 Series User’s Guide 6-20 WAN Screens Table 6-9 Dial Backup Setup LABEL DESCRIPTION Get IP Address Automatically from Remote Server Type the

ZyWALL 2 Series User’s Guide WAN Screens 6-21 Table 6-9 Dial Backup Setup LABEL DESCRIPTION RIP Version The RIP Version field controls the format and

ZyWALL 2 Series User’s Guide 6-22 WAN Screens Table 6-9 Dial Backup Setup LABEL DESCRIPTION Configure Budget Select this check box to have the dial

ZyWALL 2 Series User’s Guide WAN Screens 6-23 6.11.3 Response Strings The response strings tell the ZyWALL the tags, or labels, immediately preceding

ZyWALL 2 Series User’s Guide 6-24 WAN Screens Figure 6-11 Advanced Setup The following table describes the labels in this screen. Table 6-10 Advanc

ZyWALL 2 Series User’s Guide WAN Screens 6-25 Table 6-10 Advanced Setup LABEL DESCRIPTION EXAMPLE Drop Type the AT Command string to drop a call. &q

ZyWALL 2 Series User’s Guide Table of Contents xi 17.9 Secure Telnet Using SSH Examples ...

ZyWALL 2 Series User’s Guide Wireless LAN Screens 7-1 Chapter 7 Wireless LAN Screens This chapter discusses how to configure Wireless LAN on the Z

ZyWALL 2 Series User’s Guide 7-2 Wireless LAN Screens is they do not know if the channel is currently being used. Therefore, they are considered hid

ZyWALL 2 Series User’s Guide Wireless LAN Screens 7-3 A large Fragmentation Threshold is recommended for networks not prone to interference while you

ZyWALL 2 Series User’s Guide 7-4 Wireless LAN Screens 7.4 Configuring Wireless LAN If you are configuring the ZyWALL from a computer connected to t

ZyWALL 2 Series User’s Guide Wireless LAN Screens 7-5 Table 7-1 Wireless LABEL DESCRIPTION Enable Wireless LAN The wireless LAN is turned off by def

ZyWALL 2 Series User’s Guide 7-6 Wireless LAN Screens 7.5 Configuring MAC Filter The MAC filter screen allows you to configure the ZyWALL to give ex

ZyWALL 2 Series User’s Guide Wireless LAN Screens 7-7 Table 7-2 MAC Address Filter LABEL DESCRIPTION Active Select or clear the check box to enable

ZyWALL 2 Series User’s Guide 7-8 Wireless LAN Screens • Access-Request Sent by the ZyWALL requesting authentication. • Access-Reject Sent by a RAD

ZyWALL 2 Series User’s Guide Wireless LAN Screens 7-9 Figure 7-5 EAP Authentication The details below provide a general description of how IEEE 802

ZyWALL 2 Series User’s Guide xii Table of Contents 23.3 Configuring Dial Backup in Menu 2...

ZyWALL 2 Series User’s Guide 7-10 Wireless LAN Screens Figure 7-6 802.1X Authentication The following table describes the fields in this screen. Ta

NAT and Static Route IV Part IV: NAT and Static Route This part covers Network Address Translation and setting up static routes.

ZyWALL 2 Series User’s Guide NAT 8-1 Chapter 8 Network Address Translation (NAT) This chapter discusses how to configure NAT on the ZyWALL.

ZyWALL 2 Series User’s Guide 8-2 NAT local address before forwarding it to the original inside host. Note that the IP address (either local o

ZyWALL 2 Series User’s Guide NAT 8-3 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LA

ZyWALL 2 Series User’s Guide 8-4 NAT  Many to One: In Many-to-One mode, the ZyWALL maps multiple local IP addresses to one global IP address

ZyWALL 2 Series User’s Guide NAT 8-5 8.2.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is an implementation of a subset o

ZyWALL 2 Series User’s Guide 8-6 NAT Table 8-3 Services and Port Numbers SERVICES PORT NUMBER DNS (Domain Name System) 53 Finger 79 HTTP (Hy

ZyWALL 2 Series User’s Guide NAT 8-7 8.4 Configuring SUA Server If you do not assign a Default Server IP address, the ZyWALL discards all p

ZyWALL 2 Series User’s Guide Table of Contents xiii 30.5 Firewall Versus Filters ...

ZyWALL 2 Series User’s Guide 8-8 NAT Table 8-4 SUA Server LABEL DESCRIPTION Default Server In addition to the servers for specified services

ZyWALL 2 Series User’s Guide NAT 8-9 Figure 8-5 Address Mapping The following table describes the fields in this screen. Table 8-5 Address M

ZyWALL 2 Series User’s Guide 8-10 NAT Table 8-5 Address Mapping LABEL DESCRIPTION Type 1. One-to-One mode maps one local IP address to one gl

ZyWALL 2 Series User’s Guide NAT 8-11 Table 8-6 Address Mapping Rule LABEL DESCRIPTION Type Choose the port mapping type from one of the fol

ZyWALL 2 Series User’s Guide 8-12 NAT receives a response with a specific port number and protocol ("incoming" port), the ZyWALL fo

ZyWALL 2 Series User’s Guide NAT 8-13 Figure 8-8 Trigger Port The following table describes the fields in this screen. Table 8-7 Trigger Por

ZyWALL 2 Series User’s Guide 8-14 NAT Table 8-7 Trigger Port LABEL DESCRIPTION Incoming Incoming is a port (or a range of ports) that a serv

ZyWALL 2 Series User’s Guide Static Route Screens 9-1 Chapter 9 Static Route Screens This chapter shows you how to configure static routes for yo

ZyWALL 2 Series User’s Guide 9-2 Static Route Screens Figure 9-2 Static Route Screen The following table describes the fields in this screen. Table

ZyWALL 2 Series User’s Guide Static Route Screens 9-3 Table 9-1 IP Static Route Summary LABEL DESCRIPTION Gateway This is the IP address of the g

ZyWALL 2 Series User’s Guide xiv Table of Contents Appendix F Types of EAP Authentication ...

ZyWALL 2 Series User’s Guide 9-4 Static Route Screens Table 9-2 Edit IP Static Route LABEL DESCRIPTION Active This field allows you to activate/dea

Firewall and Content Filters V Part V: Firewall and Content Filters This part introduces firewalls in general and the ZyWALL firewall. It also

ZyWALL 2 Series User’s Guide Firewalls 10-1 Chapter 10 Firewalls This chapter gives some background information on firewalls and introduces the ZyWAL

ZyWALL 2 Series User’s Guide 10-2 Firewalls i. Information hiding prevents the names of internal systems from being made known via DNS to outside sy

ZyWALL 2 Series User’s Guide Firewalls 10-3 Figure 10-1 ZyWALL Firewall Application 10.4 Denial of Service Denials of Service (DoS) attacks are a

ZyWALL 2 Series User’s Guide 10-4 Firewalls Table 10-1 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 10.4.2 Types of DoS Attack

ZyWALL 2 Series User’s Guide Firewalls 10-5 Figure 10-2 Three-Way Handshake  Under normal circumstances, the application that initiates a session

ZyWALL 2 Series User’s Guide 10-6 Firewalls 2-b In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the

ZyWALL 2 Series User’s Guide Firewalls 10-7  Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are

ZyWALL 2 Series User’s Guide List of Figures xv List of Figures Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem...

ZyWALL 2 Series User’s Guide 10-8 Firewalls all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that or

ZyWALL 2 Series User’s Guide Firewalls 10-9 4. Based on the obtained state information, a firewall rule creates a temporary access list entry that i

ZyWALL 2 Series User’s Guide 10-10 Firewalls Below is a brief technical description of how these connections are tracked. Connections may either be d

ZyWALL 2 Series User’s Guide Firewalls 10-11 10.5.5 Upper Layer Protocols Some higher layer protocols (such as FTP and RealAudio) utilize multiple ne

ZyWALL 2 Series User’s Guide 10-12 Firewalls 10.7.1 Packet Filtering:  The router filters packets as they pass through the router’s interface accor

ZyWALL 2 Series User’s Guide Firewalls 10-13 3. To selectively block/allow inbound or outbound traffic between inside host/networks and outside host

ZyWALL 2 Series User’s Guide Firewall Screens 11-1Chapter 11 Firewall Screens This chapter shows you how to configure your ZyWALL firewall. 11.1 Acc

ZyWALL 2 Series User’s Guide 11-2 Firewall Screens If you configure firewall rules without a good understanding of how they work, you might inadverte

ZyWALL 2 Series User’s Guide Firewall Screens 11-31. Does this rule stop LAN users from accessing critical resources on the Internet? For example, i

ZyWALL 2 Series User’s Guide xvi List of Figures Figure 8-3 Multiple Servers Behind NAT Example...

ZyWALL 2 Series User’s Guide 11-4 Firewall Screens policies for managing the ZyWALL through the LAN interface) and policies for LAN-to-LAN (the polic

ZyWALL 2 Series User’s Guide Firewall Screens 11-5 Figure 11-2 WAN to LAN Traffic 11.5 Alerts Alerts are reports on events, such as attacks, that you

ZyWALL 2 Series User’s Guide 11-6 Firewall Screens Figure 11-3 Enabling the Firewall The following table describes the fields in this screen. Sele

ZyWALL 2 Series User’s Guide Firewall Screens 11-7Table 11-1 Firewall Rules Summary: First Screen LABEL DESCRIPTION Enable Firewall Select this che

ZyWALL 2 Series User’s Guide 11-8 Firewall Screens Table 11-1 Firewall Rules Summary: First Screen LABEL DESCRIPTION Log This field shows you if a l

ZyWALL 2 Series User’s Guide Firewall Screens 11-9 Figure 11-4 Creating/Editing A Firewall Rule

ZyWALL 2 Series User’s Guide 11-10 Firewall Screens The following table describes the fields in this screen. Table 11-2 Creating/Editing A Firewall R

ZyWALL 2 Series User’s Guide Firewall Screens 11-11Table 11-2 Creating/Editing A Firewall Rule LABEL DESCRIPTION Log This field determines if a log

ZyWALL 2 Series User’s Guide 11-12 Firewall Screens Table 11-3 Adding/Editing Source and Destination Addresses LABEL DESCRIPTION Address Type Do y

ZyWALL 2 Series User’s Guide Firewall Screens 11-13Table 11-4 Creating/Editing A Custom Port LABEL DESCRIPTION Service Name Enter a unique name for

ZyWALL 2 Series User’s Guide List of Figures xvii Figure 14-9 Advanced IKE VPN Rule Setup ...

ZyWALL 2 Series User’s Guide 11-14 Firewall Screens Figure 11-7 Firewall IP Config Screen Step 4. Select Any in the Destination Address box and the

ZyWALL 2 Series User’s Guide Firewall Screens 11-15Step 5. Click DestAdd under the Destination Address box. Step 6. Configure the Firewall Rule Edi

ZyWALL 2 Series User’s Guide 11-16 Firewall Screens Custom ports show up with an “*” before their names in the Services list box and the Rule Summary

ZyWALL 2 Series User’s Guide Firewall Screens 11-17On completing the configuration procedure for this Internet firewall rule, the Rule Summary screen

ZyWALL 2 Series User’s Guide 11-18 Firewall Screens 11.8 Predefined Services The Available Services list box in the Rule Config(uration) screen (see

ZyWALL 2 Series User’s Guide Firewall Screens 11-19Table 11-5 Predefined Services SERVICE DESCRIPTION IPSEC_TUNNEL(ESP:0) The IPSEC ESP (Encapsula

ZyWALL 2 Series User’s Guide 11-20 Firewall Screens Table 11-5 Predefined Services SERVICE DESCRIPTION SMTP(TCP:25) Simple Mail Transfer Protocol

ZyWALL 2 Series User’s Guide Firewall Screens 11-2111.9.1 Threshold Values Tune these parameters when something is not working and after you have che

ZyWALL 2 Series User’s Guide 11-22 Firewall Screens Whenever the number of half-open sessions with the same destination host address rises above a th

ZyWALL 2 Series User’s Guide Firewall Screens 11-23Table 11-6 Attack Alert LABEL DESCRIPTION DEFAULT VALUES Generate alert when attack detected A d

ZyWALL 2 Series User’s Guide xviii List of Figures Figure 17-21 SNMP Management Model...

ZyWALL 2 Series User’s Guide 11-24 Firewall Screens Table 11-6 Attack Alert LABEL DESCRIPTION DEFAULT VALUES Maximum Incomplete High This is the num

ZyWALL 2 Series User’s Guide Content Filtering Screens 12-1Chapter 12 Content Filtering Screens This chapter provides a brief overview of content fil

ZyWALL 2 Series User’s Guide 12-2 Content Filtering Screens Figure 12-1 Content Filter : General The following table describes the labels in thi

ZyWALL 2 Series User’s Guide Content Filtering Screens 12-3Table 12-1 Content Filter : General LABEL DESCRIPTION Enable Content Filter Select this c

ZyWALL 2 Series User’s Guide 12-4 Content Filtering Screens Table 12-1 Content Filter : General LABEL DESCRIPTION Exclude specified address range

ZyWALL 2 Series User’s Guide Content Filtering Screens 12-5Step 1. A computer sends an HTTP request to a web server. Step 2. The ZyWALL looks up th

ZyWALL 2 Series User’s Guide 12-6 Content Filtering Screens Figure 12-3 Content Filter : Categories

ZyWALL 2 Series User’s Guide Content Filtering Screens 12-7The following table describes the labels in this screen. Table 12-2 Content Filter : Categ

ZyWALL 2 Series User’s Guide 12-8 Content Filtering Screens Table 12-2 Content Filter : Categories LABEL DESCRIPTION Select Categories Select All

ZyWALL 2 Series User’s Guide Content Filtering Screens 12-9Table 12-2 Content Filter : Categories LABEL DESCRIPTION Gambling Selecting this category

ZyWALL 2 Series User’s Guide List of Figures xix Figure 23-9 Menu 11.5: Dial Backup Remote Node Filter ...

ZyWALL 2 Series User’s Guide 12-10 Content Filtering Screens Table 12-2 Content Filter : Categories LABEL DESCRIPTION Education Selecting this c

ZyWALL 2 Series User’s Guide Content Filtering Screens 12-11Table 12-2 Content Filter : Categories LABEL DESCRIPTION Computers/Internet Selecting th

ZyWALL 2 Series User’s Guide 12-12 Content Filtering Screens Table 12-2 Content Filter : Categories LABEL DESCRIPTION Shopping Selecting this ca

ZyWALL 2 Series User’s Guide Content Filtering Screens 12-13Table 12-2 Content Filter : Categories LABEL DESCRIPTION Software Downloads Selecting th

ZyWALL 2 Series User’s Guide 12-14 Content Filtering Screens Table 12-2 Content Filter : Categories LABEL DESCRIPTION Register Click Register to

ZyWALL 2 Series User’s Guide Content Filtering Screens 12-15 Figure 12-4 Content Filter : Customization

ZyWALL 2 Series User’s Guide 12-16 Content Filtering Screens The following table describes the labels in this screen. Table 12-3 Content Filter :

ZyWALL 2 Series User’s Guide Content Filtering Screens 12-17Table 12-3 Content Filter : Customization LABEL DESCRIPTION Delete Select a web site nam

VPN/IPSec VI Part VI: VPN/IPSec This part provides information on how to configure VPN/IPSec.

ZyWALL 2 Series User’s Guide ii Copyright Copyright Copyright © 2004 by ZyXEL Communications Corporation. The contents of this publication may not be

ZyWALL 2 Series User’s Guide xx List of Figures Figure 28-20 Example 4: Menu 15.1.1.1: Address Mapping Rule ...

ZyWALL 2 Series User’s Guide Introduction to IPSec 13-1 Chapter 13 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 13.1 VPN

ZyWALL 2 Series User’s Guide 13-2 Introduction to IPSec Figure 13-1 Encryption and Decryption  Data Confidentiality The IPSec sender can encrypt

ZyWALL 2 Series User’s Guide Introduction to IPSec 13-3 13.2 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 13-2 IP

ZyWALL 2 Series User’s Guide 13-4 Introduction to IPSec 13.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel

ZyWALL 2 Series User’s Guide Introduction to IPSec 13-5 13.4 IPSec and NAT Read this section if you are running IPSec on a host computer behind th

ZyWALL 2 Series User’s Guide VPN Screens 14-1 Chapter 14 VPN Screens This chapter introduces the VPN Web configurator. See the Logs chapter for inf

ZyWALL 2 Series User’s Guide 14-2 VPN Screens Table 14-1 AH and ESP ESP AH DES (default) Data Encryption Standard (DES) is a widely used method of d

ZyWALL 2 Series User’s Guide VPN Screens 14-3 You can also enter a remote secure gateway’s domain name in the Secure Gateway Address field if the rem

ZyWALL 2 Series User’s Guide List of Figures xxi Figure 33-12 Successful Restoration Confirmation Screen ...

ZyWALL 2 Series User’s Guide 14-4 VPN Screens Figure 14-2 VPN Rules The following table describes the fields in this screen. Table 14-2 VPN Rules L

ZyWALL 2 Series User’s Guide VPN Screens 14-5 Table 14-2 VPN Rules LABEL DESCRIPTION Remote IP Address This is the IP address(es) of computer(s) on t

ZyWALL 2 Series User’s Guide 14-6 VPN Screens When there is outbound traffic with no inbound traffic, the ZyWALL automatically drops the tunnel afte

ZyWALL 2 Series User’s Guide VPN Screens 14-7 14.7.2 X-Auth (Extended Authentication) Extended authentication provides added security by allowing you

ZyWALL 2 Series User’s Guide 14-8 VPN Screens If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addr

ZyWALL 2 Series User’s Guide VPN Screens 14-9 Table 14-4 Peer ID Type and Content Fields PEER ID TYPE= CONTENT= IP Type the IP address of the compu

ZyWALL 2 Series User’s Guide 14-10 VPN Screens Table 14-6 Mismatching ID Type and Content Configuration Example ZYWALL A ZYWALL B Peer ID type: E-m

ZyWALL 2 Series User’s Guide VPN Screens 14-11 Figure 14-6 Site-to-Site VPN Example 14.11 Configuring Basic IKE VPN Rule Setup Select one of the VPN

ZyWALL 2 Series User’s Guide 14-12 VPN Screens Figure 14-7 Basic IKE VPN Rule Edit

ZyWALL 2 Series User’s Guide VPN Screens 14-13 The following table describes the fields in this screen. Table 14-7 Basic IKE VPN Rule Edit LABEL DE

ZyWALL 2 Series User’s Guide xxii List of Tables List of Tables Table 1-1 Model Specific Features ...

ZyWALL 2 Series User’s Guide 14-14 VPN Screens Table 14-7 Basic IKE VPN Rule Edit LABEL DESCRIPTION Server Mode Select Server Mode to have this Zy

ZyWALL 2 Series User’s Guide VPN Screens 14-15 Table 14-7 Basic IKE VPN Rule Edit LABEL DESCRIPTION Local IP Address Enter a static local IP addre

ZyWALL 2 Series User’s Guide 14-16 VPN Screens Table 14-7 Basic IKE VPN Rule Edit LABEL DESCRIPTION Ending IP Address/ Subnet Mask When the Addres

ZyWALL 2 Series User’s Guide VPN Screens 14-17 Table 14-7 Basic IKE VPN Rule Edit LABEL DESCRIPTION Local ID Type Select IP to identify this ZyWALL

ZyWALL 2 Series User’s Guide 14-18 VPN Screens Table 14-7 Basic IKE VPN Rule Edit LABEL DESCRIPTION Peer ID Type Select from the following when yo

ZyWALL 2 Series User’s Guide VPN Screens 14-19 Table 14-7 Basic IKE VPN Rule Edit LABEL DESCRIPTION Content The configuration of the peer content d

ZyWALL 2 Series User’s Guide 14-20 VPN Screens Table 14-7 Basic IKE VPN Rule Edit LABEL DESCRIPTION My IP Address Enter the WAN IP address of you

ZyWALL 2 Series User’s Guide VPN Screens 14-21 Table 14-7 Basic IKE VPN Rule Edit LABEL DESCRIPTION Encryption Algorithm Select DES, 3DES, AES or N

ZyWALL 2 Series User’s Guide 14-22 VPN Screens Figure 14-8 Two Phases to Set Up the IPSec SA In phase 1 you must:  Choose a negotiation mode.  A

ZyWALL 2 Series User’s Guide VPN Screens 14-23 IPSec SA lifetime period expires. The ZyWALL also automatically renegotiates the IPSec SA if both IPSe

ZyWALL 2 Series User’s Guide List of Tables xxiii Table 10-2 ICMP Commands That Trigger Alerts ...

ZyWALL 2 Series User’s Guide 14-24 VPN Screens 14.12.5 Perfect Forward Secrecy (PFS) Enabling PFS means that the key is transient. The key is throw

ZyWALL 2 Series User’s Guide VPN Screens 14-25 Figure 14-9 Advanced IKE VPN Rule Setup The following table describes the fields in this screen. Tabl

ZyWALL 2 Series User’s Guide 14-26 VPN Screens Table 14-8 Advanced IKE VPN Rule Setup LABEL DESCRIPTION Enable Replay Detection As a VPN setup is p

ZyWALL 2 Series User’s Guide VPN Screens 14-27 Table 14-8 Advanced IKE VPN Rule Setup LABEL DESCRIPTION Authentication Algorithm Select SHA1 or MD5

ZyWALL 2 Series User’s Guide 14-28 VPN Screens Table 14-8 Advanced IKE VPN Rule Setup LABEL DESCRIPTION SA Life Time (seconds) Define the length of

ZyWALL 2 Series User’s Guide VPN Screens 14-29 Select Manual Key (or Manual) in the Key Management (or IPSec Keying Mode) field to display the manual

ZyWALL 2 Series User’s Guide 14-30 VPN Screens The following table describes the labels in this screen. Table 14-9 VPN Manual Setup LABEL DESCRIPTIO

ZyWALL 2 Series User’s Guide VPN Screens 14-31 Table 14-9 VPN Manual Setup LABEL DESCRIPTION Remote: Remote IP addresses must be static and correspo

ZyWALL 2 Series User’s Guide 14-32 VPN Screens Table 14-9 VPN Manual Setup LABEL DESCRIPTION Secure Gateway Addr Type the WAN IP address or the URL

ZyWALL 2 Series User’s Guide VPN Screens 14-33 Table 14-9 VPN Manual Setup LABEL DESCRIPTION Authentication Key Type a unique authentication key to b

ZyWALL 2 Series User’s Guide xxiv List of Tables Table 16-2 RADIUS ...

ZyWALL 2 Series User’s Guide 14-34 VPN Screens The following table describes the fields in this screen. Table 14-10 VPN SA Monitor LABEL DESCRIPTIO

ZyWALL 2 Series User’s Guide VPN Screens 14-35 Table 14-11 VPN Global Setting LABEL DESCRIPTION Windows Networking (NetBIOS over TCP/IP) NetBIOS (N

ZyWALL 2 Series User’s Guide 14-36 VPN Screens Figure 14-13 Telecommuters Sharing One VPN Rule Example Table 14-12 Telecommuters Sharing One VPN Ru

ZyWALL 2 Series User’s Guide VPN Screens 14-37 See the following table and figure for an example where three telecommuters each use a different VPN r

ZyWALL 2 Series User’s Guide 14-38 VPN Screens Table 14-13 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS Local IP Address:

VPN/IPSec VII Part VII: Certificates This part provides information and configuration instructions for public-key certificates.

ZyWALL 2 Series User’s Guide Certificates 15-1 Chapter 15 Certificates This chapter gives background information about public-key certificate

ZyWALL 2 Series User’s Guide 15-2 Certificates Certification authorities maintain directory servers with databases of valid and revoked certificates.

ZyWALL 2 Series User’s Guide Certificates 15-3 15.4 My Certificates Click CERTIFICATES, My Certificates to open the ZyWALL’s summary list of c

ZyWALL 2 Series User’s Guide List of Tables xxv Table 26-1 Menu 11.1: Remote Node Profile for Ethernet Encapsulation...

ZyWALL 2 Series User’s Guide 15-4 Certificates Table 15-1 My Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage

ZyWALL 2 Series User’s Guide Certificates 15-5 Table 15-1 My Certificates LABEL DESCRIPTION Details Select the radio button next to a certific

ZyWALL 2 Series User’s Guide 15-6 Certificates 15.6 Importing a Certificate Click CERTIFICATES, My Certificates and then Import to open the My Certi

ZyWALL 2 Series User’s Guide Certificates 15-7 Table 15-2 My Certificate Import LABEL DESCRIPTION Apply Click Apply to save the certificate o

ZyWALL 2 Series User’s Guide 15-8 Certificates The following table describes the labels in this screen. Table 15-3 My Certificate Create LABEL DESCRI

ZyWALL 2 Series User’s Guide Certificates 15-9 Table 15-3 My Certificate Create LABEL DESCRIPTION Create a certification request and enroll fo

ZyWALL 2 Series User’s Guide 15-10 Certificates After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyWALL

ZyWALL 2 Series User’s Guide Certificates 15-11 Figure 15-5 My Certificate Details

ZyWALL 2 Series User’s Guide 15-12 Certificates The following table describes the labels in this screen. Table 15-4 My Certificate Details LABEL DESC

ZyWALL 2 Series User’s Guide Certificates 15-13 Table 15-4 My Certificate Details LABEL DESCRIPTION Signature Algorithm This field displays t

ZyWALL 2 Series User’s Guide xxvi Preface Preface About This User's Manual Congratulations on your purchase of the ZyWALL 2 Internet Security Ga

ZyWALL 2 Series User’s Guide 15-14 Certificates Table 15-4 My Certificate Details LABEL DESCRIPTION Certificate in PEM (Base-64) Encoded Format This

ZyWALL 2 Series User’s Guide Certificates 15-15 Figure 15-6 Trusted CAs The following table describes the labels in this screen. Table 15-5 T

ZyWALL 2 Series User’s Guide 15-16 Certificates Table 15-5 Trusted CAs LABEL DESCRIPTION Issuer This field displays identifying information about th

ZyWALL 2 Series User’s Guide Certificates 15-17 You must remove any spaces from the certificate’s filename before you can import the certifica

ZyWALL 2 Series User’s Guide 15-18 Certificates Figure 15-8 Trusted CA Details

ZyWALL 2 Series User’s Guide Certificates 15-19 The following table describes the labels in this screen. Table 15-7 Trusted CA Details LABEL D

ZyWALL 2 Series User’s Guide 15-20 Certificates Table 15-7 Trusted CA Details LABEL DESCRIPTION Signature Algorithm This field displays the type of

ZyWALL 2 Series User’s Guide Certificates 15-21 Table 15-7 Trusted CA Details LABEL DESCRIPTION Certificate in PEM (Base-64) Encoded Format Th

ZyWALL 2 Series User’s Guide 15-22 Certificates Figure 15-9 Trusted Remote Hosts The following table describes the labels in this screen. Table 15-8

ZyWALL 2 Series User’s Guide Certificates 15-23 Table 15-8 Trusted Remote Hosts LABEL DESCRIPTION Subject This field displays identifying inf

ZyWALL 2 Series User’s Guide Preface xxvii • The version number on the title page is the latest firmware version that is documented in this User’s

ZyWALL 2 Series User’s Guide 15-24 Certificates Table 15-9 Remote Host Certificates Step 3. Double-click the certificate’s icon to open the Certifi

ZyWALL 2 Series User’s Guide Certificates 15-25 The trusted remote host certificate must be a self-signed certificate; and you must remove any

ZyWALL 2 Series User’s Guide 15-26 Certificates Figure 15-11 Trusted Remote Host Details

ZyWALL 2 Series User’s Guide Certificates 15-27 The following table describes the labels in this screen. Table 15-12 Trusted Remote Host Detai

ZyWALL 2 Series User’s Guide 15-28 Certificates Table 15-12 Trusted Remote Host Details LABEL DESCRIPTION Key Algorithm This field displays the type

ZyWALL 2 Series User’s Guide Certificates 15-29 15.16 Directory Servers Click CERTIFICATES, Directory Servers to open the Directory Servers s

ZyWALL 2 Series User’s Guide 15-30 Certificates Table 15-13 Directory Servers LABEL DESCRIPTION Port This field displays the port number that the di

ZyWALL 2 Series User’s Guide Certificates 15-31 Table 15-14 Directory Server Add LABEL DESCRIPTION Directory Service Setting Name Type up to

Remote Management and UPnP VIII Part VIII: Authentication Server, Remote Management and UPnP This part provides information and configuration ins

ZyWALL 2 Series User’s Guide Authentication Server 16-1 Chapter 16 Authentication Server This chapter discusses how to configure the authentication s

ZyWALL 2 Series User’s Guide 16-2 Authentication Server Figure 16-1 Local User Database

ZyWALL 2 Series User’s Guide Authentication Server 16-3 The following table describes the fields in this screen. Table 16-1 Local User Database LABE

ZyWALL 2 Series User’s Guide 16-4 Authentication Server Figure 16-2 RADIUS The following table describes the fields in this screen. Table 16-2 RADI

ZyWALL 2 Series User’s Guide Authentication Server 16-5 Table 16-2 RADIUS LABEL DESCRIPTION Port Number The default port of the RADIUS server for au

ZyWALL 2 Series User’s Guide Remote Management Screens 17-1 Chapter 17 Remote Management Screens This chapter provides information on the Remote Mana

ZyWALL 2 Series User’s Guide 17-2 Remote Management Screens 17.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when

ZyWALL 2 Series User’s Guide Remote Management Screens 17-3 data), authentication (one party can identify the other party) and data integrity (you kn

Getting Started I Part I: Getting Started This part helps you get to know your ZyWALL, introduces the web configurator and covers how to config

ZyWALL 2 Series User’s Guide 17-4 Remote Management Screens If you disable HTTP Server Access (Disable) in the REMOTE MGMT WWW screen, then the ZyWAL

ZyWALL 2 Series User’s Guide Remote Management Screens 17-5 Table 17-1 WWW LABEL DESCRIPTION HTTPS: This feature is not available on the ZyWALL 2WE.

ZyWALL 2 Series User’s Guide 17-6 Remote Management Screens Table 17-1 WWW LABEL DESCRIPTION Reset Click Reset to begin configuring this screen afres

ZyWALL 2 Series User’s Guide Remote Management Screens 17-7 17.4.2 Netscape Navigator Warning Messages When you attempt to access the ZyWALL HTTPS se

ZyWALL 2 Series User’s Guide 17-8 Remote Management Screens Figure 17-5 Security Certificate 2 (Netscape) 17.4.3 Avoiding the Browser Warning Messag

ZyWALL 2 Series User’s Guide Remote Management Screens 17-9 Step 2. Click CERTIFICATES. Find the certificate and check its Subject column. CN stands

ZyWALL 2 Series User’s Guide 17-10 Remote Management Screens Figure 17-6 Login Screen (Internet Explorer)

ZyWALL 2 Series User’s Guide Remote Management Screens 17-11 Figure 17-7 Login Screen (Netscape) Click Login and you then see the next screen. The f

ZyWALL 2 Series User’s Guide 17-12 Remote Management Screens Figure 17-8 Replace Certificate Click Apply in the Replace Certificate screen to create

ZyWALL 2 Series User’s Guide Remote Management Screens 17-13 Click Ignore in the Replace Certificate screen to use the common ZyWALL certificate. You

ZyWALL 2 Series User’s Guide FCC iii Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules.

ZyWALL 2 Series User’s Guide 17-14 Remote Management Screens Figure 17-11 SSH Communication Example 17.6 How SSH works The following table summari

ZyWALL 2 Series User’s Guide Remote Management Screens 17-15 17.7 SSH Implementation on the ZyWALL Your ZyWALL supports SSH version 1.5 using RSA au

ZyWALL 2 Series User’s Guide 17-16 Remote Management Screens Table 17-2 SSH LABEL DESCRIPTION Server Host Key Select the certificate whose correspon

ZyWALL 2 Series User’s Guide Remote Management Screens 17-17 Step 3. A window displays prompting you to store the host key in you computer. Click Ye

ZyWALL 2 Series User’s Guide 17-18 Remote Management Screens Step 2. Enter “ssh –1 192.168.1.1”. This command forces your computer to connect to the

ZyWALL 2 Series User’s Guide Remote Management Screens 17-19 Step 3. Use the “put” command to upload a new firmware to the ZyWALL. Figure 17-17 Se

ZyWALL 2 Series User’s Guide 17-20 Remote Management Screens 17.12 Configuring TELNET Click REMOTE MGNT to open the TELNET screen. Figure 17-19 Te

ZyWALL 2 Series User’s Guide Remote Management Screens 17-21 17.13 Configuring FTP You can upload and download the ZyWALL’s firmware and configurati

ZyWALL 2 Series User’s Guide 17-22 Remote Management Screens Table 17-4 FTP LABEL DESCRIPTION Secure Client IP Address A secure client is a “trusted”

ZyWALL 2 Series User’s Guide Remote Management Screens 17-23 Figure 17-21 SNMP Management Model An SNMP managed network consists of two main types o

ZyWALL 2 Series User’s Guide Getting to Know Your ZyWALL 1-1Chapter 1 Getting to Know Your ZyWALL This chapter introduces the main features and ap

ZyWALL 2 Series User’s Guide 17-24 Remote Management Screens • Get - Allows the manager to retrieve an object variable from the agent. • GetNext -

ZyWALL 2 Series User’s Guide Remote Management Screens 17-25 17.14.3 REMOTE MANAGEMENT: SNMP To change your ZyWALL’s SNMP settings, click REMOTE MGN

ZyWALL 2 Series User’s Guide 17-26 Remote Management Screens Table 17-6 SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Communi

ZyWALL 2 Series User’s Guide Remote Management Screens 17-27 To change your ZyWALL’s DNS settings, click REMOTE MGNT, then the DNS tab. The screen ap

ZyWALL 2 Series User’s Guide 17-28 Remote Management Screens 17.16 Configuring Security To change your ZyWALL’s Security settings, click REMOTE MGNT

ZyWALL 2 Series User’s Guide Remote Management Screens 17-29 Table 17-8 Security LABEL DESCRIPTION Respond to Ping on The ZyWALL will not respond to

ZyWALL 2 Series User’s Guide UPnP 18-1 Chapter 18 UPnP This chapter introduces the Universal Plug and Play feature. 18.1 Universal Plug and Play Ov

ZyWALL 2 Series User’s Guide 18-2 UPnP 18.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own service

ZyWALL 2 Series User’s Guide UPnP 18-3 Figure 18-1 Configuring UPnP The following table describes the fields in this screen. Table 18-1 Configuring

ZyWALL 2 Series User’s Guide 1-2 Getting to Know Your ZyWALL 1.2.1 Physical Features 4-Port Switch A combination of switch and router makes your Zy

ZyWALL 2 Series User’s Guide 18-4 UPnP Table 18-1 Configuring UPnP FIELD DESCRIPTION Reset Click Reset to begin configuring this screen afresh 18.

ZyWALL 2 Series User’s Guide UPnP 18-5 Table 18-2 UPnP Ports LABEL DESCRIPTION # This is the index number of the UPnP-created NAT mapping rule ent

ZyWALL 2 Series User’s Guide 18-6 UPnP 18.5.1 Installing UPnP in Windows Me Follow the steps below to install UPnP in Windows Me. Click Start and Co

ZyWALL 2 Series User’s Guide UPnP 18-7 Step 1. Click Start and Control Panel. Step 2. Double-click Network Connections. Step 3. In the Network Co

ZyWALL 2 Series User’s Guide 18-8 UPnP 18.6 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You m

ZyWALL 2 Series User’s Guide UPnP 18-9 Step 4. You may edit or delete the port mappings or click Add to manually add port mappings. When the UPnP-

ZyWALL 2 Series User’s Guide 18-10 UPnP 18.6.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator without first findin

Logs IX Part IX: Logs This part provides information and instructions for the logs and reports.

ZyWALL 2 Series User’s Guide Log Screens 19-1 Chapter 19 Logs Screens This chapter contains information about configuring general log settings and vi

ZyWALL 2 Series User’s Guide Getting to Know Your ZyWALL 1-3The ZyWALL supports two simultaneous VPN connections. X-Auth (Extended Authentication)

ZyWALL 2 Series User’s Guide 19-2 Log Screens Figure 19-1 View Log The following table describes the labels in this screen. Table 19-1 View Log LABE

ZyWALL 2 Series User’s Guide Log Screens 19-3 Table 19-1 View Log LABEL DESCRIPTION Note This field displays additional information about the log en

ZyWALL 2 Series User’s Guide 19-4 Log Screens Figure 19-2 Log Settings

ZyWALL 2 Series User’s Guide Log Screens 19-5 The following table describes the labels in this screen. Table 19-2 Log Settings LABEL DESCRIPTION Add

ZyWALL 2 Series User’s Guide 19-6 Log Screens Table 19-2 Log Settings LABEL DESCRIPTION Time for Sending Log Enter the time of the day in 24-hour fo

ZyWALL 2 Series User’s Guide Log Screens 19-7 The ZyWALL records web site hits by counting the HTTP GET packets. Many web sites include HTTP GET refe

ZyWALL 2 Series User’s Guide 19-8 Log Screens Table 19-3 Reports LABEL DESCRIPTION Refresh Click Refresh to update the report display. The report als

ZyWALL 2 Series User’s Guide Log Screens 19-9 Table 19-4 Web Site Hits Report LABEL DESCRIPTION Web Site This column lists the domain names of the w

ZyWALL 2 Series User’s Guide 19-10 Log Screens Table 19-5 Protocol/ Port Report LABEL DESCRIPTION Protocol/Port This column lists the protocols or s

ZyWALL 2 Series User’s Guide Log Screens 19-11 The following table describes the labels in this screen. Table 19-6 LAN IP Address Report LABEL DESCRI

ZyWALL 2 Series User’s Guide 1-4 Getting to Know Your ZyWALL Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the ZyWALL and othe

Maintenance X Part X: Maintenance This part covers the maintenance screens.

ZyWALL 2 Series User’s Guide Maintenance 20-1 Chapter 20 Maintenance This chapter displays system information such as firmware, port IP addresses an

ZyWALL 2 Series User’s Guide 20-2 Maintenance The following table describes the labels in this screen. Table 20-1 System Status LABEL DESCRIPTION S

ZyWALL 2 Series User’s Guide Maintenance 20-3 Figure 20-2 System Status: Show Statistics The following table describes the labels in this screen. T

ZyWALL 2 Series User’s Guide 20-4 Maintenance Table 20-2 System Status: Show Statistics LABEL DESCRIPTION Stop Click Stop to stop refreshing statis

ZyWALL 2 Series User’s Guide Maintenance 20-5 Table 20-3 DHCP Table LABEL DESCRIPTION IP Address This field displays the IP address relative to the

ZyWALL 2 Series User’s Guide 20-6 Maintenance The following table describes the fields in this screen. Figure 20-5 Firmware Upload LABEL DESCRIPTIO

ZyWALL 2 Series User’s Guide Maintenance 20-7 Figure 20-7 Network Temporarily Disconnected After two minutes, log in again and check your new firmw

ZyWALL 2 Series User’s Guide Getting to Know Your ZyWALL 1-5Central Network Management Central Network Management (CNM) allows an enterprise or ser

ZyWALL 2 Series User’s Guide 20-8 Maintenance Figure 20-9 Configuration 20.5.1 Backup Configuration Backup Configuration allows you to backup (save

ZyWALL 2 Series User’s Guide Maintenance 20-9 20.5.2 Restore Configuration Restore Configuration allows you to restore a previously saved configura

ZyWALL 2 Series User’s Guide 20-10 Maintenance If you uploaded the default configuration file you may need to change the IP address of your computer

ZyWALL 2 Series User’s Guide Maintenance 20-11 You can also press the RESET button on the rear panel to reset the factory defaults of your ZyWALL. R

SMT General Configuration XI Part XI: SMT General Configuration This part introduces the System Management Terminal and covers the General setup

ZyWALL 2 Series User’s Guide Introducing the SMT 21-1 Chapter 21 Introducing the SMT This chapter explains how to access the System Management Termin

ZyWALL 2 Series User’s Guide 21-2 Introducing the SMT 21.2.2 Entering the Password The login screen appears after you press [ENTER], prompting you to

ZyWALL 2 Series User’s Guide Introducing the SMT 21-3 Table 21-1 Main Menu Commands OPERATION KEYSTROKES DESCRIPTION Entering information Fill in, o

ZyWALL 2 Series User’s Guide 1-6 Getting to Know Your ZyWALL Management Terminal) interface. The SMT is a menu-driven interface that you can access

ZyWALL 2 Series User’s Guide 21-4 Introducing the SMT Table 21-2 Main Menu Summary NO. Menu Title FUNCTION 1 General Setup Use this menu to set u

ZyWALL 2 Series User’s Guide Introducing the SMT 21-5 Menu 3LAN SetupMenu 4Internet Access SetupMenu 12Static Routing SetupMenu 11Remote Node SetupMe

ZyWALL 2 Series User’s Guide 21-6 Introducing the SMT 21.4 Changing the System Password Change the system password by following the steps shown next

ZyWALL 2 Series User’s Guide SMT Menu 1 – General Setup 22-1 Chapter 22 SMT Menu 1 - General Setup Menu 1 - General Setup contains administrative an

ZyWALL 2 Series User’s Guide 22-2 SMT Menu 1 – General Setup Table 22-1 Menu 1: General Setup FIELD DESCRIPTION EXAMPLE Domain Name Enter the do

ZyWALL 2 Series User’s Guide SMT Menu 1 – General Setup 22-3 Figure 22-2 Configure Dynamic DNS Follow the instructions in the next table to

ZyWALL 2 Series User’s Guide 22-4 SMT Menu 1 – General Setup Table 22-2 Configure Dynamic DNS FIELD DESCRIPTION EXAMPLE Offline This field is on

ZyWALL 2 Series User’s Guide WAN and Dial Backup Setup 23-1 Chapter 23 WAN and Dial Backup Setup This chapter describes how to configure the WAN us

ZyWALL 2 Series User’s Guide 23-2 WAN and Dial Backup Setup Table 23-1 MAC Address Cloning in WAN Setup FIELD DESCRIPTION EXAMPLE IP Address This f

ZyWALL 2 Series User’s Guide WAN and Dial Backup Setup 23-3 The following table describes the fields in this menu. Table 23-2 Menu 2: Dial Backup Set

ZyWALL 2 Series User’s Guide Getting to Know Your ZyWALL 1-71.3.2 Secure Broadband Internet Access and VPN You can connect a cable, DSL or wirele

ZyWALL 2 Series User’s Guide 23-4 WAN and Dial Backup Setup Figure 23-3 Menu 2.1 Advanced WAN Setup The following table describes fields in t

ZyWALL 2 Series User’s Guide WAN and Dial Backup Setup 23-5 Table 23-4 Advanced WAN Port Setup: Call Control Parameters FIELD DESCRIPTION DEFAULT

ZyWALL 2 Series User’s Guide 23-6 WAN and Dial Backup Setup Figure 23-4 Menu 11.1 Remote Node Profile (Backup ISP) The following table desc

ZyWALL 2 Series User’s Guide WAN and Dial Backup Setup 23-7 Table 23-5 Menu 11.1 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Pri Pho

ZyWALL 2 Series User’s Guide 23-8 WAN and Dial Backup Setup Table 23-5 Menu 11.1 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Idle Ti

ZyWALL 2 Series User’s Guide WAN and Dial Backup Setup 23-9 23.7 Editing TCP/IP Options Move the cursor to the Edit IP field in menu 11.1, then pres

ZyWALL 2 Series User’s Guide 23-10 WAN and Dial Backup Setup Table 23-6 Menu 11.3: Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Netw

ZyWALL 2 Series User’s Guide WAN and Dial Backup Setup 23-11 23.8 Editing Login Script For some remote gateways, text login is required before PPP ne

ZyWALL 2 Series User’s Guide 23-12 WAN and Dial Backup Setup Figure 23-8 Menu 11.4: Remote Node Script The following table describes the fi

ZyWALL 2 Series User’s Guide WAN and Dial Backup Setup 23-13 Figure 23-9 Menu 11.5: Dial Backup Remote Node Filter Menu 11.5 - Remote Node F

ZyWALL 2 Series User’s Guide LAN Setup 24-1 Chapter 24 LAN Setup This chapter describes how to configure the LAN using Menu 3: LAN Setup. 24.1 In

ZyWALL 2 Series User’s Guide 24-2 LAN Setup Figure 24-2 Menu 3.1: LAN Port Filter Setup 24.4 TCP/IP and DHCP Ethernet Setup Menu From the ma

ZyWALL 2 Series User’s Guide LAN Setup 24-3 Figure 24-4 Menu 3.2: TCP/IP and DHCP Ethernet Setup Follow the instructions in the next table

ZyWALL 2 Series User’s Guide 24-4 LAN Setup Table 24-2 LAN TCP/IP Setup Menu Fields FIELD DESCRIPTION EXAMPLE TCP/IP Setup: IP Address Enter t

ZyWALL 2 Series User’s Guide LAN Setup 24-5 Figure 24-5 Physical Network Figure 24-6 Partitioned Logical Network You must u

ZyWALL 2 Series User’s Guide 24-6 LAN Setup Table 24-3 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION DEFAULT IP Address Enter the IP address of y

ZyWALL 2 Series User’s Guide LAN Setup 24-7 Figure 24-8 Menu 3.5: Wireless LAN Setup The settings of all client stations on the wireless LAN must m

ZyWALL 2 Series User’s Guide 24-8 LAN Setup Table 24-4 Menu 3.5: Wireless LAN Setup FIELD DESCRIPTION EXAMPLE Frag. Threshold The threshold (number

ZyWALL 2 Series User’s Guide LAN Setup 24-9 Step 3. In the Edit MAC Address Filter field, press [SPACE BAR] to select Yes and press [ENTER]. Menu

ZyWALL 2 Series User’s Guide Introducing the Web Configurator 2-1 Chapter 2 Introducing the Web Configurator This chapter describes how to acces

ZyWALL 2 Series User’s Guide Internet Access 25-1 Chapter 25 Internet Access This chapter shows you how to configure your ZyWALL for Internet access.

ZyWALL 2 Series User’s Guide 25-2 Internet Access Table 25-1 Menu 4: Internet Access Setup (Ethernet) FIELD DESCRIPTION Encapsulation Press [SPACE

ZyWALL 2 Series User’s Guide Internet Access 25-3 25.3 PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables

ZyWALL 2 Series User’s Guide 25-4 Internet Access Table 25-2 New Fields in Menu 4 (PPTP) Screen FIELD DESCRIPTION EXAMPLE Encapsulation Press [SPAC

ZyWALL 2 Series User’s Guide Internet Access 25-5 Figure 25-3 Internet Access Setup (PPPoE) The following table contains instructions about

SMT Advanced Applications XII Part XII: SMT Advanced Applications This part covers setting up remote nodes, IP static routes and Network Address

ZyWALL 2 Series User’s Guide Remote Node Setup 26-1 Chapter 26 Remote Node Setup This chapter shows you how to configure a remote node. 26.1 Intro

ZyWALL 2 Series User’s Guide iv Information for Canadian Users Information for Canadian Users The Industry Canada label identifies certified equipm

ZyWALL 2 Series User’s Guide 2-2 Introducing the Web Configurator Step 6. Click Apply in the Replace Certificate screen to create a certificate us

ZyWALL 2 Series User’s Guide 26-2 Remote Node Setup Figure 26-1Menu 11.1: Remote Node Profile for Ethernet Encapsulation The following table

ZyWALL 2 Series User’s Guide Remote Node Setup 26-3 Table 26-1 Menu 11.1: Remote Node Profile for Ethernet Encapsulation FIELD DESCRIPTION EXAMPL

ZyWALL 2 Series User’s Guide 26-4 Remote Node Setup Encapsulation to PPPoE, then you will see the next screen. Please see the appendix for more info

ZyWALL 2 Series User’s Guide Remote Node Setup 26-5 Do not specify a nailed-up connection unless your telephone company offers flat-rate service or

ZyWALL 2 Series User’s Guide 26-6 Remote Node Setup 26.2.3 PPTP Encapsulation If you change the Encapsulation to PPTP in menu 11.1, then you will se

ZyWALL 2 Series User’s Guide Remote Node Setup 26-7 26.3 Edit IP Move the cursor to the Edit IP field in menu 11.1, then press [SPACE BAR] to sel

ZyWALL 2 Series User’s Guide 26-8 Remote Node Setup Table 26-4 Remote Node Network Layer Options Menu Fields FIELD DESCRIPTION EXAMPLE My WAN Addr

ZyWALL 2 Series User’s Guide Remote Node Setup 26-9 Table 26-4 Remote Node Network Layer Options Menu Fields FIELD DESCRIPTION EXAMPLE Multicast

ZyWALL 2 Series User’s Guide 26-10 Remote Node Setup Figure 26-6 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) 26.5 Traffic Redi

ZyWALL 2 Series User’s Guide Remote Node Setup 26-11 Table 26-5 Menu 11.1: Remote Node Profile (Traffic Redirect Field) FIELD DESCRIPTION EXAMPLE

ZyWALL 2 Series User’s Guide Introducing the Web Configurator 2-3 2.3.2 Uploading a Configuration File Via Console Port Step 3. Download the defa

ZyWALL 2 Series User’s Guide 26-12 Remote Node Setup Table 26-6 Menu 11.6: Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE Active Press [SPACE BA

ZyWALL 2 Series User’s Guide Remote Node Setup 26-13 Table 26-6 Menu 11.6: Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE When you have complet

ZyWALL 2 Series User’s Guide IP Static Route Setup 27-1 Chapter 27 IP Static Route Setup This chapter shows you how to configure static rout

ZyWALL 2 Series User’s Guide 27-2 IP Static Route Setup Figure 27-2 Menu 12. 1: Edit IP Static Route `The following table describes the IP Stat

ZyWALL 2 Series User’s Guide NAT 28-1 Chapter 28 Network Address Translation (NAT) This chapter discusses how to configure NAT on the ZyWALL. 28.

ZyWALL 2 Series User’s Guide 28-2 NAT Figure 28-1 Menu 4: Applying NAT for Internet Access The following figure shows how you apply NAT to th

ZyWALL 2 Series User’s Guide NAT 28-3 Table 28-1 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION OPTIONS When you select this option the

ZyWALL 2 Series User’s Guide 28-4 NAT Configure LAN IP addresses in NAT menus 15.1 and 15.2. 28.2.1 Address Mapping Sets Enter 1 to bring up Menu 1

ZyWALL 2 Series User’s Guide NAT 28-5 Table 28-2 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE Set Name This is the name of the set you s

ZyWALL 2 Series User’s Guide 2-4 Introducing the Web Configurator Follow the instructions you see in the MAIN MENU screen or click the icon (loca

ZyWALL 2 Series User’s Guide 28-6 NAT Figure 28-6 Menu 15.1.1: First Set The Type, Local and Global Start/End IPs are configured in menu 15.

ZyWALL 2 Series User’s Guide NAT 28-7 Table 28-3 Fields in Menu 15.1.1 FIELD DESCRIPTION EXAMPLE Set Name Enter a name for this set of rules. T

ZyWALL 2 Series User’s Guide 28-8 NAT The following table describes the fields in this screen. Table 28-4 Menu 15.1.1.1: Editing/Configuring an Indiv

ZyWALL 2 Series User’s Guide NAT 28-9 Step 5. Press [ENTER] at the “Press ENTER to confirm …” prompt to save your configuration after you define

ZyWALL 2 Series User’s Guide 28-10 NAT 28.4.1 Internet Access Only In the following Internet access example, you only need one rule where all your IL

ZyWALL 2 Series User’s Guide NAT 28-11 28.4.2 Example 2: Internet Access with an Inside Server Figure 28-12 NAT Example 2 In this case, you do ex

ZyWALL 2 Series User’s Guide 28-12 NAT other LAN traffic to the remaining IGA. Map the third IGA to an inside web server and mail server. Four rules

ZyWALL 2 Series User’s Guide NAT 28-13 Step 5. Select Type as One-to-One (direct mapping for packets going both ways), and enter the local Start

ZyWALL 2 Series User’s Guide 28-14 NAT Figure 28-17 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail se

ZyWALL 2 Series User’s Guide NAT 28-15 28.4.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TC

ZyWALL 2 Series User’s Guide Introducing the Web Configurator 2-5 Table 2-1 Web Configurator Screens Summary LINK TAB FUNCTION General Use this

ZyWALL 2 Series User’s Guide 28-16 NAT Figure 28-20 Example 4: Menu 15.1.1.1: Address Mapping Rule After you’ve configured your rule, you shoul

ZyWALL 2 Series User’s Guide NAT 28-17 LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with a

ZyWALL 2 Series User’s Guide 28-18 NAT 5. Only A can connect to the Real Audio server until the connection is closed or times out. The ZyWALL times o

ZyWALL 2 Series User’s Guide NAT 28-19 Table 28-5 Menu 15.3: Trigger Port Setup FIELD DESCRIPTION EXAMPLE Rule This is the rule index number.

ZyWALL 2 Series User’s Guide Introducing the Firewall 29-1 Chapter 29 Introducing the Firewall This chapter shows you how to get started with the fi

ZyWALL 2 Series User’s Guide 29-2 Introducing the Firewall Figure 29-2 Menu 21.2: Firewall Setup Configure the firewall rules using the we

ZyWALL 2 Series User’s Guide Filter Configuration 30-1 Chapter 30 Filter Configuration This chapter shows you how to create and apply filters. 30.1

ZyWALL 2 Series User’s Guide 30-2 Filter Configuration Figure 30-1 Outgoing Packet Filtering Process For incoming packets, your ZyWALL applies data f

ZyWALL 2 Series User’s Guide Filter Configuration 30-3 StartFetch FirstFilter SetFetch FirstFilter RuleActive?ExecuteFilter RuleFetch NextFilter Rul

ZyWALL 2 Series User’s Guide 2-6 Introducing the Web Configurator Table 2-1 Web Configurator Screens Summary LINK TAB FUNCTION General This scre

ZyWALL 2 Series User’s Guide 30-4 Filter Configuration You can apply up to four filter sets to a particular port to block multiple types of packets.

ZyWALL 2 Series User’s Guide Filter Configuration 30-5 Step 4. Enter a descriptive name or comment in the Edit Comments field and press [ENTER]. St

ZyWALL 2 Series User’s Guide 30-6 Filter Configuration Table 30-2 Rule Abbreviations Used ABBREVIATION DESCRIPTION IP Pr Protocol SA Source Address

ZyWALL 2 Series User’s Guide Filter Configuration 30-7 To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [EN

ZyWALL 2 Series User’s Guide 30-8 Filter Configuration Table 30-3 TCP/IP Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Port # Enter the destinat

ZyWALL 2 Series User’s Guide Filter Configuration 30-9 Table 30-3 TCP/IP Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Log Press [SPACE BAR] an

ZyWALL 2 Series User’s Guide 30-10 Filter Configuration Packetinto IP FilterMatchedMatchedYesAction MatchedAction Not MatchedMore?NoFilter Active?Chec

ZyWALL 2 Series User’s Guide Filter Configuration 30-11 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic

ZyWALL 2 Series User’s Guide 30-12 Filter Configuration Table 30-4 Menu 21.1.1.1: Generic Filter Rule FIELD DESCRIPTION OPTIONS Filter Type Use [SPAC

ZyWALL 2 Series User’s Guide Filter Configuration 30-13 30.3 Example Filter Let’s look at an example to block outside users from accessing the ZyWAL

ZyWALL 2 Series User’s Guide Introducing the Web Configurator 2-7 Table 2-1 Web Configurator Screens Summary LINK TAB FUNCTION SNMP Use this scr

ZyWALL 2 Series User’s Guide 30-14 Filter Configuration Figure 30-9 Example Filter: Menu 21.1.3.1 When you press [ENTER] to confirm, you will see the

ZyWALL 2 Series User’s Guide Filter Configuration 30-15 Figure 30-10 Example Filter Rules Summary: Menu 21.1.3 After you’ve created the

ZyWALL 2 Series User’s Guide 30-16 Filter Configuration 30.4 Filter Types and NAT There are two classes of filter rules, Generic Filter (Device) rule

ZyWALL 2 Series User’s Guide Filter Configuration 30-17 30.6 Applying a Filter This section shows you where to apply the filter(s) after you desig

ZyWALL 2 Series User’s Guide 30-18 Filter Configuration Figure 30-13 Filtering Remote Node Traffic Menu 11.5 – Remote Node Filter Setup Input

ZyWALL 2 Series User’s Guide SNMP Configuration 31-1 Chapter 31 SNMP Configuration This chapter explains SNMP configuration menu 22. 31.1 SNMP Confi

ZyWALL 2 Series User’s Guide 31-2 SNMP Configuration Table 31-1 Menu 22: SNMP Configuration FIELD DESCRIPTION EXAMPLE Trap Community Type the Trap

SMT System Maintenance XIII Part XIII: SMT System Maintenance This part covers system information and diagnosis, firmware and configuration file

ZyWALL 2 Series User’s Guide System Information and Diagnosis 32-1 Chapter 32 System Information & Diagnosis This chapter covers SMT menus 24.1

ZyWALL 2 Series User’s Guide 32-2 System Information and Diagnosis monitor your ZyWALL. Specifically, it gives you information on your system firmwa

ZyWALL 2 Series User’s Guide System Information and Diagnosis 32-3 Table 32-1 System Maintenance: Status Menu Fields FIELD DESCRIPTION Status Shows

ZyWALL 2 Series User’s Guide 32-4 System Information and Diagnosis Step 2. Enter 2 to open Menu 24.2 - System Information and Console Port Speed.

ZyWALL 2 Series User’s Guide System Information and Diagnosis 32-5 Table 32-2 Fields in System Maintenance: Information FIELD DESCRIPTION ZyNOS F/W

ZyWALL 2 Series User’s Guide 32-6 System Information and Diagnosis Figure 32-6 Menu 24.3: System Maintenance: Log and Trace 32.4.1 UNIX Syslog The

ZyWALL 2 Series User’s Guide System Information and Diagnosis 32-7 Table 32-3 System Maintenance Menu Syslog Parameters PARAMETER DESCRIPTION Log Fa

ZyWALL 2 Series User’s Guide 32-8 System Information and Diagnosis Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String

ZyWALL 2 Series User’s Guide System Information and Diagnosis 32-9 32.4.2 Call-Triggering Packet Call-Triggering Packet displays information about t

ZyWALL 2 Series User’s Guide 32-10 System Information and Diagnosis Follow the procedure below to get to Menu 24.4 - System Maintenance – Diagnostic

ZyWALL 2 Series User’s Guide System Information and Diagnosis 32-11 Figure 32-10 WAN & LAN DHCP The following table describes the diagnostic te

ZyWALL 2 Series User’s Guide Wizard Setup 3-1 Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web confi

ZyWALL 2 User’s Guide Firmware and Configuration File Maintenance 33-1 Chapter 33 Firmware and Configuration File Maintenance This chapter tells you

ZyWALL 2 User’s Guide 33-2 Firmware and Configuration File Maintenance ftp> get rom-0 config.cfg This is a sample FTP session saving the current

ZyWALL 2 User’s Guide Firmware and Configuration File Maintenance 33-3 preferred method for backing up your current configuration to your computer si

ZyWALL 2 User’s Guide 33-4 Firmware and Configuration File Maintenance Step 6. Use “get” to transfer files from the ZyWALL to the computer, for exam

ZyWALL 2 User’s Guide Firmware and Configuration File Maintenance 33-5 33.3.5 File Maintenance Over WAN TFTP, FTP and Telnet over the WAN will not wo

ZyWALL 2 User’s Guide 33-6 Firmware and Configuration File Maintenance TFTP client program. For UNIX, use “get” to transfer from the ZyWALL to the co

ZyWALL 2 User’s Guide Firmware and Configuration File Maintenance 33-7 Step 1. Display menu 24.5 and enter “y” at the following screen. Figure 33-3

ZyWALL 2 User’s Guide 33-8 Firmware and Configuration File Maintenance 33.4 Restore Configuration This section shows you how to restore a previously

ZyWALL 2 User’s Guide Firmware and Configuration File Maintenance 33-9 Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, follo

ZyWALL 2 Series User’s Guide 3-2 Wizard Setup Figure 3-1 Wizard 1 3.3 Internet Access The ZyWALL offers three choices of encapsulation. They are E

ZyWALL 2 User’s Guide 33-10 Firmware and Configuration File Maintenance Step 1. Display menu 24.6 and enter “y” at the following screen. Figure 33-9

ZyWALL 2 User’s Guide Firmware and Configuration File Maintenance 33-11 33.5 Uploading Firmware and Configuration Files This section shows you how t

ZyWALL 2 User’s Guide 33-12 Firmware and Configuration File Maintenance 33.5.2 Configuration File Upload You see the following screen when you telnet

ZyWALL 2 User’s Guide Firmware and Configuration File Maintenance 33-13 transfers the configuration file on the ZyWALL to your computer and renames i

ZyWALL 2 User’s Guide 33-14 Firmware and Configuration File Maintenance Step 3. Enter the command “sys stdio 0” to disable the console timeout, so t

ZyWALL 2 User’s Guide Firmware and Configuration File Maintenance 33-15 33.5.8 Uploading Firmware File Via Console Port Step 1. Select 1 from Menu 2

ZyWALL 2 User’s Guide 33-16 Firmware and Configuration File Maintenance Figure 33-17 Example Xmodem Upload After the firmware upload process has com

ZyWALL 2 User’s Guide Firmware and Configuration File Maintenance 33-17 Figure 33-18 Menu 24.7.2 As Seen Using the Console Port Step 2. After the &

ZyWALL 2 User’s Guide 33-18 Firmware and Configuration File Maintenance Figure 33-19 Example Xmodem Upload After the configuration upload process has

ZyWALL 2 User’s Guide System Maintenance & Information 34-1 Chapter 34 System Maintenance Menus 8 to 10 This chapter leads you through SMT men

ZyWALL 2 Series User’s Guide Wizard Setup 3-3 Figure 3-2 Wizard 2: Ethernet Encapsulation The following table describes the labels in this screen.

ZyWALL 2 User’s Guide 34-2 System Maintenance & Information 34.1.1 Command Syntax The command keywords are in courier new font. Enter the command

ZyWALL 2 User’s Guide System Maintenance & Information 34-3 Table 34-1 Valid Commands ether These commands display Ethernet information and con

ZyWALL 2 User’s Guide 34-4 System Maintenance & Information Figure 34-4 Budget Management The total budget is the time limit on the accumul

ZyWALL 2 User’s Guide System Maintenance & Information 34-5 Figure 34-5 Call History The following table describes the fields in this sc

ZyWALL 2 User’s Guide 34-6 System Maintenance & Information Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown next.

ZyWALL 2 User’s Guide System Maintenance & Information 34-7 Table 34-4 Menu 24.10 System Maintenance: Time and Date Setting FIELD DESCRIPTION En

ZyWALL 2 User’s Guide 34-8 System Maintenance & Information ii. When the ZyWALL starts up, if there is a timeserver configured in menu 24.10. ii

ZyWALL 2 User’s Guide Remote Management 35-1 Chapter 35 Remote Management This chapter covers remote management found in SMT menu 24.11. 35.1 Remote

ZyWALL 2 User’s Guide 35-2 Remote Management Figure 35-1 Menu 24.11 – Remote Management Control The following table describes the fields in thi

ZyWALL 2 User’s Guide Remote Management 35-3 Table 35-1 Menu 24.11 – Remote Management Control FIELD DESCRIPTION EXAMPLE Once you have filled in th

ZyWALL 2 Series User’s Guide Warranty v ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from an

ZyWALL 2 Series User’s Guide 3-4 Wizard Setup Table 3-1 Ethernet Encapsulation LABEL DESCRIPTION Login Server IP Address Type the authentication ser

SMT Advanced Management XIV Part XIV: SMT Advanced Management This part provides information on how to configure call scheduling, and VPN/IPSec

ZyWALL 2 Series User’s Guide Call Scheduling 36-1 Chapter 36 Call Scheduling Call scheduling allows you to dictate when a remote node should

ZyWALL 2 Series User’s Guide 36-2 Call Scheduling To set up a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press

ZyWALL 2 Series User’s Guide Call Scheduling 36-3 Table 36-1 Schedule Set Setup FIELD DESCRIPTION OPTIONS Day If you selected Weekly in the

ZyWALL 2 Series User’s Guide 36-4 Call Scheduling Figure 36-3 Applying Schedule Set(s) to a Remote Node (PPPoE) You can apply up to four sch

ZyWALL 2 Series User’s Guide VPN/IPSec Setup 37-1 Chapter 37 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 37.1 Introduction T

ZyWALL 2 Series User’s Guide 37-2 VPN/IPSec Setup Figure 37-2 Menu 27: VPN/IPSec Setup 37.2 IPSec Summary Screen Type 1 in menu 27 and then

ZyWALL 2 Series User’s Guide VPN/IPSec Setup 37-3 Table 37-1 Menu 27.1: IPSec Summary FIELD DESCRIPTION EXAMPLE Name This field displays the

ZyWALL 2 Series User’s Guide Wizard Setup 3-5 Figure 3-3 Wizard2: PPPoE Encapsulation The following table describes the labels in this screen. Tab

ZyWALL 2 Series User’s Guide 37-4 VPN/IPSec Setup Table 37-1 Menu 27.1: IPSec Summary FIELD DESCRIPTION EXAMPLE Key Mgt This field displays the SA’s

ZyWALL 2 Series User’s Guide VPN/IPSec Setup 37-5 Table 37-1 Menu 27.1: IPSec Summary FIELD DESCRIPTION EXAMPLE Select Command Press [SPACE B

ZyWALL 2 Series User’s Guide 37-6 VPN/IPSec Setup Figure 37-4 Menu 27.1.1: IPSec Setup You must also configure menu 27.1.1.1 or menu 2

ZyWALL 2 Series User’s Guide VPN/IPSec Setup 37-7 Table 37-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE NAT Traversal Select this c

ZyWALL 2 Series User’s Guide 37-8 VPN/IPSec Setup Table 37-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE Peer ID type Press [SPACE BAR] to cho

ZyWALL 2 Series User’s Guide VPN/IPSec Setup 37-9 Table 37-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE Local Local IP addresses mus

ZyWALL 2 Series User’s Guide 37-10 VPN/IPSec Setup Table 37-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE End Enter a port number in this fie

ZyWALL 2 Series User’s Guide VPN/IPSec Setup 37-11 Table 37-2 Menu 27.1.1: IPSec Setup FIELD DESCRIPTION EXAMPLE Port Start 0 is the default

ZyWALL 2 Series User’s Guide 37-12 VPN/IPSec Setup Figure 37-5 Menu 27.1.1.1: IKE Setup Table 37-3 Menu 27.1.1.1: IKE Setup FIELD DES

ZyWALL 2 Series User’s Guide VPN/IPSec Setup 37-13 Table 37-3 Menu 27.1.1.1: IKE Setup FIELD DESCRIPTION EXAMPLEEncryption Algorithm When DES

ZyWALL 2 Series User’s Guide 3-6 Wizard Setup Table 3-2 PPPoE Encapsulation LABEL DESCRIPTION Idle Timeout Type the time in seconds that elapses bef

ZyWALL 2 Series User’s Guide 37-14 VPN/IPSec Setup Table 37-3 Menu 27.1.1.1: IKE Setup FIELD DESCRIPTION EXAMPLEEncapsulation Press [SPACE BAR] to ch

ZyWALL 2 Series User’s Guide VPN/IPSec Setup 37-15 To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 – IPSec S

ZyWALL 2 Series User’s Guide 37-16 VPN/IPSec Setup Table 37-5 Menu 27.1.1.2: Manual Setup FIELD DESCRIPTION EXAMPLE Key3 Enter a unique eight-charac

ZyWALL 2 Series User’s Guide SA Monitor 38-1 Chapter 38 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in

ZyWALL 2 Series User’s Guide 38-2 SA Monitor Table 38-1 Menu 27.2: SA Monitor FIELD DESCRIPTION EXAMPLE # This is the security association index

General Appendices XV Part XV: General Appendices This part provides background information about troubleshooting, setting up your computer’s I

ZyWALL 2 Series User’s Guide Troubleshooting A-1 Appendix A Troubleshooting This chapter covers potential problems and possible remedies. After each

ZyWALL 2 Series User’s Guide Troubleshooting A-2Problems with the LAN Interface Chart 3 Troubleshooting the LAN Interface PROBLEM CORRECTIVE ACTION

ZyWALL 2 Series User’s Guide Troubleshooting A-3 Problems with Internet Access Chart 5 Troubleshooting Internet Access PROBLEM CORRECTIVE ACTION Con

ZyWALL 2 Series User’s Guide Wizard Setup 3-7 Figure 3-4 Wizard 2: PPTP Encapsulation The following table describes the labels in this screen. Tab

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-1 Appendix B Setting up Your Computer’s IP Address All computers must have a 10

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-2The Network window Configuration tab displays a list of installed components.

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-3 1. Click the IP Address tab. -If your IP address is dynamic, select Obtain an

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-43. Click the Gateway tab. -If you do not know your gateway’s IP address, rem

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-5 1. For Windows XP, click Start, Control Panel. In Windows 2000/NT, click Star

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-64. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and cli

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-7 6. -If you do not know your gateway's IP address, remove any previously

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-8 7. In the Internet Protocol TCP/IP Properties window (the General tab in Wind

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-9 1. Click the Apple menu, Control Panel and double-click TCP/IP to open the TC

ZyWALL 2 Series User’s Guide 3-8 Wizard Setup Table 3-3 PPTP Encapsulation LABEL DESCRIPTION My IP Address Type the (static) IP address assigned to

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-104. For statically assigned settings, do the following: -From the Configure

ZyWALL 2 Series User’s Guide Setting Up Your Computer’s IP Address B-11 2. Click Network in the icon bar. - Select Automatic from the Location li

ZyWALL 2 Series User’s Guide Triangle Route C-1 Appendix C Triangle Route The Ideal Setup When the firewall is on, your ZyWALL acts as a secure g

ZyWALL 2 Series User’s Guide Triangle Route C-2 Diagram 2 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solu

ZyWALL 2 Series User’s Guide Triangle Route C-3 Diagram 3 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is t

ZyWALL 2 Series User’s Guide Triangle Route C-4Step 3. Use the following commands to allow/disallow triangle route. sys firewall ignore triangle al

ZyWALL 2 Series User’s Guide Wireless LAN and IEEE 802.11 D-1 Appendix D Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible da

ZyWALL 2 Series User’s Guide D-2 Wireless LAN and IEEE 802.11 Spread Spectrum (DSSS) and Frequency-Hopping Spread Spectrum (FHSS), in the 2.4 to 2.

ZyWALL 2 Series User’s Guide Wireless LAN and IEEE 802.11 D-3 could be any type of network, it is almost invariably an Ethernet LAN. Mobile nodes c

ZyWALL 2 Series User’s Guide Wizard Setup 3-9 Regardless of your particular situation, do not create an arbitrary IP address; always follow the gui

ZyWALL 2 Series User’s Guide Wireless LAN with IEEE 802.1x E-1 Appendix E Wireless LAN With IEEE 802.1x As wireless networks become popular for bot

ZyWALL 2 Series User’s Guide Wireless LAN with IEEE 802.1x E-2RADIUS Server Authentication Sequence The following figure depicts a typical wirele

ZyWALL 2 Series User’s Guide Types of EAP Authentication F-1 Appendix F Types of EAP Authentication This appendix discusses three popular EAP auth

ZyWALL 2 Series User’s Guide Types of EAP Authentication F-2TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP

ZyWALL 2 Series User’s Guide PPPoE G-1 Appendix G PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 25

ZyWALL 2 Series User’s Guide G-2 PPPoE The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the m

ZyWALL 2 Series User’s Guide PPTP H-1 Appendix H PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (R

ZyWALL 2 Series User’s Guide H-2 PPTP PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptual

ZyWALL 2 Series User’s Guide PPTP H-3 Diagram H-3 Example Message Exchange between PC and an ANT PPP Data Connection The PPP frames are tunneled b

ZyWALL 2 Series User’s Guide 3-10 Wizard Setup 3.4.4 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC a

ZyWALL 2 Series User’s Guide IP Subnetting I-1 Appendix I IP Subnetting IP Addressing Routers “route” based on the network number. The router that d

ZyWALL 2 Series User’s Guide I-2 IP Subnetting A class “A” address (24 host bits) can have 224 –2 hosts (approximately 16 million hosts). Since the

ZyWALL 2 Series User’s Guide IP Subnetting I-3 of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for

ZyWALL 2 Series User’s Guide I-4 IP Subnetting Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the

ZyWALL 2 Series User’s Guide IP Subnetting I-5 actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host I

ZyWALL 2 Series User’s Guide I-6 IP Subnetting Chart I-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 192 IP Address (Bin

ZyWALL 2 Series User’s Guide IP Subnetting I-7 4 255.255.255.240 (/28) 16 14 5 255.255.255.248 (/29) 32 6 6 255.255.255.252 (/30) 64 2 7 255.255.2

ZyWALL 2 Series User’s Guide I-8 IP Subnetting Chart I-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER S

ZyWALL 2 Series User’s Guide Safety Warnings and Instructions J-1 Appendix J Safety Warnings and Instructions 1. Be sure to read and follow all warn

ZyWALL 2 Series User’s Guide Wizard Setup 3-11 Figure 3-5 Wizard 3 The following table describes the labels in this screen. Table 3-6 Wizard 3 LAB

Command, Log Appendices and Index XVI Part XVI: Command, Log Appendices and Index This part provides information on the command line interface,

ZyWALL 2 Series User’s Guide Command Interpreter K-1 Appendix K Command Interpreter The following describes how to use the command interpreter.

ZyWALL 2 Series User’s Guide Firewall Commands L-1 Appendix L Firewall Commands The following describes the firewall commands. See the Command Int

ZyWALL 2 User’s Guide L-2 Firewall Commands Chart L-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config display firewall e-mail This comm

ZyWALL 2 Series User’s Guide Firewall Commands L-3 Chart L-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall attack block &

ZyWALL 2 User’s Guide L-4 Firewall Commands Chart L-1 Firewall Commands FUNCTION COMMAND DESCRIPTION Config edit firewall set <set #> defau

ZyWALL 2 Series User’s Guide Firewall Commands L-5 Chart L-1 Firewall Commands FUNCTION COMMAND DESCRIPTION Config edit firewall set <se

ZyWALL 2 Series User’s Guide 3-12 Wizard Setup Table 3-6 Wizard 3 LABEL DESCRIPTION Remote IP Subnet Mask Enter the gateway IP subnet mask (if your

ZyWALL 2 User’s Guide L-6 Firewall Commands Chart L-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall set <set #> r

ZyWALL 2 Series User’s Guide NetBIOS Filter Commands M-1 Appendix M NetBIOS Filter Commands The following describes the NetBIOS packet filter comma

ZyWALL 2 User’s Guide M-2 NetBIOS Filter Commands Chart M-1 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN and WAN This field

ZyWALL 2 Series User’s Guide NetBIOS Filter Commands M-3 Command: sys filter netbios config 4 off This command stops NetBIOS commands from initiati

ZyWALL 2 Series User’s Guide Boot Commands N-1 Appendix N Boot Commands The BootModule AT commands execute from within the router’s bootup software

ZyWALL 2 User’s Guide N-2 Boot Commands Diagram N-2 Boot Module Commands AT just answer OK ATHE print h

ZyWALL 2 Series User’s Guide Log Descriptions O-1 Appendix O Log Descriptions Chart O-1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the

ZyWALL 2 User’s Guide O-2 Log Descriptions Chart O-2 System Maintenance Logs TELNET Login Fail Someone has failed to log on to the router via telnet

ZyWALL 2 Series User’s Guide Log Descriptions O-3 Chart O-5 Attack Logs LOG MESSAGE DESCRIPTION attack IGMP The firewall detected an IGMP attack.

ZyWALL 2 Series User’s Guide Wizard Setup 3-13 Figure 3-6 Internet Access Wizard Setup Complete

ZyWALL 2 User’s Guide O-4 Log Descriptions Chart O-5 Attack Logs LOG MESSAGE DESCRIPTION syn flood TCP The firewall detected a TCP syn flood attack

ZyWALL 2 Series User’s Guide Log Descriptions O-5 Chart O-6 Access Logs LOG MESSAGE DESCRIPTION Firewall default policy: TCP (set:%d) TCP access m

ZyWALL 2 User’s Guide O-6 Log Descriptions Chart O-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule match: ESP (set:%d, rule:%d) ESP access matc

ZyWALL 2 Series User’s Guide Log Descriptions O-7 Chart O-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule NOT match: (set:%d, rule:%d) Access

ZyWALL 2 User’s Guide O-8 Log Descriptions Chart O-6 Access Logs LOG MESSAGE DESCRIPTION Filter match DROP <set %d/rule %d> Access matched th

ZyWALL 2 Series User’s Guide Log Descriptions O-9 Chart O-6 Access Logs LOG MESSAGE DESCRIPTION Packet without a NAT table entry blocked The route

ZyWALL 2 User’s Guide O-10 Log Descriptions Chart O-8 ICMP Notes TYPE CODE DESCRIPTION 3 Destination Unreachable 0 Net unreachable 1 Host unreac

ZyWALL 2 Series User’s Guide Log Descriptions O-11 Chart O-8 ICMP Notes TYPE CODE DESCRIPTION 14 Timestamp Reply 0 Timestamp reply message 15 I

ZyWALL 2 User’s Guide O-12 Log Descriptions Diagram O-1 Example VPN Initiator IPSec Log VPN Responder IPSec Log The following figure shows a typical

ZyWALL 2 Series User’s Guide Log Descriptions O-13 A PYLD_MALFORMED packet usually means that the two ends of the VPN tunnel are not using the same

ZyWALL 2 Series User’s Guide vi Customer Support Customer Support When you contact your customer support representative please have the following inf

ZyWALL 2 User’s Guide O-14 Log Descriptions Chart O-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Invalid IP <IP start>/<IP e

ZyWALL 2 Series User’s Guide Log Descriptions O-15 Chart O-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION vs. My Local <IP address>

ZyWALL 2 User’s Guide O-16 Log Descriptions The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC f

ZyWALL 2 Series User’s Guide Log Descriptions O-17 Chart O-13 Log Categories and Available Settings LOG CATEGORIES AVAILABLE PARAMETERS attack 0,

ZyWALL 2 User’s Guide O-18 Log Descriptions ras> sys logs display access # .time source destination

ZyWALL 2 Series User’s Guide Brute-Force Password Guessing Protection P-1 Appendix P Brute-Force Password Guessing Protection The following describ

ZyWALL 2 Series User’s Guide Index Q-1 Appendix Q Index 1 10/100 Mbps Ethernet WAN ... 1-2 4 4-Port Switch ...

ZyWALL 2 Series User’s Guide Q-2 Index Configuration File Upload... 33-16 File Backup ...

ZyWALL 2 Series User’s Guide Index Q-3 Filter... 23-12, 24-1, 26-9, 30-1 Applying ...

System and LAN II Part II: System and LAN This part covers configuration of the system, and LAN screens.

ZyWALL 2 Series User’s Guide Q-4 Index Inside Local Address ... 8-1 Internet Access...

ZyWALL 2 Series User’s Guide Index Q-5 N Nailed-up Connection ... 26-4 Nailed-Up Connection ...

ZyWALL 2 Series User’s Guide Q-6 Index Replacement ...v Reports...

ZyWALL 2 Series User’s Guide Index Q-7 System Management Terminal ... 21-2 System Name ...

ZyWALL 2 Series User’s Guide Q-8 Index Wireless LAN Setup... 24-6 Wizard Setup ...

ZyWALL 2 Series User’s Guide System 4-1 Chapter 4 System Screens This chapter provides information on the System screens. 4.1 System Overview See the

ZyWALL 2 Series User’s Guide 4-2 System Table 4-1 System General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification

ZyWALL 2 Series User’s Guide System 4-3 4.3 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS

ZyWALL 2 Series User’s Guide 4-4 System Figure 4-2 DDNS The following table describes the fields in this screen. Table 4-2 DDNS LABEL DESCRIPTION

ZyWALL 2 Series User’s Guide System 4-5 Table 4-2 DDNS LABEL DESCRIPTION Host Names 1~3 Enter the host names in the three fields provided. You can s

ZyWALL 2 Series User’s Guide 4-6 System Figure 4-3 Password The following table describes the fields in this screen. Table 4-3 Password LABEL DESC

ZyWALL 2 Series User’s Guide System 4-7 Table 4-4 Default Time Servers ntp1.cs.wisc.edu ntp1.gbg.netnod.se ntp2.cs.wisc.edu tock.usno.navy.mil ntp3.c

ZyWALL 2 Series User’s Guide Table of Contents vii Table of Contents Copyright...

ZyWALL 2 Series User’s Guide 4-8 System Figure 4-4 Time Setting The following table describes the fields in this screen. Table 4-5 Time Setting LA

ZyWALL 2 Series User’s Guide System 4-9 Table 4-5 Time Setting LABEL DESCRIPTION Time Server Address Enter the address of your time server. Check wit

ZyWALL 2 Series User’s Guide LAN 5-1 Chapter 5 LAN Screens This chapter describes how to configure LAN settings. 5.1 LAN Overview Local Area Network

ZyWALL 2 Series User’s Guide 5-2 LAN three numbers specify the network number while the last number identifies an individual computer on that networ

ZyWALL 2 Series User’s Guide LAN 5-3 RIP Version controls the format and the broadcasting method of the RIP packets that the ZyWALL sends (it recogni

ZyWALL 2 Series User’s Guide 5-4 LAN Figure 5-1 IP The following table describes the fields in this screen. Table 5-1 IP LABEL DESCRIPTION DHCP Se

ZyWALL 2 Series User’s Guide LAN 5-5 Table 5-1 IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) a

ZyWALL 2 Series User’s Guide 5-6 LAN Table 5-1 IP LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting meth

ZyWALL 2 Series User’s Guide LAN 5-7 Figure 5-2 Static DHCP The following table describes the fields in this screen. Table 5-2 Static DHCP LABEL DES

ZyWALL 2 Series User’s Guide viii Table of Contents 5.6 Configuring IP ...

ZyWALL 2 Series User’s Guide 5-8 LAN When you use IP alias, you can also configure firewall rules to control access between the LAN's logical n

ZyWALL 2 Series User’s Guide LAN 5-9 The following table describes the fields in this screen. Table 5-3 IP Alias LABEL DESCRIPTION IP Alias 1,2 Sele

WAN and Wireless LAN III Part III: WAN and Wireless LAN This part covers configuration of the WAN and Wireless LAN screens.

ZyWALL 2 Series User’s Guide WAN Screens 6-1 Chapter 6 WAN Screens This chapter describes how to configure WAN settings. 6.1 WAN Overview See the LA

ZyWALL 2 Series User’s Guide 6-2 WAN Screens Table 6-1 Private IP Address Ranges 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 -

ZyWALL 2 Series User’s Guide WAN Screens 6-3 Figure 6-1 WAN Setup: Route The following table describes the fields in this screen. Table 6-3 WAN Setu

ZyWALL 2 Series User’s Guide 6-4 WAN Screens Figure 6-2 Ethernet Encapsulation The following table describes the fields in this screen. Table 6-4 E

ZyWALL 2 Series User’s Guide WAN Screens 6-5 Table 6-4 Ethernet Encapsulation LABEL DESCRIPTION Reset Click Reset to begin configuring this screen af

ZyWALL 2 Series User’s Guide Table of Contents ix 10.3 Introduction to ZyXEL’s Firewall...

ZyWALL 2 Series User’s Guide 6-6 WAN Screens Figure 6-3 PPPoE Encapsulation The following table describes the fields in this screen. Table 6-5 PPPo

ZyWALL 2 Series User’s Guide WAN Screens 6-7 Table 6-5 PPPoE Encapsulation LABEL DESCRIPTION Password Type the password associated with the User Nam

ZyWALL 2 Series User’s Guide 6-8 WAN Screens Figure 6-4 PPTP Encapsulation The following table describes the fields in this screen. Table 6-6 PPTP

ZyWALL 2 Series User’s Guide WAN Screens 6-9 Table 6-6 PPTP Encapsulation LABEL DESCRIPTION User Name Type the user name given to you by your ISP.

ZyWALL 2 Series User’s Guide 6-10 WAN Screens Figure 6-5 IP Setup The following table describes the fields in this screen. Table 6-7 IP Setup LABEL

ZyWALL 2 Series User’s Guide WAN Screens 6-11 Table 6-7 IP Setup LABEL DESCRIPTION My WAN IP Address (or IP Address) Enter your WAN IP address in th

ZyWALL 2 Series User’s Guide 6-12 WAN Screens Table 6-7 IP Setup LABEL DESCRIPTION Private (PPPoE and PPTP only) This parameter determines if the Z

ZyWALL 2 Series User’s Guide WAN Screens 6-13 Table 6-7 IP Setup LABEL DESCRIPTION Windows Networking (NetBIOS over TCP/IP): Windows Networking (Net

ZyWALL 2 Series User’s Guide 6-14 WAN Screens The MAC address screen allows users to configure the WAN port's MAC Address by either using the f

ZyWALL 2 Series User’s Guide WAN Screens 6-15 Figure 6-8 Traffic Redirect LAN Setup 6.9 Configuring Traffic Redirect To change your ZyWALL’s Traffi