Download user guide, user manual, owner manual and instructions guide
5 600 brands
1 870 000 user's guides
Search a brand
Advanced Search



Our partners wish to propose you the following products


Visit ZYXEL official site

User manual ZYXEL ZYWALL 35

Diplodocs help download the user guide ZYXEL ZYWALL 35.

Download the user manual ZYXEL ZYWALL 35  
Download the complete
user guide (23885 Ko)		 Need help, support, reviews, tips or troubleshooting for your ZYXEL ZYWALL 35 products ?



Preview of the first 3 pages of manual

You either have JavaScript turned off or an old version of Adobe Flash Player
Get the latest Flash Player.
User guide ZYXEL ZYWALL 35

Detailed instructions for use are in the User's Guide.

ZyWALL 5/35/70 Series Internet Security Appliance User's Guide Version 4.03 1/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 Password 1234 www.zyxel.com About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyWALL using the web configurator or System Management Terminal (SMT). You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation · Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access. · Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information. · CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. · Supporting Disk Refer to the included CD for support documents. · ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw ZyWALL 5/35/70 Series User's Guide 3 Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User's Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions · The ZyWALL 5/35/70 series may be referred to as the "ZyWALL", the "device" or the "system" in this User's Guide. · Product labels, screen names, field labels and field choices are all in bold font. · A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the "enter" or "return" key on your keyboard. · "Enter" means for you to type one or more characters and then press the [ENTER] key. "Select" or "choose" means for you to use one of the predefined choices. · A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen. · Units of measurement may denote the "metric" value or the "scientific" value. For example, "k" for kilo may denote "1000" or "1024", "M" for mega may denote "1000000" or "1048576" and so on. · "e.g.," is a shorthand for "for instance", and "i.e.," means "that is" or "in other words". 4 ZyWALL 5/35/70 Series User's Guide Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL 5/35/70 Series User's Guide 5 Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. · Do NOT use this product near water, for example, in a wet basement or near a swimming pool. · Do NOT expose your device to dampness, dust or corrosive liquids. · Do NOT store things on the device. · Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. · Connect ONLY suitable accessories to the device. · Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information. · Make sure to connect the cables to the correct ports. · Place connecting cables carefully so that no one will step on them or stumble over them. · Always disconnect all cables from this device before servicing or disassembling. · Use ONLY an appropriate power adaptor or cord for your device. · Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe). · Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet. · Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord. · Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution. · If the power adaptor or cord is damaged, remove it from the power outlet. · Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one. · Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning. · CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product. · Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. · Fuse Warning! Replace a fuse only with a fuse of the same type and rating. 6 ZyWALL 5/35/70 Series User's Guide Safety Warnings This product is recyclable. Dispose of it properly. ZyWALL 5/35/70 Series User's Guide 7 Safety Warnings 8 ZyWALL 5/35/70 Series User's Guide Contents Overview Contents Overview Introduction ............................................................................................................................ 53 Getting to Know Your ZyWALL .................................................................................................. 55 Introducing the Web Configurator .............................................................................................. 61 Wizard Setup ............................................................................................................................. 87 Tutorials ................................................................................................................................... 109 Registration ............................................................................................................................. 141 Network ................................................................................................................................. 147 LAN Screens ........................................................................................................................... 149 Bridge Screens ........................................................................................................................ 161 WAN Screens .......................................................................................................................... 167 DMZ Screens ........................................................................................................................... 203 WLAN ...................................................................................................................................... 213 Security ................................................................................................................................. 241 Firewall .................................................................................................................................... 243 Intrusion Detection and Prevention (IDP) ................................................................................ 275 Configuring IDP ....................................................................................................................... 279 Anti-Virus ................................................................................................................................. 295 Anti-Spam ................................................................................................................................ 307 Content Filtering Screens ........................................................................................................ 321 Content Filtering Reports ......................................................................................................... 343 IPSec VPN ............................................................................................................................... 351 Certificates ............................................................................................................................... 395 Authentication Server .............................................................................................................. 425 Advanced .............................................................................................................................. 429 Network Address Translation (NAT) ........................................................................................ 431 Static Route ............................................................................................................................. 449 Policy Route ............................................................................................................................ 453 Bandwidth Management .......................................................................................................... 459 DNS ......................................................................................................................................... 475 Remote Management .............................................................................................................. 487 UPnP ....................................................................................................................................... 515 Custom Application .................................................................................................................. 525 ALG Screen ............................................................................................................................. 527 ZyWALL 5/35/70 Series User's Guide 9 Contents Overview Reports, Logs and Maintenance ......................................................................................... 533 Reports .................................................................................................................................... 535 Logs Screens ........................................................................................................................... 547 Maintenance ............................................................................................................................ 575 SMT and Troubleshooting ................................................................................................... 593 Introducing the SMT ................................................................................................................ 595 SMT Menu 1 - General Setup .................................................................................................. 603 WAN and Dial Backup Setup ................................................................................................... 609 LAN Setup ............................................................................................................................... 623 Internet Access ........................................................................................................................ 629 DMZ Setup .............................................................................................................................. 635 Route Setup ............................................................................................................................. 639 Wireless Setup ........................................................................................................................ 643 Remote Node Setup ................................................................................................................ 649 IP Static Route Setup .............................................................................................................. 659 Network Address Translation (NAT) ........................................................................................ 663 Introducing the ZyWALL Firewall ............................................................................................. 683 Filter Configuration .................................................................................................................. 685 SNMP Configuration ................................................................................................................ 701 System Information & Diagnosis ............................................................................................. 703 Firmware and Configuration File Maintenance ........................................................................ 715 System Maintenance Menus 8 to 10 ....................................................................................... 729 Remote Management .............................................................................................................. 735 IP Policy Routing ..................................................................................................................... 739 Call Scheduling ........................................................................................................................ 747 Troubleshooting ....................................................................................................................... 751 Product Specifications ............................................................................................................. 757 Appendices and Index ......................................................................................................... 765 10 ZyWALL 5/35/70 Series User's Guide Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 4 Safety Warnings........................................................................................................................ 6 Contents Overview ................................................................................................................... 9 Table of Contents.................................................................................................................... 11 List of Figures ......................................................................................................................... 31 List of Tables........................................................................................................................... 45 Part I: Introduction................................................................................. 53 Chapter 1 Getting to Know Your ZyWALL.............................................................................................. 55 1.1 ZyWALL Internet Security Appliance Overview ................................................................... 55 1.2 ZyWALL Features ................................................................................................................ 55 1.3 Ways to Manage the ZyWALL ............................................................................................. 56 1.4 Good Habits for Managing the ZyWALL .............................................................................. 56 1.5 Applications for the ZyWALL ............................................................................................... 57 1.5.1 Secure Broadband Internet Access via Cable or DSL Modem .................................. 57 1.5.2 VPN Application ......................................................................................................... 57 1.5.3 3G WAN Application (ZyWALL 5 Only) ...................................................................... 58 1.5.4 Front Panel Lights ...................................................................................................... 58 Chapter 2 Introducing the Web Configurator ........................................................................................ 61 2.1 Web Configurator Overview ................................................................................................. 61 2.2 Accessing the ZyWALL Web Configurator .......................................................................... 61 2.3 Resetting the ZyWALL ......................................................................................................... 63 2.3.1 Procedure To Use The Reset Button ......................................................................... 63 2.3.2 Uploading a Configuration File Via Console Port ....................................................... 63 2.4 Navigating the ZyWALL Web Configurator .......................................................................... 64 2.4.1 Title Bar ...................................................................................................................... 64 2.4.2 Main Window .............................................................................................................. 65 2.4.3 HOME Screen: Router Mode ................................................................................... 65 ZyWALL 5/35/70 Series User's Guide 11 Table of Contents 2.4.4 HOME Screen: Bridge Mode .................................................................................... 71 2.4.5 Navigation Panel ........................................................................................................ 74 2.4.6 Port Statistics ........................................................................................................... 80 ................................................................................................ 82 2.4.7 Show Statistics: Line Chart ........................................................................................ 81 2.4.8 DHCP Table Screen 2.4.9 VPN Status ................................................................................................................. 83 2.4.10 Bandwidth Monitor .................................................................................................. 84 Chapter 3 Wizard Setup ........................................................................................................................... 87 3.1 Wizard Setup Overview ...................................................................................................... 87 3.2 Internet Access ................................................................................................................... 88 3.2.1 ISP Parameters .......................................................................................................... 88 3.2.2 Internet Access Wizard: Second Screen .................................................................... 92 3.2.3 Internet Access Wizard: Registration ......................................................................... 93 3.2.4 Internet Access Wizard: Status .................................................................................. 94 3.2.5 Internet Access Wizard: Service Activation ............................................................... 95 3.3 VPN Wizard Gateway Setting .............................................................................................. 96 3.4 VPN Wizard Network Setting ............................................................................................... 97 3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) ................................................................... 99 3.6 VPN Wizard IPSec Setting (IKE Phase 2) ......................................................................... 100 3.7 VPN Wizard Status Summary ............................................................................................ 102 3.8 VPN Wizard Setup Complete ............................................................................................ 104 3.9 Anti-Spam Wizard: Email Server Location Setting ............................................................ 104 3.10 Anti-Spam Wizard: Direction Recommendations ............................................................ 105 3.11 Anti-Spam Wizard: Direction Configuration ...................................................................... 106 3.12 Anti-Spam Wizard: Setup Complete ................................................................................ 108 Chapter 4 Tutorials ................................................................................................................................. 109 4.1 Dynamic VPN Rule Configuration ..................................................................................... 109 4.1.1 Configure Bob's User Account ..................................................................................110 4.1.2 VPN Gateway and Network Policy Configuration .....................................................110 4.1.3 Configure Zero Configuration Mode on ZyWALL B ..................................................116 4.1.4 Testing Your VPN Configuration ................................................................................117 4.1.5 Using the Dynamic VPN Rule for More VPN Tunnels ...............................................119 4.2 Security Settings for VPN Traffic ........................................................................................119 4.2.1 IDP for From VPN Traffic Example .......................................................................... 120 4.2.2 IDP for To VPN Traffic Example ............................................................................... 121 4.3 Firewall Rule for VPN Example ......................................................................................... 122 4.3.1 Configuring the VPN Rule ........................................................................................ 123 4.3.2 Configuring the Firewall Rules ................................................................................. 127 4.4 How to Set up a 3G WAN Connection ............................................................................... 130 12 ZyWALL 5/35/70 Series User's Guide Table of Contents 4.4.1 Inserting a 3G Card .................................................................................................. 130 4.4.2 Configuring 3G WAN Settings .................................................................................. 131 4.4.3 Checking WAN Connections .................................................................................... 132 4.5 Configuring Load Balancing .............................................................................................. 132 4.6 Configuring Content Filtering ............................................................................................. 133 4.6.1 Enable Content Filtering ........................................................................................... 133 4.6.2 Block Categories of Web Content ............................................................................ 134 4.6.3 Assign Bob's Computer a Specific IP Address ......................................................... 136 4.6.4 Create a Content Filter Policy for Bob ...................................................................... 136 4.6.5 Set the Content Filter Schedule ............................................................................... 137 4.6.6 Block Categories of Web Content for Bob ............................................................... 138 Chapter 5 Registration ........................................................................................................................... 141 5.1 myZyXEL.com overview .................................................................................................... 141 5.1.1 Subscription Services Available on the ZyWALL ..................................................... 141 5.2 Registration ....................................................................................................................... 142 5.3 Service ............................................................................................................................... 144 Part II: Network..................................................................................... 147 Chapter 6 LAN Screens.......................................................................................................................... 149 6.1 LAN, WAN and the ZyWALL .............................................................................................. 149 6.2 IP Address and Subnet Mask ............................................................................................ 149 6.2.1 Private IP Addresses ................................................................................................ 150 6.3 DHCP ................................................................................................................................ 151 6.3.1 IP Pool Setup ........................................................................................................... 151 6.4 RIP Setup .......................................................................................................................... 151 6.5 Multicast ............................................................................................................................ 151 6.6 WINS ................................................................................................................................. 152 6.7 LAN .................................................................................................................................... 152 6.8 LAN Static DHCP ............................................................................................................... 155 6.9 LAN IP Alias .................................................................................................................... 156 6.10 LAN Port Roles ................................................................................................................ 158 Chapter 7 Bridge Screens...................................................................................................................... 161 7.1 Bridge Loop ....................................................................................................................... 161 7.2 Spanning Tree Protocol (STP) ........................................................................................... 162 7.2.1 Rapid STP ................................................................................................................ 162 ZyWALL 5/35/70 Series User's Guide 13 Table of Contents 7.2.2 STP Terminology ...................................................................................................... 162 7.2.3 How STP Works ....................................................................................................... 162 7.2.4 STP Port States ........................................................................................................ 163 7.3 Bridge ................................................................................................................................ 163 7.4 Bridge Port Roles ............................................................................................................. 165 Chapter 8 WAN Screens......................................................................................................................... 167 8.1 WAN Overview .................................................................................................................. 167 8.2 Multiple WAN ..................................................................................................................... 167 8.3 Load Balancing Introduction .............................................................................................. 168 8.4 Load Balancing Algorithms ................................................................................................ 168 8.4.1 Least Load First ....................................................................................................... 168 8.4.2 Weighted Round Robin ............................................................................................ 169 8.4.3 Spillover .................................................................................................................... 170 8.5 WAN Interface to Local Host Mapping Timeout ................................................................. 171 8.6 TCP/IP Priority (Metric) ...................................................................................................... 172 8.7 WAN General ..................................................................................................................... 172 8.8 Configuring Load Balancing .............................................................................................. 176 8.8.1 Least Load First ....................................................................................................... 176 8.8.2 Weighted Round Robin ............................................................................................ 177 8.8.3 Spillover .................................................................................................................... 178 8.9 WAN IP Address Assignment ............................................................................................ 179 8.10 DNS Server Address Assignment ................................................................................... 179 8.11 WAN MAC Address ......................................................................................................... 180 8.12 WAN .............................................................................................................................. 180 8.12.1 WAN Ethernet Encapsulation ................................................................................. 180 8.12.2 PPPoE Encapsulation ............................................................................................ 183 8.12.3 PPTP Encapsulation .............................................................................................. 186 8.13 3G (WAN2) ...................................................................................................................... 189 8.14 Traffic Redirect ........................................................................................................... 194 8.15 Configuring Traffic Redirect ............................................................................................. 195 8.16 Configuring Dial Backup .................................................................................................. 196 8.17 Advanced Modem Setup ............................................................................................... 199 8.17.1 AT Command Strings ............................................................................................. 199 8.17.2 DTR Signal ............................................................................................................. 200 8.17.3 Response Strings ................................................................................................... 200 8.18 Configuring Advanced Modem Setup .............................................................................. 200 Chapter 9 DMZ Screens ......................................................................................................................... 203 9.1 DMZ ................................................................................................................................. 203 9.2 Configuring DMZ ............................................................................................................... 203 14 ZyWALL 5/35/70 Series User's Guide Table of Contents 9.3 DMZ Static DHCP ............................................................................................................ 206 9.4 DMZ IP Alias .................................................................................................................... 207 9.5 DMZ Public IP Address Example ...................................................................................... 209 9.6 DMZ Private and Public IP Address Example ................................................................... 209 9.7 DMZ Port Roles ............................................................................................................... 210 Chapter 10 WLAN ..................................................................................................................................... 213 10.1 Wireless LAN Introduction ............................................................................................... 213 10.1.1 Additional Installation Requirements for Using 802.1x ........................................... 213 10.2 Configuring WLAN ......................................................................................................... 213 10.3 WLAN Static DHCP ....................................................................................................... 216 10.4 WLAN IP Alias ............................................................................................................... 217 10.5 WLAN Port Roles ........................................................................................................... 219 10.6 Wireless Security ............................................................................................................. 221 10.6.1 Encryption .............................................................................................................. 221 10.6.2 Authentication ........................................................................................................ 222 10.6.3 Restricted Access .................................................................................................. 222 10.6.4 Hide ZyWALL Identity ............................................................................................. 222 10.7 Security Parameters Summary ........................................................................................ 222 10.8 WEP Encryption .............................................................................................................. 223 10.9 802.1x Overview .............................................................................................................. 223 10.9.1 Introduction to RADIUS .......................................................................................... 223 10.9.2 EAP Authentication Overview ................................................................................ 224 10.10 Dynamic WEP Key Exchange ....................................................................................... 225 10.11 Introduction to WPA ....................................................................................................... 225 10.11.1 User Authentication .............................................................................................. 225 10.11.2 Encryption ............................................................................................................ 225 10.12 WPA-PSK Application Example ..................................................................................... 226 10.13 Introduction to RADIUS ................................................................................................. 227 10.14 WPA with RADIUS Application Example ....................................................................... 227 10.15 Wireless Client WPA Supplicants .................................................................................. 228 10.16 Wireless Card .............................................................................................................. 228 10.16.1 Static WEP ........................................................................................................... 230 10.16.2 WPA-PSK ............................................................................................................. 231 10.16.3 WPA ..................................................................................................................... 233 10.16.4 IEEE 802.1x + Dynamic WEP .............................................................................. 234 10.16.5 IEEE 802.1x + Static WEP ................................................................................... 235 10.16.6 IEEE 802.1x + No WEP ....................................................................................... 236 10.16.7 No Access 802.1x + Static WEP .......................................................................... 237 10.16.8 No Access 802.1x + No WEP .............................................................................. 238 10.17 MAC Filter ..................................................................................................................... 239 ZyWALL 5/35/70 Series User's Guide 15 Table of Contents Part III: Security.................................................................................... 241 Chapter 11 Firewall................................................................................................................................... 243 11.1 Firewall Overview ............................................................................................................ 243 11.2 Packet Direction Matrix .................................................................................................... 244 11.3 Packet Direction Examples .............................................................................................. 246 11.3.1 To VPN Packet Direction ........................................................................................ 247 11.3.2 From VPN Packet Direction ................................................................................... 248 11.3.3 From VPN To VPN Packet Direction ...................................................................... 250 11.4 Security Considerations ................................................................................................... 252 11.5 Firewall Rules Example ................................................................................................... 253 11.6 Asymmetrical Routes ....................................................................................................... 254 11.6.1 Asymmetrical Routes and IP Alias ......................................................................... 255 11.7 Firewall Default Rule (Router Mode) ................................................................................ 255 11.8 Firewall Default Rule (Bridge Mode) .............................................................................. 258 11.9 Firewall Rule Summary ................................................................................................... 259 11.9.1 Firewall Edit Rule 11.10 Anti-Probing 11.11 Firewall Thresholds .............................................................................................. 261 ............................................................................................................... 264 ..................................................................................................... 265 11.11.1 Threshold Values .................................................................................................. 266 11.12 Threshold Screen ........................................................................................................... 266 11.13 Service .......................................................................................................................... 268 11.13.1 Firewall Edit Custom Service .............................................................................. 269 11.14 My Service Firewall Rule Example ................................................................................ 270 Chapter 12 Intrusion Detection and Prevention (IDP)........................................................................... 275 12.1 Introduction to IDP ...................................................................................................... 275 12.1.1 Firewalls and Intrusions ......................................................................................... 275 12.1.2 IDS and IDP .......................................................................................................... 276 12.1.3 Host IDP ................................................................................................................ 276 12.1.4 Network IDP .......................................................................................................... 276 12.1.5 Example Intrusions ................................................................................................. 276 12.1.6 ZyWALL IDP .......................................................................................................... 278 Chapter 13 Configuring IDP..................................................................................................................... 279 13.1 Overview .......................................................................................................................... 279 13.1.1 Interfaces ............................................................................................................... 279 13.2 General Setup ................................................................................................................. 280 13.3 IDP Signatures ................................................................................................................ 282 13.3.1 Attack Types ........................................................................................................... 282 16 ZyWALL 5/35/70 Series User's Guide Table of Contents 13.3.2 Intrusion Severity ................................................................................................... 283 13.3.3 Signature Actions ................................................................................................... 283 13.3.4 Configuring IDP Signatures .................................................................................... 284 13.3.5 Query View ............................................................................................................ 286 13.4 Update ............................................................................................................................ 290 13.4.1 mySecurityZone ..................................................................................................... 290 13.4.2 Configuring IDP Update ......................................................................................... 291 13.5 Backup and Restore ........................................................................................................ 293 Chapter 14 Anti-Virus............................................................................................................................... 295 14.1 Anti-Virus Overview ........................................................................................................ 295 14.1.1 Types of Computer Viruses ................................................................................... 295 14.1.2 Computer Virus Infection and Prevention .............................................................. 295 14.1.3 Types of Anti-Virus Scanner .................................................................................. 296 14.2 Introduction to the ZyWALL Anti-Virus Scanner .............................................................. 296 14.2.1 How the ZyWALL Anti-Virus Scanner Works ........................................................ 296 14.2.2 Notes About the ZyWALL Anti-Virus ...................................................................... 297 14.3 General Anti-Virus Setup ................................................................................................. 298 14.4 Signature Searching ........................................................................................................ 300 14.4.1 Signature Search Example .................................................................................... 302 14.5 Signature Update ........................................................................................................... 303 14.5.1 mySecurityZone ..................................................................................................... 304 14.5.2 Configuring Anti-virus Update ............................................................................... 304 14.6 Backup and Restore ....................................................................................................... 306 Chapter 15 Anti-Spam .............................................................................................................................. 307 15.1 Anti-Spam Overview ..................................................................................................... 307 15.1.1 Anti-Spam External Database ................................................................................ 307 15.1.2 Spam Threshold ..................................................................................................... 309 15.1.3 Phishing ................................................................................................................. 309 15.1.4 Whitelist .................................................................................................................. 310 15.1.5 Blacklist .................................................................................................................. 310 15.1.6 SMTP and POP3 .................................................................................................... 310 15.1.7 MIME Headers ....................................................................................................... 310 15.2 Anti-Spam General Screen ...............................................................................................311 15.3 Anti-Spam External DB Screen 15.5 Anti-Spam Lists Edit Screen .................................................................................. 313 15.4 Anti-Spam Lists Screen .................................................................................................. 315 .......................................................................................... 317 Chapter 16 Content Filtering Screens .................................................................................................... 321 ZyWALL 5/35/70 Series User's Guide 17 Table of Contents 16.1 Content Filtering Overview .............................................................................................. 321 16.1.1 Restrict Web Features ........................................................................................... 321 16.1.2 Create a Filter List .................................................................................................. 321 16.1.3 Customize Web Site Access ................................................................................. 321 16.2 Content Filtering with an External Database ................................................................... 321 16.3 Content Filter General Screen ........................................................................................ 322 16.4 Content Filter Policy ..................................................................................................... 325 16.5 Content Filter Policy: General ......................................................................................... 327 16.6 Content Filter Policy: External Database ........................................................................ 329 16.7 Content Filter Policy: Customization ............................................................................... 336 16.8 Content Filter Policy: Schedule ...................................................................................... 337 16.9 Content Filter Object ....................................................................................................... 338 16.10 Content Filtering Cache ................................................................................................ 340 Chapter 17 Content Filtering Reports..................................................................................................... 343 17.1 Checking Content Filtering Activation .............................................................................. 343 17.2 Viewing Content Filtering Reports ................................................................................... 343 17.3 Web Site Submission ....................................................................................................... 348 Chapter 18 IPSec VPN.............................................................................................................................. 351 18.1 IPSec VPN Overview ..................................................................................................... 351 18.1.1 IKE SA Overview .................................................................................................... 352 18.2 VPN Rules (IKE) .............................................................................................................. 353 18.3 IKE SA Setup .................................................................................................................. 355 18.3.1 IKE SA Proposal .................................................................................................... 355 18.4 Additional IPSec VPN Topics ........................................................................................... 360 18.4.1 SA Life Time ........................................................................................................... 360 18.4.2 IPSec High Availability ........................................................................................... 361 18.4.3 Encryption and Authentication Algorithms ............................................................. 361 18.5 VPN Rules (IKE) Gateway Policy Edit ............................................................................. 362 18.6 IPSec SA Overview ..................................................................................................... 368 18.6.1 Local and Remote Networks .................................................................................. 368 18.6.2 Virtual Address Mapping ........................................................................................ 369 18.6.3 Active Protocol ....................................................................................................... 370 18.6.4 Encapsulation ......................................................................................................... 370 18.6.5 IPSec SA Proposal and Perfect Forward Secrecy ................................................. 371 18.7 Network Policy Edit ......................................................................................................... 372 18.8 Network Policy Edit: Port Forwarding ............................................................................. 377 18.9 Network Policy Move ..................................................................................................... 379 18.10 IPSec SA Using Manual Keys ................................................................................... 380 18.10.1 IPSec SA Proposal Using Manual Keys ............................................................... 380 18 ZyWALL 5/35/70 Series User's Guide Table of Contents 18.10.2 Authentication and the Security Parameter Index (SPI) ....................................... 380 18.11 VPN Rules (Manual) ...................................................................................................... 380 18.12 VPN Rules (Manual): Edit ........................................................................................... 382 18.13 VPN SA Monitor ........................................................................................................... 385 18.14 VPN Global Setting ....................................................................................................... 385 18.14.1 Local and Remote IP Address Conflict Resolution .............................................. 385 18.15 Telecommuter VPN/IPSec Examples ............................................................................ 388 18.15.1 Telecommuters Sharing One VPN Rule Example ................................................ 389 18.15.2 Telecommuters Using Unique VPN Rules Example ............................................. 389 18.16 VPN and Remote Management ..................................................................................... 391 18.17 Hub-and-spoke VPN ...................................................................................................... 391 18.17.1 Hub-and-spoke VPN Example ............................................................................. 392 18.17.2 Hub-and-spoke Example VPN Rule Addresses ................................................... 393 18.17.3 Hub-and-spoke VPN Requirements and Suggestions ......................................... 393 Chapter 19 Certificates ............................................................................................................................ 395 19.1 Certificates Overview ....................................................................................................... 395 19.1.1 Advantages of Certificates ..................................................................................... 396 19.2 Self-signed Certificates .................................................................................................... 396 19.3 Verifying a Certificate ....................................................................................................... 396 19.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 396 19.4 Configuration Summary ................................................................................................... 397 19.5 My Certificates ................................................................................................................ 398 19.6 My Certificate Details ..................................................................................................... 400 19.7 My Certificate Export ...................................................................................................... 402 19.7.1 Certificate File Export Formats ............................................................................... 402 19.8 My Certificate Import ..................................................................................................... 403 19.8.1 Certificate File Formats .......................................................................................... 403 19.9 My Certificate Create ..................................................................................................... 405 19.10 Trusted CAs ................................................................................................................. 410 19.11 Trusted CA Details ........................................................................................................ 412 19.12 Trusted CA Import ....................................................................................................... 415 19.13 Trusted Remote Hosts ................................................................................................. 416 19.14 Trusted Remote Hosts Import ...................................................................................... 418 19.15 Trusted Remote Host Certificate Details ..................................................................... 419 19.16 Directory Servers .......................................................................................................... 421 19.17 Directory Server Add or Edit ........................................................................................ 422 Chapter 20 Authentication Server........................................................................................................... 425 20.1 Authentication Server Overview ...................................................................................... 425 20.1.1 Local User Database .............................................................................................. 425 ZyWALL 5/35/70 Series User's Guide 19 Table of Contents 20.1.2 RADIUS .................................................................................................................. 425 20.2 Local User Database ..................................................................................................... 425 20.3 RADIUS ......................................................................................................................... 427 Part IV: Advanced ................................................................................ 429 Chapter 21 Network Address Translation (NAT).................................................................................... 431 21.1 NAT Overview ................................................................................................................ 431 21.1.1 NAT Definitions ...................................................................................................... 431 21.1.2 What NAT Does ..................................................................................................... 432 21.1.3 How NAT Works ..................................................................................................... 432 21.1.4 NAT Application ...................................................................................................... 433 21.1.5 Port Restricted Cone NAT ...................................................................................... 434 21.1.6 NAT Mapping Types ............................................................................................... 434 21.2 Using NAT ........................................................................................................................ 435 21.2.1 SUA (Single User Account) Versus NAT ................................................................ 435 21.3 NAT Overview Screen ..................................................................................................... 436 21.4 NAT Address Mapping ................................................................................................... 437 21.4.1 NAT Address Mapping Edit .................................................................................. 439 21.5 Port Forwarding .............................................................................................................. 440 21.5.1 Default Server IP Address ...................................................................................... 441 21.5.2 Port Forwarding: Services and Port Numbers ........................................................ 441 21.5.3 Configuring Servers Behind Port Forwarding (Example) ....................................... 441 21.5.4 NAT and Multiple WAN ........................................................................................... 442 21.5.5 Port Translation ...................................................................................................... 442 21.6 Port Forwarding Screen ................................................................................................... 443 21.7 Port Triggering ............................................................................................................... 445 Chapter 22 Static Route ........................................................................................................................... 449 22.1 IP Static Route .............................................................................................................. 449 .............................................................................................. 451 22.2 IP Static Route ................................................................................................................. 450 22.2.1 IP Static Route Edit Chapter 23 Policy Route .......................................................................................................................... 453 23.1 Policy Route ................................................................................................................... 453 23.2 Benefits ............................................................................................................................ 453 23.3 Routing Policy .................................................................................................................. 453 23.4 IP Routing Policy Setup ................................................................................................... 454 20 ZyWALL 5/35/70 Series User's Guide Table of Contents 23.5 Policy Route Edit ............................................................................................................ 455 Chapter 24 Bandwidth Management....................................................................................................... 459 24.1 Bandwidth Management Overview ................................................................................. 459 24.2 Bandwidth Classes and Filters ........................................................................................ 459 24.3 Proportional Bandwidth Allocation ................................................................................... 460 24.4 Application-based Bandwidth Management .................................................................... 460 24.5 Subnet-based Bandwidth Management .......................................................................... 460 24.6 Application and Subnet-based Bandwidth Management ................................................. 460 24.7 Scheduler ........................................................................................................................ 461 24.7.1 Priority-based Scheduler ........................................................................................ 461 24.7.2 Fairness-based Scheduler ..................................................................................... 461 24.7.3 Maximize Bandwidth Usage ................................................................................... 461 24.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic .......................................... 461 24.7.5 Maximize Bandwidth Usage Example .................................................................... 462 24.8 Bandwidth Borrowing ....................................................................................................... 463 24.8.1 Bandwidth Borrowing Example .............................................................................. 463 24.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................................. 464 24.10 Over Allotment of Bandwidth ......................................................................................... 465 24.11 Configuring Summary .................................................................................................... 465 24.12 Configuring Class Setup .............................................................................................. 467 24.12.1 Bandwidth Manager Class Configuration ........................................................... 468 24.12.2 Bandwidth Management Statistics ................................................................... 471 24.13 Bandwidth Manager Monitor ........................................................................................ 472 Chapter 25 DNS ........................................................................................................................................ 475 25.1 DNS Overview ............................................................................................................... 475 25.2 DNS Server Address Assignment ................................................................................... 475 25.3 DNS Servers .................................................................................................................... 475 25.4 Address Record ............................................................................................................... 476 25.4.1 DNS Wildcard ......................................................................................................... 476 25.5 Name Server Record ....................................................................................................... 476 25.5.1 Private DNS Server ................................................................................................ 476 25.6 System Screen ................................................................................................................ 477 25.6.1 Adding an Address Record .................................................................................. 478 25.6.2 Inserting a Name Server Record .......................................................................... 479 25.7 DNS Cache .................................................................................................................... 481 25.8 Configure DNS Cache ..................................................................................................... 481 25.9 Configuring DNS DHCP ................................................................................................ 482 25.10 Dynamic DNS .............................................................................................................. 483 25.10.1 DYNDNS Wildcard ............................................................................................... 484 ZyWALL 5/35/70 Series User's Guide 21 Table of Contents 25.10.2 High Availability .................................................................................................... 484 25.11 Configuring Dynamic DNS ............................................................................................. 484 Chapter 26 Remote Management............................................................................................................ 487 26.1 Remote Management Overview ...................................................................................... 487 26.1.1 Remote Management Limitations .......................................................................... 488 26.1.2 System Timeout ..................................................................................................... 488 26.2 WWW (HTTP and HTTPS) ............................................................................................ 488 26.3 WWW .............................................................................................................................. 489 26.4 HTTPS Example .............................................................................................................. 491 26.4.1 Internet Explorer Warning Messages ..................................................................... 491 26.4.2 Netscape Navigator Warning Messages ................................................................ 491 26.4.3 Avoiding the Browser Warning Messages .............................................................. 492 26.4.4 Login Screen .......................................................................................................... 493 26.4.5 Enrolling and Importing SSL Client Certificates ..................................................... 495 26.4.6 Using a Certificate When Accessing the ZyWALL Example .................................. 500 26.5 SSH .............................................................................................................................. 501 26.6 How SSH Works .............................................................................................................. 501 26.7 SSH Implementation on the ZyWALL .............................................................................. 502 26.7.1 Requirements for Using SSH ................................................................................. 502 26.8 Configuring SSH .............................................................................................................. 502 26.9 Secure Telnet Using SSH Examples ............................................................................... 503 26.9.1 Example 1: Microsoft Windows .............................................................................. 503 26.9.2 Example 2: Linux .................................................................................................... 504 26.10 Secure FTP Using SSH Example .................................................................................. 505 26.11 Telnet ........................................................................................................................... 506 26.12 Configuring TELNET ..................................................................................................... 506 26.13 FTP .............................................................................................................................. 507 26.14 SNMP .......................................................................................................................... 508 26.14.1 Supported MIBs .................................................................................................. 509 26.14.2 SNMP Traps ......................................................................................................... 509 26.14.3 REMOTE MANAGEMENT: SNMP ....................................................................... 509 26.15 DNS ..............................................................................................................................511 26.16 Introducing Vantage CNM ..............................................................................................511 26.17 Configuring CNM ........................................................................................................... 512 26.17.1 Additional Configuration for Vantage CNM .......................................................... 513 Chapter 27 UPnP ...................................................................................................................................... 515 27.1 Universal Plug and Play Overview ................................................................................ 515 27.1.1 How Do I Know If I'm Using UPnP? ....................................................................... 515 27.1.2 NAT Traversal ........................................................................................................ 515 22 ZyWALL 5/35/70 Series User's Guide Table of Contents 27.1.3 Cautions with UPnP ............................................................................................... 515 27.1.4 UPnP and ZyXEL ................................................................................................... 516 27.2 Configuring UPnP ............................................................................................................ 516 27.3 Displaying UPnP Port Mapping .................................................................................... 517 27.4 Installing UPnP in Windows Example .............................................................................. 518 27.4.1 Installing UPnP in Windows Me ............................................................................. 519 27.4.2 Installing UPnP in Windows XP ............................................................................. 520 27.5 Using UPnP in Windows XP Example ............................................................................. 520 27.5.1 Auto-discover Your UPnP-enabled Network Device .............................................. 521 27.5.2 Web Configurator Easy Access ............................................................................. 522 Chapter 28 Custom Application .............................................................................................................. 525 28.1 Custom Application ......................................................................................................... 525 28.2 Custom Application Configuration ................................................................................... 525 Chapter 29 ALG Screen ........................................................................................................................... 527 29.1 ALG Introduction ............................................................................................................. 527 29.1.1 ALG and NAT ......................................................................................................... 527 29.1.2 ALG and the Firewall .............................................................................................. 527 29.1.3 ALG and Multiple WAN .......................................................................................... 528 29.2 FTP .................................................................................................................................. 528 29.3 H.323 ............................................................................................................................... 528 29.4 RTP .................................................................................................................................. 528 29.4.1 H.323 ALG Details ................................................................................................. 528 29.5 SIP ................................................................................................................................... 530 29.5.1 STUN ..................................................................................................................... 530 29.5.2 SIP ALG Details ..................................................................................................... 530 29.5.3 SIP Signaling Session Timeout .............................................................................. 531 29.5.4 SIP Audio Session Timeout .................................................................................... 531 29.6 ALG Screen ..................................................................................................................... 531 Part V: Reports, Logs and Maintenance ............................................ 533 Chapter 30 Reports .................................................................................................................................. 535 30.1 Configuring Reports ......................................................................................................... 535 30.2 System Reports Screen .................................................................................................. 535 30.2.1 Viewing Web Site Hits ............................................................................................ 537 30.2.2 Viewing Host IP Address ........................................................................................ 538 ZyWALL 5/35/70 Series User's Guide 23 Table of Contents 30.2.3 Viewing Protocol/Port ............................................................................................. 539 30.2.4 System Reports Specifications ............................................................................... 540 30.3 IDP Threat Reports Screen ........................................................................................... 540 ................................................................................. 542 30.4 Anti-Virus Threat Reports Screen 30.5 Anti-Spam Threat Reports Screen .................................................................................. 544 Chapter 31 Logs Screens ........................................................................................................................ 547 31.1 Configuring View Log ...................................................................................................... 547 31.2 Log Description Example ................................................................................................. 548 31.2.1 About the Certificate Not Trusted Log .................................................................... 549 31.3 Configuring Log Settings ................................................................................................ 550 31.3.1 Log Descriptions .................................................................................................... 553 31.4 Syslog Logs ..................................................................................................................... 573 Chapter 32 Maintenance .......................................................................................................................... 575 32.1 Maintenance Overview .................................................................................................... 575 32.2 General Setup and System Name ................................................................................... 575 32.2.1 General Setup ....................................................................................................... 575 32.3 Configuring Password .................................................................................................... 576 32.4 Time and Date ................................................................................................................ 577 32.5 Pre-defined NTP Time Server Pools ............................................................................... 579 32.5.1 Resetting the Time ................................................................................................. 580 32.5.2 Time Server Synchronization ................................................................................. 580 32.6 Introduction To Transparent Bridging ............................................................................... 581 32.7 Transparent Firewalls ...................................................................................................... 582 32.8 Configuring Device Mode (Router) ................................................................................. 582 32.9 Configuring Device Mode (Bridge) ................................................................................. 583 32.10 F/W Upload Screen ...................................................................................................... 585 32.11 Backup and Restore ..................................................................................................... 587 32.11.1 Backup Configuration ........................................................................................... 587 32.11.2 Restore Configuration .......................................................................................... 587 32.11.3 Back to Factory Defaults ..................................................................................... 588 32.12 Restart Screen .............................................................................................................. 589 32.13 Diagnostics .................................................................................................................... 589 Part VI: SMT and Troubleshooting ..................................................... 593 Chapter 33 Introducing the SMT ............................................................................................................. 595 24 ZyWALL 5/35/70 Series User's Guide Table of Contents 33.1 Introduction to the SMT ................................................................................................... 595 33.2 Accessing the SMT via the Console Port ........................................................................ 595 33.2.1 Initial Screen .......................................................................................................... 595 33.2.2 Entering the Password ........................................................................................... 596 33.3 Navigating the SMT Interface .......................................................................................... 596 33.3.1 Main Menu ............................................................................................................. 597 33.3.2 SMT Menus Overview ............................................................................................ 599 33.4 Changing the System Password ..................................................................................... 600 33.5 Resetting the ZyWALL ..................................................................................................... 601 Chapter 34 SMT Menu 1 - General Setup ............................................................................................... 603 34.1 Introduction to General Setup .......................................................................................... 603 34.2 Configuring General Setup .............................................................................................. 603 34.2.1 Configuring Dynamic DNS ..................................................................................... 605 Chapter 35 WAN and Dial Backup Setup................................................................................................ 609 35.1 Introduction to WAN and Dial Backup Setup ................................................................... 609 35.2 WAN Setup ...................................................................................................................... 609 35.3 Dial Backup ..................................................................................................................... 610 35.3.1 Configuring Dial Backup in Menu 2 ........................................................................ 610 35.3.2 Advanced WAN Setup ............................................................................................611 35.3.3 Remote Node Profile (Backup ISP) ........................................................................ 613 35.3.4 Editing TCP/IP Options .......................................................................................... 615 35.3.5 Editing Login Script ................................................................................................ 616 35.3.6 Remote Node Filter ................................................................................................ 618 35.3.7 3G Modem Setup ................................................................................................... 619 35.3.8 Remote Node Profile (3G WAN) ............................................................................ 620 Chapter 36 LAN Setup.............................................................................................................................. 623 36.1 Introduction to LAN Setup ............................................................................................... 623 36.2 Accessing the LAN Menus .............................................................................................. 623 36.3 LAN Port Filter Setup ....................................................................................................... 623 36.4 TCP/IP and DHCP Ethernet Setup Menu ........................................................................ 624 36.4.1 IP Alias Setup ......................................................................................................... 626 Chapter 37 Internet Access ..................................................................................................................... 629 37.1 Introduction to Internet Access Setup .............................................................................. 629 37.2 Ethernet Encapsulation ................................................................................................... 629 37.3 Configuring the PPTP Client ............................................................................................ 631 ZyWALL 5/35/70 Series User's Guide 25 Table of Contents 37.4 Configuring the PPPoE Client ......................................................................................... 632 37.5 Basic Setup Complete ..................................................................................................... 633 Chapter 38 DMZ Setup ............................................................................................................................. 635 38.1 Configuring DMZ Setup ................................................................................................... 635 38.2 DMZ Port Filter Setup ...................................................................................................... 635 38.3 TCP/IP Setup ................................................................................................................... 636 38.3.1 IP Address .............................................................................................................. 636 38.3.2 IP Alias Setup ......................................................................................................... 637 Chapter 39 Route Setup........................................................................................................................... 639 39.1 Configuring Route Setup ................................................................................................. 639 39.2 Route Assessment .......................................................................................................... 639 39.3 Traffic Redirect ................................................................................................................ 640 39.4 Route Failover ................................................................................................................. 641 Chapter 40 Wireless Setup ...................................................................................................................... 643 40.1 Wireless LAN Setup ........................................................................................................ 643 40.1.1 MAC Address Filter Setup ...................................................................................... 645 40.2 TCP/IP Setup ................................................................................................................... 646 40.2.1 IP Address .............................................................................................................. 646 40.2.2 IP Alias Setup ......................................................................................................... 647 Chapter 41 Remote Node Setup.............................................................................................................. 649 41.1 Introduction to Remote Node Setup ................................................................................ 649 41.2 Remote Node Setup ........................................................................................................ 649 41.3 Remote Node Profile Setup ............................................................................................. 650 41.3.1 Ethernet Encapsulation .......................................................................................... 650 41.3.2 PPPoE Encapsulation ............................................................................................ 651 41.3.3 PPTP Encapsulation .............................................................................................. 653 41.4 Edit IP .............................................................................................................................. 654 41.5 Remote Node Filter ......................................................................................................... 656 Chapter 42 IP Static Route Setup............................................................................................................ 659 42.1 IP Static Route Setup ...................................................................................................... 659 Chapter 43 Network Address Translation (NAT).................................................................................... 663 26 ZyWALL 5/35/70 Series User's Guide Table of Contents 43.1 Using NAT ........................................................................................................................ 663 43.1.1 SUA (Single User Account) Versus NAT ................................................................ 663 43.1.2 Applying NAT ......................................................................................................... 663 43.2 NAT Setup ....................................................................................................................... 665 43.2.1 Address Mapping Sets ........................................................................................... 666 43.3 Configuring a Server behind NAT .................................................................................... 671 43.4 General NAT Examples ................................................................................................... 673 43.4.1 Internet Access Only .............................................................................................. 673 43.4.2 Example 2: Internet Access with a Default Server ................................................. 675 43.4.3 Example 3: Multiple Public IP Addresses With Inside Servers .............................. 675 43.4.4 Example 4: NAT Unfriendly Application Programs ................................................. 679 43.5 Trigger Port Forwarding ................................................................................................... 680 43.5.1 Two Points To Remember About Trigger Ports ...................................................... 680 Chapter 44 Introducing the ZyWALL Firewall ........................................................................................ 683 44.1 Using ZyWALL SMT Menus ............................................................................................ 683 44.1.1 Activating the Firewall ............................................................................................ 683 Chapter 45 Filter Configuration............................................................................................................... 685 45.1 Introduction to Filters ....................................................................................................... 685 45.1.1 The Filter Structure of the ZyWALL ........................................................................ 686 45.2 Configuring a Filter Set .................................................................................................... 688 45.2.1 Configuring a Filter Rule ........................................................................................ 689 45.2.2 Configuring a TCP/IP Filter Rule ............................................................................ 690 45.2.3 Configuring a Generic Filter Rule ........................................................................... 692 45.3 Example Filter .................................................................................................................. 694 45.4 Filter Types and NAT ....................................................................................................... 696 45.5 Firewall Versus Filters ..................................................................................................... 696 45.5.1 Packet Filtering: ..................................................................................................... 696 45.5.2 Firewall ................................................................................................................... 697 45.6 Applying a Filter .............................................................................................................. 697 45.6.1 Applying LAN Filters ............................................................................................... 698 45.6.2 Applying DMZ Filters .............................................................................................. 698 45.6.3 Applying Remote Node Filters ............................................................................... 699 Chapter 46 SNMP Configuration ............................................................................................................. 701 46.1 SNMP Configuration ........................................................................................................ 701 46.2 SNMP Traps .................................................................................................................... 702 Chapter 47 System Information & Diagnosis......................................................................................... 703 ZyWALL 5/35/70 Series User's Guide 27 Table of Contents 47.1 Introduction to System Status .......................................................................................... 703 47.2 System Status .................................................................................................................. 703 47.3 System Information and Console Port Speed .................................................................. 705 47.3.1 System Information ................................................................................................ 705 47.3.2 Console Port Speed ............................................................................................... 706 47.4 Log and Trace .................................................................................................................. 707 47.4.1 Viewing Error Log ................................................................................................... 707 47.4.2 Syslog Logging ....................................................................................................... 708 47.4.3 Call-Triggering Packet .............................................................................................711 47.5 Diagnostic ........................................................................................................................ 712 47.5.1 WAN DHCP ............................................................................................................ 713 Chapter 48 Firmware and Configuration File Maintenance .................................................................. 715 48.1 Introduction ...................................................................................................................... 715 48.2 Filename Conventions ..................................................................................................... 715 48.3 Backup Configuration ...................................................................................................... 716 48.3.1 Backup Configuration ............................................................................................. 716 48.3.2 Using the FTP Command from the Command Line ............................................... 717 48.3.3 Example of FTP Commands from the Command Line .......................................... 717 48.3.4 GUI-based FTP Clients .......................................................................................... 718 48.3.5 File Maintenance Over WAN .................................................................................. 718 48.3.6 Backup Configuration Using TFTP ......................................................................... 718 48.3.7 TFTP Command Example ...................................................................................... 719 48.3.8 GUI-based TFTP Clients ........................................................................................ 719 48.3.9 Backup Via Console Port ....................................................................................... 719 48.4 Restore Configuration ...................................................................................................... 720 48.4.1 Restore Using FTP ................................................................................................. 721 48.4.2 Restore Using FTP Session Example .................................................................... 722 48.4.3 Restore Via Console Port ....................................................................................... 722 48.5 Uploading Firmware and Configuration Files .................................................................. 723 48.5.1 Firmware File Upload ............................................................................................. 723 48.5.2 Configuration File Upload ....................................................................................... 724 48.5.3 FTP File Upload Command from the DOS Prompt Example ................................. 725 48.5.4 FTP Session Example of Firmware File Upload .................................................... 725 48.5.5 TFTP File Upload ................................................................................................... 725 48.5.6 TFTP Upload Command Example ......................................................................... 726 48.5.7 Uploading Via Console Port ................................................................................... 726 48.5.8 Uploading Firmware File Via Console Port ............................................................ 726 48.5.9 Example Xmodem Firmware Upload Using HyperTerminal ................................... 727 48.5.10 Uploading Configuration File Via Console Port .................................................... 727 48.5.11 Example Xmodem Configuration Upload Using HyperTerminal ........................... 728 28 ZyWALL 5/35/70 Series User's Guide Table of Contents Chapter 49 System Maintenance Menus 8 to 10.................................................................................... 729 49.1 Command Interpreter Mode ............................................................................................ 729 49.2 Call Control Support ........................................................................................................ 730 49.2.1 Budget Management .............................................................................................. 730 49.2.2 Call History ............................................................................................................. 731 49.3 Time and Date Setting ..................................................................................................... 732 Chapter 50 Remote Management............................................................................................................ 735 50.1 Remote Management ...................................................................................................... 735 50.1.1 Remote Management Limitations .......................................................................... 737 Chapter 51 IP Policy Routing .................................................................................................................. 739 51.1 IP Routing Policy Summary ............................................................................................. 739 51.2 IP Routing Policy Setup ................................................................................................... 740 51.2.1 Applying Policy to Packets ..................................................................................... 742 51.3 IP Policy Routing Example .............................................................................................. 743 Chapter 52 Call Scheduling ..................................................................................................................... 747 52.1 Introduction to Call Scheduling ........................................................................................ 747 Chapter 53 Troubleshooting.................................................................................................................... 751 53.1 Power, Hardware Connections, and LEDs ...................................................................... 751 53.2 ZyWALL Access and Login .............................................................................................. 752 53.3 Internet Access ................................................................................................................ 754 53.4 Wireless Router/AP Troubleshooting ............................................................................... 755 53.5 UPnP ............................................................................................................................... 756 Chapter 54 Product Specifications ......................................................................................................... 757 54.1 Compatible 3G Cards ...................................................................................................... 761 54.2 3G Card, WLAN Card and ZyWALL Turbo Card Installation ........................................... 761 54.3 Power Adaptor Specifications .......................................................................................... 762 Part VII: Appendices and Index .......................................................... 765 Appendix A Hardware Installation ........................................................................................ 767 ZyWALL 5/35/70 Series User's Guide 29 Table of Contents Appendix B Pop-up Windows, JavaScripts and Java Permissions ...................................... 771 Appendix C Removing and Installing a Fuse ...................................................................... 779 Appendix D Setting up Your Computer's IP Address ........................................................... 781 Appendix E IP Addresses and Subnetting ........................................................................... 803 Appendix F Common Services............................................................................................. 813 Appendix G Wireless LANs .................................................................................................. 817 Appendix H Windows 98 SE/Me Requirements for Anti-Virus Message Display ................. 831 Appendix I VPN Setup.......................................................................................................... 835 Appendix J Importing Certificates......................................................................................... 847 Appendix K Legal Information .............................................................................................. 853 Appendix L Customer Support ............................................................................................. 857 Index....................................................................................................................................... 863 30 ZyWALL 5/35/70 Series User's Guide List of Figures List of Figures Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ................................................... 57 Figure 2 VPN Application ....................................................................................................................... 57 Figure 3 3G WAN Application ................................................................................................................. 58 Figure 4 ZyWALL 70 Front Panel ........................................................................................................... 58 Figure 5 ZyWALL 35 Front Panel ........................................................................................................... 58 Figure 6 ZyWALL 5 Front Panel ............................................................................................................. 58 Figure 7 Change Password Screen ........................................................................................................ 62 Figure 8 Replace Certificate Screen ....................................................................................................... 62 Figure 9 Example Xmodem Upload ........................................................................................................ 63 Figure 10 HOME Screen ........................................................................................................................ 64 Figure 11 Web Configurator HOME Screen in Router Mode (ZyWALL 5) ............................................. 65 Figure 12 Web Configurator HOME Screen in Bridge Mode .................................................................. 71 Figure 13 HOME > Port Statistics ........................................................................................................... 80 Figure 14 HOME > Show Statistics > Line Chart .................................................................................... 81 Figure 15 HOME > Show DHCP Table ................................................................................................... 82 Figure 16 HOME > VPN Status .............................................................................................................. 83 Figure 17 Home > Bandwidth Monitor .................................................................................................... 84 Figure 18 Wizard Setup Welcome .......................................................................................................... 87 Figure 19 ISP Parameters: Ethernet Encapsulation ............................................................................... 88 Figure 20 ISP Parameters: PPPoE Encapsulation ................................................................................. 89 Figure 21 ISP Parameters: PPTP Encapsulation ................................................................................... 91 Figure 22 Internet Access Wizard: Second Screen ................................................................................ 92 Figure 23 Internet Access Setup Complete ............................................................................................ 93 Figure 24 Internet Access Wizard: Registration ..................................................................................... 93 Figure 25 Internet Access Wizard: Registration in Progress .................................................................. 94 Figure 26 Internet Access Wizard: Status .............................................................................................. 95 Figure 27 Internet Access Wizard: Registration Failed .......................................................................... 95 Figure 28 Internet Access Wizard: Registered Device ........................................................................... 95 Figure 29 Internet Access Wizard: Activated Services ........................................................................... 96 Figure 30 VPN Wizard: Gateway Setting ............................................................................................... 96 Figure 31 VPN Wizard: Network Setting ................................................................................................ 98 Figure 32 VPN Wizard: IKE Tunnel Setting ............................................................................................ 99 Figure 33 VPN Wizard: IPSec Setting .................................................................................................. 101 Figure 34 VPN Wizard: VPN Status ..................................................................................................... 102 Figure 35 VPN Wizard Setup Complete ............................................................................................... 104 Figure 36 Anti-Spam Wizard: Email Server Location Setting .............................................................. 105 Figure 37 Anti-Spam Wizard: Direction Recommendations ................................................................. 106 Figure 38 Anti-Spam Wizard: Direction Configuration .......................................................................... 107 ZyWALL 5/35/70 Series User's Guide 31 List of Figures Figure 39 Anti-Spam Wizard: Setup Complete ..................................................................................... 108 Figure 40 Dynamic VPN Rule Example ................................................................................................ 109 Figure 41 VPN Gateway Policy Edit Screens ........................................................................................112 Figure 42 SECURITY > VPN > Add Network Policy (ZyWALL A) .........................................................113 Figure 43 VPN Network Policy Edit Screens .........................................................................................114 Figure 44 Activate VPN Rule (ZyWALL B) ...........................................................................................115 Figure 45 Tutorial: VPN Summary Screens Comparison Example .......................................................116 Figure 46 Check The Telecommuter's Computer IP Address ...............................................................117 Figure 47 Telecommuter Pinging a Network X IP Address Example .....................................................118 Figure 48 Additional Dynamic VPN Rules Example ..............................................................................119 Figure 49 IDP for From VPN Traffic ...................................................................................................... 120 Figure 50 IDP Configuration for Traffic From VPN ............................................................................... 121 Figure 51 IDP for To VPN Traffic .......................................................................................................... 121 Figure 52 IDP Configuration for To VPN Traffic .................................................................................... 122 Figure 53 Firewall Rule for VPN ........................................................................................................... 123 Figure 54 SECURITY > VPN > VPN Rules (IKE) ................................................................................ 123 Figure 55 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy ........................................... 124 Figure 56 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example .............................. 125 Figure 57 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy ............................................. 126 Figure 58 SECURITY > FIREWALL > Rule Summary ......................................................................... 127 Figure 59 SECURITY > FIREWALL > Rule Summary > Edit: Allow ................................................... 128 Figure 60 SECURITY > FIREWALL > Rule Summary: Allow ............................................................... 129 Figure 61 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN .................................... 130 Figure 62 Tutorial: NETWORK > WAN > 3G (WAN2) Figure 64 Tutorial: NETWORK > WAN > General ....................................................................... 131 Figure 63 Tutorial: Home .................................................................................................................... 132 ............................................................................. 133 Figure 65 SECURITY > CONTENT FILTER > General ........................................................................ 134 Figure 66 SECURITY > CONTENT FILTER > Policy ........................................................................... 135 Figure 67 SECURITY > CONTENT FILTER > Policy > External Database (Default) .......................... 135 Figure 68 HOME > Show DHCP Table ................................................................................................. 136 Figure 69 SECURITY > CONTENT FILTER > Policy ........................................................................... 136 Figure 70 SECURITY > CONTENT FILTER > Policy > Insert .............................................................. 137 Figure 71 SECURITY > CONTENT FILTER > Policy ........................................................................... 137 Figure 72 SECURITY > CONTENT FILTER > Policy > Schedule (Bob) .............................................. 138 Figure 73 SECURITY > CONTENT FILTER > Policy ........................................................................... 138 Figure 74 SECURITY > CONTENT FILTER > Policy > External Database (Bob) ............................... 139 Figure 75 REGISTRATION ................................................................................................................... 143 Figure 76 REGISTRATION: Registered Device ................................................................................... 144 Figure 77 REGISTRATION > Service ................................................................................................... 145 Figure 78 LAN and WAN ..................................................................................................................... 149 Figure 79 NETWORK > LAN ................................................................................................................ 153 Figure 80 NETWORK > LAN > Static DHCP ........................................................................................ 156 Figure 81 Physical Network & Partitioned Logical Networks ................................................................ 157 32 ZyWALL 5/35/70 Series User's Guide List of Figures Figure 82 NETWORK > LAN > IP Alias ................................................................................................ 157 Figure 83 NETWORK > LAN > Port Roles ........................................................................................... 159 Figure 84 Port Roles Change Complete ............................................................................................... 159 Figure 85 Bridge Loop: Bridge Connected to Wired LAN ..................................................................... 161 Figure 86 NETWORK > Bridge ............................................................................................................. 164 Figure 87 NETWORK > Bridge > Port Roles ........................................................................................ 166 Figure 88 Port Roles Change Complete ............................................................................................... 166 Figure 89 Least Load First Example .................................................................................................... 169 Figure 90 Weighted Round Robin Algorithm Example ......................................................................... 170 Figure 91 Spillover Algorithm Example ................................................................................................. 170 Figure 92 Incorrect WAN IP .................................................................................................................. 171 Figure 93 NETWORK > WAN (General) ............................................................................................. 173 Figure 94 Load Balancing: Least Load First ......................................................................................... 176 Figure 95 Load Balancing: Weighted Round Robin ............................................................................. 177 Figure 96 Load Balancing: Spillover ..................................................................................................... 178 Figure 97 NETWORK > WAN > WAN (Ethernet Encapsulation) ....................................................... 181 Figure 98 NETWORK > WAN > WAN (PPPoE Encapsulation) ........................................................... 184 Figure 99 NETWORK > WAN > WAN (PPTP Encapsulation) ............................................................. 187 Figure 100 NETWORK > WAN > 3G (WAN 2) .................................................................................. 191 Figure 101 Traffic Redirect WAN Setup ................................................................................................ 195 Figure 102 Traffic Redirect LAN Setup ................................................................................................. 195 Figure 103 NETWORK > WAN > Traffic Redirect ................................................................................ 196 Figure 104 NETWORK > WAN > Dial Backup ................................................................................... 197 ......................................................................... 200 Figure 105 NETWORK > WAN > Dial Backup > Edit Figure 106 NETWORK > DMZ ............................................................................................................ 204 Figure 107 NETWORK > DMZ > Static DHCP ................................................................................... 206 Figure 108 NETWORK > DMZ > IP Alias ............................................................................................ 208 Figure 109 DMZ Public Address Example ............................................................................................ 209 Figure 110 DMZ Private and Public Address Example ......................................................................... 210 Figure 111 NETWORK > DMZ > Port Roles .........................................................................................211 Figure 112 NETWORK > WLAN .......................................................................................................... 214 Figure 113 NETWORK > WLAN > Static DHCP .................................................................................. 217 Figure 114 NETWORK > WLAN > IP Alias ......................................................................................... 218 Figure 115 WLAN Port Role Example ................................................................................................. 219 Figure 116 NETWORK > WLAN > Port Roles ..................................................................................... 220 Figure 117 NETWORK > WLAN > Port Roles: Change Complete ....................................................... 221 Figure 118 ZyWALL Wireless Security Levels ...................................................................................... 221 Figure 119 EAP Authentication ............................................................................................................. 224 Figure 120 WPA-PSK Authentication ................................................................................................... 227 Figure 121 WPA with RADIUS Application Example ............................................................................ 228 Figure 122 WIRELESS > Wi-Fi > Wireless Card: No Security ............................................................. 229 Figure 123 WIRELESS > Wi-Fi > Wireless Card: Static WEP .............................................................. 231 Figure 124 WIRELESS > Wi-Fi > Wireless Card: WPA-PSK ............................................................... 232 ZyWALL 5/35/70 Series User's Guide 33 List of Figures Figure 125 WIRELESS > Wi-Fi > Wireless Card: WPA ........................................................................ 233 Figure 126 WIRELESS > Wi-Fi > Wireless Card: 802.1x + Dynamic WEP .......................................... 234 Figure 127 WIRELESS > Wi-Fi > Wireless Card: 802.1x + Static WEP ............................................... 235 Figure 128 WIRELESS > Wi-Fi > Wireless Card: 802.1x + No WEP ................................................... 237 Figure 129 WIRELESS > Wi-Fi > Wireless Card: No Access 802.1x + Static WEP ............................. 238 Figure 130 WIRELESS > Wi-Fi > MAC Filter ....................................................................................... 239 Figure 131 Default Firewall Action ........................................................................................................ 243 Figure 132 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 244 Figure 133 Default Block Traffic From WAN1 to DMZ Example Figure 135 Block DMZ to VPN Traffic by Default Example Figure 137 Block VPN to LAN Traffic by Default Example Figure 139 Block VPN to VPN Traffic by Default Example ....................................................... 245 Figure 134 From LAN to VPN Example ............................................................................................... 247 ............................................................... 248 ............................................................... 250 ............................................................... 252 Figure 136 From VPN to LAN Example ............................................................................................... 249 Figure 138 From VPN to VPN Example .............................................................................................. 251 Figure 140 Blocking All LAN to WAN IRC Traffic Example .................................................................. 253 Figure 141 Limited LAN to WAN IRC Traffic Example .......................................................................... 254 Figure 142 Using IP Alias to Solve the Triangle Route Problem .......................................................... 255 Figure 143 SECURITY > FIREWALL > Default Rule (Router Mode) ................................................... 256 Figure 144 SECURITY > FIREWALL > Default Rule (Bridge Mode) .................................................... 258 Figure 145 SECURITY > FIREWALL > Rule Summary ....................................................................... 260 Figure 146 SECURITY > FIREWALL > Rule Summary > Edit ............................................................ 262 Figure 147 SECURITY > FIREWALL > Anti-Probing ........................................................................... 264 Figure 148 Three-Way Handshake ....................................................................................................... 265 Figure 149 SECURITY > FIREWALL > Threshold ............................................................................ 266 Figure 150 SECURITY > FIREWALL > Service ................................................................................... 268 Figure 151 SECURITY > FIREWALL > Service > Add ......................................................................... 269 Figure 152 My Service Firewall Rule Example: Service ...................................................................... 270 Figure 153 My Service Firewall Rule Example: Edit Custom Service ................................................. 270 Figure 154 My Service Firewall Rule Example: Rule Summary ........................................................... 271 Figure 155 My Service Firewall Rule Example: Rule Edit ................................................................... 271 Figure 156 My Service Firewall Rule Example: Rule Configuration ..................................................... 272 Figure 157 My Service Firewall Rule Example: Rule Summary ........................................................... 273 Figure 158 Network Intrusions ............................................................................................................. 275 Figure 159 Applying IDP to Interfaces .................................................................................................. 280 Figure 160 SECURITY > IDP > General .............................................................................................. 280 Figure 161 SECURITY > IDP > Signatures: Attack Types ................................................................... 282 Figure 162 SECURITY > IDP > Signature: Actions .............................................................................. 284 Figure 163 SECURITY > IDP > Signature: Group View ....................................................................... 284 Figure 164 SECURITY > IDP > Signature: Query View ....................................................................... 286 Figure 165 SECURITY > IDP > Signature: Query by Partial Name ..................................................... 289 Figure 166 SECURITY > IDP > Signature: Query by Complete ID ...................................................... 289 Figure 167 Signature Query by Attribute. ............................................................................................. 290 34 ZyWALL 5/35/70 Series User's Guide List of Figures Figure 168 SECURITY > IDP > Update ............................................................................................... 291 Figure 169 SECURITY > IDP > Backup & Restore .............................................................................. 293 Figure 170 ZyWALL Anti-virus Example ............................................................................................ 297 Figure 171 SECURITY > ANTI-VIRUS > General ............................................................................... 299 Figure 172 SECURITY > ANTI-VIRUS > Signature: Query View ......................................................... 301 Figure 173 Query Example Search Criteria .......................................................................................... 302 Figure 174 Query Example Search Results ......................................................................................... 303 Figure 175 SECURITY > ANTI-VIRUS > Update ................................................................................. 304 Figure 176 SECURITY > ANTI-VIRUS > Backup and Restore ............................................................ 306 Figure 177 Anti-spam External Database Example .............................................................................. 309 Figure 178 SECURITY > ANTI-SPAM > General ..................................................................................311 Figure 179 SECURITY > ANTI-SPAM > External DB .......................................................................... 314 Figure 180 SECURITY > ANTI-SPAM > Lists ...................................................................................... 316 Figure 181 SECURITY > ANTI-SPAM > Lists > Edit ........................................................................... 317 Figure 182 Content Filtering Lookup Procedure ................................................................................... 322 Figure 183 SECURITY > CONTENT FILTER > General ...................................................................... 323 Figure 184 SECURITY > CONTENT FILTER > Policy ......................................................................... 326 Figure 185 SECURITY > CONTENT FILTER > Policy > General ........................................................ 328 Figure 186 SECURITY > CONTENT FILTER > Policy > External Database ....................................... 329 Figure 187 SECURITY > CONTENT FILTER > Policy > Customization .............................................. 336 Figure 188 SECURITY > CONTENT FILTER > Policy > Schedule ...................................................... 338 Figure 189 SECURITY > CONTENT FILTER > Object ........................................................................ 339 Figure 190 SECURITY > CONTENT FILTER > Cache ........................................................................ 341 Figure 191 myZyXEL.com: Login ......................................................................................................... 344 Figure 192 myZyXEL.com: Welcome ................................................................................................... 344 Figure 193 myZyXEL.com: Service Management ................................................................................ 345 Figure 194 Blue Coat: Login ................................................................................................................. 345 Figure 195 Content Filtering Reports Main Screen .............................................................................. 346 Figure 196 Blue Coat: Report Home .................................................................................................... 346 Figure 197 Global Report Screen Example .......................................................................................... 347 Figure 198 Requested URLs Example ................................................................................................. 348 Figure 199 Web Page Review Process Screen ................................................................................... 349 Figure 200 VPN: Example .................................................................................................................... 351 Figure 201 VPN: IKE SA and IPSec SA .............................................................................................. 352 Figure 202 Gateway and Network Policies .......................................................................................... 353 Figure 203 IPSec Fields Summary ..................................................................................................... 353 Figure 204 SECURITY > VPN > VPN Rules (IKE) .............................................................................. 354 Figure 205 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal ......................................... 355 Figure 206 IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange ...................................... 356 Figure 207 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication ............................................. 357 Figure 208 VPN/NAT Example ............................................................................................................. 359 Figure 209 IPSec High Availability ....................................................................................................... 361 Figure 210 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy ......................................... 363 ZyWALL 5/35/70 Series User's Guide 35 List of Figures Figure 211 Virtual Mapping of Local and Remote Network IP Addresses ............................................ 370 Figure 212 VPN: Transport and Tunnel Mode Encapsulation .............................................................. 371 Figure 213 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy ........................................... 373 Figure 214 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding ............. 378 Figure 215 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy ........................................ 379 Figure 216 SECURITY > VPN > VPN Rules (Manual) ........................................................................ 381 Figure 217 SECURITY > VPN > VPN Rules (Manual) > Edit .............................................................. 382 Figure 218 SECURITY > VPN > SA Monitor ....................................................................................... 385 Figure 219 Overlap in a Dynamic VPN Rule ........................................................................................ 386 Figure 220 Overlap in IP Alias and VPN Remote Networks ................................................................. 387 Figure 221 SECURITY > VPN > Global Setting .................................................................................. 387 Figure 222 Telecommuters Sharing One VPN Rule Example .............................................................. 389 Figure 223 Telecommuters Using Unique VPN Rules Example ........................................................... 390 Figure 224 VPN for Remote Management Example ............................................................................ 391 Figure 225 VPN Topologies .................................................................................................................. 392 Figure 226 Hub-and-spoke VPN Example ........................................................................................... 393 Figure 227 Certificates on Your Computer ........................................................................................... 396 Figure 228 Certificate Details .............................................................................................................. 397 Figure 229 Certificate Configuration Overview ..................................................................................... 397 Figure 230 SECURITY > CERTIFICATES > My Certificates ............................................................... 398 Figure 231 SECURITY > CERTIFICATES > My Certificates > Details ................................................. 400 Figure 232 SECURITY > CERTIFICATES > My Certificates > Export ................................................. 402 Figure 233 SECURITY > CERTIFICATES > My Certificates > Import ................................................. 404 Figure 234 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 ............................... 405 Figure 235 SECURITY > CERTIFICATES > My Certificates > Create (Basic) .................................... 406 Figure 236 SECURITY > CERTIFICATES > My Certificates > Create (Advanced) ............................. 407 Figure 237 SECURITY > CERTIFICATES > Trusted CAs ....................................................................411 Figure 238 SECURITY > CERTIFICATES > Trusted CAs > Details .................................................... 413 Figure 239 SECURITY > CERTIFICATES > Trusted CAs > Import ..................................................... 416 Figure 240 SECURITY > CERTIFICATES > Trusted Remote Hosts .................................................... 417 Figure 241 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import ..................................... 418 Figure 242 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details ..................................... 419 Figure 243 SECURITY > CERTIFICATES > Directory Servers ............................................................ 421 Figure 244 SECURITY > CERTIFICATES > Directory Server > Add ................................................... 422 Figure 245 SECURITY > AUTH SERVER > Local User Database ...................................................... 426 Figure 246 SECURITY > AUTH SERVER > RADIUS .......................................................................... 427 Figure 247 How NAT Works ................................................................................................................. 433 Figure 248 NAT Application With IP Alias ............................................................................................ 433 Figure 249 Port Restricted Cone NAT Example ................................................................................... 434 Figure 250 ADVANCED > NAT > NAT Overview .................................................................................. 436 Figure 251 ADVANCED > NAT > Address Mapping ............................................................................. 438 Figure 252 ADVANCED > NAT > Address Mapping > Edit .................................................................. 440 Figure 253 Multiple Servers Behind NAT Example .............................................................................. 442 36 ZyWALL 5/35/70 Series User's Guide List of Figures Figure 254 Port Translation Example ................................................................................................... 443 Figure 255 ADVANCED > NAT > Port Forwarding ............................................................................... 444 Figure 256 Trigger Port Forwarding Process: Example ........................................................................ 445 Figure 257 ADVANCED > NAT > Port Triggering ................................................................................. 446 Figure 258 Example of Static Routing Topology ................................................................................... 449 Figure 259 ADVANCED > STATIC ROUTE > IP Static Route .............................................................. 450 Figure 260 ADVANCED > STATIC ROUTE > IP Static Route > Edit .................................................... 451 Figure 261 ADVANCED > POLICY ROUTE > Policy Route Summary ................................................ 454 Figure 262 ADVANCED > POLICY ROUTE > Edit .............................................................................. 456 Figure 263 Subnet-based Bandwidth Management Example .............................................................. 460 Figure 264 ADVANCED > BW MGMT > Summary .............................................................................. 466 Figure 265 ADVANCED > BW MGMT > Class Setup .......................................................................... 467 Figure 266 ADVANCED > BW MGMT > Class Setup > Add Sub-Class .............................................. 469 Figure 267 ADVANCED > BW MGMT > Class Setup > Statistics ........................................................ 472 Figure 268 ADVANCED > BW MGMT > Monitor ................................................................................. 473 Figure 269 Private DNS Server Example ............................................................................................. 477 Figure 270 ADVANCED > DNS > System DNS ................................................................................... 477 Figure 271 ADVANCED > DNS > Add (Address Record) .................................................................... 479 Figure 272 ADVANCED > DNS > Insert (Name Server Record) .......................................................... 480 Figure 273 ADVANCED > DNS > Cache ............................................................................................. 481 Figure 274 ADVANCED > DNS > DHCP .............................................................................................. 482 Figure 275 ADVANCED > DNS > DDNS .............................................................................................. 484 Figure 276 Secure and Insecure Remote Management From the WAN .............................................. 487 Figure 277 HTTPS Implementation ...................................................................................................... 489 Figure 278 ADVANCED > REMOTE MGMT > WWW .......................................................................... 490 Figure 279 Security Alert Dialog Box (Internet Explorer) ...................................................................... 491 Figure 280 Security Certificate 1 (Netscape) ........................................................................................ 492 Figure 281 Security Certificate 2 (Netscape) ........................................................................................ 492 Figure 282 Example: Lock Denoting a Secure Connection .................................................................. 493 Figure 283 Replace Certificate ............................................................................................................. 494 Figure 284 Device-specific Certificate .................................................................................................. 494 Figure 285 Common ZyWALL Certificate ............................................................................................. 495 Figure 286 ZyWALL Trusted CA Screen .............................................................................................. 496 Figure 287 CA Certificate Example ...................................................................................................... 497 Figure 288 Personal Certificate Import Wizard 1 .................................................................................. 497 Figure 289 Personal Certificate Import Wizard 2 .................................................................................. 498 Figure 290 Personal Certificate Import Wizard 3 .................................................................................. 498 Figure 291 Personal Certificate Import Wizard 4 .................................................................................. 499 Figure 292 Personal Certificate Import Wizard 5 .................................................................................. 499 Figure 293 Personal Certificate Import Wizard 6 .................................................................................. 499 Figure 294 Access the ZyWALL Via HTTPS ........................................................................................ 500 Figure 295 SSL Client Authentication ................................................................................................... 500 Figure 296 Secure Web Configurator Login Screen ............................................................................. 500 ZyWALL 5/35/70 Series User's Guide 37 List of Figures Figure 297 SSH Communication Over the WAN Example .................................................................. 501 Figure 298 How SSH Works ................................................................................................................. 501 Figure 299 ADVANCED > REMOTE MGMT > SSH ............................................................................. 503 Figure 300 SSH Example 1: Store Host Key ........................................................................................ 504 Figure 301 SSH Example 2: Test ........................................................................................................ 504 Figure 302 SSH Example 2: Log in ...................................................................................................... 505 Figure 303 Secure FTP: Firmware Upload Example ............................................................................ 505 Figure 304 ADVANCED > REMOTE MGMT > Telnet .......................................................................... 506 Figure 305 ADVANCED > REMOTE MGMT > FTP ............................................................................. 507 Figure 306 SNMP Management Model ................................................................................................ 508 Figure 307 ADVANCED > REMOTE MGMT > SNMP .......................................................................... 510 Figure 308 ADVANCED > REMOTE MGMT > DNS ..............................................................................511 Figure 309 ADVANCED > REMOTE MGMT > CNM ............................................................................ 512 Figure 310 ADVANCED > UPnP .......................................................................................................... 516 Figure 311 ADVANCED > UPnP > Ports .............................................................................................. 517 Figure 312 ADVANCED > Custom APP .............................................................................................. 526 Figure 313 H.323 ALG Example .......................................................................................................... 529 Figure 314 H.323 with Multiple WAN IP Addresses ............................................................................ 529 Figure 315 H.323 Calls from the WAN with Multiple Outgoing Calls .................................................... 530 Figure 316 SIP ALG Example ............................................................................................................. 531 Figure 317 ADVANCED > ALG ........................................................................................................... 532 Figure 318 REPORTS > SYSTEM REPORTS ..................................................................................... 536 Figure 319 REPORTS > SYSTEM REPORTS: Web Site Hits Example .............................................. 537 Figure 320 REPORTS > SYSTEM REPORTS: Host IP Address Example .......................................... 538 Figure 321 REPORTS > SYSTEM REPORTS: Protocol/Port Example ............................................... 539 Figure 322 REPORTS > THREAT REPORTS > IDP .......................................................................... 540 Figure 323 REPORTS > THREAT REPORTS > IDP > Source ........................................................... 542 Figure 324 REPORTS > THREAT REPORTS > IDP > Destination .................................................... 542 Figure 325 REPORTS > THREAT REPORTS > Anti-Virus ................................................................ 542 Figure 326 REPORTS > THREAT REPORTS > Anti-Virus > Source ................................................. 543 Figure 327 REPORTS > THREAT REPORTS > Anti-Virus > Destination ........................................... 544 Figure 328 REPORTS > THREAT REPORTS > Anti-Spam ............................................................... 544 Figure 329 REPORTS > THREAT REPORTS > Anti-Spam > Source ................................................ 546 Figure 330 REPORTS > THREAT REPORTS > Anti-Spam > Score Distribution ............................... 546 Figure 331 LOGS > View Log ........................................................................................................... 547 Figure 332 myZyXEL.com: Download Center ...................................................................................... 549 Figure 333 myZyXEL.com: Certificate Download ................................................................................. 550 Figure 334 LOGS > Log Settings ......................................................................................................... 551 Figure 335 MAINTENANCE > General Setup ...................................................................................... 576 Figure 336 MAINTENANCE > Password ............................................................................................ 576 Figure 337 MAINTENANCE > Time and Date ...................................................................................... 577 Figure 338 Synchronization in Process ................................................................................................ 580 Figure 339 Synchronization is Successful ............................................................................................ 580 38 ZyWALL 5/35/70 Series User's Guide List of Figures Figure 340 Synchronization Fail ........................................................................................................... 581 Figure 341 MAINTENANCE > Device Mode (Router Mode) ................................................................ 583 Figure 342 MAINTENANCE > Device Mode (Bridge Mode) ................................................................ 584 Figure 343 MAINTENANCE > Firmware Upload .................................................................................. 585 Figure 344 Firmware Upload In Process .............................................................................................. 586 Figure 345 Network Temporarily Disconnected .................................................................................... 586 Figure 346 Firmware Upload Error ....................................................................................................... 586 Figure 347 MAINTENANCE > Backup and Restore ............................................................................. 587 Figure 348 Configuration Upload Successful ....................................................................................... 588 Figure 349 Network Temporarily Disconnected .................................................................................... 588 Figure 350 Configuration Upload Error ................................................................................................. 588 Figure 351 Reset Warning Message .................................................................................................... 589 Figure 352 MAINTENANCE > Restart ................................................................................................. 589 Figure 353 MAINTENANCE > Diagnostics ......................................................................................... 590 Figure 354 Initial Screen ....................................................................................................................... 596 Figure 355 Password Screen .............................................................................................................. 596 Figure 356 Main Menu (Router Mode) ................................................................................................. 597 Figure 357 Main Menu (Bridge Mode) .................................................................................................. 598 Figure 358 Menu 23: System Password ............................................................................................... 601 Figure 359 Menu 1: General Setup (Router Mode) .............................................................................. 603 Figure 360 Menu 1: General Setup (Bridge Mode) .............................................................................. 604 Figure 361 Menu 1.1: Configure Dynamic DNS ................................................................................... 605 Figure 362 Menu 1.1.1: DDNS Host Summary .................................................................................... 606 Figure 363 Menu 1.1.1: DDNS Edit Host .............................................................................................. 607 Figure 364 MAC Address Cloning in WAN Setup ................................................................................. 609 Figure 365 Menu 2: Dial Backup Setup ...............................................................................................611 Figure 366 Menu 2.1: Advanced WAN Setup ....................................................................................... 612 Figure 367 Menu 11.3: Remote Node Profile (Backup ISP) ................................................................ 613 Figure 368 Menu 11.3.2: Remote Node Network Layer Options .......................................................... 615 Figure 369 Menu 11.3.3: Remote Node Script ..................................................................................... 617 Figure 370 Menu 11.3.4: Remote Node Filter ...................................................................................... 618 Figure 371 3G Modem Setup in WAN Setup (ZyWALL 5) ................................................................... 619 Figure 372 Menu 11.2: Remote Node Profile (3G WAN) ...................................................................... 620 Figure 373 Menu 3: LAN Setup ............................................................................................................ 623 Figure 374 Menu 3.1: LAN Port Filter Setup ........................................................................................ 624 Figure 375 Menu 3: TCP/IP and DHCP Setup .................................................................................... 624 Figure 376 Menu 3.2: TCP/IP and DHCP Ethernet Setup .................................................................... 625 Figure 377 Menu 3.2.1: IP Alias Setup ................................................................................................. 626 Figure 378 Menu 4: Internet Access Setup (Ethernet) ......................................................................... 630 Figure 379 Internet Access Setup (PPTP) ........................................................................................... 632 Figure 380 Internet Access Setup (PPPoE) ......................................................................................... 633 Figure 381 Menu 5: DMZ Setup .......................................................................................................... 635 Figure 382 Menu 5.1: DMZ Port Filter Setup ........................................................................................ 635 ZyWALL 5/35/70 Series User's Guide 39 List of Figures Figure 383 Menu 5: DMZ Setup ........................................................................................................... 636 Figure 384 Menu 5.2: TCP/IP and DHCP Ethernet Setup .................................................................... 636 Figure 385 Menu 5.2.1: IP Alias Setup ................................................................................................. 637 Figure 386 Menu 6: Route Setup ......................................................................................................... 639 Figure 387 Menu 6.1: Route Assessment ............................................................................................ 639 Figure 388 Menu 6.2: Traffic Redirect .................................................................................................. 640 Figure 389 Menu 6.3: Route Failover ................................................................................................... 641 Figure 390 Menu 7.1: Wireless Setup .................................................................................................. 643 Figure 391 Menu 7.1.1: WLAN MAC Address Filter ............................................................................. 645 Figure 392 Menu 7: WLAN Setup ......................................................................................................... 646 Figure 393 Menu 7.2: TCP/IP and DHCP Ethernet Setup .................................................................... 647 Figure 394 Menu 7.2.1: IP Alias Setup ................................................................................................. 648 Figure 395 Menu 11: Remote Node Setup ........................................................................................... 649 Figure 396 Menu 11.1: Remote Node Profile for Ethernet Encapsulation ............................................ 650 Figure 397 Menu 11.1: Remote Node Profile for PPPoE Encapsulation .............................................. 652 Figure 398 Menu 11.1: Remote Node Profile for PPTP Encapsulation ................................................ 654 Figure 399 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulation ............... 655 Figure 400 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation) .............................................. 657 Figure 401 Menu 11.1.4: Remote Node Filter (PPPoE or PPTP Encapsulation) ................................. 657 Figure 402 Menu 12: IP Static Route Setup ........................................................................................ 660 Figure 403 Menu 12. 1: Edit IP Static Route ........................................................................................ 660 Figure 404 Menu 4: Applying NAT for Internet Access ......................................................................... 664 Figure 405 Menu 11.1.2: Applying NAT to the Remote Node ............................................................... 664 Figure 406 Menu 15: NAT Setup .......................................................................................................... 665 Figure 407 Menu 15.1: Address Mapping Sets .................................................................................... 666 Figure 408 Menu 15.1.255: SUA Address Mapping Rules ................................................................... 666 Figure 409 Menu 15.1.1: First Set ........................................................................................................ 668 Figure 410 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set ......................................... 670 Figure 411 Menu 15.2: NAT Server Sets .............................................................................................. 671 Figure 412 Menu 15.2.x: NAT Server Sets ........................................................................................... 671 Figure 413 15.2.x.x: NAT Server Configuration .................................................................................... 672 Figure 414 Menu 15.2.1: NAT Server Setup ....................................................................................... 673 Figure 415 Server Behind NAT Example .............................................................................................. 673 Figure 416 NAT Example 1 .................................................................................................................. 674 Figure 417 Menu 4: Internet Access & NAT Example .......................................................................... 674 Figure 418 NAT Example 2 .................................................................................................................. 675 Figure 419 Menu 15.2.1: Specifying an Inside Server .......................................................................... 675 Figure 420 NAT Example 3 .................................................................................................................. 676 Figure 421 Example 3: Menu 11.1.2 ..................................................................................................... 677 Figure 422 Example 3: Menu 15.1.1.1 ................................................................................................. 677 Figure 423 Example 3: Final Menu 15.1.1 ............................................................................................ 678 Figure 424 Example 3: Menu 15.2.1 .................................................................................................... 678 Figure 425 NAT Example 4 .................................................................................................................. 679 40 ZyWALL 5/35/70 Series User's Guide List of Figures Figure 426 Example 4: Menu 15.1.1.1: Address Mapping Rule ........................................................... 679 Figure 427 Example 4: Menu 15.1.1: Address Mapping Rules ............................................................ 680 Figure 428 Menu 15.3.1: Trigger Port Setup ........................................................................................ 681 Figure 429 Menu 21: Filter and Firewall Setup ..................................................................................... 683 Figure 430 Menu 21.2: Firewall Setup .................................................................................................. 684 Figure 431 Outgoing Packet Filtering Process ..................................................................................... 685 Figure 432 Filter Rule Process ............................................................................................................. 687 Figure 433 Menu 21: Filter and Firewall Setup ..................................................................................... 688 Figure 434 Menu 21.1: Filter Set Configuration .................................................................................... 688 Figure 435 Menu 21.1.1.1: TCP/IP Filter Rule ..................................................................................... 690 Figure 436 Executing an IP Filter ......................................................................................................... 692 Figure 437 Menu 21.1.1.1: Generic Filter Rule .................................................................................... 693 Figure 438 Telnet Filter Example .......................................................................................................... 694 Figure 439 Example Filter: Menu 21.1.3.1 ........................................................................................... 695 Figure 440 Example Filter Rules Summary: Menu 21.1.3 .................................................................... 695 Figure 441 Protocol and Device Filter Sets .......................................................................................... 696 Figure 442 Filtering LAN Traffic ............................................................................................................ 698 Figure 443 Filtering DMZ Traffic ........................................................................................................... 698 Figure 444 Filtering Remote Node Traffic ............................................................................................. 699 Figure 445 Menu 22: SNMP Configuration ........................................................................................... 701 Figure 446 Menu 24: System Maintenance .......................................................................................... 703 Figure 447 Menu 24.1: System Maintenance: Status .......................................................................... 704 Figure 448 Menu 24.2: System Information and Console Port Speed ................................................. 705 Figure 449 Menu 24.2.1: System Maintenance: Information .............................................................. 706 Figure 450 Menu 24.2.2: System Maintenance: Change Console Port Speed .................................... 707 Figure 451 Menu 24.3: System Maintenance: Log and Trace .............................................................. 707 Figure 452 Examples of Error and Information Messages ................................................................... 708 Figure 453 Menu 24.3.2: System Maintenance: Syslog Logging ......................................................... 708 Figure 454 Call-Triggering Packet Example ......................................................................................... 712 Figure 455 Menu 24.4: System Maintenance: Diagnostic (ZyWALL 5) ............................................... 713 Figure 456 WAN & LAN DHCP ............................................................................................................. 713 Figure 457 Telnet into Menu 24.5 ......................................................................................................... 717 Figure 458 FTP Session Example ........................................................................................................ 717 Figure 459 System Maintenance: Backup Configuration ..................................................................... 720 Figure 460 System Maintenance: Starting Xmodem Download Screen ............................................... 720 Figure 461 Backup Configuration Example .......................................................................................... 720 Figure 462 Successful Backup Confirmation Screen ........................................................................... 720 Figure 463 Telnet into Menu 24.6 ......................................................................................................... 721 Figure 464 Restore Using FTP Session Example ................................................................................ 722 Figure 465 System Maintenance: Restore Configuration ..................................................................... 722 Figure 466 System Maintenance: Starting Xmodem Download Screen ............................................... 722 Figure 467 Restore Configuration Example ......................................................................................... 722 Figure 468 Successful Restoration Confirmation Screen ..................................................................... 723 ZyWALL 5/35/70 Series User's Guide 41 List of Figures Figure 469 Telnet Into Menu 24.7.1: Upload System Firmware ........................................................... 724 Figure 470 Telnet Into Menu 24.7.2: System Maintenance ................................................................. 724 Figure 471 FTP Session Example of Firmware File Upload ................................................................. 725 Figure 472 Menu 24.7.1 As Seen Using the Console Port ................................................................... 727 Figure 473 Example Xmodem Upload .................................................................................................. 727 Figure 474 Menu 24.7.2 As Seen Using the Console Port .................................................................. 728 Figure 475 Example Xmodem Upload .................................................................................................. 728 Figure 476 Command Mode in Menu 24 .............................................................................................. 729 Figure 477 Call Control ......................................................................................................................... 730 Figure 478 Budget Management .......................................................................................................... 730 Figure 479 Call History ......................................................................................................................... 731 Figure 480 Menu 24: System Maintenance .......................................................................................... 732 Figure 481 Menu 24.10 System Maintenance: Time and Date Setting ................................................ 733 Figure 482 Menu 24.11 ­ Remote Management Control ..................................................................... 736 Figure 483 Menu 25: Sample IP Routing Policy Summary .................................................................. 739 Figure 484 Menu 25.1: IP Routing Policy Setup ................................................................................... 741 Figure 485 Menu 25.1.1: IP Routing Policy Setup ................................................................................ 743 Figure 486 Example of IP Policy Routing ............................................................................................. 744 Figure 487 IP Routing Policy Example 1 .............................................................................................. 744 Figure 488 IP Routing Policy Example 2 .............................................................................................. 745 Figure 489 Schedule Setup .................................................................................................................. 747 Figure 490 Schedule Set Setup ............................................................................................................ 748 Figure 491 Applying Schedule Set(s) to a Remote Node (PPPoE) ...................................................... 749 Figure 492 Applying Schedule Set(s) to a Remote Node (PPTP) ........................................................ 750 Figure 493 WLAN Card Installation ...................................................................................................... 762 Figure 494 Console/Dial Backup Port Pin Layout ................................................................................ 764 Figure 495 Attaching Rubber Feet ..................................................................................................... 768 Figure 496 Attaching Mounting Brackets and Screws .......................................................................... 769 Figure 497 Rack Mounting ................................................................................................................... 769 Figure 498 Pop-up Blocker ................................................................................................................... 771 Figure 499 Internet Options: Privacy .................................................................................................... 772 Figure 500 Internet Options: Privacy .................................................................................................... 773 Figure 501 Pop-up Blocker Settings ..................................................................................................... 773 Figure 502 Internet Options: Security ................................................................................................... 774 Figure 503 Security Settings - Java Scripting ....................................................................................... 775 Figure 504 Security Settings - Java ...................................................................................................... 775 Figure 505 Java (Sun) .......................................................................................................................... 776 Figure 506 Mozilla Firefox: Tools > Options ......................................................................................... 777 Figure 507 Mozilla Firefox Content Security ......................................................................................... 777 Figure 508 WIndows 95/98/Me: Network: Configuration ...................................................................... 782 Figure 509 Windows 95/98/Me: TCP/IP Properties: IP Address .......................................................... 783 Figure 510 Windows 95/98/Me: TCP/IP Properties: DNS Configuration .............................................. 784 Figure 511 Windows XP: Start Menu .................................................................................................... 785 42 ZyWALL 5/35/70 Series User's Guide List of Figures Figure 512 Windows XP: Control Panel ............................................................................................... 785 Figure 513 Windows XP: Control Panel: Network Connections: Properties ......................................... 786 Figure 514 Windows XP: Local Area Connection Properties ............................................................... 786 Figure 515 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 787 Figure 516 Windows XP: Advanced TCP/IP Properties ....................................................................... 788 Figure 517 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 789 Figure 518 Windows Vista: Start Menu ................................................................................................. 790 Figure 519 Windows Vista: Control Panel ............................................................................................ 790 Figure 520 Windows Vista: Network And Internet ................................................................................ 790 Figure 521 Windows Vista: Network and Sharing Center ..................................................................... 790 Figure 522 Windows Vista: Network and Sharing Center ..................................................................... 791 Figure 523 Windows Vista: Local Area Connection Properties ............................................................ 791 Figure 524 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties ................................... 792 Figure 525 Windows Vista: Advanced TCP/IP Properties .................................................................... 793 Figure 526 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties ................................... 794 Figure 527 Macintosh OS 8/9: Apple Menu .......................................................................................... 795 Figure 528 Macintosh OS 8/9: TCP/IP ................................................................................................. 795 Figure 529 Macintosh OS X: Apple Menu ............................................................................................ 796 Figure 530 Macintosh OS X: Network .................................................................................................. 797 Figure 531 Red Hat 9.0: KDE: Network Configuration: Devices ......................................................... 798 Figure 532 Red Hat 9.0: KDE: Ethernet Device: General .................................................................. 798 ........................................................ 799 ................................................... 800 Figure 533 Red Hat 9.0: KDE: Network Configuration: DNS ............................................................... 799 Figure 534 Red Hat 9.0: KDE: Network Configuration: Activate Figure 535 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 ............................................... 800 Figure 536 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 Figure 537 Red Hat 9.0: DNS Settings in resolv.conf Figure 538 Red Hat 9.0: Restart Ethernet Card Figure 539 Red Hat 9.0: Checking TCP/IP Properties ........................................................................ 800 ....................................................................... 801 ................................................................................. 800 Figure 540 Network Number and Host ID ............................................................................................ 804 Figure 541 Subnetting Example: Before Subnetting ............................................................................ 806 Figure 542 Subnetting Example: After Subnetting ............................................................................... 807 Figure 543 Conflicting Computer IP Addresses Example .....................................................................811 Figure 544 Conflicting Computer IP Addresses Example .....................................................................811 Figure 545 Conflicting Computer and Router IP Addresses Example .................................................. 812 Figure 546 Peer-to-Peer Communication in an Ad-hoc Network ......................................................... 817 Figure 547 Basic Service Set ............................................................................................................... 818 Figure 548 Infrastructure WLAN ........................................................................................................... 819 Figure 549 RTS/CTS ........................................................................................................................... 820 Figure 550 WPA(2) with RADIUS Application Example ....................................................................... 827 Figure 551 WPA(2)-PSK Authentication ............................................................................................... 828 Figure 552 Windows 98 SE: WinPopup ............................................................................................. 831 Figure 553 WIndows 98 SE: Program Task Bar ................................................................................. 832 Figure 554 Windows 98 SE: Task Bar Properties ............................................................................ 832 ZyWALL 5/35/70 Series User's Guide 43 List of Figures Figure 555 Windows 98 SE: StartUp ................................................................................................... 833 Figure 556 Windows 98 SE: Startup: Create Shortcut Figure 558 Windows 98 SE: Startup: Shortcut ...................................................................... 833 ................................................. 834 Figure 557 Windows 98 SE: Startup: Select a Title for the Program ................................................................................... 834 Figure 559 VPN Rules .......................................................................................................................... 836 Figure 560 Headquarters Gateway Policy Edit ..................................................................................... 837 Figure 561 Branch Office Gateway Policy Edit ..................................................................................... 838 Figure 562 Headquarters VPN Rule ..................................................................................................... 839 Figure 563 Branch Office VPN Rule ..................................................................................................... 839 Figure 564 Headquarters Network Policy Edit ...................................................................................... 840 Figure 565 Branch Office Network Policy Edit ...................................................................................... 841 Figure 566 VPN Rule Configured ......................................................................................................... 842 Figure 567 VPN Dial ............................................................................................................................. 842 Figure 568 VPN Tunnel Established ..................................................................................................... 842 Figure 569 VPN Log Example ............................................................................................................. 844 Figure 570 IKE/IPSec Debug Example ............................................................................................... 845 Figure 571 Security Certificate ............................................................................................................. 847 Figure 572 Login Screen ...................................................................................................................... 848 Figure 573 Certificate General Information before Import .................................................................... 848 Figure 574 Certificate Import Wizard 1 ................................................................................................. 849 Figure 575 Certificate Import Wizard 2 ................................................................................................. 849 Figure 576 Certificate Import Wizard 3 ................................................................................................. 850 Figure 577 Root Certificate Store ......................................................................................................... 850 Figure 578 Certificate General Information after Import ....................................................................... 851 44 ZyWALL 5/35/70 Series User's Guide List of Tables List of Tables Table 1 ZyWALL Model Specific Features ............................................................................................. 56 Table 2 Front Panel Lights ..................................................................................................................... 59 Table 3 Title Bar: Web Configurator Icons ............................................................................................. 64 Table 4 Web Configurator HOME Screen in Router Mode .................................................................... 65 Table 5 Web Configurator HOME Screen in Bridge Mode .................................................................... 71 Table 6 Bridge and Router Mode Features Comparison ....................................................................... 74 Table 7 Screens Summary .................................................................................................................... 75 Table 8 HOME > Port Statistics ............................................................................................................. 80 Table 9 HOME > Show Statistics > Line Chart ...................................................................................... 82 Table 10 HOME > Show DHCP Table ................................................................................................... 82 Table 11 HOME > VPN Status ............................................................................................................... 83 Table 12 ISP Parameters: Ethernet Encapsulation ............................................................................... 88 Table 13 ISP Parameters: PPPoE Encapsulation ................................................................................. 90 Table 14 ISP Parameters: PPTP Encapsulation .................................................................................... 91 Table 15 Internet Access Wizard: Registration ...................................................................................... 94 Table 16 VPN Wizard: Gateway Setting ................................................................................................ 96 Table 17 VPN Wizard: Network Setting ................................................................................................. 98 Table 18 VPN Wizard: IKE Tunnel Setting ........................................................................................... 100 Table 19 VPN Wizard: IPSec Setting ................................................................................................... 101 Table 20 VPN Wizard: VPN Status ...................................................................................................... 103 Table 21 Anti-Spam Wizard: Email Server Location Setting ................................................................ 105 Table 22 Anti-Spam Wizard: Direction Configuration ........................................................................... 107 Table 23 Dynamic VPN Rule Tutorial Settings .................................................................................... 109 Table 24 REGISTRATION ................................................................................................................... 143 Table 25 REGISTRATION > Service ................................................................................................... 145 Table 26 NETWORK > LAN ................................................................................................................. 153 Table 27 NETWORK > LAN > Static DHCP ........................................................................................ 156 Table 28 NETWORK > LAN > IP Alias ................................................................................................ 158 Table 29 NETWORK > LAN > Port Roles ............................................................................................ 159 Table 30 STP Path Costs .................................................................................................................... 162 Table 31 STP Port States .................................................................................................................... 163 Table 32 NETWORK > Bridge ............................................................................................................. 164 Table 33 NETWORK > Bridge > Port Roles ........................................................................................ 166 Table 34 Least Load First: Example 1 ................................................................................................. 169 Table 35 Least Load First: Example 2 ................................................................................................. 169 Table 36 NETWORK > WAN (General) ............................................................................................... 174 Table 37 Load Balancing: Least Load First ......................................................................................... 176 Table 38 Load Balancing: Weighted Round Robin .............................................................................. 177 ZyWALL 5/35/70 Series User's Guide 45 List of Tables Table 39 Load Balancing: Spillover ...................................................................................................... 178 Table 40 Private IP Address Ranges ................................................................................................... 179 Table 41 NETWORK > WAN > WAN (Ethernet Encapsulation) .......................................................... 181 Table 42 NETWORK > WAN > WAN (PPPoE Encapsulation) ............................................................ 184 Table 43 NETWORK > WAN > WAN (PPTP Encapsulation) ............................................................... 187 Table 44 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies ......................................................... 190 Table 45 NETWORK > WAN > 3G (WAN 2) ........................................................................................ 192 Table 46 NETWORK > WAN > Traffic Redirect ................................................................................... 196 Table 47 NETWORK > WAN > Dial Backup ........................................................................................ 197 Table 48 NETWORK > WAN > Dial Backup > Edit .............................................................................. 201 Table 49 NETWORK > DMZ ................................................................................................................ 204 Table 50 NETWORK > DMZ > Static DHCP ........................................................................................ 207 Table 51 NETWORK > DMZ > IP Alias ............................................................................................... 208 Table 52 NETWORK > DMZ > Port Roles ............................................................................................211 Table 53 NETWORK > WLAN ............................................................................................................. 215 Table 54 NETWORK > WLAN > Static DHCP ..................................................................................... 217 Table 55 NETWORK > WLAN > IP Alias ............................................................................................. 218 Table 56 NETWORK > WLAN > Port Roles ........................................................................................ 220 Table 57 Wireless Security Relational Matrix ...................................................................................... 222 Table 58 WIRELESS > Wi-Fi > Wireless Card: No Security ................................................................ 229 Table 59 WIRELESS > Wi-Fi > Wireless Card: Static WEP ................................................................ 231 Table 60 WIRELESS > Wi-Fi > Wireless Card: WPA-PSK .................................................................. 232 Table 61 WIRELESS > Wi-Fi > Wireless Card: WPA .......................................................................... 233 Table 62 WIRELESS > Wi-Fi > Wireless Card: 802.1x + Dynamic WEP ............................................ 234 Table 63 WIRELESS > Wi-Fi > Wireless Card: 802.1x + Static WEP ................................................. 235 Table 64 WIRELESS > Wi-Fi > Wireless Card: 802.1x + No WEP ...................................................... 237 Table 65 WIRELESS > Wi-Fi > Wireless Card: No Access 802.1x + Static WEP ............................... 238 Table 66 WIRELESS > Wi-Fi > MAC Filter .......................................................................................... 239 Table 67 Blocking All LAN to WAN IRC Traffic Example ..................................................................... 253 Table 68 Limited LAN to WAN IRC Traffic Example ............................................................................ 254 Table 69 SECURITY > FIREWALL > Default Rule (Router Mode) ...................................................... 256 Table 70 SECURITY > FIREWALL > Default Rule (Bridge Mode) ...................................................... 258 Table 71 SECURITY > FIREWALL > Rule Summary .......................................................................... 260 Table 72 SECURITY > FIREWALL > Rule Summary > Edit ................................................................ 263 Table 73 SECURITY > FIREWALL > Anti-Probing .............................................................................. 265 Table 74 SECURITY > FIREWALL > Threshold .................................................................................. 267 Table 75 SECURITY > FIREWALL > Service ...................................................................................... 268 Table 76 SECURITY > FIREWALL > Service > Add ........................................................................... 269 Table 77 SECURITY > IDP > General Setup ...................................................................................... 281 Table 78 SECURITY > IDP > Signature: Attack Types ........................................................................ 282 Table 79 SECURITY > IDP > Signature: Intrusion Severity ................................................................ 283 Table 80 SECURITY > IDP > Signature: Actions ................................................................................ 284 Table 81 SECURITY > IDP > Signature: Group View ......................................................................... 285 46 ZyWALL 5/35/70 Series User's Guide List of Tables Table 82 SECURITY > IDP > Signature: Query View .......................................................................... 286 Table 83 SECURITY > IDP > Update .................................................................................................. 292 Table 84 Common Computer Virus Types ........................................................................................... 295 Table 85 SECURITY > ANTI-VIRUS > General .................................................................................. 299 Table 86 SECURITY > ANTI-VIRUS > Signature: Query View ........................................................... 301 Table 87 SECURITY > ANTI-SPAM > General ....................................................................................311 Table 88 SECURITY > ANTI-SPAM > External DB ............................................................................. 314 Table 89 SECURITY > ANTI-SPAM > Lists ......................................................................................... 316 Table 90 SECURITY > ANTI-SPAM > Lists > Edit ............................................................................... 318 Table 91 SECURITY > CONTENT FILTER > General ........................................................................ 323 Table 92 SECURITY > CONTENT FILTER > Policy ........................................................................... 326 Table 93 SECURITY > CONTENT FILTER > Policy > General ........................................................... 328 Table 94 SECURITY > CONTENT FILTER > Policy > External Database .......................................... 330 Table 95 SECURITY > CONTENT FILTER > Policy > Customization ................................................. 337 Table 96 SECURITY > CONTENT FILTER > Policy > Schedule ........................................................ 338 Table 97 SECURITY > CONTENT FILTER > Object ........................................................................... 339 Table 98 SECURITY > CONTENT FILTER > Cache ........................................................................... 341 Table 99 SECURITY > VPN > VPN Rules (IKE) ................................................................................. 354 Table 100 VPN Example: Matching ID Type and Content ................................................................... 357 Table 101 VPN Example: Mismatching ID Type and Content ............................................................. 358 Table 102 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy ........................................... 364 Table 103 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy ............................................ 374 Table 104 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding ............... 378 Table 105 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy .......................................... 379 Table 106 SECURITY > VPN > VPN Rules (Manual) ......................................................................... 381 Table 107 SECURITY > VPN > VPN Rules (Manual) > Edit ............................................................... 382 Table 108 SECURITY > VPN > SA Monitor ........................................................................................ 385 Table 109 SECURITY > VPN > Global Setting .................................................................................... 387 Table 110 Telecommuters Sharing One VPN Rule Example ............................................................... 389 Table 111 Telecommuters Using Unique VPN Rules Example ............................................................ 390 Table 112 SECURITY > CERTIFICATES > My Certificates ................................................................ 398 Table 113 SECURITY > CERTIFICATES > My Certificates > Details ................................................. 401 Table 114 SECURITY > CERTIFICATES > My Certificates > Export .................................................. 403 Table 115 SECURITY > CERTIFICATES > My Certificates > Import .................................................. 404 Table 116 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 ................................ 405 Table 117 SECURITY > CERTIFICATES > My Certificates > Create .................................................. 407 Table 118 SECURITY > CERTIFICATES > Trusted CAs .....................................................................411 Table 119 SECURITY > CERTIFICATES > Trusted CAs > Details ..................................................... 413 Table 120 SECURITY > CERTIFICATES > Trusted CAs Import ......................................................... 416 Table 121 SECURITY > CERTIFICATES > Trusted Remote Hosts .................................................... 417 Table 122 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import ...................................... 418 Table 123 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details ..................................... 420 Table 124 SECURITY > CERTIFICATES > Directory Servers ............................................................ 422 ZyWALL 5/35/70 Series User's Guide 47 List of Tables Table 125 SECURITY > CERTIFICATES > Directory Server > Add ................................................... 423 Table 126 SECURITY > AUTH SERVER > Local User Database ....................................................... 427 Table 127 SECURITY > AUTH SERVER > RADIUS .......................................................................... 427 Table 128 NAT Definitions ................................................................................................................... 431 Table 129 NAT Mapping Types ............................................................................................................ 435 Table 130 ADVANCED > NAT > NAT Overview .................................................................................. 436 Table 131 ADVANCED > NAT > Address Mapping ............................................................................. 438 Table 132 ADVANCED > NAT > Address Mapping > Edit ................................................................... 440 Table 133 ADVANCED > NAT > Port Forwarding ................................................................................ 444 Table 134 ADVANCED > NAT > Port Triggering ................................................................................. 446 Table 135 ADVANCED > STATIC ROUTE > IP Static Route .............................................................. 451 Table 136 ADVANCED > STATIC ROUTE > IP Static Route > Edit .................................................... 451 Table 137 ADVANCED > POLICY ROUTE > Policy Route Summary ................................................. 455 Table 138 ADVANCED > POLICY ROUTE > Edit ............................................................................... 456 Table 139 Application and Subnet-based Bandwidth Management Example ..................................... 460 Table 140 Maximize Bandwidth Usage Example ................................................................................. 462 Table 141 Priority-based Allotment of Unused and Unbudgeted Bandwidth Example ........................ 462 Table 142 Fairness-based Allotment of Unused and Unbudgeted Bandwidth Example ..................... 463 Table 143 Bandwidth Borrowing Example ........................................................................................... 464 Table 144 Over Allotment of Bandwidth Example ............................................................................... 465 Table 145 ADVANCED > BW MGMT > Summary ............................................................................... 466 Table 146 ADVANCED > BW MGMT > Class Setup ........................................................................... 468 Table 147 ADVANCED > BW MGMT > Class Setup > Add Sub-Class ............................................... 469 Table 148 Services and Port Numbers ................................................................................................ 471 Table 149 ADVANCED > DNS > Add (Address Record) ..................................................................... 479 Table 150 ADVANCED > REMOTE MGMT > WWW ........................................................................... 490 Table 151 ADVANCED > REMOTE MGMT > SSH ............................................................................. 503 Table 152 ADVANCED > REMOTE MGMT > Telnet ........................................................................... 506 Table 153 ADVANCED > REMOTE MGMT > FTP .............................................................................. 507 Table 154 SNMP Traps ........................................................................................................................ 509 Table 155 ADVANCED > REMOTE MGMT > SNMP .......................................................................... 510 Table 156 ADVANCED > REMOTE MGMT > DNS ..............................................................................511 Table 157 ADVANCED > REMOTE MGMT > CNM ............................................................................. 512 Table 158 ADVANCED > UPnP ........................................................................................................... 516 Table 159 ADVANCED > UPnP > Ports .............................................................................................. 517 Table 160 ADVANCED > Custom APP ................................................................................................ 526 Table 161 ADVANCED > ALG ............................................................................................................. 532 Table 162 REPORTS > SYSTEM REPORTS ..................................................................................... 536 Table 163 REPORTS > SYSTEM REPORTS: Web Site Hits Report .................................................. 537 Table 164 REPORTS > SYSTEM REPORTS: Host IP Address ......................................................... 538 Table 165 REPORTS > SYSTEM REPORTS: Protocol/ Port .............................................................. 539 Table 166 Report Specifications .......................................................................................................... 540 Table 167 REPORTS > THREAT REPORTS > IDP ............................................................................ 541 48 ZyWALL 5/35/70 Series User's Guide List of Tables Table 168 REPORTS > THREAT REPORTS > Anti-Virus .................................................................. 543 Table 169 REPORTS > THREAT REPORTS > Anti-Spam ................................................................. 544 Table 170 LOGS > View Log ............................................................................................................... 548 Table 171 Log Description Example .................................................................................................... 548 Table 172 LOGS > Log Settings .......................................................................................................... 552 Table 173 System Maintenance Logs .................................................................................................. 553 Table 174 System Error Logs .............................................................................................................. 555 Table 175 Access Control Logs ........................................................................................................... 555 Table 176 TCP Reset Logs .................................................................................................................. 556 Table 177 Packet Filter Logs ............................................................................................................... 556 Table 178 ICMP Logs .......................................................................................................................... 556 Table 179 CDR Logs ........................................................................................................................... 557 Table 180 PPP Logs ............................................................................................................................ 557 Table 181 3G Logs .............................................................................................................................. 557 Table 182 UPnP Logs .......................................................................................................................... 559 Table 183 Content Filtering Logs ......................................................................................................... 559 Table 184 Attack Logs ......................................................................................................................... 560 Table 185 Remote Management Logs ................................................................................................. 561 Table 186 Wireless Logs ..................................................................................................................... 561 Table 187 IPSec Logs .......................................................................................................................... 562 Table 188 IKE Logs ............................................................................................................................. 562 Table 189 PKI Logs ............................................................................................................................. 565 Table 190 802.1X Logs ........................................................................................................................ 567 Table 191 ACL Setting Notes .............................................................................................................. 568 Table 192 ICMP Notes ......................................................................................................................... 568 Table 193 IDP Logs ............................................................................................................................. 569 Table 194 AV Logs ............................................................................................................................... 570 Table 195 AS Logs .............................................................................................................................. 571 Table 196 Syslog Logs ........................................................................................................................ 573 Table 197 RFC-2408 ISAKMP Payload Types .................................................................................... 574 Table 198 MAINTENANCE > General Setup ....................................................................................... 576 Table 199 MAINTENANCE > Password .............................................................................................. 577 Table 200 MAINTENANCE > Time and Date ...................................................................................... 578 Table 201 MAC-address-to-port Mapping Table .................................................................................. 581 Table 202 MAINTENANCE > Device Mode (Router Mode) ................................................................. 583 Table 203 MAINTENANCE > Device Mode (Bridge Mode) ................................................................. 584 Table 204 MAINTENANCE > Firmware Upload .................................................................................. 585 Table 205 Restore Configuration ......................................................................................................... 587 Table 206 MAINTENANCE > Diagnostics ........................................................................................... 590 Table 207 Main Menu Commands ....................................................................................................... 596 Table 208 Main Menu Summary .......................................................................................................... 598 Table 209 SMT Menus Overview ......................................................................................................... 599 Table 210 Menu 1: General Setup (Router Mode) ............................................................................... 603 ZyWALL 5/35/70 Series User's Guide 49 List of Tables Table 211 Menu 1: General Setup (Bridge Mode) ............................................................................... 604 Table 212 Menu 1.1: Configure Dynamic DNS .................................................................................... 605 Table 213 Menu 1.1.1: DDNS Host Summary ..................................................................................... 606 Table 214 Menu 1.1.1: DDNS Edit Host .............................................................................................. 607 Table 215 MAC Address Cloning in WAN Setup ................................................................................. 610 Table 216 Menu 2: Dial Backup Setup .................................................................................................611 Table 217 Advanced WAN Port Setup: AT Commands Fields ............................................................ 612 Table 218 Advanced WAN Port Setup: Call Control Parameters ........................................................ 613 Table 219 Menu 11.3: Remote Node Profile (Backup ISP) .................................................................. 614 Table 220 Menu 11.3.2: Remote Node Network Layer Options .......................................................... 615 Table 221 Menu 11.3.3: Remote Node Script ...................................................................................... 618 Table 222 3G Modem Setup in WAN Setup (ZyWALL 5) .................................................................... 619 Table 223 Menu 11.2: Remote Node Profile (3G WAN) ...................................................................... 620 Table 224 Menu 3.2: DHCP Ethernet Setup Fields ............................................................................. 625 Table 225 Menu 3.2: LAN TCP/IP Setup Fields .................................................................................. 625 Table 226 Menu 3.2.1: IP Alias Setup ................................................................................................. 627 Table 227 Menu 4: Internet Access Setup (Ethernet) ......................................................................... 630 Table 228 New Fields in Menu 4 (PPTP) Screen ................................................................................ 632 Table 229 New Fields in Menu 4 (PPPoE) screen ............................................................................... 633 Table 230 Menu 6.1: Route Assessment ............................................................................................. 640 Table 231 Menu 6.2: Traffic Redirect ................................................................................................... 640 Table 232 Menu 6.3: Route Failover .................................................................................................... 641 Table 233 Menu 7.1: Wireless Setup ................................................................................................... 644 Table 234 Menu 7.1.1: WLAN MAC Address Filter ............................................................................. 646 Table 235 Menu 11.1: Remote Node Profile for Ethernet Encapsulation ............................................. 650 Table 236 Fields in Menu 11.1 (PPPoE Encapsulation Specific) ......................................................... 653 Table 237 Menu 11.1: Remote Node Profile for PPTP Encapsulation ................................................. 654 Table 238 Remote Node Network Layer Options Menu Fields ............................................................ 655 Table 239 Menu 12. 1: Edit IP Static Route ......................................................................................... 660 Table 240 Applying NAT in Menus 4 & 11.1.2 ...................................................................................... 665 Table 241 SUA Address Mapping Rules ............................................................................................. 667 Table 242 Fields in Menu 15.1.1 .......................................................................................................... 669 Table 243 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set .......................................... 670 Table 244 15.2.x.x: NAT Server Configuration .................................................................................... 672 Table 245 Menu 15.3.1: Trigger Port Setup ......................................................................................... 681 Table 246 Abbreviations Used in the Filter Rules Summary Menu ..................................................... 689 Table 247 Rule Abbreviations Used .................................................................................................... 689 Table 248 Menu 21.1.1.1: TCP/IP Filter Rule ...................................................................................... 690 Table 249 Generic Filter Rule Menu Fields ......................................................................................... 693 Table 250 SNMP Configuration Menu Fields ....................................................................................... 701 Table 251 SNMP Traps ........................................................................................................................ 702 Table 252 System Maintenance: Status Menu Fields .......................................................................... 704 Table 253 Fields in System Maintenance: Information ........................................................................ 706 50 ZyWALL 5/35/70 Series User's Guide

If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual ZYXEL ZYWALL 35.

ZYXEL offer a product for which we do not have the user manual? Let us know what you are looking for: user guide, owner's manual, online manual, operating instructions, quick start guide, mounting instructions, schematics, service manual, installation instructions, RTFM.

Diplodocs allows you to download user manual ZYXEL ZYWALL 35, user guide ZYXEL ZYWALL 35, instructions ZYXEL ZYWALL 35, owner's manual ZYXEL ZYWALL 35, online manual ZYXEL ZYWALL 35.


ZYXEL ZYWALL 35, ZYXEL COMMUNICATIONS, Router, Switch, Firewall & Other network security hardware.
Know our Partners Frequently Asked Questions Contact Diplodocs team Last searches
Last additions 		Sitemap
Brands starting with A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #
Copyright © 2005 - 2008 - Diplodocs - All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.