ZyWALL 5/35/70 Series Internet Security Appliance User's Guide Version 4.03 1/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 Password 1234 www.zyxel.com About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyWALL using the web configurator or System Management Terminal (SMT). You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation · Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access. · Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information. · CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. · Supporting Disk Refer to the included CD for support documents. · ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw ZyWALL 5/35/70 Series User's Guide 3 Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User's Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions · The ZyWALL 5/35/70 series may be referred to as the "ZyWALL", the "device" or the "system" in this User's Guide. · Product labels, screen names, field labels and field choices are all in bold font. · A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the "enter" or "return" key on your keyboard. · "Enter" means for you to type one or more characters and then press the [ENTER] key. "Select" or "choose" means for you to use one of the predefined choices. · A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen. · Units of measurement may denote the "metric" value or the "scientific" value. For example, "k" for kilo may denote "1000" or "1024", "M" for mega may denote "1000000" or "1048576" and so on. · "e.g.," is a shorthand for "for instance", and "i.e.," means "that is" or "in other words". 4 ZyWALL 5/35/70 Series User's Guide Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL 5/35/70 Series User's Guide 5 Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. · Do NOT use this product near water, for example, in a wet basement or near a swimming pool. · Do NOT expose your device to dampness, dust or corrosive liquids. · Do NOT store things on the device. · Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. · Connect ONLY suitable accessories to the device. · Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information. · Make sure to connect the cables to the correct ports. · Place connecting cables carefully so that no one will step on them or stumble over them. · Always disconnect all cables from this device before servicing or disassembling. · Use ONLY an appropriate power adaptor or cord for your device. · Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe). · Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet. · Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord. · Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution. · If the power adaptor or cord is damaged, remove it from the power outlet. · Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one. · Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning. · CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product. · Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. · Fuse Warning! Replace a fuse only with a fuse of the same type and rating. 6 ZyWALL 5/35/70 Series User's Guide Safety Warnings This product is recyclable. Dispose of it properly. ZyWALL 5/35/70 Series User's Guide 7 Safety Warnings 8 ZyWALL 5/35/70 Series User's Guide Contents Overview Contents Overview Introduction ............................................................................................................................ 53 Getting to Know Your ZyWALL .................................................................................................. 55 Introducing the Web Configurator .............................................................................................. 61 Wizard Setup ............................................................................................................................. 87 Tutorials ................................................................................................................................... 109 Registration ............................................................................................................................. 141 Network ................................................................................................................................. 147 LAN Screens ........................................................................................................................... 149 Bridge Screens ........................................................................................................................ 161 WAN Screens .......................................................................................................................... 167 DMZ Screens ........................................................................................................................... 203 WLAN ...................................................................................................................................... 213 Security ................................................................................................................................. 241 Firewall .................................................................................................................................... 243 Intrusion Detection and Prevention (IDP) ................................................................................ 275 Configuring IDP ....................................................................................................................... 279 Anti-Virus ................................................................................................................................. 295 Anti-Spam ................................................................................................................................ 307 Content Filtering Screens ........................................................................................................ 321 Content Filtering Reports ......................................................................................................... 343 IPSec VPN ............................................................................................................................... 351 Certificates ............................................................................................................................... 395 Authentication Server .............................................................................................................. 425 Advanced .............................................................................................................................. 429 Network Address Translation (NAT) ........................................................................................ 431 Static Route ............................................................................................................................. 449 Policy Route ............................................................................................................................ 453 Bandwidth Management .......................................................................................................... 459 DNS ......................................................................................................................................... 475 Remote Management .............................................................................................................. 487 UPnP ....................................................................................................................................... 515 Custom Application .................................................................................................................. 525 ALG Screen ............................................................................................................................. 527 ZyWALL 5/35/70 Series User's Guide 9 Contents Overview Reports, Logs and Maintenance ......................................................................................... 533 Reports .................................................................................................................................... 535 Logs Screens ........................................................................................................................... 547 Maintenance ............................................................................................................................ 575 SMT and Troubleshooting ................................................................................................... 593 Introducing the SMT ................................................................................................................ 595 SMT Menu 1 - General Setup .................................................................................................. 603 WAN and Dial Backup Setup ................................................................................................... 609 LAN Setup ............................................................................................................................... 623 Internet Access ........................................................................................................................ 629 DMZ Setup .............................................................................................................................. 635 Route Setup ............................................................................................................................. 639 Wireless Setup ........................................................................................................................ 643 Remote Node Setup ................................................................................................................ 649 IP Static Route Setup .............................................................................................................. 659 Network Address Translation (NAT) ........................................................................................ 663 Introducing the ZyWALL Firewall ............................................................................................. 683 Filter Configuration ........................................................ ...