ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

ZyWALL 2 Series User’s Guide

Getting to Know Your ZyWALL

1-3

The ZyWALL supports two simultaneous VPN connections.

X-Auth (Extended Authentication)

X-Auth provides added security for VPN by requiring each VPN client to use a username and password.

Certificates

The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates are based on
public-private key pairs. Certificates provide a way to exchange public keys for use in authentication.

SSH

The ZyWALL uses the SSH (Secure Shell) secure communication protocol to provide secure encrypted
communication between two hosts over an unsecured network.

HTTPS

HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol that encrypts
and decrypts web sessions. Use HTTPS for secure web configurator access to the ZyWALL.

Firewall

The ZyWALL has a stateful inspection firewall with DoS (Denial of Service) protection. By default, when
the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from
the LAN. The ZyWALL firewall supports TCP/UDP inspection, DoS detection and protection, real time
alerts, reports and logs.

Brute-Force Password Guessing Protection

The ZyWALL has a special protection mechanism to discourage brute-force password guessing attacks on
the ZyWALL’s management interfaces. You can specify a wait-time that must expire before entering a fourth
password after three incorrect passwords have been entered. Please see the appendices for details about this
feature.

Content Filtering

The ZyWALL can block web features such as ActiveX controls, Java applets and cookies, as well as disable
web proxies. The ZyWALL can block specific URLs by using the keyword feature. It also allows the
administrator to define time periods and days during which content filtering is enabled.

Packet Filtering

The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.