ZyXEL Communications ZyWALL 2 Plus User Manual
Zywall 2 plus, User’s guide
Table of contents
Document Outline
- User’s Guide
- Introduction and Registration
- Getting to Know Your ZyWALL
- Introducing the Web Configurator
- Wizard Setup
- Tutorials
- 4.1 Security Settings for VPN Traffic
- 4.1.1 Firewall Rule for VPN Example
- 4.1.2 Configuring the VPN Rule
- 4.1.3 Configuring the Firewall Rules
- 4.2 Using NAT with Multiple Public IP Addresses
- 4.2.1 Example Parameters and Scenario
- 4.2.2 Configuring the WAN Connection with a Static IP Address
- 4.2.3 Public IP Address Mapping
- 4.2.4 Forwarding Traffic from the WAN to a Local Computer
- 4.2.5 Allow WAN-to-LAN Traffic through the Firewall
- 4.2.6 Testing the Connections
- 4.3 Using NAT with Multiple Game Players
- 4.4 How to Manage the ZyWALL’s Bandwidth
- 4.4.1 Example Parameters and Scenario
- 4.4.2 Configuring Bandwidth Management Rules
- 4.5 Configuring Content Filtering
- 4.5.1 Enable Content Filtering
- 4.5.2 Block Categories of Web Content
- 4.5.3 Assign Bob’s Computer a Specific IP Address
- 4.5.4 Create a Content Filter Policy for Bob
- 4.5.5 Set the Content Filter Schedule
- 4.5.6 Block Categories of Web Content for Bob
- Registration
- Network
- LAN Screens
- Bridge Screens
- WAN Screens
- 8.1 WAN Overview
- 8.2 TCP/IP Priority (Metric)
- 8.3 WAN Route
- 8.4 WAN IP Address Assignment
- 8.5 DNS Server Address Assignment
- 8.6 WAN MAC Address
- 8.7 WAN
- 8.7.1 WAN Ethernet Encapsulation
- 8.7.2 PPPoE Encapsulation
- 8.7.3 PPTP Encapsulation
- 8.8 Traffic Redirect
- 8.9 Configuring Traffic Redirect
- 8.10 Configuring Dial Backup
- 8.11 Advanced Modem Setup
- 8.11.1 AT Command Strings
- 8.11.2 DTR Signal
- 8.11.3 Response Strings
- 8.12 Configuring Advanced Modem Setup
- DMZ Screens
- Wireless LAN
- Security
- Firewall
- 11.1 Firewall Overview
- 11.2 Packet Direction Matrix
- 11.3 Packet Direction Examples
- 11.3.1 To VPN Packet Direction
- 11.3.2 From VPN Packet Direction
- 11.3.3 From VPN To VPN Packet Direction
- 11.4 Security Considerations
- 11.5 Firewall Rules Example
- 11.6 Asymmetrical Routes
- 11.6.1 Asymmetrical Routes and IP Alias
- 11.7 Firewall Default Rule (Router Mode)
- 11.8 Firewall Default Rule (Bridge Mode)
- 11.9 Firewall Rule Summary
- 11.10 Anti-Probing
- 11.11 Firewall Thresholds
- 11.11.1 Threshold Values
- 11.12 Threshold Screen
- 11.13 Service
- 11.14 My Service Firewall Rule Example
- Content Filtering Screens
- 12.1 Content Filtering Overview
- 12.1.1 Restrict Web Features
- 12.1.2 Create a Filter List
- 12.1.3 Customize Web Site Access
- 12.2 Content Filtering with an External Database
- 12.3 Content Filter General Screen
- 12.4 Content Filter Policy
- 12.5 Content Filter Policy: General
- 12.6 Content Filter Policy: External Database
- 12.7 Content Filter Policy: Customization
- 12.8 Content Filter Policy: Schedule
- 12.9 Content Filter Object
- 12.10 Customizing Keyword Blocking URL Checking
- 12.10.1 Domain Name or IP Address URL Checking
- 12.10.2 Full Path URL Checking
- 12.10.3 File Name URL Checking
- 12.11 Content Filtering Cache
- Content Filtering Reports
- IPSec VPN
- 14.1 IPSec VPN Overview
- 14.1.1 IKE SA Overview
- 14.2 VPN Rules (IKE)
- 14.3 IKE SA Setup
- 14.3.1 IKE SA Proposal
- 14.4 Additional IPSec VPN Topics
- 14.4.1 SA Life Time
- 14.4.2 IPSec High Availability
- 14.4.3 Encryption and Authentication Algorithms
- 14.5 VPN Rules (IKE) Gateway Policy Edit
- 14.6 IPSec SA Overview
- 14.6.1 Local Network and Remote Network
- 14.6.2 Virtual Address Mapping
- 14.6.3 Active Protocol
- 14.6.4 Encapsulation
- 14.6.5 IPSec SA Proposal and Perfect Forward Secrecy
- 14.7 VPN Rules (IKE) Network Policy Edit
- 14.8 Network Policy Port Forwarding
- 14.9 Network Policy Move
- 14.10 IPSec SA Using Manual Keys
- 14.10.1 IPSec SA Proposal Using Manual Keys
- 14.10.2 Authentication and the Security Parameter Index (SPI)
- 14.11 VPN Rules (Manual)
- 14.12 VPN Rules (Manual) Edit
- 14.13 VPN SA Monitor
- 14.14 VPN Global Setting
- 14.14.1 Local and Remote IP Address Conflict Resolution
- 14.15 Telecommuter VPN/IPSec Examples
- 14.15.1 Telecommuters Sharing One VPN Rule Example
- 14.15.2 Telecommuters Using Unique VPN Rules Example
- 14.16 VPN and Remote Management
- 14.17 Hub-and-spoke VPN
- 14.17.1 Hub-and-spoke VPN Example
- 14.17.2 Hub-and-spoke Example VPN Rule Addresses
- 14.17.3 Hub-and-spoke VPN Requirements and Suggestions
- Certificates
- 15.1 Certificates Overview
- 15.1.1 Advantages of Certificates
- 15.2 Self-signed Certificates
- 15.3 Verifying a Certificate
- 15.3.1 Checking the Fingerprint of a Certificate on Your Computer
- 15.4 Configuration Summary
- 15.5 My Certificates
- 15.6 My Certificate Details
- 15.7 My Certificate Export
- 15.7.1 Certificate File Export Formats
- 15.8 My Certificate Import
- 15.8.1 Certificate File Formats
- 15.9 My Certificate Create
- 15.10 Trusted CAs
- 15.11 Trusted CA Details
- 15.12 Trusted CA Import
- 15.13 Trusted Remote Hosts
- 15.14 Trusted Remote Host Certificate Details
- 15.15 Trusted Remote Hosts Import
- 15.16 Directory Servers
- 15.17 Directory Server Add or Edit
- Authentication Server
- Firewall
- Advanced
- Network Address Translation (NAT)
- 17.1 NAT Overview
- 17.1.1 NAT Definitions
- 17.1.2 What NAT Does
- 17.1.3 How NAT Works
- 17.1.4 NAT Application
- 17.1.5 Port Restricted Cone NAT
- 17.1.6 NAT Mapping Types
- 17.2 Using NAT
- 17.2.1 SUA (Single User Account) Versus NAT
- 17.3 NAT Overview Screen
- 17.4 NAT Address Mapping
- 17.4.1 What NAT Does
- 17.5 Port Forwarding
- 17.5.1 Default Server IP Address
- 17.5.2 Port Forwarding: Services and Port Numbers
- 17.5.3 Configuring Servers Behind Port Forwarding (Example)
- 17.5.4 Port Translation
- 17.6 Port Forwarding Screen
- 17.7 Port Triggering
- Static Route
- Bandwidth Management
- 19.1 Bandwidth Management Overview
- 19.2 Bandwidth Classes and Filters
- 19.3 Proportional Bandwidth Allocation
- 19.4 Application-based Bandwidth Management
- 19.5 Subnet-based Bandwidth Management
- 19.6 Application and Subnet-based Bandwidth Management
- 19.7 Scheduler
- 19.7.1 Priority-based Scheduler
- 19.7.2 Fairness-based Scheduler
- 19.7.3 Maximize Bandwidth Usage
- 19.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic
- 19.7.5 Maximize Bandwidth Usage Example
- 19.8 Bandwidth Borrowing
- 19.8.1 Bandwidth Borrowing Example
- 19.9 Maximize Bandwidth Usage With Bandwidth Borrowing
- 19.10 Over Allotment of Bandwidth
- 19.11 Configuring Summary
- 19.12 Configuring Class Setup
- 19.13 Bandwidth Manager Monitor
- DNS
- 20.1 DNS Overview
- 20.2 DNS Server Address Assignment
- 20.3 DNS Servers
- 20.4 Address Record
- 20.4.1 DNS Wildcard
- 20.5 Name Server Record
- 20.5.1 Private DNS Server
- 20.6 System Screen
- 20.7 DNS Cache
- 20.8 Configure DNS Cache
- 20.9 Configuring DNS DHCP
- 20.10 Dynamic DNS
- 20.10.1 DYNDNS Wildcard
- 20.11 Configuring Dynamic DNS
- Remote Management
- 21.1 Remote Management Overview
- 21.1.1 Remote Management Limitations
- 21.1.2 System Timeout
- 21.2 WWW (HTTP and HTTPS)
- 21.3 WWW Configuration
- 21.4 HTTPS Example
- 21.4.1 Internet Explorer Warning Messages
- 21.4.2 Netscape Navigator Warning Messages
- 21.4.3 Avoiding the Browser Warning Messages
- 21.4.4 Login Screen
- 21.5 SSH
- 21.6 How SSH Works
- 21.7 SSH Implementation on the ZyWALL
- 21.7.1 Requirements for Using SSH
- 21.8 Configuring SSH
- 21.9 Secure Telnet Using SSH Examples
- 21.9.1 Example 1: Microsoft Windows
- 21.9.2 Example 2: Linux
- 21.10 Secure FTP Using SSH Example
- 21.11 Telnet
- 21.12 Configuring TELNET
- 21.13 FTP
- 21.14 SNMP
- 21.14.1 Supported MIBs
- 21.14.2 SNMP Traps
- 21.14.3 REMOTE MANAGEMENT: SNMP
- 21.15 DNS
- 21.16 Introducing Vantage CNM
- 21.17 Configuring CNM
- 21.17.1 Additional Configuration for Vantage CNM
- UPnP
- 22.1 Universal Plug and Play Overview
- 22.1.1 How Do I Know If I'm Using UPnP?
- 22.1.2 NAT Traversal
- 22.1.3 Cautions with UPnP
- 22.1.4 UPnP and ZyXEL
- 22.2 Configuring UPnP
- 22.3 Displaying UPnP Port Mapping
- 22.4 Installing UPnP in Windows Example
- 22.4.1 Installing UPnP in Windows Me
- 22.4.2 Installing UPnP in Windows XP
- 22.5 Using UPnP in Windows XP Example
- 22.5.1 Auto-discover Your UPnP-enabled Network Device
- 22.5.2 Web Configurator Easy Access
- Custom Application
- ALG Screen
- Network Address Translation (NAT)
- Logs and Maintenance
- Logs Screens
- 25.1 Configuring View Log
- 25.2 Log Description Example
- 25.2.1 About the Certificate Not Trusted Log
- 25.3 Configuring Log Settings
- 25.4 Configuring Reports
- 25.4.1 Viewing Web Site Hits
- 25.4.2 Viewing Host IP Address
- 25.4.3 Viewing Protocol/Port
- 25.4.4 System Reports Specifications
- 25.5 Log Descriptions
- 25.6 Syslog Logs
- Maintenance
- 26.1 Maintenance Overview
- 26.2 General Setup and System Name
- 26.3 Configuring Password
- 26.4 Time and Date
- 26.5 Pre-defined NTP Time Server Pools
- 26.5.1 Resetting the Time
- 26.5.2 Time Server Synchronization
- 26.6 Introduction To Transparent Bridging
- 26.7 Transparent Firewalls
- 26.8 Configuring Device Mode (Router)
- 26.9 Configuring Device Mode (Bridge)
- 26.10 F/W Upload Screen
- 26.11 Backup and Restore
- 26.11.1 Backup Configuration
- 26.11.2 Restore Configuration
- 26.11.3 Back to Factory Defaults
- 26.12 Restart Screen
- 26.13 Diagnostics
- Logs Screens
- SMT
- Introducing the SMT
- SMT Menu 1 - General Setup
- WAN and Dial Backup Setup
- LAN Setup
- Internet Access
- DMZ Setup
- Wireless Setup
- Remote Node Setup
- IP Static Route Setup
- Network Address Translation (NAT)
- 36.1 Using NAT
- 36.1.1 SUA (Single User Account) Versus NAT
- 36.1.2 Applying NAT
- 36.2 NAT Setup
- 36.2.1 Address Mapping Sets
- 36.3 Configuring a Server behind NAT
- 36.4 General NAT Examples
- 36.4.1 Internet Access Only
- 36.4.2 Example 2: Internet Access with a Default Server
- 36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers
- 36.4.4 Example 4: NAT Unfriendly Application Programs
- 36.5 Trigger Port Forwarding
- 36.5.1 Two Points To Remember About Trigger Ports
- Introducing the ZyWALL Firewall
- Filter Configuration
- 38.1 Introduction to Filters
- 38.1.1 The Filter Structure of the ZyWALL
- 38.2 Configuring a Filter Set
- 38.2.1 Configuring a Filter Rule
- 38.2.2 Configuring a TCP/IP Filter Rule
- 38.2.3 Configuring a Generic Filter Rule
- 38.3 Example Filter
- 38.4 Filter Types and NAT
- 38.5 Firewall Versus Filters
- 38.5.1 Packet Filtering:
- 38.5.2 Firewall
- 38.6 Applying a Filter
- 38.6.1 Applying LAN Filters
- 38.6.2 Applying DMZ Filters
- 38.6.3 Applying Remote Node Filters
- SNMP Configuration
- System Information & Diagnosis
- Firmware and Configuration File Maintenance
- 41.1 Introduction
- 41.2 Filename Conventions
- 41.3 Backup Configuration
- 41.3.1 Backup Configuration
- 41.3.2 Using the FTP Command from the Command Line
- 41.3.3 Example of FTP Commands from the Command Line
- 41.3.4 GUI-based FTP Clients
- 41.3.5 File Maintenance Over WAN
- 41.3.6 Backup Configuration Using TFTP
- 41.3.7 TFTP Command Example
- 41.3.8 GUI-based TFTP Clients
- 41.3.9 Backup Via Console Port
- 41.4 Restore Configuration
- 41.4.1 Restore Using FTP
- 41.4.2 Restore Using FTP Session Example
- 41.4.3 Restore Via Console Port
- 41.5 Uploading Firmware and Configuration Files
- 41.5.1 Firmware File Upload
- 41.5.2 Configuration File Upload
- 41.5.3 FTP File Upload Command from the DOS Prompt Example
- 41.5.4 FTP Session Example of Firmware File Upload
- 41.5.5 TFTP File Upload
- 41.5.6 TFTP Upload Command Example
- 41.5.7 Uploading Via Console Port
- 41.5.8 Uploading Firmware File Via Console Port
- 41.5.9 Example Xmodem Firmware Upload Using HyperTerminal
- 41.5.10 Uploading Configuration File Via Console Port
- 41.5.11 Example Xmodem Configuration Upload Using HyperTerminal
- System Maintenance Menus 8 to 10
- Remote Management
- Call Scheduling
- Troubleshooting and Specifications
- Appendices and Index