ZyXEL Communications ZyXEL ZyWALL 2WG User Manual
Zywall 2wg, User’s guide
Table of contents
Document Outline
- User’s Guide
- Introduction
- Getting to Know Your ZyWALL
- Introducing the Web Configurator
- Wizard Setup
- Tutorial
- Registration
- Network
- LAN Screens
- Bridge Screens
- WAN Screens
- 8.1 WAN Overview
- 8.2 Multiple WAN
- 8.3 Load Balancing Introduction
- 8.4 Load Balancing Algorithms
- 8.4.1 Least Load First
- 8.4.2 Weighted Round Robin
- 8.4.3 Spillover
- 8.5 TCP/IP Priority (Metric)
- 8.6 WAN General
- 8.7 Configuring Load Balancing
- 8.7.1 Least Load First
- 8.7.2 Weighted Round Robin
- 8.7.3 Spillover
- 8.8 WAN IP Address Assignment
- 8.9 DNS Server Address Assignment
- 8.10 WAN MAC Address
- 8.11 WAN 1
- 8.11.1 WAN Ethernet Encapsulation
- 8.11.2 PPPoE Encapsulation
- 8.11.3 PPTP Encapsulation
- 8.12 WAN 2 (3G WAN)
- 8.13 Traffic Redirect
- 8.14 Configuring Traffic Redirect
- 8.15 Configuring Dial Backup
- 8.16 Advanced Modem Setup
- 8.16.1 AT Command Strings
- 8.16.2 DTR Signal
- 8.16.3 Response Strings
- 8.17 Configuring Advanced Modem Setup
- DMZ Screens
- Wireless LAN
- 10.1 Wireless LAN Introduction
- 10.2 Configuring WLAN
- 10.3 WLAN Static DHCP
- 10.4 WLAN IP Alias
- 10.5 WLAN Port Roles
- 10.6 Wireless Security Overview
- 10.6.1 SSID
- 10.6.2 MAC Address Filter
- 10.6.3 User Authentication
- 10.6.4 Encryption
- 10.6.5 Additional Installation Requirements for Using 802.1x
- 10.7 Wireless Card
- 10.8 Configuring Wireless Security
- 10.8.1 No Security
- 10.8.2 Static WEP
- 10.8.3 IEEE 802.1x Only
- 10.8.4 IEEE 802.1x + Static WEP
- 10.8.5 WPA, WPA2, WPA2-MIX
- 10.8.6 WPA-PSK, WPA2-PSK, WPA2-PSK-MIX
- 10.9 MAC Filter
- Security
- Firewall
- 11.1 Firewall Overview
- 11.2 Packet Direction Matrix
- 11.3 Packet Direction Examples
- 11.3.1 To VPN Packet Direction
- 11.3.2 From VPN Packet Direction
- 11.3.3 From VPN To VPN Packet Direction
- 11.4 Security Considerations
- 11.5 Firewall Rules Example
- 11.6 Asymmetrical Routes
- 11.6.1 Asymmetrical Routes and IP Alias
- 11.7 Firewall Default Rule (Router Mode)
- 11.8 Firewall Default Rule (Bridge Mode)
- 11.9 Firewall Rule Summary
- 11.10 Anti-Probing
- 11.11 Firewall Thresholds
- 11.11.1 Threshold Values
- 11.12 Threshold Screen
- 11.13 Service
- 11.14 My Service Firewall Rule Example
- Content Filtering Screens
- 12.1 Content Filtering Overview
- 12.1.1 Restrict Web Features
- 12.1.2 Create a Filter List
- 12.1.3 Customize Web Site Access
- 12.2 Content Filter General Screen
- 12.3 Content Filtering with an External Database
- 12.4 Content Filter Categories
- 12.5 Content Filter Customization
- 12.6 Customizing Keyword Blocking URL Checking
- 12.6.1 Domain Name or IP Address URL Checking
- 12.6.2 Full Path URL Checking
- 12.6.3 File Name URL Checking
- 12.7 Content Filtering Cache
- Content Filtering Reports
- IPSec VPN
- 14.1 IPSec VPN Overview
- 14.1.1 IKE SA Overview
- 14.2 VPN Rules (IKE)
- 14.3 IKE SA Setup
- 14.3.1 IKE SA Proposal
- 14.4 Additional IPSec VPN Topics
- 14.4.1 SA Life Time
- 14.4.2 IPSec High Availability
- 14.4.3 Encryption and Authentication Algorithms
- 14.5 VPN Rules (IKE) Gateway Policy Edit
- 14.6 IPSec SA Overview
- 14.6.1 Local Network and Remote Network
- 14.6.2 Active Protocol
- 14.6.3 Encapsulation
- 14.6.4 IPSec SA Proposal and Perfect Forward Secrecy
- 14.7 VPN Rules (IKE): Network Policy Edit
- 14.8 VPN Rules (IKE): Network Policy Move
- 14.9 Dialing the VPN Tunnel via Web Configurator
- 14.10 VPN Troubleshooting
- 14.10.1 VPN Log
- 14.11 IPSec Debug
- 14.12 IPSec SA Using Manual Keys
- 14.12.1 IPSec SA Proposal Using Manual Keys
- 14.12.2 Authentication and the Security Parameter Index (SPI)
- 14.13 VPN Rules (Manual)
- 14.14 VPN Rules (Manual): Edit
- 14.15 VPN SA Monitor
- 14.16 VPN Global Setting
- 14.17 Telecommuter VPN/IPSec Examples
- 14.17.1 Telecommuters Sharing One VPN Rule Example
- 14.17.2 Telecommuters Using Unique VPN Rules Example
- 14.18 VPN and Remote Management
- 14.19 Hub-and-spoke VPN
- 14.19.1 Hub-and-spoke VPN Example
- 14.19.2 Hub-and-spoke Example VPN Rule Addresses
- 14.19.3 Hub-and-spoke VPN Requirements and Suggestions
- Certificates
- 15.1 Certificates Overview
- 15.1.1 Advantages of Certificates
- 15.2 Self-signed Certificates
- 15.3 Verifying a Certificate
- 15.3.1 Checking the Fingerprint of a Certificate on Your Computer
- 15.4 Configuration Summary
- 15.5 My Certificates
- 15.6 My Certificate Details
- 15.7 My Certificate Export
- 15.7.1 Certificate File Export Formats
- 15.8 My Certificate Import
- 15.8.1 Certificate File Formats
- 15.9 My Certificate Create
- 15.10 Trusted CAs
- 15.11 Trusted CA Details
- 15.12 Trusted CA Import
- 15.13 Trusted Remote Hosts
- 15.14 Trusted Remote Hosts Import
- 15.15 Trusted Remote Host Certificate Details
- 15.16 Directory Servers
- 15.17 Directory Server Add or Edit
- Authentication Server
- Firewall
- Advanced
- Network Address Translation (NAT)
- 17.1 NAT Overview
- 17.1.1 NAT Definitions
- 17.1.2 What NAT Does
- 17.1.3 How NAT Works
- 17.1.4 NAT Application
- 17.1.5 Port Restricted Cone NAT
- 17.1.6 NAT Mapping Types
- 17.2 Using NAT
- 17.2.1 SUA (Single User Account) Versus NAT
- 17.3 NAT Overview Screen
- 17.4 NAT Address Mapping
- 17.4.1 What NAT Does
- 17.5 Port Forwarding
- 17.5.1 Default Server IP Address
- 17.5.2 Port Forwarding: Services and Port Numbers
- 17.5.3 Configuring Servers Behind Port Forwarding (Example)
- 17.5.4 NAT and Multiple WAN
- 17.5.5 Port Translation
- 17.6 Port Forwarding Screen
- 17.7 Port Triggering
- Static Route
- Policy Route
- Bandwidth Management
- 20.1 Bandwidth Management Overview
- 20.2 Bandwidth Classes and Filters
- 20.3 Proportional Bandwidth Allocation
- 20.4 Application-based Bandwidth Management
- 20.5 Subnet-based Bandwidth Management
- 20.6 Application and Subnet-based Bandwidth Management
- 20.7 Scheduler
- 20.7.1 Priority-based Scheduler
- 20.7.2 Fairness-based Scheduler
- 20.7.3 Maximize Bandwidth Usage
- 20.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic
- 20.7.5 Maximize Bandwidth Usage Example
- 20.8 Bandwidth Borrowing
- 20.8.1 Bandwidth Borrowing Example
- 20.9 Maximize Bandwidth Usage With Bandwidth Borrowing
- 20.10 Over Allotment of Bandwidth
- 20.11 Configuring Summary
- 20.12 Configuring Class Setup
- 20.13 Bandwidth Manager Monitor
- DNS
- 21.1 DNS Overview
- 21.2 DNS Server Address Assignment
- 21.3 DNS Servers
- 21.4 Address Record
- 21.4.1 DNS Wildcard
- 21.5 Name Server Record
- 21.5.1 Private DNS Server
- 21.6 System Screen
- 21.7 DNS Cache
- 21.8 Configure DNS Cache
- 21.9 Configuring DNS DHCP
- 21.10 Dynamic DNS
- 21.10.1 DYNDNS Wildcard
- 21.10.2 High Availability
- 21.11 Configuring Dynamic DNS
- Remote Management
- 22.1 Remote Management Overview
- 22.1.1 Remote Management Limitations
- 22.1.2 System Timeout
- 22.2 WWW (HTTP and HTTPS)
- 22.3 WWW
- 22.4 HTTPS Example
- 22.4.1 Internet Explorer Warning Messages
- 22.4.2 Netscape Navigator Warning Messages
- 22.4.3 Avoiding the Browser Warning Messages
- 22.4.4 Login Screen
- 22.5 SSH
- 22.6 How SSH Works
- 22.7 SSH Implementation on the ZyWALL
- 22.7.1 Requirements for Using SSH
- 22.8 Configuring SSH
- 22.9 Secure Telnet Using SSH Examples
- 22.9.1 Example 1: Microsoft Windows
- 22.9.2 Example 2: Linux
- 22.10 Secure FTP Using SSH Example
- 22.11 Telnet
- 22.12 Configuring TELNET
- 22.13 FTP
- 22.14 SNMP
- 22.14.1 Supported MIBs
- 22.14.2 SNMP Traps
- 22.14.3 REMOTE MANAGEMENT: SNMP
- 22.15 DNS
- 22.16 Introducing Vantage CNM
- 22.17 Configuring CNM
- UPnP
- 23.1 Universal Plug and Play Overview
- 23.1.1 How Do I Know If I'm Using UPnP?
- 23.1.2 NAT Traversal
- 23.1.3 Cautions with UPnP
- 23.1.4 UPnP and ZyXEL
- 23.2 Configuring UPnP
- 23.3 Displaying UPnP Port Mapping
- 23.4 Installing UPnP in Windows Example
- 23.4.1 Installing UPnP in Windows Me
- 23.4.2 Installing UPnP in Windows XP
- 23.5 Using UPnP in Windows XP Example
- 23.5.1 Auto-discover Your UPnP-enabled Network Device
- 23.5.2 Web Configurator Easy Access
- ALG Screen
- Network Address Translation (NAT)
- Reports, Logs and Maintenance
- Logs Screens
- 25.1 Configuring View Log
- 25.2 Log Description Example
- 25.2.1 About the Certificate Not Trusted Log
- 25.3 Configuring Log Settings
- 25.4 Configuring Reports
- 25.4.1 Viewing Web Site Hits
- 25.4.2 Viewing Host IP Address
- 25.4.3 Viewing Protocol/Port
- 25.4.4 System Reports Specifications
- 25.5 Log Descriptions
- 25.6 Syslog Logs
- Maintenance
- 26.1 Maintenance Overview
- 26.2 General Setup and System Name
- 26.3 Configuring Password
- 26.4 Time and Date
- 26.5 Pre-defined NTP Time Server Pools
- 26.5.1 Resetting the Time
- 26.5.2 Time Server Synchronization
- 26.6 Introduction To Transparent Bridging
- 26.7 Transparent Firewalls
- 26.8 Configuring Device Mode (Router)
- 26.9 Configuring Device Mode (Bridge)
- 26.10 F/W Upload Screen
- 26.11 Backup and Restore
- 26.11.1 Backup Configuration
- 26.11.2 Restore Configuration
- 26.11.3 Back to Factory Defaults
- 26.12 Restart Screen
- Logs Screens
- SMT and Troubleshooting
- Introducing the SMT
- SMT Menu 1 - General Setup
- WAN and Dial Backup Setup
- 29.1 Introduction to WAN, 3G WAN and Dial Backup Setup
- 29.2 WAN Setup
- 29.3 Dial Backup
- 29.3.1 Configuring Dial Backup in Menu 2
- 29.3.2 Advanced WAN Setup
- 29.3.3 Remote Node Profile (Backup ISP)
- 29.3.4 Editing TCP/IP Options
- 29.3.5 Editing Login Script
- 29.3.6 Remote Node Filter
- 29.4 3G WAN
- 29.4.1 3G Modem Setup
- 29.4.2 Remote Node Profile (3G WAN)
- LAN Setup
- Internet Access
- DMZ Setup
- Route Setup
- Wireless Setup
- Remote Node Setup
- IP Static Route Setup
- Network Address Translation (NAT)
- 37.1 Using NAT
- 37.1.1 SUA (Single User Account) Versus NAT
- 37.1.2 Applying NAT
- 37.2 NAT Setup
- 37.2.1 Address Mapping Sets
- 37.3 Configuring a Server behind NAT
- 37.4 General NAT Examples
- 37.4.1 Internet Access Only
- 37.4.2 Example 2: Internet Access with a Default Server
- 37.4.3 Example 3: Multiple Public IP Addresses With Inside Servers
- 37.4.4 Example 4: NAT Unfriendly Application Programs
- 37.5 Trigger Port Forwarding
- 37.5.1 Two Points To Remember About Trigger Ports
- Introducing the ZyWALL Firewall
- Filter Configuration
- 39.1 Introduction to Filters
- 39.1.1 The Filter Structure of the ZyWALL
- 39.2 Configuring a Filter Set
- 39.2.1 Configuring a Filter Rule
- 39.2.2 Configuring a TCP/IP Filter Rule
- 39.2.3 Configuring a Generic Filter Rule
- 39.3 Example Filter
- 39.4 Filter Types and NAT
- 39.5 Firewall Versus Filters
- 39.5.1 Packet Filtering:
- 39.5.2 Firewall
- 39.6 Applying a Filter
- 39.6.1 Applying LAN Filters
- 39.6.2 Applying DMZ Filters
- 39.6.3 Applying Remote Node Filters
- SNMP Configuration
- System Information & Diagnosis
- Firmware and Configuration File Maintenance
- 42.1 Introduction
- 42.2 Filename Conventions
- 42.3 Backup Configuration
- 42.3.1 Backup Configuration
- 42.3.2 Using the FTP Command from the Command Line
- 42.3.3 Example of FTP Commands from the Command Line
- 42.3.4 GUI-based FTP Clients
- 42.3.5 File Maintenance Over WAN
- 42.3.6 Backup Configuration Using TFTP
- 42.3.7 TFTP Command Example
- 42.3.8 GUI-based TFTP Clients
- 42.3.9 Backup Via Console Port
- 42.4 Restore Configuration
- 42.4.1 Restore Using FTP
- 42.4.2 Restore Using FTP Session Example
- 42.4.3 Restore Via Console Port
- 42.5 Uploading Firmware and Configuration Files
- 42.5.1 Firmware File Upload
- 42.5.2 Configuration File Upload
- 42.5.3 FTP File Upload Command from the DOS Prompt Example
- 42.5.4 FTP Session Example of Firmware File Upload
- 42.5.5 TFTP File Upload
- 42.5.6 TFTP Upload Command Example
- 42.5.7 Uploading Via Console Port
- 42.5.8 Uploading Firmware File Via Console Port
- 42.5.9 Example Xmodem Firmware Upload Using HyperTerminal
- 42.5.10 Uploading Configuration File Via Console Port
- 42.5.11 Example Xmodem Configuration Upload Using HyperTerminal
- System Maintenance Menus 8 to 10
- Remote Management
- IP Policy Routing
- Call Scheduling
- Troubleshooting
- Appendices and Index
- Product Specifications
- Wall-mounting Instructions
- Pop-up Windows, JavaScripts and Java Permissions
- Setting up Your Computer’s IP Address
- IP Addresses and Subnetting
- Common Services
- Wireless LANs
- Importing Certificates
- Command Interpreter
- NetBIOS Filter Commands
- Brute-Force Password Guessing Protection
- Legal Information
- Customer Support
- Index