Directory

Brands

ZyXEL Communications manuals

Hardware

ZyXEL ZyWALL 35

Manual

ZyXEL Communications ZyXEL ZyWALL 35 User Manual

Zywall 35, User’s guide

Text mode
Original mode

background image

ZyWALL 35

Internet Security Appliance

User’s Guide

Version 3.63

November 2004

Pages: 1 2 3 4 5 6 7 … 697

wrong Brand
wrong Model
non readable

Table of contents

Document Outline

User’s Guide
Copyright
Federal Communications Commission (FCC) Interference Statement
ZyXEL Limited Warranty
Customer Support
Table of Contents
List of Figures
List of Tables
Preface
1. Getting to Know Your ZyWALL
- 1.1 ZyWALL 35 Internet Security Appliance Overview
- 1.2 ZyWALL Features
  - 1.2.1 Physical Features
  - 1.2.2 Non-Physical Features
- 1.3 Applications for the ZyWALL
  - 1.3.1 Secure Broadband Internet Access via Cable or DSL Modem
  - 1.3.2 VPN Application
2. Introducing the Web Configurator
- 2.1 Web Configurator Overview
- 2.2 Accessing the ZyWALL Web Configurator
- 2.3 Resetting the ZyWALL
  - 2.3.1 Procedure To Use The Reset Button
  - 2.3.2 Uploading a Configuration File Via Console Port
- 2.4 Navigating the ZyWALL Web Configurator
3. Wizard Setup
- 3.1 Wizard Setup Overview
- 3.2 Internet Access
- 3.3 VPN Overview
  - 3.3.1 IPSec
  - 3.3.2 Security Association
- 3.4 VPN Wizard
- 3.5 IPSec Algorithms
4. LAN Screens
- 4.1 LAN Overview
- 4.2 DHCP Setup
  - 4.2.1 IP Pool Setup
  - 4.2.2 DNS Servers
- 4.3 LAN TCP/IP
- 4.4 Configuring LAN
- 4.5 Configuring Static DHCP
- 4.6 Configuring IP Alias
- 4.7 Configuring Port Roles
5. Bridge Screens
- 5.1 Bridge Loop
- 5.2 Spanning Tree Protocol (STP)
- 5.3 Configuring Bridge
- 5.4 Configuring Port Roles
6. Wireless LAN and Authentication Server
- 6.1 Wireless LAN Overview
  - 6.1.1 Additional Installation Requirements for Using 802.1x
- 6.2 Wireless LAN Basics
- 6.3 Wireless Security
- 6.4 Security Parameters Summary
- 6.5 WEP Encrytion
- 6.6 802.1x Overview
- 6.7 Dynamic WEP Key Exchange
- 6.8 Introduction to WPA
  - 6.8.1 User Authentication
  - 6.8.2 Encryption
- 6.9 WPA-PSK Application Example
- 6.10 WPA with RADIUS Application Example
- 6.11 Wireless Client WPA Supplicants
- 6.12 Inserting a PCMCIA/CardBus Wireless LAN Card
- 6.13 Configuring Wireless LAN
- 6.14 Configuring MAC Filter
- 6.15 Introduction to RADIUS
  - 6.15.1 Types of RADIUS Messages
  - 6.15.2 EAP Authentication Overview
- 6.16 Introduction to Local User Database
- 6.17 Authentication Server
- 6.18 Configuring Local User Database
- 6.19 Configuring RADIUS
7. WAN Screens
- 7.1 WAN Overview
- 7.2 Multiple WAN
- 7.3 Load Balancing Introduction
- 7.4 Load Balancing Algorithms
- 7.5 TCP/IP Priority (Metric)
- 7.6 Configuring General
- 7.7 Configuring Load Balancing
- 7.8 Configuring WAN Setup
- 7.9 Traffic Redirect
- 7.10 Configuring Traffic Redirect
- 7.11 Configuring Dial Backup
- 7.12 Advanced Modem Setup
- 7.13 Configuring Advanced Modem Setup
8. DMZ Screens
- 8.1 DMZ Overview
- 8.2 Configuring DMZ
- 8.3 Configuring IP Alias
- 8.4 DMZ Public IP Address Example
- 8.5 DMZ Private and Public IP Address Example
- 8.6 Configuring Port Roles
9. Firewalls
- 9.1 Firewall Overview
- 9.2 Types of Firewalls
- 9.3 Introduction to ZyXEL’s Firewall
- 9.4 Denial of Service
  - 9.4.1 Basics
  - 9.4.2 Types of DoS Attacks
- 9.5 Stateful Inspection
- 9.6 Guidelines For Enhancing Security With Your Firewall
- 9.7 Packet Filtering Vs Firewall
  - 9.7.1 Packet Filtering:
    - 9.7.1.1 When To Use Filtering
  - 9.7.2 Firewall
    - 9.7.2.1 When To Use The Firewall
10. Firewall Screens
- 10.1 Access Methods
- 10.2 Firewall Policies Overview
- 10.3 Rule Logic Overview
- 10.4 Connection Direction Examples
  - 10.4.1 LAN To WAN Rules
  - 10.4.2 WAN To LAN Rules
- 10.5 Alerts
- 10.6 Configuring Firewall
- 10.7 Example Firewall Rule
- 10.8 Predefined Services
- 10.9 Anti-Probing
- 10.10 Configuring Attack Alert
  - 10.10.1 Threshold Values
  - 10.10.2 Half-Open Sessions
    - 10.10.2.1 TCP Maximum Incomplete and Blocking Time
11. Content Filtering Screens
- 11.1 Content Filtering Overview
- 11.2 General Content Filter Configuration
- 11.3 Content Filtering with an External Database
- 11.4 Categories and Registering
- 11.5 Customization
- 11.6 Customizing Keyword Blocking URL Checking
12. Content Filtering Registration and Reports
- 12.1 Introduction to myZyXEL.com
  - 12.1.1 A Note on myZyXEL.com Numbers
- 12.2 myZyXEL.com Account Registration
- 12.3 Registering Your ZyXEL Device
- 12.4 Content Filtering Registration
- 12.5 Checking Content Filtering Activation
- 12.6 Updating Product Registration Information
- 12.7 Viewing Content Filtering Reports
- 12.8 Configuration File
13. Introduction to IPSec
- 13.1 VPN Overview
- 13.2 IPSec Architecture
  - 13.2.1 IPSec Algorithms
  - 13.2.2 Key Management
- 13.3 Encapsulation
  - 13.3.1 Transport Mode
  - 13.3.2 Tunnel Mode
- 13.4 IPSec and NAT
14. VPN Screens
- 14.1 VPN/IPSec Overview
- 14.2 IPSec Algorithms
  - 14.2.1 AH (Authentication Header) Protocol
  - 14.2.2 ESP (Encapsulating Security Payload) Protocol
- 14.3 My IP Address
- 14.4 Secure Gateway Address
  - 14.4.1 Dynamic Secure Gateway Address
- 14.5 Summary Screen
- 14.6 Keep Alive
- 14.7 NAT Traversal
- 14.8 ID Type and Content
  - 14.8.1 ID Type and Content Examples
- 14.9 Pre-Shared Key
- 14.10 Editing VPN Policies
- 14.11 IKE Phases
- 14.12 Configuring Advanced VPN Rule
- 14.13 Manual Key Setup
  - 14.13.1 Security Parameter Index (SPI)
- 14.14 Configuring Manual Key
- 14.15 Viewing SA Monitor
- 14.16 Configuring Global Setting
- 14.17 Telecommuter VPN/IPSec Examples
  - 14.17.1 Telecommuters Sharing One VPN Rule Example
  - 14.17.2 Telecommuters Using Unique VPN Rules Example
- 14.18 VPN and Remote Management
15. Certificates
- 15.1 Certificates Overview
  - 15.1.1 Advantages of Certificates
- 15.2 Self-signed Certificates
- 15.3 Configuration Summary
- 15.4 My Certificates
- 15.5 Certificate File Formats
- 15.6 Importing a Certificate
- 15.7 Creating a Certificate
- 15.8 My Certificate Details
- 15.9 Trusted CAs
- 15.10 Importing a Trusted CA’s Certificate
- 15.11 Trusted CA Certificate Details
- 15.12 Trusted Remote Hosts
- 15.13 Verifying a Trusted Remote Host’s Certificate
  - 15.13.1 Trusted Remote Host Certificate Fingerprints
- 15.14 Importing a Trusted Remote Host’s Certificate
- 15.15 Trusted Remote Host Certificate Details
- 15.16 Directory Servers
- 15.17 Add or Edit a Directory Server
16. Network Address Translation (NAT)
- 16.1 NAT Overview
- 16.2 Using NAT
  - 16.2.1 SUA (Single User Account) Versus NAT
- 16.3 Configuring NAT Overview
- 16.4 Configuring Address Mapping
  - 16.4.1 Address Mapping Edit
- 16.5 Port Forwarding
- 16.6 Configuring Port Forwarding
- 16.7 Configuring Trigger Port
17. Static Route
- 17.1 Static Route Overview
- 17.2 Configuring IP Static Route
  - 17.2.1 Configuring a Static Route Entry
18. Policy Route
- 18.1 Introduction to IP Policy Routing
- 18.2 Benefits
- 18.3 Routing Policy
- 18.4 IP Routing Policy Setup
- 18.5 Configuring the IP Policy Route Entry
19. Bandwidth Management
- 19.1 Bandwidth Management Overview
- 19.2 Bandwidth Classes and Filters
- 19.3 Proportional Bandwidth Allocation
- 19.4 Bandwidth Management Usage Examples
- 19.5 Scheduler
  - 19.5.1 Priority-based Scheduler
  - 19.5.2 Fairness-based Scheduler
- 19.6 Maximize Bandwidth Usage
  - 19.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic
  - 19.6.2 Maximize Bandwidth Usage Example
- 19.7 Bandwidth Borrowing
  - 19.7.1 Bandwidth Borrowing Example
  - 19.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing
- 19.8 Configuring Summary
- 19.9 Configuring Class Setup
  - 19.9.1 Bandwidth Manager Class Configuration
  - 19.9.2 Bandwidth Management Statistics
- 19.10 Configuring Monitor
20. DNS
- 20.1 DNS Overview
- 20.2 DNS Server Address Assignment
- 20.3 DNS Servers
- 20.4 Address Record
- 20.5 Name Server Record
  - 20.5.1 Private DNS Server
- 20.6 The System Screen
  - 20.6.1 Adding an Address Record
  - 20.6.2 Inserting a Name Server record
- 20.7 DNS Cache
- 20.8 Configure DNS Cache
- 20.9 Configuring LAN DNS
- 20.10 Dynamic DNS
  - 20.10.1 DYNDNS Wildcard
  - 20.10.2 High Availability
- 20.11 Configuring Dynamic DNS
21. Remote Management
- 21.1 Remote Management Overview
- 21.2 Introduction to HTTPS
- 21.3 Configuring WWW
- 21.4 HTTPS Example
- 21.5 SSH Overview
- 21.6 How SSH works
- 21.7 SSH Implementation on the ZyWALL
  - 21.7.1 Requirements for Using SSH
- 21.8 Configuring SSH
- 21.9 Secure Telnet Using SSH Examples
  - 21.9.1 Example 1: Microsoft Windows
  - 21.9.2 Example 2: Linux
- 21.10 Secure FTP Using SSH Example
- 21.11 Telnet
- 21.12 Configuring TELNET
- 21.13 Configuring FTP
- 21.14 Configuring SNMP
- 21.15 Configuring DNS
- 21.16 Introducing Vantage CNM
- 21.17 Configuring CNM
22. UPnP
- 22.1 Universal Plug and Play Overview
- 22.2 UPnP and ZyXEL
- 22.3 Configuring UPnP
- 22.4 Displaying UPnP Port Mapping
- 22.5 Installing UPnP in Windows Example
  - 22.5.1 Installing UPnP in Windows Me
  - 22.5.2 Installing UPnP in Windows XP
- 22.6 Using UPnP in Windows XP Example
  - 22.6.1 Auto-discover Your UPnP-enabled Network Device
  - 22.6.2 Web Configurator Easy Access
23. Logs Screens
- 23.1 Configuring View Log
- 23.2 Log Description Example
- 23.3 Configuring Log Settings
- 23.4 Configuring Reports
24. Maintenance
- 24.1 Maintenance Overview
- 24.2 General Setup
  - 24.2.1 General Setup and System Name
  - 24.2.2 Domain Name
- 24.3 Configuring Password
- 24.4 Pre-defined NTP Time Servers List
- 24.5 Configuring Time and Date
  - 24.5.1 Time Server Synchronization
- 24.6 Configuring Device Mode
- 24.7 F/W Upload Screen
- 24.8 Configuration Screen
- 24.9 Restart Screen
25. Introducing the SMT
- 25.1 Introduction to the SMT
- 25.2 Accessing the SMT via the Console Port
  - 25.2.1 Initial Screen
  - 25.2.2 Entering the Password
- 25.3 Navigating the SMT Interface
  - 25.3.1 Main Menu
  - 25.3.2 SMT Menus at a Glance
- 25.4 Changing the System Password
- 25.5 Resetting the ZyWALL
26. SMT Menu 1 - General Setup
- 26.1 Introduction to General Setup
- 26.2 Configuring General Setup
  - 26.2.1 Configuring Dynamic DNS
    - 26.2.1.1 Editing DDNS Host
27. WAN and Dial Backup Setup
- 27.1 Introduction to WAN and Dial Backup Setup
- 27.2 WAN Setup
- 27.3 Dial Backup
- 27.4 Configuring Dial Backup in Menu 2
- 27.5 Advanced WAN Setup
- 27.6 Remote Node Profile (Backup ISP)
- 27.7 Editing PPP Options
- 27.8 Editing TCP/IP Options
- 27.9 Editing Login Script
- 27.10 Remote Node Filter
28. LAN Setup
- 28.1 Introduction to LAN Setup
- 28.2 Accessing the LAN Menus
- 28.3 LAN Port Filter Setup
- 28.4 TCP/IP and DHCP Ethernet Setup Menu
  - 28.4.1 IP Alias Setup
- 28.5 Wireless LAN Setup
  - 28.5.1 MAC Address Filter Setup
29. Internet Access
- 29.1 Introduction to Internet Access Setup
- 29.2 Ethernet Encapsulation
- 29.3 Configuring the PPTP Client
- 29.4 Configuring the PPPoE Client
- 29.5 Basic Setup Complete
30. DMZ Setup
- 30.1 Configuring DMZ Setup
- 30.2 DMZ Port Filter Setup
- 30.3 TCP/IP Setup
  - 30.3.1 IP Address
  - 30.3.2 IP Alias Setup
31. Route Setup
- 31.1 Configuring Route Setup
- 31.2 Route Assessment
- 31.3 Traffic Redirect
- 31.4 Route Failover
32. Remote Node Setup
- 32.1 Introduction to Remote Node Setup
- 32.2 Remote Node Setup
- 32.3 Remote Node Profile Setup
- 32.4 Edit IP
- 32.5 Remote Node Filter
33. IP Static Route Setup
- 33.1 IP Static Route Setup
34. Network Address Translation (NAT)
- 34.1 Using NAT
  - 34.1.1 SUA (Single User Account) Versus NAT
  - 34.1.2 Applying NAT
- 34.2 NAT Setup
  - 34.2.1 Address Mapping Sets
- 34.3 Configuring a Server behind NAT
- 34.4 General NAT Examples
- 34.5 Trigger Port Forwarding
  - 34.5.1 Two Points To Remember About Trigger Ports
35. Introducing the ZyWALL Firewall
- 35.1 Using ZyWALL SMT Menus
  - 35.1.1 Activating the Firewall
36. Filter Configuration
- 36.1 Introduction to Filters
  - 36.1.1 The Filter Structure of the ZyWALL
- 36.2 Configuring a Filter Set
- 36.3 Example Filter
- 36.4 Filter Types and NAT
- 36.5 Firewall Versus Filters
- 36.6 Applying a Filter
37. SNMP Configuration
- 37.1 SNMP Configuration
- 37.2 SNMP Traps
38. System Information & Diagnosis
- 38.1 Introduction to System Status
- 38.2 System Status
- 38.3 System Information and Console Port Speed
  - 38.3.1 System Information
  - 38.3.2 Console Port Speed
- 38.4 Log and Trace
- 38.5 Diagnostic
  - 38.5.1 WAN DHCP
39. Firmware and Configuration File Maintenance
- 39.1 Introduction
- 39.2 Filename Conventions
- 39.3 Backup Configuration
- 39.4 Restore Configuration
- 39.5 Uploading Firmware and Configuration Files
40. System Maintenance Menus 8 to 10
- 40.1 Command Interpreter Mode
  - 40.1.1 Command Syntax
  - 40.1.2 Command Usage
- 40.2 Call Control Support
  - 40.2.1 Budget Management
  - 40.2.2 Call History
- 40.3 Time and Date Setting
  - 40.3.1 Resetting the Time
41. Remote Management
- 41.1 Remote Management
  - 41.1.1 Remote Management Limitations
42. IP Policy Routing
- 42.1 IP Routing Policy Summary
- 42.2 IP Routing Policy Setup
  - 42.2.1 Applying Policy to Packets
- 42.3 IP Policy Routing Example
43. Call Scheduling
- 43.1 Introduction to Call Scheduling
44. VPN/IPSec Setup
- 44.1 Introduction
- 44.2 IPSec Summary Screen
- 44.3 IPSec Setup
- 44.4 IKE Setup
- 44.5 Manual Setup
  - 44.5.1 Active Protocol
  - 44.5.2 Security Parameter Index (SPI)
45. SA Monitor
- 45.1 Introduction
- 45.2 Using SA Monitor
46. Troubleshooting
- 46.1 Problems Starting Up the ZyWALL
- 46.2 Problems with the LAN Interface
- 46.3 Problems with the DMZ Interface
- 46.4 Problems with the WAN Interface
- 46.5 Problems with Internet Access
- 46.6 Problems with the Password
- 46.7 Problems with Remote Management
Appendix A. Hardware Specifications
- Cable Pin Assignments
- Power Adaptor Specifications
Appendix B. Setting up Your Computer’s IP Address
- Windows 95/98/Me
- Installing Components
- Configuring
- Verifying Settings
- Windows 2000/NT/XP
- Verifying Settings
- Macintosh OS 8/9
- Verifying Settings
- Macintosh OS X
- Verifying Settings
Appendix C. IP Subnetting
- IP Addressing
- IP Classes
- Subnet Masks
- Subnetting
- Example: Two Subnets
- Example: Four Subnets
- Example Eight Subnets
- Subnetting With Class A and Class B Networks.
Appendix D. PPPoE
- PPPoE in Action
- Benefits of PPPoE
- Traditional Dial-up Scenario
- How PPPoE Works
- ZyWALL as a PPPoE Client
Appendix E. PPTP
- What is PPTP?
- How can we transport PPP frames from a computer to a broadband modem over Ethernet?
- PPTP and the ZyWALL
- PPTP Protocol Overview
- Control & PPP Connections
- Call Connection
- PPP Data Connection
Appendix F. Wireless LAN and IEEE 802.11
- Benefits of a Wireless LAN
- IEEE 802.11
- Ad-hoc Wireless LAN Configuration
- Infrastructure Wireless LAN Configuration
Appendix G. Wireless LAN With IEEE 802.1x
- Security Flaws with IEEE 802.11
- Deployment Issues with IEEE 802.11
- IEEE 802.1x
- Advantages of the IEEE 802.1x
- RADIUS Server Authentication Sequence
Appendix H. Types of EAP Authentication
- EAP-MD5 (Message-Digest Algorithm 5)
- EAP-TLS (Transport Layer Security)
- EAP-TTLS (Tunneled Transport Layer Service)
- PEAP (Protected EAP)
- LEAP
Appendix I. Triangle Route
- The Ideal Setup
- The “Triangle Route” Problem
- The “Triangle Route” Solutions
- IP Aliasing
- Gateways on the WAN Side
- How To Configure Triangle Route
Appendix J. SIP Passthrough
- SIP
- SIP Identities
- SIP Number
- SIP Service Domain
- SIP Call Progression
- SIP Servers
- SIP User Agent Server
- SIP Proxy Server
- SIP Redirect Server
- SIP Register Server
- RTP
- SIP ALG
- STUN
- ZyXEL SIP ALG
- SIP ALG and NAT
- SIP ALG and Firewall
- SIP ALG and Multiple WAN
- Enabling/Disabling the SIP ALG
- Signaling Session Timeout
- Audio Session Timeout
Appendix K. VPN Setup
- General Notes
- Dynamic IPSec Rule
- Full Feature NAT Mode
- VPN Configuration via Web Configurator
- Dialing the VPN Tunnel via Web Configurator
- VPN Configuration via SMT
- Dialing the VPN Tunnel via SMT
- VPN Troubleshooting
- VPN Log
- IPSec Debug
Appendix L. Importing Certificates
- Import ZyWALL Certificates into Netscape Navigator
- Importing the ZyWALL’s Certificate into Internet Explorer
- Enrolling and Importing SSL Client Certificates
- Installing the CA’s Certificate
- Installing Your Personal Certificate(s)
- Using a Certificate When Accessing the ZyWALL Example
Appendix M. Command Interpreter
- Command Syntax
- Command Usage
Appendix N. Firewall Commands
Appendix O. NetBIOS Filter Commands
- Introduction
- Display NetBIOS Filter Settings
- NetBIOS Filter Configuration
Appendix P. Certificates Commands
Appendix Q. Brute-Force Password Guessing Protection
- Example
Appendix R. Boot Commands
Appendix S. Log Descriptions
- Log Commands
- Configuring What You Want the ZyWALL to Log
- Displaying Logs
- Log Command Example
Index
- Numerics
- A
- B
- C
- D
- E
- F
- G
- H
- I
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Z

See also other documents in the category ZyXEL Communications Hardware:

ISDN Terminal Adapter Omni.Net Lite (84 pages)
ZYAIR G-360 V2 (2 pages)
DMA-1000 Series (192 pages)
PLA-450 (2 pages)
EXT-108 (2 pages)
P-2602HWLNI (496 pages)
ZyXEL ZyWALL 2WG (730 pages)
P841C (41 pages)
Network Device P-2302 (359 pages)
P-870M-I (2 pages)
P-661HW Series (383 pages)
Prestige 310 (161 pages)
802.11g Wireless Access Point ZyXEL G-560 (144 pages)
P-2602HW (2 pages)
Prestige 2602R Series (450 pages)
5 Series (835 pages)
Prestige 623ME-T (253 pages)
omni.net LCD series (53 pages)
ZyXEL ZyAIR B-1000 (231 pages)
P-2302HWUDL-P1 Series (368 pages)
ZyXEL ZyWALL 5 (667 pages)
Prestige 645R (180 pages)
ZYWALL IDP 10 (42 pages)
802.11g Wireless Firewall Router P-320W (215 pages)
PRESTIGE 660R-6XC (6 pages)
56K Plus II (88 pages)
P-2802HW-i (2 pages)
ZYAIR AG-200 (2 pages)
POWERLINE PL-100 (33 pages)
HomePlug AV DMA-1100P (198 pages)
Access Router P-660R-T (9 pages)
omni.net LCD+M (186 pages)
G-162 (85 pages)
PL-100 (33 pages)
ZyXEL ZyAIR A-6000 (46 pages)
ZyXEL ZyAIR AG-225H (14 pages)
2304R-P1 (124 pages)
XTREMEMIMO M-302 (2 pages)
nbg334s (2 pages)
P-793H 601156 (1 page)
Ethernet Extension Card EEC1020 (8 pages)
P-871M (26 pages)
Prestige 128L (114 pages)
P-2812HNU-51c (2 pages)
ZyWALL SSL 10 (64 pages)