ZyXEL Communications ZyWALL 2 Plus - Packet Direction Examples; Figure 115 Default Block Traffic from WAN to DMZ Example

To Next Page

To Previous Page

Chapter 11 Firewall

ZyWALL 2 Plus User’s Guide

183

Figure 115 Default Block Traffic From WAN to DMZ Example

11.3 Packet Direction Examples

Firewall rules are grouped based on the direction of travel of packets to which they apply. This

section gives some examples of why you might configure firewall rules for specific

connection directions.

By default, the ZyWALL allows packets traveling in the following directions.:

• LAN to LAN These rules specify which computers on the LAN can manage the

ZyWALL (remote management) and communicate between networks or

subnets connected to the LAN interface (IP alias).

Note: You can also configure the remote management

settings to allow only a specific computer to manage

the ZyWALL.

• LAN to WAN These rules specify which computers on the LAN can access which

computers or services connected to the WAN. See Section 11.5 on page

188 for an example.

Main Page

Default Chapter3
- About this User's Guide3
- Document Conventions4
- Safety Warnings6
- Table of Contents7
- Contents Overview7
- Table of Contents9
- List of Figures25
- List of Tables37
- Introduction and Registration43
- Part I: Introduction and Registration43
Chapter 1 Getting to Know Your Zywall45
- Zywall Internet Security Appliance Overview45
- Applications for the Zywall45
  - Secure Broadband Internet Access Via Cable or DSL Modem45
  - VPN Application46
- Ways to Manage the Zywall46
- Figure 1 Secure Internet Access Via Cable, DSL or Wireless Modem46
- Figure 2 VPN Application46
- Good Habits for Managing the Zywall47
- Leds47
- Figure 3 Front Panel47
- Table 1 Front Panel Leds47
Chapter 2 Introducing the Web Configurator49
- Web Configurator Overview49
- Accessing the Zywall Web Configurator49
- Figure 4 Change Password Screen50
- Figure 5 Replace Certificate Screen50
- Resetting the Zywall51
- Navigating the Zywall Web Configurator52
- Wizard Setup67
Chapter 3 Wizard Setup67
- Wizard Setup Overview67
- Internet Access67
  - Figure 14 Wizard Setup Welcome67
  - Figure 15 ISP Parameters: Ethernet Encapsulation68
  - ISP Parameters68
  - Table 11 ISP Parameters: Ethernet Encapsulation68
  - Figure 16 ISP Parameters: Pppoe Encapsulation69
  - Pptp Encapsulation70
  - Table 12 ISP Parameters: Pppoe Encapsulation70
  - Figure 17 ISP Parameters: PPTP Encapsulation71
  - Table 13 ISP Parameters: PPTP Encapsulation71
  - Figure 18 Internet Access Wizard: Second Screen72
  - Internet Access Wizard: Second Screen72
  - Figure 19 Internet Access Setup Complete73
  - Internet Access Wizard: Registration73
  - Figure 20 Internet Access Wizard: Registration74
  - Table 14 Internet Access Wizard: Registration74
  - Figure 21 Internet Access Wizard: Registration in Progress75
  - Figure 22 Internet Access Wizard: Status75
  - Figure 23 Internet Access Wizard: Registration Failed75
- VPN Wizard Gateway Setting76
- Figure 24 Internet Access Wizard: Registered Device76
- Figure 25 Internet Access Wizard: Activated Services76
- VPN Wizard Network Setting77
- Figure 26 VPN Wizard: Gateway Setting77
- Table 15 VPN Wizard: Gateway Setting77
- Figure 27 VPN Wizard: Network Setting78
- Table 16 VPN Wizard: Network Setting78
- VPN Wizard IKE Tunnel Setting (IKE Phase 1)79
- Figure 28 VPN Wizard: IKE Tunnel Setting79
- VPN Wizard Ipsec Setting (IKE Phase 2)80
- Table 17 VPN Wizard: IKE Tunnel Setting80
- Figure 29 VPN Wizard: Ipsec Setting81
- Table 18 VPN Wizard: Ipsec Setting81
- VPN Wizard Status Summary82
- Figure 30 VPN Wizard: VPN Status82
- Table 19 VPN Wizard: VPN Status83
- VPN Wizard Setup Complete84
- Figure 31 VPN Wizard Setup Complete84
- Tutorial85
Chapter 4 Tutorial85
- Security Settings for VPN Traffic85
- Using NAT with Multiple Public IP Addresses92
- Using NAT with Multiple Game Players109
- Figure 68 Tutorial Example: Firewall Rule Summary109
- How to Manage the Zywall's Bandwidth110
- Registration117
Chapter 5 Registration117
- Myzyxel.com Overview117
  - Content Filtering Subscription Service117
- Registration118
- Figure 78 REGISTRATION118
- Table 20 REGISTRATION118
- Service119
- Figure 79 REGISTRATION: Registered Device119
- Figure 80 REGISTRATION > Service120
- Table 21 REGISTRATION > Service120
- Network121
- Part II: Network121
  - LAN Screens123
Chapter 6 LAN Screens123
- LAN, WAN and the Zywall123
- IP Address and Subnet Mask123
  - Figure 81 LAN and WAN123
  - Private IP Addresses124
- Dhcp125
  - IP Pool Setup125
- RIP Setup125
- Multicast125
- Wins126
- Lan126
- Figure 82 NETWORK > LAN127
- Table 22 NETWORK > LAN127
- LAN Static DHCP129
- Figure 83 NETWORK > LAN > Static DHCP129
- LAN IP Alias130
- Figure 84 Physical Network & Partitioned Logical Networks130
- Table 23 NETWORK > LAN > Static DHCP130
- Figure 85 NETWORK > LAN > IP Alias131
- Table 24 NETWORK > LAN > IP Alias131
- LAN Port Roles132
- Figure 86 NETWORK > LAN > Port Roles132
- Table 25 NETWORK > LAN > Port Roles132
- Figure 87 Port Roles Change Complete133
- Bridge Screens135
Chapter 7 Bridge Screens135
- Bridge Loop135
- Figure 88 Bridge Loop: Bridge Connected to Wired LAN135
- Spanning Tree Protocol (STP)136
- Bridge137
- Table 27 STP Port States137
- Figure 89 NETWORK > Bridge138
- Table 28 NETWORK > Bridge138
- Bridge Port Roles139
- Figure 90 NETWORK > Bridge > Port Roles140
- Figure 91 Port Roles Change Complete140
- Table 29 NETWORK > Bridge > Port Roles140
- WAN Screens141
Chapter 8 WAN Screens141
- WAN Overview141
- TCP/IP Priority (Metric)141
- WAN Route141
- Figure 92 NETWORK > WAN Route142
- Table 30 NETWORK > WAN Route142
- WAN IP Address Assignment143
- DNS Server Address Assignment143
- Table 31 Private IP Address Ranges143
- WAN MAC Address144
- Wan144
  - WAN Ethernet Encapsulation144
  - Table 32 Example of Network Properties for LAN Servers with Fixed IP Addresses144
  - Figure 93 NETWORK > WAN > WAN (Ethernet Encapsulation)145
  - Table 33 NETWORK > WAN > WAN (Ethernet Encapsulation)145
  - Pppoe Encapsulation147
  - Figure 94 NETWORK > WAN > WAN (Pppoe Encapsulation)148
  - Table 34 NETWORK > WAN > WAN (Pppoe Encapsulation)148
  - PPTP Encapsulation150
  - Figure 95 NETWORK > WAN > WAN (PPTP Encapsulation)151
  - Table 35 NETWORK > WAN > WAN (PPTP Encapsulation)151
- Traffic Redirect153
- Configuring Traffic Redirect154
- Figure 96 Traffic Redirect WAN Setup154
- Figure 97 Traffic Redirect LAN Setup154
- Figure 98 NETWORK > WAN > Traffic Redirect154
- Configuring Dial Backup155
- Table 36 NETWORK > WAN > Traffic Redirect155
- Figure 99 NETWORK > WAN > Dial Backup156
- Table 37 NETWORK > WAN > Dial Backup156
- Advanced Modem Setup158
  - AT Command Strings158
  - DTR Signal159
  - Response Strings159
- Configuring Advanced Modem Setup159
- Figure 100 NETWORK > WAN > Dial Backup > Edit159
- Table 38 NETWORK > WAN > Dial Backup > Edit160
- DMZ Screens161
Chapter 9 DMZ Screens161
- Dmz161
- Configuring DMZ161
- Figure 101 NETWORK > DMZ162
- Table 39 NETWORK > DMZ162
- DMZ Static DHCP164
- Figure 102 NETWORK > DMZ > Static DHCP164
- DMZ IP Alias165
- Table 40 NETWORK > DMZ > Static DHCP165
- Figure 103 NETWORK > DMZ > IP Alias166
- Table 41 NETWORK > DMZ > IP Alias166
- DMZ Public IP Address Example167
- DMZ Private and Public IP Address Example167
- Figure 104 DMZ Public Address Example167
- DMZ Port Roles168
- Figure 105 DMZ Private and Public Address Example168
- Figure 106 NETWORK > DMZ > Port Roles169
- Table 42 NETWORK > DMZ > Port Roles169
- Wireless LAN171
Chapter 10 Wireless LAN171
- Wireless LAN Introduction171
- Configuring WLAN171
- Figure 107 NETWORK > WLAN172
- Table 43 NETWORK > WLAN172
- WLAN Static DHCP174
- Figure 108 NETWORK > WLAN > Static DHCP174
- WLAN IP Alias175
- Table 44 NETWORK > WLAN > Static DHCP175
- Figure 109 NETWORK > WLAN > IP Alias176
- Table 45 NETWORK > WLAN > IP Alias176
- WLAN Port Roles177
- Figure 110 WLAN Port Role Example177
- Figure 111 NETWORK > WLAN > Port Roles178
- Figure 112 NETWORK > WLAN > Port Roles: Change Complete178
- Table 46 NETWORK > WLAN > Port Roles178
- Security179
- Part III: Security179
  - Firewall181
Chapter 11 Firewall181
- Firewall Overview181
- Figure 113 Default Firewall Action181
- Packet Direction Matrix182
- Figure 114 SECURITY > FIREWALL > Default Rule (Router Mode)182
- Table 47182
- Packet Direction Examples183
  - Figure 115 Default Block Traffic from WAN to DMZ Example183
  - To VPN Packet Direction184
  - Figure 116 from LAN to VPN Example185
  - Figure 117 Block DMZ to VPN Traffic by Default Example185
  - From VPN Packet Direction185
  - Figure 118 from VPN to LAN Example186
  - Figure 119 Block VPN to LAN Traffic by Default Example186
  - Figure 120 from VPN to VPN Example187
  - Figure 121 Block VPN to VPN Traffic by Default Example187
  - From VPN to VPN Packet Direction187
- Security Considerations188
- Firewall Rules Example188
- Figure 122 Blocking All LAN to WAN IRC Traffic Example188
- Figure 123 Limited LAN to WAN IRC Traffic Example189
- Table 48 Blocking All LAN to WAN IRC Traffic Example189
- Table 49 Limited LAN to WAN IRC Traffic Example189
- Asymmetrical Routes190
  - Asymmetrical Routes and IP Alias190
- Firewall Default Rule (Router Mode)191
- Figure 124 Using IP Alias to Solve the Triangle Route Problem191
- Figure 125 SECURITY > FIREWALL > Default Rule (Router Mode)191
- Table 50 SECURITY > FIREWALL > Default Rule (Router Mode)192
- Firewall Default Rule (Bridge Mode)193
- Figure 126 SECURITY > FIREWALL > Default Rule (Bridge Mode)193
- Firewall Rule Summary194
  - Table 51 SECURITY > FIREWALL > Default Rule (Bridge Mode)194
  - Figure 127 SECURITY > FIREWALL > Rule Summary195
  - Table 52 SECURITY > FIREWALL > Rule Summary195
  - Firewall Edit Rule196
  - Figure 128 SECURITY > FIREWALL > Rule Summary > Edit197
  - Table 53 SECURITY > FIREWALL > Rule Summary > Edit198
- Anti-Probing199
- Figure 129 SECURITY > FIREWALL > Anti-Probing199
- Firewall Thresholds200
  - Figure 130 Three-Way Handshake200
  - Table 54 SECURITY > FIREWALL > Anti-Probing200
  - Threshold Values201
- Threshold Screen201
- Figure 131 SECURITY > FIREWALL > Threshold201
- Table 55 SECURITY > FIREWALL > Threshold202
- Service203
  - Figure 132 SECURITY > FIREWALL > Service203
  - Table 56 SECURITY > FIREWALL > Service203
  - Figure 133 Firewall Edit Custom Service204
  - Firewall Edit Custom Service204
  - Table 57 SECURITY > FIREWALL > Service > Add204
- My Service Firewall Rule Example205
- Figure 134 My Service Firewall Rule Example: Service205
- Figure 135 My Service Firewall Rule Example: Edit Custom Service205
- Figure 136 My Service Firewall Rule Example: Rule Summary206
- Figure 137 My Service Firewall Rule Example: Rule Edit206
- Figure 138 My Service Firewall Rule Example: Rule Configuration208
- Figure 139 My Service Firewall Rule Example: Rule Summary209
Chapter 12 Content Filtering Screens211
- Content Filtering Overview211
- Content Filter General Screen211
- Figure 140 SECURITY > CONTENT FILTER > General212
- Table 58 SECURITY > CONTENT FILTER > General212
- Content Filtering with an External Database214
- Content Filter Categories214
- Figure 141 Content Filtering Lookup Procedure214
- Figure 142 SECURITY > CONTENT FILTER > Categories215
- Table 59 SECURITY > CONTENT FILTER > Categories216
- Content Filter Customization221
- Figure 143 SECURITY > CONTENT FILTER > Customization222
- Table 60 SECURITY > CONTENT FILTER > Customization222
- Customizing Keyword Blocking URL Checking223
- Content Filtering Cache224
- Figure 144 SECURITY > CONTENT FILTER > Cache225
- Table 61 SECURITY > CONTENT FILTER > Cache225
Chapter 13 Content Filtering Reports227
- Checking Content Filtering Activation227
- Viewing Content Filtering Reports227
- Figure 145 Myzyxel.com: Login228
- Figure 146 Myzyxel.com: Welcome228
- Figure 147 Myzyxel.com: Service Management229
- Figure 148 Blue Coat: Login229
- Figure 149 Content Filtering Reports Main Screen230
- Figure 150 Blue Coat: Report Home230
- Figure 151 Global Report Screen Example231
- Web Site Submission232
- Figure 152 Requested Urls Example232
- Figure 153 Web Page Review Process Screen233
- Ipsec VPN235
Chapter 14 Ipsec VPN235
- Ipsec VPN Overview235
  - Figure 154 VPN: Example235
  - Figure 155 VPN: IKE SA and Ipsec SA236
  - IKE SA Overview236
- VPN Rules (IKE)237
- Figure 156 Gateway and Network Policies237
- Figure 157 Ipsec Fields Summary237
- Figure 158 SECURITY > VPN > VPN Rules (IKE)238
- Table 62 SECURITY > VPN > VPN Rules (IKE)238
- IKE SA Setup239
  - IKE SA Proposal239
  - Figure 159 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal239
  - Figure 160 IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange240
  - Figure 161 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication240
  - Table 63 VPN Example: Matching ID Type and Content241
  - Table 64 VPN Example: Mismatching ID Type and Content241
- Additional Ipsec VPN Topics243
  - SA Life Time243
  - Figure 162 VPN/NAT Example243
  - Ipsec High Availability244
  - Figure 163 Ipsec High Availability244
  - Encryption and Authentication Algorithms245
- VPN Rules (IKE) Gateway Policy Edit245
- Figure 164 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy246
- Table 65 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy247
- Ipsec SA Overview251
  - Local Network and Remote Network251
  - Virtual Address Mapping252
  - Figure 165 Local and Remote Network IP Address Overlap252
  - Active Protocol253
  - Encapsulation253
  - Figure 166 Virtual Mapping of Local and Remote Network IP Addresses253
  - Ipsec SA Proposal and Perfect Forward Secrecy254
  - Figure 167 VPN: Transport and Tunnel Mode Encapsulation254
- VPN Rules (IKE): Network Policy Edit255
- Figure 168 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy255
- Table 66 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy256
- VPN Rules (IKE): Network Policy Edit: Port Forwarding259
- Figure 169 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding260
- Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding260
- VPN Rules (IKE): Network Policy Move261
- Figure 170 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy261
- Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy261
- Ipsec SA Using Manual Keys262
  - Ipsec SA Proposal Using Manual Keys262
  - Authentication and the Security Parameter Index (SPI)262
- VPN Rules (Manual)262
- Figure 171 SECURITY > VPN > VPN Rules (Manual)263
- Table 69 SECURITY > VPN > VPN Rules (Manual)263
- VPN Rules (Manual): Edit264
- Figure 172 SECURITY > VPN > VPN Rules (Manual) > Edit264
- Table 70 SECURITY > VPN > VPN Rules (Manual) > Edit264
- VPN SA Monitor266
- VPN Global Setting267
- Figure 173 SECURITY > VPN > SA Monitor267
- Figure 174 SECURITY > VPN > Global Setting267
- Table 71 SECURITY > VPN > SA Monitor267
- Table 72 SECURITY > VPN > Global Setting268
- Telecommuter Vpn/Ipsec Examples269
  - Telecommuters Sharing One VPN Rule Example269
  - Telecommuters Using Unique VPN Rules Example269
  - Figure 175 Telecommuters Sharing One VPN Rule Example269
  - Table 73 Telecommuters Sharing One VPN Rule Example269
  - Figure 176 Telecommuters Using Unique VPN Rules Example270
  - Table 74 Telecommuters Using Unique VPN Rules Example270
- VPN and Remote Management271
- Hub-And-Spoke VPN271
  - Figure 177 VPN for Remote Management Example271
  - Figure 178 VPN Topologies272
  - Hub-And-Spoke VPN Example272
  - Figure 179 Hub-And-Spoke VPN Example273
  - Hub-And-Spoke Example VPN Rule Addresses273
  - Hub-And-Spoke VPN Requirements and Suggestions273
- Certificates275
Chapter 15 Certificates275
- Certificates Overview275
  - Advantages of Certificates276
- Self-Signed Certificates276
- Verifying a Certificate276
  - Checking the Fingerprint of a Certificate on Your Computer276
  - Figure 180 Certificates on Your Computer276
- Configuration Summary277
- Figure 181 Certificate Details277
- Figure 182 Certificate Configuration Overview277
- My Certificates278
- Figure 183 SECURITY > CERTIFICATES > My Certificates278
- Table 75 SECURITY > CERTIFICATES > My Certificates278
- My Certificate Details279
- Figure 184 SECURITY > CERTIFICATES > My Certificates > Details280
- Table 76 SECURITY > CERTIFICATES > My Certificates > Details280
- My Certificate Export282
  - Certificate File Export Formats282
- My Certificate Import283
  - Figure 185 SECURITY > CERTIFICATES > My Certificates > Export283
  - Table 77 SECURITY > CERTIFICATES > My Certificates > Export283
  - Certificate File Formats284
  - Figure 186 SECURITY > CERTIFICATES > My Certificates > Import284
  - Table 78 SECURITY > CERTIFICATES > My Certificates > Import284
- My Certificate Create285
- Figure 187 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12285
- Table 79 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12285
- Figure 188 SECURITY > CERTIFICATES > My Certificates > Create286
- Table 80 SECURITY > CERTIFICATES > My Certificates > Create286
- Trusted Cas288
- Figure 189 SECURITY > CERTIFICATES > Trusted Cas288
- Table 81 SECURITY > CERTIFICATES > Trusted Cas288
- Trusted CA Details289
- Figure 190 SECURITY > CERTIFICATES > Trusted Cas > Details290
- Table 82 SECURITY > CERTIFICATES > Trusted Cas > Details290
- Trusted CA Import292
- Figure 191 SECURITY > CERTIFICATES > Trusted Cas > Import292
- Table 83 SECURITY > CERTIFICATES > Trusted Cas Import292
- Trusted Remote Hosts293
- Figure 192 SECURITY > CERTIFICATES > Trusted Remote Hosts293
- Table 84 SECURITY > CERTIFICATES > Trusted Remote Hosts293
- Trusted Remote Host Certificate Details294
- Figure 193 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details295
- Table 85 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details295
- Trusted Remote Hosts Import297
- Figure 194 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import297
- Table 86 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import297
- Directory Servers298
- Figure 195 SECURITY > CERTIFICATES > Directory Servers298
- Table 87 SECURITY > CERTIFICATES > Directory Servers298
- Directory Server Add or Edit299
- Figure 196 SECURITY > CERTIFICATES > Directory Server > Add299
- Table 88 SECURITY > CERTIFICATES > Directory Server > Add299
Chapter 16 Authentication Server301
- Authentication Server Overview301
- Local User Database302
- Figure 197 SECURITY > AUTH SERVER > Local User Database303
- Table 89 SECURITY > AUTH SERVER > Local User Database303
- Radius304
- Figure 198 SECURITY > AUTH SERVER > RADIUS304
- Table 90 SECURITY > AUTH SERVER > RADIUS304
- Advanced307
- Part IV: Advanced307
Chapter 17 Network Address Translation (NAT)309
- NAT Overview309
- Using NAT313
  - SUA (Single User Account) Versus NAT313
- NAT Overview Screen313
- Table 92 NAT Mapping Types313
- Figure 202 ADVANCED > NAT > NAT Overview314
- Table 93 ADVANCED > NAT > NAT Overview314
- NAT Address Mapping315
- Port Forwarding317
- Port Forwarding Screen320
- Figure 207 ADVANCED > NAT > Port Forwarding320
- Port Triggering321
- Table 96 ADVANCED > NAT > Port Forwarding321
- Figure 208 Trigger Port Forwarding Process: Example322
- Figure 209 ADVANCED > NAT > Port Triggering322
- Table 97 ADVANCED > NAT > Port Triggering323
- Static Route325
Chapter 18 Static Route325
- IP Static Route325
- Bandwidth Management329
Chapter 19 Bandwidth Management329
- Bandwidth Management Overview329
- Bandwidth Classes and Filters329
- Proportional Bandwidth Allocation330
- Application-Based Bandwidth Management330
- Subnet-Based Bandwidth Management330
- Application and Subnet-Based Bandwidth Management330
- Figure 213 Subnet-Based Bandwidth Management Example330
- Table 100 Application and Subnet-Based Bandwidth Management Example330
- Scheduler331
  - Priority-Based Scheduler331
  - Fairness-Based Scheduler331
  - Maximize Bandwidth Usage331
  - Reserving Bandwidth for Non-Bandwidth Class Traffic331
  - Maximize Bandwidth Usage Example332
  - Table 101 Maximize Bandwidth Usage Example332
  - Table 102 Priority-Based Allotment of Unused and Unbudgeted Bandwidth Example332
- Bandwidth Borrowing333
  - Bandwidth Borrowing Example333
  - Table 103 Fairness-Based Allotment of Unused and Unbudgeted Bandwidth Example333
- Maximize Bandwidth Usage with Bandwidth Borrowing334
- Over Allotment of Bandwidth334
- Table 104 Bandwidth Borrowing Example334
- Table 105 over Allotment of Bandwidth Example334
- Configuring Summary335
- Figure 214 ADVANCED > BW MGMT > Summary335
- Table 106 ADVANCED > BW MGMT > Summary335
- Configuring Class Setup336
  - Figure 215 ADVANCED > BW MGMT > Class Setup336
  - Bandwidth Manager Class Configuration337
  - Table 107 ADVANCED > BW MGMT > Class Setup337
  - Figure 216 ADVANCED > BW MGMT > Class Setup > Add Sub-Class338
  - Table 108 ADVANCED > BW MGMT > Class Setup > Add Sub-Class338
  - Bandwidth Management Statistics340
  - Figure 217 ADVANCED > BW MGMT > Class Setup > Statistics340
  - Table 109 Services and Port Numbers340
- Bandwidth Manager Monitor341
- Figure 218 ADVANCED > BW MGMT > Monitor341
- Table 110 ADVANCED > BW MGMT > Class Setup > Statistics341
- Table 111 ADVANCED > BW MGMT > Monitor342
- Dns343
Chapter 20 DNS343
- DNS Overview343
- DNS Server Address Assignment343
- DNS Servers343
- Address Record344
  - DNS Wildcard344
- Name Server Record344
  - Private DNS Server344
- System Screen345
- DNS Cache349
- Configure DNS Cache349
- Figure 223 ADVANCED > DNS > Cache349
- Table 115 ADVANCED > DNS > Cache349
- Configuring DNS DHCP350
- Figure 224 ADVANCED > DNS > DHCP350
- Dynamic DNS351
  - Table 116 ADVANCED > DNS > DHCP351
  - DYNDNS Wildcard352
- Configuring Dynamic DNS352
- Figure 225 ADVANCED > DNS > DDNS352
- Table 117 ADVANCED > DNS > DDNS352
- Remote Management355
Chapter 21 Remote Management355
- Remote Management Overview355
  - Figure 226 Secure and Insecure Remote Management from the WAN355
  - Remote Management Limitations356
  - System Timeout356
- WWW (HTTP and HTTPS)356
- WWW Configuration357
- Figure 227 HTTPS Implementation357
- Figure 228 ADVANCED > REMOTE MGMT > WWW357
- HTTPS Example358
  - Table 118 ADVANCED > REMOTE MGMT > WWW358
  - Figure 229 Security Alert Dialog Box (Internet Explorer)359
  - Internet Explorer Warning Messages359
  - Netscape Navigator Warning Messages359
  - Avoiding the Browser Warning Messages360
  - Figure 230 Security Certificate 1 (Netscape)360
  - Figure 231 Security Certificate 2 (Netscape)360
  - Figure 232 Example: Lock Denoting a Secure Connection361
  - Login Screen361
  - Figure 233 Replace Certificate362
  - Figure 234 Device-Specific Certificate362
  - Figure 235 Common Zywall Certificate362
- Ssh363
- How SSH Works363
- Figure 236 SSH Communication over the WAN Example363
- Figure 237 How SSH Works363
- SSH Implementation on the Zywall364
  - Requirements for Using SSH364
- Configuring SSH364
- Secure Telnet Using SSH Examples365
  - Example 1: Microsoft Windows365
  - Figure 238 ADVANCED > REMOTE MGMT > SSH365
  - Table 119 ADVANCED > REMOTE MGMT > SSH365
  - Example 2: Linux366
  - Figure 239 SSH Example 1: Store Host Key366
  - Figure 240 SSH Example 2: Test366
- Secure FTP Using SSH Example367
- Figure 241 SSH Example 2: Log in367
- Figure 242 Secure FTP: Firmware Upload Example367
- Telnet368
- Configuring TELNET368
- Figure 243 ADVANCED > REMOTE MGMT > TELNET368
- Table 120 ADVANCED > REMOTE MGMT > TELNET368
- Ftp369
- Figure 244 ADVANCED > REMOTE MGMT > FTP369
- Table 121 ADVANCED > REMOTE MGMT > FTP369
- Snmp370
  - Figure 245 SNMP Management Model370
  - Remote Management: Snmp371
  - SNMP Traps371
  - Supported Mibs371
  - Table 122 SNMP Traps371
  - Figure 246 ADVANCED > REMOTE MGMT > SNMP372
  - Table 123 ADVANCED > REMOTE MGMT > SNMP372
- Dns373
- Introducing Vantage CNM373
- Figure 247 ADVANCED > REMOTE MGMT > DNS373
- Table 124 ADVANCED > REMOTE MGMT > DNS373
- Configuring CNM374
- Figure 248 ADVANCED > REMOTE MGMT > CNM374
- Table 125 ADVANCED > REMOTE MGMT > CNM374
- Upnp377
Chapter 22 Upnp377
- Universal Plug and Play Overview377
- Configuring Upnp378
- Figure 249 ADVANCED > Upnp378
- Table 126 ADVANCED > Upnp378
- Displaying Upnp Port Mapping379
- Figure 250 ADVANCED > Upnp > Ports379
- Table 127 ADVANCED > Upnp > Ports379
- Installing Upnp in Windows Example380
  - Installing Upnp in Windows Me381
  - Installing Upnp in Windows XP382
- Using Upnp in Windows XP Example382
  - Auto-Discover Your Upnp-Enabled Network Device383
  - Web Configurator Easy Access384
- ALG Screen387
Chapter 23 ALG Screen387
- ALG Introduction387
  - ALG and NAT387
  - ALG and the Firewall387
- Ftp388
- 388388
- Rtp388
  - ALG Details388
  - Figure 251 H.323 ALG Example388
- Sip389
- ALG Screen390
- Figure 253 ADVANCED > ALG390
- Table 128 ADVANCED > ALG391
- Logs and Maintenance393
- Part V: Logs and Maintenance393
  - Logs Screens395
Chapter 24 Logs Screens395
- Configuring View Log395
- Figure 254 LOGS > View Log395
- Log Description Example396
  - Table 129 LOGS > View Log396
  - Table 130 Log Description Example396
  - About the Certificate Not Trusted Log397
  - Figure 255 Myzyxel.com: Download Center397
- Configuring Log Settings398
- Figure 256 Myzyxel.com: Certificate Download398
- Figure 257 LOGS > Log Settings399
- Table 131 LOGS > Log Settings400
- Configuring Reports401
  - Figure 258 LOGS > Reports402
  - Table 132 LOGS > Reports402
  - Figure 259 LOGS > Reports: Web Site Hits Example403
  - Table 133 LOGS > Reports: Web Site Hits Report403
  - Viewing Host IP Address403
  - Viewing Web Site Hits403
  - Figure 260 LOGS > Reports: Host IP Address Example404
  - Table 134 LOGS > Reports: Host IP Address404
  - Viewing Protocol/Port404
  - Figure 261 LOGS > Reports: Protocol/Port Example405
  - Table 135 LOGS > Reports: Protocol/ Port405
  - System Reports Specifications406
- Log Descriptions406
- Table 136 Report Specifications406
- Table 137 System Maintenance Logs406
- Table 138 System Error Logs408
- Table 139 Access Control Logs408
- Table 140 TCP Reset Logs409
- Table 141 Packet Filter Logs409
- Table 142 ICMP Logs409
- Table 143 CDR Logs410
- Table 144 PPP Logs410
- Table 145 Upnp Logs410
- Table 146 Content Filtering Logs411
- Table 147 Attack Logs411
- Table 148 Remote Management Logs413
- Table 149 Ipsec Logs413
- Table 150 IKE Logs414
- Table 151 PKI Logs417
- Table 152 Certificate Path Verification Failure Reason Codes418
- Table 153 ACL Setting Notes418
- Table 154 ICMP Notes419
- Table 155 IDP Logs420
- Table 156 AV Logs421
- Table 157 as Logs422
- Syslog Logs424
- Table 158 Syslog Logs424
- Table 159 RFC-2408 ISAKMP Payload Types425
- Maintenance427
Chapter 25 Maintenance427
- Maintenance Overview427
- General Setup and System Name427
  - General Setup427
- Configuring Password428
- Figure 262 MAINTENANCE > General Setup428
- Table 160 MAINTENANCE > General Setup428
- Time and Date429
- Figure 263 MAINTENANCE > Password429
- Table 161 MAINTENANCE > Password429
- Figure 264 MAINTENANCE > Time and Date430
- Table 162 MAINTENANCE > Time and Date430
- Pre-Defined NTP Time Server Pools432
  - Resetting the Time432
  - Time Server Synchronization432
  - Figure 265 Synchronization in Process432
- Introduction to Transparent Bridging433
- Figure 266 Synchronization Is Successful433
- Figure 267 Synchronization Fail433
- Table 163 MAC-Address-To-Port Mapping Table433
- Transparent Firewalls434
- Configuring Device Mode (Router)434
- Figure 268 MAINTENANCE > Device Mode (Router Mode)435
- Table 164 MAINTENANCE > Device Mode (Router Mode)435
- Configuring Device Mode (Bridge)436
- Figure 269 MAINTENANCE > Device Mode (Bridge Mode)436
- Table 165 MAINTENANCE > Device Mode (Bridge Mode)436
- F/W Upload Screen437
- Figure 270 MAINTENANCE > Firmware Upload438
- Figure 271 Firmware Upload in Process438
- Table 166 MAINTENANCE > Firmware Upload438
- Backup and Restore439
  - Figure 272 Network Temporarily Disconnected439
  - Figure 273 Firmware Upload Error439
  - Backup Configuration440
  - Figure 274 MAINTENANCE > Backup and Restore440
  - Restore Configuration440
  - Table 167 Restore Configuration440
  - Back to Factory Defaults441
  - Figure 275 Configuration Upload Successful441
  - Figure 276 Network Temporarily Disconnected441
  - Figure 277 Configuration Upload Error441
- Restart Screen442
- Figure 278 Reset Warning Message442
- Figure 279 MAINTENANCE > Restart442
- SMT and Troubleshooting443
- Part VI: SMT and Troubleshooting443
  - Introducing the SMT445
Chapter 26 Introducing the SMT445
- Introduction to the SMT445
- Accessing the SMT Via the Console Port445
  - Initial Screen445
  - Entering the Password446
- Navigating the SMT Interface446
- Changing the System Password450
- Figure 284 Menu 23: System Password450
- Resetting the Zywall451
Chapter 27 SMT Menu 1 - General Setup453
- Introduction to General Setup453
- Configuring General Setup453
Chapter 28 WAN and Dial Backup Setup459
- Introduction to WAN and Dial Backup Setup459
- WAN Setup459
- Figure 290 MAC Address Cloning in WAN Setup459
- Dial Backup460
- Configuring Dial Backup in Menu 2460
- Table 176 MAC Address Cloning in WAN Setup460
- Advanced WAN Setup461
- Figure 291 Menu 2: Dial Backup Setup461
- Table 177 Menu 2: Dial Backup Setup461
- Figure 292 Menu 2.1: Advanced WAN Setup462
- Table 178 Advanced WAN Port Setup: at Commands Fields462
- Remote Node Profile (Backup ISP)463
- Figure 293 Menu 11.2: Remote Node Profile (Backup ISP)463
- Table 179 Advanced WAN Port Setup: Call Control Parameters463
- Table 180 Menu 11.3: Remote Node Profile (Backup ISP)464
- Editing TCP/IP Options465
- Figure 294 Menu 11.2.2: Remote Node Network Layer Options465
- Table 181 Menu 11.2.2: Remote Node Network Layer Options465
- Editing Login Script466
- Remote Node Filter467
- Figure 295 Menu 11.2.3: Remote Node Script467
- Table 182 Menu 11.2.3: Remote Node Script467
- Figure 296 Menu 11.2.4: Remote Node Filter468
- LAN Setup469
Chapter 29 LAN Setup469
- Introduction to LAN Setup469
- Accessing the LAN Menus469
- LAN Port Filter Setup469
- Figure 297 Menu 3: LAN Setup469
- TCP/IP and DHCP Ethernet Setup Menu470
- Internet Access475
Chapter 30 Internet Access475
- Introduction to Internet Access Setup475
- Ethernet Encapsulation475
- Figure 302 Menu 4: Internet Access Setup (Ethernet)475
- Table 186 Menu 4: Internet Access Setup (Ethernet)476
- Configuring the PPTP Client477
- Configuring the Pppoe Client477
- Figure 303 Internet Access Setup (PPTP)477
- Table 187 New Fields in Menu 4 (PPTP) Screen477
- Basic Setup Complete478
- Figure 304 Internet Access Setup (Pppoe)478
- Table 188 New Fields in Menu 4 (Pppoe) Screen478
- DMZ Setup479
Chapter 31 DMZ Setup479
- Configuring DMZ Setup479
- DMZ Port Filter Setup479
- Figure 305 Menu 5: DMZ Setup479
- Figure 306 Menu 5.1: DMZ Port Filter Setup479
- TCP/IP Setup480
- Wireless Setup483
Chapter 32 Wireless Setup483
- TCP/IP Setup483
- Remote Node Setup487
Chapter 33 Remote Node Setup487
- Introduction to Remote Node Setup487
- Remote Node Profile Setup487
- Edit IP492
- Figure 316 Menu 11.1: Remote Node Profile for PPTP Encapsulation492
- Table 191 Menu 11.1: Remote Node Profile for PPTP Encapsulation492
- Figure 317 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulation493
- Table 192 Remote Node Network Layer Options Menu Fields493
- Remote Node Filter494
- Figure 318 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation)494
- Traffic Redirect495
- Figure 319 Menu 11.1.4: Remote Node Filter (Pppoe or PPTP Encapsulation)495
- Figure 320 Menu 11.1.5: Traffic Redirect Setup495
- Table 193 Menu 11.1.5: Traffic Redirect Setup495
- IP Static Route Setup497
Chapter 34 IP Static Route Setup497
- Figure 321 Menu 12: IP Static Route Setup497
- Figure 322 Menu 12. 1: Edit IP Static Route498
- Table 194 Menu 12. 1: Edit IP Static Route498
Chapter 35 Network Address Translation (NAT)499
- Using NAT499
- NAT Setup501
- Configuring a Server Behind NAT506
- Figure 330 Menu 15.2: NAT Server Sets506
- Figure 331 15.2.1: NAT Server Configuration506
- Table 199 15.2.1: NAT Server Configuration507
- General NAT Examples508
- Trigger Port Forwarding515
Chapter 36 Introducing the Zywall Firewall517
- Using Zywall SMT Menus517
- Filter Configuration519
Chapter 37 Filter Configuration519
- Introduction to Filters519
- Configuring a Filter Set522
- Example Filter528
- Figure 357 Telnet Filter Example528
- Figure 358 Example Filter: Menu 21.1.3.1529
- Figure 359 Example Filter Rules Summary: Menu 21.1.3529
- Filter Types and NAT530
- Firewall Versus Filters530
- Applying a Filter531
- SNMP Configuration535
Chapter 38 SNMP Configuration535
- Figure 364 Menu 22: SNMP Configuration535
Chapter 39 System Information & Diagnosis537
- Introduction to System Status537
- System Status537
- Figure 365 Menu 24: System Maintenance537
- Figure 366 Menu 24.1: System Maintenance: Status538
- Table 207 System Maintenance: Status Menu Fields538
- System Information and Console Port Speed539
- Log and Trace540
- Diagnostic545
Chapter 40 Firmware and Configuration File Maintenance549
- Introduction549
- Filename Conventions549
- Backup Configuration550
- Restore Configuration555
- Uploading Firmware and Configuration Files557
Chapter 41 System Maintenance Menus 8 to 10563
- Command Interpreter Mode563
- Call Control Support565
- Time and Date Setting567
- Figure 400 Menu 24: System Maintenance567
- Figure 401 Menu 24.10 System Maintenance: Time and Date Setting568
- Table 217 Menu 24.10 System Maintenance: Time and Date Setting568
- Remote Management571
Chapter 42 Remote Management571
- Figure 402 Menu 24.11 - Remote Management Control572
Chapter 43 Call Scheduling575
- Introduction to Call Scheduling575
- Figure 403 Schedule Setup575
- Figure 404 Schedule Set Setup576
- Table 219 Schedule Set Setup576
- Figure 405 Applying Schedule Set(S) to a Remote Node (Pppoe)577
- Figure 406 Applying Schedule Set(S) to a Remote Node (PPTP)578
- Troubleshooting579
Chapter 44 Troubleshooting579
- Power, Hardware Connections, and Leds579
- Zywall Access and Login580
- Internet Access582
- Wireless Router/Ap Troubleshooting584
- Upnp584
- Appendices and Index587
- Part VII: Appendices and Index587
Appendix A Product Specifications589
- Table 220 Hardware Specifications589
- Table 221 Firmware Specifications589
- Figure 407 Console/Dial Backup Cable DB-9 End Pin Layout591
- Table 222 Feature Specifications591
- Table 223 Performance591
- Table 224 Console Cable Pin Assignments592
- Table 225 Console Cable Pin Assignments592
- Table 226 Ethernet Cable Pin Assignments592
Appendix B Setting up Your Computer's IP Address593
- Figure 408 Windows 95/98/Me: Network: Configuration594
- Figure 409 Windows 95/98/Me: TCP/IP Properties: IP Address595
- Figure 410 Windows 95/98/Me: TCP/IP Properties: DNS Configuration596
- Figure 411 Windows XP: Start Menu597
- Figure 412 Windows XP: Control Panel597
- Figure 413 Windows XP: Control Panel: Network Connections: Properties598
- Figure 414 Windows XP: Local Area Connection Properties598
- Figure 415 Windows XP: Internet Protocol (TCP/IP) Properties599
- Figure 416 Windows XP: Advanced TCP/IP Properties600
- Figure 417 Windows XP: Internet Protocol (TCP/IP) Properties601
- Figure 418 Macintosh os 8/9: Apple Menu602
- Figure 419 Macintosh os 8/9: TCP/IP602
- Figure 420 Macintosh os X: Apple Menu603
- Figure 421 Macintosh os X: Network604
- Figure 422 Red hat 9.0: KDE: Network Configuration: Devices605
- Figure 423 Red hat 9.0: KDE: Ethernet Device: General605
- Figure 424 Red hat 9.0: KDE: Network Configuration: DNS606
- Figure 425 Red hat 9.0: KDE: Network Configuration: Activate606
- Using Configuration Files606
- Figure 426 Red hat 9.0: Dynamic IP Address Setting in Ifconfig-Eth0607
- Figure 427 Red hat 9.0: Static IP Address Setting in Ifconfig-Eth0607
- Figure 428 Red hat 9.0: DNS Settings in Resolv.conf607
- Figure 429 Red hat 9.0: Restart Ethernet Card607
- Figure 430 Red hat 9.0: Checking TCP/IP Properties608
Appendix C Pop-Up Windows, Javascripts and Java Permissions609
- Figure 431 Pop-Up Blocker609
- Figure 432 Internet Options610
- Figure 433 Internet Options611
- Figure 434 Pop-Up Blocker Settings611
- Figure 435 Internet Options612
- Figure 436 Security Settings - Java Scripting613
- Figure 437 Security Settings - Java613
- Figure 438 Java (Sun)614
Appendix D IP Addresses and Subnetting615
- Introduction to Ip Addresses615
- Figure 439 Network Number and Host ID616
- Table 227616
- Table 228 Subnet Masks617
- Table 229 Maximum Host Numbers617
- Table 230 Alternative Subnet Mask Notation617
- Figure 440 Subnetting Example: before Subnetting618
- Figure 441 Subnetting Example: after Subnetting619
- Table 231 Subnet 1619
- Table 232 Subnet 2620
- Table 233 Subnet 3620
- Table 234 Subnet 4620
- Table 235 Eight Subnets620
- Table 236 24-Bit Network Number Subnet Planning621
- Table 237 16-Bit Network Number Subnet Planning621
Appendix E623
Appendix E Common Services623
- Table 238 Commonly Used Services623
Appendix F Importing Certificates627
- Figure 442 Security Certificate627
- Figure 443 Login Screen628
- Figure 444 Certificate General Information before Import628
- Figure 445 Certificate Import Wizard 1629
- Figure 446 Certificate Import Wizard 2629
- Figure 447 Certificate Import Wizard 3630
- Figure 448 Root Certificate Store630
- Figure 449 Certificate General Information after Import631
- Figure 450 Zywall Trusted CA Screen632
- Figure 451 CA Certificate Example633
- Figure 452 Personal Certificate Import Wizard 1634
- Figure 453 Personal Certificate Import Wizard 2634
- Figure 454 Personal Certificate Import Wizard 3635
- Figure 455 Personal Certificate Import Wizard 4635
- Figure 456 Personal Certificate Import Wizard 5636
- Figure 457 Personal Certificate Import Wizard 6636
- Figure 458 Access the Zywall Via HTTPS636
- Figure 459 SSL Client Authentication637
- Figure 460 Zywall Secure Login Screen637
Appendix G Command Interpreter639
- Command Examples639
- Figure 461 Displaying Log Categories Example640
- Figure 462 Displaying Log Parameters Example640
- Log Command Example641
- Figure 463 Routing Command Example642
- Figure 464 Backup Gateway643
- Figure 465 Managing the Bandwidth of an Ipsec SA644
- Figure 466 Managing the Bandwidth of an IKE SA644
- Figure 467 Routing Command Example645
Appendix H Firewall Commands647
- Table 239 Firewall Commands647
Appendix I Netbios Filter Commands653
- Display Netbios Filter Settings653
- Table 240 Netbios Filter Default Settings654
Appendix J Certificates Commands655
- Table 241 Certificates Commands655
Appendix K Brute-Force Password Guessing Protection659
- Table 242 Brute-Force Password Guessing Protection Commands659
Appendix L Boot Commands661
- Figure 468 Option to Enter Debug Mode661
Appendix M Legal Information663
- Zyxel Limited Warranty664
Appendix N Customer Support667
- Index671

ZyXEL Communications ZyWALL 2 Plus - Packet Direction Examples; Figure 115 Default Block Traffic from WAN to DMZ Example

Table of Contents

Other manuals for ZyXEL Communications ZyWALL 2 Plus

Related product manuals