Home
ZyXEL Communications
Firewall
ZYWALL 5
ZyXEL Communications ZYWALL 5 User Manual
5
of 1
of 1 rating
668 pages
Give review
Manual
Specs
To Next Page
To Next Page
Loading...
ZyW
ALL 5
Internet Security Appliance
User
’
s Guide
V
ersion 3.64
3/2005
2
Table of Contents
Default Chapter
3
Copyright
3
Federal Communications Commission (FCC) Interference Statement
4
Safety Warnings
5
Zyxel Limited Warranty
6
Customer Support
7
Table of Contents
9
Preface
45
Syntax Conventions
46
Chapter 1 Getting to Know Your Zywall
47
Zywall 5 Internet Security Appliance Overview
47
Zywall Features
47
Physical Features
47
Reset Button
48
Non-Physical Features
49
Wep Encryption
51
Pptp Encapsulation
51
Dynamic Dns Support
51
Traffic Redirect
52
Applications for the Zywall
53
Secure Broadband Internet Access Via Cable or DSL Modem
53
VPN Application
54
Figure 1 Secure Internet Access Via Cable, DSL or Wireless Modem
54
Front Panel Leds
55
Figure 2 VPN Application
55
Figure 3 Zywall Front Panel
55
Table 1 Front Panel Leds
55
Chapter 2 Introducing the Web Configurator
57
Web Configurator Overview
57
Accessing the Zywall Web Configurator
57
Resetting the Zywall
58
Figure 4 Change Password Screen
58
Figure 5 Replace Certificate Screen
58
Figure 6 Example Xmodem Upload
59
Procedure to Use the Reset Button
59
Uploading a Configuration File Via Console Port
59
Navigating the Zywall Web Configurator
60
Router Mode
60
Figure 7 Web Configurator HOME Screen in Router Mode
60
Table 2 Web Configurator HOME Screen in Router Mode
61
Bridge Mode
62
Figure 8 Web Configurator HOME Screen in Bridge Mode
63
Table 3 Web Configurator HOME Screen in Bridge Mode
63
Navigation Panel
64
Table 4 Bridge and Router Mode Features Comparison
64
Table 5 Screens Summary
65
System Statistics
67
DHCP Table Screen
68
Figure 9 Home : Show Statistics
68
Table 6 Home : Show Statistics
68
VPN Status
69
Figure 10 Home : DHCP Table
69
Table 7 Home : DHCP Table
69
Figure 11 Home : VPN Status
70
Table 8 Home : VPN Status
70
Chapter 3 Wizard Setup
71
Wizard Setup Overview
71
Internet Access
71
ISP Parameters
71
Ethernet
71
Figure 12 ISP Parameters : Ethernet Encapsulation
72
Table 9 ISP Parameters : Ethernet Encapsulation
72
Pppoe Encapsulation
73
Figure 13 ISP Parameters : Pppoe Encapsulation
73
PPTP Encapsulation
74
Table 10 ISP Parameters : Pppoe Encapsulation
74
Figure 14 ISP Parameters : PPTP Encapsulation
75
Table 11 ISP Parameters : PPTP Encapsulation
75
Internet Access Wizard Setup Complete
76
Figure 15 Internet Access Wizard Setup Complete
76
VPN Wizard
77
Figure 16 VPN Wizard : Gateway Setting
77
Table 12 VPN Wizard : Gateway Setting
77
Figure 17 VPN Wizard : Network Setting
78
Network Setting
78
Table 13 VPN Wizard : Network Setting
78
Figure 18 VPN Wizard : IKE Tunnel Setting
80
IKE Tunnel Setting (IKE Phase 1)
80
Table 14 VPN Wizard : IKE Tunnel Setting
80
Figure 19 VPN Wizard : Ipsec Setting
81
Ipsec Setting (IKE Phase 2)
81
Table 15 VPN Wizard : Ipsec Setting
81
VPN Status Summary
82
Figure 20 VPN Wizard : VPN Status
83
Table 16 VPN Wizard : VPN Status
83
Figure 21 VPN Wizard Setup Complete
85
VPN Wizard Setup Complete
85
Chapter 4 LAN Screens
87
LAN Overview
87
DHCP Setup
87
IP Pool Setup
87
Lan Tcp/Ip
87
Factory LAN Defaults
87
IP Address and Subnet Mask
88
RIP Setup
88
Multicast
89
DNS Servers
89
Configuring LAN
89
Figure 22 LAN
90
Table 17 LAN
90
Configuring Static DHCP
91
Configuring IP Alias
92
Figure 23 Static DHCP
92
Table 18 Static DHCP
92
Figure 24 Physical Network & Partitioned Logical Networks
93
Figure 25 IP Alias
93
Configuring Port Roles
94
Table 19 IP Alias
94
Figure 26 Port Roles
95
Figure 27 Port Roles Change Complete
95
Chapter 5 Bridge Screens
97
Bridge Loop
97
Spanning Tree Protocol (STP)
97
Figure 28 Bridge Loop: Bridge Connected to Wired LAN
97
How STP Works
98
Rapid STP
98
STP Terminology
98
Table 20 STP Path Costs
98
STP Port States
99
Configuring Bridge
99
Table 21 STP Port States
99
Figure 29 Bridge
100
Table 22 Bridge
100
Configuring Port Roles
101
Chapter 6 Wireless LAN
103
Introduction
103
Additional Installation Requirements for Using 802.1X
103
Wireless Security
103
Security Parameters Summary
104
Figure 30 Zywall Wireless Security Levels
104
Table 23 Wireless Security Relational Matrix
104
WEP Encryption
105
Overview
105
Introduction to RADIUS
105
Types of RADIUS Messages
105
EAP Authentication Overview
106
Dynamic WEP Key Exchange
107
Introduction to WPA
107
Figure 31 EAP Authentication
107
Encryption
108
User Authentication
108
WPA-PSK Application Example
109
WPA with RADIUS Application Example
109
Figure 32 WPA-PSK Authentication
109
Wireless Client WPA Supplicants
110
Configuring Wireless LAN
110
Figure 33 WPA with RADIUS Application Example
110
Figure 34 Wireless: no Security
111
Table 24 Wireless: no Security
111
Static WEP
112
Figure 35 Wireless: Static WEP
113
Table 25 Wireless: Static WEP
113
Wpa-Psk
113
Figure 36 Wireless: WPA-PSK
114
Table 26 Wireless: WPA-PSK
114
Figure 37 Wireless: WPA
115
Table 27 Wireless: WPA
115
Wpa
115
Dynamic WEP
116
Figure 38 Wireless: 802.1X + Dynamic WEP
116
Table 28 Wireless: 802.1X + Dynamic WEP
116
Figure 39 Wireless: 802.1X + Static WEP
117
Static WEP
117
No WEP
118
Table 29 Wireless: 802.1X + Static WEP
118
Figure 40 Wireless: 802.1X + no WEP
119
No Access 802.1X + Static WEP
119
Table 30 Wireless: 802.1X + no WEP
119
Figure 41 Wireless: no Access 802.1X + Static WEP
120
Table 31 Wireless: no Access 802.1X + Static WEP
120
No Access 802.1X + no WEP
121
Configuring MAC Filter
121
Figure 42 MAC Address Filter
121
Table 32 MAC Address Filter
122
WAN Screens
123
WAN Overview
123
WAN IP Address Assignment
123
WAN MAC Address
123
Table 33 Private IP Address Ranges
123
Chapter 7 WAN Screens
123
TCP/IP Priority (Metric)
124
Configuring Route
124
Table 34 Example of Network Properties for LAN Servers with Fixed IP Addresses
124
Figure 43 Route
125
Table 35 General
125
Configuring WAN Setup
126
Ethernet Encapsulation
126
Figure 44 WAN: Ethernet Encapsulation
126
Table 36 WAN: Ethernet Encapsulation
127
Pppoe Encapsulation
129
Figure 45 WAN: Pppoe Encapsulation
130
Table 37 WAN: Pppoe Encapsulation
131
PPTP Encapsulation
133
Figure 46 WAN: PPTP Encapsulation
133
Table 38 WAN: PPTP Encapsulation
134
Traffic Redirect
136
Configuring Traffic Redirect
136
Figure 47 Traffic Redirect WAN Setup
136
Figure 48 Traffic Redirect LAN Setup
136
Configuring Dial Backup
137
Figure 49 Traffic Redirect
137
Table 39 Traffic Redirect
137
Figure 50 Dial Backup Setup
138
Table 40 Dial Backup Setup
139
Advanced Modem Setup
141
AT Command Strings
141
DTR Signal
141
Response Strings
141
Configuring Advanced Modem Setup
141
Figure 51 Advanced Setup
142
Table 41 Advanced Setup
142
Chapter 8 DMZ Screens
145
DMZ Overview
145
Configuring DMZ
145
Figure 52 DMZ
146
Table 42 DMZ
146
Configuring IP Alias
147
Figure 53 IP Alias
148
Table 43 IP Alias
148
DMZ Public IP Address Example
149
Figure 54 DMZ Public Address Example
149
DMZ Private and Public IP Address Example
150
Configuring Port Roles
150
Figure 55 DMZ Private and Public Address Example
150
Figure 56 Port Roles
151
Figure 57 Port Roles Change Complete
151
Chapter 9 Firewalls
153
Firewall Overview
153
Types of Firewalls
153
Packet Filtering Firewalls
153
Application-Level Firewalls
153
Stateful Inspection Firewalls
154
Introduction to Zyxel's Firewall
154
Denial of Service
155
Basics
155
Figure 58 Zywall Firewall Application
155
Table 44 Common IP Ports
155
Types of Dos Attacks
156
Figure 59 Three-Way Handshake
156
Figure 60 SYN Flood
157
Figure 61 Smurf Attack
158
ICMP Vulnerability
158
Illegal Commands (Netbios and SMTP)
158
Table 45 ICMP Commands that Trigger Alerts
158
Table 46 Legal Netbios Commands
158
Traceroute
159
Stateful Inspection
159
Table 47 Legal SMTP Commands
159
Figure 62 Stateful Inspection
160
Stateful Inspection Process
160
Stateful Inspection and the Zywall
161
TCP Security
161
UDP/ICMP Security
162
Upper Layer Protocols
162
Guidelines for Enhancing Security with Your Firewall
163
Packet Filtering Vs Firewall
163
Packet Filtering
163
When to Use Filtering
163
Firewall
164
When to Use the Firewall
164
Chapter 10 Firewall Screens
165
Access Methods
165
Firewall Policies Overview
165
Rule Logic Overview
166
Rule Checklist
166
Security Ramifications
167
Key Fields for Configuring Rules
167
Action
167
Service
167
Source Address
167
Destination Address
167
Connection Direction Examples
167
LAN to WAN Rules
168
WAN to LAN Rules
168
Figure 63 LAN to WAN Traffic
168
Alerts
169
Configuring Firewall
169
Figure 64 WAN to LAN Traffic
169
Figure 65 Default Rule (Router Mode)
170
Table 48 Default Rule (Router Mode)
170
Figure 66 Default Rule (Bridge Mode)
171
Table 49 Default Rule (Bridge Mode)
171
Figure 67 Rule Summary
172
Rule Summary
172
Table 50 Rule Summary
172
Configuring Firewall Rules
173
Figure 68 Creating/Editing a Firewall Rule
174
Table 51 Creating/Editing a Firewall Rule
175
Configuring Custom Services
176
Example Firewall Rule
176
Figure 69 Creating/Editing a Custom Service
176
Table 52 Creating/Editing a Custom Service
176
Figure 70 Rule Summary
177
Figure 71 Rule Edit Example
178
Figure 72 Edit Custom Service Example
178
Figure 73 My Service Rule Configuration
179
Predefined Services
180
Figure 74 My Service Example Rule Summary
180
Table 53 Predefined Services
180
Anti-Probing
182
Dos Thresholds
183
Figure 75 Anti-Probing
183
Table 54 Anti-Probing
183
Half-Open Sessions
184
TCP Maximum Incomplete and Blocking Time
184
Figure 76 Firewall Threshold
185
Table 55 Firewall Threshold
185
Threshold Values
184
Chapter 11 Content Filtering Screens
187
Content Filtering Overview
187
Restrict Web Features
187
Create a Filter List
187
Customize Web Site Access
187
General Content Filter Configuration
187
Figure 77 Content Filter : General
188
Table 56 Content Filter : General
188
Content Filtering with an External Database
190
Categories and Registering
190
Figure 78 Content Filtering Lookup Procedure
190
Figure 79 Content Filter : Categories
191
Table 57 Content Filter : Categories
191
Customization
197
Figure 80 Content Filter : Customization
198
Table 58 Content Filter : Customization
198
Customizing Keyword Blocking URL Checking
200
Domain Name or IP Address URL Checking
200
Full Path URL Checking
200
File Name URL Checking
200
Content Filtering Cache
201
Figure 81 Content Filter : Cache
201
Table 59 Content Filter : Cache
201
Chapter 12 Content Filtering Registration and Reports
203
Introduction to Myzyxel.com
203
A Note on Myzyxel.com Numbers
204
Myzyxel.com Account Registration
204
Figure 82 Myzyxel.com Login Screen
204
Table 60 Myzyxel.com Numbers
204
Figure 83 Myzyxel.com Account Registration
205
Figure 84 Account Registration Successful
205
Registering Your Zyxel Device
206
Figure 85 Account Confirmation E-Mail
206
Figure 86 Myzyxel.com Account Activation
206
Figure 87 Logged into Myzyxel.com
207
Figure 88 Product Registration
207
Figure 89 Add New Product
208
Figure 90 Product Survey
208
Content Filtering Registration
209
Figure 91 Service Management
209
Figure 92 Myzyxel.com: My Product
209
Figure 93 Myzyxel.com: Service Management
210
Figure 94 Service Registration
210
Checking Content Filtering Activation
211
Figure 95 Service Registration: Successful
211
Figure 96 Service Management: Service Registered
211
Updating Product Registration Information
212
Viewing Content Filtering Reports
212
Figure 97 Cerberian Login Screen
213
Figure 98 Content Filtering Reports Main Screen
213
Configuration File
214
Figure 99 Global Report Screen Example
214
Figure 100 Requested Urls Example
214
Chapter 13 Introduction to Ipsec
215
VPN Overview
215
Ipsec
215
Security Association
215
Other Terminology
215
Encryption
215
Data Confidentiality
216
Data Integrity
216
Data Origin Authentication
216
VPN Applications
216
Linking Two or more Private Networks Together
216
Accessing Network Resources When NAT Is Enabled
216
Unsupported IP Applications
216
Figure 101 Encryption and Decryption
216
Ipsec Architecture
217
Ipsec Algorithms
217
Key Management
217
Encapsulation
217
Figure 102 Ipsec Architecture
217
Transport Mode
218
Tunnel Mode
218
Ipsec and NAT
218
Figure 103 Transport and Tunnel Mode Ipsec Encapsulation
218
Table 61 VPN and NAT
219
Chapter 14 VPN Screens
221
Vpn/Ipsec Overview
221
Ipsec Algorithms
221
AH (Authentication Header) Protocol
221
ESP (Encapsulating Security Payload) Protocol
221
My Zywall
222
Remote Gateway Address
222
Table 62 ESP and AH
222
Dynamic Remote Gateway Address
223
Nailed up
223
NAT Traversal
223
NAT Traversal Configuration
224
ID Type and Content
224
Figure 104 NAT Router between Ipsec Routers
224
ID Type and Content Examples
225
Table 63 Local ID Type and Content Fields
225
Table 64 Peer ID Type and Content Fields
225
Table 65 Matching ID Type and Content Configuration Example
225
IKE Phases
226
Figure 105 Two Phases to Set up the Ipsec SA
226
Table 66 Mismatching ID Type and Content Configuration Example
226
Negotiation Mode
227
Pre-Shared Key
227
Diffie-Hellman (DH) Key Groups
228
Perfect Forward Secrecy (PFS)
228
X-Auth (Extended Authentication)
228
Authentication Server
228
Icons Key
229
Ipsec Summary Fields
229
Table 67 VPN Screen Icons Key
229
IKE VPN Rule Summary Screen
230
Figure 106 Gateway and Network Policies
230
Figure 107 Ipsec Summary Fields
230
Configuring an IKE Gateway Policy
231
Figure 108 VPN Rules (IKE)
231
Figure 109 VPN Rules (IKE): Gateway Policy: Edit
232
Table 68 VPN Rules (IKE): Gateway Policy: Edit
232
Configuring an IKE Network Policy
237
Figure 110 VPN Rules (IKE): Network Policy Edit
238
Table 69 VPN Rules (IKE): Network Policy Edit
239
Associating a Network Policy to a Gateway Policy
241
Manual VPN Rule Summary Screen
242
Figure 111 VPN Rules (IKE): Network Policy Move
242
Table 70 VPN Rules (IKE): Network Policy Move
242
Figure 112 VPN Rule (Manual)
243
Table 71 VPN Rules (Manual)
243
Editing Manual VPN Rules
244
Security Parameter Index (SPI)
244
Figure 113 VPN Rules (Manual): Edit
245
Table 72 VPN Rules (Manual) Edit
245
Viewing SA Monitor
248
Configuring Global Setting
248
Figure 114 VPN: SA Monitor
248
Table 73 VPN: SA Monitor
248
Telecommuter Vpn/Ipsec Examples
249
Figure 115 VPN: Global Setting
249
Table 74 VPN: Global Setting
249
Figure 116 Telecommuters Sharing One VPN Rule Example
250
Table 75 Telecommuters Sharing One VPN Rule Example
250
Telecommuters Sharing One VPN Rule Example
250
Telecommuters Using Unique VPN Rules Example
250
Figure 117 Telecommuters Using Unique VPN Rules Example
251
Table 76 Telecommuters Using Unique VPN Rules Example
251
VPN and Remote Management
252
Chapter 15 Certificates
253
Certificates Overview
253
Advantages of Certificates
254
Self-Signed Certificates
254
Configuration Summary
254
Figure 118 Certificate Configuration Overview
254
My Certificates
255
Figure 119 My Certificates
255
Table 77 My Certificates
255
Certificate File Formats
256
Importing a Certificate
257
Figure 120 My Certificate Import
257
Creating a Certificate
258
Figure 121 My Certificate Create
258
Table 78 My Certificate Import
258
Table 79 My Certificate Create
259
My Certificate Details
260
Figure 122 My Certificate Details
261
Table 80 My Certificate Details
262
Trusted Cas
263
Figure 123 Trusted Cas
264
Table 81 Trusted Cas
264
Importing a Trusted Ca's Certificate
265
Figure 124 Trusted CA Import
265
Trusted CA Certificate Details
266
Table 82 Trusted CA Import
266
Figure 125 Trusted CA Details
267
Table 83 Trusted CA Details
267
Trusted Remote Hosts
269
Figure 126 Trusted Remote Hosts
270
Table 84 Trusted Remote Hosts
270
Verifying a Trusted Remote Host's Certificate
271
Trusted Remote Host Certificate Fingerprints
271
Figure 127 Remote Host Certificates
271
Importing a Trusted Remote Host's Certificate
272
Figure 128 Certificate Details
272
Trusted Remote Host Certificate Details
273
Figure 129 Trusted Remote Host Import
273
Table 85 Trusted Remote Host Import
273
Figure 130 Trusted Remote Host Details
274
Table 86 Trusted Remote Host Details
274
Directory Servers
276
Figure 131 Directory Servers
276
Add or Edit a Directory Server
277
Figure 132 Directory Server Add
277
Table 87 Directory Servers
277
Table 88 Directory Server Add
278
Authentication Server
279
Authentication Server Overview
279
Local User Database
279
Radius
279
Configuring Local User Database
279
Chapter 16 Authentication Server
279
Figure 133 Local User Database
280
Configuring RADIUS
281
Figure 134 RADIUS
281
Table 89 Local User Database
281
Table 90 RADIUS
282
Network Address Translation (NAT)
283
NAT Overview
283
NAT Definitions
283
Table 91 NAT Definitions
283
Chapter 17 Network Address Translation (NAT)
283
What NAT Does
284
How NAT Works
284
Figure 135 How NAT Works
284
NAT Application
285
Figure 136 NAT Application with IP Alias
285
Port Restricted Cone NAT
286
NAT Mapping Types
286
Figure 137 Port Restricted Cone NAT Example
286
Using NAT
287
SUA (Single User Account) Versus NAT
287
Table 92 NAT Mapping Types
287
Configuring NAT Overview
288
Figure 138 NAT Overview
288
Table 93 NAT Overview
288
Configuring Address Mapping
289
Figure 139 Address Mapping
289
Address Mapping Edit
290
Table 94 Address Mapping
290
Port Forwarding
291
Figure 140 Address Mapping Edit
291
Table 95 Address Mapping Edit
291
Default Server IP Address
292
Figure 183 SNMP
292
Port Forwarding: Services and Port Numbers
292
Table 96 Services and Port Numbers
292
Configuring Servers Behind Port Forwarding (Example)
293
Figure 141 Multiple Servers Behind NAT Example
293
Port Translation
293
Configuring Port Forwarding
294
Figure 142 Port Translation Example
294
Figure 143 Port Forwarding
295
Table 97 Port Forwarding
295
Configuring Trigger Port
296
Figure 144 Trigger Port Forwarding Process: Example
296
Figure 145 Port Triggering
297
Table 98 Port Triggering
297
Chapter 18 Static Route
299
Static Route Overview
299
Configuring IP Static Route
299
Figure 146 Example of Static Routing Topology
299
Figure 147 IP Static Route
300
Table 99 IP Static Route
300
Configuring a Static Route Entry
301
Figure 148 Edit IP Static Route
301
Table 100 Edit IP Static Route
301
Chapter 19 Bandwidth Management
303
Bandwidth Management Overview
303
Bandwidth Classes and Filters
303
Proportional Bandwidth Allocation
304
Application-Based Bandwidth Management
304
Subnet-Based Bandwidth Management
304
Application and Subnet-Based Bandwidth Management
304
Figure 149 Subnet-Based Bandwidth Management Example
304
Table 101 Application and Subnet-Based Bandwidth Management Example
304
Scheduler
305
Priority-Based Scheduler
305
Fairness-Based Scheduler
305
Maximize Bandwidth Usage
305
Reserving Bandwidth for Non-Bandwidth Class Traffic
306
Maximize Bandwidth Usage Example
306
Priority-Based Allotment of Unused and Unbudgeted Bandwidth
306
Table 102 Maximize Bandwidth Usage Example
306
Table 103 Priority-Based Allotment of Unused and Unbudgeted Bandwidth Example
306
Fairness-Based Allotment of Unused and Unbudgeted Bandwidth
307
Bandwidth Borrowing
307
Table 104 Fairness-Based Allotment of Unused and Unbudgeted Bandwidth Example
307
Bandwidth Borrowing Example
308
Maximize Bandwidth Usage with Bandwidth Borrowing
308
Configuring Summary
308
Table 105 Bandwidth Borrowing Example
308
Figure 150 Bandwidth Manager: Summary
309
Table 106 Bandwidth Manager: Summary
309
Configuring Class Setup
310
Figure 151 Bandwidth Manager: Class Setup
310
Table 107 Bandwidth Manager: Class Setup
310
Bandwidth Manager Class Configuration
311
Figure 152 Bandwidth Manager: Edit Class
312
Table 108 Bandwidth Manager: Edit Class
312
Bandwidth Management Statistics
314
Table 109 Services and Port Numbers
314
Table 123 SNMP
314
Configuring Monitor
315
Figure 153 Bandwidth Management Statistics
315
Table 110 Bandwidth Management Statistics
315
Figure 154 Bandwidth Manager Monitor
316
Table 111 Bandwidth Manager Monitor
316
Chapter 20 DNS
319
DNS Overview
319
DNS Server Address Assignment
319
DNS Servers
319
Address Record
320
DNS Wildcard
320
Name Server Record
320
Private DNS Server
320
The System Screen
321
Figure 155 Private DNS Server Example
321
Figure 156 System DNS
321
Adding an Address Record
322
Table 112 System DNS
322
Figure 157 System DNS: Add Address Record
323
Inserting a Name Server Record
323
Table 113 System DNS: Add Address Record
323
Figure 158 System DNS: Insert Name Server Record
324
Table 114 System DNS: Insert Name Server Record
324
DNS Cache
325
Configure DNS Cache
325
Figure 159 DNS Cache
325
Configuring DNS LAN
326
Table 115 DNS Cache
326
Figure 160 DNS LAN
327
Table 116 DNS LAN
327
Dynamic DNS
328
DYNDNS Wildcard
328
Configuring Dynamic DNS
328
Figure 161 DDNS
329
Table 117 DDNS
329
Chapter 21 Remote Management
331
Remote Management Overview
331
Remote Management Limitations
331
Remote Management and NAT
332
System Timeout
332
Introduction to HTTPS
332
Configuring WWW
333
Figure 162 HTTPS Implementation
333
Figure 163 WWW
334
Table 118 WWW
334
HTTPS Example
335
Internet Explorer Warning Messages
335
Figure 164 Security Alert Dialog Box (Internet Explorer)
335
Netscape Navigator Warning Messages
336
Avoiding the Browser Warning Messages
336
Figure 165 Security Certificate 1 (Netscape)
336
Figure 166 Security Certificate 2 (Netscape)
336
Login Screen
337
Figure 167 Login Screen (Internet Explorer)
338
Figure 168 Login Screen (Netscape)
338
Figure 169 Replace Certificate
339
Figure 170 Device-Specific Certificate
339
SSH Overview
340
How SSH Works
340
Figure 171 Common Zywall Certificate
340
Figure 172 SSH Communication Example
340
SSH Implementation on the Zywall
341
Figure 173 How SSH Works
341
Requirements for Using SSH
342
Configuring SSH
342
Figure 174 SSH
342
Secure Telnet Using SSH Examples
343
Example 1: Microsoft Windows
343
Example 2: Linux
343
Figure 175 SSH Example 1: Store Host Key
343
Secure FTP Using SSH Example
344
Figure 176 SSH Example 2: Test
344
Figure 177 SSH Example 2: Log in
344
Telnet
345
Configuring TELNET
345
Figure 178 Secure FTP: Firmware Upload Example
345
Figure 179 Telnet Configuration on a TCP/IP Network
345
Configuring FTP
346
Figure 180 Telnet
346
Table 120 Telnet
346
Configuring SNMP
347
Figure 181 FTP
347
Table 121 FTP
347
Figure 182 SNMP Management Model
348
Remote Management: Snmp
349
SNMP Traps
349
Supported Mibs
349
Table 122 SNMP Traps
349
Configuring DNS
351
Figure 184 DNS
351
Table 124 DNS
351
Chapter 22 Upnp
353
Universal Plug and Play Overview
353
How Do I Know if I'M Using Upnp
353
NAT Traversal
353
Cautions with Upnp
353
Upnp and Zyxel
354
Configuring Upnp
354
Figure 185 Configuring Upnp
354
Table 125 Configuring Upnp
354
Displaying Upnp Port Mapping
355
Figure 186 Upnp Ports
355
Table 126 Upnp Ports
355
Installing Upnp in Windows Example
356
Installing Upnp in Windows Me
357
Installing Upnp in Windows XP
358
Using Upnp in Windows XP Example
358
Auto-Discover Your Upnp-Enabled Network Device
359
Web Configurator Easy Access
360
Chapter 23 Logs Screens
363
Configuring View Log
363
Log Description Example
364
Figure 187 View Log
364
Table 127 View Log
364
Configuring Log Settings
365
Table 128 Example Log Description
365
Figure 188 Log Settings
366
Table 129 Log Settings
367
Configuring Reports
368
Figure 189 Reports
369
Table 130 Reports
369
Figure 190 Web Site Hits Report Example
370
Table 131 Web Site Hits Report
370
Viewing Protocol/Port
370
Viewing Web Site Hits
370
Figure 191 Protocol/Port Report Example
371
Table 132 Protocol/ Port Report
371
Viewing LAN IP Address
371
Figure 192 LAN IP Address Report Example
372
Reports Specifications
372
Table 133 LAN IP Address Report
372
Table 134 Report Specifications
372
Chapter 24 Maintenance
373
Maintenance Overview
373
General Setup
373
General Setup and System Name
373
Domain Name
373
Configuring Password
374
Figure 193 General Setup
374
Table 135 General Setup
374
Pre-Defined NTP Time Servers List
375
Figure 194 Password Setup
375
Table 136 Password Setup
375
Table 137 Default Time Servers
375
Configuring Time and Date
376
Figure 195 Time and Date
376
Table 138 Time and Date
377
Resetting the Time
378
Time Server Synchronization
378
Introduction to Transparent Bridging
379
Figure 196 Synchronization in Process
379
Figure 197 Synchronization Is Successful
379
Figure 198 Synchronization Fail
379
Transparent Firewalls
380
Table 139 MAC-Address-To-Port Mapping Table
380
Configuring Device Mode
381
Figure 199 Device Mode (Router Mode)
381
Table 140 Device Mode (Router Mode)
381
Figure 200 Device Mode (Bridge Mode)
382
Table 141 Device Mode (Bridge Mode)
382
F/W Upload Screen
383
Figure 201 Firmware Upload
384
Figure 202 Firmware Upload in Process
384
Table 142 Firmware Upload
384
Configuration Screen
385
Figure 203 Network Temporarily Disconnected
385
Figure 204 Firmware Upload Error
385
Backup Configuration
386
Figure 205 Configuration
386
Restore Configuration
386
Table 143 Restore Configuration
386
Figure 206 Configuration Upload Successful
387
Figure 207 Network Temporarily Disconnected
387
Back to Factory Defaults
388
Restart Screen
388
Figure 208 Configuration Upload Error
388
Figure 209 Reset Warning Message
388
Figure 210 Restart Screen
389
Chapter 25 Introducing the SMT
391
Introduction to the SMT
391
Accessing the SMT Via the Console Port
391
Initial Screen
391
Entering the Password
392
Navigating the SMT Interface
392
Figure 211 Initial Screen
392
Figure 212 Password Screen
392
Table 144 Main Menu Commands
392
Main Menu
393
Figure 213 Main Menu (Router Mode)
394
Figure 214 Main Menu (Bridge Mode)
394
Table 145 Main Menu Summary
394
SMT Menus Overview
395
Table 146 SMT Menus Overview
395
Changing the System Password
397
Figure 215 Menu 23: System Password
397
Resetting the Zywall
398
Chapter 26 SMT Menu 1 - General Setup
399
Introduction to General Setup
399
Configuring General Setup
399
Figure 216 Menu 1: General Setup (Router Mode)
399
Table 147 Menu 1: General Setup (Router Mode)
399
Figure 217 Menu 1: General Setup (Bridge Mode)
400
Table 148 Menu 1: General Setup (Bridge Mode)
400
Configuring Dynamic DNS
401
Editing DDNS Host
401
Figure 218 Menu 1.1: Configure Dynamic DNS
401
Table 149 Menu 1.1: Configure Dynamic DNS
401
Figure 219 Menu 1.1.1: DDNS Host Summary
402
Table 150 Menu 1.1.1: DDNS Host Summary
402
Figure 220 Menu 1.1.1: DDNS Edit Host
403
Table 151 Menu 1.1.1: DDNS Edit Host
403
Chapter 27 WAN and Dial Backup Setup
405
Introduction to WAN and Dial Backup Setup
405
WAN Setup
405
Figure 221 MAC Address Cloning in WAN Setup
405
Dial Backup
406
Configuring Dial Backup in Menu 2
406
Table 152 MAC Address Cloning in WAN Setup
406
Advanced WAN Setup
407
Figure 222 Menu 2: Dial Backup Setup
407
Table 153 Menu 2: Dial Backup Setup
407
Figure 223 Menu 2.1: Advanced WAN Setup
408
Table 154 Advanced WAN Port Setup: at Commands Fields
408
Remote Node Profile (Backup ISP)
409
Figure 224 Menu 11.2: Remote Node Profile (Backup ISP)
409
Table 155 Advanced WAN Port Setup: Call Control Parameters
409
Table 156 Menu 11.3: Remote Node Profile (Backup ISP)
410
Editing PPP Options
411
Editing TCP/IP Options
411
Figure 225 Menu 11.2.1: Remote Node PPP Options
411
Table 157 Menu 11.2.1: Remote Node PPP Options
411
Figure 226 Menu 11.2.2: Remote Node Network Layer Options
412
Table 158 Menu 11.3.2: Remote Node Network Layer Options
412
Editing Login Script
413
Figure 227 Menu 11.2.3: Remote Node Script
414
Table 159 Menu 11.2.3: Remote Node Script
414
Remote Node Filter
415
Figure 228 Menu 11.2.4: Remote Node Filter
415
Chapter 28 LAN Setup
417
Introduction to LAN Setup
417
Accessing the LAN Menus
417
LAN Port Filter Setup
417
Figure 229 Menu 3: LAN Setup
417
TCP/IP and DHCP Ethernet Setup Menu
418
Figure 230 Menu 3.1: LAN Port Filter Setup
418
Figure 231 Menu 3: TCP/IP and DHCP Setup
418
Figure 232 Menu 3.2: TCP/IP and DHCP Ethernet Setup
419
Table 160 Menu 3.2: DHCP Ethernet Setup Fields
419
Table 161 Menu 3.2: LAN TCP/IP Setup Fields
420
Figure 233 Menu 3.2.1: IP Alias Setup
421
IP Alias Setup
421
Table 162 Menu 3.2.1: IP Alias Setup
421
Wireless LAN Setup
422
Figure 234 Menu 3.5: Wireless LAN Setup
422
MAC Address Filter Setup
423
Table 163 Menu 3.5: Wireless LAN Setup
423
Figure 235 Menu 3.5.1: WLAN MAC Address Filter
424
Table 164 Menu 3.5.1: WLAN MAC Address Filter
424
Chapter 29 Internet Access
425
Introduction to Internet Access Setup
425
Ethernet Encapsulation
425
Figure 236 Menu 4: Internet Access Setup (Ethernet)
425
Table 165 Menu 4: Internet Access Setup (Ethernet)
426
Configuring the PPTP Client
427
Configuring the Pppoe Client
427
Figure 237 Internet Access Setup (PPTP)
427
Table 166 New Fields in Menu 4 (PPTP) Screen
427
Basic Setup Complete
428
Figure 238 Internet Access Setup (Pppoe)
428
Table 167 New Fields in Menu 4 (Pppoe) Screen
428
DMZ Setup
429
Configuring DMZ Setup
429
DMZ Port Filter Setup
429
TCP/IP Setup
429
Figure 239 Menu 5: DMZ Setup
429
Figure 240 Menu 5.1: DMZ Port Filter Setup
429
Chapter 30 DMZ Setup
429
IP Address
430
IP Alias Setup
430
Figure 241 Menu 5: TCP/IP Setup
430
Figure 242 Menu 5.2: TCP/IP Setup
430
Figure 243 Menu 5.2.1: IP Alias Setup
431
Chapter 31 Remote Node Setup
433
Introduction to Remote Node Setup
433
Remote Node Setup
433
Remote Node Profile Setup
433
Figure 244 Menu 11: Remote Node Setup
433
Ethernet Encapsulation
434
Figure 245 Menu 11.1: Remote Node Profile for Ethernet Encapsulation
434
Table 168 Menu 11.1: Remote Node Profile for Ethernet Encapsulation
434
Pppoe Encapsulation
435
Outgoing Authentication Protocol
436
Nailed-Up Connection
436
Metric
436
Figure 246 Menu 11.1: Remote Node Profile for Pppoe Encapsulation
436
PPTP Encapsulation
437
Table 169 Fields in Menu 11.1 (Pppoe Encapsulation Specific)
437
Edit IP
438
Figure 247 Menu 11.1: Remote Node Profile for PPTP Encapsulation
438
Table 170 Menu 11.1: Remote Node Profile for PPTP Encapsulation
438
Figure 248 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulation
439
Table 171 Remote Node Network Layer Options Menu Fields
439
Remote Node Filter
440
Traffic Redirect
441
Figure 249 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation)
441
Figure 250 Menu 11.1.4: Remote Node Filter (Pppoe or PPTP Encapsulation)
441
Figure 251 Menu 11.1.5: Traffic Redirect Setup
442
Table 172 Menu 11.1.5: Traffic Redirect Setup
442
Chapter 32 IP Static Route Setup
443
IP Static Route Setup
443
Figure 252 Menu 12: IP Static Route Setup
443
Figure 253 Menu 12. 1: Edit IP Static Route
444
Table 173 Menu 12. 1: Edit IP Static Route
444
Chapter 33 Network Address Translation (NAT)
445
Using NAT
445
SUA (Single User Account) Versus NAT
445
Applying NAT
445
Figure 254 Menu 4: Applying NAT for Internet Access
446
Figure 255 Menu 11.1.2: Applying NAT to the Remote Node
446
NAT Setup
447
Address Mapping Sets
447
Figure 256 Menu 15: NAT Setup
447
Table 174 Applying NAT in Menus 4 & 11.1.2
447
Figure 257 Menu 15.1: Address Mapping Sets
448
Figure 258 Menu 15.1.255: SUA Address Mapping Rules
448
SUA Address Mapping Set
448
Table 175 SUA Address Mapping Rules
448
Figure 259 Menu 15.1.1: First Set
449
User-Defined Address Mapping Sets
449
Ordering Your Rules
450
Table 176 Fields in Menu 15.1.1
450
Configuring a Server Behind NAT
451
Figure 260 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set
451
Table 177 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set
451
Figure 261 Menu 15.2.X: NAT Server Configuration
452
Table 178 Menu 15.2.1: NAT Server Configuration
452
Figure 262 Menu 15.2: NAT Server Setup
453
Figure 263 Server Behind NAT Example
453
General NAT Examples
454
Internet Access Only
454
Figure 264 NAT Example 1
454
Figure 265 Menu 4: Internet Access & NAT Example
454
Example 2: Internet Access with an Default Server
455
Example 3: Multiple Public IP Addresses with Inside Servers
455
Figure 266 NAT Example 2
455
Figure 267 Menu 15.2: Specifying an Inside Server
455
Figure 268 NAT Example 3
456
Figure 269 Example 3: Menu 11.1.2
457
Figure 270 Example 3: Menu 15.1.1.1
457
Figure 271 Example 3: Final Menu 15.1.1
458
Example 4: NAT Unfriendly Application Programs
459
Figure 272 Example 3: Menu 15.2
459
Figure 273 NAT Example 4
459
Figure 274 Example 4: Menu 15.1.1.1: Address Mapping Rule
460
Figure 275 Example 4: Menu 15.1.1: Address Mapping Rules
460
Trigger Port Forwarding
461
Two Points to Remember about Trigger Ports
461
Figure 276 Menu 15.3: Trigger Port Setup
462
Table 179 Menu 15.3: Trigger Port Setup
462
Introducing the Zywall Firewall
463
Using Zywall SMT Menus
463
Activating the Firewall
463
Figure 277 Menu 21: Filter and Firewall Setup
463
Chapter 34 Introducing the Zywall Firewall
463
Figure 278 Menu 21.2: Firewall Setup
464
Filter Configuration
465
Introduction to Filters
465
Figure 279 Outgoing Packet Filtering Process
465
Chapter 35 Filter Configuration
465
The Filter Structure of the Zywall
466
Figure 280 Filter Rule Process
467
Configuring a Filter Set
468
Figure 281 Menu 21: Filter and Firewall Setup
468
Figure 282 Menu 21.1: Filter Set Configuration
468
Configuring a Filter Rule
469
Table 180 Abbreviations Used in the Filter Rules Summary Menu
469
Table 181 Rule Abbreviations Used
469
Configuring a TCP/IP Filter Rule
470
Figure 283 Menu 21.1.1.1: TCP/IP Filter Rule
470
Table 182 Menu 21.1.1.1: TCP/IP Filter Rule
470
Configuring a Generic Filter Rule
472
Figure 284 Executing an IP Filter
472
Figure 285 Menu 21.1.1.1: Generic Filter Rule
473
Table 183 Generic Filter Rule Menu Fields
473
Example Filter
474
Figure 286 Telnet Filter Example
474
Figure 287 Example Filter: Menu 21.1.3.1
475
Figure 288 Example Filter Rules Summary: Menu 21.1.3
475
Filter Types and NAT
476
Firewall Versus Filters
476
Figure 289 Protocol and Device Filter Sets
476
Applying a Filter
477
Applying LAN Filters
477
Applying DMZ Filters
477
Figure 290 Filtering LAN Traffic
477
Applying Remote Node Filters
478
Figure 291 Filtering DMZ Traffic
478
Figure 292 Filtering Remote Node Traffic
478
Chapter 36 SNMP Configuration
479
SNMP Configuration
479
Figure 293 Menu 22: SNMP Configuration
479
Table 184 SNMP Configuration Menu Fields
479
SNMP Traps
480
Table 185 SNMP Traps
480
Chapter 37 System Information & Diagnosis
481
Introduction to System Status
481
System Status
481
Figure 294 Menu 24: System Maintenance
481
Figure 295 Menu 24.1: System Maintenance: Status
482
Table 186 System Maintenance: Status Menu Fields
482
System Information and Console Port Speed
483
System Information
483
Figure 296 Menu 24.2: System Information and Console Port Speed
483
Console Port Speed
484
Figure 297 Menu 24.2.1: System Maintenance: Information
484
Table 187 Fields in System Maintenance: Information
484
Log and Trace
485
Viewing Error Log
485
Figure 298 Menu 24.2.2: System Maintenance: Change Console Port Speed
485
Figure 299 Menu 24.3: System Maintenance: Log and Trace
485
Syslog Logging
486
Figure 300 Examples of Error and Information Messages
486
Figure 301 Menu 24.3.2: System Maintenance: Syslog Logging
486
Table 188 System Maintenance Menu Syslog Parameters
486
Call-Triggering Packet
489
Diagnostic
489
Figure 302 Call-Triggering Packet Example
489
Figure 303 Menu 24.4: System Maintenance: Diagnostic
490
Figure 304 WAN & LAN DHCP
490
Wan Dhcp
490
Table 189 System Maintenance Menu Diagnostic
491
Firmware and Configuration File Maintenance
493
Introduction
493
Filename Conventions
493
Chapter 38 Firmware and Configuration File Maintenance
493
Backup Configuration
494
Table 190 Filename Conventions
494
Figure 305 Telnet into Menu 24.5
495
Using the FTP Command from the Command Line
495
Example of FTP Commands from the Command Line
496
Figure 306 FTP Session Example
496
File Maintenance over WAN
496
GUI-Based FTP Clients
496
Table 191 General Commands for GUI-Based FTP Clients
496
Backup Configuration Using TFTP
497
TFTP Command Example
497
Backup Via Console Port
498
Figure 307 System Maintenance: Backup Configuration
498
Figure 308 System Maintenance: Starting Xmodem Download Screen
498
GUI-Based TFTP Clients
498
Table 192 General Commands for GUI-Based TFTP Clients
498
Restore Configuration
499
Restore Using FTP
499
Figure 309 Backup Configuration Example
499
Figure 310 Successful Backup Confirmation Screen
499
Figure 311 Telnet into Menu 24.6
500
Restore Using FTP Session Example
501
Restore Via Console Port
501
Figure 312 Restore Using FTP Session Example
501
Figure 313 System Maintenance: Restore Configuration
501
Figure 314 System Maintenance: Starting Xmodem Download Screen
501
Uploading Firmware and Configuration Files
502
Firmware File Upload
502
Figure 315 Restore Configuration Example
502
Figure 316 Successful Restoration Confirmation Screen
502
Configuration File Upload
503
FTP File Upload Command from the DOS Prompt Example
503
Figure 317 Telnet into Menu 24.7.1: Upload System Firmware
503
Figure 318 Telnet into Menu 24.7.2: System Maintenance
503
FTP Session Example of Firmware File Upload
504
TFTP File Upload
504
Figure 319 FTP Session Example of Firmware File Upload
504
TFTP Upload Command Example
505
Uploading Via Console Port
505
Uploading Firmware File Via Console Port
505
Example Xmodem Firmware Upload Using Hyperterminal
506
Uploading Configuration File Via Console Port
506
Figure 320 Menu 24.7.1 as Seen Using the Console Port
506
Figure 321 Example Xmodem Upload
506
Example Xmodem Configuration Upload Using Hyperterminal
507
Figure 322 Menu 24.7.2 as Seen Using the Console Port
507
Figure 323 Example Xmodem Upload
507
Chapter 39 System Maintenance Menus 8 to 10
509
Command Interpreter Mode
509
Command Syntax
509
Figure 324 Command Mode in Menu 24
509
Command Usage
510
Figure 325 Valid Commands
510
Table 193 Valid Commands
510
Call Control Support
511
Budget Management
511
Figure 326 Call Control
511
Call History
512
Figure 327 Budget Management
512
Table 194 Budget Management
512
Time and Date Setting
513
Figure 328 Call History
513
Table 195 Call History
513
Figure 329 Menu 24: System Maintenance
514
Figure 330 Menu 24.10 System Maintenance: Time and Date Setting
514
Table 196 Menu 24.10 System Maintenance: Time and Date Setting
515
Resetting the Time
516
Chapter 40 Remote Management
517
Remote Management
517
Figure 331 Menu 24.11 - Remote Management Control
518
Table 119 SSH
518
Table 197 Menu 24.11 - Remote Management Control
518
Remote Management Limitations
519
Chapter 41 Call Scheduling
521
Introduction to Call Scheduling
521
Figure 332 Schedule Setup
521
Figure 333 Schedule Set Setup
522
Table 198 Schedule Set Setup
522
Figure 334 Applying Schedule Set(S) to a Remote Node (Pppoe)
523
Figure 335 Applying Schedule Set(S) to a Remote Node (PPTP)
524
Chapter 42 Troubleshooting
525
Problems Starting up the Zywall
525
Problems with the LAN Interface
525
Table 199 Troubleshooting the Start-Up of Your Zywall
525
Table 200 Troubleshooting the LAN Interface
525
Problems with the DMZ Interface
526
Problems with the WAN Interface
526
Table 201 Troubleshooting the DMZ Interface
526
Table 202 Troubleshooting the WAN Interface
526
Problems with Internet Access
527
Problems with Remote Management
527
Problems Accessing the Zywall
527
Table 203 Troubleshooting Internet Access
527
Table 204 Troubleshooting Telnet
527
Table 205 Troubleshooting Accessing the Zywall
527
Pop-Up Windows, Javascripts and Java Permissions
528
Internet Explorer Pop-Up Blockers
529
Figure 336 Pop-Up Blocker
529
Figure 337 Internet Options
530
Figure 338 Internet Options
531
Javascripts
532
Figure 339 Pop-Up Blocker Settings
532
Figure 340 Internet Options
533
Java Permissions
534
Figure 341 Security Settings - Java Scripting
534
Figure 342 Security Settings - Java
535
Figure 343 Java (Sun)
536
Product Specifications
537
Table 1 Device Specifications
537
Table 2 Performance
537
Appendix A Product Specifications
537
Table 3 Firmware Features
538
Table 4 Feature Specifications
539
Table 5 Compatible Zyxel WLAN Cards and Security Features
540
Figure 1 WLAN Card Installation
541
Figure 2 Console/Dial Backup Port Pin Layout
541
Figure 3 Ethernet Cable Pin Assignments
542
Table 6 Console/Dial Backup Port Pin Assignments
542
Table 7 North American AC Power Adaptor Specifications
542
Table 8 European Union AC Power Adaptor Specifications
543
Table 9 UK AC Power Adaptor Specifications
543
Table 10 Japan AC Power Adaptor Specifications
543
Table 11 Australia and New Zealand AC Power Adaptor Specification
544
Appendix B
545
Setting up Your Computer's IP Address
545
Figure 4 Windows 95/98/Me: Network: Configuration
546
Installing Components
546
Figure 5 Windows 95/98/Me: TCP/IP Properties: IP Address
547
Figure 6 Windows 95/98/Me: TCP/IP Properties: DNS Configuration
548
Verifying Settings
548
Figure 7 Windows XP: Start Menu
549
Figure 8 Windows XP: Control Panel
549
Figure 9 Windows XP: Control Panel: Network Connections: Properties
550
Figure 10 Windows XP: Local Area Connection Properties
550
Figure 11 Windows XP: Internet Protocol (TCP/IP) Properties
551
Figure 12 Windows XP: Advanced TCP/IP Properties
552
Figure 13 Windows XP: Internet Protocol (TCP/IP) Properties
553
Figure 14 Macintosh os 8/9: Apple Menu
554
Figure 15 Macintosh os 8/9: TCP/IP
554
Figure 16 Macintosh os X: Apple Menu
555
Macintosh os X
555
Figure 17 Macintosh os X: Network
556
Appendix Cip Subnetting
557
Table 12 Classes of IP Addresses
557
Table 13 Allowed IP Address Range by Class
558
Table 14 "Natural" Masks
558
Subnet Masks
558
Table 15 Alternative Subnet Mask Notation
559
Table 16 Two Subnets Example
559
Table 17 Subnet 1
560
Table 18 Subnet 2
560
Table 19 Subnet 1
561
Table 20 Subnet 2
561
Table 21 Subnet 3
561
Table 22 Subnet 4
562
Table 23 Eight Subnets
562
Table 24 Class C Subnet Planning
562
Example Eight Subnets
562
Table 25 Class B Subnet Planning
563
Subnetting with Class a and Class B Networks
563
Appendix Dpppoe
565
Figure 18 Single-Computer Per Router Hardware Configuration
566
Figure 19 Zywall as a Pppoe Client
566
How Pppoe Works
566
Appendix Epptp
567
Figure 20 Transport PPP Frames over Ethernet
567
Figure 21 PPTP Protocol Overview
568
Figure 22 Example Message Exchange between Computer and an ANT
569
Appendix F
573
Wireless Lans
573
Figure 23 Peer-To-Peer Communication in an Ad-Hoc Network
573
Wireless Lan Topologies
573
Figure 24 Basic Service Set
574
Figure 25 Infrastructure WLAN
575
Figure 26 RTS/CTS
576
Fragmentation Threshold
576
Table 26 Ieee802.11G
577
Preamble Type
577
Figure 27 EAP Authentication
579
Types of Authentication
580
Figure 28 WEP Authentication Steps
582
Table 27 Comparison of EAP Authentication Types
583
Table 28 Wireless Security Relational Matrix
584
Figure 29 Roaming Example
585
Appendix G Triangle Route
587
Figure 30 Ideal Setup
587
Figure 31 "Triangle Route" Problem
588
Figure 32 IP Alias
589
Figure 33 Gateways on the WAN Side
589
Appendix H
591
SIP Passthrough
591
Table 29 SIP Call Progression
591
Figure 34 SIP User Agent Server
592
Sip Servers
592
Figure 35 SIP Proxy Server
593
Sip Redirect Server
593
Figure 36 SIP Redirect Server
594
Sip Alg
594
Sip Register Server
594
Figure 37 Zywall SIP ALG
595
Appendix I
597
VPN Setup
597
Figure 38 VPN Rules
598
Vpn Configuration
598
Figure 39 Headquarters Gateway Policy Edit
599
Figure 40 Branch Office Gateway Policy Edit
600
Figure 41 Headquarters VPN Rule
601
Figure 42 Branch Office VPN Rule
601
Figure 43 Headquarters Network Policy Edit
602
Figure 44 Branch Office Network Policy Edit
603
Dialing the Vpn Tunnel Via Web Configurator
603
Figure 45 VPN Rule Configured
604
Figure 46 VPN Dial
604
Figure 47 VPN Tunnel Established
604
Vpn Troubleshooting
605
Figure 48 VPN Log Example
606
Figure 49 Ike/Ipsec Debug Example
607
Ftp Example
608
Use a Vpn Tunnel
608
Importing Certificates
609
Figure 50 Security Certificate
609
Appendix J Importing Certificates
609
Figure 51 Login Screen
610
Figure 52 Certificate General Information before Import
610
Figure 53 Certificate Import Wizard 1
611
Figure 54 Certificate Import Wizard 2
611
Figure 55 Certificate Import Wizard 3
612
Figure 56 Root Certificate Store
612
Figure 57 Certificate General Information after Import
613
Enrolling and Importing Ssl Client Certificates
613
Figure 58 Zywall Trusted CA Screen
614
Figure 59 CA Certificate Example
615
Figure 60 Personal Certificate Import Wizard 1
616
Figure 61 Personal Certificate Import Wizard 2
616
Figure 62 Personal Certificate Import Wizard 3
617
Figure 63 Personal Certificate Import Wizard 4
617
Figure 64 Personal Certificate Import Wizard 5
618
Figure 65 Personal Certificate Import Wizard 6
618
Figure 66 Access the Zywall Via HTTPS
618
Using a Certificate When Accessing the Zywall Example
618
Figure 67 SSL Client Authentication
619
Figure 68 Zywall Secure Login Screen
619
Appendix K Command Interpreter
621
Appendix L Firewall Commands
623
Table 30 Firewall Commands
623
Appendix M
629
Netbios Filter Commands
629
Table 31 Netbios Filter Default Settings
630
Netbios Filter Configuration
630
Certificates Commands
633
Table 32 Certificates Commands
633
Appendix N Certificates Commands
633
Appendix O Brute-Force Password Guessing Protection
637
Table 33 Brute-Force Password Guessing Protection Commands
637
Appendix P Boot Commands
639
Figure 69 Option to Enter Debug Mode
639
Figure 70 Boot Module Commands
640
Appendix Q Log Descriptions
641
Table 34 System Maintenance Logs
641
Table 35 System Error Logs
642
Table 36 Access Control Logs
643
Table 37 TCP Reset Logs
643
Table 38 Packet Filter Logs
644
Table 39 ICMP Logs
644
Table 40 CDR Logs
645
Table 41 PPP Logs
645
Table 42 Upnp Logs
645
Table 43 Content Filtering Logs
645
Table 44 Attack Logs
646
Table 45 Remote Management Logs
647
Table 46 Wireless Logs
648
Table 47 Ipsec Logs
648
Table 48 IKE Logs
649
Table 49 PKI Logs
652
Table 50 Certificate Path Verification Failure Reason Codes
653
Table 51 802.1X Logs
653
Table 52 ACL Setting Notes
654
Table 53 ICMP Notes
655
Table 54 Syslog Logs
656
Table 55 RFC-2408 ISAKMP Payload Types
656
Figure 71 Displaying Log Categories Example
657
Log Commands
657
Displaying Logs
658
Figure 72 Displaying Log Parameters Example
658
Log Command Example
659
Index
661
Other manuals for ZyXEL Communications ZYWALL 5
Quick Start Guide
19 pages
Support Notes
305 pages
Specifications
2 pages
5
Based on 1 rating
Ask a question
Give review
Questions and Answers:
Need help?
Do you have a question about the ZyXEL Communications ZYWALL 5 and is the answer not in the manual?
Ask a question
ZyXEL Communications ZYWALL 5 Specifications
General
Brand
ZyXEL Communications
Model
ZYWALL 5
Category
Firewall
Language
English
Related product manuals
ZyXEL Communications ZYWALL 35
872 pages
ZyXEL Communications ZyWALL 310
1090 pages
ZyXEL Communications ZyWall 110
1090 pages
ZyXEL Communications ZyWALL 1100
1090 pages
ZyWALL 2 Plus
678 pages
ZyWALL USG-Series
150 pages
ZyWall ATP series
852 pages
ZyXEL ZyWALL 5
116 pages
ZyXEL Communications 310
562 pages
ZyXEL Communications USG40
994 pages
ZyXEL Communications USG60
994 pages
ZyXEL Communications VPN Series
1090 pages
Need help?
General
To Next Page
