ZyXEL Communications ZYWALL 5 - Figure 61 Smurf Attack; ICMP Vulnerability; Illegal Commands (Netbios and SMTP); Table 45 ICMP Commands that Trigger Alerts

To Next Page

To Previous Page

ZyWALL 5 User’s Guide

156 Chapter 9 Firewalls

Figure 61 Smurf Attack

9.4.2.1 ICMP Vulnerability

ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types

trigger an alert:

9.4.2.2 Illegal Commands (NetBIOS and SMTP)

The only legal NetBIOS commands are the following - all others are illegal.

Table 45 ICMP Commands That Trigger Alerts

5 REDIRECT

13 TIMESTAMP_REQUEST

14 TIMESTAMP_REPLY

17 ADDRESS_MASK_REQUEST

18 ADDRESS_MASK_REPLY

Table 46 Legal NetBIOS Commands

MESSAGE:

REQUEST:

POSITIVE:

NEGATIVE:

RETARGET:

KEEPALIVE:

Main Page

Default Chapter3
- Copyright3
- Federal Communications Commission (FCC) Interference Statement4
- Safety Warnings5
- Zyxel Limited Warranty6
- Customer Support7
- Table of Contents9
- Preface45
- Syntax Conventions46
Chapter 1 Getting to Know Your Zywall47
- Zywall 5 Internet Security Appliance Overview47
- Zywall Features47
- Applications for the Zywall53
Chapter 2 Introducing the Web Configurator57
- Web Configurator Overview57
- Accessing the Zywall Web Configurator57
- Resetting the Zywall58
- Navigating the Zywall Web Configurator60
Chapter 3 Wizard Setup71
- Wizard Setup Overview71
- Internet Access71
- VPN Wizard77
Chapter 4 LAN Screens87
- LAN Overview87
- DHCP Setup87
  - IP Pool Setup87
- Lan Tcp/Ip87
- DNS Servers89
- Configuring LAN89
- Figure 22 LAN90
- Table 17 LAN90
- Configuring Static DHCP91
- Configuring IP Alias92
- Figure 23 Static DHCP92
- Table 18 Static DHCP92
- Figure 24 Physical Network & Partitioned Logical Networks93
- Figure 25 IP Alias93
- Configuring Port Roles94
- Table 19 IP Alias94
- Figure 26 Port Roles95
- Figure 27 Port Roles Change Complete95
Chapter 5 Bridge Screens97
- Bridge Loop97
- Spanning Tree Protocol (STP)97
- Configuring Bridge99
- Table 21 STP Port States99
- Figure 29 Bridge100
- Table 22 Bridge100
- Configuring Port Roles101
Chapter 6 Wireless LAN103
- Introduction103
  - Additional Installation Requirements for Using 802.1X103
- Wireless Security103
- Security Parameters Summary104
- Figure 30 Zywall Wireless Security Levels104
- Table 23 Wireless Security Relational Matrix104
- WEP Encryption105
- Overview105
  - Introduction to RADIUS105
    - Types of RADIUS Messages105
  - EAP Authentication Overview106
- Dynamic WEP Key Exchange107
- Introduction to WPA107
- WPA-PSK Application Example109
- WPA with RADIUS Application Example109
- Figure 32 WPA-PSK Authentication109
- Wireless Client WPA Supplicants110
- Configuring Wireless LAN110
- Configuring MAC Filter121
- Figure 42 MAC Address Filter121
- Table 32 MAC Address Filter122
- WAN Screens123
  - WAN Overview123
Chapter 7 WAN Screens123
- TCP/IP Priority (Metric)124
- Configuring Route124
- Table 34 Example of Network Properties for LAN Servers with Fixed IP Addresses124
- Figure 43 Route125
- Table 35 General125
- Configuring WAN Setup126
- Traffic Redirect136
- Configuring Traffic Redirect136
- Figure 47 Traffic Redirect WAN Setup136
- Figure 48 Traffic Redirect LAN Setup136
- Configuring Dial Backup137
- Figure 49 Traffic Redirect137
- Table 39 Traffic Redirect137
- Figure 50 Dial Backup Setup138
- Table 40 Dial Backup Setup139
- Advanced Modem Setup141
- Configuring Advanced Modem Setup141
- Figure 51 Advanced Setup142
- Table 41 Advanced Setup142
Chapter 8 DMZ Screens145
- DMZ Overview145
- Configuring DMZ145
- Figure 52 DMZ146
- Table 42 DMZ146
- Configuring IP Alias147
- Figure 53 IP Alias148
- Table 43 IP Alias148
- DMZ Public IP Address Example149
- Figure 54 DMZ Public Address Example149
- DMZ Private and Public IP Address Example150
- Configuring Port Roles150
- Figure 55 DMZ Private and Public Address Example150
- Figure 56 Port Roles151
- Figure 57 Port Roles Change Complete151
Chapter 9 Firewalls153
- Firewall Overview153
- Types of Firewalls153
- Introduction to Zyxel's Firewall154
- Denial of Service155
- Stateful Inspection159
- Guidelines for Enhancing Security with Your Firewall163
- Packet Filtering Vs Firewall163
  - Packet Filtering163
    - When to Use Filtering163
  - Firewall164
    - When to Use the Firewall164
Chapter 10 Firewall Screens165
- Access Methods165
- Firewall Policies Overview165
- Rule Logic Overview166
- Connection Direction Examples167
- Alerts169
- Configuring Firewall169
- Example Firewall Rule176
- Figure 69 Creating/Editing a Custom Service176
- Table 52 Creating/Editing a Custom Service176
- Figure 70 Rule Summary177
- Figure 71 Rule Edit Example178
- Figure 72 Edit Custom Service Example178
- Figure 73 My Service Rule Configuration179
- Predefined Services180
- Figure 74 My Service Example Rule Summary180
- Table 53 Predefined Services180
- Anti-Probing182
- Dos Thresholds183
Chapter 11 Content Filtering Screens187
- Content Filtering Overview187
- General Content Filter Configuration187
- Figure 77 Content Filter : General188
- Table 56 Content Filter : General188
- Content Filtering with an External Database190
- Categories and Registering190
- Figure 78 Content Filtering Lookup Procedure190
- Figure 79 Content Filter : Categories191
- Table 57 Content Filter : Categories191
- Customization197
- Figure 80 Content Filter : Customization198
- Table 58 Content Filter : Customization198
- Customizing Keyword Blocking URL Checking200
- Content Filtering Cache201
- Figure 81 Content Filter : Cache201
- Table 59 Content Filter : Cache201
Chapter 12 Content Filtering Registration and Reports203
- Introduction to Myzyxel.com203
  - A Note on Myzyxel.com Numbers204
- Myzyxel.com Account Registration204
- Figure 82 Myzyxel.com Login Screen204
- Table 60 Myzyxel.com Numbers204
- Figure 83 Myzyxel.com Account Registration205
- Figure 84 Account Registration Successful205
- Registering Your Zyxel Device206
- Figure 85 Account Confirmation E-Mail206
- Figure 86 Myzyxel.com Account Activation206
- Figure 87 Logged into Myzyxel.com207
- Figure 88 Product Registration207
- Figure 89 Add New Product208
- Figure 90 Product Survey208
- Content Filtering Registration209
- Figure 91 Service Management209
- Figure 92 Myzyxel.com: My Product209
- Figure 93 Myzyxel.com: Service Management210
- Figure 94 Service Registration210
- Checking Content Filtering Activation211
- Figure 95 Service Registration: Successful211
- Figure 96 Service Management: Service Registered211
- Updating Product Registration Information212
- Viewing Content Filtering Reports212
- Figure 97 Cerberian Login Screen213
- Figure 98 Content Filtering Reports Main Screen213
- Configuration File214
- Figure 99 Global Report Screen Example214
- Figure 100 Requested Urls Example214
Chapter 13 Introduction to Ipsec215
- VPN Overview215
- Ipsec Architecture217
  - Ipsec Algorithms217
  - Key Management217
- Encapsulation217
- Ipsec and NAT218
- Figure 103 Transport and Tunnel Mode Ipsec Encapsulation218
- Table 61 VPN and NAT219
Chapter 14 VPN Screens221
- Vpn/Ipsec Overview221
- Ipsec Algorithms221
  - AH (Authentication Header) Protocol221
  - ESP (Encapsulating Security Payload) Protocol221
- My Zywall222
- Remote Gateway Address222
  - Table 62 ESP and AH222
  - Dynamic Remote Gateway Address223
- Nailed up223
- NAT Traversal223
  - NAT Traversal Configuration224
- ID Type and Content224
  - Figure 104 NAT Router between Ipsec Routers224
  - ID Type and Content Examples225
  - Table 63 Local ID Type and Content Fields225
  - Table 64 Peer ID Type and Content Fields225
  - Table 65 Matching ID Type and Content Configuration Example225
- IKE Phases226
  - Figure 105 Two Phases to Set up the Ipsec SA226
  - Table 66 Mismatching ID Type and Content Configuration Example226
  - Negotiation Mode227
  - Pre-Shared Key227
  - Diffie-Hellman (DH) Key Groups228
  - Perfect Forward Secrecy (PFS)228
- X-Auth (Extended Authentication)228
  - Authentication Server228
- Icons Key229
- Ipsec Summary Fields229
- Table 67 VPN Screen Icons Key229
- IKE VPN Rule Summary Screen230
  - Figure 106 Gateway and Network Policies230
  - Figure 107 Ipsec Summary Fields230
  - Configuring an IKE Gateway Policy231
  - Figure 108 VPN Rules (IKE)231
  - Figure 109 VPN Rules (IKE): Gateway Policy: Edit232
  - Table 68 VPN Rules (IKE): Gateway Policy: Edit232
  - Configuring an IKE Network Policy237
- Manual VPN Rule Summary Screen242
  - Figure 111 VPN Rules (IKE): Network Policy Move242
  - Table 70 VPN Rules (IKE): Network Policy Move242
  - Figure 112 VPN Rule (Manual)243
  - Table 71 VPN Rules (Manual)243
  - Editing Manual VPN Rules244
  - Security Parameter Index (SPI)244
  - Figure 113 VPN Rules (Manual): Edit245
  - Table 72 VPN Rules (Manual) Edit245
- Viewing SA Monitor248
- Configuring Global Setting248
- Figure 114 VPN: SA Monitor248
- Table 73 VPN: SA Monitor248
- Telecommuter Vpn/Ipsec Examples249
  - Figure 115 VPN: Global Setting249
  - Table 74 VPN: Global Setting249
  - Figure 116 Telecommuters Sharing One VPN Rule Example250
  - Table 75 Telecommuters Sharing One VPN Rule Example250
  - Telecommuters Sharing One VPN Rule Example250
  - Telecommuters Using Unique VPN Rules Example250
  - Figure 117 Telecommuters Using Unique VPN Rules Example251
  - Table 76 Telecommuters Using Unique VPN Rules Example251
- VPN and Remote Management252
Chapter 15 Certificates253
- Certificates Overview253
  - Advantages of Certificates254
- Self-Signed Certificates254
- Configuration Summary254
- Figure 118 Certificate Configuration Overview254
- My Certificates255
- Figure 119 My Certificates255
- Table 77 My Certificates255
- Certificate File Formats256
- Importing a Certificate257
- Figure 120 My Certificate Import257
- Creating a Certificate258
- Figure 121 My Certificate Create258
- Table 78 My Certificate Import258
- Table 79 My Certificate Create259
- My Certificate Details260
- Figure 122 My Certificate Details261
- Table 80 My Certificate Details262
- Trusted Cas263
- Figure 123 Trusted Cas264
- Table 81 Trusted Cas264
- Importing a Trusted Ca's Certificate265
- Figure 124 Trusted CA Import265
- Trusted CA Certificate Details266
- Table 82 Trusted CA Import266
- Figure 125 Trusted CA Details267
- Table 83 Trusted CA Details267
- Trusted Remote Hosts269
- Figure 126 Trusted Remote Hosts270
- Table 84 Trusted Remote Hosts270
- Verifying a Trusted Remote Host's Certificate271
  - Trusted Remote Host Certificate Fingerprints271
  - Figure 127 Remote Host Certificates271
- Importing a Trusted Remote Host's Certificate272
- Figure 128 Certificate Details272
- Trusted Remote Host Certificate Details273
- Figure 129 Trusted Remote Host Import273
- Table 85 Trusted Remote Host Import273
- Figure 130 Trusted Remote Host Details274
- Table 86 Trusted Remote Host Details274
- Directory Servers276
- Figure 131 Directory Servers276
- Add or Edit a Directory Server277
- Figure 132 Directory Server Add277
- Table 87 Directory Servers277
- Table 88 Directory Server Add278
- Authentication Server279
  - Authentication Server Overview279
  - Local User Database279
  - Radius279
  - Configuring Local User Database279
Chapter 16 Authentication Server279
- Figure 133 Local User Database280
- Configuring RADIUS281
- Figure 134 RADIUS281
- Table 89 Local User Database281
- Table 90 RADIUS282
- Network Address Translation (NAT)283
  - NAT Overview283
    - NAT Definitions283
    - Table 91 NAT Definitions283
Chapter 17 Network Address Translation (NAT)283
- What NAT Does284
- How NAT Works284
- Figure 135 How NAT Works284
- NAT Application285
- Figure 136 NAT Application with IP Alias285
- Port Restricted Cone NAT286
- NAT Mapping Types286
- Figure 137 Port Restricted Cone NAT Example286
- Using NAT287
  - SUA (Single User Account) Versus NAT287
  - Table 92 NAT Mapping Types287
- Configuring NAT Overview288
- Figure 138 NAT Overview288
- Table 93 NAT Overview288
- Configuring Address Mapping289
  - Figure 139 Address Mapping289
  - Address Mapping Edit290
  - Table 94 Address Mapping290
- Port Forwarding291
  - Figure 140 Address Mapping Edit291
  - Table 95 Address Mapping Edit291
  - Default Server IP Address292
  - Figure 183 SNMP292
  - Port Forwarding: Services and Port Numbers292
  - Table 96 Services and Port Numbers292
  - Configuring Servers Behind Port Forwarding (Example)293
  - Figure 141 Multiple Servers Behind NAT Example293
  - Port Translation293
- Configuring Port Forwarding294
- Figure 142 Port Translation Example294
- Figure 143 Port Forwarding295
- Table 97 Port Forwarding295
- Configuring Trigger Port296
- Figure 144 Trigger Port Forwarding Process: Example296
- Figure 145 Port Triggering297
- Table 98 Port Triggering297
Chapter 18 Static Route299
- Static Route Overview299
- Configuring IP Static Route299
Chapter 19 Bandwidth Management303
- Bandwidth Management Overview303
- Bandwidth Classes and Filters303
- Proportional Bandwidth Allocation304
- Application-Based Bandwidth Management304
- Subnet-Based Bandwidth Management304
- Application and Subnet-Based Bandwidth Management304
- Figure 149 Subnet-Based Bandwidth Management Example304
- Table 101 Application and Subnet-Based Bandwidth Management Example304
- Scheduler305
  - Priority-Based Scheduler305
  - Fairness-Based Scheduler305
- Maximize Bandwidth Usage305
  - Reserving Bandwidth for Non-Bandwidth Class Traffic306
  - Maximize Bandwidth Usage Example306
- Bandwidth Borrowing307
  - Table 104 Fairness-Based Allotment of Unused and Unbudgeted Bandwidth Example307
  - Bandwidth Borrowing Example308
  - Maximize Bandwidth Usage with Bandwidth Borrowing308
- Configuring Summary308
- Table 105 Bandwidth Borrowing Example308
- Figure 150 Bandwidth Manager: Summary309
- Table 106 Bandwidth Manager: Summary309
- Configuring Class Setup310
  - Figure 151 Bandwidth Manager: Class Setup310
  - Table 107 Bandwidth Manager: Class Setup310
  - Bandwidth Manager Class Configuration311
  - Figure 152 Bandwidth Manager: Edit Class312
  - Table 108 Bandwidth Manager: Edit Class312
  - Bandwidth Management Statistics314
  - Table 109 Services and Port Numbers314
  - Table 123 SNMP314
- Configuring Monitor315
- Figure 153 Bandwidth Management Statistics315
- Table 110 Bandwidth Management Statistics315
- Figure 154 Bandwidth Manager Monitor316
- Table 111 Bandwidth Manager Monitor316
Chapter 20 DNS319
- DNS Overview319
- DNS Server Address Assignment319
- DNS Servers319
- Address Record320
  - DNS Wildcard320
- Name Server Record320
  - Private DNS Server320
- The System Screen321
- DNS Cache325
- Configure DNS Cache325
- Figure 159 DNS Cache325
- Configuring DNS LAN326
- Table 115 DNS Cache326
- Figure 160 DNS LAN327
- Table 116 DNS LAN327
- Dynamic DNS328
  - DYNDNS Wildcard328
- Configuring Dynamic DNS328
- Figure 161 DDNS329
- Table 117 DDNS329
Chapter 21 Remote Management331
- Remote Management Overview331
  - Remote Management Limitations331
  - Remote Management and NAT332
  - System Timeout332
- Introduction to HTTPS332
- Configuring WWW333
- Figure 162 HTTPS Implementation333
- Figure 163 WWW334
- Table 118 WWW334
- HTTPS Example335
  - Internet Explorer Warning Messages335
  - Figure 164 Security Alert Dialog Box (Internet Explorer)335
  - Netscape Navigator Warning Messages336
  - Avoiding the Browser Warning Messages336
  - Figure 165 Security Certificate 1 (Netscape)336
  - Figure 166 Security Certificate 2 (Netscape)336
  - Login Screen337
  - Figure 167 Login Screen (Internet Explorer)338
  - Figure 168 Login Screen (Netscape)338
  - Figure 169 Replace Certificate339
  - Figure 170 Device-Specific Certificate339
- SSH Overview340
- How SSH Works340
- Figure 171 Common Zywall Certificate340
- Figure 172 SSH Communication Example340
- SSH Implementation on the Zywall341
  - Figure 173 How SSH Works341
  - Requirements for Using SSH342
- Configuring SSH342
- Figure 174 SSH342
- Secure Telnet Using SSH Examples343
  - Example 1: Microsoft Windows343
  - Example 2: Linux343
  - Figure 175 SSH Example 1: Store Host Key343
- Secure FTP Using SSH Example344
- Figure 176 SSH Example 2: Test344
- Figure 177 SSH Example 2: Log in344
- Telnet345
- Configuring TELNET345
- Figure 178 Secure FTP: Firmware Upload Example345
- Figure 179 Telnet Configuration on a TCP/IP Network345
- Configuring FTP346
- Figure 180 Telnet346
- Table 120 Telnet346
- Configuring SNMP347
  - Figure 181 FTP347
  - Table 121 FTP347
  - Figure 182 SNMP Management Model348
  - Remote Management: Snmp349
  - SNMP Traps349
  - Supported Mibs349
  - Table 122 SNMP Traps349
- Configuring DNS351
- Figure 184 DNS351
- Table 124 DNS351
Chapter 22 Upnp353
- Universal Plug and Play Overview353
- Upnp and Zyxel354
- Configuring Upnp354
- Figure 185 Configuring Upnp354
- Table 125 Configuring Upnp354
- Displaying Upnp Port Mapping355
- Figure 186 Upnp Ports355
- Table 126 Upnp Ports355
- Installing Upnp in Windows Example356
  - Installing Upnp in Windows Me357
  - Installing Upnp in Windows XP358
- Using Upnp in Windows XP Example358
  - Auto-Discover Your Upnp-Enabled Network Device359
  - Web Configurator Easy Access360
Chapter 23 Logs Screens363
- Configuring View Log363
- Log Description Example364
- Figure 187 View Log364
- Table 127 View Log364
- Configuring Log Settings365
- Table 128 Example Log Description365
- Figure 188 Log Settings366
- Table 129 Log Settings367
- Configuring Reports368
Chapter 24 Maintenance373
- Maintenance Overview373
- General Setup373
  - General Setup and System Name373
  - Domain Name373
- Configuring Password374
- Figure 193 General Setup374
- Table 135 General Setup374
- Pre-Defined NTP Time Servers List375
- Figure 194 Password Setup375
- Table 136 Password Setup375
- Table 137 Default Time Servers375
- Configuring Time and Date376
  - Figure 195 Time and Date376
  - Table 138 Time and Date377
  - Resetting the Time378
  - Time Server Synchronization378
- Introduction to Transparent Bridging379
- Figure 196 Synchronization in Process379
- Figure 197 Synchronization Is Successful379
- Figure 198 Synchronization Fail379
- Transparent Firewalls380
- Table 139 MAC-Address-To-Port Mapping Table380
- Configuring Device Mode381
- Figure 199 Device Mode (Router Mode)381
- Table 140 Device Mode (Router Mode)381
- Figure 200 Device Mode (Bridge Mode)382
- Table 141 Device Mode (Bridge Mode)382
- F/W Upload Screen383
- Figure 201 Firmware Upload384
- Figure 202 Firmware Upload in Process384
- Table 142 Firmware Upload384
- Configuration Screen385
  - Figure 203 Network Temporarily Disconnected385
  - Figure 204 Firmware Upload Error385
  - Backup Configuration386
  - Figure 205 Configuration386
  - Restore Configuration386
  - Table 143 Restore Configuration386
  - Figure 206 Configuration Upload Successful387
  - Figure 207 Network Temporarily Disconnected387
  - Back to Factory Defaults388
- Restart Screen388
- Figure 208 Configuration Upload Error388
- Figure 209 Reset Warning Message388
- Figure 210 Restart Screen389
Chapter 25 Introducing the SMT391
- Introduction to the SMT391
- Accessing the SMT Via the Console Port391
  - Initial Screen391
  - Entering the Password392
- Navigating the SMT Interface392
- Changing the System Password397
- Figure 215 Menu 23: System Password397
- Resetting the Zywall398
Chapter 26 SMT Menu 1 - General Setup399
- Introduction to General Setup399
- Configuring General Setup399
Chapter 27 WAN and Dial Backup Setup405
- Introduction to WAN and Dial Backup Setup405
- WAN Setup405
- Figure 221 MAC Address Cloning in WAN Setup405
- Dial Backup406
- Configuring Dial Backup in Menu 2406
- Table 152 MAC Address Cloning in WAN Setup406
- Advanced WAN Setup407
- Figure 222 Menu 2: Dial Backup Setup407
- Table 153 Menu 2: Dial Backup Setup407
- Figure 223 Menu 2.1: Advanced WAN Setup408
- Table 154 Advanced WAN Port Setup: at Commands Fields408
- Remote Node Profile (Backup ISP)409
- Figure 224 Menu 11.2: Remote Node Profile (Backup ISP)409
- Table 155 Advanced WAN Port Setup: Call Control Parameters409
- Table 156 Menu 11.3: Remote Node Profile (Backup ISP)410
- Editing PPP Options411
- Editing TCP/IP Options411
- Figure 225 Menu 11.2.1: Remote Node PPP Options411
- Table 157 Menu 11.2.1: Remote Node PPP Options411
- Figure 226 Menu 11.2.2: Remote Node Network Layer Options412
- Table 158 Menu 11.3.2: Remote Node Network Layer Options412
- Editing Login Script413
- Figure 227 Menu 11.2.3: Remote Node Script414
- Table 159 Menu 11.2.3: Remote Node Script414
- Remote Node Filter415
- Figure 228 Menu 11.2.4: Remote Node Filter415
Chapter 28 LAN Setup417
- Introduction to LAN Setup417
- Accessing the LAN Menus417
- LAN Port Filter Setup417
- Figure 229 Menu 3: LAN Setup417
- TCP/IP and DHCP Ethernet Setup Menu418
- Wireless LAN Setup422
Chapter 29 Internet Access425
- Introduction to Internet Access Setup425
- Ethernet Encapsulation425
- Figure 236 Menu 4: Internet Access Setup (Ethernet)425
- Table 165 Menu 4: Internet Access Setup (Ethernet)426
- Configuring the PPTP Client427
- Configuring the Pppoe Client427
- Figure 237 Internet Access Setup (PPTP)427
- Table 166 New Fields in Menu 4 (PPTP) Screen427
- Basic Setup Complete428
- Figure 238 Internet Access Setup (Pppoe)428
- Table 167 New Fields in Menu 4 (Pppoe) Screen428
- DMZ Setup429
Chapter 30 DMZ Setup429
- IP Address430
- IP Alias Setup430
- Figure 241 Menu 5: TCP/IP Setup430
- Figure 242 Menu 5.2: TCP/IP Setup430
- Figure 243 Menu 5.2.1: IP Alias Setup431
Chapter 31 Remote Node Setup433
- Introduction to Remote Node Setup433
- Remote Node Setup433
- Remote Node Profile Setup433
- Edit IP438
- Figure 247 Menu 11.1: Remote Node Profile for PPTP Encapsulation438
- Table 170 Menu 11.1: Remote Node Profile for PPTP Encapsulation438
- Figure 248 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulation439
- Table 171 Remote Node Network Layer Options Menu Fields439
- Remote Node Filter440
- Traffic Redirect441
- Figure 249 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation)441
- Figure 250 Menu 11.1.4: Remote Node Filter (Pppoe or PPTP Encapsulation)441
- Figure 251 Menu 11.1.5: Traffic Redirect Setup442
- Table 172 Menu 11.1.5: Traffic Redirect Setup442
Chapter 32 IP Static Route Setup443
- IP Static Route Setup443
- Figure 252 Menu 12: IP Static Route Setup443
- Figure 253 Menu 12. 1: Edit IP Static Route444
- Table 173 Menu 12. 1: Edit IP Static Route444
Chapter 33 Network Address Translation (NAT)445
- Using NAT445
- NAT Setup447
  - Address Mapping Sets447
- Configuring a Server Behind NAT451
- Figure 260 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set451
- Table 177 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set451
- Figure 261 Menu 15.2.X: NAT Server Configuration452
- Table 178 Menu 15.2.1: NAT Server Configuration452
- Figure 262 Menu 15.2: NAT Server Setup453
- Figure 263 Server Behind NAT Example453
- General NAT Examples454
- Trigger Port Forwarding461
- Introducing the Zywall Firewall463
  - Using Zywall SMT Menus463
    - Activating the Firewall463
    - Figure 277 Menu 21: Filter and Firewall Setup463
Chapter 34 Introducing the Zywall Firewall463
- Figure 278 Menu 21.2: Firewall Setup464
- Filter Configuration465
  - Introduction to Filters465
  - Figure 279 Outgoing Packet Filtering Process465
Chapter 35 Filter Configuration465
- The Filter Structure of the Zywall466
- Figure 280 Filter Rule Process467
- Configuring a Filter Set468
- Example Filter474
- Figure 286 Telnet Filter Example474
- Figure 287 Example Filter: Menu 21.1.3.1475
- Figure 288 Example Filter Rules Summary: Menu 21.1.3475
- Filter Types and NAT476
- Firewall Versus Filters476
- Figure 289 Protocol and Device Filter Sets476
- Applying a Filter477
Chapter 36 SNMP Configuration479
- SNMP Configuration479
- Figure 293 Menu 22: SNMP Configuration479
- Table 184 SNMP Configuration Menu Fields479
- SNMP Traps480
- Table 185 SNMP Traps480
Chapter 37 System Information & Diagnosis481
- Introduction to System Status481
- System Status481
- Figure 294 Menu 24: System Maintenance481
- Figure 295 Menu 24.1: System Maintenance: Status482
- Table 186 System Maintenance: Status Menu Fields482
- System Information and Console Port Speed483
- Log and Trace485
- Diagnostic489
- Firmware and Configuration File Maintenance493
  - Introduction493
  - Filename Conventions493
Chapter 38 Firmware and Configuration File Maintenance493
- Backup Configuration494
- Restore Configuration499
- Uploading Firmware and Configuration Files502
Chapter 39 System Maintenance Menus 8 to 10509
- Command Interpreter Mode509
- Call Control Support511
- Time and Date Setting513
Chapter 40 Remote Management517
- Remote Management517
Chapter 41 Call Scheduling521
- Introduction to Call Scheduling521
- Figure 332 Schedule Setup521
- Figure 333 Schedule Set Setup522
- Table 198 Schedule Set Setup522
- Figure 334 Applying Schedule Set(S) to a Remote Node (Pppoe)523
- Figure 335 Applying Schedule Set(S) to a Remote Node (PPTP)524
Chapter 42 Troubleshooting525
- Problems Starting up the Zywall525
- Problems with the LAN Interface525
- Table 199 Troubleshooting the Start-Up of Your Zywall525
- Table 200 Troubleshooting the LAN Interface525
- Problems with the DMZ Interface526
- Problems with the WAN Interface526
- Table 201 Troubleshooting the DMZ Interface526
- Table 202 Troubleshooting the WAN Interface526
- Problems with Internet Access527
- Problems with Remote Management527
- Problems Accessing the Zywall527
- Product Specifications537
- Table 1 Device Specifications537
- Table 2 Performance537
Appendix A Product Specifications537
- Table 3 Firmware Features538
- Table 4 Feature Specifications539
- Table 5 Compatible Zyxel WLAN Cards and Security Features540
- Figure 1 WLAN Card Installation541
- Figure 2 Console/Dial Backup Port Pin Layout541
- Figure 3 Ethernet Cable Pin Assignments542
- Table 6 Console/Dial Backup Port Pin Assignments542
- Table 7 North American AC Power Adaptor Specifications542
- Table 8 European Union AC Power Adaptor Specifications543
- Table 9 UK AC Power Adaptor Specifications543
- Table 10 Japan AC Power Adaptor Specifications543
- Table 11 Australia and New Zealand AC Power Adaptor Specification544
Appendix B545
- Setting up Your Computer's IP Address545
- Figure 4 Windows 95/98/Me: Network: Configuration546
- Installing Components546
- Figure 5 Windows 95/98/Me: TCP/IP Properties: IP Address547
- Figure 6 Windows 95/98/Me: TCP/IP Properties: DNS Configuration548
- Verifying Settings548
- Figure 7 Windows XP: Start Menu549
- Figure 8 Windows XP: Control Panel549
- Figure 9 Windows XP: Control Panel: Network Connections: Properties550
- Figure 10 Windows XP: Local Area Connection Properties550
- Figure 11 Windows XP: Internet Protocol (TCP/IP) Properties551
- Figure 12 Windows XP: Advanced TCP/IP Properties552
- Figure 13 Windows XP: Internet Protocol (TCP/IP) Properties553
- Figure 14 Macintosh os 8/9: Apple Menu554
- Figure 15 Macintosh os 8/9: TCP/IP554
- Figure 16 Macintosh os X: Apple Menu555
- Macintosh os X555
- Figure 17 Macintosh os X: Network556
Appendix Cip Subnetting557
- Table 12 Classes of IP Addresses557
- Table 13 Allowed IP Address Range by Class558
- Table 14 "Natural" Masks558
- Subnet Masks558
- Table 15 Alternative Subnet Mask Notation559
- Table 16 Two Subnets Example559
- Table 17 Subnet 1560
- Table 18 Subnet 2560
- Table 19 Subnet 1561
- Table 20 Subnet 2561
- Table 21 Subnet 3561
- Table 22 Subnet 4562
- Table 23 Eight Subnets562
- Table 24 Class C Subnet Planning562
- Example Eight Subnets562
- Table 25 Class B Subnet Planning563
- Subnetting with Class a and Class B Networks563
Appendix Dpppoe565
- Figure 18 Single-Computer Per Router Hardware Configuration566
- Figure 19 Zywall as a Pppoe Client566
- How Pppoe Works566
Appendix Epptp567
- Figure 20 Transport PPP Frames over Ethernet567
- Figure 21 PPTP Protocol Overview568
- Figure 22 Example Message Exchange between Computer and an ANT569
Appendix F573
- Wireless Lans573
- Figure 23 Peer-To-Peer Communication in an Ad-Hoc Network573
- Wireless Lan Topologies573
- Figure 24 Basic Service Set574
- Figure 25 Infrastructure WLAN575
- Figure 26 RTS/CTS576
- Fragmentation Threshold576
- Table 26 Ieee802.11G577
- Preamble Type577
- Figure 27 EAP Authentication579
- Types of Authentication580
- Figure 28 WEP Authentication Steps582
- Table 27 Comparison of EAP Authentication Types583
- Table 28 Wireless Security Relational Matrix584
- Figure 29 Roaming Example585
Appendix G Triangle Route587
- Figure 30 Ideal Setup587
- Figure 31 "Triangle Route" Problem588
- Figure 32 IP Alias589
- Figure 33 Gateways on the WAN Side589
Appendix H591
- SIP Passthrough591
- Table 29 SIP Call Progression591
- Figure 34 SIP User Agent Server592
- Sip Servers592
- Figure 35 SIP Proxy Server593
- Sip Redirect Server593
- Figure 37 Zywall SIP ALG595
Appendix I597
- VPN Setup597
- Figure 38 VPN Rules598
- Vpn Configuration598
- Figure 39 Headquarters Gateway Policy Edit599
- Figure 40 Branch Office Gateway Policy Edit600
- Figure 41 Headquarters VPN Rule601
- Figure 42 Branch Office VPN Rule601
- Figure 43 Headquarters Network Policy Edit602
- Figure 44 Branch Office Network Policy Edit603
- Dialing the Vpn Tunnel Via Web Configurator603
- Figure 45 VPN Rule Configured604
- Figure 46 VPN Dial604
- Figure 47 VPN Tunnel Established604
- Vpn Troubleshooting605
- Importing Certificates609
- Figure 50 Security Certificate609
Appendix J Importing Certificates609
- Figure 51 Login Screen610
- Figure 52 Certificate General Information before Import610
- Figure 53 Certificate Import Wizard 1611
- Figure 54 Certificate Import Wizard 2611
- Figure 55 Certificate Import Wizard 3612
- Figure 56 Root Certificate Store612
- Figure 57 Certificate General Information after Import613
- Enrolling and Importing Ssl Client Certificates613
- Figure 58 Zywall Trusted CA Screen614
- Figure 59 CA Certificate Example615
- Figure 60 Personal Certificate Import Wizard 1616
- Figure 61 Personal Certificate Import Wizard 2616
- Figure 62 Personal Certificate Import Wizard 3617
- Figure 63 Personal Certificate Import Wizard 4617
- Figure 64 Personal Certificate Import Wizard 5618
- Figure 65 Personal Certificate Import Wizard 6618
- Figure 66 Access the Zywall Via HTTPS618
- Using a Certificate When Accessing the Zywall Example618
- Figure 67 SSL Client Authentication619
- Figure 68 Zywall Secure Login Screen619
Appendix K Command Interpreter621
Appendix L Firewall Commands623
- Table 30 Firewall Commands623
Appendix M629
- Netbios Filter Commands629
- Table 31 Netbios Filter Default Settings630
- Netbios Filter Configuration630
- Certificates Commands633
- Table 32 Certificates Commands633
Appendix N Certificates Commands633
Appendix O Brute-Force Password Guessing Protection637
- Table 33 Brute-Force Password Guessing Protection Commands637
Appendix P Boot Commands639
- Figure 69 Option to Enter Debug Mode639
- Figure 70 Boot Module Commands640
Appendix Q Log Descriptions641
- Table 34 System Maintenance Logs641
- Table 35 System Error Logs642
- Table 36 Access Control Logs643
- Table 37 TCP Reset Logs643
- Table 38 Packet Filter Logs644
- Table 39 ICMP Logs644
- Table 40 CDR Logs645
- Table 41 PPP Logs645
- Table 42 Upnp Logs645
- Table 43 Content Filtering Logs645
- Table 44 Attack Logs646
- Table 45 Remote Management Logs647
- Table 46 Wireless Logs648
- Table 47 Ipsec Logs648
- Table 48 IKE Logs649
- Table 49 PKI Logs652
- Table 50 Certificate Path Verification Failure Reason Codes653
- Table 51 802.1X Logs653
- Table 52 ACL Setting Notes654
- Table 53 ICMP Notes655
- Table 54 Syslog Logs656
- Table 55 RFC-2408 ISAKMP Payload Types656
- Figure 71 Displaying Log Categories Example657
- Log Commands657
  - Displaying Logs658
  - Figure 72 Displaying Log Parameters Example658
  - Log Command Example659
- Index661

ZyXEL Communications ZYWALL 5 - Figure 61 Smurf Attack; ICMP Vulnerability; Illegal Commands (Netbios and SMTP); Table 45 ICMP Commands that Trigger Alerts

Table of Contents

Other manuals for ZyXEL Communications ZYWALL 5

Related product manuals