Manuals
/
Brands
/
Computer Equipment
/
Network Router
/
ZyXEL Communications
/
Computer Equipment
/
Network Router
ZyXEL Communications
100 Series, 200 Series manual
656
1
656
902
902
Download
902 pages, 20.32 Mb
Chapter 41 Certificates
656
ZyWALL USG 100/200 Series User’s Guide
Contents
User’s Guide
www.zyxel.com
Page
About This User's Guide
Page
Document Conventions
Page
Safety Warnings
Page
Contents Overview
Page
Table of Contents
Page
Page
Page
Page
Page
Page
Part III: Firewall
Part IV: VPN
Page
Page
Page
Page
Page
Page
Page
Page
Part X: Maintenance, Troubleshooting, & Specifications
Part XI: Appendices and Index
List of Figures
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
List of Tables
Page
Page
Page
Page
Page
Page
Page
PART
Getting Started
Page
Introducing the ZyWALL
1.1 Overview and Key Default Settings
1.2 Front Panel LEDs
1.3 Management Overview
1.4 Starting and Stopping the ZyWALL
Page
Features and Applications
2.1 Features
Page
2.2 Packet Flow
2.3 Applications
2.3.2 SSL VPN Network Access
2.3.3 User-AwareAccess Control
2.3.4 Multiple WAN Interfaces
2.3.5 Device HA
Page
Web Configurator
3.1 Web Configurator Requirements
3.2 Web Configurator Access
Page
3.3 Web Configurator Main Screen
3.3.2 Navigation Panel
Page
Page
Page
3.3.3 Main Window
3.3.4 Message Bar
Page
Page
Wizard Setup
4.1 Wizard Setup Overview
4.2 Installation Setup, One ISP
4.3 Step 1 Internet Access
4.3.2 Ethernet: Static IP Address Assignment
4.3.3 Step 2 Internet Access Ethernet
Page
4.3.4 PPPoE: Auto IP Address Assignment
4.3.5 PPPoE: Static IP Address Assignment
Page
4.3.6Step 2 Internet Access PPPoE
4.3.7 PPTP: Auto IP Address Assignment
Page
Page
4.3.8 PPTP: Static IP Address Assignment
4.3.9Step 2 Internet Access PPTP
4.3.10 Step 4 Internet Access - Finish
4.4 Device Registration
4.5 Installation Setup, Two Internet Service Providers
Page
4.6 VPN Setup
4.7 VPN Wizards
4.8 VPN Express Wizard - Remote Gateway
4.8.1 VPN Express Wizard - Policy Setting
4.8.2 VPN Express Wizard - Summary
4.8.3VPN Express Wizard - Finish
4.8.4 VPN Advanced Wizard
4.8.5 VPN Advanced Wizard - Remote Gateway
4.8.6 VPN Advanced Wizard - Phase
Page
Page
4.8.7 VPN Advanced Wizard - Phase
4.8.8 VPN Advanced Wizard - Summary
4.8.9 VPN Advanced Wizard - Finish
Page
Page
Configuration Basics
5.1Object-basedConfiguration
5.2 Zones, Interfaces, and Physical Ports
5.2.2Default Interface and Zone Configuration
5.3Terminology in the ZyWALL
5.4 Feature Configuration Overview
5.4.2Interface
5.4.3 Trunks
5.4.4 IPSec VPN
5.4.5 SSL VPN
5.4.6 L2TP VPN
5.4.7 Zones
5.4.8 Device HA
5.4.9 DDNS
5.4.10 Policy Routes
5.4.11Static Routes
5.4.12 Firewall
5.4.13 Application Patrol
5.4.14Anti-Virus
5.4.15 IDP
5.4.16 ADP
5.4.17 Content Filter
5.4.18 Anti-Spam
5.4.19 Virtual Server (Port Forwarding)
5.4.20HTTP Redirect
5.4.21ALG
5.5 Objects
5.6 System Management and Maintenance
5.6.3 Licensing Registration
5.6.4 Licensing Update
5.6.5 Logs and Reports
5.6.6 Diagnostics
Page
Tutorials
6.1 How to Configure Ethernet Interfaces and Port Roles
6.1.2 How to Configure the OPT Interface for a Local Network
Page
6.1.3 How to Configure Port Roles
6.2 How to Configure a Cellular Interface
Page
6.3How to Set Up a WLAN Interface
6.3.2How to Create the WLAN Interface
Page
6.3.3 How to Set Up the Wireless Clients to Use the WLAN Interface
Page
Page
Page
Page
Page
Page
Page
Page
Page
6.4 How to Set Up an IPSec VPN
6.4.2 How to Set Up the VPN Connection
6.4.3 How to Set Up the Policy Route for the VPN Tunnel
6.4.4How to Configure Security Policies for the VPN Tunnel
6.5 How to Configure User-awareAccess Control
6.5.3How to Set Up User Authentication Using the RADIUS Server
6.5.4 How to Set Up Web Surfing Policies With Bandwidth Restrictions
Page
6.5.5 How to Set Up MSN Policies
6.5.6How to Set Up Firewall Rules
6.6How to Configure Load Balancing
6.6.1How to Set Up Available Bandwidth on Ethernet Interfaces
6.6.2How to Configure the Load Balancing in the WAN Trunk
6.7 How to Configure Service Control
Page
Page
6.8 How to Allow Incoming H.323 Peer-to-peerCalls
6.8.1 How to Turn On the ALG
6.8.2 How to Set Up a Virtual Server Policy For H.323
6.8.3 How to Set Up a Firewall Rule For H.323
6.9 How to Use Device HA
6.9.1 Before You Start
6.9.2How to Configure Device HA on the Master ZyWALL
Page
6.9.3How to Configure the Backup ZyWALL
6.9.4 How to Deploy the Backup ZyWALL
6.9.5How to Check Your Device HA Setup
6.10 How to Allow Public Access to a Server
6.10.2 How to Configure a Virtual Server
Page
Page
Status
7.1 Overview
7.2The Status Screen
Page
Page
Page
7.2.1 The CPU Usage Screen
7.2.2 The Memory Usage Screen
7.2.3 The Session Usage Screen
7.2.4 The VPN Status Screen
7.2.5 The DHCP Table Screen
7.2.6 The Port Statistics Screen
7.2.7 The Port Statistics Graph Screen
7.2.8 The Current Users Screen
7.2.9 The Cellular Status Detail Screen
Page
Registration
8.1 Overview
8.2The Registration Screen
Page
Page
8.3 The Service Screen
Page
Signature Update
9.1 Overview
9.2 The Antivirus Update Screen
Page
9.3 The IDP/AppPatrol Update Screen
9.4 The System Protect Update Screen
Page
Page
Network
Page
Interface
10.1 Interface Overview
10.1.2 What You Need to Know About Interfaces
Page
10.2The Interface Status Screen
Page
Page
10.3 The Port Role Screen
10.4 The Ethernet Summary Screen
10.4.1 The Ethernet Edit Screen
Page
Page
Page
Page
Page
Page
10.5 Interface Wizards
10.5.2 Interface Wizard: WAN Type
10.5.3 Interface Wizard: Non-WANOPT Interface Setup
10.5.4 Interface Wizard: WAN Zone and IP Address Assignment
10.5.5 Interface Wizard: WAN ISP Connection Settings
Page
10.5.6 Interface Wizard: Summary (Non-WAN)
10.5.7 Interface Wizard: Summary (WAN)
Page
10.6 The PPP Interfaces Screen
10.6.1 PPP Interface Edit Screen
Page
Page
Page
10.7 Cellular Configuration Screen (3G)
Page
10.7.1 Cellular Add/Edit Screen
Page
Page
10.8 Cellular Status Screen
Page
10.9 WLAN Interface General Screen
Page
10.9.1 WLAN Add/Edit Screen
Page
Page
Page
Page
Page
10.9.2 WLAN Add/Edit Screen: WEP Security
10.9.3 WLAN Add/Edit Screen: WPA-PSK/WPA2-PSKSecurity
10.9.4 WLAN Add/Edit Screen: WPA/WPA2 Security
Page
10.10 WLAN Interface MAC Filter Screen
10.11 WLAN Interface Station Monitor Screen
10.12 VLAN Interface Screen
Page
10.12.1 Configuring the VLAN Summary Screen
10.12.2 Configuring the VLAN Add/Edit Screen
Page
Page
Page
Page
10.13 Bridge Interface Screen
10.13.1 Configuring the Bridge Summary Screen
10.13.2 Configuring the Bridge Add/Edit Screen
Page
Page
Page
10.14 Auxiliary Interface Screen
Page
10.15 Virtual Interface Screen
Page
10.16 Interface Technical Reference
Page
Page
Page
Trunks
11.1 Overview
WAN1
3 WAN2
LAN
Page
11.2The Trunk Summary Screen
11.2.1 The Trunk Edit Screen
Page
11.3 Trunk Technical Reference
Page
Policy and Static Routes
12.1 Policy and Static Routes Overview
12.1.1What You Can Do in the Policy and Static Route Screens
12.1.2What You Need to Know About Policy and Static Routing
12.2Policy Route Screen
Page
12.2.1 Policy Route Edit Screen
Page
12.3 IP Static Route Screen
12.3.1 Static Route Add/Edit Screen
12.4 Policy Routing Technical Reference
NAT and SNAT
Port Triggering
Maximize Bandwidth Usage
Routing Protocols
13.1 Routing Protocols Overview
13.2 The RIP Screen
13.3 The OSPF Screen
Page
Page
13.3.1Configuring the OSPF Screen
13.3.2 OSPF Area Add/Edit Screen
Page
13.4 Routing Protocol Technical Reference
Page
Page
Page
Zones
14.1 Zones Overview
14.2 The Zone Screen
14.2.1 The Zone Edit Screen
Page
DDNS
15.1 DDNS Overview
15.2 The DDNS Screen
15.2.1 The Dynamic DNS Add/Edit Screen
Page
15.3 The DDNS Status Screen
Page
Virtual Servers
16.1 Virtual Servers Overview
16.2The Virtual Server Screen
16.2.1 The Virtual Server Add/Edit Screen
Page
16.3 NAT 1:1 and NAT Loopback Examples
NAT 1:1 Example
Page
Page
Page
NAT Loopback Example
Page
Page
Page
HTTP Redirect
17.1 Overview
17.2 The HTTP Redirect Screen
17.2.1 The HTTP Redirect Edit Screen
Page
ALG
18.1 ALG Overview
18.1.2 What You Need to Know About ALG
Page
18.2 The ALG Screen
Page
18.3 ALG Technical Reference
Page
Page
ART
Firewall
Page
Firewall
19.1 Overview
19.1.2 What You Need to Know About the Firewall
Page
19.1.3Firewall Rule Example Applications
Page
19.1.4 Firewall Rule Configuration Example
Page
Page
19.2 The Firewall Screen
Page
Page
19.2.2 The Firewall Edit Screen
Page
Page
VPN
Page
IPSec VPN
20.1 IPSec VPN Overview
20.1.2What You Need to Know About IPSec VPN
20.1.3Before You Begin
20.2The VPN Connection Screen
Page
20.2.1 The VPN Connection Add/Edit (IKE) Screen
Page
Page
Page
Page
20.2.2 The VPN Connection Add/Edit Manual Key Screen
Page
Page
20.3 The VPN Gateway Screen
20.3.1 The VPN Gateway Add/Edit Screen
Page
Page
Page
Page
20.4 The VPN Concentrator Screen
20.4.1 The VPN Concentrator Add/Edit Screen
20.5 The SA Monitor Screen
Page
20.6 IPSec VPN Background Information
IKE SA Overview
Page
Page
Page
Page
Regular Expressions in Searching IPSec SAs
IPSec SA Overview
Page
Page
Page
Page
Page
SSL VPN
21.1 Overview
Page
21.2The SSL Access Privilege Screen
Page
21.3 The SSL Connection Monitor Screen
21.4 The SSL Global Setting Screen
Page
21.5 Establishing an SSL VPN Connection
Page
Page
SSL User Screens
22.1 Overview
22.2 Remote User Login
Page
22.3The SSL VPN User Screens
22.4 Bookmarking the ZyWALL
22.5 Logging Out of the SSL VPN User Screens
Page
SSL User Application Screens
23.1 SSL User Application Screens Overview
23.2 The Application Screen
Page
SSL User File Sharing
24.1 Overview
24.2The Main File Sharing Screen
24.3 Opening a File or Folder
24.3.1 Downloading a File
24.3.2 Saving a File
24.4 Creating a New Folder
24.5 Renaming a File or Folder
24.6 Deleting a File or Folder
24.7 Uploading a File
L2TP VPN
25.1 Overview
Page
25.2L2TP VPN Screen
25.3 L2TP VPN Session Monitor Screen
Page
Page
L2TP VPN Example
26.1 L2TP VPN Example
26.2Configuring the Default L2TP VPN Gateway Example
26.3Configuring the Default L2TP VPN Connection Example
Page
26.4 Configuring the L2TP VPN Settings Example
26.5Configuring the Policy Route for L2TP Example
26.6Configuring L2TP VPN in Windows XP and
Page
Page
Page
Page
Page
26.6.2 Configuring L2TP in Windows
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Application Patrol
Page
Application Patrol
27.1 Overview
27.1.2What You Need to Know About Application Patrol
Page
Page
Page
27.1.3Application Patrol Bandwidth Management Examples
Page
Page
27.2 Application Patrol General Screen
Page
27.3 Application Patrol Applications
27.3.1 The Application Patrol Edit Screen
Page
27.3.2 The Application Patrol Policy Edit Screen
Page
27.4 The Other Applications Screen
Page
27.4.1 The Other Applications Add/Edit Screen
Page
27.5 Application Patrol Statistics
27.5.2 Application Patrol Statistics: Bandwidth Statistics
27.5.3Application Patrol Statistics: Protocol Statistics
Page
Page
Anti-X
Page
Anti-Virus
28.1 Overview
28.1.2 What You Need to Know About Anti-Virus
28.2 Anti-VirusSummary Screen
Page
28.2.1 Anti-VirusPolicy Add or Edit Screen
Page
28.3 Anti-VirusBlack List
28.4 Anti-VirusBlack List or White List Add/Edit
28.5 Anti-VirusWhite List
28.6 Signature Searching
Page
28.7 Anti-VirusTechnical Reference
Page
Page
IDP
29.1 Overview
29.2 The IDP General Screen
Page
29.2.1 Configuring IDP Policies
29.3 Introducing IDP Profiles
29.4 The Profile Summary Screen
29.5 Creating New Profiles
29.6Profiles: Packet Inspection
Page
Page
29.6.2 Policy Types
29.6.3 IDP Service Groups
29.6.4 Profile > Query View Screen
Page
29.6.5 Query Example
29.7 Introducing IDP Custom Signatures
Page
29.8 Configuring Custom Signatures
29.8.1 Creating or Editing a Custom Signature
Page
Page
Page
29.8.2 Custom Signature Example
Page
Page
29.8.3 Applying Custom Signatures
29.8.4 Verifying Custom Signatures
29.9 IDP Technical Reference
Page
Page
Page
ADP
30.1 Overview
30.2 The ADP General Screen
30.2.1 Configuring ADP Policies
30.3 The Profile Summary Screen
30.3.2 Configuring The ADP Profile Summary Screen
30.3.3 Creating New ADP Profiles
30.3.4 Traffic Anomaly Profiles
Page
30.3.5 Protocol Anomaly Profiles
30.3.6 Protocol Anomaly Configuration
Page
30.4 Technical Reference
Traffic Anomaly Background Information
Page
Page
Page
Protocol Anomaly Background Information
Page
Page
Page
Content Filtering
31.1 Overview
31.1.3Before You Begin
31.2 Content Filter General Screen
Page
31.3 Content Filter Policy Add or Edit Screen
31.4 Content Filter Profile Screen
31.5 Content Filter Categories Screen
Page
Page
Page
Page
Page
Page
31.6 Content Filter Customization Screen
Page
Page
31.7 Content Filter Cache Screen
Page
31.8 Content Filter Technical Reference
External Content Filter Server Lookup Procedure
Page
Page
Content Filter Reports
32.1 Overview
32.2 Viewing Content Filter Reports
Page
Page
Page
Page
32.3 Web Site Submission
Page
Page
Anti-Spam
33.1 Overview
Page
33.2Before You Begin
33.3 The Anti-SpamGeneral Screen
Page
33.3.1 The Anti-SpamPolicy Add or Edit Screen
33.4 The Anti-SpamBlack List Screen
33.4.1 The Anti-SpamBlack or White List Add/Edit Screen
Page
33.5The Anti-SpamWhite List Screen
33.6 The DNSBL Screen
Page
33.6.1 The DNSBL Add/Edit Screen
33.7 The Anti-SpamStatus Screen
Page
Device HA
Page
Device HA
34.1 Overview
34.2 Device HA General
Page
34.3 The Active-PassiveMode Screen
34.3.1 Configuring Active-PassiveMode Device HA
Page
Page
34.4 Configuring an Active-PassiveMode Monitored Interface
34.5 The Legacy Mode Screen
34.6 Configuring the Legacy Mode Screen
Page
34.7 The Legacy Mode Add/Edit Screen
Page
34.8 Device HA Technical Reference
Legacy Mode ZyWALL VRRP Application
Synchronization
Page
Page
Objects
Page
User/Group
35.1 Overview
Page
35.2User Summary Screen
35.2.1 User Add/Edit Screen
Page
35.3 User Group Summary Screen
35.4 Setting Screen
Page
Page
35.4.1 Force User Authentication Policy Add/Edit Screen
35.4.2 User Aware Login Example
35.5 User /Group Technical Reference
Page
Page
Addresses
36.1 Overview
36.2 Address Summary Screen
36.2.1 Address Add/Edit Screen
36.3 Address Group Summary Screen
36.3.1 Address Group Add/Edit Screen
Page
Page
Services
37.1 Overview
37.2The Service Summary Screen
37.2.1 The Service Add/Edit Screen
37.3 The Service Group Summary Screen
37.3.1 The Service Group Add/Edit Screen
Page
Schedules
38.1 Overview
38.2 The Schedule Summary Screen
38.2.1 The One-TimeSchedule Add/Edit Screen
38.2.2 The Recurring Schedule Add/Edit Screen
Page
Page
AAA Server
39.1 Overview
39.1.3 ASAS
39.1.4What You Can Do Using The AAA Screens
39.1.5What You Need To Know About AAA Servers
39.2 Active Directory or LDAP Default Server Screen
39.2.1 Configuring Active Directory or LDAP Default Server Settings
39.3 Active Directory or LDAP Group Summary Screen
Page
39.4 Configuring a Default RADIUS Server
39.5 Configuring a Group of RADIUS Servers
Page
Page
Authentication Method
40.1 Overview
40.2 Viewing Authentication Method Objects
40.3 Creating an Authentication Method Object
Page
Certificates
41.1 Overview
Page
41.1.3Verifying a Certificate
41.2The My Certificates Screen
41.2.1 The My Certificates Add Screen
Page
Page
41.2.2 The My Certificates Edit Screen
Page
Page
41.2.3 The My Certificates Import Screen
41.3 The Trusted Certificates Screen
41.3.1 The Trusted Certificates Edit Screen
Page
Page
41.3.2 The Trusted Certificates Import Screen
41.4 Certificates Technical Reference
OCSP
Page
SSL Application
42.1 Overview
42.2 The SSL Application Screen
42.2.1 Creating/Editing a Web-basedSSL Application Object
42.2.2 Creating/Editing a File Sharing SSL Application Object
Page
Page
System
Page
System
43.1 Overview
43.2Host Name
43.3 Date and Time
Page
43.3.1 Pre-definedNTP Time Servers List
43.3.2 Time Server Synchronization
43.4 Console Port Speed
43.5 DNS Overview
43.5.2 Configuring the DNS Screen
Page
43.5.3 Address Record
43.5.4 PTR Record
43.5.5 Adding an Address/PTR Record
43.5.6 Domain Zone Forwarder
43.5.7 Adding a Domain Zone Forwarder
43.5.8 MX Record
43.5.9 Adding a MX Record
43.6 WWW Overview
43.6.1 Service Access Limitations
43.6.2System Timeout
43.6.3 HTTPS
43.6.4 Configuring WWW
Page
43.6.5 Service Control Rules
43.6.6 HTTPS Example
Page
Page
Page
Page
Page
Page
43.7 SSH
43.7.1 How SSH Works
43.7.2 SSH Implementation on the ZyWALL
43.7.3 Requirements for Using SSH
43.7.4 Configuring SSH
43.7.5 Secure Telnet Using SSH Examples
43.8Telnet
43.9 FTP
43.9.1 Configuring FTP
43.10 SNMP
43.10.1Supported MIBs
43.10.2 SNMP Traps
43.10.3 Configuring SNMP
43.11 Dial-inManagement
43.12 Vantage CNM
Page
43.13 Language Screen
Maintenance
Troubleshooting, &
Specifications
Page
File Manager
44.1 Overview
Page
44.2 The Configuration File Screen
Page
Page
44.3 The Firmware Package Screen
Page
44.4 The Shell Script Screen
Page
Page
Logs
45.1 Overview
45.2What You Can Do In The Log Screens
45.3View Log Screen
Page
45.4 Log Setting Screens
45.4.1 Log Setting Summary
45.4.2 Edit System Log Settings
Page
Page
45.4.3 Edit Remote Server Log Settings
Page
45.4.4 Active Log Summary Screen
Page
Page
Reports
46.1 Overview
46.2 The Traffic Statistics Screen
Page
Page
46.3 The Session Screen
Page
46.4 The Anti-VirusReport Screen
46.5 The IDP Report Screen
Page
46.6 The Anti-SpamReport Screen
Page
46.7 The Email Daily Report Screen
Page
Page
Page
Diagnostics
47.1 The Diagnostics Screen
Page
Reboot
48.1 Overview
48.2 The Reboot Screen
Page
Troubleshooting
Page
Page
49.1 Resetting the ZyWALL
49.2 Getting More Troubleshooting Help
Product Specifications
50.1 General Specifications
Page
Page
Page
Page
50.2 3G or WLAN PCMCIA Card Installation
50.3 Power Adaptor Specifications
Page
Page
Appendices and
Index
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Windows XP
Windows
Windows 98 SE/Me
Page
Page
Page
Import ZyWALL Certificates into Netscape Navigator
Importing the ZyWALL’s Certificate into Internet Explorer
Page
Page
Page
Page
Page
Wireless LAN Topologies
Page
Channel
RTS/CTS
Fragmentation Threshold
Preamble Type
IEEE 802.11g Wireless LAN
Wireless Security Overview
IEEE
RADIUS
Types of EAP Authentication
Page
Dynamic WEP Key Exchange
WPA and WPA2
Page
Page
Security Parameters Summary
Antenna Overview
Antenna Characteristics
Types of Antennas for WLAN
Positioning Antennas
Notice
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Copyright
Certifications (Class B)
Page
ZyXEL Limited Warranty
Page
Page
Page
Page
Page
Page
Page
Index
