Manuals / Brands / Computer Equipment / Network Card / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications 2 Plus manual

1 686

Download 686 pages, 21.41 Mb

ZyWALL 2 Plus

Internet Security Appliance

User’s Guide

Version 4.03 12/2007 Edition 1

www.zyxel.com

Contents

www.zyxel.com Page Page Page Page Page Page Page Part I: Introduction and Registration Page Page Page Page Page Page Page Page Page Page Page Page Page Page Part VII: Troubleshooting and Specifications Part VIII: Appendices and Index Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page PART Introduction and Registration Page 1.1 ZyWALL Internet Security Appliance Overview 1.2 Applications for the ZyWALL 1.3 Ways to Manage the ZyWALL 1.4 Good Habits for Managing the ZyWALL 1.5LEDs Page 2.1 Web Configurator Overview 2.2Accessing the ZyWALL Web Configurator Page 2.3 Resetting the ZyWALL 2.4 Navigating the ZyWALL Web Configurator 2.4.2 Main Window 2.4.3 HOME Screen: Router Mode Page 2.4.4 HOME Screen: Bridge Mode Page Page 2.4.5 Navigation Panel Page Page Page 2.4.6 Port Statistics 2.4.7 DHCP Table Screen 2.4.8 VPN Status 2.4.9 Bandwidth Monitor Page 3.1 Wizard Setup Overview 3.2 Internet Access Page Page Page Page 3.2.2 Internet Access Wizard: Second Screen 3.2.3 Internet Access Wizard: Registration Page Page 3.3 VPN Wizard Gateway Setting 3.4 VPN Wizard Network Setting Page 3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) 3.6 VPN Wizard IPSec Setting (IKE Phase 2) Page 3.7 VPN Wizard Status Summary Page 3.8 VPN Wizard Setup Complete Page 4.1Security Settings for VPN Traffic 4.1.2 Configuring the VPN Rule Page Page 4.1.3 Configuring the Firewall Rules Page Page Page 4.2 Using NAT with Multiple Public IP Addresses 4.2.2 Configuring the WAN Connection with a Static IP Address Page Page 4.2.3 Public IP Address Mapping Page Page Page 4.2.4Forwarding Traffic from the WAN to a Local Computer Page 4.2.5 Allow WAN-to-LANTraffic through the Firewall Page Page Page Page Page Page 4.3 Using NAT with Multiple Game Players 4.4How to Manage the ZyWALL’s Bandwidth 4.4.2 Configuring Bandwidth Management Rules Page Page Page 4.5 Configuring Content Filtering 4.5.2 Block Categories of Web Content Page 4.5.3 Assign Bob’s Computer a Specific IP Address 4.5.4 Create a Content Filter Policy for Bob 4.5.5 Set the Content Filter Schedule 4.5.6 Block Categories of Web Content for Bob Page 5.1 myZyXEL.com overview 5.2 Registration 5.3 Service Page Network Page 6.1 LAN, WAN and the ZyWALL 6.2 IP Address and Subnet Mask 6.2.1 Private IP Addresses 6.3 DHCP 6.4 RIP Setup 6.5 Multicast 6.6 WINS 6.7 LAN Page Page 6.8 LAN Static DHCP 6.9 LAN IP Alias Page 6.10 LAN Port Roles Page Page 7.1 Bridge Loop 7.2 Spanning Tree Protocol (STP) 7.3 Bridge Page 7.4 Bridge Port Roles Page 8.1WAN Overview 8.2TCP/IP Priority (Metric) 8.3 WAN Route Page 8.4 WAN IP Address Assignment 8.5DNS Server Address Assignment 8.6WAN MAC Address 8.7 WAN Page Page 8.7.2 PPPoE Encapsulation Page Page 8.7.3 PPTP Encapsulation Page Page 8.8 Traffic Redirect 8.9 Configuring Traffic Redirect 8.10 Configuring Dial Backup Page Page 8.11 Advanced Modem Setup 8.12 Configuring Advanced Modem Setup Page 9.1 DMZ 9.2 Configuring DMZ Page Page 9.3 DMZ Static DHCP 9.4 DMZ IP Alias Page 9.5 DMZ Public IP Address Example 9.6 DMZ Private and Public IP Address Example 9.7 DMZ Port Roles Page Page 10.1 Wireless LAN Introduction 10.2 Configuring WLAN Page Page 10.3 WLAN Static DHCP 10.4 WLAN IP Alias Page 10.5 WLAN Port Roles Page ART Security Page 11.1 Firewall Overview 11.2 Packet Direction Matrix 11.3 Packet Direction Examples Page 11.3.1 To VPN Packet Direction 11.3.2 From VPN Packet Direction Page 11.3.3 From VPN To VPN Packet Direction 11.4Security Considerations 11.5 Firewall Rules Example 11.6 Asymmetrical Routes 11.7 Firewall Default Rule (Router Mode) Page 11.8 Firewall Default Rule (Bridge Mode) Page 11.9 Firewall Rule Summary Page 11.9.1 Firewall Edit Rule Page Page 11.10 Anti-Probing 11.11 Firewall Thresholds 11.12 Threshold Screen Page 11.13 Service 11.13.1 Firewall Edit Custom Service 11.14 My Service Firewall Rule Example Page Page Page Page Page 12.1 Content Filtering Overview 12.2 Content Filtering with an External Database 12.3Content Filter General Screen Page Page 12.4 Content Filter Policy Page 12.5 Content Filter Policy: General 12.6 Content Filter Policy: External Database Page Page Page Page Page Page 12.7 Content Filter Policy: Customization Page 12.8 Content Filter Policy: Schedule 12.9 Content Filter Object Page 12.10 Customizing Keyword Blocking URL Checking 12.11 Content Filtering Cache Page 13.1 Checking Content Filtering Activation 13.2Viewing Content Filtering Reports Page Page Page Page 13.3 Web Site Submission Page Page 14.1 IPSec VPN Overview 14.1.1 IKE SA Overview 14.2 VPN Rules (IKE) Page 14.3 IKE SA Setup Page Page Page 14.4 Additional IPSec VPN Topics 14.4.1 SA Life Time 14.4.2IPSec High Availability 14.4.3 Encryption and Authentication Algorithms 14.5 VPN Rules (IKE) Gateway Policy Edit Page Page Page Page Page 14.6 IPSec SA Overview 14.6.2 Virtual Address Mapping 14.6.3 Active Protocol 14.6.4Encapsulation 14.7 VPN Rules (IKE) Network Policy Edit Page Page Page Page 14.8 Network Policy Port Forwarding Page 14.9 Network Policy Move 14.10 IPSec SA Using Manual Keys 14.11VPN Rules (Manual) Page 14.12 VPN Rules (Manual) Edit Page 14.13 VPN SA Monitor 14.14 VPN Global Setting Page Page 14.15 Telecommuter VPN/IPSec Examples 14.15.2 Telecommuters Using Unique VPN Rules Example 14.16 VPN and Remote Management 14.17 Hub-and-spokeVPN 14.17.1 Hub-and-spokeVPN Example 14.17.2 Hub-and-spokeExample VPN Rule Addresses 14.17.3 Hub-and-spokeVPN Requirements and Suggestions 15.1 Certificates Overview 15.2Self-signedCertificates 15.3 Verifying a Certificate 15.4Configuration Summary 15.5 My Certificates Page 15.6 My Certificate Details Page 15.7 My Certificate Export 15.8 My Certificate Import Page 15.9 My Certificate Create Page Page Page Page 15.10 Trusted CAs Page 15.11 Trusted CA Details Page 15.12 Trusted CA Import 15.13 Trusted Remote Hosts 15.14 Trusted Remote Host Certificate Details Page Page 15.15 Trusted Remote Hosts Import 15.16 Directory Servers 15.17 Directory Server Add or Edit Page 16.1 Authentication Server Overview 16.2 Local User Database Page 16.3 RADIUS Page Page Advanced Page 17.1 NAT Overview 17.1.2What NAT Does 17.1.3 How NAT Works 17.1.4 NAT Application 17.1.5 Port Restricted Cone NAT 17.1.6 NAT Mapping Types 17.2Using NAT 17.3 NAT Overview Screen 17.4 NAT Address Mapping Page 17.4.2 NAT Address Mapping Edit 17.5 Port Forwarding 17.5.2Port Forwarding: Services and Port Numbers 17.5.3 Configuring Servers Behind Port Forwarding (Example) 17.5.4 Port Translation 17.6 Port Forwarding Screen Page 17.7 Port Triggering Page Page 18.1 IP Static Route 18.2 IP Static Route 18.2.1 IP Static Route Edit Page 19.1 Bandwidth Management Overview 19.2 Bandwidth Classes and Filters 19.3 Proportional Bandwidth Allocation 19.4 Application-basedBandwidth Management 19.5 Subnet-basedBandwidth Management 19.6 Application and Subnet-basedBandwidth Management 19.7 Scheduler 19.7.5Maximize Bandwidth Usage Example 19.8Bandwidth Borrowing 19.9Maximize Bandwidth Usage With Bandwidth Borrowing 19.10Over Allotment of Bandwidth 19.11 Configuring Summary 19.12 Configuring Class Setup 19.12.1 Bandwidth Manager Class Configuration Page Page 19.12.2 Bandwidth Management Statistics Monitor Page 20.1 DNS Overview 20.2 DNS Server Address Assignment 20.3DNS Servers 20.4 Address Record 20.5 Name Server Record 20.6System Screen 20.6.1 Adding an Address Record 20.6.2 Inserting a Name Server Record Page 20.7 DNS Cache 20.8 Configure DNS Cache 20.9 Configuring DNS DHCP Page 20.10 Dynamic DNS 20.11Configuring Dynamic DNS Page Page 21.1 Remote Management Overview 21.2 WWW (HTTP and HTTPS) 21.3WWW Configuration 21.4 HTTPS Example 21.4.1 Internet Explorer Warning Messages 21.4.2 Netscape Navigator Warning Messages 21.4.3 Avoiding the Browser Warning Messages 21.4.4Login Screen Page 21.5 SSH 21.6 How SSH Works 21.7 SSH Implementation on the ZyWALL 21.8 Configuring SSH 21.9 Secure Telnet Using SSH Examples 21.9.2 Example 2: Linux 21.10Secure FTP Using SSH Example 21.11 Telnet 21.12 Configuring TELNET 21.13 FTP 21.14 SNMP 21.14.1Supported MIBs 21.14.2 SNMP Traps 21.14.3 REMOTE MANAGEMENT: SNMP Page 21.15 DNS 21.16 Introducing Vantage CNM 21.17 Configuring CNM 21.17.1 Additional Configuration for Vantage CNM Page 22.1 Universal Plug and Play Overview 22.2 Configuring UPnP 22.3 Displaying UPnP Port Mapping 22.4 Installing UPnP in Windows Example 22.4.1 Installing UPnP in Windows Me 22.5Using UPnP in Windows XP Example 22.5.1Auto-discoverYour UPnP-enabledNetwork Device 22.5.2 Web Configurator Easy Access Page Page 23.1 Custom Applicaton 23.2Custom Applicaton Configuration Page 24.1 ALG Introduction 24.2 FTP 24.4 RTP 24.5SIP 24.6 ALG Screen Page Page Logs and Maintenance Page 25.1 Configuring View Log 25.2 Log Description Example 25.2.1 About the Certificate Not Trusted Log 25.3 Configuring Log Settings Page Page 25.4 Configuring Reports Page 25.4.1Viewing Web Site Hits 25.4.2 Viewing Host IP Address 25.4.3 Viewing Protocol/Port Page 25.5 Log Descriptions Page Page Page Page Page Page Page Page Page Page Page Page Page Page 25.6 Syslog Logs Page 26.1 Maintenance Overview 26.2 General Setup and System Name 26.3 Configuring Password 26.4 Time and Date Page Page 26.5 Pre-definedNTP Time Server Pools 26.6 Introduction To Transparent Bridging 26.7Transparent Firewalls 26.8 Configuring Device Mode (Router) 26.9 Configuring Device Mode (Bridge) Page 26.10 F/W Upload Screen Page 26.11 Backup and Restore 26.11.1 Backup Configuration 26.11.2 Restore Configuration 26.12 Restart Screen 26.13 Diagnostics Page Page SMT Page 27.1 Introduction to the SMT 27.2 Accessing the SMT via the Console Port 27.3 Navigating the SMT Interface 27.3.1 Main Menu Page 27.3.2 SMT Menus Overview 27.4 Changing the System Password 27.5 Resetting the ZyWALL Page 28.1 Introduction to General Setup 28.2 Configuring General Setup 28.2.1 Configuring Dynamic DNS Page Page Page Page 29.1Introduction to WAN and Dial Backup Setup 29.2 WAN Setup 29.3 Dial Backup 29.4 Configuring Dial Backup in Menu 29.5Advanced WAN Setup Page 29.6 Remote Node Profile (Backup ISP) Page 29.7 Editing TCP/IP Options 29.8 Editing Login Script 29.9 Remote Node Filter Page 30.1 Introduction to LAN Setup 30.2 Accessing the LAN Menus 30.3 LAN Port Filter Setup 30.4 TCP/IP and DHCP Ethernet Setup Menu Page Page 30.4.1 IP Alias Setup Page 31.1 Introduction to Internet Access Setup 31.2 Ethernet Encapsulation Page 31.3Configuring the PPTP Client 31.4 Configuring the PPPoE Client 31.5 Basic Setup Complete 32.1 Configuring DMZ Setup 32.2 DMZ Port Filter Setup 32.3 TCP/IP Setup 32.3.2IP Alias Setup Page 33.1 TCP/IP Setup 33.1.2 IP Alias Setup Page Page 34.1 Introduction to Remote Node Setup 34.2 Remote Node Setup 34.3 Remote Node Profile Setup 34.3.1 Ethernet Encapsulation 34.3.2 PPPoE Encapsulation Page 34.3.3 PPTP Encapsulation 34.4 Edit IP Page 34.5 Remote Node Filter 34.6 Traffic Redirect Page 35.1 IP Static Route Setup Page 36.1Using NAT Page 36.2 NAT Setup Page Page Page Page 36.3Configuring a Server behind NAT Page 36.4 General NAT Examples Page 36.4.2 Example 2: Internet Access with a Default Server 36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers Page Page Page 36.4.4 Example 4: NAT Unfriendly Application Programs 36.5 Trigger Port Forwarding Page 37.1 Using ZyWALL SMT Menus Page 38.1 Introduction to Filters 38.1.1 The Filter Structure of the ZyWALL Page 38.2 Configuring a Filter Set Page 38.2.1 Configuring a Filter Rule 38.2.2 Configuring a TCP/IP Filter Rule Page Page 38.2.3 Configuring a Generic Filter Rule 38.3 Example Filter Page 38.4Filter Types and NAT 38.5 Firewall Versus Filters 38.6Applying a Filter 38.6.1Applying LAN Filters 38.6.2 Applying DMZ Filters 38.6.3 Applying Remote Node Filters Page 39.1 SNMP Configuration 39.2 SNMP Traps 40.1 Introduction to System Status 40.2 System Status Page 40.3 System Information and Console Port Speed 40.4 Log and Trace 40.4.2 Syslog Logging Page Page 40.4.3 Call-TriggeringPacket 40.5 Diagnostic 40.5.1 WAN DHCP Page Page 41.1 Introduction 41.2 Filename Conventions 41.3Backup Configuration 41.3.2 Using the FTP Command from the Command Line 41.3.3 Example of FTP Commands from the Command Line 41.3.4 GUI-basedFTP Clients 41.3.5 File Maintenance Over WAN 41.3.6 Backup Configuration Using TFTP 41.3.7 TFTP Command Example 41.3.8 GUI-basedTFTP Clients 41.3.9 Backup Via Console Port 41.4Restore Configuration 41.4.2Restore Using FTP Session Example 41.5 Uploading Firmware and Configuration Files 41.5.1Firmware File Upload 41.5.2 Configuration File Upload 41.5.3 FTP File Upload Command from the DOS Prompt Example 41.5.4 FTP Session Example of Firmware File Upload 41.5.5 TFTP File Upload 41.5.6 TFTP Upload Command Example 41.5.7 Uploading Via Console Port 41.5.8Uploading Firmware File Via Console Port 41.5.9Example Xmodem Firmware Upload Using HyperTerminal 41.5.10Uploading Configuration File Via Console Port 41.5.11 Example Xmodem Configuration Upload Using HyperTerminal Page 42.1 Command Interpreter Mode 42.1.1 Command Syntax 42.1.2 Command Usage 42.2 Call Control Support 42.2.2 Call History 42.3 Time and Date Setting Page Page Page 43.1 Remote Management Page 43.1.1 Remote Management Limitations Page 44.1 Introduction to Call Scheduling Page Page Page Troubleshooting and Specifications Page 45.1Power, Hardware Connections, and LEDs 45.2 ZyWALL Access and Login Page 45.3Internet Access Page 45.4Wireless Router/AP Troubleshooting 45.5UPnP Page Page 46.1 General ZyWALL Specifications Page 46.2 Cable Pin Assignments Page 46.3 Wall-mountingInstructions Page Appendices and Index Page Windows 95/98/Me Page Page Windows 2000/NT/XP Page Page Page Page Macintosh OS 8/9 Page Macintosh OS Linux Page Page Page Page Internet Explorer Pop-upBlockers Page Page JavaScripts Java Permissions Mozilla Firefox Page Page Introduction to IP Addresses Structure Subnet Masks Notation Subnetting Example: Four Subnets Example: Eight Subnets Subnet Planning Configuring IP Addresses Page Page Page Page Import ZyWALL Certificates into Netscape Navigator Importing the ZyWALL’s Certificate into Internet Explorer Page Page Page Enrolling and Importing SSL Client Certificates Page Page Page Page Using a Certificate When Accessing the ZyWALL Example Page Page Copyright Certifications ZyXEL Limited Warranty Page Page Page Page Page Page Page Page Numerics