Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications 5 Series manual 2

1 824
Download 824 pages, 15.4 Mb
Contents
www.zyxel.com Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Part IV: Advanced Page Page Page Page Page Page Page Page Part VII: Troubleshooting and Product Specifications Part VIII: Appendices and Index Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page PART Introduction Page 1.2 ZyWALL Features 1.3 Applications for the ZyWALL 1.3.2 VPN Application 1.3.3 3G WAN Application (ZyWALL 5 Only) 1.4 Ways to Manage the ZyWALL 1.5Good Habits for Managing the ZyWALL 2.1 General Installation Instructions 2.2Desktop Installation 2.3Rack-mountedInstallation Requirements 2.4Rack-MountedInstallation 2.53G Card, WLAN Card and ZyWALL Turbo Card Installation 2.6 Front Panel Lights Page 3.1 Web Configurator Overview 3.2Accessing the ZyWALL Web Configurator Page 3.3 Resetting the ZyWALL 3.4 Navigating the ZyWALL Web Configurator 3.4.2 Main Window 3.4.3 HOME Screen: Router Mode Page Page Page Page Page 3.4.4 HOME Screen: Bridge Mode Page Page 3.4.5 Navigation Panel Page Page Page Page Page 3.4.6 Port Statistics 3.4.7 Show Statistics: Line Chart 3.4.8 DHCP Table 3.4.9 VPN Status 3.4.10 Bandwidth Monitor Page Page 4.1 Wizard Setup Overview 4.2 Internet Access Page Page Page 4.2.2 Internet Access Wizard: Second Screen 4.2.3 Internet Access Wizard: Registration 4.2.4 Internet Access Wizard: Status 4.2.5 Internet Access Wizard: Service Activation 4.3 VPN Wizard Gateway Setting 4.4 VPN Wizard Network Setting Page 4.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) 4.6 VPN Wizard IPSec Setting (IKE Phase 2) Page 4.7 VPN Wizard Status Summary Page 4.8 VPN Wizard Setup Complete 4.9 Anti-SpamWizard: Email Server Location Setting 4.10 Anti-SpamWizard: Direction Recommendations 4.11Anti-SpamWizard: Direction Configuration Page 4.12 Anti-SpamWizard: Setup Complete 5.1 Dynamic VPN Rule Configuration 5.1.1 Configure Bob’s User Account 5.1.2VPN Gateway and Network Policy Configuration Page Page Page Page Page 5.1.3 Configure Zero Configuration Mode on ZyWALL B 5.1.4Testing Your VPN Configuration Page 5.2Security Settings for VPN Traffic 5.2.1IDP for From VPN Traffic Example 5.2.2 IDP for To VPN Traffic Example 5.3 Firewall Rule for VPN Example 5.3.1 Configuring the VPN Rule Page Page Page 5.3.2 Configuring the Firewall Rules Page Page 5.4 How to Set up a 3G WAN Connection 5.4.2Configuring 3G WAN Settings 5.5 Configuring Load Balancing 5.6 Configuring Content Filtering 5.6.2 Block Categories of Web Content Page 5.6.3 Assign Bob’s Computer a Specific IP Address 5.6.4 Create a Content Filter Policy for Bob 5.6.5 Set the Content Filter Schedule 5.6.6 Block Categories of Web Content for Bob Page Page 6.1 Overview 6.2 The Registration Screen Page 6.3 The Service Screen Page Page Network Page 7.1 Overview 7.1.2What You Need to Know About LAN Page 7.2 The LAN Screen Page Page 7.3 The LAN Static DHCP Screen 7.4 The LAN IP Alias Screen Page 7.5 The LAN Port Roles Screen Page Page 8.1 Overview 8.1.2 What You Need To Know About Bridging 8.2 The Bridge Screen 8.3 The Bridge Port Roles Screen Page 8.4 Bridge Technical Reference STP Terminology How STP Works STP Port States Page 9.1 Overview 9.1.1What You Can Do in the WAN Screens 9.1.2What You Need to Know About WAN Page 9.2 The General Screen WAN 1WAN LAN 9.2.1 Configuring the General Screen Page Page Page 9.2.2 Configuring Load Balancing 9.2.3 Least Load First Page 9.2.4 Weighted Round Robin 9.2.5 Spillover Page 9.3 The WAN1 and WAN2 Screen 9.3.1 WAN Ethernet Encapsulation Page Page 9.3.2 PPPoE Encapsulation Page Page 9.3.3 PPTP Encapsulation Page Page 9.4 The 3G (WAN2) Screen Page Page Page Page 9.5 The Traffic Redirect Screen 9.6 Configuring the Traffic Redirect Screen 9.7 The Dial Backup Screen Page 9.7.1 The Advanced Modem Setup Screen 9.7.2 Configuring the Advanced Modem Setup Screen Page 9.8 WAN Technical Reference 3G Comparison Table Page Page 10.1 Overview 10.1.2 What You Need To Know About DMZ 10.1.3 DMZ Public IP Address Example 10.1.4 DMZ Private and Public IP Address Example 10.2 The DMZ Screen Page Page 10.3 The Static DHCP Screen 10.4 The IP Alias Screen Page 10.5 The DMZ Port Roles Screen Page Page 11.1 Overview 11.2The WLAN Screen Page Page 11.3 WLAN Static DHCP 11.4 WLAN IP Alias Page 11.5 WLAN Port Roles Page Page 12.1 Overview Page Page 12.2Wireless Card Page 12.2.1 Static WEP 12.2.2 WPA-PSK Page 12.2.3 WPA 12.2.4 IEEE 802.1x + Dynamic WEP 12.2.5 IEEE 802.1x + Static WEP 12.2.6 IEEE 802.1x + No WEP 12.2.7 No Access 802.1x + Static WEP 12.2.8 No Access 802.1x + No WEP 12.3 MAC Filter 12.4 Technical Reference IRADIUS EAP Authentication WPA WPA with RADIUS Application Wireless Client WPA Supplicants Page ART Security Page 13.1 Overview 13.2 Firewall Rules Example Page 13.3 The Firewall Default Rule Screen Page 13.4 The Firewall Default Rule (Bridge Mode) Screen Page Page 13.5 The Firewall Rule Summary Screen 13.5.1 The Firewall Edit Rule Screen Page Page 13.6 The Anti-ProbingScreen 13.7 The Firewall Thresholds Screen Page 13.8 The Firewall Services Screen 13.8.1 The Firewall Edit Custom Service Screen 13.8.2 My Service Firewall Rule Example Page Page 13.9 Technical Reference Packet Direction Examples Page Page Page DoS Thresholds Security Considerations 14.1 Overview 14.1.2What You Need To Know About the ZyWALL IDP 14.2The General Setup Screen Page 14.3 The Signatures Screen 14.3.2 Intrusion Severity 14.3.3 Signature Actions 14.3.4 Configuring The IDP Signatures Screen 14.3.5 The Query View Screen Page Page Page Page 14.4 The Anomaly Screen Page 14.5 The Update Screen 14.5.2 Configuring The IDP Update Screen 14.6 The Backup and Restore Screen 14.7 Technical Reference Firewalls and Intrusions IDS and IDP Host IDP Network IDP Example Intrusions Page Page Page 15.1 Overview 15.1.2 What You Need to Know About Antivirus 15.2The General Screen Page 15.3 The Signature Screen Page 15.3.1 Signature Search Example 15.4 The Update Screen 15.4.1 mySecurityZone 15.4.2 Configuring Anti-virusUpdate Page 15.5 The Backup and Restore Screen 15.6 Technical Reference Page Page 16.1 Overview 16.1.2 What You Need to Know About Antispam 16.2 The General Screen Page Page 16.3 The External DB Screen Page 16.4 The Lists Screen Page 16.5 Anti-SpamLists Edit Screen Page 16.6 Technical Reference SpamRepute Engine SpamContent Engine SpamTricks Engine Page 17.1 Overview 17.2General Screen Page Page 17.3 The Policy Screen 17.4 Content Filter Policy: General Page 17.5 Content Filter Policy: External Database Page Page Page Page Page Page 17.6 Content Filter Policy: Customization 17.7 Content Filter Policy: Schedule 17.8 Content Filter Object Page Page 17.9 Content Filtering Cache Page Page 18.1 Overview 18.2 Checking Content Filtering Activation 18.3Viewing Content Filtering Reports Page Page Page Page 18.4 Web Site Submission Page Page 19.1 Overview 19.1.2What You Need to Know About IPSec VPN Page 19.2The VPN Rules (IKE) Screen 19.3 The VPN Rules (IKE) Gateway Policy Edit Screen Page Page Page Page Page 19.4 The Network Policy Edit Screen Page Page Page Page 19.5 The Network Policy Edit: Port Forwarding Screen Page 19.6 The Network Policy Move Screen 19.7 The VPN Rules (Manual) Screen 19.8 The VPN Rules (Manual): Edit Screen Page Page 19.9 The VPN SA Monitor Screen 19.10 The VPN Global Setting Screen Page Page 19.11 Telecommuter VPN/IPSec Examples 19.11.1 Telecommuters Sharing One VPN Rule Example 19.11.2 Telecommuters Using Unique VPN Rules Example Page 19.12 VPN and Remote Management 19.13 Hub-and-spokeVPN 19.13.1 Hub-and-spokeVPN Example 19.13.2 Hub-and-spokeExample VPN Rule Addresses 19.13.3Hub-and-spokeVPN Requirements and Suggestions 19.14IPSec VPN Background Information IKE SA Proposal Page Page Page IPSec SA Overview Page Page Page Additional IPSec VPN Topics Page Page 20.1 Overview 20.1.3 Verifying a Certificate 20.2The My Certificates Screen Page 20.2.1 The My Certificate Details Screen Page Page 20.3 The My Certificate Export Screen 20.4 The My Certificate Import Screen Page 20.5 The My Certificate Create Screen Page Page Page 20.6The Trusted CAs Screen Page 20.7 The Trusted CA Details Screen Page Page 20.8 The Trusted CA Import Screen 20.9 The Trusted Remote Hosts Screen Page 20.10 The Trusted Remote Hosts Import Screen 20.11 The Trusted Remote Host Certificate Details Screen Page 20.12 The Directory Servers Screen 20.13 The Directory Server Add or Edit Screen Page 21.1 Overview 21.2 The Local User Database Screen Page 21.3 The RADIUS Screen Page Page Advanced Page 22.1 Overview 22.2 The NAT Overview Screen Page 22.3 The NAT Address Mapping Screen Page 22.3.1 NAT Address Mapping Edit 22.4 The Port Forwarding Screen 22.4.2Port Forwarding: Services and Port Numbers 22.4.3 Configuring Servers Behind Port Forwarding (Example) 22.4.4 NAT and Multiple WAN 22.4.5 Port Translation 22.4.6 Configuring The Port Forwarding Screen Page 22.5 The Port Triggering Screen 22.5.1Configuring Port Triggering 22.6 Technical Reference Inside/outside and Global/local What NAT Does How NAT Works NAT Application Port Restricted Cone NAT Page 23.1 Overview 23.2The IP Static Route Screen Page 23.2.1 The IP Static Route Edit Screen Page Page 24.1 Overview 24.2 The Policy Route Summary Screen Page 24.2.1 The Policy Route Edit Screen Page Page Page Page 25.1 Overview Page 25.2The Summary Screen Page Page 25.2.1 Maximize Bandwidth Usage Example 25.3The Class Setup Screen Page 25.4 Bandwidth Manager Class Configuration Page Page 25.4.1 Bandwidth Borrowing Example 25.5Bandwidth Management Statistics 25.6 The Monitor Screen 26.1 Overview Page 26.2 The System Screen Page 26.2.1 The Add Address Record Screen 26.2.2 The Insert Name Server Record Screen 26.3 The DNS Cache Screen Page 26.4 The DHCP Screen 26.5 The DDNS Screen 26.6 Configuring the Dynamic DNS Screen Page 27.1 Overview 27.1.2 What You Need To Know About Remote Management 27.2 HTTPS Example 27.2.3 Avoiding the Browser Warning Messages 27.2.4 Login Screen 27.2.5 Enrolling and Importing SSL Client Certificates (Example) 27.2.6Installing the CA’s Certificate (Example) 27.2.7Installing Your Personal Certificate(s) (Example) Page Page 27.2.8 Using a Certificate When Accessing the ZyWALL (Example) 27.2.9 Secure Telnet Using SSH Examples Page 27.3 The WWW Screen 27.4Configuring the WWW Screen Page 27.5 The SSH Screen 27.6 Configuring the SSH Screen 27.7 The Telnet Screen 27.8 The FTP Screen 27.9 The SNMP Screen Page 27.9.1 Configuring the SNMP Screen 27.10 The DNS Screen 27.11 The CNM Screen 27.12 Configuring the CNM Screen Page Page Page Page 28.1 Overview 28.2 UPnP Examples Page 28.2.2Using UPnP in Windows XP Example Page Page Page 28.3 The UPnP Screen 28.4 The Ports Screen Page 29.1 Overview 29.2The Custom Application Screen Page 30.1 Overview Page Page Page 30.2 The ALG Screen Page Reports, Logs and Maintenance Page 31.1 Overview 31.2 The Traffic Statistics Screen Page 31.2.1Viewing Web Site Hits 31.2.2 Viewing Host IP Address 31.2.3 Viewing Protocol/Port Page 31.3 The IDP Screen Page 31.4 The Anti-VirusScreen Page 31.5 The Anti-SpamScreen Page 31.6 The E-mailReport Screen Page Page Page 32.1 Overview 32.2 The View Log Screen 32.2.1 Log Description Example 32.2.2 About the Certificate Not Trusted Log 32.3 The Log Settings Screen Page Page 32.4 Technical Reference Log Descriptions Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page 33.1 Overview 33.2 The General Setup Screen 33.3 The Password Screen 33.4 The Time and Date Screen Page Page 33.4.1 Time Server Synchronization Example 33.5 The Device Mode Screen 33.6 Configuring the Device Mode Screen (Router) 33.7 Configuring the Device Mode Screen (Bridge) Page 33.8 The F/W Upload Screen Page 33.9 The Backup and Restore Screen Page 33.10 The Restart Screen 33.11 The Diagnostics Screen Page Page Page SMT Page 34.1 Introduction to the SMT 34.2 Accessing the SMT via the Console Port 34.3 Navigating the SMT Interface 34.3.1 Main Menu Page 34.3.2 SMT Menus Overview 34.4 Changing the System Password 34.5 Resetting the ZyWALL Page 35.1 Introduction to General Setup 35.2 Configuring General Setup Page 35.2.1 Configuring Dynamic DNS Page Page Page 36.1Introduction to WAN and Dial Backup Setup 36.2 WAN Setup 36.3 Dial Backup 36.3.2Advanced WAN Setup Page 36.3.3 Remote Node Profile (Backup ISP) Page 36.3.4 Editing TCP/IP Options 36.3.5 Editing Login Script Page 36.3.6 Remote Node Filter 36.3.7 3G Modem Setup 36.3.8 Remote Node Profile (3G WAN) Page Page 37.1 Introduction to LAN Setup 37.2 Accessing the LAN Menus 37.3 LAN Port Filter Setup 37.4 TCP/IP and DHCP Ethernet Setup Menu Page 37.4.1 IP Alias Setup Page Page 38.1 Introduction to Internet Access Setup 38.2Ethernet Encapsulation Page 38.3Configuring the PPTP Client 38.4 Configuring the PPPoE Client 38.5 Basic Setup Complete Page 39.1 Configuring DMZ Setup 39.2 DMZ Port Filter Setup 39.3 TCP/IP Setup 39.3.2IP Alias Setup Page 40.1 Configuring Route Setup 40.2 Route Assessment 40.3 Traffic Redirect 40.4 Route Failover Page 41.1Wireless LAN Setup Page 41.1.1 MAC Address Filter Setup 41.2 TCP/IP Setup 41.2.2 IP Alias Setup Page 42.1 Introduction to Remote Node Setup 42.2 Remote Node Setup 42.3 Remote Node Profile Setup 42.3.2 PPPoE Encapsulation Page 42.3.3 PPTP Encapsulation 42.4 Edit IP Page 42.5 Remote Node Filter Page Page 43.1 IP Static Route Setup Page Page Page 44.1Using NAT Page 44.2 NAT Setup 44.2.1Address Mapping Sets Page Page Page Page 44.3Configuring a Server behind NAT Page 44.4 General NAT Examples Page 44.4.2 Example 2: Internet Access with a Default Server 44.4.3 Example 3: Multiple Public IP Addresses With Inside Servers Page Page Page 44.4.4 Example 4: NAT Unfriendly Application Programs 44.5 Trigger Port Forwarding Page Page 45.1 Using ZyWALL SMT Menus Page 46.1 Introduction to Filters 46.1.1 The Filter Structure of the ZyWALL Page 46.2 Configuring a Filter Set 46.2.1 Configuring a Filter Rule 46.2.2 Configuring a TCP/IP Filter Rule Page 46.2.3 Configuring a Generic Filter Rule Page 46.3 Example Filter Page 46.4Filter Types and NAT 46.5 Firewall Versus Filters 46.6Applying a Filter 46.6.1Applying LAN Filters 46.6.2 Applying DMZ Filters 46.6.3 Applying Remote Node Filters Page 47.1 SNMP Configuration 47.2 SNMP Traps 48.1 Introduction to System Status 48.2 System Status Page 48.3 System Information and Console Port Speed 48.3.2 Console Port Speed 48.4 Log and Trace 48.4.2 Syslog Logging Page Page 48.4.3 Call-TriggeringPacket 48.5 Diagnostic 48.5.1 WAN DHCP Page 49.1 Introduction 49.2 Filename Conventions 49.3Backup Configuration 49.3.2 Using the FTP Command from the Command Line 49.3.3Example of FTP Commands from the Command Line 49.3.4 GUI-basedFTP Clients 49.3.5 File Maintenance Over WAN 49.3.6Backup Configuration Using TFTP 49.3.7 TFTP Command Example 49.3.8 GUI-basedTFTP Clients 49.3.9 Backup Via Console Port 49.4Restore Configuration 49.4.1Restore Using FTP 49.4.2 Restore Using FTP Session Example 49.4.3 Restore Via Console Port 49.5 Uploading Firmware and Configuration Files 49.5.2 Configuration File Upload 49.5.3 FTP File Upload Command from the DOS Prompt Example 49.5.4FTP Session Example of Firmware File Upload 49.5.5 TFTP File Upload 49.5.6 TFTP Upload Command Example 49.5.7 Uploading Via Console Port 49.5.8Uploading Firmware File Via Console Port 49.5.9Example Xmodem Firmware Upload Using HyperTerminal 49.5.10Uploading Configuration File Via Console Port 49.5.11Example Xmodem Configuration Upload Using HyperTerminal 50.1 Command Interpreter Mode 50.2 Call Control Support 50.2.2 Call History 50.3 Time and Date Setting Page Page 51.1 Remote Management Page 51.1.1 Remote Management Limitations Page 52.1 IP Routing Policy Summary 52.2 IP Routing Policy Setup Page 52.2.1 Applying Policy to Packets 52.3 IP Policy Routing Example Page Page Page 53.1 Introduction to Call Scheduling Page Page Page Troubleshooting and Product Specifications Page 54.1Power, Hardware Connections, and LEDs 54.2 ZyWALL Access and Login Page 54.3 Internet Access 54.4Wireless Router/AP Troubleshooting 54.5UPnP Page Page Page Compatible ZyXEL WLAN Cards 55.1 Compatible 3G Cards Page 55.2 Power Adaptor Specifications Cable Pin Assignments Page Page Appendices and Index Page Removing a Fuse Installing a Fuse Page Page Page Page Page Wireless LAN Topologies Page Channel RTS/CTS Fragmentation Threshold Preamble Type IEEE 802.11g Wireless LAN Wireless Security Overview IEEE RADIUS Types of EAP Authentication Page Dynamic WEP Key Exchange WPA and WPA2 Page Page Security Parameters Summary Antenna Overview Antenna Characteristics Types of Antennas for WLAN Positioning Antennas Page Page Page Page Copyright Certifications Page ZyXEL Limited Warranty Page Page Page Page Page Page Page Numerics