Chapter 6 Configuration Basics

The DMZ zone contains the ge4, ge5, and ge6 interfaces (physical ports P4, P5, and P6). The DMZ zone has servers that are available to the public. These interface uses private IP addresses 192.168.2.1, 192.168.3.1, and 192.168.4.1.

Interfaces ge7 and ge8 interfaces (physical ports P7 and P8) are not part of a zone by default. Add them to zones to apply security policies.

6.3Terminology in the ZyWALL

This section highlights some differences in terminology or organization between the ZLD-based ZyWALL and other routers, particularly ZyNOS routers.

Table 14 ZLD ZyWALL Terminology That is Different Than ZyNOS

ZYNOS FEATURE / TERM

ZLD ZYWALL FEATURE / TERM

IP alias

Virtual interface

 

 

Gateway policy

VPN gateway

 

 

Network policy (IPSec SA)

VPN connection

 

 

Hub-and-spoke VPN

(VPN) concentrator

 

 

Table 15 ZLD ZyWALL Terminology That Might Be Different Than Other Products

FEATURE / TERM

ZLD ZYWALL FEATURE / TERM

Source NAT (SNAT)

Policy route

 

 

Table 16 NAT: Differences Between ZLD ZyWALL and ZyNOS

ZYNOS FEATURE / SCREEN

ZLD ZYWALL FEATURE / SCREEN

Trigger port, port triggering

Policy route

 

 

Address mapping

Policy route

 

 

Address mapping (VPN)

IPSec VPN

 

 

Table 17 Bandwidth Management: Differences Between the ZLD ZyWALL and ZyNOS

ZYNOS FEATURE / SCREEN

ZLD ZYWALL FEATURE / SCREEN

Interface bandwidth management

Interface

(outbound)

 

 

 

OSI level-7 bandwidth management

Application patrol

 

 

General bandwidth management

Policy route

 

 

 

99

ZyWALL USG 2000 User’s Guide