Manuals / Brands / Computer Equipment / Network Card / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications ZYWALL10 14.1.1 View Firewall Log, 14.1.2 Attack Types, Yes, Land, IP Spoofing, Firewall log, Figure 14-3Menu 21.2 — Firewall Setup

1 267

Download 267 pages, 2.84 Mb

ZyWALL 10 Internet Security Gateway

Menu 21.2 - Firewall Setup

The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets

1.allow all sessions originating from the LAN to the WAN and

2.deny all sessions originating from the WAN to the LAN

You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so

Active: No

LAN-to-WAN Set Name: ACL Default Set

WAN-to-LAN Set Name: ACL Default Set

Please configure the Firewall function through ZyWALL Web Configurator.

Press ENTER to Confirm or ESC to Cancel:

Figure 14-3 Menu 21.2 — Firewall Setup

Configure the firewall rules using the ZyWALL Web Configurator or CLI commands.

14.1.1 View Firewall Log

Enter option 3 from menu 21 to view the firewall log. Firewall logs may also be viewed from the ZyWALL Web Configurator or may be sent to a syslog server using SMT Menu 24.3.2 - System Maintenance - UNIX Syslog and setting the Firewall log field to Yes. Attack types that may be displayed in the “Reason” column of the firewall log are briefly described in Table 14-4 View Firewall Log.

14.1.2 Attack Types

Land

In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.

IP Spoofing

IP Spoofing may be used to break into systems, to hide the hacker's identity, or to magnify the effect of the DoS attack. IP Spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into thinking that the communications are coming from within the trusted network. To engage in IP spoofing, a hacker must modify the packet headers so that it appears that the packets originate from a trusted host and should be allowed through the router or firewall. The ZyWALL blocks all IP Spoofing attempts.

14-2	Introducing the ZyWALL Firewall

Contents

User’s Guide Copyright Federal Communications Commission (FCC) Interference Statement Information for Canadian Users Standard Declaration of Conformity ZyXEL Communications Corp No. 6, Innovation Rd. II Science-BasedIndustrial Park Hsinchu, Taiwan, 300 R.O.C Page ZyXEL Limited Warranty Customer Support Table of Contents Chapter 4 Remote Node Setup Chapter 5 IP Static Route Setup Chapter 6 Network Address Translation (NAT) Chapter 9 System Information & Diagnosis Chapter 10 Firmware and Configuration File Maintenance Chapter 12 Telnet Configuration and Capabilities Chapter 13 What is a Firewall Chapter 14 Introducing the ZyWALL Firewall Chapter 16 Creating Custom Rules Appendix B PPTP Appendix C Hardware Specifications Appendix D Important Safety Instructions Page List of Figures Page Page Page Page Page List of Tables Page Page Page Preface Related Documentation Syntax Conventions Bold Times Bold Arial Part I: Getting Started Page Getting to Know Your ZyWALL 1.1The ZyWALL 10 Internet Security Gateway 1.2Features of The ZyWALL PPTP Encapsulation Dynamic DNS Support IP Multicast IP Alias SNMP 1.3Applications for ZyWALL 1.3.1 Broadband Internet Access via Cable or xDSL Modem Figure 1-1Secure Internet Access via Cable Figure 1-2Secure Internet Access via DSL Hardware Installation & Initial Setup 2.1Front Panel LEDs and Back Panel Ports 2.1.1 Front Panel LEDs 2.2ZyWALL 10 Rear Panel and Connections 2.3Additional Installation Requirements 2.4Turn On Your ZyWALL 2.5Navigating the SMT Interface Table 2-2Main Menu Commands 2.5.1 Main Menu 2.5.2 System Management Terminal Interface Summary 2.5.3 SMT Menus at a Glance 2.6Changing the System Password 2.6.1 Resetting the ZyWALL 2.7General Setup 2.7.1 Dynamic DNS 2.7.2 Procedure For Configuring Menu 2.7.3 Configuring Dynamic DNS 2.8WAN Setup 2.9LAN Setup 2.9.1 LAN Port Filter Setup Internet Access 3.1TCP/IP and DHCP for LAN 3.1.1 Factory LAN Defaults 3.1.2 DHCP Configuration 3.1.3 IP Address and Subnet Mask 3.1.4 Private IP Addresses 3.1.5 RIP Setup 3.1.6 IP Multicast 3.1.7 IP Alias 3.2TCP/IP and DHCP Ethernet Setup Figure 3-3Menu 3 — LAN Setup TCP/IP and DHCP Setup Menu 3.2 — TCP/IP and DHCP Ethernet Setup Figure 3-4Menu 3.2 — TCP/IP and DHCP Ethernet Setup Table 3-1DHCP Ethernet Setup Menu Fields Table 3-2LAN TCP/IP Setup Menu Fields 3.2.1 IP Alias Setup 3.3Internet Access Setup 3.3.1 Ethernet Encapsulation Figure 3-6Menu 4 — Internet Access Setup (Ethernet) Table 3-4Internet Access Setup Menu Fields 3.3.2 PPTP Encapsulation 3.3.3 Configuring the PPTP Client 3.3.4 PPPoE Encapsulation Figure 3-8Internet Access Setup (PPPoE) Table 3-6New Fields in Menu 4 (PPPoE) screen Service Name 3.4Basic Setup Complete Part II: Advanced Applications Remote Node Setup 4.1Remote Node Profile 4.1.1 Ethernet Encapsulation Table 4-1Fields in Menu 4.1.2 PPPoE Encapsulation 4.1.3 PPTP Encapsulation Figure 4-3Menu 11.1 — Remote Node Profile for PPTP Encapsulation Table 4-3Fields in Menu 11.1 (PPTP Encapsulation) 4.2Editing TCP/IP Options (with Ethernet Encapsulation) 4.2.1 Editing TCP/IP Options (with PPTP Encapsulation) Figure 4-5Menu 11.3 — Remote Node Network Layer Options Table 4-5Remote Node Network Layer Options Menu Fields 4.2.2 Editing TCP/IP Options (with PPPoE Encapsulation) 4.3Remote Node Filter Figure 4-6Menu 11.5 — Remote Node Filter (Ethernet Encapsulation) Figure 4-7Menu 11.5 — Remote Node Filter (PPPoE or PPTP Encapsulation) IP Static Route Setup 5.1IP Static Route Setup Table 5-1IP Static Route Menu Fields Page Network Address Translation (NAT) 6.1Introduction 6.1.1 NAT Definitions 6.1.2 What NAT Does 6.1.3 How NAT works 6.1.4 NAT Mapping Types 6.1.5 SUA (Single User Account) Versus NAT 6.1.6 NAT Application 6.2SMT Menus 6.2.1 Applying NAT in the SMT Menus Figure 6-3Menu 4 — Applying NAT for Internet Access Menu 11.3 - Remote Node Network Layer Options Figure 6-4Menu 11.3 — Applying NAT to the Remote Node 6.2.2 Configuring NAT 6.2.3 Address Mapping Sets and NAT Server Sets: Enter 1 to bring up Menu 15.1 — Address Mapping Sets Figure 6-6Menu 15.1 — Address Mapping Sets Figure 6-7Menu 15.1.255 — SUA Address Mapping Rules Table 6-4SUA Address Mapping Rules Select Rule Set Name Figure 6-8Menu 15.1.1 — First Set Ordering Your Rules Table 6-5Fields in Menu Edit Menu 15.1.1.1 - Address Mapping Rule Local Global Start/End IPs 6.3NAT Server Sets 6.3.1 Multiple Servers behind NAT 6.3.2 Configuring a Server behind NAT Figure 6-11Menu 15.2 — NAT Server Setup Table 6-7Services & Port numbers 6.4Examples 6.4.1 Internet Access Only 6.4.2 Example 2: Internet Access with an Inside Server 6.4.3 Example 3: General Case Edit Action One-to-One Start IP Figure 6-17Example 3: Menu Figure 6-18Example 3: Menu Figure 6-19Example 3: Final Menu Figure 6-20Example 3: Menu 6.4.4 Example 4: NAT Unfriendly Application Programs Figure 6-22Example 4: Menu 15.1.1.1 — Address Mapping Rule Figure 6-23Example 4: Menu 15.1.1 — Address Mapping Rules Part III: Advanced Management Page Filter Configuration 7.1About Filtering 7.1.1 The Filter Structure of the ZyWALL Filter Set Execute Filter Rule Figure 7-2Filter Rule Process 7.2Configuring a Filter Set Figure 7-6NetBIOS_WAN Filter Rules Summary Figure 7-7NetBIOS _LAN Filter Rules Summary Figure 7-8TEL_FTP_WEB_WAN Filter Rules Summary 7.2.1 Filter Rules Summary Menu 7.2.2 Configuring a Filter Rule 7.2.3 TCP/IP Filter Rule Table 7-3TCP/IP Filter Rule Menu Fields Page Figure 7-10Executing an IP Filter 7.2.4 Generic Filter Rule Table 7-4Generic Filter Rule Menu Fields 7.3Example Filter Yes Equal Drop Forward Figure 7-13Example Filter — Menu 7.4Filter Types and NAT 7.5Firewall 7.6Applying a Filter and Factory Defaults 7.6.1 LAN traffic 7.6.2 Remote Node Filters Page SNMP Configuration 8.1About SNMP 8.2Configuring SNMP Table 8-1SNMP Configuration Menu Fields System Information & Diagnosis 9.1System Status Figure 9-2Menu 24.1 — System Maintenance — Status Table 9-1System Maintenance — Status Menu Fields 9.2System Information and Console Port Speed 9.2.1 System Information 9.2.2 Console Port Speed 9.3Log and Trace 9.3.1 Viewing Error Log 9.3.2 UNIX Syslog Table 9-3System Maintenance Menu Syslog Parameters Page Page 9.3.3 Call-TriggeringPacket 9.4Diagnostic 9.4.1 WAN DHCP Figure 9-11WAN & LAN DHCP Table 9-4System Maintenance Menu Diagnostic Firmware and Configuration File Maintenance 10.1 Filename conventions 10.1.1 Firmware Development 10.2 Backup Configuration 10.2.1 Example: Backup Configuration Using HyperTerminal 10.2.2 Backup Configuration Using Telnet 10.3 Restore Configuration 10.3.1 Example: Restore Configuration Using HyperTerminal 10.4 Upload Firmware 10.4.1 Uploading the Router Firmware 10.4.2 Example: Xmodem Upload Using HyperTerminal 10.4.3 Uploading Router Configuration File 10.5 TFTP File Transfer 10.5.1 Example: TFTP Command 10.6 FTP File Transfer Figure 10-13Telnet into Menu Figure 10-14Telnet into Menu 24.7.2 — System Maintenance 10.6.1 Using the FTP command from the DOS Prompt Table 10-3Third Party FTP Clients — General Fields System Maintenance & Information 11.1 Command Interpreter Mode 11.2 Call Control Support 11.2.1 Budget Management 11.2.2 Call History 11.3 Time and Date Setting Figure 11-6Menu 24 — System Maintenance Figure 11-7Menu 24.10 System Maintenance — Time and Date Setting How often does the ZyWALL update the time 11.4 Remote Management Setup 11.5 Boot Commands Figure 11-10Boot Module Commands Page Telnet Configuration and Capabilities 12.1 About Telnet Configuration 12.2 Telnet Under NAT 12.3 Telnet Capabilities 12.3.1 Single Administrator 12.4 Telnet Behind the Firewall Part IV: Firewall and Content Filters Page What is a Firewall 13.1 Types of Firewalls 13.1.1 Packet Filtering Firewalls 13.1.2 Application-levelFirewalls 13.1.3 Stateful Inspection Firewalls 13.2 Introduction to ZyXEL’s Firewall 13.3 Denial of Service 13.3.1 Basics 13.3.2 Types of DoS attacks Figure 13-2 Three-WayHandshake SYN Attack Figure 13-3SYN Flood LAND Attack 13.4 Stateful Inspection 13.4.1 Stateful Inspection Process 13.4.2 Stateful Inspection & the ZyWALL 13.4.3 TCP Security 13.4.4 UDP/ICMP Security 13.4.5 Upper Layer Protocols 13.5 Guidelines For Enhancing Security With Your Firewall 13.5.1 Security In General Page Page Introducing the ZyWALL Firewall 14.1 SMT Menus 14.1.1 View Firewall Log 14.1.2 Attack Types ICMP Echo ICMP Vulnerability Table 14-1ICMP Commands That Trigger Alerts Illegal Commands (NetBIOS and SMTP) Table 14-2Legal NetBIOS Commands Traceroute Teardrop SYN Flood Figure 14-4View Firewall Log 14.2 The Big Picture - Filtering, Firewall and NAT 14.3 Packet Filtering Vs Firewall 14.3.1 Packet Filtering: 14.3.2 Firewall Page Introducing the ZyWALL Web Configurator 15.1 Web Configurator Login and Welcome Screens Figure 15-2ZyWALL Web Configurator Welcome Screen 15.2 Enabling the Firewall 15.3 E-mail 15.3.1 What are Alerts 15.3.2 What are Logs Table 15-1 E-mail 15.3.3 SMTP Error Messages 15.3.4 Example E-mailLog 15.4 Attack Alert 15.4.1 Threshold Values: 15.4.2 Half-OpenSessions Figure 15-6Attack Alert Table 15-3Attack Alert Page Page Creating Custom Rules 16.1 Rules Overview 16.2 Rule Logic Overview 16.2.1 Rule Checklist 16.2.2 Security Ramifications 16.2.3 Key Fields For Configuring Rules 16.3 Connection Direction 16.3.1 LAN to WAN Rules 16.3.2 WAN to LAN Rules 16.4 Rule Summary Figure 16-3Firewall Rules Summary — First Screen Table 16-1Firewall Rules Summary — First Screen 16.5 Predefined Services Table 16-2Predefined Services Page 16.5.1 Creating/Editing Firewall Rules Table 16-3Creating/Editing A Firewall Rule 16.5.2 Source and Destination Addresses Table 16-4Adding/Editing Source and Destination Addresses 16.6 Timeout 16.6.1 Factors Influencing Choices for Timeout Values Table 16-5Timeout Menu Page Custom Ports 17.1 Introduction Table 17-1Custom Ports 17.2 Creating/Editing A Custom Port Table 17-2Creating/Editing A Custom Port Logs 18.1 Log Screen Table 18-1Log Screen Example Firewall Rules 19.1 Examples 19.1.1 Example 1: Firewall Rule To Allow Web Service From The Internet Config Firewall Enabled Figure 19-1Activate The Firewall Figure 19-2Example 1: E-mailScreen Rule Summary Available Services list box and click Figure 19-3Example 1: Configuring a Rule Page 19.1.2 Example 2: Small Office With Mail, FTP and Web Servers Figure 19-6Send Alerts When Attacked Single Figure 19-7Configuring A POP Custom Port Rule Summary Source Address Figure 19-8Example 2: Local Network Rule 1 Configuration Figure 19-9Example 2: Local Network Rule Summary Destination Address Figure 19-10Example: Internet to Local Network Rule Summary Services Figure 19-11Custom Port for Syslog Figure 19-12Syslog Rule Configuration Figure 19-13Example 3: Rule Summary Content Filtering 20.1 Categories 20.1.1 Restrict Web Features 20.1.2 Filter List 20.1.3 Days and Times Figure 20-1Categories Screen 20.2 Update List 20.3 Exempting Computers 20.4 Customizing 20.5 Keywords 20.6 Log Records Part V: Troubleshooting, Appendices, Glossary and Index Page Troubleshooting 21.1 Problems Starting Up the ZyWALL 21.2 Problems with the LAN Interface 21.3 Problems with the WAN interface 21.4 Problems with Internet Access 21.5 Problems with the Firewall Page Appendix A PPPoE How PPPoE Works ZyWALL as a PPPoE Client Diagram 2 ZyWALL as a PPPoE Client Appendix B PPTP Diagram 4 PPTP Protocol Overview Control & PPP connections Diagram 5 Example Message Exchange between PC and an ANT Appendix C Hardware Specifications Appendix D Important Safety Instructions Appendix E Firewall CLI Commands Page Page Page Page Page Page Glossary of Terms Page Page Page Page Page Page Page Page Page Page Index