Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications ZyWALL 1000 manual 706

1 780

Download 780 pages, 21.42 Mb

Appendix C Common Services

706
706	ZyWALL USG 1000 User’s Guide

Contents

User’s Guide www.zyxel.com Page About This User's Guide Page Document Conventions Page Safety Warnings Page Contents Overview Page Table of Contents Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Part VIII: Appendices and Index Page Page List of Figures Page Page Page Page Page Page Page Page Page Page Page List of Tables Page Page Page Page Page Page Page Page Page Introducing the ZyWALL 1.1 Overview and Key Default Settings 1.2 Front Panel LEDs 1.3 Management Overview 1.4 Starting and Stopping the ZyWALL Page Features and Applications 2.1 Features 2.2 Packet Flow 2.2.1 Interface to Interface (Through ZyWALL) 2.2.2Interface to Interface (To/From ZyWALL) 2.2.3 Interface to Interface (From VPN Tunnel) 2.2.4Interface to Interface (To VPN Tunnel) 2.3 Applications 2.3.3 User-AwareAccess Control 2.3.4 Multiple WAN Interfaces 2.3.5 Device HA Page Page Web Configurator 3.1 Web Configurator Requirements 3.2 Web Configurator Access Page 3.3 Web Configurator Main Screen 3.3.2 Navigation Panel Page Page 3.3.3 Main Window 3.3.4 Message Bar Page Page Wizard Setup 4.1Wizard Setup Overview 4.2 Installation Setup, One ISP 4.3 Step 1 Internet Access 4.3.1 Ethernet: Auto IP Address Assignment 4.3.2 Ethernet: Static IP Address Assignment Page 4.3.3 Step 2 Internet Access Ethernet 4.3.4 PPPoE: Auto IP Address Assignment 4.3.5 PPPoE: Static IP Address Assignment Page 4.3.6Step 2 Internet Access PPPoE 4.3.7 PPTP: Auto IP Address Assignment Page Page 4.3.8 PPTP: Static IP Address Assignment 4.3.9Step 2 Internet Access PPTP Page 4.4 Device Registration Page 4.5 Installation Setup, Two Internet Service Providers Page 4.6 VPN Setup 4.7 VPN Wizards 4.8 VPN Express Wizard - Remote Gateway Page 4.8.1 VPN Express Wizard - Policy Setting 4.8.2 VPN Express Wizard - Summary 4.8.3VPN Express Wizard - Finish 4.8.4 VPN Advanced Wizard Page 4.8.5 VPN Advanced Wizard - Remote Gateway Page 4.8.6 VPN Advanced Wizard - Phase Page 4.8.7 VPN Advanced Wizard - Phase 4.8.8 VPN Advanced Wizard - Summary 4.8.9 VPN Advanced Wizard - Finish Page Configuration Basics 5.1Granular Configuration 5.2 Terminology in the ZyWALL 5.3 Physical Ports, Interfaces, and Zones 5.3.1 Network Topology Example 5.4 Feature Configuration Overview 5.4.2Interface 5.4.3 Trunks 5.4.4 IPSec VPN 5.4.5 SSL VPN 5.4.6 L2TP VPN 5.4.7 Zones 5.4.8 Device HA 5.4.9 DDNS 5.4.10 Policy Routes 5.4.11 Static Routes 5.4.12 Firewall 5.4.13Application Patrol 5.4.14 Anti-Virus 5.4.15 IDP 5.4.16 ADP 5.4.17 Content Filter 5.4.18 Virtual Server (Port Forwarding) 5.4.19HTTP Redirect 5.5 Objects 5.6 System Management and Maintenance 5.6.2 File Manager 5.6.3 Licensing Registration 5.6.4 Licensing Update 5.6.5 Logs and Reports 5.6.6 Diagnostics Tutorials 6.1 Interfaces and Zones Page 6.1.2 Set up Ethernet Interfaces Page 6.1.3 WAN Trunk 6.1.4Zones Page 6.2 IPSec VPN 6.2.3 Set up the VPN Connection 6.2.4 Set up the Policy Route for the VPN Tunnel 6.2.5 Set up the Zone for the VPN Tunnel 6.3 Device HA Page 6.3.3Set up the Password for Synchronization 6.3.4 Finish Configuring the Master 6.3.5 Set up the Ethernet Interfaces on the Backup 6.3.6 Set up the VRRP Groups on the Backup 6.4 User-AwareAccess Control 6.4.1 Set up User Accounts 6.4.2Set up User Groups 6.4.3 Set up User Authentication Using the RADIUS Server 6.4.4 Set up Web Surfing Policies With Bandwidth Restrictions 6.4.5 Set up MSN Policies 6.4.6Set up LAN-to-DMZPolicies 6.5Trunks 6.6 NAT 1:1 Example 6.6.1 NAT 1:1 Address Objects 6.6.2 NAT 1:1 Virtual Server 6.6.3 NAT 1:1 Policy Route 6.6.4 NAT 1:1 Firewall Rule 6.7 NAT Loopback 6.7.1 NAT Loopback Virtual Server 6.7.2 NAT Loopback Policy Route Page 6.8 Service Control and the Firewall Page Status 7.1 Status Screen Page Page 7.2 VPN Status 7.3 DHCP Table 7.4 Port Statistics 7.5 Current Users Page Registration 8.1 myZyXEL.com Overview 8.2Registration Page 8.3 Service Page Page Update 9.1 Updating Anti-virusSignatures Page 9.2 Updating IDP and Application Patrol Signatures Page 9.3 Updating System Protect Signatures Page Page Page Interface 10.1 Interface Overview 10.1.2 IP Address Assignment Page 10.1.3 Interface Parameters 10.1.4 DHCP Settings 10.1.5 Ping Check Settings 10.2Ethernet Interfaces 10.2.2Interface Summary Screen Page Page 10.2.3 Ethernet Summary Screen 10.2.4 Ethernet Edit Page Page Page Page 10.3 Port Grouping 10.3.2 Port Grouping Screen 10.4 VLAN Interfaces Page 10.4.2VLAN Interfaces Overview 10.4.3VLAN Summary Screen 10.4.4 VLAN Add/Edit Page Page Page 10.5 Bridge Interfaces 10.5.1 Bridge Overview 10.5.2 Bridge Interface Overview 10.5.3 Bridge Summary 10.5.4 Bridge Add/Edit Page Page Page 10.6 PPPoE/PPTP Interfaces 10.6.2 PPPoE/PPTP Interfaces Overview 10.6.3PPPoE/PPTP Interface Summary 10.6.4PPPoE/PPTP Interface Add/Edit Page 10.7 Auxiliary Interface Page 10.8 Virtual Interfaces Page Trunks 11.1 Trunks Overview 11.2 Trunk Scenario Examples 11.3 Load Balancing Introduction 11.4 Load Balancing Algorithms 11.4.2 Weighted Round Robin 11.4.3 Spillover 11.5 Trunk Summary 11.6 Configuring a Trunk Page Page Policy and Static Routes 12.1 Policy Route 12.2 Routing Policy 12.2.1 NAT and SNAT 12.2.2 Port Triggering 12.3IP Routing Policy Setup Page 12.4 Policy Route Edit Page Page 12.5 IP Static Routes 12.6 Static Route Summary 12.7 Edit a Static Route Page Routing Protocols 13.1 Routing Protocols Overview 13.2 RIP Screen 13.3 OSPF Overview 13.3.1 OSPF Areas 13.3.2 OSPF Routers 13.3.3 Virtual Links 13.3.4 OSPF Configuration 13.4OSPF Screens 13.4.2 OSPF Area Add/Edit Page Page Zones 14.1Zones Overview 14.2 Zone Summary 14.3 Zone Add/Edit Page DDNS 15.1 DDNS Overview 15.2 DDNS Screens 15.3 DDNS Summary 15.4 Dynamic DNS Add/Edit Page Page Virtual Servers 16.1 Virtual Server Overview 16.2 Virtual Server Example 16.3 Virtual Server Screens 16.4 Virtual Server Summary Screen Page 16.4.1 Virtual Server Add/Edit Page Page HTTP Redirect 17.1HTTP Redirect Overview 17.2 HTTP Redirect, Firewall and Policy Route 17.3Configuring HTTP Redirect 17.4 HTTP Redirect Edit Page ALG 18.1 ALG Introduction 18.1.3 FTP 18.1.4 H.323 18.1.5 RTP 18.1.6 SIP 18.2 Peer-to-PeerCalls and the ZyWALL 18.3 ALG Screen Page 18.4 WAN to LAN SIP Peer-to-peerCalls Example Page Page Page Page Page Firewall 19.1 Firewall Overview 19.2 Firewall Rules Page 19.3 Firewall Rule Example Applications Page 19.4 Alerts 19.5 Asymmetrical Routes 19.6 Configuring the Firewall Page Page 19.6.1 Edit a Firewall Rule 19.7 Firewall Rule Configuration Example Page Page Page IPSec VPN 20.1IPSec VPN Overview 20.1.1 IPSec SA Overview Page 20.1.2 Additional Topics for IPSec SA Page 20.2 VPN Related Configuration 20.3 VPN Connection Screens 20.3.2 VPN Connection Add/Edit IKE Page Page Page 20.3.3 VPN Connection Add/Edit Manual Key Page Page Page 20.4 VPN Gateway Screens Page Page Page 20.4.2 Additional Topics for IKE SA Page 20.4.3VPN Gateway Summary 20.4.4 VPN Gateway Add/Edit Page Page Page Page 20.5 VPN Concentrator 20.5.1 VPN Concentrator Summary 20.5.2 VPN Concentrator Add/Edit 20.6 SA Monitor Screen Page 20.6.1 Regular Expressions in Searching IPSec SAs by Name or Policy SSL VPN 21.1 SSL Access Policy 21.2 SSL Access Privilege List 21.3 Creating/Editing an SSL Access Policy 21.4 SSL Connection Monitor 21.5 Configuring SSL Global Setting Page 21.6 Establishing an SSL VPN Connection Page SSL User Screens 22.1 Overview 22.2 Remote User Login Page 22.3SSL VPN User Screens 22.4 Bookmark 22.5 Logout Page SSL User Application Screens 23.1 Overview Page SSL User File Sharing Screens 24.1 Overview 24.2Main File Sharing Screen 24.3 Opening a File or Folder 24.3.1 Downloading a File 24.3.2 Saving a File 24.4 Creating a New Folder 24.5 Renaming a File or Folder 24.6 Deleting a File or Folder 24.7 Uploading a File L2TP VPN 25.1L2TP VPN Overview 25.2IPSec Configuration 25.3Policy Route 25.4 L2TP VPN Configuration 25.5 L2TP VPN Session Monitor Page Page L2TP VPN Example 26.1 L2TP VPN Example 26.2Configuring the Default L2TP VPN Gateway Example Page 26.3Configuring the Default L2TP VPN Connection Example 26.4 Configuring the L2TP VPN Settings Example 26.5Configuring the Policy Route for L2TP Example 26.6Configuring L2TP VPN in Windows XP and 26.6.1 Configuring L2TP in Windows XP Page Page Page Page 26.6.2 Configuring L2TP in Windows Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Application Patrol 27.1 Application Patrol Overview 27.2Classification of Applications 27.3Configurable Application Policies 27.4 Bandwidth Management 27.4.1 Connection and Packet Directions 27.4.2 Outbound and Inbound Bandwidth Limits 27.4.3 Bandwidth Management Priority 27.4.4 Maximize Bandwidth Usage 27.4.5 Bandwidth Management Behavior Page 27.5 Application Patrol Bandwidth Management Examples 27.5.1 Setting the Interface’s Bandwidth 27.5.2SIP Any to WAN Bandwidth Management Example 27.5.3 SIP WAN to Any Bandwidth Management Example 27.5.4HTTP Any to WAN Bandwidth Management Example 27.5.5FTP WAN to DMZ Bandwidth Management Example 27.5.6FTP LAN to DMZ Bandwidth Management Example 27.6 Other Applications 27.7 Application Patrol Screens 27.8 Application Patrol General Page 27.9 Application Patrol Applications 27.9.1 Application Patrol Edit Page 27.9.2 Application Patrol Policy Edit Page 27.10 Other Protocol Screen Page 27.10.1 Other Configuration Add/Edit Page 27.11 Application Patrol Statistics 27.11.2 Application Patrol Statistics: Bandwidth Statistics 27.11.3Application Patrol Statistics: Protocol Statistics Page Page Anti-Virus 28.1Anti-VirusOverview 28.2Introduction to the ZyWALL Anti-VirusScanner 28.2.2Notes About the ZyWALL Anti-Virus 28.3Anti-VirusSummary Page 28.3.1 Anti-VirusPolicy Edit Page 28.4 Anti-VirusSetting Page 28.5 Anti-VirusWhite List Add/Edit 28.6 Anti-VirusBlack List Add/Edit 28.7 Signature Searching Page Page Page IDP 29.1Introduction to IDP 29.2 Traffic Directions and Profiles 29.3Configuring IDP General Page 29.4 Configuring IDP Bindings 29.5 Introducing IDP Profiles 29.6 Profile Summary Screen 29.7 Creating New Profiles 29.8Profiles: Packet Inspection Page Page 29.8.2 Policy Types 29.8.3 IDP Service Groups 29.8.4 Profile > Query View Screen Page 29.8.5 Query Example 29.9 Introducing IDP Custom Signatures Page 29.10 Configuring Custom Signatures 29.10.1 Creating or Editing a Custom Signature Page Page Page 29.10.2 Custom Signature Example Page Page 29.10.3 Applying Custom Signatures 29.10.4 Verifying Custom Signatures 29.10.5 Snort Signatures Page ADP 30.1 Introduction to ADP 30.2 Traffic Directions and Profiles 30.3Configuring ADP General 30.4 Configuring Anomaly Profile Bindings 30.5 Introducing ADP Profiles 30.6 Profile Summary Screen 30.7 Creating New Profiles 30.8Profiles: Traffic Anomaly 30.8.1 Port Scanning 30.8.2Flood Detection Page Page 30.8.3 Profile > Traffic Anomaly Screen 30.9 Profiles: Protocol Anomaly 30.9.1 HTTP Inspection and TCP/UDP/ICMP Decoders Page 30.9.2 Protocol Anomaly Configuration Page Page Page Content Filter Screens 31.1Content Filter Overview 31.2 Content Filter General Screen Page 31.3 Content Filter Policy Screen 31.4 Content Filter Profile Screen 31.5 External Web Filtering Service 31.6 Content Filter Categories Screen Page Page Page Page Page Page Page 31.7 Content Filter Customization Screen Page Page 31.8 Keyword Blocking URL Checking 31.9 Content Filter Cache Screen Page Page Content Filter Reports 32.1 Viewing Content Filter Reports Page Page Page Page 32.2 Web Site Submission Page Page Page Page Device HA 33.1 Virtual Router Redundancy Protocol (VRRP) Overview Page 33.2 VRRP Group Overview 33.3Device HA Screens 33.4 VRRP Group Summary Page 33.5 VRRP Group Add/Edit Page 33.6 Synchronization Overview 33.6.2Synchronize Screen Page User/Group 34.1 User Account Overview 34.1.2 Ext-UserAccounts 34.1.3 User Groups 34.1.4Access Users and the ZyWALL 34.1.5 Force User Authentication Policy 34.2User Summary Page 34.3 Group Summary 34.3.1 Group Add/Edit 34.4 Setting Screen Page 34.4.1 Force User Authentication Policy Add/Edit 34.5 Web Configurator for Non-AdminUsers Page Addresses 35.1 Addresses Overview 35.2 Address Screens 35.2.2 Address Add/Edit 35.3 Address Group Screens 35.3.2 Address Group Add/Edit Page Page Services 36.1Services Overview 36.2 Service Summary Screen 36.2.1 Service Add/Edit 36.3 Service Group Summary Screen Page Page Schedules 37.1 Schedule Overview 37.2Schedule Screens 37.2.2 One-TimeSchedule Add/Edit 37.2.3 Recurring Schedule Add/Edit Page AAA Server 38.1 AAA Server Overview 38.2 Directory Service (AD/LDAP) Overview 38.2.2 Distinguished Name (DN) 38.2.3 Configuring Active Directory or LDAP Default Server Settings 38.3 Active Directory or LDAP Group Summary 38.3.1Creating an Active Directory or LDAP Group 38.4 RADIUS Server 38.5 Configuring a Default RADIUS Server 38.6 Configuring a Group of RADIUS Servers Page Page Authentication Objects 39.1 Authentication Objects Overview 39.2 Viewing Authentication Objects 39.3 Creating an Authentication Object 39.3.1 Example: Selecting a VPN Authentication Method Page Certificates 40.1 Certificates Overview 40.2Self-signedCertificates 40.3 Factory Default Certificate 40.4Certificate Configuration Screens Summary 40.5 Verifying a Certificate 40.6My Certificates Screen 40.6.1 My Certificates Add Screen Page Page 40.6.2 My Certificate Edit Screen Page Page 40.6.3 My Certificate Import Screen 40.7 Trusted Certificates Screen 40.8 Trusted Certificates Edit Screen Page Page 40.9 Trusted Certificates Import Screen Page Page ISP Accounts 41.1 ISP Accounts Overview 41.2ISP Account Summary 41.3 ISP Account Edit Page Page SSL Application 42.1 SSL Application Overview 42.2 SSL Application Configuration 42.3 Creating/Editing an SSL Application 42.3.2 Example: Specifying a Web Site for Access 42.3.3 Configuring File Sharing Page Page Page Page System 43.1 System Overview 43.2 Host Name 43.3 Time and Date Page 43.3.1 Pre-definedNTP Time Servers List 43.3.2 Time Server Synchronization 43.4Console Port Speed 43.5 DNS Overview Page Page 43.5.4 Address Record 43.5.5 PTR Record 43.5.6 Adding an Address/PTR Record 43.5.7 Domain Zone Forwarder 43.5.8 Adding a Domain Zone Forwarder 43.5.9 MX Record 43.5.10 Adding a MX Record 43.5.11 DNS Service Control 43.6 Language Screen Service Control 44.1 Service Control Overview 44.2 HTTPS 44.3Configuring WWW Page Page 44.4 Service Control Rules 44.5 HTTPS Example 44.5.1 Internet Explorer Warning Messages 44.5.2 Netscape Navigator Warning Messages 44.5.3 Avoiding Browser Warning Messages 44.5.4 Login Screen 44.5.5 Enrolling and Importing SSL Client Certificates Page Page Page 44.5.6 Using a Certificate When Accessing the ZyWALL Example 44.6 SSH 44.6.2 SSH Implementation on the ZyWALL 44.6.3 Requirements for Using SSH 44.6.4 Configuring SSH 44.7 Secure Telnet Using SSH Examples 44.7.2 Example 2: Linux 44.8Telnet 44.9 Configuring FTP 44.10 SNMP 44.10.1Supported MIBs 44.10.2 SNMP Traps 44.10.3 Configuring SNMP 44.11 Dial-inManagement 44.12 Dial-inMgmt Configuration 44.13 Vantage CNM 44.14 Configuring Vantage CNM Page Page Page File Manager 45.1 Configuration Files and Shell Scripts Overview 45.1.1 Comments in Configuration Files or Shell Scripts 45.1.2Errors in Configuration Files or Shell Scripts 45.1.3 ZyWALL Configuration File Details 45.1.4Configuration File Flow at Restart 45.2 Configuration File Screen Page 45.3 Firmware Package Screen Page 45.4 Shell Script Screen Page Page Logs 46.1View Log Screen Page 46.2 Log Settings Screens 46.3 Log Settings Summary 46.3.1 Log Settings Edit E-mail Page Page 46.3.2 Log Settings Edit syslog Page 46.3.3 Active Log Summary Page Page Reports 47.1 Traffic Screen Page Page 47.2 Session Screen Page 47.3 Anti-VirusReport Screen 47.4 IDP Report Screen Page Page Page Diagnostics 48.1 Diagnostics Page Reboot Page Troubleshooting 50.1 Getting More Troubleshooting Help 50.2 Resetting the ZyWALL Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Windows XP Windows Windows 98 SE/Me Page Page Page Import ZyWALL Certificates into Netscape Navigator Importing the ZyWALL’s Certificate into Internet Explorer Page Page Page Page Page Notice Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page End-UserLicense Agreement for "ZyWALL Page Page Page Page Copyright Certifications ZyXEL Limited Warranty Page Page Page Page Page Page Page Page Index