ZyWALL 2 Series User’s Guide

The ZyWALL supports two simultaneous VPN connections.

X-Auth (Extended Authentication)

X-Auth provides added security for VPN by requiring each VPN client to use a username and password.

Certificates

The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. Certificates provide a way to exchange public keys for use in authentication.

SSH

The ZyWALL uses the SSH (Secure Shell) secure communication protocol to provide secure encrypted communication between two hosts over an unsecured network.

HTTPS

HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol that encrypts and decrypts web sessions. Use HTTPS for secure web configurator access to the ZyWALL.

Firewall

The ZyWALL has a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The ZyWALL firewall supports TCP/UDP inspection, DoS detection and protection, real time alerts, reports and logs.

Brute-Force Password Guessing Protection

The ZyWALL has a special protection mechanism to discourage brute-force password guessing attacks on the ZyWALL’s management interfaces. You can specify a wait-time that must expire before entering a fourth password after three incorrect passwords have been entered. Please see the appendices for details about this feature.

Content Filtering

The ZyWALL can block web features such as ActiveX controls, Java applets and cookies, as well as disable web proxies. The ZyWALL can block specific URLs by using the keyword feature. It also allows the administrator to define time periods and days during which content filtering is enabled.

Packet Filtering

The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.

Getting to Know Your ZyWALL

1-3