User Guide
Page 11
Table of Contents 9.1.1 What You Can Do in this Chapter 238 9.1.2 What You Need to Know 238 9.1.3 What You Need to Do First 243 9.2 Port Role ...243 9.3 Port Configuration ...244 9.4 Ethernet Summary Screen ...245 9.4.1 Ethernet Edit ...247 9.4.2 Proxy ARP ...263 9.4.3 Virtual Interfaces ...264 9.4.4 References ...265 9.4.5 Add/Edit DHCPv6 Request/Release Options 266 9.4.6 Add/Edit DHCP Extended Options 267 9.5 PPP Interfaces ...268 9.5.1 PPP Interface Summary ...269 9.5.2 PPP...
Table of Contents 9.1.1 What You Can Do in this Chapter 238 9.1.2 What You Need to Know 238 9.1.3 What You Need to Do First 243 9.2 Port Role ...243 9.3 Port Configuration ...244 9.4 Ethernet Summary Screen ...245 9.4.1 Ethernet Edit ...247 9.4.2 Proxy ARP ...263 9.4.3 Virtual Interfaces ...264 9.4.4 References ...265 9.4.5 Add/Edit DHCPv6 Request/Release Options 266 9.4.6 Add/Edit DHCP Extended Options 267 9.5 PPP Interfaces ...268 9.5.1 PPP Interface Summary ...269 9.5.2 PPP...
User Guide
Page 34
main window ZyWALL ATP Series User's Guide 34 Router> enable Router# Router# configure terminal Router(config)# Router(config)# service-register _setremind after-10-days after-180-days after you change the default password, the Login screen appears after -30-days every-time never Router(config)# service-register _setremind every-time Router(config)# See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands. 7 Follow the directions in the Update Admin Info screen. navigation panel • C - Chapter 1 Introduction If you select Never and...
main window ZyWALL ATP Series User's Guide 34 Router> enable Router# Router# configure terminal Router(config)# Router(config)# service-register _setremind after-10-days after-180-days after you change the default password, the Login screen appears after -30-days every-time never Router(config)# service-register _setremind every-time Router(config)# See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands. 7 Follow the directions in the Update Admin Info screen. navigation panel • C - Chapter 1 Introduction If you select Never and...
User Guide
Page 53
... [] and ?. The DNS server is the security zone to which this interface and Internet connection will connect with the user name. If it fails again, check with your Internet service provider or administrator for correct IP address, subnet mask and gateway address and other WAN settings. ZyWALL ATP Series User's Guide 53 The Zyxel Device uses these (in order to time out. Leave the field as given. Chapter 2 Initial Setup Wizard • Authentication Type - Otherwise, type the Idle...
... [] and ?. The DNS server is the security zone to which this interface and Internet connection will connect with the user name. If it fails again, check with your Internet service provider or administrator for correct IP address, subnet mask and gateway address and other WAN settings. ZyWALL ATP Series User's Guide 53 The Zyxel Device uses these (in order to time out. Leave the field as given. Chapter 2 Initial Setup Wizard • Authentication Type - Otherwise, type the Idle...
User Guide
Page 55
... configuring to connect with your PPTP user name and password exactly as given. The Zyxel Device uses these (in the previous screen. • First / Second DNS Server: These fields display if you 're using the correct PPPT Service IP, Base IP Address, IP Subnet Mask, Gateway IP Address, Connection ID and Authentication Type. • Make sure that your (static) public IP address. Enter a DNS server's IP address(es). Re-enter your Internet service provider or administrator for VPN...
... configuring to connect with your PPTP user name and password exactly as given. The Zyxel Device uses these (in the previous screen. • First / Second DNS Server: These fields display if you 're using the correct PPPT Service IP, Base IP Address, IP Subnet Mask, Gateway IP Address, Connection ID and Authentication Type. • Make sure that your (static) public IP address. Enter a DNS server's IP address(es). Re-enter your Internet service provider or administrator for VPN...
User Guide
Page 90
... of the computers on the network behind the remote IPSec device that can initiate the VPN connection. • Copy and paste the Configuration for details on the Zyxel Device. See the commands reference guide for Secure Gateway commands into another ZLD-based Zyxel Device's command line interface to configure it to configure the VPN connection. Chapter 4 Quick Setup Wizards Figure 75 VPN Express Wizard: Summary • Rule Name: Identifies the VPN gateway policy. • Secure Gateway: IP address or domain name of this...
... of the computers on the network behind the remote IPSec device that can initiate the VPN connection. • Copy and paste the Configuration for details on the Zyxel Device. See the commands reference guide for Secure Gateway commands into another ZLD-based Zyxel Device's command line interface to configure it to configure the VPN connection. Chapter 4 Quick Setup Wizards Figure 75 VPN Express Wizard: Summary • Rule Name: Identifies the VPN gateway policy. • Secure Gateway: IP address or domain name of this...
User Guide
Page 115
... Zyxel Device with the Zyxel Device. • Select the Band Mode according to the bands that APs or WiFi clients support. Select WPA2, then enter a Pre-Shared Key or select 802.1x and configure the RADIUS server IP address, server port and secret (password). ZyWALL ATP Series User's Guide 115 Enter a unique SSID for this WiFi network (not recommended). Select Dual Band if both 2.4G or 5G are supported. • Use Security Mode...
... Zyxel Device with the Zyxel Device. • Select the Band Mode according to the bands that APs or WiFi clients support. Select WPA2, then enter a Pre-Shared Key or select 802.1x and configure the RADIUS server IP address, server port and secret (password). ZyWALL ATP Series User's Guide 115 Enter a unique SSID for this WiFi network (not recommended). Select Dual Band if both 2.4G or 5G are supported. • Use Security Mode...
User Guide
Page 156
... on -line since the Zyxel Device last started up. N/A displays if the AP has not come on -line. Click Apply to save your changes back to the AP. This button is not available if the selected AP doesn't support suppression mode. Click Refresh to update the APs' firmware version. Chapter 6 Monitor Table 46 Monitor > Wireless > AP Information > AP List (continued) LABEL DESCRIPTION Upgrade Firmware Now...
... on -line since the Zyxel Device last started up. N/A displays if the AP has not come on -line. Click Apply to save your changes back to the AP. This button is not available if the selected AP doesn't support suppression mode. Click Refresh to update the APs' firmware version. Chapter 6 Monitor Table 46 Monitor > Wireless > AP Information > AP List (continued) LABEL DESCRIPTION Upgrade Firmware Now...
User Guide
Page 259
... specify to use the default gateway for the connectivity check. Check Period Check Timeout Check Fail Tolerance Check Default Gateway Check this to the network. Enter the number of consecutive failures before the attempt is still available. Enter that the gateway allows. This field only displays when you specify two domain names or IP addresses for the connectivity check. Select what type of another network. Relay Server 1 Relay Server 2 DHCP Server - the Zyxel Device assigns IP addresses and provides...
... specify to use the default gateway for the connectivity check. Check Period Check Timeout Check Fail Tolerance Check Default Gateway Check this to the network. Enter the number of consecutive failures before the attempt is still available. Enter that the gateway allows. This field only displays when you specify two domain names or IP addresses for the connectivity check. Select what type of another network. Relay Server 1 Relay Server 2 DHCP Server - the Zyxel Device assigns IP addresses and provides...
User Guide
Page 274
... how often the interface checks the connection, how long to wait for this interface from the DHCPv6 server. Check Method Select the method that the Zyxel Device will advertise to create an entry in kilobits per second, the Zyxel Device can receive from the interface's default MAC address. DHCPv6 Request Use this section to configure DHCPv6 request settings that determine what additional Options information to the gateway. Remove Select an...
... how often the interface checks the connection, how long to wait for this interface from the DHCPv6 server. Check Method Select the method that the Zyxel Device will advertise to create an entry in kilobits per second, the Zyxel Device can receive from the interface's default MAC address. DHCPv6 Request Use this section to configure DHCPv6 request settings that determine what additional Options information to the gateway. Remove Select an...
User Guide
Page 301
...DHCP Relay - The Zyxel Device resumes routing to pass only if both domain names or IP addresses respond. Chapter 9 Interfaces Table 114 Configuration > Network > Interface > VLAN > Add / Edit (continued) LABEL DESCRIPTION Connectivity Check Enable Connectivity Check Check Method The Zyxel Device can assign every IP address allowed by the interface's IP address and subnet mask, except for the connectivity check. Enter that the gateway allows. The DHCP server(s) may be blank. Enter the IP address of seconds between connection check attempts. ZyWALL ATP Series User's Guide...
...DHCP Relay - The Zyxel Device resumes routing to pass only if both domain names or IP addresses respond. Chapter 9 Interfaces Table 114 Configuration > Network > Interface > VLAN > Add / Edit (continued) LABEL DESCRIPTION Connectivity Check Enable Connectivity Check Check Method The Zyxel Device can assign every IP address allowed by the interface's IP address and subnet mask, except for the connectivity check. Enter that the gateway allows. The DHCP server(s) may be blank. Enter the IP address of seconds between connection check attempts. ZyWALL ATP Series User's Guide...
User Guide
Page 373
... Port Internal Start Port Internal End Port Enable NAT Loopback Service-Group - This field is available if Mapping Type is Port. This field is available if Mapping Type is Port. Click OK to save your NAT rule settings, click the Security Policy link to configure a security policy to allow users connected to any changes (if it sends from external addresses. This field is available if Mapping Type is Ports. Chapter 12 NAT Table 147 Configuration > Network > NAT > Add (continued) LABEL DESCRIPTION Port Mapping Type Use...
... Port Internal Start Port Internal End Port Enable NAT Loopback Service-Group - This field is available if Mapping Type is Port. This field is available if Mapping Type is Port. Click OK to save your NAT rule settings, click the Security Policy link to configure a security policy to allow users connected to any changes (if it sends from external addresses. This field is available if Mapping Type is Ports. Chapter 12 NAT Table 147 Configuration > Network > NAT > Add (continued) LABEL DESCRIPTION Port Mapping Type Use...
User Guide
Page 419
... keys are derived. IPSec VPN Internet Protocol Security (IPSec) VPN connects IPSec routers or remote users using either pre- Figure 302 IPSec VPN Example Internet Key Exchange (IKE): IKEv1 and IKEv2 The Zyxel Device supports IKEv1 and IKEv2 for secure data communications across a public network. A security policy for communication. Phase 1's purpose is a protocol used to -site lines. ZyWALL ATP Series User's Guide 419 A secure VPN is used in one secure network. The Zyxel Device can be manually created. The authentication can also combine multiple IPSec VPN...
... keys are derived. IPSec VPN Internet Protocol Security (IPSec) VPN connects IPSec routers or remote users using either pre- Figure 302 IPSec VPN Example Internet Key Exchange (IKE): IKEv1 and IKEv2 The Zyxel Device supports IKEv1 and IKEv2 for secure data communications across a public network. A security policy for communication. Phase 1's purpose is a protocol used to -site lines. ZyWALL ATP Series User's Guide 419 A secure VPN is used in one secure network. The Zyxel Device can be manually created. The authentication can also combine multiple IPSec VPN...
User Guide
Page 421
... securely connect to manage the Zyxel Device's VPN gateways. This is usually established in remote users' Android, iOS, or Windows operating systems for more on page 424) to securely establish an IPSec SA through which devices behind the Zyxel Device. The first phase establishes an Internet Key Exchange (IKE) SA between computers on page 426) to the Zyxel Device's network. ZyWALL ATP Series User's Guide 421 Chapter 19 IPSec VPN L2TP VPN L2TP VPN uses the L2TP and IPSec client software...
... securely connect to manage the Zyxel Device's VPN gateways. This is usually established in remote users' Android, iOS, or Windows operating systems for more on page 424) to securely establish an IPSec SA through which devices behind the Zyxel Device. The first phase establishes an Internet Key Exchange (IKE) SA between computers on page 426) to the Zyxel Device's network. ZyWALL ATP Series User's Guide 421 Chapter 19 IPSec VPN L2TP VPN L2TP VPN uses the L2TP and IPSec client software...
User Guide
Page 431
... use the same DH key group. Both routers must both have the Zyxel Device regularly perform a TCP handshake with the AES encryption algorithm The Zyxel Device and the remote IPSec router must use a 1024-bit random number DH5 - Related Settings Zone Connectivity Check Enable Connectivity Check Check Method PFS is ignored in the IPSec SA. Select icmp to have at least one proposal that uses use a 2048 bit random number PFS changes the root key that uses...
... use the same DH key group. Both routers must both have the Zyxel Device regularly perform a TCP handshake with the AES encryption algorithm The Zyxel Device and the remote IPSec router must use a 1024-bit random number DH5 - Related Settings Zone Connectivity Check Enable Connectivity Check Check Method PFS is ignored in the IPSec SA. Select icmp to have at least one proposal that uses use a 2048 bit random number PFS changes the root key that uses...
User Guide
Page 647
... to add, edit, and remove user groups. User groups may consist of a user logged into the Zyxel Device. User accounts are the types of User Accounts TYPE ABILITIES Admin Users admin limited-admin Change Zyxel Device configuration (web, CLI) Look at Zyxel Device configuration (web, CLI) Access Users user Perform basic diagnostics (CLI) Access network services guest ext-user Browse user-mode commands (CLI) Access network services External user account LOGIN METHOD(S) WWW, TELNET, SSH, FTP, Console WWW, TELNET, SSH, Console WWW, TELNET, SSH WWW WWW ZyWALL ATP Series User's Guide...
... to add, edit, and remove user groups. User groups may consist of a user logged into the Zyxel Device. User accounts are the types of User Accounts TYPE ABILITIES Admin Users admin limited-admin Change Zyxel Device configuration (web, CLI) Look at Zyxel Device configuration (web, CLI) Access Users user Perform basic diagnostics (CLI) Access network services guest ext-user Browse user-mode commands (CLI) Access network services External user account LOGIN METHOD(S) WWW, TELNET, SSH, FTP, Console WWW, TELNET, SSH, Console WWW, TELNET, SSH WWW WWW ZyWALL ATP Series User's Guide...
User Guide
Page 672
... surfing the Internet. This is forwarded to use the same SSID and security settings. You should set the threshold number of the connected wireless clients at which the Zyxel Device disables the band select feature. For example, an SSID that will be used for activities like placing and receiving VoIP phone calls. Select this feature to the Zyxel Device first. VLAN Interface If you can enable this option and set 2.4GHz and...
... surfing the Internet. This is forwarded to use the same SSID and security settings. You should set the threshold number of the connected wireless clients at which the Zyxel Device disables the band select feature. For example, an SSID that will be used for activities like placing and receiving VoIP phone calls. Select this feature to the Zyxel Device first. VLAN Interface If you can enable this option and set 2.4GHz and...
User Guide
Page 767
....org When the Zyxel Device uses the pre-defined list of Network Time Protocol (NTP) time servers. Click Reset to return the screen to the Zyxel Device. Figure 514 Synchronization in the View Log screen. The Zyxel Device continues to 5.5 (by 0.5 increments). ZyWALL ATP Series User's Guide 767 Chapter 37 System Table 320 Configuration > System > Date and Time (continued) LABEL DESCRIPTION Offset Specify how much the clock changes when daylight saving begins and...
....org When the Zyxel Device uses the pre-defined list of Network Time Protocol (NTP) time servers. Click Reset to return the screen to the Zyxel Device. Figure 514 Synchronization in the View Log screen. The Zyxel Device continues to 5.5 (by 0.5 increments). ZyWALL ATP Series User's Guide 767 Chapter 37 System Table 320 Configuration > System > Date and Time (continued) LABEL DESCRIPTION Offset Specify how much the clock changes when daylight saving begins and...
User Guide
Page 798
... manage the Zyxel Device. Server Port You may change your Zyxel Device's Secure Shell settings. The SSH server is established between the client and the server. If you must use that service for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that matches the IP address(es) in this service. Chapter 37 System 3 Authentication and Data Transmission After the identification is verified and data encryption activated, a secure tunnel...
... manage the Zyxel Device. Server Port You may change your Zyxel Device's Secure Shell settings. The SSH server is established between the client and the server. If you must use that service for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that matches the IP address(es) in this service. Chapter 37 System 3 Authentication and Data Transmission After the identification is verified and data encryption activated, a secure tunnel...
User Guide
Page 825
... alerts. Click Apply to save your changes back to the specific destinations. Use the Log Category Settings screen to discard all report data and start all of information include System Resource Usage, Wireless Report, Security Service, Interface Traffic Statistics and DHCP Table. Click this to edit what information the Zyxel Device saves in each log. Select the information to have the Zyxel Device store system logs on specified syslog servers. Click this button...
... alerts. Click Apply to save your changes back to the specific destinations. Use the Log Category Settings screen to discard all report data and start all of information include System Resource Usage, Wireless Report, Security Service, Interface Traffic Statistics and DHCP Table. Click this to edit what information the Zyxel Device saves in each log. Select the information to have the Zyxel Device store system logs on specified syslog servers. Click this button...
User Guide
Page 879
... Ethernet jack with Internet access. Use the same case as the Zyxel Device's. • In the computer, click Start, (All) Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ping" followed by your computer to the CONSOLE port using a console cable. It returns the Zyxel Device to the factory defaults (password is working properly. • Check the WAN interface's status in the same subnet as provided by the Zyxel Device's LAN IP address (192.168.1.1 is installed...
... Ethernet jack with Internet access. Use the same case as the Zyxel Device's. • In the computer, click Start, (All) Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ping" followed by your computer to the CONSOLE port using a console cable. It returns the Zyxel Device to the factory defaults (password is working properly. • Check the WAN interface's status in the same subnet as provided by the Zyxel Device's LAN IP address (192.168.1.1 is installed...