User Guide
Page 3
.../IP networking concepts, topology, and the devices you ! Intended Audience This manual is designed to help for more information about the device, its features, and its configuration. • ZyXEL Web Site Please refer to : techwriters@zyxel.com.tw Thank you want to configure the Vantage CNM. • Device User's Guide The User's Guide for each device type and firmware version. Vantage CNM User's Guide 3 Documentation Feedback Send your software. • Web Configurator Online Help Embedded web help you use one of the most comprehensive examples...
.../IP networking concepts, topology, and the devices you ! Intended Audience This manual is designed to help for more information about the device, its features, and its configuration. • ZyXEL Web Site Please refer to : techwriters@zyxel.com.tw Thank you want to configure the Vantage CNM. • Device User's Guide The User's Guide for each device type and firmware version. Vantage CNM User's Guide 3 Documentation Feedback Send your software. • Web Configurator Online Help Embedded web help you use one of the most comprehensive examples...
User Guide
Page 13
... 14.3 Setting Screen ...362 14.3.1 Default User Authentication Timeout Settings Edit Screens 366 14.3.2 Force User Authentication Policy Add/Edit Screen 368 14.4 Address Summary Screen 369 14.4.1 Address Add/Edit Screen 370 14.4.2 Address Group Summary Screen 371 14.4.3 Address Group Add/Edit Screen 373 14.5 The Service Summary Screen 374 14.5.1 The Service Add/Edit Screen 375 14.6 The Service Group Summary Screen 376 New Template User's Guide 13
... 14.3 Setting Screen ...362 14.3.1 Default User Authentication Timeout Settings Edit Screens 366 14.3.2 Force User Authentication Policy Add/Edit Screen 368 14.4 Address Summary Screen 369 14.4.1 Address Add/Edit Screen 370 14.4.2 Address Group Summary Screen 371 14.4.3 Address Group Add/Edit Screen 373 14.5 The Service Summary Screen 374 14.5.1 The Service Add/Edit Screen 375 14.6 The Service Group Summary Screen 376 New Template User's Guide 13
User Guide
Page 39
...Traffic Report Alert Report Monitor Setting Device HA Status Firmware Upgrade Report Configuration Report Configuration File Backup & Restore Report Signature Profile Backup & Restore Report CNM Logs VRPT Device Alarm Unresolved Alarm Responded Alarm CNM SYSTEM SETTING Configuration ACCOUNT MANAGEMENT Group Servers User Access Notification Log Setting VRPT Management Certificate Management Account Maintenance Device Owner Upgrade License About The following table describes the links in the navigation panel. Vantage CNM User's Guide 39 Table 10 Navigation Panel Links LINK...
...Traffic Report Alert Report Monitor Setting Device HA Status Firmware Upgrade Report Configuration Report Configuration File Backup & Restore Report Signature Profile Backup & Restore Report CNM Logs VRPT Device Alarm Unresolved Alarm Responded Alarm CNM SYSTEM SETTING Configuration ACCOUNT MANAGEMENT Group Servers User Access Notification Log Setting VRPT Management Certificate Management Account Maintenance Device Owner Upgrade License About The following table describes the links in the navigation panel. Vantage CNM User's Guide 39 Table 10 Navigation Panel Links LINK...
User Guide
Page 73
...-up connection using PPPoE. Authentication Use the drop-down list box to you do not need PPPoE software installed, since the router does that part of the broadband modem at the customer site. Your Vantage CNM accepts CHAP only. If No, the route to make sure that elapses before the router automatically disconnects from ISP If your WAN IP address in this field if you a fixed IP address. Idle Timeout This value...
...-up connection using PPPoE. Authentication Use the drop-down list box to you do not need PPPoE software installed, since the router does that part of the broadband modem at the customer site. Your Vantage CNM accepts CHAP only. If No, the route to make sure that elapses before the router automatically disconnects from ISP If your WAN IP address in this field if you a fixed IP address. Idle Timeout This value...
User Guide
Page 76
... 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) - Unless you by your ISP. CHAP - Your Vantage CNM accepts PAP only. ZyNOS ZyWALL (one PPTP server connection at any given time. Idle Timeout This value specifies the time in seconds that enables secure transfer of the PPTP server. Select Get automatically from ISP If your password again to you are : CHAP/PAP - To configure a PPTP client, you selected Use Fixed IP Address. 76 Vantage CNM User's Guide Password Type the password associated...
... 20 Device Operation > Device Configuration > Network > WAN > ISP (PPTP) - Unless you by your ISP. CHAP - Your Vantage CNM accepts PAP only. ZyNOS ZyWALL (one PPTP server connection at any given time. Idle Timeout This value specifies the time in seconds that enables secure transfer of the PPTP server. Select Get automatically from ISP If your password again to you are : CHAP/PAP - To configure a PPTP client, you selected Use Fixed IP Address. 76 Vantage CNM User's Guide Password Type the password associated...
User Guide
Page 85
... the PPTP parameters for a PPTP connection. Vantage CNM User's Guide 85 Password Type the password associated with two WAN ports) LABEL DESCRIPTION WAN: ISP Encapsulation Point-to confirm Password Type your identification name for outgoing calls. Retype to -Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of the PPTP server. My IP Address Type the (static) IP address assigned to select an authentication protocol for the PPTP server. Name Authentication Type Use the drop-down list box to you have entered is the default...
... the PPTP parameters for a PPTP connection. Vantage CNM User's Guide 85 Password Type the password associated with two WAN ports) LABEL DESCRIPTION WAN: ISP Encapsulation Point-to confirm Password Type your identification name for outgoing calls. Retype to -Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of the PPTP server. My IP Address Type the (static) IP address assigned to select an authentication protocol for the PPTP server. Name Authentication Type Use the drop-down list box to you have entered is the default...
User Guide
Page 93
... your ISP disabled PIN code authentication, enter an arbitrary number. User Name Password Retype to eight digits, 0000 for authentication. Select this option if the ISP assigned a fixed IP address. This is correctly. Vantage CNM User's Guide 93 The selected device accepts CHAP only. Without the PIN code, you cannot use the 3G card. Phone Number This field is available only when you do not want the connection to access the Internet. By default, *99...
... your ISP disabled PIN code authentication, enter an arbitrary number. User Name Password Retype to eight digits, 0000 for authentication. Select this option if the ISP assigned a fixed IP address. This is correctly. Vantage CNM User's Guide 93 The selected device accepts CHAP only. Without the PIN code, you cannot use the 3G card. Phone Number This field is available only when you do not want the connection to access the Internet. By default, *99...
User Guide
Page 97
..., set this remote node. Allocated Budget Period Idle Timeout Apply Reset Select Configure Budget to your dial backup setup. The dial backup connection never times out if you select. The device accept PAP only. Vantage CNM User's Guide 97 Type the time period (in the Period field. Type the number of seconds of your WAN device connected to have the dial backup connection on during the time configured in hours) for specific AT commands. Consult the manual of idle time...
..., set this remote node. Allocated Budget Period Idle Timeout Apply Reset Select Configure Budget to your dial backup setup. The dial backup connection never times out if you select. The device accept PAP only. Vantage CNM User's Guide 97 Type the time period (in the Period field. Type the number of seconds of your WAN device connected to have the dial backup connection on during the time configured in hours) for specific AT commands. Consult the manual of idle time...
User Guide
Page 110
... controls the format and the broadcasting method of an Internet protocol address used to the RIP multicast address and so will use multicasting, also. Some areas require dialing the pound sign # before the phone number for this option the device will not receive the RIP packets. AT Command Initial String Type the AT command string to your WAN device connected to initialize the WAN device. TCP/IP Options Enable SUA Network Address Translation (NAT) allows...
... controls the format and the broadcasting method of an Internet protocol address used to the RIP multicast address and so will use multicasting, also. Some areas require dialing the pound sign # before the phone number for this option the device will not receive the RIP packets. AT Command Initial String Type the AT command string to your WAN device connected to initialize the WAN device. TCP/IP Options Enable SUA Network Address Translation (NAT) allows...
User Guide
Page 125
... use a service (like Telnet or HTTP) through a VPN tunnel. The device applies the firewall to the sender. Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination-unreachable message to the traffic before encrypting it . Vantage CNM User's Guide 125 For example, From VPN To LAN specifies the VPN traffic that direction and do not apply to other VPN traffic for the WAN port...
... use a service (like Telnet or HTTP) through a VPN tunnel. The device applies the firewall to the sender. Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination-unreachable message to the traffic before encrypting it . Vantage CNM User's Guide 125 For example, From VPN To LAN specifies the VPN traffic that direction and do not apply to other VPN traffic for the WAN port...
User Guide
Page 135
Click the number to go to open the Vantage CNM User's Guide 135 This field displays the IP port number(s) or ICMP type and code that are predefined in this button to bring up the screen that you use in firewall rules or view the services that defines the service. Service Name This is the name of services. Attribute Add Delete If you selected Custom, this screen to open the screen...
Click the number to go to open the Vantage CNM User's Guide 135 This field displays the IP port number(s) or ICMP type and code that are predefined in this button to bring up the screen that you use in firewall rules or view the services that defines the service. Service Name This is the name of services. Attribute Add Delete If you selected Custom, this screen to open the screen...
User Guide
Page 141
... the VPN tunnel. Vantage CNM User's Guide 141 Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Property NAT Traversal Select this screen. You can use NAT traversal with ESP protocol using traffic redirect. This field is enabled if My ZyWALL Address Type is a static IP address. See the chapter on dial backup and traffic redirect. Chapter 6 Device Security Settings The following applies if this VPN gateway policy. In order for details on WAN...
... the VPN tunnel. Vantage CNM User's Guide 141 Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Property NAT Traversal Select this screen. You can use NAT traversal with ESP protocol using traffic redirect. This field is enabled if My ZyWALL Address Type is a static IP address. See the chapter on dial backup and traffic redirect. Chapter 6 Device Security Settings The following applies if this VPN gateway policy. In order for details on WAN...
User Guide
Page 152
... IP ports are hash algorithms used for maximum security. Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION Starting IP Address When the Address Type field is configured to Single Address, enter a (static) IP address on the network behind the remote IPSec router. Some of computers on the network behind the remote IPSec router. no encryption key or algorithm Authentication Algorithm SA Life Time (Seconds) The selected device and the remote IPSec router...
... IP ports are hash algorithms used for maximum security. Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION Starting IP Address When the Address Type field is configured to Single Address, enter a (static) IP address on the network behind the remote IPSec router. Some of computers on the network behind the remote IPSec router. no encryption key or algorithm Authentication Algorithm SA Life Time (Seconds) The selected device and the remote IPSec router...
User Guide
Page 233
... not allowed. My Domain Names Vantage CNM User's Guide 233 Table 92 Device Operation > Device Configuration > Advanced > DNS > DDNS LABEL DESCRIPTION Account Setup Active Select this check box to 31 alphanumeric characters (and the underscore). Figure 99 Device Operation > Device Configuration > Advanced > DNS > DDNS The following table describes the labels in this screen, click a device, click Device Operation in the menu bar and then click Device Configuration > Advanced > DNS > DDNS. Password...
... not allowed. My Domain Names Vantage CNM User's Guide 233 Table 92 Device Operation > Device Configuration > Advanced > DNS > DDNS LABEL DESCRIPTION Account Setup Active Select this check box to 31 alphanumeric characters (and the underscore). Figure 99 Device Operation > Device Configuration > Advanced > DNS > DDNS The following table describes the labels in this screen, click a device, click Device Operation in the menu bar and then click Device Configuration > Advanced > DNS > DDNS. Password...
User Guide
Page 234
... server. Select Use User-Defined and enter the IP address if you are registered for updating the IP address of the WAN port specified in the WAN Interface field does not have the Dynamic DNS service. DDNS does not function when the device uses traffic redirect. 234 Vantage CNM User's Guide Offline This option is available when Custom is the number of the NAT router that has a public IP address. Chapter 7 Device Advanced Settings Table 92 Device Operation > Device Configuration > Advanced > DNS...
... server. Select Use User-Defined and enter the IP address if you are registered for updating the IP address of the WAN port specified in the WAN Interface field does not have the Dynamic DNS service. DDNS does not function when the device uses traffic redirect. 234 Vantage CNM User's Guide Offline This option is available when Custom is the number of the NAT router that has a public IP address. Chapter 7 Device Advanced Settings Table 92 Device Operation > Device Configuration > Advanced > DNS...
User Guide
Page 253
... a DHCP server on another network. Enter the number of DHCP service the ZyWALL provides to the gateway the first time the gateway passes the connectivity check. Select this to make sure it . Select what type of seconds to use the default authentication method in the field next to turn on the connection check. Vantage CNM User's Guide 253 To exchange OSPF routing information with the gateway you specify to make sure it is the DHCP server for the connectivity check...
... a DHCP server on another network. Enter the number of DHCP service the ZyWALL provides to the gateway the first time the gateway passes the connectivity check. Select this to make sure it . Select what type of seconds to use the default authentication method in the field next to turn on the connection check. Vantage CNM User's Guide 253 To exchange OSPF routing information with the gateway you specify to make sure it is the DHCP server for the connectivity check...
User Guide
Page 262
... network. This key must be the same on the network. Type the maximum size of DHCP service the ZyWALL provides to one or more DHCP servers you use any DHCP services. IP Address Assignment IP Address Enter the IP address for this interface. Usually, this value is a DHCP Relay. 262 Vantage CNM User's Guide the ZyWALL routes DHCP requests to the wireless network. These fields appear if the ZyWALL is 1500. Select the check box to enable wireless user authentication through the interface...
... network. This key must be the same on the network. Type the maximum size of DHCP service the ZyWALL provides to one or more DHCP servers you use any DHCP services. IP Address Assignment IP Address Enter the IP address for this interface. Usually, this value is a DHCP Relay. 262 Vantage CNM User's Guide the ZyWALL routes DHCP requests to the wireless network. These fields appear if the ZyWALL is 1500. Select the check box to enable wireless user authentication through the interface...
User Guide
Page 269
... key out to all stations in WPA-PSK mode. 9.2.5 WLAN Interface MAC Filter The MAC filter allows you set the Authentication Type field to the wired network is not sent over the network. Vantage CNM User's Guide 269 Radius Server IP Enter the IP address of inactivity. The wireless station needs to enter the user name and password again before access to Auth Server. Radius Server Port Enter the RADIUS server's listening port number (the default is also supported in a WLAN on the external authentication server...
... key out to all stations in WPA-PSK mode. 9.2.5 WLAN Interface MAC Filter The MAC filter allows you set the Authentication Type field to the wired network is not sent over the network. Vantage CNM User's Guide 269 Radius Server IP Enter the IP address of inactivity. The wireless station needs to enter the user name and password again before access to Auth Server. Radius Server Port Enter the RADIUS server's listening port number (the default is also supported in a WLAN on the external authentication server...
User Guide
Page 371
... available if the Address Type is HOST. Enter the IP address of IP address that this address object represents. Use dotted decimal format. To access this address object represents. Enter the end of the range of the network that this screen, click Device Operation > Device Configuration > Object > Vantage CNM User's Guide 371 This value is RANGE. For example, if you change . IP Address Starting IP Address Ending IP Address Network Netmask Interface Apply Cancel Note: The ZyWALL automatically updates address objects that...
... available if the Address Type is HOST. Enter the IP address of IP address that this address object represents. Use dotted decimal format. To access this address object represents. Enter the end of the range of the network that this screen, click Device Operation > Device Configuration > Object > Vantage CNM User's Guide 371 This value is RANGE. For example, if you change . IP Address Starting IP Address Ending IP Address Network Netmask Interface Apply Cancel Note: The ZyWALL automatically updates address objects that...
User Guide
Page 701
... time 267, 269 registration product 696 related documentation 3 Relative Distinguished Name (RDN) 386, 389 Remote Access 479 remove a group folder 31 replay detection 329 report window 26 restoring (CNM configuration) 581 RFC 1058 (RIP) 308 1389 (RIP) 308 2402 (AH) 327 2406 (ESP) 327 RIP 308 Vantage CNM User's Guide Index and OSPF 308 and static routes 308 authentication 308 redistribute 308 rom files. see also SSL VPN 347...
... time 267, 269 registration product 696 related documentation 3 Relative Distinguished Name (RDN) 386, 389 Remote Access 479 remove a group folder 31 replay detection 329 report window 26 restoring (CNM configuration) 581 RFC 1058 (RIP) 308 1389 (RIP) 308 2402 (AH) 327 2406 (ESP) 327 RIP 308 Vantage CNM User's Guide Index and OSPF 308 and static routes 308 authentication 308 redistribute 308 rom files. see also SSL VPN 347...