User Guide
Page 24
...Port Speed ...636 43.6 DNS Overview ...636 43.6.1 DNS Server Address Assignment 637 43.6.2 Configuring the DNS Screen 637 43.6.3 Address Record ...640 43.6.4 PTR Record ...640 43.6.5 Adding an Address/PTR Record 640 43.6.6 Domain Zone Forwarder 641 43.6.7 Adding a Domain Zone Forwarder...43.7.7 HTTPS Example ...654 43.8 SSH ...661 43.8.1 How SSH Works ...662 43.8.2 SSH Implementation on the ZyWALL 663 43.8.3 Requirements for Using SSH 663 43.8.4 Configuring SSH ...663 43.8.5 Secure Telnet Using SSH Examples 665... 44.1.1 What You Can Do In this Chapter 679 24 ZyWALL USG 20/20W User's Guide
...Port Speed ...636 43.6 DNS Overview ...636 43.6.1 DNS Server Address Assignment 637 43.6.2 Configuring the DNS Screen 637 43.6.3 Address Record ...640 43.6.4 PTR Record ...640 43.6.5 Adding an Address/PTR Record 640 43.6.6 Domain Zone Forwarder 641 43.6.7 Adding a Domain Zone Forwarder...43.7.7 HTTPS Example ...654 43.8 SSH ...661 43.8.1 How SSH Works ...662 43.8.2 SSH Implementation on the ZyWALL 663 43.8.3 Requirements for Using SSH 663 43.8.4 Configuring SSH ...663 43.8.5 Secure Telnet Using SSH Examples 665... 44.1.1 What You Can Do In this Chapter 679 24 ZyWALL USG 20/20W User's Guide
User Guide
Page 29
... ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. Flexible configuration helps you set up multiple networks for your ZyWALL to be part of dual WAN Gigabit Ethernet ports and load balancing. You can set up the...the reliability of the LAN1, WLAN, or DMZ. The ZyWALL also provides two separate LAN networks. Alternatively, you set ports to a wall. ZyWALL USG 20/20W User's Guide 29 See Chapter 2 on page 37 for reliable, secure service. The ZyWALL's security features include VPN, firewall, content filtering, ADP...
... ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. Flexible configuration helps you set up multiple networks for your ZyWALL to be part of dual WAN Gigabit Ethernet ports and load balancing. You can set up the...the reliability of the LAN1, WLAN, or DMZ. The ZyWALL also provides two separate LAN networks. Alternatively, you set ports to a wall. ZyWALL USG 20/20W User's Guide 29 See Chapter 2 on page 37 for reliable, secure service. The ZyWALL's security features include VPN, firewall, content filtering, ADP...
User Guide
Page 37
...Many security settings are made by zone, not by interface, port, or network. ZyWALL USG 20/20W User's Guide 37 High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more of the ZyWALL. As a result, it is much simpler to set ...to zones. The rest of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewallcontent filtering, ADP (Anomaly Detection and Protection), and certificates. The ZyWALL also offers hub-and-spoke IPSec VPN. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and ...
...Many security settings are made by zone, not by interface, port, or network. ZyWALL USG 20/20W User's Guide 37 High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more of the ZyWALL. As a result, it is much simpler to set ...to zones. The rest of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewallcontent filtering, ADP (Anomaly Detection and Protection), and certificates. The ZyWALL also offers hub-and-spoke IPSec VPN. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and ...
User Guide
Page 49
... ZyWALL's SSL VPN settings that apply to set the ZyWALL's flexible ports as LAN1 or DMZ. ZyWALL USG 20/20W User's Guide 49 PPP Create and manage PPPoE and PPTP interfaces. Bridge Create and manage bridges and virtual bridge interfaces. HTTP Redirect Set up and manage port forwarding ...rules. ALG Configure SIP, H.323, and FTP pass-through settings. Auth. Firewall Firewall Create and manage level-3 traffic rules. VPN Gateway Configure IKE tunnels. WLAN (For USG 20W only) Configure settings for an installed ...
... ZyWALL's SSL VPN settings that apply to set the ZyWALL's flexible ports as LAN1 or DMZ. ZyWALL USG 20/20W User's Guide 49 PPP Create and manage PPPoE and PPTP interfaces. Bridge Create and manage bridges and virtual bridge interfaces. HTTP Redirect Set up and manage port forwarding ...rules. ALG Configure SIP, H.323, and FTP pass-through settings. Auth. Firewall Firewall Create and manage level-3 traffic rules. VPN Gateway Configure IKE tunnels. WLAN (For USG 20W only) Configure settings for an installed ...
User Guide
Page 99
.... 2 Name the entry. 3 Select the WAN interface that are readily available the next time one of the web pages that page. ZyWALL USG 20/20W User's Guide 99 This can speed up web browsing because the proxy server keeps copies of your LAN to go to a HTTP proxy server... incoming HTTP requests (lan1). The ZyWALL does not check to-ZyWALL firewall rules for the original IP address. 6 In Mapping Type, select Port. 7 Enter 21 in both the Original and the Mapped Port fields. 6.5.10 HTTP Redirect Configure this feature to have the ZyWALL transparently forward HTTP (web) traffic to come ...
.... 2 Name the entry. 3 Select the WAN interface that are readily available the next time one of the web pages that page. ZyWALL USG 20/20W User's Guide 99 This can speed up web browsing because the proxy server keeps copies of your LAN to go to a HTTP proxy server... incoming HTTP requests (lan1). The ZyWALL does not check to-ZyWALL firewall rules for the original IP address. 6 In Mapping Type, select Port. 7 Enter 21 in both the Original and the Mapped Port fields. 6.5.10 HTTP Redirect Configure this feature to have the ZyWALL transparently forward HTTP (web) traffic to come ...
User Guide
Page 100
...specify additional signaling port numbers. To-ZyWALL firewall rules control access to the ZyWALL. You can access the network. Each of traffic between or within zones. Policy Use authentication policies to control who can receive calls. 100 ZyWALL USG 20/20W User's Guide ...MENU ITEM(S) Configuration > Firewall Zones, schedules, users, user groups, addresses (source, PREREQUISITES destination), address groups (source, destination), services, service groups Example: Suppose you forward to the proxy server. 6.5.11 ALG The ZyWALL's Application ...
...specify additional signaling port numbers. To-ZyWALL firewall rules control access to the ZyWALL. You can access the network. Each of traffic between or within zones. Policy Use authentication policies to control who can receive calls. 100 ZyWALL USG 20/20W User's Guide ...MENU ITEM(S) Configuration > Firewall Zones, schedules, users, user groups, addresses (source, PREREQUISITES destination), address groups (source, destination), services, service groups Example: Suppose you forward to the proxy server. 6.5.11 ALG The ZyWALL's Application ...
User Guide
Page 133
... a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the ZyWALL's 10.0.0.8 WAN IP address to a H.323 device located on the LAN and using IP address 192.168.1.56. ZyWALL USG 20/20W User's Guide 133 Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to LAN1...
... a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the ZyWALL's 10.0.0.8 WAN IP address to a H.323 device located on the LAN and using IP address 192.168.1.56. ZyWALL USG 20/20W User's Guide 133 Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to LAN1...
User Guide
Page 306
...also just double-click an entry to be able to modify it . Select an entry and click Add to apply bandwidth shaping. 306 ZyWALL USG 20/20W User's Guide To move the entry. In the field that matches the routing policy. This allows you want to move an entry ... a service that is in different subnets. Select the service that requested the service. It causes (triggers) the ZyWALL to forward the traffic (received on the server side. Configure trigger port forwarding to a remote server. The ordering of your rules is important as they are applied in the Service field. ...
...also just double-click an entry to be able to modify it . Select an entry and click Add to apply bandwidth shaping. 306 ZyWALL USG 20/20W User's Guide To move the entry. In the field that matches the routing policy. This allows you want to move an entry ... a service that is in different subnets. Select the service that requested the service. It causes (triggers) the ZyWALL to forward the traffic (received on the server side. Configure trigger port forwarding to a remote server. The ordering of your rules is important as they are applied in the Service field. ...
User Guide
Page 310
.... The decimal equivalent is that sends traffic to a remote server to a client computer. With regular port forwarding, you have to forward a service (coming in brackets. Port triggering allows the client computer to computer A. 310 ZyWALL USG 20/20W User's Guide The ZyWALL records the IP address of computer A when the packets match a policy with another client computer's IP...
.... The decimal equivalent is that sends traffic to a remote server to a client computer. With regular port forwarding, you have to forward a service (coming in brackets. Port triggering allows the client computer to computer A. 310 ZyWALL USG 20/20W User's Guide The ZyWALL records the IP address of computer A when the packets match a policy with another client computer's IP...
User Guide
Page 311
... available bandwidth on their priority levels. When you enable maximize bandwidth usage, the ZyWALL first makes sure that policy route. ZyWALL USG 20/20W User's Guide 311 Figure 189 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to its bandwidth allotment. When only one policy route requires more bandwidth, the...
... available bandwidth on their priority levels. When you enable maximize bandwidth usage, the ZyWALL first makes sure that policy route. ZyWALL USG 20/20W User's Guide 311 Figure 189 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to its bandwidth allotment. When only one policy route requires more bandwidth, the...
User Guide
Page 337
...NAT 17.1 NAT Overview NAT (Network Address Translation - For example, the source address of 192.168.1.35 to a third (C in a packet. ZyWALL USG 20/20W User's Guide 337 Suppose you can also create new NAT rules and edit or delete existing ones. You assign the LAN IP addresses and the ...to the appropriate private IP address. If the ZyWALL has only one public IP address, you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the private network available by using ports to forward packets to make the computers in the example)...
...NAT 17.1 NAT Overview NAT (Network Address Translation - For example, the source address of 192.168.1.35 to a third (C in a packet. ZyWALL USG 20/20W User's Guide 337 Suppose you can also create new NAT rules and edit or delete existing ones. You assign the LAN IP addresses and the ...to the appropriate private IP address. If the ZyWALL has only one public IP address, you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the private network available by using ports to forward packets to make the computers in the example)...
User Guide
Page 338
... you can modify the entry's settings. 338 ZyWALL USG 20/20W User's Guide In addition, this to the Web Configurator and click Configuration > Network > NAT. Edit Double-click an entry or select it and click Edit to Know NAT is also known as virtual server, port forwarding, or port translation. The following table describes the labels...
... you can modify the entry's settings. 338 ZyWALL USG 20/20W User's Guide In addition, this to the Web Configurator and click Configuration > Network > NAT. Edit Double-click an entry or select it and click Edit to Know NAT is also known as virtual server, port forwarding, or port translation. The following table describes the labels...
User Guide
Page 342
...Ports - Select the protocol (TCP, UDP, or Any) used by the service requesting the connection. See NAT Loopback on the rule's specified incoming interface. 342 ZyWALL USG 20/20W User's Guide this NAT rule only applies to which translated destination IP address subnet or IP address range this NAT rule forwards... the packet. For users connected to the same interface as the Mapped IP device, the ZyWALL uses that ...
...Ports - Select the protocol (TCP, UDP, or Any) used by the service requesting the connection. See NAT Loopback on the rule's specified incoming interface. 342 ZyWALL USG 20/20W User's Guide this NAT rule only applies to which translated destination IP address subnet or IP address range this NAT rule forwards... the packet. For users connected to the same interface as the Mapped IP device, the ZyWALL uses that ...
User Guide
Page 350
... HTTP Redirect screen. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be received for the ZyWALL to forward it to the specified proxy server. Figure 210 Network > HTTP Redirect > Edit The following table describes the labels in this rule.... Name Enter a name to identify this screen. Port OK Cancel Enter the port number that the proxy server uses. Table 97 Network > HTTP Redirect > Edit LABEL DESCRIPTION Enable Use this screen without saving. 350 ZyWALL USG 20/20W User's Guide This value is case-sensitive. Click ...
... HTTP Redirect screen. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be received for the ZyWALL to forward it to the specified proxy server. Figure 210 Network > HTTP Redirect > Edit The following table describes the labels in this rule.... Name Enter a name to identify this screen. Port OK Cancel Enter the port number that the proxy server uses. Table 97 Network > HTTP Redirect > Edit LABEL DESCRIPTION Enable Use this screen without saving. 350 ZyWALL USG 20/20W User's Guide This value is case-sensitive. Click ...
User Guide
Page 352
...the LAN, you must also configure NAT (port forwarding) and firewall rules if you want to allow certain NAT un-friendly applications (such as an Application Layer Gateway (ALG) to allow access to the server from the WAN to the LAN. ZyWALL USG 20/20W User's Guide If the FTP server is ...located on TCP packets with a specified port destination to pass through. The following example shows H.323 signaling (1) and audio (2) sessions between LAN IP...
...the LAN, you must also configure NAT (port forwarding) and firewall rules if you want to allow certain NAT un-friendly applications (such as an Application Layer Gateway (ALG) to allow access to the server from the WAN to the LAN. ZyWALL USG 20/20W User's Guide If the FTP server is ...located on TCP packets with a specified port destination to pass through. The following example shows H.323 signaling (1) and audio (2) sessions between LAN IP...
User Guide
Page 353
... the WAN zone to the LAN zone. • The SIP ALG allows UDP packets with Multiple Outgoing Calls When you configure the firewall and NAT (port forwarding) to allow LAN IP address A to receive calls from LAN IP addresses B and C go out through WAN IP address 2. For example, you ...the LAN (or DMZ). VoIP Calls from the WAN with a specified port destination to pass through. • The ZyWALL allows SIP audio connections. • You do not go through NAT or routing. Even though only LAN IP address A ZyWALL USG 20/20W User's Guide 353 Chapter 19 ALG • There should be only...
... the WAN zone to the LAN zone. • The SIP ALG allows UDP packets with Multiple Outgoing Calls When you configure the firewall and NAT (port forwarding) to allow LAN IP address A to receive calls from LAN IP addresses B and C go out through WAN IP address 2. For example, you ...the LAN (or DMZ). VoIP Calls from the WAN with a specified port destination to pass through. • The ZyWALL allows SIP audio connections. • You do not go through NAT or routing. Even though only LAN IP address A ZyWALL USG 20/20W User's Guide 353 Chapter 19 ALG • There should be only...
User Guide
Page 354
...Addresses With multiple WAN IP addresses on page 139 for the calls initiated from the Internet (the WAN zone). ZyWALL USG 20/20W User's Guide You configure different firewall and port forwarding rules to allow LAN IP address A to receive calls through WAN IP address 2. The policy routing lets ...the ZyWALL correctly forward the return traffic for an example of those LAN or DMZ IP addresses go to the Internet. For...
...Addresses With multiple WAN IP addresses on page 139 for the calls initiated from the Internet (the WAN zone). ZyWALL USG 20/20W User's Guide You configure different firewall and port forwarding rules to allow LAN IP address A to receive calls through WAN IP address 2. The policy routing lets ...the ZyWALL correctly forward the return traffic for an example of those LAN or DMZ IP addresses go to the Internet. For...
User Guide
Page 402
... desired destination address. The size of the original port range must be the same size as the size of records is not associated with a specific NAT record. Click OK to the main VPN screen. 402 ZyWALL USG 20/20W User's Guide These fields are checked and executed....Destination NAT Add This translation forwards packets (for example, mail) from the remote network to delete it . Select the protocol required to use this to a specific computer (for the remote network. Enter the original destination port or range of translated destination ports. This is the address object...
... desired destination address. The size of the original port range must be the same size as the size of records is not associated with a specific NAT record. Click OK to the main VPN screen. 402 ZyWALL USG 20/20W User's Guide These fields are checked and executed....Destination NAT Add This translation forwards packets (for example, mail) from the remote network to delete it . Select the protocol required to use this to a specific computer (for the remote network. Enter the original destination port or range of translated destination ports. This is the address object...
User Guide
Page 950
... 382 and interfaces 341 and policy routes 298, 305 and to-ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering 310 port triggering, see also policy routes prerequisites 99 traversal 420 trigger... 609 Open Shortest Path First, see OSPF order of 316 OSPF routers 317 area border (ABR) 317 autonomous system boundary (ASBR) 318 backbone (BR) 318 ZyWALL USG 20/20W User's Guide
... 382 and interfaces 341 and policy routes 298, 305 and to-ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering 310 port triggering, see also policy routes prerequisites 99 traversal 420 trigger... 609 Open Shortest Path First, see OSPF order of 316 OSPF routers 317 area border (ABR) 317 autonomous system boundary (ASBR) 318 backbone (BR) 318 ZyWALL USG 20/20W User's Guide
User Guide
Page 951
Point-to -Point Protocol over Ethernet, see NAT port triggering 310 and firewall 306, 731 and policy routes 306 and service groups 306 and services 306 troubleshooting 731 ZyWALL USG 20/20W User's Guide 951 Index backup designated (BDR) 318 designated (DR) 318 internal (IR) 317 link ...96 criteria 300 overriding direct routes 301 prerequisites 97 POP POP2 522 POP3 522 pop-up windows 43 port forwarding, see NAT port groups 107, 218, 221 port roles 220 and Ethernet interfaces 220 and physical ports 220 port scan, filtered 480 port scanning 479 port sweep 480 port translation, see PPPoE.
Point-to -Point Protocol over Ethernet, see NAT port triggering 310 and firewall 306, 731 and policy routes 306 and service groups 306 and services 306 troubleshooting 731 ZyWALL USG 20/20W User's Guide 951 Index backup designated (BDR) 318 designated (DR) 318 internal (IR) 317 link ...96 criteria 300 overriding direct routes 301 prerequisites 97 POP POP2 522 POP3 522 pop-up windows 43 port forwarding, see NAT port groups 107, 218, 221 port roles 220 and Ethernet interfaces 220 and physical ports 220 port scan, filtered 480 port scanning 479 port sweep 480 port translation, see PPPoE.