User Guide
Page 24
...Port Speed ...636 43.6 DNS Overview ...636 43.6.1 DNS Server Address Assignment 637 43.6.2 Configuring the DNS Screen 637 43.6.3 Address Record ...640 43.6.4 PTR Record ...640 43.6.5 Adding an Address/PTR Record 640 43.6.6 Domain Zone Forwarder 641 43.6.7 Adding a Domain Zone Forwarder...43.7.7 HTTPS Example ...654 43.8 SSH ...661 43.8.1 How SSH Works ...662 43.8.2 SSH Implementation on the ZyWALL 663 43.8.3 Requirements for Using SSH 663 43.8.4 Configuring SSH ...663 43.8.5 Secure Telnet Using SSH Examples 665... 44.1.1 What You Can Do In this Chapter 679 24 ZyWALL USG 20/20W User's Guide
...Port Speed ...636 43.6 DNS Overview ...636 43.6.1 DNS Server Address Assignment 637 43.6.2 Configuring the DNS Screen 637 43.6.3 Address Record ...640 43.6.4 PTR Record ...640 43.6.5 Adding an Address/PTR Record 640 43.6.6 Domain Zone Forwarder 641 43.6.7 Adding a Domain Zone Forwarder...43.7.7 HTTPS Example ...654 43.8 SSH ...661 43.8.1 How SSH Works ...662 43.8.2 SSH Implementation on the ZyWALL 663 43.8.3 Requirements for Using SSH 663 43.8.4 Configuring SSH ...663 43.8.5 Secure Telnet Using SSH Examples 665... 44.1.1 What You Can Do In this Chapter 679 24 ZyWALL USG 20/20W User's Guide
User Guide
Page 29
...WLAN, or DMZ. ZyWALL USG 20/20W User's Guide 29 In addition, the ZyWALL provides excellent throughput, making it an ideal solution for your ZyWALL to be part of the ZyWALL's features. The ZyWALL provides excellent throughput ...ZyWALL This chapter gives an overview of dual WAN Gigabit Ethernet ports and load balancing. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for connecting publicly accessible servers. It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding...
...WLAN, or DMZ. ZyWALL USG 20/20W User's Guide 29 In addition, the ZyWALL provides excellent throughput, making it an ideal solution for your ZyWALL to be part of the ZyWALL's features. The ZyWALL provides excellent throughput ...ZyWALL This chapter gives an overview of dual WAN Gigabit Ethernet ports and load balancing. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for connecting publicly accessible servers. It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding...
User Guide
Page 37
... provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. As a result, it is much simpler to set up and to change security settings in the ZyWALL. The rest of the following: • Multiple WAN ports and configure load balancing between two...features and applications of the ZyWALL. Virtual Private Networks (VPN) Use IPSec, SSL to zones. The ZyWALL also offers hub-and-spoke IPSec VPN. ZyWALL USG 20/20W User's Guide 37 Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. You ...
... provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. As a result, it is much simpler to set up and to change security settings in the ZyWALL. The rest of the following: • Multiple WAN ports and configure load balancing between two...features and applications of the ZyWALL. Virtual Private Networks (VPN) Use IPSec, SSL to zones. The ZyWALL also offers hub-and-spoke IPSec VPN. ZyWALL USG 20/20W User's Guide 37 Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. You ...
User Guide
Page 49
... authentication. HTTP Redirect Set up and manage port forwarding rules. IP/MAC Binding Summary Configure IP to MAC address bindings for an installed wireless LAN card. Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. WLAN (For USG 20W only) Configure settings for devices connected to which the ZyWALL does not apply IP/MAC binding. RIP...
... authentication. HTTP Redirect Set up and manage port forwarding rules. IP/MAC Binding Summary Configure IP to MAC address bindings for an installed wireless LAN card. Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. WLAN (For USG 20W only) Configure settings for devices connected to which the ZyWALL does not apply IP/MAC binding. RIP...
User Guide
Page 99
...the WAN interface that the FTP traffic is to come in both the Original and the Mapped Port fields. 6.5.10 HTTP Redirect Configure this feature to have the ZyWALL transparently forward HTTP (web) traffic to access that are readily available the next time one of the FTP ...FTP server with a private IP address connected to -ZyWALL firewall rules for the original IP address. 6 In Mapping Type, select Port. 7 Enter 21 in through -ZyWALL) firewall rules. ZyWALL USG 20/20W User's Guide 99 The ZyWALL does not check to a DMZ port. MENU ITEM(S) Configuration > Network > HTTP Redirect ...
...the WAN interface that the FTP traffic is to come in both the Original and the Mapped Port fields. 6.5.10 HTTP Redirect Configure this feature to have the ZyWALL transparently forward HTTP (web) traffic to access that are readily available the next time one of the FTP ...FTP server with a private IP address connected to -ZyWALL firewall rules for the original IP address. 6 In Mapping Type, select Port. 7 Enter 21 in through -ZyWALL) firewall rules. ZyWALL USG 20/20W User's Guide 99 The ZyWALL does not check to a DMZ port. MENU ITEM(S) Configuration > Network > HTTP Redirect ...
User Guide
Page 100
.... 6 Specify the port number to control traffic for remote management. Configure to go through NAT on schedules, specific users (or user groups), source or destination addresses (or address groups) and services (or service groups). You can receive calls. 100 ZyWALL USG 20/20W User's Guide Policy ... a SIP proxy server connected to the DMZ zone for the HTTP traffic that you forward to the proxy server. 6.5.11 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to -ZyWALL firewall rules for NAT (DNAT) and policy routes (SNAT). MENU ITEM(S) Configuration >...
.... 6 Specify the port number to control traffic for remote management. Configure to go through NAT on schedules, specific users (or user groups), source or destination addresses (or address groups) and services (or service groups). You can receive calls. 100 ZyWALL USG 20/20W User's Guide Policy ... a SIP proxy server connected to the DMZ zone for the HTTP traffic that you forward to the proxy server. 6.5.11 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to -ZyWALL firewall rules for NAT (DNAT) and policy routes (SNAT). MENU ITEM(S) Configuration >...
User Guide
Page 133
ZyWALL USG 20/20W User's Guide 133 Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to LAN1 IP address 192.168.1.56. Figure 87 Configuration > Network > ALG 7.9.2 Set Up a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the ZyWALL's 10.0.0.8 WAN IP address to a H.323 device...
ZyWALL USG 20/20W User's Guide 133 Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to LAN1 IP address 192.168.1.56. Figure 87 Configuration > Network > ALG 7.9.2 Set Up a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the ZyWALL's 10.0.0.8 WAN IP address to a H.323 device...
User Guide
Page 306
...if you need to create a firewall rule to allow computers on the LAN to dynamically take turns using a port triggering rule. Configure trigger port forwarding to allow an incoming service before using a service that appears, specify the number to which the virtual interface ...ZyWALL to forward the traffic (received on the server side. Port Triggering Otherwise, select a pre-defined address (group) to use NAT for this to create a new entry. If you select outgoing-interface, you want to move an entry to a different number in order to apply bandwidth shaping. 306 ZyWALL USG 20/20W...
...if you need to create a firewall rule to allow computers on the LAN to dynamically take turns using a port triggering rule. Configure trigger port forwarding to allow an incoming service before using a service that appears, specify the number to which the virtual interface ...ZyWALL to forward the traffic (received on the server side. Port Triggering Otherwise, select a pre-defined address (group) to use NAT for this to create a new entry. If you select outgoing-interface, you want to move an entry to a different number in order to apply bandwidth shaping. 306 ZyWALL USG 20/20W...
User Guide
Page 310
... computer. Whenever a client computer's packets match the routing policy, it can use the pre-defined port triggering setting to connect to the remote server without manually configuring a port forwarding rule for port triggering: Incoming service: Game (UDP: 1234) Trigger service: Game-1 (UDP: 5670-5678) 1... AF33 (30) Class 4 AF41 (34) AF42 (36) AF43 (38) Port Triggering Some services use the same service on the client side and a dedicated range of a client computer that sent the request. Port triggering allows the client computer to computer A. 310 ZyWALL USG 20/20W User's Guide
... computer. Whenever a client computer's packets match the routing policy, it can use the pre-defined port triggering setting to connect to the remote server without manually configuring a port forwarding rule for port triggering: Incoming service: Game (UDP: 1234) Trigger service: Game-1 (UDP: 5670-5678) 1... AF33 (30) Class 4 AF41 (34) AF42 (36) AF43 (38) Port Triggering Some services use the same service on the client side and a dedicated range of a client computer that sent the request. Port triggering allows the client computer to computer A. 310 ZyWALL USG 20/20W User's Guide
User Guide
Page 311
...VPN tunnel or trunk) from computer A or until the connection is closed or times out. ZyWALL USG 20/20W User's Guide 311 Any other until the connection is not using the same port triggering rule as B or C) cannot connect to each policy route gets up any available bandwidth ... to remote server 1 using ) among policy routes with the same priority level. Figure 189 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to lower priority policy routes if there is enough available bandwidth), and then to divide up to...
...VPN tunnel or trunk) from computer A or until the connection is closed or times out. ZyWALL USG 20/20W User's Guide 311 Any other until the connection is not using the same port triggering rule as B or C) cannot connect to each policy route gets up any available bandwidth ... to remote server 1 using ) among policy routes with the same priority level. Figure 189 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to lower priority policy routes if there is enough available bandwidth), and then to divide up to...
User Guide
Page 337
...FTP, Telnet and SMTP server (A in the private network available by using ports to forward packets to another network. Suppose you can also create new NAT rules and edit or delete existing ones. ZyWALL USG 20/20W User's Guide 337 Figure 202 Multiple Servers Behind NAT Example 17.1.1 What ...You Can Do in this Chapter Use the NAT screens (see their configuration details. The NAT network appears as a single host on a private network behind the ZyWALL available outside the...
...FTP, Telnet and SMTP server (A in the private network available by using ports to forward packets to another network. Suppose you can also create new NAT rules and edit or delete existing ones. ZyWALL USG 20/20W User's Guide 337 Figure 202 Multiple Servers Behind NAT Example 17.1.1 What ...You Can Do in this Chapter Use the NAT screens (see their configuration details. The NAT network appears as a single host on a private network behind the ZyWALL available outside the...
User Guide
Page 338
... to open a screen where you to Know NAT is also known as virtual server, port forwarding, or port translation. Table 94 Configuration > Network > NAT LABEL DESCRIPTION Add Click this screen allows you can modify the entry's settings. 338 ZyWALL USG 20/20W User's Guide Figure 203 Configuration > Network > NAT The following screen appears, providing a summary of...
... to open a screen where you to Know NAT is also known as virtual server, port forwarding, or port translation. Table 94 Configuration > Network > NAT LABEL DESCRIPTION Add Click this screen allows you can modify the entry's settings. 338 ZyWALL USG 20/20W User's Guide Figure 203 Configuration > Network > NAT The following screen appears, providing a summary of...
User Guide
Page 342
... the same size. this NAT rule forwards the packet. Protocol Type Original Port Mapped Port Original Start Port Original End Port Mapped Start Port Mapped End Port Enable NAT Loopback See Appendix B on the rule's specified incoming interface. 342 ZyWALL USG 20/20W User's Guide This field is available ...if Mapping Type is Port. Enter the beginning of the range of just the specified Incoming Interface) to use a range of original destination ports this NAT rule forwards the packet. For example, ...
... the same size. this NAT rule forwards the packet. Protocol Type Original Port Mapped Port Original Start Port Original End Port Mapped Start Port Mapped End Port Enable NAT Loopback See Appendix B on the rule's specified incoming interface. 342 ZyWALL USG 20/20W User's Guide This field is available ...if Mapping Type is Port. Enter the beginning of the range of just the specified Incoming Interface) to use a range of original destination ports this NAT rule forwards the packet. For example, ...
User Guide
Page 350
... this screen without saving. 350 ZyWALL USG 20/20W User's Guide Interface Select the interface on or off. Port OK Cancel Enter the port number that the proxy server uses. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be received for the ZyWALL to forward it to the specified proxy server... this option to turn the HTTP redirect rule on which the HTTP request must be a number. Then click the Add or Edit icon to the ZyWALL.
... this screen without saving. 350 ZyWALL USG 20/20W User's Guide Interface Select the interface on or off. Port OK Cancel Enter the port number that the proxy server uses. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be received for the ZyWALL to forward it to the specified proxy server... this option to turn the HTTP redirect rule on which the HTTP request must be a number. Then click the Add or Edit icon to the ZyWALL.
User Guide
Page 352
... un-friendly applications (such as SIP) to operate properly through . ZyWALL USG 20/20W User's Guide If the FTP server is located on the LAN, you must also configure NAT (port forwarding) and firewall rules if you could make other H.323 calls that the ZyWALL routes. Chapter 19 ALG 19.1.2 What You Need to Know Application...
... un-friendly applications (such as SIP) to operate properly through . ZyWALL USG 20/20W User's Guide If the FTP server is located on the LAN, you must also configure NAT (port forwarding) and firewall rules if you could make other H.323 calls that the ZyWALL routes. Chapter 19 ALG 19.1.2 What You Need to Know Application...
User Guide
Page 353
...WAN IP address 2. For example, you enable the SIP ALG. Even though only LAN IP address A ZyWALL USG 20/20W User's Guide 353 Peer-to-Peer Calls and the ZyWALL The ZyWALL ALG can also make calls out through WAN IP address 1. You must be calls between LAN IP ...private IP address on the ZyWALL's private networks. The policy routing lets the ZyWALL correctly forward the return traffic for VoIP devices behind the ZyWALL when you configure the firewall and NAT to have LAN IP address A make other SIP servers must configure the firewall and NAT (port forwarding) to allow LAN IP...
...WAN IP address 2. For example, you enable the SIP ALG. Even though only LAN IP address A ZyWALL USG 20/20W User's Guide 353 Peer-to-Peer Calls and the ZyWALL The ZyWALL ALG can also make calls out through WAN IP address 1. You must be calls between LAN IP ...private IP address on the ZyWALL's private networks. The policy routing lets the ZyWALL correctly forward the return traffic for VoIP devices behind the ZyWALL when you configure the firewall and NAT to have LAN IP address A make other SIP servers must configure the firewall and NAT (port forwarding) to allow LAN IP...
User Guide
Page 354
...LAN IP addresses B and C can configure different firewall and NAT (port forwarding) rules to allow incoming calls from each of making an IPPBX using SIP or a SIP server in on. The policy routing lets the ZyWALL correctly forward the return traffic for related information on these screens. • See ...IP address 2. ZyWALL USG 20/20W User's Guide Use policy routing to have calls from LAN IP address A go out through WAN IP address 1 and calls from each WAN IP address to a specific IP address on the LAN (or DMZ). You configure different firewall and port forwarding rules to ...
...LAN IP addresses B and C can configure different firewall and NAT (port forwarding) rules to allow incoming calls from each of making an IPPBX using SIP or a SIP server in on. The policy routing lets the ZyWALL correctly forward the return traffic for related information on these screens. • See ...IP address 2. ZyWALL USG 20/20W User's Guide Use policy routing to have calls from LAN IP address A go out through WAN IP address 1 and calls from each WAN IP address to a specific IP address on the LAN (or DMZ). You configure different firewall and port forwarding rules to ...
User Guide
Page 402
... is TCP or UDP. Destination NAT Add This translation forwards packets (for example, mail) from the remote network to type a number for the remote network. The size of the original port range must be the same size as the size of...ports. Mapped IP Protocol Original Port Start / Original Port End Mapped Port Start / Mapped Port End OK Cancel Select the address object that represents the original destination address. This is the address object for where you typed. # This field is a sequential value, and it . Click OK to the main VPN screen. 402 ZyWALL USG 20/20W...
... is TCP or UDP. Destination NAT Add This translation forwards packets (for example, mail) from the remote network to type a number for the remote network. The size of the original port range must be the same size as the size of...ports. Mapped IP Protocol Original Port Start / Original Port End Mapped Port Start / Mapped Port End OK Cancel Select the address object that represents the original destination address. This is the address object for where you typed. # This field is a sequential value, and it . Click OK to the main VPN screen. 402 ZyWALL USG 20/20W...
User Guide
Page 950
... 382 and interfaces 341 and policy routes 298, 305 and to-ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering 310 port triggering, see also policy routes prerequisites 99 traversal 420 trigger... 609 Open Shortest Path First, see OSPF order of 316 OSPF routers 317 area border (ABR) 317 autonomous system boundary (ASBR) 318 backbone (BR) 318 ZyWALL USG 20/20W User's Guide
... 382 and interfaces 341 and policy routes 298, 305 and to-ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering 310 port triggering, see also policy routes prerequisites 99 traversal 420 trigger... 609 Open Shortest Path First, see OSPF order of 316 OSPF routers 317 area border (ABR) 317 autonomous system boundary (ASBR) 318 backbone (BR) 318 ZyWALL USG 20/20W User's Guide
User Guide
Page 951
Point-to -Point Protocol over Ethernet, see NAT port triggering 310 and firewall 306, 731 and policy routes 306 and service groups 306 and services 306 troubleshooting 731 ZyWALL USG 20/20W User's Guide 951 Index backup designated (BDR) 318 designated (DR) 318 internal (IR) 317 link ...96 criteria 300 overriding direct routes 301 prerequisites 97 POP POP2 522 POP3 522 pop-up windows 43 port forwarding, see NAT port groups 107, 218, 221 port roles 220 and Ethernet interfaces 220 and physical ports 220 port scan, filtered 480 port scanning 479 port sweep 480 port translation, see PPPoE.
Point-to -Point Protocol over Ethernet, see NAT port triggering 310 and firewall 306, 731 and policy routes 306 and service groups 306 and services 306 troubleshooting 731 ZyWALL USG 20/20W User's Guide 951 Index backup designated (BDR) 318 designated (DR) 318 internal (IR) 317 link ...96 criteria 300 overriding direct routes 301 prerequisites 97 POP POP2 522 POP3 522 pop-up windows 43 port forwarding, see NAT port groups 107, 218, 221 port roles 220 and Ethernet interfaces 220 and physical ports 220 port scan, filtered 480 port scanning 479 port sweep 480 port translation, see PPPoE.