User Guide
Page 7
...Registration 43 Getting to Know Your ZyWALL 45 Introducing the Web Configurator 49 Wizard Setup ...67 Tutorials ...87 Registration Screens ...125 Network ...129 LAN Screens ...131 Bridge Screens ...143 WAN Screens ...151 DMZ Screens ...171 Wireless LAN Screens ...183 Security ...193 Firewall Screens ...195 Content Filtering Screens ...223 Content Filtering Reports ...245 IPSec VPN Screens... Management Screens 377 UPnP Screens ...397 Custom Application Screen ...407 ALG Screen ...409 Logs and Maintenance ...415 Logs Screens ...417 Maintenance Screens ...447 ZyWALL 2 Plus User's Guide 7
...Registration 43 Getting to Know Your ZyWALL 45 Introducing the Web Configurator 49 Wizard Setup ...67 Tutorials ...87 Registration Screens ...125 Network ...129 LAN Screens ...131 Bridge Screens ...143 WAN Screens ...151 DMZ Screens ...171 Wireless LAN Screens ...183 Security ...193 Firewall Screens ...195 Content Filtering Screens ...223 Content Filtering Reports ...245 IPSec VPN Screens... Management Screens 377 UPnP Screens ...397 Custom Application Screen ...407 ALG Screen ...409 Logs and Maintenance ...415 Logs Screens ...417 Maintenance Screens ...447 ZyWALL 2 Plus User's Guide 7
User Guide
Page 8
... 521 Introducing the ZyWALL Firewall 539 Filter Configuration ...541 SNMP Configuration ...557 System Information & Diagnosis 559 Firmware and Configuration File Maintenance 571 System Maintenance Menus 8 to 10 587 Remote Management ...595 Call Scheduling ...599 Troubleshooting and Specifications 603 Troubleshooting ...605 Product Specifications ...613 Appendices and Index ...619 8 ZyWALL 2 Plus User's Guide Contents Overview SMT ...465...
... 521 Introducing the ZyWALL Firewall 539 Filter Configuration ...541 SNMP Configuration ...557 System Information & Diagnosis 559 Firmware and Configuration File Maintenance 571 System Maintenance Menus 8 to 10 587 Remote Management ...595 Call Scheduling ...599 Troubleshooting and Specifications 603 Troubleshooting ...605 Product Specifications ...613 Appendices and Index ...619 8 ZyWALL 2 Plus User's Guide Contents Overview SMT ...465...
User Guide
Page 10
...IKE Phase 1 80 3.6 VPN Wizard IPSec Setting (IKE Phase 2 81 3.7 VPN Wizard Status Summary 83 3.8 VPN Wizard Setup Complete 85 Chapter 4 Tutorials ...87 4.1 Security Settings for VPN Traffic 87 4.1.1 Firewall Rule for VPN Example 87 4.1.2 Configuring ... 4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example Parameters and Scenario 113 4.4.2 Configuring Bandwidth Management Rules 114 4.5 Configuring Content Filtering 118 4.5.1 Enable Content Filtering 118 4.5.2 Block Categories of Web Content 119 4.5.3 Assign Bob's Computer a Specific IP Address 121 10 ZyWALL 2 Plus User's Guide
...IKE Phase 1 80 3.6 VPN Wizard IPSec Setting (IKE Phase 2 81 3.7 VPN Wizard Status Summary 83 3.8 VPN Wizard Setup Complete 85 Chapter 4 Tutorials ...87 4.1 Security Settings for VPN Traffic 87 4.1.1 Firewall Rule for VPN Example 87 4.1.2 Configuring ... 4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example Parameters and Scenario 113 4.4.2 Configuring Bandwidth Management Rules 114 4.5 Configuring Content Filtering 118 4.5.1 Enable Content Filtering 118 4.5.2 Block Categories of Web Content 119 4.5.3 Assign Bob's Computer a Specific IP Address 121 10 ZyWALL 2 Plus User's Guide
User Guide
Page 18
...Contents 26.7 The Backup and Restore Screen 458 26.7.1 Backup Configuration 459 26.7.2 Restore Configuration 459 26.7.3 Back to Factory Defaults 461 26.8 The Restart Screen ...461 26.9 The Diagnostics Screen 461 Part VI: SMT 465 Chapter 27 Introducing the SMT ...467 27.1 Introduction to WAN and Dial Backup Setup...29.9 Remote Node Filter ...489 Chapter 30 LAN Setup...491 18 ZyWALL 2 Plus User's Guide General Setup 475 28.1 Introduction to General Setup 475 28.2 Configuring General Setup 475 28.2.1 Configuring Dynamic DNS 476 Chapter 29 WAN and Dial Backup Setup 481 29.1 Introduction...
...Contents 26.7 The Backup and Restore Screen 458 26.7.1 Backup Configuration 459 26.7.2 Restore Configuration 459 26.7.3 Back to Factory Defaults 461 26.8 The Restart Screen ...461 26.9 The Diagnostics Screen 461 Part VI: SMT 465 Chapter 27 Introducing the SMT ...467 27.1 Introduction to WAN and Dial Backup Setup...29.9 Remote Node Filter ...489 Chapter 30 LAN Setup...491 18 ZyWALL 2 Plus User's Guide General Setup 475 28.1 Introduction to General Setup 475 28.2 Configuring General Setup 475 28.2.1 Configuring Dynamic DNS 476 Chapter 29 WAN and Dial Backup Setup 481 29.1 Introduction...
User Guide
Page 19
... to Remote Node Setup 509 34.2 Remote Node Setup ...509 34.3 Remote Node Profile Setup 509 34.3.1 Ethernet Encapsulation 510 34.3.2 PPPoE Encapsulation 511 34.3.3 PPTP Encapsulation 513 34.4 Edit IP ...514 34.5 Remote Node Filter ...516 34.6 Traffic Redirect ...517 Chapter 35 IP Static Route Setup...519 35.1 IP Static Route Setup ...519 ZyWALL 2 Plus User's Guide...
... to Remote Node Setup 509 34.2 Remote Node Setup ...509 34.3 Remote Node Profile Setup 509 34.3.1 Ethernet Encapsulation 510 34.3.2 PPPoE Encapsulation 511 34.3.3 PPTP Encapsulation 513 34.4 Edit IP ...514 34.5 Remote Node Filter ...516 34.6 Traffic Redirect ...517 Chapter 35 IP Static Route Setup...519 35.1 IP Static Route Setup ...519 ZyWALL 2 Plus User's Guide...
User Guide
Page 20
... of Contents Chapter 36 Network Address Translation (NAT 521 36.1 Using NAT ...521 36.1.1 SUA (Single User Account) Versus NAT 521 36.1.2 Applying NAT ...521 36.2 NAT Setup ...523...Filter Rule 549 38.3 Example Filter ...550 38.4 Filter Types and NAT ...552 38.5 Firewall Versus Filters ...552 38.5.1 Packet Filtering: ...552 38.5.2 Firewall ...553 38.6 Applying a Filter ...553 38.6.1 Applying LAN Filters 554 38.6.2 Applying DMZ Filters 554 38.6.3 Applying Remote Node Filters 555 Chapter 39 SNMP Configuration ...557 39.1 SNMP Configuration ...557 39.2 SNMP Traps ...558 20 ZyWALL 2 Plus...
... of Contents Chapter 36 Network Address Translation (NAT 521 36.1 Using NAT ...521 36.1.1 SUA (Single User Account) Versus NAT 521 36.1.2 Applying NAT ...521 36.2 NAT Setup ...523...Filter Rule 549 38.3 Example Filter ...550 38.4 Filter Types and NAT ...552 38.5 Firewall Versus Filters ...552 38.5.1 Packet Filtering: ...552 38.5.2 Firewall ...553 38.6 Applying a Filter ...553 38.6.1 Applying LAN Filters 554 38.6.2 Applying DMZ Filters 554 38.6.3 Applying Remote Node Filters 555 Chapter 39 SNMP Configuration ...557 39.1 SNMP Configuration ...557 39.2 SNMP Traps ...558 20 ZyWALL 2 Plus...
User Guide
Page 26
... Example: Bandwidth Management Class Setup: WWW 117 Figure 76 Tutorial Example: Bandwidth Management Class Setup Done 117 Figure 77 Tutorial Example: Bandwidth Management Monitor 118 Figure 78 SECURITY > CONTENT FILTER > General 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
... Example: Bandwidth Management Class Setup: WWW 117 Figure 76 Tutorial Example: Bandwidth Management Class Setup Done 117 Figure 77 Tutorial Example: Bandwidth Management Monitor 118 Figure 78 SECURITY > CONTENT FILTER > General 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 27
...SECURITY > CONTENT FILTER > Policy 121 Figure 83 SECURITY > CONTENT FILTER > Policy > Insert 122 Figure 84 SECURITY > CONTENT FILTER > Policy 122 Figure 85 SECURITY > CONTENT FILTER > Policy > Schedule (Bob 123 Figure 86 SECURITY > CONTENT FILTER > Policy 123 Figure 87 SECURITY > CONTENT FILTER > Policy...158 Figure 107 NETWORK > WAN > WAN (PPTP Encapsulation 161 Figure 108 Traffic Redirect WAN Setup 164 Figure 109 Traffic Redirect LAN Setup 164 Figure 110 NETWORK > WAN > Traffic Redirect 164 Figure 111 NETWORK > WAN >...Figure 124 WLAN Port Role Example 191 ZyWALL 2 Plus User's Guide 27
...SECURITY > CONTENT FILTER > Policy 121 Figure 83 SECURITY > CONTENT FILTER > Policy > Insert 122 Figure 84 SECURITY > CONTENT FILTER > Policy 122 Figure 85 SECURITY > CONTENT FILTER > Policy > Schedule (Bob 123 Figure 86 SECURITY > CONTENT FILTER > Policy 123 Figure 87 SECURITY > CONTENT FILTER > Policy...158 Figure 107 NETWORK > WAN > WAN (PPTP Encapsulation 161 Figure 108 Traffic Redirect WAN Setup 164 Figure 109 Traffic Redirect LAN Setup 164 Figure 110 NETWORK > WAN > Traffic Redirect 164 Figure 111 NETWORK > WAN >...Figure 124 WLAN Port Role Example 191 ZyWALL 2 Plus User's Guide 27
User Guide
Page 40
...Table 140 CDR Logs ...435 Table 141 PPP Logs ...435 Table 142 UPnP Logs ...435 Table 143 Content Filtering Logs ...435 Table 144 Attack Logs ...436 Table 145 Remote Management Logs 437 Table 146 IPSec Logs...444 Table 152 Syslog Logs ...445 Table 153 RFC-2408 ISAKMP Payload Types 446 Table 154 MAINTENANCE > General Setup 448 Table 155 MAINTENANCE > Password 449 Table 156 MAINTENANCE > Time and Date 450 Table 157 MAINTENANCE > ... Table 165 SMT Menus Overview ...471 Table 166 Menu 1: General Setup (Router Mode 475 Table 167 Menu 1: General Setup (Bridge Mode 476 40 ZyWALL 2 Plus User's Guide
...Table 140 CDR Logs ...435 Table 141 PPP Logs ...435 Table 142 UPnP Logs ...435 Table 143 Content Filtering Logs ...435 Table 144 Attack Logs ...436 Table 145 Remote Management Logs 437 Table 146 IPSec Logs...444 Table 152 Syslog Logs ...445 Table 153 RFC-2408 ISAKMP Payload Types 446 Table 154 MAINTENANCE > General Setup 448 Table 155 MAINTENANCE > Password 449 Table 156 MAINTENANCE > Time and Date 450 Table 157 MAINTENANCE > ... Table 165 SMT Menus Overview ...471 Table 166 Menu 1: General Setup (Router Mode 475 Table 167 Menu 1: General Setup (Bridge Mode 476 40 ZyWALL 2 Plus User's Guide
User Guide
Page 73
Chapter 3 Wizard Setup Table 13 ISP Parameters: PPTP Encapsulation LABEL DESCRIPTION My IP Subnet Mask Type the subnet mask assigned to the screen where you can register your ZyWALL and activate the free content filtering trial application. This field is the default selection. WAN ... Internet access setup. Back Click Back to return to complete the Internet access setup. Otherwise, click Skip to display the congratulations screen and click Close to the previous wizard screen. Server IP Address Type the IP address of the PPTP server. ZyWALL 2 Plus User's Guide...
Chapter 3 Wizard Setup Table 13 ISP Parameters: PPTP Encapsulation LABEL DESCRIPTION My IP Subnet Mask Type the subnet mask assigned to the screen where you can register your ZyWALL and activate the free content filtering trial application. This field is the default selection. WAN ... Internet access setup. Back Click Back to return to complete the Internet access setup. Otherwise, click Skip to display the congratulations screen and click Close to the previous wizard screen. Server IP Address Type the IP address of the PPTP server. ZyWALL 2 Plus User's Guide...
User Guide
Page 74
Use this screen to activate a standard service with myZyXEL.com. Chapter 3 Wizard Setup Figure 19 Internet Access Setup Complete 3.2.4 Internet Access Wizard: Registration If you can activate the content filtering trial application. " If you want to register the ZyWALL with your ZyWALL before you clicked Next in the Internet Access Wizard Second Screen (see Figure 18 on page 73), the following screen displays. You must register your iCard's PIN number (license key), use the REGISTRATION > Service screen. 74 ZyWALL 2 Plus User's Guide
Use this screen to activate a standard service with myZyXEL.com. Chapter 3 Wizard Setup Figure 19 Internet Access Setup Complete 3.2.4 Internet Access Wizard: Registration If you can activate the content filtering trial application. " If you want to register the ZyWALL with your ZyWALL before you clicked Next in the Internet Access Wizard Second Screen (see Figure 18 on page 73), the following screen displays. You must register your iCard's PIN number (license key), use the REGISTRATION > Service screen. 74 ZyWALL 2 Plus User's Guide
User Guide
Page 146
...)~65535(Highe corresponding port. 65535 is extremely important because without it . The DNS server is the highest. Rapid Spanning Tree Protocol Setup Enable Rapid Spanning Select the check box to which in the listening and learning port states. The default is the bridge port type... 30) in seconds that a bridge waits to save your ZyWALL in this screen afresh. 146 ZyWALL 2 Plus User's Guide st) Apply Click Apply to get a Hello BPDU from the root bridge. If you assign, the higher the priority for content filtering, the time server, etc. Bridge Hello Time Enter an ...
...)~65535(Highe corresponding port. 65535 is extremely important because without it . The DNS server is the highest. Rapid Spanning Tree Protocol Setup Enable Rapid Spanning Select the check box to which in the listening and learning port states. The default is the bridge port type... 30) in seconds that a bridge waits to save your ZyWALL in this screen afresh. 146 ZyWALL 2 Plus User's Guide st) Apply Click Apply to get a Hello BPDU from the root bridge. If you assign, the higher the priority for content filtering, the time server, etc. Bridge Hello Time Enter an ...
User Guide
Page 225
... web page belongs. Turn on custom ports. The ZyWALL applies the content filter to web pages depending on HTTP traffic that the ZyWALL sends out through a VPN tunnel or receives through traffic). ZyWALL 2 Plus User's Guide 225 Content filtering works on the ZyWALL's external database content filtering settings. Chapter 12 Content Filtering Screens Figure 150 SECURITY > CONTENT FILTER > General The following table describes the labels...
... web page belongs. Turn on custom ports. The ZyWALL applies the content filter to web pages depending on HTTP traffic that the ZyWALL sends out through a VPN tunnel or receives through traffic). ZyWALL 2 Plus User's Guide 225 Content filtering works on the ZyWALL's external database content filtering settings. Chapter 12 Content Filtering Screens Figure 150 SECURITY > CONTENT FILTER > General The following table describes the labels...
User Guide
Page 230
...and the Internet to track usage and provide service based on ID. When you try to edit which content categories the content filter policy blocks. 230 ZyWALL 2 Plus User's Guide You will appear blank or grayed out. Subnet Mask Enter the subnet mask here, if ...or Internet and intranet business applications of addresses, and/or subnets. Address Setup Address Type Do you visit the site again. Use this screen. Chapter 12 Content Filtering Screens Table 58 SECURITY > CONTENT FILTER > Policy > General (continued) LABEL DESCRIPTION Restrict Web Features Select the ...
...and the Internet to track usage and provide service based on ID. When you try to edit which content categories the content filter policy blocks. 230 ZyWALL 2 Plus User's Guide You will appear blank or grayed out. Subnet Mask Enter the subnet mask here, if ...or Internet and intranet business applications of addresses, and/or subnets. Address Setup Address Type Do you visit the site again. Use this screen. Chapter 12 Content Filtering Screens Table 58 SECURITY > CONTENT FILTER > Policy > General (continued) LABEL DESCRIPTION Restrict Web Features Select the ...
User Guide
Page 240
...Table 61 SECURITY > CONTENT FILTER > Policy > Schedule LABEL DESCRIPTION Policy Name This is the name of the content filter policy that you are...Content Filtering Screens Figure 155 SECURITY > CONTENT FILTER > Policy > Schedule The following table describes the labels in 24-hour format, for this policy and a list of blocked web site addresses. Everyday from the filter list. 240 ZyWALL 2 Plus User's Guide In the from and to have content filtering active during which content filtering will be enforced. Schedule Setup Content filtering scheduling applies to have content filtering...
...Table 61 SECURITY > CONTENT FILTER > Policy > Schedule LABEL DESCRIPTION Policy Name This is the name of the content filter policy that you are...Content Filtering Screens Figure 155 SECURITY > CONTENT FILTER > Policy > Schedule The following table describes the labels in 24-hour format, for this policy and a list of blocked web site addresses. Everyday from the filter list. 240 ZyWALL 2 Plus User's Guide In the from and to have content filtering active during which content filtering will be enforced. Schedule Setup Content filtering scheduling applies to have content filtering...
User Guide
Page 244
...CONTENT FILTER > Cache LABEL DESCRIPTION URL Cache Setup Maximum TTL Type the maximum time to live (TTL) (1 to clear all web site addresses from the cache manually. This sets how long the ZyWALL... is the index number of hours left before discarding it. Refresh Click this screen afresh. Remaining Time This is the number of a categorized web site address record. URL Cache Entry Flush Click this screen. Chapter 12 Content Filtering Screens Figure 157 SECURITY > CONTENT FILTER...address that the ZyWALL previously checked with the external content filtering database. Apply Click...
...CONTENT FILTER > Cache LABEL DESCRIPTION URL Cache Setup Maximum TTL Type the maximum time to live (TTL) (1 to clear all web site addresses from the cache manually. This sets how long the ZyWALL... is the index number of hours left before discarding it. Refresh Click this screen afresh. Remaining Time This is the number of a categorized web site address record. URL Cache Entry Flush Click this screen. Chapter 12 Content Filtering Screens Figure 157 SECURITY > CONTENT FILTER...address that the ZyWALL previously checked with the external content filtering database. Apply Click...
User Guide
Page 435
...Protocol stage is the call channel ID. Table 143 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword blocking The content of the call was disconnected. "dev" is ... . ppp:IPCP Closing The PPP connection's Internet Protocol Control Protocol stage is closing . ZyWALL 2 Plus User's Guide 435 Chapter 25 Logs Screens Table 140 CDR Logs LOG MESSAGE board %d line...%s board %d line %d channel %d, call %d, %s C02 Call Terminated DESCRIPTION The router received the setup requirements for PPTP). ppp:LCP Closing The PPP connection's Link Control Protocol stage is closing . Table...
...Protocol stage is the call channel ID. Table 143 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword blocking The content of the call was disconnected. "dev" is ... . ppp:IPCP Closing The PPP connection's Internet Protocol Control Protocol stage is closing . ZyWALL 2 Plus User's Guide 435 Chapter 25 Logs Screens Table 140 CDR Logs LOG MESSAGE board %d line...%s board %d line %d channel %d, call %d, %s C02 Call Terminated DESCRIPTION The router received the setup requirements for PPTP). ppp:LCP Closing The PPP connection's Link Control Protocol stage is closing . Table...
User Guide
Page 680
... Forward Secrecy (PFS) 292 Dimensions 613 disclaimer 669 DMZ IP alias setup 503 port filter setup 501 setup 501 TCP/IP setup 502 DNS 393 DNS Server For VPN Host 366 DNS server address assignment...289 and active protocol 284 entering information 469 ESP 291 and transport mode 292 ESSID 610 Ethernet ZyWALL 2 Plus User's Guide DoS 195, 209 drop timeout 485 DSL modem 511 DTR 168, 484 Dynamic...settings 467 speed 561, 562 stop bit 467 contact information 673 content filter general 224 content filtering categories 223 days and times 223 filter list 223 object 240 policy 227 restrict web features 223 URL ...
... Forward Secrecy (PFS) 292 Dimensions 613 disclaimer 669 DMZ IP alias setup 503 port filter setup 501 setup 501 TCP/IP setup 502 DNS 393 DNS Server For VPN Host 366 DNS server address assignment...289 and active protocol 284 entering information 469 ESP 291 and transport mode 292 ESSID 610 Ethernet ZyWALL 2 Plus User's Guide DoS 195, 209 drop timeout 485 DSL modem 511 DTR 168, 484 Dynamic...settings 467 speed 561, 562 stop bit 467 contact information 673 content filter general 224 content filtering categories 223 days and times 223 filter list 223 object 240 policy 227 restrict web features 223 URL ...
User Guide
Page 681
...289 Diffie-Hellman key group 284 encryption algorithms 284, 289 extended authentication 286 ID content 285 Index 681 encapsulation 68, 497, 510 extended authentication 286 F F/W version 562... configuration 541 configuring 544 DMZ 554 example 550 filter rule execution 542 generic filter rule 549 incoming protocol 495 IP filter logic flow 548 protocol 495 remote node 555 ... 195 TCP maximum incomplete 209 three-way handshake 219 threshold 208 VPN 91 ZyWALL 2 Plus User's Guide when to use 553 firmware file maintenance 571 upload 457 firmware... 520 general setup 447, 475 GMT 451 Greenwich Mean Time.
...289 Diffie-Hellman key group 284 encryption algorithms 284, 289 extended authentication 286 ID content 285 Index 681 encapsulation 68, 497, 510 extended authentication 286 F F/W version 562... configuration 541 configuring 544 DMZ 554 example 550 filter rule execution 542 generic filter rule 549 incoming protocol 495 IP filter logic flow 548 protocol 495 remote node 555 ... 195 TCP maximum incomplete 209 three-way handshake 219 threshold 208 VPN 91 ZyWALL 2 Plus User's Guide when to use 553 firmware file maintenance 571 upload 457 firmware... 520 general setup 447, 475 GMT 451 Greenwich Mean Time.