User Guide
Page 45
... publicly accessible servers. ZyWALL 2 Plus User's Guide 45 You can also deploy the ZyWALL as well. The ZyWALL guarantees not only high speed Internet access, but secure internal network protection and traffic management as a transparent firewall in a WLAN port role. The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP server and many other powerful features. CHAPTER 1 Getting...
... publicly accessible servers. ZyWALL 2 Plus User's Guide 45 You can also deploy the ZyWALL as well. The ZyWALL guarantees not only high speed Internet access, but secure internal network protection and traffic management as a transparent firewall in a WLAN port role. The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP server and many other powerful features. CHAPTER 1 Getting...
User Guide
Page 59
...settings on the ZyWALL. ZyWALL 2 Plus User's Guide 59 Port Roles Use this screen to partition your ZyWALL and activate the trial service subscriptions. The information in a mode's column shows that the device mode has the specified feature. IP Alias Use... on the ZyWALL. Static DHCP Use this screen to register your LAN interface into subnets. Chapter 2 Introducing the Web Configurator Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE WLAN Firewall Y Content Filter Y VPN Y Certificates Y Authentication Server Y NAT Static Route...
...settings on the ZyWALL. ZyWALL 2 Plus User's Guide 59 Port Roles Use this screen to partition your ZyWALL and activate the trial service subscriptions. The information in a mode's column shows that the device mode has the specified feature. IP Alias Use... on the ZyWALL. Static DHCP Use this screen to register your LAN interface into subnets. Chapter 2 Introducing the Web Configurator Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE WLAN Firewall Y Content Filter Y VPN Y Certificates Y Authentication Server Y NAT Static Route...
User Guide
Page 100
...the WAN to the destination IP address. Click Apply. 100 ZyWALL 2 Plus User's Guide " The many-to-one or many-to-many NAT address mapping rules are for both incoming and outgoing connections. Chapter 4 Tutorials " The one-to-one NAT address mapping rules are for outgoing connections only. In this IP... server (192.168.1.12) and mail server (192.168.1.13) to access the Internet. The many -to-one rule. 1 Click ADVANCED > NAT. 2 Enable NAT and select Full Feature as the ZyWALL's LAN IP address to use this example, you have multiple public IP addresses to map to go through the...
...the WAN to the destination IP address. Click Apply. 100 ZyWALL 2 Plus User's Guide " The many-to-one or many-to-many NAT address mapping rules are for both incoming and outgoing connections. Chapter 4 Tutorials " The one-to-one NAT address mapping rules are for outgoing connections only. In this IP... server (192.168.1.12) and mail server (192.168.1.13) to access the Internet. The many -to-one rule. 1 Click ADVANCED > NAT. 2 Enable NAT and select Full Feature as the ZyWALL's LAN IP address to use this example, you have multiple public IP addresses to map to go through the...
User Guide
Page 132
...an IP network number, then most likely you belong to a small organization and your network administrator for the appropriate IP addresses. 132 ZyWALL 2 Plus User's Guide If you obtain your network number depends on your local networks. If you have a unique address. On the other hand....168.255.0 and you are told otherwise. You don't need to do computers on the Internet must enable the Network Address Translation (NAT) feature of an IP address. If your networks are reserved). The Internet Assigned Number Authority (IANA) reserved this is established. In other number...
...an IP network number, then most likely you belong to a small organization and your network administrator for the appropriate IP addresses. 132 ZyWALL 2 Plus User's Guide If you obtain your network number depends on your local networks. If you have a unique address. On the other hand....168.255.0 and you are told otherwise. You don't need to do computers on the Internet must enable the Network Address Translation (NAT) feature of an IP address. If your networks are reserved). The Internet Assigned Number Authority (IANA) reserved this is established. In other number...
User Guide
Page 172
.... The public IP addresses of the DMZ and WAN ports are in separate subnets. 172 ZyWALL 2 Plus User's Guide See Section 6.1.2 on page 132 for more information on the LAN. It is allowed. DMZ and NAT See Chapter 17 on page 331 for the public IP addresses on the DMZ without performing...servers to the DMZ is also highly recommended that you do not configure SUA NAT or any full feature NAT mapping rules for an overview of the public servers connected to the public IP addresses on the DMZ, the ZyWALL will route traffic to the DMZ port. If the DMZ computers use private IP...
.... The public IP addresses of the DMZ and WAN ports are in separate subnets. 172 ZyWALL 2 Plus User's Guide See Section 6.1.2 on page 132 for more information on the LAN. It is allowed. DMZ and NAT See Chapter 17 on page 331 for the public IP addresses on the DMZ without performing...servers to the DMZ is also highly recommended that you do not configure SUA NAT or any full feature NAT mapping rules for an overview of the public servers connected to the public IP addresses on the DMZ, the ZyWALL will route traffic to the DMZ port. If the DMZ computers use private IP...
User Guide
Page 207
...(or full featured NAT address mapping rules) if you want to allow a WAN computer to the sender. Select Reject to deny the packets and send a TCP reset packet (for a TCP packet) or an ICMP destination-unreachable message (for a UDP packet) to manage the ZyWALL or restrict... management from probing attempts. Click Cancel to exit this rule. Figure 134 SECURITY > FIREWALL > Anti-Probing ZyWALL 2 Plus User's Guide 207 Chapter 11 Firewall Screens Table 51 SECURITY > FIREWALL > Rule Summary ...
...(or full featured NAT address mapping rules) if you want to allow a WAN computer to the sender. Select Reject to deny the packets and send a TCP reset packet (for a TCP packet) or an ICMP destination-unreachable message (for a UDP packet) to manage the ZyWALL or restrict... management from probing attempts. Click Cancel to exit this rule. Figure 134 SECURITY > FIREWALL > Anti-Probing ZyWALL 2 Plus User's Guide 207 Chapter 11 Firewall Screens Table 51 SECURITY > FIREWALL > Rule Summary ...
User Guide
Page 216
... the ZyWALL or using the ZyWALL as Lotus Notes database synchronization, from specific hosts on the Internet to specific hosts on the LAN. • Allow public access to access devices on your protected network. Note: You also need to configure NAT port forwarding (or full featured NAT address ...or from the VPN tunnels. Chapter 11 Firewall Screens By default, the ZyWALL drops packets traveling in through the selected "from" interface and goes out through any of the ZyWALL's VPN tunnels. 216 ZyWALL 2 Plus User's Guide To VPN means traffic that is coming from accessing it ...
... the ZyWALL or using the ZyWALL as Lotus Notes database synchronization, from specific hosts on the Internet to specific hosts on the LAN. • Allow public access to access devices on your protected network. Note: You also need to configure NAT port forwarding (or full featured NAT address ...or from the VPN tunnels. Chapter 11 Firewall Screens By default, the ZyWALL drops packets traveling in through the selected "from" interface and goes out through any of the ZyWALL's VPN tunnels. 216 ZyWALL 2 Plus User's Guide To VPN means traffic that is coming from accessing it ...
User Guide
Page 259
...an IPSec router behind the NAT router. If the WAN connection goes down . When the ZyWALL is read-only and displays the ZyWALL's IP address. If you cannot configure any character, including spaces, but not with AH protocol nor with ESP protocol using traffic redirect. ZyWALL 2 Plus User's Guide 259 Note... rule with the Primary Remote Gateway field set to another WAN interface on the high availability feature to use any other active rules with the Primary Remote Gateway field set the NAT router to forward UDP ports 500 and 4500 to 0.0.0.0). The VPN tunnel has to the...
...an IPSec router behind the NAT router. If the WAN connection goes down . When the ZyWALL is read-only and displays the ZyWALL's IP address. If you cannot configure any character, including spaces, but not with AH protocol nor with ESP protocol using traffic redirect. ZyWALL 2 Plus User's Guide 259 Note... rule with the Primary Remote Gateway field set to another WAN interface on the high availability feature to use any other active rules with the Primary Remote Gateway field set the NAT router to forward UDP ports 500 and 4500 to 0.0.0.0). The VPN tunnel has to the...
User Guide
Page 265
... check box to build the tunnel. You may sometimes be in this feature to the remote IPSec router. The ZyWALL pings the IP address every minute. ZyWALL 2 Plus User's Guide 265 The ZyWALL does not apply the policy. Chapter 14 IPSec VPN Screens The following ...ZyWALL starts the IPSec connection idle timeout timer when it restarts. The computer's IP address must be necessary to allow NetBIOS packets to pass through the VPN connection. Active Enable this IP policy's remote range (see the Remote Network fields). You do not trigger the tunnel. Virtual address mapping (NAT...
... check box to build the tunnel. You may sometimes be in this feature to the remote IPSec router. The ZyWALL pings the IP address every minute. ZyWALL 2 Plus User's Guide 265 The ZyWALL does not apply the policy. Chapter 14 IPSec VPN Screens The following ...ZyWALL starts the IPSec connection idle timeout timer when it restarts. The computer's IP address must be necessary to allow NetBIOS packets to pass through the VPN connection. Active Enable this IP policy's remote range (see the Remote Network fields). You do not trigger the tunnel. Virtual address mapping (NAT...
User Guide
Page 278
... headquarters has a static public IP address. 278 ZyWALL 2 Plus User's Guide Apply Click Apply to save your throughput performance, you can access the local devices but not the local devices.) If the remote IPSec router also supports NAT over IPSec (see Section 14.9 on the encapsulation ...TCP packets that are larger after the specified time period, the ZyWALL disconnects the VPN tunnel. 0 disables the check (this feature. Table 72 SECURITY > VPN > Global Setting LABEL DESCRIPTION Output Idle Timer The ZyWALL disconnects a VPN tunnel if the remote IPSec router does not ...
... headquarters has a static public IP address. 278 ZyWALL 2 Plus User's Guide Apply Click Apply to save your throughput performance, you can access the local devices but not the local devices.) If the remote IPSec router also supports NAT over IPSec (see Section 14.9 on the encapsulation ...TCP packets that are larger after the specified time period, the ZyWALL disconnects the VPN tunnel. 0 disables the check (this feature. Table 72 SECURITY > VPN > Global Setting LABEL DESCRIPTION Output Idle Timer The ZyWALL disconnects a VPN tunnel if the remote IPSec router does not ...
User Guide
Page 287
...modes: main mode and aggressive mode. Figure 190 VPN/NAT Example If router A does NAT, it back to the ZyWALL. In contrast, aggressive mode only takes three steps to the ZyWALL for more information about active protocols.) ZyWALL 2 Plus User's Guide 287 Aggressive mode does not provide as... by the responder and both . It also finishes the Diffie-Hellman key exchange, authenticates the ZyWALL, and sends its (unencrypted) identity to establish an IKE SA. This feature helps router A recognize VPN packets and route them appropriately. Main mode provides better security, while...
...modes: main mode and aggressive mode. Figure 190 VPN/NAT Example If router A does NAT, it back to the ZyWALL. In contrast, aggressive mode only takes three steps to the ZyWALL for more information about active protocols.) ZyWALL 2 Plus User's Guide 287 Aggressive mode does not provide as... by the responder and both . It also finishes the Diffie-Hellman key exchange, authenticates the ZyWALL, and sends its (unencrypted) identity to establish an IKE SA. This feature helps router A recognize VPN packets and route them appropriately. Main mode provides better security, while...
User Guide
Page 331
...address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature (the SUA option). • Many to Many Overload: In Many-to-Many Overload mode, the ZyWALL maps the multiple local IP addresses to shared global IP addresses. •...NAT) Screens 17.1 Overview NAT (Network Address Translation - Not all models. • Click Port Forwarding screens (Section 17.4 on page 336) to make servers with private IP addresses on page 340) to change your network (behind the NAT to be accessible to specify inside servers of IP/port mapping. ZyWALL 2 Plus...
...address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature (the SUA option). • Many to Many Overload: In Many-to-Many Overload mode, the ZyWALL maps the multiple local IP addresses to shared global IP addresses. •...NAT) Screens 17.1 Overview NAT (Network Address Translation - Not all models. • Click Port Forwarding screens (Section 17.4 on page 336) to make servers with private IP addresses on page 340) to change your network (behind the NAT to be accessible to specify inside servers of IP/port mapping. ZyWALL 2 Plus...
User Guide
Page 332
... IP addresses on your intention, then select Full Feature NAT and don't configure NAT mapping rules to those computers with public IP addresses will still have to open the NAT Overview screen. 332 ZyWALL 2 Plus User's Guide Many-One-to -One and Server. The ZyWALL also supports Full Feature NAT to map multiple global IP addresses to multiple private...
... IP addresses on your intention, then select Full Feature NAT and don't configure NAT mapping rules to those computers with public IP addresses will still have to open the NAT Overview screen. 332 ZyWALL 2 Plus User's Guide Many-One-to -One and Server. The ZyWALL also supports Full Feature NAT to map multiple global IP addresses to multiple private...
User Guide
Page 333
... field to set the highest number of NAT sessions that can be called full feature NAT or multi-NAT. Select Full Feature if you have multiple public WAN IP addresses for your ZyWALL. This lets the ZyWALL use its permanent, pre-defined NAT address mapping rules. The first number shows...just one time. Apply Click Apply to save your ZyWALL. ZyWALL 2 Plus User's Guide 333 This is the equivalent of the ZyWALL's possible trigger port rules are configured. Port Triggering Rules The bar displays how many of the ZyWALL's possible address mapping rules are configured. Address Mapping ...
... field to set the highest number of NAT sessions that can be called full feature NAT or multi-NAT. Select Full Feature if you have multiple public WAN IP addresses for your ZyWALL. This lets the ZyWALL use its permanent, pre-defined NAT address mapping rules. The first number shows...just one time. Apply Click Apply to save your ZyWALL. ZyWALL 2 Plus User's Guide 333 This is the equivalent of the ZyWALL's possible trigger port rules are configured. Port Triggering Rules The bar displays how many of the ZyWALL's possible address mapping rules are configured. Address Mapping ...
User Guide
Page 334
... table displays the default address mapping rules. Figure 214 ADVANCED > NAT > Address Mapping The following screen. Mapping Rules Full Feature Address Mapping Rules 334 ZyWALL 2 Plus User's Guide Use this screen. Chapter 17 Network Address Translation (NAT) Screens 17.3 The Address Mapping Screen Click ADVANCED > NAT > Address Mapping to open the following table describes the labels...
... table displays the default address mapping rules. Figure 214 ADVANCED > NAT > Address Mapping The following screen. Mapping Rules Full Feature Address Mapping Rules 334 ZyWALL 2 Plus User's Guide Use this screen. Chapter 17 Network Address Translation (NAT) Screens 17.3 The Address Mapping Screen Click ADVANCED > NAT > Address Mapping to open the following table describes the labels...
User Guide
Page 335
... icon to go to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only. 3. Note that is N/A for all local IP addresses, then this field displays 0.0.0.0 as the Local End IP address. Figure 215 ADVANCED > NAT > Address Mapping > Edit ZyWALL 2 Plus User's Guide 335 Global Start IP This refers to...
... icon to go to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only. 3. Note that is N/A for all local IP addresses, then this field displays 0.0.0.0 as the Local End IP address. Figure 215 ADVANCED > NAT > Address Mapping > Edit ZyWALL 2 Plus User's Guide 335 Global Start IP This refers to...
User Guide
Page 336
... service), it discovers any server processes (such as for One-toOne, Many-to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature. 3. Table 96 ADVANCED > NAT > Address Mapping > Edit LABEL DESCRIPTION Type Choose the port mapping type from your ISP. This is the ending Inside ...broadband ISP accounts do not change for example, web or FTP, that you are not specified in this screen. 336 ZyWALL 2 Plus User's Guide Chapter 17 Network Address Translation (NAT) Screens The following . 1. One-to-One: One-to-One mode maps one local IP address to -One and...
... service), it discovers any server processes (such as for One-toOne, Many-to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature. 3. Table 96 ADVANCED > NAT > Address Mapping > Edit LABEL DESCRIPTION Type Choose the port mapping type from your ISP. This is the ending Inside ...broadband ISP accounts do not change for example, web or FTP, that you are not specified in this screen. 336 ZyWALL 2 Plus User's Guide Chapter 17 Network Address Translation (NAT) Screens The following . 1. One-to-One: One-to-One mode maps one local IP address to -One and...
User Guide
Page 375
ZyWALL 2 Plus User's Guide 375 Chapter 20 DNS Screens LABEL IP Address Update Policy DESCRIPTION Select Use WAN IP Address to begin configuring this screen afresh. Select Use User-Defined and enter the IP address if you have the ZyWALL update the domain name with the WAN port's IP address. Click ... static IP address. Select Let DDNS Server Auto Detect only when there are one or more NAT routers between the ZyWALL and the DDNS server. Apply Reset Note: The DDNS server may not be able to the ZyWALL. This feature has the DDNS server automatically detect and use the IP address of the...
ZyWALL 2 Plus User's Guide 375 Chapter 20 DNS Screens LABEL IP Address Update Policy DESCRIPTION Select Use WAN IP Address to begin configuring this screen afresh. Select Use User-Defined and enter the IP address if you have the ZyWALL update the domain name with the WAN port's IP address. Click ... static IP address. Select Let DDNS Server Auto Detect only when there are one or more NAT routers between the ZyWALL and the DDNS server. Apply Reset Note: The DDNS server may not be able to the ZyWALL. This feature has the DDNS server automatically detect and use the IP address of the...
User Guide
Page 397
....1.2 What You Need To Know About UPnP How Do I Know If I'm Using UPnP? See Chapter 17 on the network. ZyWALL 2 Plus User's Guide 397 In turn, a device can automatically configure network addressing, announce their presence in the UPnP Screens • Use the UPnP ... other devices on page 331 for simple peer-to view the NAT port mapping rules that uses TCP/IP for further information about NAT. CHAPTER 22 UPnP Screens 22.1 Overview This chapter introduces the Universal Plug and Play feature. UPnP network devices can leave a network smoothly and automatically when...
....1.2 What You Need To Know About UPnP How Do I Know If I'm Using UPnP? See Chapter 17 on the network. ZyWALL 2 Plus User's Guide 397 In turn, a device can automatically configure network addressing, announce their presence in the UPnP Screens • Use the UPnP ... other devices on page 331 for simple peer-to view the NAT port mapping rules that uses TCP/IP for further information about NAT. CHAPTER 22 UPnP Screens 22.1 Overview This chapter introduces the Universal Plug and Play feature. UPnP network devices can leave a network smoothly and automatically when...
User Guide
Page 521
The ZyWALL also supports Full Feature NAT to map multiple global IP addresses to Menu 4 Internet Access Setup. ZyWALL 2 Plus User's Guide 521 " Choose SUA Only if you have multiple public WAN IP addresses for your ZyWALL. The next figure shows you have just one public WAN IP address for your ZyWALL. 36.1.2 Applying NAT You apply NAT via menus...
The ZyWALL also supports Full Feature NAT to map multiple global IP addresses to Menu 4 Internet Access Setup. ZyWALL 2 Plus User's Guide 521 " Choose SUA Only if you have multiple public WAN IP addresses for your ZyWALL. The next figure shows you have just one public WAN IP address for your ZyWALL. 36.1.2 Applying NAT You apply NAT via menus...