User Guide
Page 13
... 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14....4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
... 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14....4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
User Guide
Page 15
... Overview Screen 332 17.3 The Address Mapping Screen 334 17.3.1 The Address Mapping Edit Screen 335 17.4 The Port Forwarding Screen 336 17.4.1 Configuring Servers Behind Port Forwarding (Example 337 17.4.2 Configuring the Port Forwarding Screen 338 17.5 The Port Triggering Screen 340 17.6 NAT Technical Reference 341 Chapter 18 Static Route Screens ...347 18.1 Overview ...347... ...365 20.1.1 What You Can Do in the DNS Screens 365 20.1.2 What You Need To Know About DNS 365 20.2 The System Screen ...367 ZyWALL 2 Plus User's Guide 15
... Overview Screen 332 17.3 The Address Mapping Screen 334 17.3.1 The Address Mapping Edit Screen 335 17.4 The Port Forwarding Screen 336 17.4.1 Configuring Servers Behind Port Forwarding (Example 337 17.4.2 Configuring the Port Forwarding Screen 338 17.5 The Port Triggering Screen 340 17.6 NAT Technical Reference 341 Chapter 18 Static Route Screens ...347 18.1 Overview ...347... ...365 20.1.1 What You Can Do in the DNS Screens 365 20.1.2 What You Need To Know About DNS 365 20.2 The System Screen ...367 ZyWALL 2 Plus User's Guide 15
User Guide
Page 20
... Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters... 38.6.2 Applying DMZ Filters 554 38.6.3 Applying Remote Node Filters 555 Chapter 39 SNMP Configuration ...557 39.1 SNMP Configuration ...557 39.2 SNMP Traps ...558 20 ZyWALL 2 Plus User's Guide
... Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters... 38.6.2 Applying DMZ Filters 554 38.6.3 Applying Remote Node Filters 555 Chapter 39 SNMP Configuration ...557 39.1 SNMP Configuration ...557 39.2 SNMP Traps ...558 20 ZyWALL 2 Plus User's Guide
User Guide
Page 26
... FTP Traffic to a Local Computer 104 Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 104 Figure 58 Tutorial Example: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
... FTP Traffic to a Local Computer 104 Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 104 Figure 58 Tutorial Example: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 29
...) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
...) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
User Guide
Page 30
... Figure 217 Port Translation Example 338 Figure 218 ADVANCED > NAT > Port Forwarding 339 Figure 219 Trigger Port Forwarding Process: Example 340 Figure 220 ADVANCED > NAT > Port Triggering 341 Figure... 221 How NAT Works ...343 Figure 222 NAT Application With IP Alias 344 Figure 223 Port...245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH...
... Figure 217 Port Translation Example 338 Figure 218 ADVANCED > NAT > Port Forwarding 339 Figure 219 Trigger Port Forwarding Process: Example 340 Figure 220 ADVANCED > NAT > Port Triggering 341 Figure... 221 How NAT Works ...343 Figure 222 NAT Application With IP Alias 344 Figure 223 Port...245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH...
User Guide
Page 38
...> WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic...> VPN > VPN Rules (IKE) > Edit Network Policy 265 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 ...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
...> WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic...> VPN > VPN Rules (IKE) > Edit Network Policy 265 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 ...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 39
...Overview 333 Table 95 ADVANCED > NAT > Address Mapping 334 Table 96 ADVANCED > NAT > Address Mapping > Edit 336 Table 97 ADVANCED > NAT > Port Forwarding 339 Table 98 ADVANCED > NAT > Port Triggering 341 Table 99 ADVANCED > STATIC ROUTE > IP Static Route 348 Table 100 ADVANCED > STATIC ROUTE > IP Static Route > Edit 349 Table ...393 Table 119 ADVANCED > REMOTE MGMT > DNS 394 Table 120 ADVANCED > REMOTE MGMT > CNM 395 Table 121 ADVANCED > UPnP ...404 Table 122 ADVANCED > UPnP > Ports 405 Table 123 ADVANCED > Custom APP 408 Table 124 ADVANCED > ALG ...412 ZyWALL 2 Plus User's Guide 39
...Overview 333 Table 95 ADVANCED > NAT > Address Mapping 334 Table 96 ADVANCED > NAT > Address Mapping > Edit 336 Table 97 ADVANCED > NAT > Port Forwarding 339 Table 98 ADVANCED > NAT > Port Triggering 341 Table 99 ADVANCED > STATIC ROUTE > IP Static Route 348 Table 100 ADVANCED > STATIC ROUTE > IP Static Route > Edit 349 Table ...393 Table 119 ADVANCED > REMOTE MGMT > DNS 394 Table 120 ADVANCED > REMOTE MGMT > CNM 395 Table 121 ADVANCED > UPnP ...404 Table 122 ADVANCED > UPnP > Ports 405 Table 123 ADVANCED > Custom APP 408 Table 124 ADVANCED > ALG ...412 ZyWALL 2 Plus User's Guide 39
User Guide
Page 45
...connect the WAN Ethernet port to your existing Internet access gateway (company network, or your cable or DSL modem for example). The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP server and many other powerful features. The ZyWALL guarantees not only high...Internet access. The ZyWALL provides the option to change port roles from LAN to the LAN ports for the ZyWALL Here are some examples of the ZyWALL. 1.1 ZyWALL Internet Security Appliance Overview The ZyWALL is loaded with minimal configuration. ZyWALL 2 Plus User's Guide 45 The ZyWALL's De-Militarized Zone...
...connect the WAN Ethernet port to your existing Internet access gateway (company network, or your cable or DSL modem for example). The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP server and many other powerful features. The ZyWALL guarantees not only high...Internet access. The ZyWALL provides the option to change port roles from LAN to the LAN ports for the ZyWALL Here are some examples of the ZyWALL. 1.1 ZyWALL Internet Security Appliance Overview The ZyWALL is loaded with minimal configuration. ZyWALL 2 Plus User's Guide 45 The ZyWALL's De-Militarized Zone...
User Guide
Page 61
Port Forwarding Use this screen to configure IP static routes. STATIC ROUTE IP Static Route Use this screen to configure servers behind the ZyWALL. DNS System Use this screen to configure the DNS resolution cache. Cache Use this screen to configure the address and...through which interface(s) and from which IP address(es) users can use HTTPS or HTTP to manage the ZyWALL. ZyWALL 2 Plus User's Guide 61 Class Setup Use this screen to configure your ZyWALL's port triggering settings. SNMP Use this screen to set up the bandwidth classes. Chapter 2 Introducing the Web ...
Port Forwarding Use this screen to configure IP static routes. STATIC ROUTE IP Static Route Use this screen to configure servers behind the ZyWALL. DNS System Use this screen to configure the DNS resolution cache. Cache Use this screen to configure the address and...through which interface(s) and from which IP address(es) users can use HTTPS or HTTP to manage the ZyWALL. ZyWALL 2 Plus User's Guide 61 Class Setup Use this screen to configure your ZyWALL's port triggering settings. SNMP Use this screen to set up the bandwidth classes. Chapter 2 Introducing the Web ...
User Guide
Page 95
...4.2.1 Example Parameters and Scenario The following table shows the public IP addresses from the WAN to a specific computer on your ZyWALL's LAN IP address. ZyWALL 2 Plus User's Guide 95 Figure 41 Tutorial Example: Using NAT with Multiple Public IP Addresses This section shows you examples of how ...to set up your ZyWALL if you want to set up in both directions. • Map the first public address (1.2.3.4) to outgoing traffic from other local computers. • Map the first public address (1.2.3.4) to incoming traffic from the WAN. • Forward FTP traffic using port 21 from the ...
...4.2.1 Example Parameters and Scenario The following table shows the public IP addresses from the WAN to a specific computer on your ZyWALL's LAN IP address. ZyWALL 2 Plus User's Guide 95 Figure 41 Tutorial Example: Using NAT with Multiple Public IP Addresses This section shows you examples of how ...to set up your ZyWALL if you want to set up in both directions. • Map the first public address (1.2.3.4) to outgoing traffic from other local computers. • Map the first public address (1.2.3.4) to incoming traffic from the WAN. • Forward FTP traffic using port 21 from the ...
User Guide
Page 103
... you should also create a port forwarding (server mapping) rule. To have one IP address (1.2.3.7) that can be assigned to the outside world. ZyWALL 2 Plus User's Guide 103 You still have the ZyWALL forward incoming traffic to a specific computer on page 105 for more information. 4.2.4 Forwarding Traffic from the WAN to ... traffic from the WAN to a Local Computer A server NAT address mapping rule allows computers behind the NAT be forwarded through the ZyXEL Device, you expand your local network, you want to forward FTP traffic using port 21 to Section 4.2.5 on your network.
... you should also create a port forwarding (server mapping) rule. To have one IP address (1.2.3.7) that can be assigned to the outside world. ZyWALL 2 Plus User's Guide 103 You still have the ZyWALL forward incoming traffic to a specific computer on page 105 for more information. 4.2.4 Forwarding Traffic from the WAN to ... traffic from the WAN to a Local Computer A server NAT address mapping rule allows computers behind the NAT be forwarded through the ZyXEL Device, you expand your local network, you want to forward FTP traffic using port 21 to Section 4.2.5 on your network.
User Guide
Page 104
Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 3 Click the Port Forwarding tab. 4 Select the Active check box, enter a descriptive name (FTP for example), incoming port number (21) and 192.168.1.39 as the server IP address. Chapter 4 Tutorials Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click ADVANCED > NAT > Address Mapping. 2 Click the forth rule's Edit icon ( ) to configure a server rule. Click Apply. 104 ZyWALL 2 Plus User's Guide
Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 3 Click the Port Forwarding tab. 4 Select the Active check box, enter a descriptive name (FTP for example), incoming port number (21) and 192.168.1.39 as the server IP address. Chapter 4 Tutorials Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click ADVANCED > NAT > Address Mapping. 2 Click the forth rule's Edit icon ( ) to configure a server rule. Click Apply. 104 ZyWALL 2 Plus User's Guide
User Guide
Page 105
...59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click SECURITY > FIREWALL. 2 Make sure the firewall is enabled and traffic from the WAN to allow traffic from the WAN to the LAN. ZyWALL 2 Plus User's Guide 105 Figure 58 Tutorial Example: NAT Port Forwarding Chapter 4 Tutorials ...4.2.5 Allow WAN-to-LAN Traffic through the Firewall By default, the ZyWALL blocks any traffic initiated from the WAN to the following ...
...59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click SECURITY > FIREWALL. 2 Make sure the firewall is enabled and traffic from the WAN to allow traffic from the WAN to the LAN. ZyWALL 2 Plus User's Guide 105 Figure 58 Tutorial Example: NAT Port Forwarding Chapter 4 Tutorials ...4.2.5 Allow WAN-to-LAN Traffic through the Firewall By default, the ZyWALL blocks any traffic initiated from the WAN to the following ...
User Guide
Page 112
...network to 1.2.3.7) from the same IP address, you entered the correct information in the same subnet as shown. 112 ZyWALL 2 Plus User's Guide If you finish configuration, the screen looks as the ZyWALL. 2 Open your WAN connection (see Section 4.2.2 on page 96), use the NAT > Address Mapping screen to map...correctly and there is a firewall rule to allow more information about IP address mapping. If you cannot access it, make sure the NAT port forwarding rule is active and there is in the WAN and NAT Address Mapping screens. Also check that the Internet account is active and the ...
...network to 1.2.3.7) from the same IP address, you entered the correct information in the same subnet as shown. 112 ZyWALL 2 Plus User's Guide If you finish configuration, the screen looks as the ZyWALL. 2 Open your WAN connection (see Section 4.2.2 on page 96), use the NAT > Address Mapping screen to map...correctly and there is a firewall rule to allow more information about IP address mapping. If you cannot access it, make sure the NAT port forwarding rule is active and there is in the WAN and NAT Address Mapping screens. Also check that the Internet account is active and the ...
User Guide
Page 207
Apply Cancel Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to allow computers on the WAN to access devices on the LAN. Click Cancel to ... restrict management from probing attempts. Figure 134 SECURITY > FIREWALL > Anti-Probing ZyWALL 2 Plus User's Guide 207 Select Reject to deny the packets and send a TCP reset packet (for a TCP packet) or an ICMP destination-unreachable message (for unused ports. Configure this screen. Note: You also need to configure the remote management settings if...
Apply Cancel Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to allow computers on the WAN to access devices on the LAN. Click Cancel to ... restrict management from probing attempts. Figure 134 SECURITY > FIREWALL > Anti-Probing ZyWALL 2 Plus User's Guide 207 Select Reject to deny the packets and send a TCP reset packet (for a TCP packet) or an ICMP destination-unreachable message (for unused ports. Configure this screen. Note: You also need to configure the remote management settings if...
User Guide
Page 216
...allow computers on the WAN to access devices on the WAN. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow a WAN computer to manage the ZyWALL. See Chapter 4 on your protected network. You could also block certain IP addresses from accessing it to... tunnels. To VPN means traffic that is coming from the LAN and going out through any of the ZyWALL's VPN tunnels. 216 ZyWALL 2 Plus User's Guide For example, From LAN To VPN specifies the traffic that comes in the following directions. • WAN to LAN These rules ...
...allow computers on the WAN to access devices on the WAN. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow a WAN computer to manage the ZyWALL. See Chapter 4 on your protected network. You could also block certain IP addresses from accessing it to... tunnels. To VPN means traffic that is coming from the LAN and going out through any of the ZyWALL's VPN tunnels. 216 ZyWALL 2 Plus User's Guide For example, From LAN To VPN specifies the traffic that comes in the following directions. • WAN to LAN These rules ...
User Guide
Page 266
... Subnet Address to specify IP addresses on your LAN to a range of the devices behind the ZyWALL that can configure port forwarding for your ZyWALL. 266 ZyWALL 2 Plus User's Guide These must correspond to the remote IPSec router's configured remote IP addresses. Local Network ... VPN > VPN Rules (IKE) > Edit Network Policy (continued) LABEL DESCRIPTION Port Forwarding Rules If you are for traffic going to the remote network. The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in the Type field, enter the beginning IP address of a range ...
... Subnet Address to specify IP addresses on your LAN to a range of the devices behind the ZyWALL that can configure port forwarding for your ZyWALL. 266 ZyWALL 2 Plus User's Guide These must correspond to the remote IPSec router's configured remote IP addresses. Local Network ... VPN > VPN Rules (IKE) > Edit Network Policy (continued) LABEL DESCRIPTION Port Forwarding Rules If you are for traffic going to the remote network. The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in the Type field, enter the beginning IP address of a range ...
User Guide
Page 268
... algorithms when negotiating an IPSec SA. When you enable multiple proposals, the ZyWALL allows the remote IPSec router to select which Diffie-Hellman key group to the appropriate IP address on the LAN. 268 ZyWALL 2 Plus User's Guide Clear this to encrypt and decrypt information. The longer the ... detection by forcing the two VPN gateways to open the following screen. Enable Multiple Proposals Select this screen to configure port forwarding for your VPN tunnels to let the ZyWALL forward traffic coming in the VPN Rules (IKE) screen to generate encryption keys for encryption.
... algorithms when negotiating an IPSec SA. When you enable multiple proposals, the ZyWALL allows the remote IPSec router to select which Diffie-Hellman key group to the appropriate IP address on the LAN. 268 ZyWALL 2 Plus User's Guide Clear this to encrypt and decrypt information. The longer the ... detection by forcing the two VPN gateways to open the following screen. Enable Multiple Proposals Select this screen to configure port forwarding for your VPN tunnels to let the ZyWALL forward traffic coming in the VPN Rules (IKE) screen to generate encryption keys for encryption.
User Guide
Page 269
Active Select this check box to begin configuring this screen afresh. To forward only one port, type the port number again in the End Port field. ZyWALL 2 Plus User's Guide 269 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding LABEL DESCRIPTION Default Server In addition to the servers for identifying purposes. A default server receives packets...
Active Select this check box to begin configuring this screen afresh. To forward only one port, type the port number again in the End Port field. ZyWALL 2 Plus User's Guide 269 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding LABEL DESCRIPTION Default Server In addition to the servers for identifying purposes. A default server receives packets...