User Guide
Page 8
... Network Address Translation (NAT 521 Introducing the ZyWALL Firewall 539 Filter Configuration ...541 SNMP Configuration ...557 System Information & Diagnosis 559 Firmware and Configuration File Maintenance 571 System Maintenance Menus 8 to 10 587 Remote Management ...595 Call Scheduling ...599 Troubleshooting and Specifications 603 Troubleshooting ...605 Product Specifications ...613 Appendices and Index ...619 8 ZyWALL 2 Plus User's Guide
... Network Address Translation (NAT 521 Introducing the ZyWALL Firewall 539 Filter Configuration ...541 SNMP Configuration ...557 System Information & Diagnosis 559 Firmware and Configuration File Maintenance 571 System Maintenance Menus 8 to 10 587 Remote Management ...595 Call Scheduling ...599 Troubleshooting and Specifications 603 Troubleshooting ...605 Product Specifications ...613 Appendices and Index ...619 8 ZyWALL 2 Plus User's Guide
User Guide
Page 10
... 4.2.6 Testing the Connections 112 4.3 Using NAT with Multiple Game Players 112 4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example Parameters and Scenario 113 4.4.2 Configuring Bandwidth Management Rules 114 4.5 Configuring Content Filtering 118 4.5.1 Enable Content Filtering 118 4.5.2 Block Categories of Web Content 119 4.5.3 Assign Bob's Computer a Specific IP Address 121 10 ZyWALL 2 Plus User's Guide
... 4.2.6 Testing the Connections 112 4.3 Using NAT with Multiple Game Players 112 4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example Parameters and Scenario 113 4.4.2 Configuring Bandwidth Management Rules 114 4.5 Configuring Content Filtering 118 4.5.1 Enable Content Filtering 118 4.5.2 Block Categories of Web Content 119 4.5.3 Assign Bob's Computer a Specific IP Address 121 10 ZyWALL 2 Plus User's Guide
User Guide
Page 17
....5 The Traffic Statistics Screen 424 25.5.1 Viewing Web Site Hits 425 25.5.2 Viewing Host IP Address 426 25.5.3 Viewing Protocol/Port 427 25.5.4 System Reports Specifications 429 25.6 The E-mail Report Screen 429 25.7 Logs Technical Reference 431 Chapter 26 Maintenance Screens ...447 26.1 Overview ...447 26.1.1 What You Can Do... 26.5 The Device Mode Screen 453 26.5.1 The Device Mode Screen (Router 453 26.5.2 The Device Mode Screen (Bridge 454 26.6 The F/W Upload Screen 457 ZyWALL 2 Plus User's Guide 17
....5 The Traffic Statistics Screen 424 25.5.1 Viewing Web Site Hits 425 25.5.2 Viewing Host IP Address 426 25.5.3 Viewing Protocol/Port 427 25.5.4 System Reports Specifications 429 25.6 The E-mail Report Screen 429 25.7 Logs Technical Reference 431 Chapter 26 Maintenance Screens ...447 26.1 Overview ...447 26.1.1 What You Can Do... 26.5 The Device Mode Screen 453 26.5.1 The Device Mode Screen (Router 453 26.5.2 The Device Mode Screen (Bridge 454 26.6 The F/W Upload Screen 457 ZyWALL 2 Plus User's Guide 17
User Guide
Page 22
... to Call Scheduling 599 Part VII: Troubleshooting and Specifications 603 Chapter 45 Troubleshooting...605 45.1 Power, Hardware Connections, and LEDs 605 45.2 ZyWALL Access and Login 606 45.3 Internet Access ...608... 45.4 Wireless Router/AP Troubleshooting 610 45.5 UPnP ...610 Chapter 46 Product Specifications ...613 46.1 General ZyWALL Specifications 613 46.2 Cable Pin Assignments 615 46.3 Wall-mounting Instructions 617 Part VIII: Appendices and Index 619 Appendix A Setting up Your Computer's IP Address 621 22 ZyWALL 2 Plus...
... to Call Scheduling 599 Part VII: Troubleshooting and Specifications 603 Chapter 45 Troubleshooting...605 45.1 Power, Hardware Connections, and LEDs 605 45.2 ZyWALL Access and Login 606 45.3 Internet Access ...608... 45.4 Wireless Router/AP Troubleshooting 610 45.5 UPnP ...610 Chapter 46 Product Specifications ...613 46.1 General ZyWALL Specifications 613 46.2 Cable Pin Assignments 615 46.3 Wall-mounting Instructions 617 Part VIII: Appendices and Index 619 Appendix A Setting up Your Computer's IP Address 621 22 ZyWALL 2 Plus...
User Guide
Page 30
... Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH Example 2: Test ...383 Figure 250 SSH Example 2: Log in ...384 Figure 251 Secure FTP: Firmware Upload Example 384 Figure 252 HTTPS Implementation ...385 Figure 253 ADVANCED > REMOTE MGMT > WWW 386 30 ZyWALL 2 Plus...
... Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH Example 2: Test ...383 Figure 250 SSH Example 2: Log in ...384 Figure 251 Secure FTP: Firmware Upload Example 384 Figure 252 HTTPS Implementation ...385 Figure 253 ADVANCED > REMOTE MGMT > WWW 386 30 ZyWALL 2 Plus...
User Guide
Page 40
...: Web Site Hits Report 426 Table 130 LOGS > Traffic Statistics: Host IP Address 427 Table 131 LOGS > Traffic Statistics: Protocol/ Port 428 Table 132 Report Specifications ...429 Table 133 LOGS > E-mail Report ...430 Table 134 System Maintenance Logs 431 Table 135 System Error Logs ...432 Table 136 Access Control Logs ...433... Summary ...470 Table 165 SMT Menus Overview ...471 Table 166 Menu 1: General Setup (Router Mode 475 Table 167 Menu 1: General Setup (Bridge Mode 476 40 ZyWALL 2 Plus User's Guide
...: Web Site Hits Report 426 Table 130 LOGS > Traffic Statistics: Host IP Address 427 Table 131 LOGS > Traffic Statistics: Protocol/ Port 428 Table 132 Report Specifications ...429 Table 133 LOGS > E-mail Report ...430 Table 134 System Maintenance Logs 431 Table 135 System Error Logs ...432 Table 136 Access Control Logs ...433... Summary ...470 Table 165 SMT Menus Overview ...471 Table 166 Menu 1: General Setup (Router Mode 475 Table 167 Menu 1: General Setup (Bridge Mode 476 40 ZyWALL 2 Plus User's Guide
User Guide
Page 41
... Fields in Menu 4 (PPPoE) screen 500 Table 184 Menu 11.1: Remote Node Profile for Ethernet Encapsulation 510 Table 185 Fields in Menu 11.1 (PPPoE Encapsulation Specific 513 Table 186 Menu 11.1: Remote Node Profile for PPTP Encapsulation 514 Table 187 Remote Node Network Layer Options Menu Fields 515 Table 188 Menu... GUI-based FTP Clients 574 Table 208 General Commands for GUI-based TFTP Clients 575 Table 209 Valid Commands ...588 Table 210 Budget Management ...590 ZyWALL 2 Plus User's Guide 41
... Fields in Menu 4 (PPPoE) screen 500 Table 184 Menu 11.1: Remote Node Profile for Ethernet Encapsulation 510 Table 185 Fields in Menu 11.1 (PPPoE Encapsulation Specific 513 Table 186 Menu 11.1: Remote Node Profile for PPTP Encapsulation 514 Table 187 Remote Node Network Layer Options Menu Fields 515 Table 188 Menu... GUI-based FTP Clients 574 Table 208 General Commands for GUI-based TFTP Clients 575 Table 209 Valid Commands ...588 Table 210 Budget Management ...590 ZyWALL 2 Plus User's Guide 41
User Guide
Page 42
Remote Management Control 596 Table 214 Schedule Set Setup ...600 Table 215 Hardware Specifications ...613 Table 216 Firmware Specifications ...613 Table 217 Feature and Performance Specifications 615 Table 218 Console Cable Pin Assignments 616 Table 219 Dial Backup Cable Pin Assignments 616 Table 220 Ethernet ...24-bit Network Number Subnet Planning 651 Table 231 16-bit Network Number Subnet Planning 651 Table 232 Commonly Used Services 654 42 ZyWALL 2 Plus User's Guide List of Tables Table 211 Call History ...591 Table 212 Menu 24.10 System Maintenance: Time and Date Setting 592...
Remote Management Control 596 Table 214 Schedule Set Setup ...600 Table 215 Hardware Specifications ...613 Table 216 Firmware Specifications ...613 Table 217 Feature and Performance Specifications 615 Table 218 Console Cable Pin Assignments 616 Table 219 Dial Backup Cable Pin Assignments 616 Table 220 Ethernet ...24-bit Network Number Subnet Planning 651 Table 231 16-bit Network Number Subnet Planning 651 Table 232 Commonly Used Services 654 42 ZyWALL 2 Plus User's Guide List of Tables Table 211 Call History ...591 Table 212 Menu 24.10 System Maintenance: Time and Date Setting 592...
User Guide
Page 50
... on page 53). " If you do not replace the default certificate here or in the CERTIFICATES screen, this screen displays every time you . 50 ZyWALL 2 Plus User's Guide " The management session automatically times out when the time period set in the Replace Certificate screen to create a certificate using your password (... Apply in the Administrator Inactivity Timer field expires (default five minutes). Type a new password (and retype it to this happens to change your ZyWALL's MAC address that will be specific to confirm) and click Apply or click Ignore. Simply log back into the...
... on page 53). " If you do not replace the default certificate here or in the CERTIFICATES screen, this screen displays every time you . 50 ZyWALL 2 Plus User's Guide " The management session automatically times out when the time period set in the Replace Certificate screen to create a certificate using your password (... Apply in the Administrator Inactivity Timer field expires (default five minutes). Type a new password (and retype it to this happens to change your ZyWALL's MAC address that will be specific to confirm) and click Apply or click Ignore. Simply log back into the...
User Guide
Page 62
...ZyWALL 2 Plus User's Guide E-mail Report Use this screen to change your ZyWALL's time and date. Password Use this screen to configure the settings for the categories that you to change your ZyWALL work as a router or a bridge. Read-only information here includes port status and packet specific... statistics. Log Settings Use this screen to reboot the ZyWALL without turning the power off. The Poll Interval...
...ZyWALL 2 Plus User's Guide E-mail Report Use this screen to change your ZyWALL's time and date. Password Use this screen to configure the settings for the categories that you to change your ZyWALL work as a router or a bridge. Read-only information here includes port status and packet specific... statistics. Log Settings Use this screen to reboot the ZyWALL without turning the power off. The Poll Interval...
User Guide
Page 64
... to reload the DHCP table. 2.4.8 VPN Status Click VPN in the HOME screen when the ZyWALL is the group of security settings related to 32 entries in each entry to have the ZyWALL always assign the selected entry(ies)'s IP address(es) to router mode. This address follows ...of the host computer. Figure 12 HOME > VPN Status 64 ZyWALL 2 Plus User's Guide A network interface card such as an Ethernet adapter has a hardwired address that ensures no other adapter has a similar address. After you can select up to a specific VPN tunnel. The Poll Interval(s) field is assigned at the ...
... to reload the DHCP table. 2.4.8 VPN Status Click VPN in the HOME screen when the ZyWALL is the group of security settings related to 32 entries in each entry to have the ZyWALL always assign the selected entry(ies)'s IP address(es) to router mode. This address follows ...of the host computer. Figure 12 HOME > VPN Status 64 ZyWALL 2 Plus User's Guide A network interface card such as an Ethernet adapter has a hardwired address that ensures no other adapter has a similar address. After you can select up to a specific VPN tunnel. The Poll Interval(s) field is assigned at the ...
User Guide
Page 79
... may use any time. Select Single for the tunnel do not trigger the tunnel. When the Local Network field is selected, packets for a specific range of IP addresses. Two active SAs can configure multiple SAs between the same local and remote IP addresses, as long as only one is...configured to turn the network policy off. When the Local Network field is configured to the remote IPSec router's configured remote IP addresses. ZyWALL 2 Plus User's Guide 79 Figure 27 VPN Wizard: Network Setting The following table describes the labels in a range of computers on the LAN behind your...
... may use any time. Select Single for the tunnel do not trigger the tunnel. When the Local Network field is selected, packets for a specific range of IP addresses. Two active SAs can configure multiple SAs between the same local and remote IP addresses, as long as only one is...configured to turn the network policy off. When the Local Network field is configured to the remote IPSec router's configured remote IP addresses. ZyWALL 2 Plus User's Guide 79 Figure 27 VPN Wizard: Network Setting The following table describes the labels in a range of computers on the LAN behind your...
User Guide
Page 80
... IP, enter the end (static) IP address, in a range of IP addresses. Select Single for a specific range of computers on the network behind the remote IPSec router. Figure 28 VPN Wizard: IKE Tunnel Setting 80 ZyWALL 2 Plus User's Guide Back Click Back to return to negotiate a phase 1 IKE SA. When the Remote Network...
... IP, enter the end (static) IP address, in a range of IP addresses. Select Single for a specific range of computers on the network behind the remote IPSec router. Figure 28 VPN Wizard: IKE Tunnel Setting 80 ZyWALL 2 Plus User's Guide Back Click Back to return to negotiate a phase 1 IKE SA. When the Remote Network...
User Guide
Page 95
... (1.2.3.4) to incoming traffic from the WAN. • Forward FTP traffic using port 21 from the WAN to a specific local computer (192.168.1.39). • The last public IP address (1.2.3.7) is not mapped to any device and... is reserved for other public IP addresses (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to a specific computer on your ZyWALL's LAN IP address. Public IP Addresses ZyWALL's LAN IP Address 1.2.3.4 to 1.2.3.7 192.168.1.1 The following figure shows the network you have... FTP traffic from your ISP and your local network. ZyWALL 2 Plus User's Guide 95
... (1.2.3.4) to incoming traffic from the WAN. • Forward FTP traffic using port 21 from the WAN to a specific local computer (192.168.1.39). • The last public IP address (1.2.3.7) is not mapped to any device and... is reserved for other public IP addresses (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to a specific computer on your ZyWALL's LAN IP address. Public IP Addresses ZyWALL's LAN IP Address 1.2.3.4 to 1.2.3.7 192.168.1.1 The following figure shows the network you have... FTP traffic from your ISP and your local network. ZyWALL 2 Plus User's Guide 95
User Guide
Page 99
Figure 48 Tutorial Example: Status 4.2.3 Public IP Address Mapping To have the local computers and servers use specific WAN IP addresses, you need to map static public IP addresses to check your WAN connection status. ZyWALL 2 Plus User's Guide 99 Figure 47 Tutorial Example: DNS > System: Done Chapter 4 Tutorials 11 Go to the Home screen to them. Make sure the status is not down.
Figure 48 Tutorial Example: Status 4.2.3 Public IP Address Mapping To have the local computers and servers use specific WAN IP addresses, you need to map static public IP addresses to check your WAN connection status. ZyWALL 2 Plus User's Guide 99 Figure 47 Tutorial Example: DNS > System: Done Chapter 4 Tutorials 11 Go to the Home screen to them. Make sure the status is not down.
User Guide
Page 103
... be forwarded through the ZyXEL Device, you should also create a port forwarding (server mapping) rule. ZyWALL 2 Plus User's Guide 103 Figure 55 Tutorial Example: NAT Address Mapping Done " To allow traffic from the WAN to a Local Computer A server NAT address mapping rule allows computers behind the NAT be accessible to a specific computer on your... local network, you must also create a firewall rule. Chapter 4 Tutorials 10 After the configurations, the Address Mapping screen looks as shown. You still have the ZyWALL forward incoming traffic to the outside world.
... be forwarded through the ZyXEL Device, you should also create a port forwarding (server mapping) rule. ZyWALL 2 Plus User's Guide 103 Figure 55 Tutorial Example: NAT Address Mapping Done " To allow traffic from the WAN to a Local Computer A server NAT address mapping rule allows computers behind the NAT be accessible to a specific computer on your... local network, you must also create a firewall rule. Chapter 4 Tutorials 10 After the configurations, the Address Mapping screen looks as shown. You still have the ZyWALL forward incoming traffic to the outside world.
User Guide
Page 118
...Do the following to turn on page 125) to several categories of your device and activate the external content filtering service. ZyWALL 2 Plus User's Guide You can use the external content filtering service. " The ordering of web content including things like pornography, hacking...REGISTRATION screens (see Chapter 5 on content filtering and have the ZyWALL use the ZyWALL's content filtering policies to apply specific content filtering settings to access arts and entertainment web pages during lunch. The ZyWALL applies the content filter policies based on . Any traffic that...
...Do the following to turn on page 125) to several categories of your device and activate the external content filtering service. ZyWALL 2 Plus User's Guide You can use the external content filtering service. " The ordering of web content including things like pornography, hacking...REGISTRATION screens (see Chapter 5 on content filtering and have the ZyWALL use the ZyWALL's content filtering policies to apply specific content filtering settings to access arts and entertainment web pages during lunch. The ZyWALL applies the content filter policies based on . Any traffic that...
User Guide
Page 121
Chapter 4 Tutorials 4.5.3 Assign Bob's Computer a Specific IP Address You will configure a content filtering policy for traffic from Bob's computer's IP address. Figure 82 SECURITY > CONTENT FILTER > Policy 2 Select Active. 3 Give the policy a name. 4 Configure a single address of 192.168.1.33. ZyWALL 2 Plus User's Guide 121 Figure 81 HOME > DHCP Table 4.5.4 Create a Content Filter Policy...
Chapter 4 Tutorials 4.5.3 Assign Bob's Computer a Specific IP Address You will configure a content filtering policy for traffic from Bob's computer's IP address. Figure 82 SECURITY > CONTENT FILTER > Policy 2 Select Active. 3 Give the policy a name. 4 Configure a single address of 192.168.1.33. ZyWALL 2 Plus User's Guide 121 Figure 81 HOME > DHCP Table 4.5.4 Create a Content Filter Policy...
User Guide
Page 128
...DESCRIPTION Service Management Service This field displays the service name available on the ZyWALL. Registration Type This field displays whether you applied for a trial application (Trial) or registered a service with your ZyWALL) and enter the new PIN number to extend the service. Figure ...key, registration status and expiration day). 128 ZyWALL 2 Plus User's Guide If a standard service subscription runs out, you need to buy a new iCard (specific to activate or extend a standard service subscription. " If you restore the ZyWALL to the default configuration file or upload a...
...DESCRIPTION Service Management Service This field displays the service name available on the ZyWALL. Registration Type This field displays whether you applied for a trial application (Trial) or registered a service with your ZyWALL) and enter the new PIN number to extend the service. Figure ...key, registration status and expiration day). 128 ZyWALL 2 Plus User's Guide If a standard service subscription runs out, you need to buy a new iCard (specific to activate or extend a standard service subscription. " If you restore the ZyWALL to the default configuration file or upload a...
User Guide
Page 132
... do not use ; Once you are told otherwise. Your ZyWALL will assign you are reserved). Private IP Addresses Every machine on the Internet must enable the Network Address Translation (NAT) feature of IP addresses specifically for example, only between your IP address from the IANA,...subnet mask specifies the network number portion of addresses specifically for private use any other number unless you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for the appropriate IP addresses. 132 ZyWALL 2 Plus User's Guide
... do not use ; Once you are told otherwise. Your ZyWALL will assign you are reserved). Private IP Addresses Every machine on the Internet must enable the Network Address Translation (NAT) feature of IP addresses specifically for example, only between your IP address from the IANA,...subnet mask specifies the network number portion of addresses specifically for private use any other number unless you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for the appropriate IP addresses. 132 ZyWALL 2 Plus User's Guide