User Guide
Page 12
...183 10.1.1 What You Need to Know About Wireless LAN 184 10.2 The WLAN Screen ...184 10.3 The Static DHCP Screen 187 10.4 The IP Alias Screen ...189 10.5 The Port Roles Screen 190 Part III: Security 193 Chapter 11 Firewall Screens...195 11.1 Overview ...195 11.1.1 What You...About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary Screen 202 11.5.1 The Firewall Edit Rule Screen 204 12 ZyWALL 2 Plus User's Guide
...183 10.1.1 What You Need to Know About Wireless LAN 184 10.2 The WLAN Screen ...184 10.3 The Static DHCP Screen 187 10.4 The IP Alias Screen ...189 10.5 The Port Roles Screen 190 Part III: Security 193 Chapter 11 Firewall Screens...195 11.1 Overview ...195 11.1.1 What You...About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary Screen 202 11.5.1 The Firewall Edit Rule Screen 204 12 ZyWALL 2 Plus User's Guide
User Guide
Page 18
... Menu 1 - Table of Contents 26.7 The Backup and Restore Screen 458 26.7.1 Backup Configuration 459 26.7.2 Restore Configuration 459 26.7.3 Back to Factory Defaults 461 26.8 The Restart Screen ...461 26.9 The Diagnostics Screen 461 Part VI: SMT 465 Chapter 27 Introducing the SMT ...467 27.1 Introduction to ... ...482 29.4 Configuring Dial Backup in Menu 2 482 29.5 Advanced WAN Setup ...483 29.6 Remote Node Profile (Backup ISP 485 29.7 Editing TCP/IP Options ...487 29.8 Editing Login Script ...488 29.9 Remote Node Filter ...489 Chapter 30 LAN Setup...491 18 ZyWALL 2 Plus User's Guide
... Menu 1 - Table of Contents 26.7 The Backup and Restore Screen 458 26.7.1 Backup Configuration 459 26.7.2 Restore Configuration 459 26.7.3 Back to Factory Defaults 461 26.8 The Restart Screen ...461 26.9 The Diagnostics Screen 461 Part VI: SMT 465 Chapter 27 Introducing the SMT ...467 27.1 Introduction to ... ...482 29.4 Configuring Dial Backup in Menu 2 482 29.5 Advanced WAN Setup ...483 29.6 Remote Node Profile (Backup ISP 485 29.7 Editing TCP/IP Options ...487 29.8 Editing Login Script ...488 29.9 Remote Node Filter ...489 Chapter 30 LAN Setup...491 18 ZyWALL 2 Plus User's Guide
User Guide
Page 20
... 523 36.3 Configuring a Server behind NAT 528 36.4 General NAT Examples 530 36.4.1 Internet Access Only 530 36.4.2 Example 2: Internet Access with a Default Server 532 36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember... 38.6.2 Applying DMZ Filters 554 38.6.3 Applying Remote Node Filters 555 Chapter 39 SNMP Configuration ...557 39.1 SNMP Configuration ...557 39.2 SNMP Traps ...558 20 ZyWALL 2 Plus User's Guide
... 523 36.3 Configuring a Server behind NAT 528 36.4 General NAT Examples 530 36.4.1 Internet Access Only 530 36.4.2 Example 2: Internet Access with a Default Server 532 36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember... 38.6.2 Applying DMZ Filters 554 38.6.3 Applying Remote Node Filters 555 Chapter 39 SNMP Configuration ...557 39.1 SNMP Configuration ...557 39.2 SNMP Traps ...558 20 ZyWALL 2 Plus User's Guide
User Guide
Page 26
...DNS > System Edit-2 98 Figure 47 Tutorial Example: DNS > System: Done 99 Figure 48 Tutorial Example: Status ...99 Figure 49 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers 100 Figure 50 Tutorial Example: NAT > NAT Overview 101 Figure 51 Tutorial Example: NAT > Address Mapping 101 Figure 52 Tutorial Example... Monitor 118 Figure 78 SECURITY > CONTENT FILTER > General 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
...DNS > System Edit-2 98 Figure 47 Tutorial Example: DNS > System: Done 99 Figure 48 Tutorial Example: Status ...99 Figure 49 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers 100 Figure 50 Tutorial Example: NAT > NAT Overview 101 Figure 51 Tutorial Example: NAT > Address Mapping 101 Figure 52 Tutorial Example... Monitor 118 Figure 78 SECURITY > CONTENT FILTER > General 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 28
... Example 197 Figure 129 Limited LAN to WAN IRC Traffic Example 198 Figure 130 SECURITY > FIREWALL > Default Rule (Router Mode 199 Figure 131 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Figure 132 SECURITY > FIREWALL > Rule Summary 203 Figure 133 SECURITY > FIREWALL... Figure 145 From VPN to LAN Example 217 Figure 146 From VPN to VPN Example 218 Figure 147 Using IP Alias to Solve the Triangle Route Problem 219 Figure 148 Three-Way Handshake ...219 Figure 149 Content Filtering Lookup... Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
... Example 197 Figure 129 Limited LAN to WAN IRC Traffic Example 198 Figure 130 SECURITY > FIREWALL > Default Rule (Router Mode 199 Figure 131 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Figure 132 SECURITY > FIREWALL > Rule Summary 203 Figure 133 SECURITY > FIREWALL... Figure 145 From VPN to LAN Example 217 Figure 146 From VPN to VPN Example 218 Figure 147 Using IP Alias to Solve the Triangle Route Problem 219 Figure 148 Three-Way Handshake ...219 Figure 149 Content Filtering Lookup... Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
User Guide
Page 38
... Table 42 NETWORK > WLAN ...185 Table 43 NETWORK > WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197... Table 47 Limited LAN to WAN IRC Traffic Example 198 Table 48 SECURITY > FIREWALL > Default Rule (Router Mode 199 Table 49 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Table 50 SECURITY > FIREWALL > Rule Summary 203 Table 51 SECURITY >... My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
... Table 42 NETWORK > WLAN ...185 Table 43 NETWORK > WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197... Table 47 Limited LAN to WAN IRC Traffic Example 198 Table 48 SECURITY > FIREWALL > Default Rule (Router Mode 199 Table 49 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Table 50 SECURITY > FIREWALL > Rule Summary 203 Table 51 SECURITY >... My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 60
...for external database content filtering and view reports. SA Monitor Use this screen to display and manage active VPN connections. IP Alias Use this screen to partition your DMZ interface into subnets. Traffic Redirect Use this screen to configure your WLAN ...redirect properties and parameters. SECURITY FIREWALL Default Rule Use this screen to edit/add a firewall rule. Global Setting Use this screen to activate/deactivate the firewall and the direction of network traffic to which categories of the directory servers. 60 ZyWALL 2 Plus User's Guide
...for external database content filtering and view reports. SA Monitor Use this screen to display and manage active VPN connections. IP Alias Use this screen to partition your DMZ interface into subnets. Traffic Redirect Use this screen to configure your WLAN ...redirect properties and parameters. SECURITY FIREWALL Default Rule Use this screen to edit/add a firewall rule. Global Setting Use this screen to activate/deactivate the firewall and the direction of network traffic to which categories of the directory servers. 60 ZyWALL 2 Plus User's Guide
User Guide
Page 69
...IP address(es) in this field. Select Static If the ISP assigned a fixed IP address. ZyWALL 2 Plus User's Guide 69 Chapter 3 Wizard Setup Table 11 ISP Parameters: Ethernet Encapsulation LABEL DESCRIPTION WAN IP Address Assignment IP... My WAN IP Address Enter your changes and go to the next screen. 3.2.1.2 PPPoE Encapsulation Point-to save your WAN IP address in this...to -Point Protocol over Ethernet (PPPoE) functions as 0.0.0.0 if you a fixed IP address. This is an IETF (Internet Engineering Task Force) standard specifying how a... IP address of a machine in this field. If you do not...
...IP address(es) in this field. Select Static If the ISP assigned a fixed IP address. ZyWALL 2 Plus User's Guide 69 Chapter 3 Wizard Setup Table 11 ISP Parameters: Ethernet Encapsulation LABEL DESCRIPTION WAN IP Address Assignment IP... My WAN IP Address Enter your changes and go to the next screen. 3.2.1.2 PPPoE Encapsulation Point-to save your WAN IP address in this...to -Point Protocol over Ethernet (PPPoE) functions as 0.0.0.0 if you a fixed IP address. This is an IETF (Internet Engineering Task Force) standard specifying how a... IP address of a machine in this field. If you do not...
User Guide
Page 70
The default time is the default selection. Nailed-Up Select Nailed-Up if you by your ISP did not assign you select Static. 70 ZyWALL 2 Plus User's Guide This is 100 seconds. PPP over Ethernet forms a dial-up connection. Retype to time out. Password Type...your service provider. Idle Timeout Type the time in this screen. The fields below are available only when you a fixed IP address. WAN IP Address Assignment IP Address Assignment Select Dynamic If your ISP. Chapter 3 Wizard Setup Figure 16 ISP Parameters: PPPoE Encapsulation The following table ...
The default time is the default selection. Nailed-Up Select Nailed-Up if you by your ISP did not assign you select Static. 70 ZyWALL 2 Plus User's Guide This is 100 seconds. PPP over Ethernet forms a dial-up connection. Retype to time out. Password Type...your service provider. Idle Timeout Type the time in this screen. The fields below are available only when you a fixed IP address. WAN IP Address Assignment IP Address Assignment Select Dynamic If your ISP. Chapter 3 Wizard Setup Figure 16 ISP Parameters: PPPoE Encapsulation The following table ...
User Guide
Page 73
...right. First DNS Server Second DNS Server Enter the DNS server's IP address(es) in order to access it. For example, C:12 or N:My ISP. This field is the default selection. Select Static If the ISP assigned a fixed IP address. The fields below are available only when you do not ... and depends on the requirements of the PPTP server. Back Click Back to return to save your xDSL modem. ZyWALL 2 Plus User's Guide 73 Leave the field as 0.0.0.0 if you select Static. WAN IP Address Assignment IP Address Assignment Select Dynamic If your ISP did not assign you by your WAN...
...right. First DNS Server Second DNS Server Enter the DNS server's IP address(es) in order to access it. For example, C:12 or N:My ISP. This field is the default selection. Select Static If the ISP assigned a fixed IP address. The fields below are available only when you do not ... and depends on the requirements of the PPTP server. Back Click Back to return to save your xDSL modem. ZyWALL 2 Plus User's Guide 73 Leave the field as 0.0.0.0 if you select Static. WAN IP Address Assignment IP Address Assignment Select Dynamic If your ISP did not assign you by your WAN...
User Guide
Page 81
...which can communicate with another party before an IKE SA automatically renegotiates in this field. DH1 (default) refers to negotiate a phase 2 IPSec SA. It is used on DES that the ...associations) connecting through a secure gateway must use separate passwords. Triple DES (3DES) is slower. ZyWALL 2 Plus User's Guide 81 When DES is called "pre-shared" because you can be used to use...a 128-bit key. Type from 8 to 31 case-sensitive ASCII characters or from dynamic IP addresses to authenticate packet data. DH5 refers to Diffie-Hellman Group 2 a 1024 bit (...
...which can communicate with another party before an IKE SA automatically renegotiates in this field. DH1 (default) refers to negotiate a phase 2 IPSec SA. It is used on DES that the ...associations) connecting through a secure gateway must use separate passwords. Triple DES (3DES) is slower. ZyWALL 2 Plus User's Guide 81 When DES is called "pre-shared" because you can be used to use...a 128-bit key. Type from 8 to 31 case-sensitive ASCII characters or from dynamic IP addresses to authenticate packet data. DH5 refers to Diffie-Hellman Group 2 a 1024 bit (...
User Guide
Page 87
... a VPN tunnel. Furthermore, you can configure the firewall rule so that only the network behind device A. You have VPN tunnels with IP address 192.168.1.4 behind device B can access the FTP server through a VPN tunnel (not other remote networks that flows out through the...of its direction of travel . ZyWALL 2 Plus User's Guide 87 CHAPTER 4 Tutorials This chapter describes • how to apply security settings to VPN traffic. • how to set up your ZyWALL if you have more fine-tuned control for VPN tunnels. You can configure default and custom firewall rules for VPN...
... a VPN tunnel. Furthermore, you can configure the firewall rule so that only the network behind device A. You have VPN tunnels with IP address 192.168.1.4 behind device B can access the FTP server through a VPN tunnel (not other remote networks that flows out through the...of its direction of travel . ZyWALL 2 Plus User's Guide 87 CHAPTER 4 Tutorials This chapter describes • how to apply security settings to VPN traffic. • how to set up your ZyWALL if you have more fine-tuned control for VPN tunnels. You can configure default and custom firewall rules for VPN...
User Guide
Page 121
...traffic from Bob's computer's IP address. ZyWALL 2 Plus User's Guide 121 Do the following to have the ZyWALL always give Bob's computer the same IP address (192.168.1.33 in order, so make sure you add the new policy before the default policy. The ZyWALL applies the content filter ...2 Select Active. 3 Give the policy a name. 4 Configure a single address of 192.168.1.33. Chapter 4 Tutorials 4.5.3 Assign Bob's Computer a Specific IP Address You will configure a content filtering policy for traffic from Bob's computer. 1 Click SECURITY > CONTENT FILTER > Policy and then the Insert button.
...traffic from Bob's computer's IP address. ZyWALL 2 Plus User's Guide 121 Do the following to have the ZyWALL always give Bob's computer the same IP address (192.168.1.33 in order, so make sure you add the new policy before the default policy. The ZyWALL applies the content filter ...2 Select Active. 3 Give the policy a name. 4 Configure a single address of 192.168.1.33. Chapter 4 Tutorials 4.5.3 Assign Bob's Computer a Specific IP Address You will configure a content filtering policy for traffic from Bob's computer. 1 Click SECURITY > CONTENT FILTER > Policy and then the Insert button.
User Guide
Page 133
...Version to the computers on non-router machines since they generally do not create an arbitrary IP address; but RIP-2 carries more information on your LAN. ZyWALL 2 Plus User's Guide 133 DHCP The ZyWALL can reduce the load on your LAN. RIP Setup RIP (Routing Information Protocol, RFC .... However, if one router uses multicasting, then all routers on page 613 for the default IP pool range. always follow the guidelines above. See Chapter 46 on your LAN computers static IP addresses that it recognizes both formats when receiving). RIP Version controls the format and the...
...Version to the computers on non-router machines since they generally do not create an arbitrary IP address; but RIP-2 carries more information on your LAN. ZyWALL 2 Plus User's Guide 133 DHCP The ZyWALL can reduce the load on your LAN. RIP Setup RIP (Routing Information Protocol, RFC .... However, if one router uses multicasting, then all routers on page 613 for the default IP pool range. always follow the guidelines above. See Chapter 46 on your LAN computers static IP addresses that it recognizes both formats when receiving). RIP Version controls the format and the...
User Guide
Page 383
... connecting to the ZyWALL using SSH version 1. If this is available on the ZyWALL (using the default IP address of 192.168.1.1). A message displays indicating the SSH protocol version supported by the ZyWALL. The SMT main... menu displays next. 21.2.2.2 Example 2: Linux This section describes how to access the ZyWALL using the OpenSSH client program that comes with most SSH client programs. Refer to your computer to connect to the ZyWALL 2 Plus...
... connecting to the ZyWALL using SSH version 1. If this is available on the ZyWALL (using the default IP address of 192.168.1.1). A message displays indicating the SSH protocol version supported by the ZyWALL. The SMT main... menu displays next. 21.2.2.2 Example 2: Linux This section describes how to access the ZyWALL using the OpenSSH client program that comes with most SSH client programs. Refer to your computer to connect to the ZyWALL 2 Plus...
User Guide
Page 481
WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Press ENTER to Confirm or ESC to ....1. 29.1 Introduction to WAN and Dial Backup Setup This chapter explains how to configure settings for your WAN port and how to configure the ZyWALL for a dial backup connection. 29.2 WAN Setup From the main menu, enter 2 to Cancel: ZyWALL 2 Plus User's Guide 481 Figure 307 MAC Address Cloning in WAN Setup Menu 2 -
WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Press ENTER to Confirm or ESC to ....1. 29.1 Introduction to WAN and Dial Backup Setup This chapter explains how to configure settings for your WAN port and how to configure the ZyWALL for a dial backup connection. 29.2 WAN Setup From the main menu, enter 2 to Cancel: ZyWALL 2 Plus User's Guide 481 Figure 307 MAC Address Cloning in WAN Setup Menu 2 -
User Guide
Page 483
... 29.5 Advanced WAN Setup " Consult the manual of your WAN device connected to Cancel: The following table describes the fields in this menu. ZyWALL 2 Plus User's Guide 483 Table 172 Menu 2: Dial Backup Setup FIELD DESCRIPTION Dial-Backup: Active Use this field; AT Command String: Init Enter the... [SPACE BAR] to select Yes and then press [ENTER] to go to initialize the WAN device. WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at the prompt "Press ENTER to your Dial Backup port...
... 29.5 Advanced WAN Setup " Consult the manual of your WAN device connected to Cancel: The following table describes the fields in this menu. ZyWALL 2 Plus User's Guide 483 Table 172 Menu 2: Dial Backup Setup FIELD DESCRIPTION Dial-Backup: Active Use this field; AT Command String: Init Enter the... [SPACE BAR] to select Yes and then press [ENTER] to go to initialize the WAN device. WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at the prompt "Press ENTER to your Dial Backup port...
User Guide
Page 575
...Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyWALL. 192.168.1.1 is "rom-0" (rom-zero, not capital o). For details on your computer. Table 208 General Commands for the configuration file is the ZyWALL's default IP address when shipped. ZyWALL 2 Plus User's Guide 575 Note that... you may see the example below) to transfer files between the ZyWALL and the computer. Local File Enter the path and name of ...
...Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyWALL. 192.168.1.1 is "rom-0" (rom-zero, not capital o). For details on your computer. Table 208 General Commands for the configuration file is the ZyWALL's default IP address when shipped. ZyWALL 2 Plus User's Guide 575 Note that... you may see the example below) to transfer files between the ZyWALL and the computer. Local File Enter the path and name of ...
User Guide
Page 606
...ZyWALL 2 Plus User's Guide To do this does not work , you have to reset the device to access the ZyWALL with the default IP address. If you changed the LAN IP address (Section 6.2 on the network), so enter this IP address in your computer is using the correct IP address. • The default LAN IP... Troubleshooting 45.2 ZyWALL Access and Login V I forgot the IP address for the ZyWALL. 1 The default IP address is 192.168.1.1. 2 Use the console port to log in to the ZyWALL. 3 If you changed the LAN IP address and have forgotten it , you might be the IP address of the ZyWALL (it depends...
...ZyWALL 2 Plus User's Guide To do this does not work , you have to reset the device to access the ZyWALL with the default IP address. If you changed the LAN IP address (Section 6.2 on the network), so enter this IP address in your computer is using the correct IP address. • The default LAN IP... Troubleshooting 45.2 ZyWALL Access and Login V I forgot the IP address for the ZyWALL. 1 The default IP address is 192.168.1.1. 2 Use the console port to log in to the ZyWALL. 3 If you changed the LAN IP address and have forgotten it , you might be the IP address of the ZyWALL (it depends...
User Guide
Page 613
... B, C-Tick Class B, VCCI Class B Safety: CSA International, CE EN60950-1 Table 216 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.160 ZyWALL 2 Plus User's Guide 613 Table 215 Hardware Specifications Dimensions (W x D x H) 181(W) x 128(D) x 36(H) mm Weight 304g...
... B, C-Tick Class B, VCCI Class B Safety: CSA International, CE EN60950-1 Table 216 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.160 ZyWALL 2 Plus User's Guide 613 Table 215 Hardware Specifications Dimensions (W x D x H) 181(W) x 128(D) x 36(H) mm Weight 304g...