User Guide
Page 13
... 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14....4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
... 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14....4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
User Guide
Page 15
... Overview Screen 332 17.3 The Address Mapping Screen 334 17.3.1 The Address Mapping Edit Screen 335 17.4 The Port Forwarding Screen 336 17.4.1 Configuring Servers Behind Port Forwarding (Example 337 17.4.2 Configuring the Port Forwarding Screen 338 17.5 The Port Triggering Screen 340 17.6 NAT Technical Reference 341 Chapter 18 Static Route Screens ...347 18.1 Overview ...347... ...365 20.1.1 What You Can Do in the DNS Screens 365 20.1.2 What You Need To Know About DNS 365 20.2 The System Screen ...367 ZyWALL 2 Plus User's Guide 15
... Overview Screen 332 17.3 The Address Mapping Screen 334 17.3.1 The Address Mapping Edit Screen 335 17.4 The Port Forwarding Screen 336 17.4.1 Configuring Servers Behind Port Forwarding (Example 337 17.4.2 Configuring the Port Forwarding Screen 338 17.5 The Port Triggering Screen 340 17.6 NAT Technical Reference 341 Chapter 18 Static Route Screens ...347 18.1 Overview ...347... ...365 20.1.1 What You Can Do in the DNS Screens 365 20.1.2 What You Need To Know About DNS 365 20.2 The System Screen ...367 ZyWALL 2 Plus User's Guide 15
User Guide
Page 20
... Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters... 38.6.2 Applying DMZ Filters 554 38.6.3 Applying Remote Node Filters 555 Chapter 39 SNMP Configuration ...557 39.1 SNMP Configuration ...557 39.2 SNMP Traps ...558 20 ZyWALL 2 Plus User's Guide
... Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters... 38.6.2 Applying DMZ Filters 554 38.6.3 Applying Remote Node Filters 555 Chapter 39 SNMP Configuration ...557 39.1 SNMP Configuration ...557 39.2 SNMP Traps ...558 20 ZyWALL 2 Plus User's Guide
User Guide
Page 26
... FTP Traffic to a Local Computer 104 Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 104 Figure 58 Tutorial Example: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
... FTP Traffic to a Local Computer 104 Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 104 Figure 58 Tutorial Example: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 29
...) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
...) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
User Guide
Page 30
... Figure 217 Port Translation Example 338 Figure 218 ADVANCED > NAT > Port Forwarding 339 Figure 219 Trigger Port Forwarding Process: Example 340 Figure 220 ADVANCED > NAT > Port Triggering 341 Figure... 221 How NAT Works ...343 Figure 222 NAT Application With IP Alias 344 Figure 223 Port...245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH...
... Figure 217 Port Translation Example 338 Figure 218 ADVANCED > NAT > Port Forwarding 339 Figure 219 Trigger Port Forwarding Process: Example 340 Figure 220 ADVANCED > NAT > Port Triggering 341 Figure... 221 How NAT Works ...343 Figure 222 NAT Application With IP Alias 344 Figure 223 Port...245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH...
User Guide
Page 38
...> WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic...> VPN > VPN Rules (IKE) > Edit Network Policy 265 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 ...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
...> WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic...> VPN > VPN Rules (IKE) > Edit Network Policy 265 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 ...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 39
...Overview 333 Table 95 ADVANCED > NAT > Address Mapping 334 Table 96 ADVANCED > NAT > Address Mapping > Edit 336 Table 97 ADVANCED > NAT > Port Forwarding 339 Table 98 ADVANCED > NAT > Port Triggering 341 Table 99 ADVANCED > STATIC ROUTE > IP Static Route 348 Table 100 ADVANCED > STATIC ROUTE > IP Static Route > Edit 349 Table ...393 Table 119 ADVANCED > REMOTE MGMT > DNS 394 Table 120 ADVANCED > REMOTE MGMT > CNM 395 Table 121 ADVANCED > UPnP ...404 Table 122 ADVANCED > UPnP > Ports 405 Table 123 ADVANCED > Custom APP 408 Table 124 ADVANCED > ALG ...412 ZyWALL 2 Plus User's Guide 39
...Overview 333 Table 95 ADVANCED > NAT > Address Mapping 334 Table 96 ADVANCED > NAT > Address Mapping > Edit 336 Table 97 ADVANCED > NAT > Port Forwarding 339 Table 98 ADVANCED > NAT > Port Triggering 341 Table 99 ADVANCED > STATIC ROUTE > IP Static Route 348 Table 100 ADVANCED > STATIC ROUTE > IP Static Route > Edit 349 Table ...393 Table 119 ADVANCED > REMOTE MGMT > DNS 394 Table 120 ADVANCED > REMOTE MGMT > CNM 395 Table 121 ADVANCED > UPnP ...404 Table 122 ADVANCED > UPnP > Ports 405 Table 123 ADVANCED > Custom APP 408 Table 124 ADVANCED > ALG ...412 ZyWALL 2 Plus User's Guide 39
User Guide
Page 45
...ZyWALL 2 Plus User's Guide 45 See Chapter 46 on page 613 for a complete list of features. 1.2 Applications for the ZyWALL Here are some examples of the ZyWALL. 1.1 ZyWALL Internet Security Appliance Overview The ZyWALL is loaded with security features including VPN, firewall, content filtering and certificates. The ZyWALL provides the option to change port... the ZyWALL as well. You can add an IEEE 802.11a/b/g-compliant wireless LAN by providing separate ports for example). Connect computers or servers to DMZ. The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP...
...ZyWALL 2 Plus User's Guide 45 See Chapter 46 on page 613 for a complete list of features. 1.2 Applications for the ZyWALL Here are some examples of the ZyWALL. 1.1 ZyWALL Internet Security Appliance Overview The ZyWALL is loaded with security features including VPN, firewall, content filtering and certificates. The ZyWALL provides the option to change port... the ZyWALL as well. You can add an IEEE 802.11a/b/g-compliant wireless LAN by providing separate ports for example). Connect computers or servers to DMZ. The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP...
User Guide
Page 61
... rules that UPnP creates on an interface. ALG ALG Use this screen to allow your ZyWALL's port triggering settings. ZyWALL 2 Plus User's Guide 61 Port Forwarding Use this screen to view the ZyWALL's bandwidth usage and allotments. Cache Use this screen to enable NAT. SSH Use this screen to configure through which interface(s) and from which IP...
... rules that UPnP creates on an interface. ALG ALG Use this screen to allow your ZyWALL's port triggering settings. ZyWALL 2 Plus User's Guide 61 Port Forwarding Use this screen to view the ZyWALL's bandwidth usage and allotments. Cache Use this screen to enable NAT. SSH Use this screen to configure through which interface(s) and from which IP...
User Guide
Page 95
ZyWALL 2 Plus User's Guide 95 Public IP Addresses ZyWALL's LAN IP Address 1.2.3.4 to 1.2.3.7 192.168.1.1 The following table shows the public IP addresses from the WAN to a specific computer on your local network. Figure ... traffic in both directions. • Map the first public address (1.2.3.4) to outgoing traffic from other public IP addresses (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to forward FTP traffic from your ISP and your ZyWALL's LAN IP address. Chapter 4 Tutorials 4.2 Using NAT with Static Public IP Addresses To set up in this network, we are going...
ZyWALL 2 Plus User's Guide 95 Public IP Addresses ZyWALL's LAN IP Address 1.2.3.4 to 1.2.3.7 192.168.1.1 The following table shows the public IP addresses from the WAN to a specific computer on your local network. Figure ... traffic in both directions. • Map the first public address (1.2.3.4) to outgoing traffic from other public IP addresses (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to forward FTP traffic from your ISP and your ZyWALL's LAN IP address. Chapter 4 Tutorials 4.2 Using NAT with Static Public IP Addresses To set up in this network, we are going...
User Guide
Page 103
You still have the ZyWALL forward incoming traffic to be forwarded through the ZyXEL Device, you should also create a port forwarding (server mapping) rule. Refer to Section 4.2.5 on page 105 for more information. 4.2.4 Forwarding Traffic from the WAN to a specific computer on your network. ZyWALL 2 Plus User's Guide 103 In...server NAT address mapping rule allows computers behind the NAT be assigned to another internal server when you want to forward FTP traffic using port 21 to the outside world. To have one IP address (1.2.3.7) that can be accessible to the computer with ...
You still have the ZyWALL forward incoming traffic to be forwarded through the ZyXEL Device, you should also create a port forwarding (server mapping) rule. Refer to Section 4.2.5 on page 105 for more information. 4.2.4 Forwarding Traffic from the WAN to a specific computer on your network. ZyWALL 2 Plus User's Guide 103 In...server NAT address mapping rule allows computers behind the NAT be assigned to another internal server when you want to forward FTP traffic using port 21 to the outside world. To have one IP address (1.2.3.7) that can be accessible to the computer with ...
User Guide
Page 104
Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 3 Click the Port Forwarding tab. 4 Select the Active check box, enter a descriptive name (FTP for example), incoming port number (21) and 192.168.1.39 as the server IP address. Click Apply. 104 ZyWALL 2 Plus User's Guide Chapter 4 Tutorials Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click ADVANCED > NAT > Address Mapping. 2 Click the forth rule's Edit icon ( ) to configure a server rule.
Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 3 Click the Port Forwarding tab. 4 Select the Active check box, enter a descriptive name (FTP for example), incoming port number (21) and 192.168.1.39 as the server IP address. Click Apply. 104 ZyWALL 2 Plus User's Guide Chapter 4 Tutorials Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click ADVANCED > NAT > Address Mapping. 2 Click the forth rule's Edit icon ( ) to configure a server rule.
User Guide
Page 105
ZyWALL 2 Plus User's Guide 105 To have the ZyWALL forward traffic initiated from the WAN to the LAN is enabled and traffic from the WAN to a local computer or server on the LAN, you create ... it. In this example, you need to configure a firewall rule to the LAN. Figure 58 Tutorial Example: NAT Port Forwarding Chapter 4 Tutorials 4.2.5 Allow WAN-to-LAN Traffic through the Firewall By default, the ZyWALL blocks any traffic initiated from the WAN to allow traffic from the WAN to the following servers on the...
ZyWALL 2 Plus User's Guide 105 To have the ZyWALL forward traffic initiated from the WAN to the LAN is enabled and traffic from the WAN to a local computer or server on the LAN, you create ... it. In this example, you need to configure a firewall rule to the LAN. Figure 58 Tutorial Example: NAT Port Forwarding Chapter 4 Tutorials 4.2.5 Allow WAN-to-LAN Traffic through the Firewall By default, the ZyWALL blocks any traffic initiated from the WAN to allow traffic from the WAN to the following servers on the...
User Guide
Page 112
... in the same subnet as shown. 112 ZyWALL 2 Plus User's Guide See Section 4.2.3 on page 99 for more than one login from the outside network. If you cannot access the web server, make sure you cannot access the FTP server, make sure the NAT port forwarding rule is active and there is in the... address is a firewall rule to allow FTP traffic from the WAN to FTP server. 4.3 Using NAT with Multiple Game Players If two users (behind the ZyWALL) want to connect to the same server to play online games at the same time, but the server does not allow HTTP traffic from the...
... in the same subnet as shown. 112 ZyWALL 2 Plus User's Guide See Section 4.2.3 on page 99 for more than one login from the outside network. If you cannot access the web server, make sure you cannot access the FTP server, make sure the NAT port forwarding rule is active and there is in the... address is a firewall rule to allow FTP traffic from the WAN to FTP server. 4.3 Using NAT with Multiple Game Players If two users (behind the ZyWALL) want to connect to the same server to play online games at the same time, but the server does not allow HTTP traffic from the...
User Guide
Page 207
... Permit to open the following screen. Click Cancel to exit this screen to probing for unused ports. Figure 134 SECURITY > FIREWALL > Anti-Probing ZyWALL 2 Plus User's Guide 207 Apply Cancel Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to allow the passage of...
... Permit to open the following screen. Click Cancel to exit this screen to probing for unused ports. Figure 134 SECURITY > FIREWALL > Anti-Probing ZyWALL 2 Plus User's Guide 207 Apply Cancel Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to allow the passage of...
User Guide
Page 216
...Internet to specific hosts on the LAN. Chapter 11 Firewall Screens By default, the ZyWALL drops packets traveling in through any of the ZyWALL's VPN tunnels. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow a WAN computer to access...the LAN computers to communicate with other computers on the WAN. You could configure one of the ZyWALL's VPN tunnels. 216 ZyWALL 2 Plus User's Guide To VPN Packet Direction The ZyWALL can access which computers or services on your protected network. You could also block certain IP ...
...Internet to specific hosts on the LAN. Chapter 11 Firewall Screens By default, the ZyWALL drops packets traveling in through any of the ZyWALL's VPN tunnels. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow a WAN computer to access...the LAN computers to communicate with other computers on the WAN. You could configure one of the ZyWALL's VPN tunnels. 216 ZyWALL 2 Plus User's Guide To VPN Packet Direction The ZyWALL can access which computers or services on your protected network. You could also block certain IP ...
User Guide
Page 266
...both . When you select Many One-to-One in through the VPN tunnel, to the remote network. The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in the Type field, enter the beginning IP address of a range of a computer on the LAN behind your...If you are configuring a Many-to-One rule, click this is a (static) IP address on the LAN behind your ZyWALL. 266 ZyWALL 2 Plus User's Guide Two active SAs can configure port forwarding for a single IP address. Starting IP Address When the Address Type field is configured to Single Address, enter a (static)...
...both . When you select Many One-to-One in through the VPN tunnel, to the remote network. The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in the Type field, enter the beginning IP address of a range of a computer on the LAN behind your...If you are configuring a Many-to-One rule, click this is a (static) IP address on the LAN behind your ZyWALL. 266 ZyWALL 2 Plus User's Guide Two active SAs can configure port forwarding for a single IP address. Starting IP Address When the Address Type field is configured to Single Address, enter a (static)...
User Guide
Page 268
...all changes and return to the main VPN screen. 14.2.3 The Network Policy Port Forwarding Screen Click SECURITY > VPN and the add network policy ( ) icon in the VPN Rules (IKE) screen to have the ZyWALL use any of its phase 2 encryption and authentication algorithms when negotiating an ...and authentication algorithms to the appropriate IP address on the LAN. 268 ZyWALL 2 Plus User's Guide Clear this field. Then, under Virtual Address Mapping Rule, select Many-to-One as the Type and click the Port Forwarding Rules button to encrypt and decrypt information. The longer the key, ...
...all changes and return to the main VPN screen. 14.2.3 The Network Policy Port Forwarding Screen Click SECURITY > VPN and the add network policy ( ) icon in the VPN Rules (IKE) screen to have the ZyWALL use any of its phase 2 encryption and authentication algorithms when negotiating an ...and authentication algorithms to the appropriate IP address on the LAN. 268 ZyWALL 2 Plus User's Guide Clear this field. Then, under Virtual Address Mapping Rule, select Many-to-One as the Type and click the Port Forwarding Rules button to encrypt and decrypt information. The longer the key, ...
User Guide
Page 269
... Address Type your changes. ZyWALL 2 Plus User's Guide 269 Name Enter a descriptive name for ports not specified in this screen are not specified in this field. To forward a series of an individual port forwarding server entry. To forward only one port, type the port number again in the End Port field. A default server receives packets from ports that begins with the...
... Address Type your changes. ZyWALL 2 Plus User's Guide 269 Name Enter a descriptive name for ports not specified in this screen are not specified in this field. To forward a series of an individual port forwarding server entry. To forward only one port, type the port number again in the End Port field. A default server receives packets from ports that begins with the...