User Guide
Page 7
...143 WAN Screens ...151 DMZ Screens ...171 Wireless LAN Screens ...183 Security ...193 Firewall Screens ...195 Content Filtering Screens ...223 Content Filtering Reports ...245 IPSec VPN Screens ...253 Certificates Screen ...295 Authentication Server Screens 323 Advanced ...329 Network Address Translation (NAT) Screens 331 Static Route Screens ...347 Bandwidth Management Screens 351...365 Remote Management Screens 377 UPnP Screens ...397 Custom Application Screen ...407 ALG Screen ...409 Logs and Maintenance ...415 Logs Screens ...417 Maintenance Screens ...447 ZyWALL 2 Plus User's Guide 7
...143 WAN Screens ...151 DMZ Screens ...171 Wireless LAN Screens ...183 Security ...193 Firewall Screens ...195 Content Filtering Screens ...223 Content Filtering Reports ...245 IPSec VPN Screens ...253 Certificates Screen ...295 Authentication Server Screens 323 Advanced ...329 Network Address Translation (NAT) Screens 331 Static Route Screens ...347 Bandwidth Management Screens 351...365 Remote Management Screens 377 UPnP Screens ...397 Custom Application Screen ...407 ALG Screen ...409 Logs and Maintenance ...415 Logs Screens ...417 Maintenance Screens ...447 ZyWALL 2 Plus User's Guide 7
User Guide
Page 9
... Overview 49 2.2 Accessing the ZyWALL Web Configurator 49 2.3 Resetting the ZyWALL ...51 2.3.1 Procedure To Use The Reset Button 51 2.3.2 Uploading a Configuration File Via Console Port 51 2.4 Navigating the ZyWALL Web Configurator 52 2.4.1 Title Bar ...52 2.4.2 Main Window ...52 2.4.3 HOME Screen: Router Mode 53 2.4.4 HOME Screen: Bridge Mode 55 2.4.5 Navigation Panel ...58 ZyWALL 2 Plus User's Guide 9
... Overview 49 2.2 Accessing the ZyWALL Web Configurator 49 2.3 Resetting the ZyWALL ...51 2.3.1 Procedure To Use The Reset Button 51 2.3.2 Uploading a Configuration File Via Console Port 51 2.4 Navigating the ZyWALL Web Configurator 52 2.4.1 Title Bar ...52 2.4.2 Main Window ...52 2.4.3 HOME Screen: Router Mode 53 2.4.4 HOME Screen: Bridge Mode 55 2.4.5 Navigation Panel ...58 ZyWALL 2 Plus User's Guide 9
User Guide
Page 10
...VPN...VPN Wizard Gateway Setting 77 3.4 VPN Wizard Network Setting 78 3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1 80 3.6 VPN Wizard IPSec Setting (IKE Phase 2 81 3.7 VPN Wizard Status Summary 83 3.8 VPN... Wizard Setup Complete 85 Chapter 4 Tutorials ...87 4.1 Security Settings for VPN Traffic 87 4.1.1 Firewall Rule for VPN Example 87 4.1.2 Configuring the VPN...4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example ...
...VPN...VPN Wizard Gateway Setting 77 3.4 VPN Wizard Network Setting 78 3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1 80 3.6 VPN Wizard IPSec Setting (IKE Phase 2 81 3.7 VPN Wizard Status Summary 83 3.8 VPN... Wizard Setup Complete 85 Chapter 4 Tutorials ...87 4.1 Security Settings for VPN Traffic 87 4.1.1 Firewall Rule for VPN Example 87 4.1.2 Configuring the VPN...4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example ...
User Guide
Page 13
... ...253 14.1.1 What You Can Do in the IPSec VPN Screens 253 14.1.2 What You Need to Know About IPSec VPN 254 14.2 The VPN Rules (IKE) Screen 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The....2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
... ...253 14.1.1 What You Can Do in the IPSec VPN Screens 253 14.1.2 What You Need to Know About IPSec VPN 254 14.2 The VPN Rules (IKE) Screen 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The....2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
User Guide
Page 14
... Example 279 14.6.2 Telecommuters Using Unique VPN Rules Example 279 14.7 VPN and Remote Management 281 14.8 Hub-and-spoke VPN ...281 14.8.1 Hub-and-spoke VPN Example 282 14.8.2 Hub-and-spoke Example VPN Rule Addresses 283 14.8.3 Hub-and-spoke VPN Requirements and Suggestions 283 14.9 IPSec VPN Technical Reference 283 Chapter 15 Certificates Screen... User Database Screen 324 16.3 The RADIUS Screen ...326 Part IV: Advanced 329 Chapter 17 Network Address Translation (NAT) Screens 331 17.1 Overview ...331 14 ZyWALL 2 Plus User's Guide
... Example 279 14.6.2 Telecommuters Using Unique VPN Rules Example 279 14.7 VPN and Remote Management 281 14.8 Hub-and-spoke VPN ...281 14.8.1 Hub-and-spoke VPN Example 282 14.8.2 Hub-and-spoke Example VPN Rule Addresses 283 14.8.3 Hub-and-spoke VPN Requirements and Suggestions 283 14.9 IPSec VPN Technical Reference 283 Chapter 15 Certificates Screen... User Database Screen 324 16.3 The RADIUS Screen ...326 Part IV: Advanced 329 Chapter 17 Network Address Translation (NAT) Screens 331 17.1 Overview ...331 14 ZyWALL 2 Plus User's Guide
User Guide
Page 25
... SECURITY > VPN > VPN Rules (IKE 88 Figure 34 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy 89 Figure 35 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example 90 Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy 91 Figure 37 SECURITY > FIREWALL > Rule Summary 92 Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow 93 ZyWALL 2 Plus User's Guide...
... SECURITY > VPN > VPN Rules (IKE 88 Figure 34 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy 89 Figure 35 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example 90 Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy 91 Figure 37 SECURITY > FIREWALL > Rule Summary 92 Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow 93 ZyWALL 2 Plus User's Guide...
User Guide
Page 26
List of Figures Figure 39 SECURITY > FIREWALL > Rule Summary: Allow 94 Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN 94 Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses 95 Figure 42 Tutorial Example: WAN Connection with a Static Public IP ... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
List of Figures Figure 39 SECURITY > FIREWALL > Rule Summary: Allow 94 Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN 94 Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses 95 Figure 42 Tutorial Example: WAN Connection with a Static Public IP ... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 28
... Configuration 214 Figure 143 My Service Firewall Rule Example: Rule Summary: Completed 215 Figure 144 From LAN to VPN Example 217 Figure 145 From VPN to LAN Example 217 Figure 146 From VPN to VPN Example 218 Figure 147 Using IP Alias to Solve the Triangle Route Problem 219 Figure 148 Three-Way Handshake... Home ...248 Figure 164 Global Report Screen Example 249 Figure 165 Requested URLs Example 250 Figure 166 Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
... Configuration 214 Figure 143 My Service Firewall Rule Example: Rule Summary: Completed 215 Figure 144 From LAN to VPN Example 217 Figure 145 From VPN to LAN Example 217 Figure 146 From VPN to VPN Example 218 Figure 147 Using IP Alias to Solve the Triangle Route Problem 219 Figure 148 Three-Way Handshake... Home ...248 Figure 164 Global Report Screen Example 249 Figure 165 Requested URLs Example 250 Figure 166 Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
User Guide
Page 29
...VPN > VPN Rules (IKE 256 Figure 172 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
...VPN > VPN Rules (IKE 256 Figure 172 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
User Guide
Page 37
... 56 Table 5 Bridge and Router Mode Features Comparison 58 Table 6 Screens Summary ...59 Table 7 HOME > Show Statistics ...63 Table 8 HOME > DHCP Table ...64 Table 9 HOME > VPN Status ...65 Table 10 ADVANCED > BW MGMT > Monitor 66 Table 11 ISP Parameters: Ethernet Encapsulation 68 Table 12 ISP Parameters: PPPoE Encapsulation 70 Table 13... NETWORK > WAN > Traffic Redirect 165 Table 36 NETWORK > WAN > Dial Backup 166 Table 37 NETWORK > WAN > Dial Backup > Edit 169 Table 38 NETWORK > DMZ ...175 ZyWALL 2 Plus User's Guide 37
... 56 Table 5 Bridge and Router Mode Features Comparison 58 Table 6 Screens Summary ...59 Table 7 HOME > Show Statistics ...63 Table 8 HOME > DHCP Table ...64 Table 9 HOME > VPN Status ...65 Table 10 ADVANCED > BW MGMT > Monitor 66 Table 11 ISP Parameters: Ethernet Encapsulation 68 Table 12 ISP Parameters: PPPoE Encapsulation 70 Table 13... NETWORK > WAN > Traffic Redirect 165 Table 36 NETWORK > WAN > Dial Backup 166 Table 37 NETWORK > WAN > Dial Backup > Edit 169 Table 38 NETWORK > DMZ ...175 ZyWALL 2 Plus User's Guide 37
User Guide
Page 38
... 76 VPN Example: Mismatching ID Type and Content 286 Table 77 SECURITY > CERTIFICATES > My Certificates 298 Table 78 SECURITY > CERTIFICATES > My Certificates > Details 300 Table 79 SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus...
... 76 VPN Example: Mismatching ID Type and Content 286 Table 77 SECURITY > CERTIFICATES > My Certificates 298 Table 78 SECURITY > CERTIFICATES > My Certificates > Details 300 Table 79 SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus...
User Guide
Page 45
...ZyWALL Here are some examples of the ZyWALL. 1.1 ZyWALL Internet Security Appliance Overview The ZyWALL is loaded with security features including VPN...ZyWALL This chapter introduces the main features and applications of what you can do with minimal configuration. The ZyWALL...'s De-Militarized Zone (DMZ) increases LAN security by connecting an access point (AP) to an Ethernet port in an existing network with your ZyWALL... port to DMZ. The ZyWALL guarantees not only high speed...access. You can also deploy the ZyWALL as well. The ZyWALL provides the option to change port ...
...ZyWALL Here are some examples of the ZyWALL. 1.1 ZyWALL Internet Security Appliance Overview The ZyWALL is loaded with security features including VPN...ZyWALL This chapter introduces the main features and applications of what you can do with minimal configuration. The ZyWALL...'s De-Militarized Zone (DMZ) increases LAN security by connecting an access point (AP) to an Ethernet port in an existing network with your ZyWALL... port to DMZ. The ZyWALL guarantees not only high speed...access. You can also deploy the ZyWALL as well. The ZyWALL provides the option to change port ...
User Guide
Page 46
...in this User's Guide. • Vantage CNM (Centralized Network Management). Chapter 1 Getting to Know Your ZyWALL Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem 1.2.2 VPN Application ZyWALL VPN is an ideal cost-effective way to connect branch offices, business partners and telecommuters over the Internet without the... need (and expense) for firmware upgrades and configuration backup/restore (Chapter 41 on page 571) • SNMP. Figure 2 VPN Application 1.3 Ways to Manage the ZyWALL Use any of the ZyWALL using a Vantage CNM server. 46 ZyWALL 2 Plus User's Guide
...in this User's Guide. • Vantage CNM (Centralized Network Management). Chapter 1 Getting to Know Your ZyWALL Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem 1.2.2 VPN Application ZyWALL VPN is an ideal cost-effective way to connect branch offices, business partners and telecommuters over the Internet without the... need (and expense) for firmware upgrades and configuration backup/restore (Chapter 41 on page 571) • SNMP. Figure 2 VPN Application 1.3 Ways to Manage the ZyWALL Use any of the ZyWALL using a Vantage CNM server. 46 ZyWALL 2 Plus User's Guide
User Guide
Page 54
... this displays the port speed and duplex setting. The ZyWALL starts up . Device Mode This displays whether the ZyWALL is currently used by ZyNOS (ZyXEL Network Operating System) and is also adjusted for running processes like NAT, VPN and the firewall. Click the field label to go to... (dropping a call) if you can flow in only one time. IP/Netmask This shows the port's IP address and subnet mask. 54 ZyWALL 2 Plus User's Guide Chapter 2 Introducing the Web Configurator Table 3 Web Configurator HOME Screen in Router Mode (continued) LABEL DESCRIPTION Up Time This field ...
... this displays the port speed and duplex setting. The ZyWALL starts up . Device Mode This displays whether the ZyWALL is currently used by ZyNOS (ZyXEL Network Operating System) and is also adjusted for running processes like NAT, VPN and the firewall. Click the field label to go to... (dropping a call) if you can flow in only one time. IP/Netmask This shows the port's IP address and subnet mask. 54 ZyWALL 2 Plus User's Guide Chapter 2 Introducing the Web Configurator Table 3 Web Configurator HOME Screen in Router Mode (continued) LABEL DESCRIPTION Up Time This field ...
User Guide
Page 55
Click the field label to go to display the active VPN connections. VPN Click VPN to the screen where you can update your service subscription. You do not need to access the ZyWALL. The LAN, WAN, DMZ and WLAN interfaces all have another DHCP server. For the ...the ZyWALL's bandwidth usage and allotments. 2.4.4 HOME Screen: Bridge Mode The following screen displays when the ZyWALL is the reason for each port. In bridge mode, the ZyWALL functions as a transparent firewall (also known as the number of packets sent and number of the incoming packets. ZyWALL 2 Plus ...
Click the field label to go to display the active VPN connections. VPN Click VPN to the screen where you can update your service subscription. You do not need to access the ZyWALL. The LAN, WAN, DMZ and WLAN interfaces all have another DHCP server. For the ...the ZyWALL's bandwidth usage and allotments. 2.4.4 HOME Screen: Bridge Mode The following screen displays when the ZyWALL is the reason for each port. In bridge mode, the ZyWALL functions as a transparent firewall (also known as the number of packets sent and number of the incoming packets. ZyWALL 2 Plus ...
User Guide
Page 56
...Click the field label to go to update the screen's statistics immediately. Chapter 2 Introducing the Web Configurator You can use the firewall and VPN in Bridge Mode LABEL DESCRIPTION Automatic Refresh Interval Select a number of seconds or None from the drop-down list box to not update the ... been running since it last started up when you turn it on page 51). 56 ZyWALL 2 Plus User's Guide Bootbase Version This is ZyXEL's proprietary Network Operating System design. Firmware Version This is for a list of every time interval or to update all screen statistics automatically ...
...Click the field label to go to update the screen's statistics immediately. Chapter 2 Introducing the Web Configurator You can use the firewall and VPN in Bridge Mode LABEL DESCRIPTION Automatic Refresh Interval Select a number of seconds or None from the drop-down list box to not update the ... been running since it last started up when you turn it on page 51). 56 ZyWALL 2 Plus User's Guide Bootbase Version This is ZyXEL's proprietary Network Operating System design. Firmware Version This is for a list of every time interval or to update all screen statistics automatically ...
User Guide
Page 57
...ZyWALL's processing ability is currently used by ZyNOS (ZyXEL Network Operating System) and is functioning as a router or a bridge. CPU This field displays what percent of the ZyWALL's heap memory is the maximum number of the ZyWALL...Port types are currently open at full load, and the throughput is running processes like NAT, VPN and the firewall. Click the field label to go to get a Hello message (BPDU)... that is the root bridge (the base of the heap memory the ZyWALL is in megabytes). ZyWALL 2 Plus User's Guide 57 If you want some applications to the screen where ...
...ZyWALL's processing ability is currently used by ZyNOS (ZyXEL Network Operating System) and is functioning as a router or a bridge. CPU This field displays what percent of the ZyWALL's heap memory is the maximum number of the ZyWALL...Port types are currently open at full load, and the throughput is running processes like NAT, VPN and the firewall. Click the field label to go to get a Hello message (BPDU)... that is the root bridge (the base of the heap memory the ZyWALL is in megabytes). ZyWALL 2 Plus User's Guide 57 If you want some applications to the screen where ...
User Guide
Page 58
...5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE ROUTER MODE Internet Access Wizard Y VPN Wizard Y Y DHCP Table Y System Statistics Y Y Registration Y Y LAN Y WAN Y DMZ Y Bridge Y 58 ZyWALL 2 Plus User's Guide Click the field label to go to the screen where you enter the ...password, use the sub-menus on the corresponding port. Web Site Blocked This displays how many web site hits the ZyWALL has blocked since it displays Down...
...5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE ROUTER MODE Internet Access Wizard Y VPN Wizard Y Y DHCP Table Y System Statistics Y Y Registration Y Y LAN Y WAN Y DMZ Y Bridge Y 58 ZyWALL 2 Plus User's Guide Click the field label to go to the screen where you enter the ...password, use the sub-menus on the corresponding port. Web Site Blocked This displays how many web site hits the ZyWALL has blocked since it displays Down...
User Guide
Page 59
...trial service subscriptions. The information in a mode's column shows that the device mode has the specified feature. ZyWALL 2 Plus User's Guide 59 REGISTRATION Registration Use this table was correct at the time of writing, although it may be...the LAN. Port Roles Use this screen to change the bridge settings on the ZyWALL. Chapter 2 Introducing the Web Configurator Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE WLAN Firewall Y Content Filter Y VPN Y Certificates Y Authentication Server Y NAT Static Route Bandwidth Management Y DNS Remote ...
...trial service subscriptions. The information in a mode's column shows that the device mode has the specified feature. ZyWALL 2 Plus User's Guide 59 REGISTRATION Registration Use this table was correct at the time of writing, although it may be...the LAN. Port Roles Use this screen to change the bridge settings on the ZyWALL. Chapter 2 Introducing the Web Configurator Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE WLAN Firewall Y Content Filter Y VPN Y Certificates Y Authentication Server Y NAT Static Route Bandwidth Management Y DNS Remote ...
User Guide
Page 60
...screen to which categories of the trusted CAs. IP Alias Use this screen to display and manage active VPN connections. VPN Rules (Manual) Use this screen to configure VPN connections using IKE key management and view the rule summary. WLAN WLAN Use this screen to configure your...external database content filtering and view reports. CERTIFICATES My Certificates Use this screen to view a summary list of the directory servers. 60 ZyWALL 2 Plus User's Guide Port Roles Use this screen to select which to apply the rule Rule Summary This screen shows a summary of the ...
...screen to which categories of the trusted CAs. IP Alias Use this screen to display and manage active VPN connections. VPN Rules (Manual) Use this screen to configure VPN connections using IKE key management and view the rule summary. WLAN WLAN Use this screen to configure your...external database content filtering and view reports. CERTIFICATES My Certificates Use this screen to view a summary list of the directory servers. 60 ZyWALL 2 Plus User's Guide Port Roles Use this screen to select which to apply the rule Rule Summary This screen shows a summary of the ...