User Guide
Page 9
... Part I: Introduction and Registration 43 Chapter 1 Getting to Know Your ZyWALL 45 1.1 ZyWALL Internet Security Appliance Overview 45 1.2 Applications for the ZyWALL 45 1.2.1 Secure Broadband Internet Access via Cable or DSL Modem 45 ...ZyWALL Web Configurator 49 2.3 Resetting the ZyWALL ...51 2.3.1 Procedure To Use The Reset Button 51 2.3.2 Uploading a Configuration File Via Console Port 51 2.4 Navigating the ZyWALL Web Configurator 52 2.4.1 Title Bar ...52 2.4.2 Main Window ...52 2.4.3 HOME Screen: Router Mode 53 2.4.4 HOME Screen: Bridge Mode 55 2.4.5 Navigation Panel ...58 ZyWALL...
... Part I: Introduction and Registration 43 Chapter 1 Getting to Know Your ZyWALL 45 1.1 ZyWALL Internet Security Appliance Overview 45 1.2 Applications for the ZyWALL 45 1.2.1 Secure Broadband Internet Access via Cable or DSL Modem 45 ...ZyWALL Web Configurator 49 2.3 Resetting the ZyWALL ...51 2.3.1 Procedure To Use The Reset Button 51 2.3.2 Uploading a Configuration File Via Console Port 51 2.4 Navigating the ZyWALL Web Configurator 52 2.4.1 Title Bar ...52 2.4.2 Main Window ...52 2.4.3 HOME Screen: Router Mode 53 2.4.4 HOME Screen: Bridge Mode 55 2.4.5 Navigation Panel ...58 ZyWALL...
User Guide
Page 12
... the Firewall Screens 196 11.1.2 What You Need To Know About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary Screen 202 11.5.1 The Firewall Edit...
... the Firewall Screens 196 11.1.2 What You Need To Know About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary Screen 202 11.5.1 The Firewall Edit...
User Guide
Page 25
... Figure 5 Replace Certificate Screen ...50 Figure 6 Example Xmodem Upload ...51 Figure 7 HOME Screen ...52 Figure 8 Web Configurator HOME Screen in Router Mode 53 Figure 9 Web Configurator HOME Screen in Bridge Mode 56 Figure 10 HOME > Show Statistics ...62 Figure 11 HOME > DHCP Table ...63 Figure 12 HOME > VPN Status ...64 Figure 13 Home... SECURITY > VPN > VPN Rules (IKE)> Add Network Policy 91 Figure 37 SECURITY > FIREWALL > Rule Summary 92 Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow 93 ZyWALL 2 Plus User's Guide 25
... Figure 5 Replace Certificate Screen ...50 Figure 6 Example Xmodem Upload ...51 Figure 7 HOME Screen ...52 Figure 8 Web Configurator HOME Screen in Router Mode 53 Figure 9 Web Configurator HOME Screen in Bridge Mode 56 Figure 10 HOME > Show Statistics ...62 Figure 11 HOME > DHCP Table ...63 Figure 12 HOME > VPN Status ...64 Figure 13 Home... SECURITY > VPN > VPN Rules (IKE)> Add Network Policy 91 Figure 37 SECURITY > FIREWALL > Rule Summary 92 Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow 93 ZyWALL 2 Plus User's Guide 25
User Guide
Page 27
... 96 NETWORK > LAN > Port Roles 141 Figure 97 Port Roles Change Complete 141 Figure 98 Bridge Mode ...143 Figure 99 Router Mode ...143 Figure 100 Bridge Loop: Bridge Connected to Wired LAN 144 Figure 101 NETWORK > Bridge ...145 Figure 102 NETWORK > Bridge > Port Roles 147 Figure 103 Port Roles Change Complete 147 Figure 104 NETWORK > WAN Route... 121 NETWORK > WLAN ...185 Figure 122 NETWORK > WLAN > Static DHCP 188 Figure 123 NETWORK > WLAN > IP Alias 189 Figure 124 WLAN Port Role Example 191 ZyWALL 2 Plus User's Guide 27
... 96 NETWORK > LAN > Port Roles 141 Figure 97 Port Roles Change Complete 141 Figure 98 Bridge Mode ...143 Figure 99 Router Mode ...143 Figure 100 Bridge Loop: Bridge Connected to Wired LAN 144 Figure 101 NETWORK > Bridge ...145 Figure 102 NETWORK > Bridge > Port Roles 147 Figure 103 Port Roles Change Complete 147 Figure 104 NETWORK > WAN Route... 121 NETWORK > WLAN ...185 Figure 122 NETWORK > WLAN > Static DHCP 188 Figure 123 NETWORK > WLAN > IP Alias 189 Figure 124 WLAN Port Role Example 191 ZyWALL 2 Plus User's Guide 27
User Guide
Page 28
... WAN IRC Traffic Example 197 Figure 129 Limited LAN to WAN IRC Traffic Example 198 Figure 130 SECURITY > FIREWALL > Default Rule (Router Mode 199 Figure 131 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Figure 132 SECURITY > FIREWALL > Rule Summary 203 Figure 133 SECURITY > FIREWALL > Rule Summary > Edit 205 Figure 134 SECURITY > FIREWALL > Anti... Global Report Screen Example 249 Figure 165 Requested URLs Example 250 Figure 166 Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
... WAN IRC Traffic Example 197 Figure 129 Limited LAN to WAN IRC Traffic Example 198 Figure 130 SECURITY > FIREWALL > Default Rule (Router Mode 199 Figure 131 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Figure 132 SECURITY > FIREWALL > Rule Summary 203 Figure 133 SECURITY > FIREWALL > Rule Summary > Edit 205 Figure 134 SECURITY > FIREWALL > Anti... Global Report Screen Example 249 Figure 165 Requested URLs Example 250 Figure 166 Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
User Guide
Page 31
... Figure 281 Synchronization in Process 452 Figure 282 Synchronization is Successful 452 Figure 283 Synchronization Fail ...453 Figure 284 MAINTENANCE > Device Mode (Router Mode 453 Figure 285 MAINTENANCE > Device Mode (Bridge Mode 456 Figure 286 MAINTENANCE > Firmware Upload 457 Figure 287 Firmware Upload In Process 458 Figure 288 Network Temporarily Disconnected 458 Figure 289... Disconnected 460 Figure 293 Configuration Upload Error 460 Figure 294 Reset Warning Message ...461 Figure 295 MAINTENANCE > Restart 461 Figure 296 MAINTENANCE > Diagnostics 462 ZyWALL 2 Plus User's Guide 31
... Figure 281 Synchronization in Process 452 Figure 282 Synchronization is Successful 452 Figure 283 Synchronization Fail ...453 Figure 284 MAINTENANCE > Device Mode (Router Mode 453 Figure 285 MAINTENANCE > Device Mode (Bridge Mode 456 Figure 286 MAINTENANCE > Firmware Upload 457 Figure 287 Firmware Upload In Process 458 Figure 288 Network Temporarily Disconnected 458 Figure 289... Disconnected 460 Figure 293 Configuration Upload Error 460 Figure 294 Reset Warning Message ...461 Figure 295 MAINTENANCE > Restart 461 Figure 296 MAINTENANCE > Diagnostics 462 ZyWALL 2 Plus User's Guide 31
User Guide
Page 32
... Initial Screen ...468 Figure 298 Password Screen ...468 Figure 299 Main Menu (Router Mode 469 Figure 300 Main Menu (Bridge Mode 470 Figure 301 Menu 23: System Password 472 Figure 302 Menu 1: General Setup (Router Mode 475 Figure 303 Menu 1: General Setup (Bridge Mode 476 Figure 304 Menu 1.1: Configure Dynamic DNS 477 Figure 305 Menu 1.1.1: DDNS... Menu 11.1.5: Traffic Redirect Setup 517 Figure 338 Menu 12: IP Static Route Setup 519 Figure 339 Menu 12. 1: Edit IP Static Route 520 32 ZyWALL 2 Plus User's Guide
... Initial Screen ...468 Figure 298 Password Screen ...468 Figure 299 Main Menu (Router Mode 469 Figure 300 Main Menu (Bridge Mode 470 Figure 301 Menu 23: System Password 472 Figure 302 Menu 1: General Setup (Router Mode 475 Figure 303 Menu 1: General Setup (Bridge Mode 476 Figure 304 Menu 1.1: Configure Dynamic DNS 477 Figure 305 Menu 1.1.1: DDNS... Menu 11.1.5: Traffic Redirect Setup 517 Figure 338 Menu 12: IP Static Route Setup 519 Figure 339 Menu 12. 1: Edit IP Static Route 520 32 ZyWALL 2 Plus User's Guide
User Guide
Page 37
...Table 2 Title Bar: Web Configurator Icons 52 Table 3 Web Configurator HOME Screen in Router Mode 53 Table 4 Web Configurator HOME Screen in Bridge Mode 56 Table 5 Bridge and Router Mode Features Comparison 58 Table 6 Screens Summary ...59 Table 7 HOME > Show Statistics ...63 Table... > LAN > IP Alias 140 Table 25 NETWORK > LAN > Port Roles 141 Table 26 NETWORK > Bridge ...146 Table 27 NETWORK > Bridge > Port Roles 147 Table 28 STP Path Costs ...148 Table 29 STP Port States ...149 Table 30 ... NETWORK > WAN > Dial Backup > Edit 169 Table 38 NETWORK > DMZ ...175 ZyWALL 2 Plus User's Guide 37
...Table 2 Title Bar: Web Configurator Icons 52 Table 3 Web Configurator HOME Screen in Router Mode 53 Table 4 Web Configurator HOME Screen in Bridge Mode 56 Table 5 Bridge and Router Mode Features Comparison 58 Table 6 Screens Summary ...59 Table 7 HOME > Show Statistics ...63 Table... > LAN > IP Alias 140 Table 25 NETWORK > LAN > Port Roles 141 Table 26 NETWORK > Bridge ...146 Table 27 NETWORK > Bridge > Port Roles 147 Table 28 STP Path Costs ...148 Table 29 STP Port States ...149 Table 30 ... NETWORK > WAN > Dial Backup > Edit 169 Table 38 NETWORK > DMZ ...175 ZyWALL 2 Plus User's Guide 37
User Guide
Page 38
... WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic Example 198 Table 48 SECURITY > FIREWALL > Default Rule (Router Mode 199 Table 49 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Table 50 SECURITY > FIREWALL > Rule Summary 203 Table 51 SECURITY > FIREWALL > Rule Summary > Edit 206 Table 52 SECURITY > FIREWALL > Anti... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
... WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic Example 198 Table 48 SECURITY > FIREWALL > Default Rule (Router Mode 199 Table 49 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Table 50 SECURITY > FIREWALL > Rule Summary 203 Table 51 SECURITY > FIREWALL > Rule Summary > Edit 206 Table 52 SECURITY > FIREWALL > Anti... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 40
... > Time and Date 450 Table 157 MAINTENANCE > Device Mode (Router Mode 454 Table 158 MAC-address-to-port Mapping Table 455 Table 159 MAINTENANCE > Device Mode (Bridge Mode 456 Table 160 MAINTENANCE > Firmware Upload 457 Table 161 ...Restore Configuration ...459 Table 162 MAINTENANCE > Diagnostics 462 Table 163 Main Menu Commands ...468 Table 164 Main Menu Summary ...470 Table 165 SMT Menus Overview ...471 Table 166 Menu 1: General Setup (Router Mode 475 Table 167 Menu 1: General Setup (Bridge Mode 476 40 ZyWALL...
... > Time and Date 450 Table 157 MAINTENANCE > Device Mode (Router Mode 454 Table 158 MAC-address-to-port Mapping Table 455 Table 159 MAINTENANCE > Device Mode (Bridge Mode 456 Table 160 MAINTENANCE > Firmware Upload 457 Table 161 ...Restore Configuration ...459 Table 162 MAINTENANCE > Diagnostics 462 Table 163 Main Menu Commands ...468 Table 164 Main Menu Summary ...470 Table 165 SMT Menus Overview ...471 Table 166 Menu 1: General Setup (Router Mode 475 Table 167 Menu 1: General Setup (Bridge Mode 476 40 ZyWALL...
User Guide
Page 55
... the field label to go to the screen where you can configure the ZyWALL's IP address in order to access the ZyWALL for each port. Date/Time This is set to bridge mode. You can update your existing network. System Status Port Statistics Click Port ...is using a manually entered static (fixed) IP address. Bandwidth Click Bandwidth to view the ZyWALL's bandwidth usage and allotments. 2.4.4 HOME Screen: Bridge Mode The following screen displays when the ZyWALL is the date and time the alert was recorded. If you connect your computer directly to ...
... the field label to go to the screen where you can configure the ZyWALL's IP address in order to access the ZyWALL for each port. Date/Time This is set to bridge mode. You can update your existing network. System Status Port Statistics Click Port ...is using a manually entered static (fixed) IP address. Bandwidth Click Bandwidth to view the ZyWALL's bandwidth usage and allotments. 2.4.4 HOME Screen: Bridge Mode The following screen displays when the ZyWALL is the date and time the alert was recorded. If you connect your computer directly to ...
User Guide
Page 56
Chapter 2 Introducing the Web Configurator You can specify a name for this ZyWALL. ZyNOS is the bootbase version and the date created. The ZyWALL starts up . Figure 9 Web Configurator HOME Screen in Bridge Mode The following table describes the labels in this button to not update the ...screen statistics. It is the model name of every time interval or to update the screen's statistics immediately. Bootbase Version This is ZyXEL...
Chapter 2 Introducing the Web Configurator You can specify a name for this ZyWALL. ZyNOS is the bootbase version and the date created. The ZyWALL starts up . Figure 9 Web Configurator HOME Screen in Bridge Mode The following table describes the labels in this button to not update the ...screen statistics. It is the model name of every time interval or to update the screen's statistics immediately. Bootbase Version This is ZyXEL...
User Guide
Page 57
...HOME Screen in Bridge Mode (continued) LABEL DESCRIPTION System Time This field displays your ZyWALL in dotted decimal notation. Device Mode This displays whether the ZyWALL is disabled. System Resources Flash The first number shows how many megabytes of the ZyWALL. The Tree ...bridge priority of the flash the ZyWALL is the root bridge (the base of BPDUs (Bridge Protocol Data Units) from the root bridge. The bridge (or switch) with the difference from GMT is running processes like NAT, VPN and the firewall. Bridge Hello Time This is currently used by ZyNOS (ZyXEL...
...HOME Screen in Bridge Mode (continued) LABEL DESCRIPTION System Time This field displays your ZyWALL in dotted decimal notation. Device Mode This displays whether the ZyWALL is disabled. System Resources Flash The first number shows how many megabytes of the ZyWALL. The Tree ...bridge priority of the flash the ZyWALL is the root bridge (the base of BPDUs (Bridge Protocol Data Units) from the root bridge. The bridge (or switch) with the difference from GMT is running processes like NAT, VPN and the firewall. Bridge Hello Time This is currently used by ZyNOS (ZyXEL...
User Guide
Page 58
... all features listed in this displays the port speed and duplex setting. Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE ROUTER MODE Internet Access Wizard Y VPN Wizard Y Y DHCP Table Y System Statistics Y Y Registration Y Y LAN Y WAN Y DMZ Y Bridge Y 58 ZyWALL 2 Plus User's Guide Security Services Content Filter Expiration Date This is the cost of transmitting a frame from...
... all features listed in this displays the port speed and duplex setting. Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE ROUTER MODE Internet Access Wizard Y VPN Wizard Y Y DHCP Table Y System Statistics Y Y Registration Y Y LAN Y WAN Y DMZ Y Bridge Y 58 ZyWALL 2 Plus User's Guide Security Services Content Filter Expiration Date This is the cost of transmitting a frame from...
User Guide
Page 59
... User's Guide 59 The following table describes the sub-menus. BRIDGE Bridge Use this screen to change the bridge settings on the ZyWALL. Use this screen to access the wizards, statistics and DHCP table. Chapter 2 Introducing the Web Configurator Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE WLAN Firewall Y Content Filter Y VPN Y Certificates Y Authentication Server Y NAT...
... User's Guide 59 The following table describes the sub-menus. BRIDGE Bridge Use this screen to change the bridge settings on the ZyWALL. Use this screen to access the wizards, statistics and DHCP table. Chapter 2 Introducing the Web Configurator Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE WLAN Firewall Y Content Filter Y VPN Y Certificates Y Authentication Server Y NAT...
User Guide
Page 63
... trigger a call) or Drop (dropping a call) if you must be manually configured. Read-only information here relates to router mode. Figure 11 HOME > DHCP Table ZyWALL 2 Plus User's Guide 63 Status For the WAN and dial backup ports, this port. Rx B/s This displays the reception speed... DESCRIPTION Port These are the ZyWALL's interfaces. TxPkts This is the number of transmitted packets on this port. Automatic Select a number of every time interval or to obtain TCP/IP configuration at the end of seconds or None from a server. If DHCP service is not available in bridge mode.
... trigger a call) or Drop (dropping a call) if you must be manually configured. Read-only information here relates to router mode. Figure 11 HOME > DHCP Table ZyWALL 2 Plus User's Guide 63 Status For the WAN and dial backup ports, this port. Rx B/s This displays the reception speed... DESCRIPTION Port These are the ZyWALL's interfaces. TxPkts This is the number of transmitted packets on this port. Automatic Select a number of every time interval or to obtain TCP/IP configuration at the end of seconds or None from a server. If DHCP service is not available in bridge mode.
User Guide
Page 78
...VPN network policy (IPSec SA) and identify the devices behind the IPSec routers at either end of your ZyWALL or leave the field set to be rebuilt if this field is in bridge mode, this IP address changes. Back Click Back to return to identify this field as 0.0.0.0. When the... ZyWALL is read-only and displays the ZyWALL's IP address. The VPN tunnel has to 0.0.0.0. The ZyWALL uses its IP address or a domain name. ...
...VPN network policy (IPSec SA) and identify the devices behind the IPSec routers at either end of your ZyWALL or leave the field set to be rebuilt if this field is in bridge mode, this IP address changes. Back Click Back to return to identify this field as 0.0.0.0. When the... ZyWALL is read-only and displays the ZyWALL's IP address. The VPN tunnel has to 0.0.0.0. The ZyWALL uses its IP address or a domain name. ...
User Guide
Page 84
...Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. IPSec Setting (IKE Phase 2) Encapsulation Mode This shows Tunnel mode or Transport mode. 84 ZyWALL 2 Plus User's Guide Ending IP Address/ Subnet Mask When the local network is configured for a single IP address, this ...group you chose for a range IP address, this is a (static) IP address on the LAN behind your ZyWALL in router mode or the ZyWALL's IP address in bridge mode. Pre-Shared Key This is the method of this VPN network policy is configured for phase 1 IKE setup. When...
...Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. IPSec Setting (IKE Phase 2) Encapsulation Mode This shows Tunnel mode or Transport mode. 84 ZyWALL 2 Plus User's Guide Ending IP Address/ Subnet Mask When the local network is configured for a single IP address, this ...group you chose for a range IP address, this is a (static) IP address on the LAN behind your ZyWALL in router mode or the ZyWALL's IP address in bridge mode. Pre-Shared Key This is the method of this VPN network policy is configured for phase 1 IKE setup. When...
User Guide
Page 143
... Protocol) settings. • Use the Port Roles screen (Section 7.3 on the WAN. The ZyWALL bridges traffic traveling between the LAN and WAN. In the second figure the ZyWALL is in bridge mode. In bridge mode, the ZyWALL functions as a transparent firewall (also known as a bridge between a switch and a wired LAN or between two routers. This chapter is only applicable...
... Protocol) settings. • Use the Port Roles screen (Section 7.3 on the WAN. The ZyWALL bridges traffic traveling between the LAN and WAN. In the second figure the ZyWALL is in bridge mode. In bridge mode, the ZyWALL functions as a transparent firewall (also known as a bridge between a switch and a wired LAN or between two routers. This chapter is only applicable...
User Guide
Page 144
... backwards compatible with other STP-compliant bridges in your ZyWALL is also connected to the root bridge and unwanted learned addresses are Discarding, Learning, and Forwarding. Figure 100 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that is not set to bridge mode while connected to Section 7.4 on bridging refer to two wired segments of...
... backwards compatible with other STP-compliant bridges in your ZyWALL is also connected to the root bridge and unwanted learned addresses are Discarding, Learning, and Forwarding. Figure 100 Bridge Loop: Bridge Connected to Wired LAN To prevent bridge loops, ensure that is not set to bridge mode while connected to Section 7.4 on bridging refer to two wired segments of...