User Guide
Page 12
... ...183 10.1.1 What You Need to Know About Wireless LAN 184 10.2 The WLAN Screen ...184 10.3 The Static DHCP Screen 187 10.4 The IP Alias Screen ...189 10.5 The Port Roles Screen 190 Part III: Security 193 Chapter 11 Firewall Screens...195 11.1 Overview ...195 11.1.1 What You Can... in the Firewall Screens 196 11.1.2 What You Need To Know About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary Screen 202 11...
... ...183 10.1.1 What You Need to Know About Wireless LAN 184 10.2 The WLAN Screen ...184 10.3 The Static DHCP Screen 187 10.4 The IP Alias Screen ...189 10.5 The Port Roles Screen 190 Part III: Security 193 Chapter 11 Firewall Screens...195 11.1 Overview ...195 11.1.1 What You Can... in the Firewall Screens 196 11.1.2 What You Need To Know About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary Screen 202 11...
User Guide
Page 18
Table of Contents 26.7 The Backup and Restore Screen 458 26.7.1 Backup Configuration 459 26.7.2 Restore Configuration 459 26.7.3 Back to Factory Defaults 461 26.8 The Restart Screen ...461 26.9 The Diagnostics Screen 461 Part VI: SMT 465 Chapter 27 Introducing the SMT ...467 27...29.5 Advanced WAN Setup ...483 29.6 Remote Node Profile (Backup ISP 485 29.7 Editing TCP/IP Options ...487 29.8 Editing Login Script ...488 29.9 Remote Node Filter ...489 Chapter 30 LAN Setup...491 18 ZyWALL 2 Plus User's Guide General Setup 475 28.1 Introduction to General Setup 475 28.2 Configuring General...
Table of Contents 26.7 The Backup and Restore Screen 458 26.7.1 Backup Configuration 459 26.7.2 Restore Configuration 459 26.7.3 Back to Factory Defaults 461 26.8 The Restart Screen ...461 26.9 The Diagnostics Screen 461 Part VI: SMT 465 Chapter 27 Introducing the SMT ...467 27...29.5 Advanced WAN Setup ...483 29.6 Remote Node Profile (Backup ISP 485 29.7 Editing TCP/IP Options ...487 29.8 Editing Login Script ...488 29.9 Remote Node Filter ...489 Chapter 30 LAN Setup...491 18 ZyWALL 2 Plus User's Guide General Setup 475 28.1 Introduction to General Setup 475 28.2 Configuring General...
User Guide
Page 20
...NAT 528 36.4 General NAT Examples 530 36.4.1 Internet Access Only 530 36.4.2 Example 2: Internet Access with a Default Server 532 36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 ... Configuration...541 38.1 Introduction to Filters ...541 38.1.1 The Filter Structure of the ZyWALL 542 38.2 Configuring a Filter Set ...544 38.2.1 Configuring a Filter Rule 546 38.2.2 Configuring a TCP/IP Filter Rule 546 38.2.3 Configuring a Generic Filter Rule 549 38.3 Example Filter ......
...NAT 528 36.4 General NAT Examples 530 36.4.1 Internet Access Only 530 36.4.2 Example 2: Internet Access with a Default Server 532 36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 ... Configuration...541 38.1 Introduction to Filters ...541 38.1.1 The Filter Structure of the ZyWALL 542 38.2 Configuring a Filter Set ...544 38.2.1 Configuring a Filter Rule 546 38.2.2 Configuring a TCP/IP Filter Rule 546 38.2.3 Configuring a Generic Filter Rule 549 38.3 Example Filter ......
User Guide
Page 26
...39 SECURITY > FIREWALL > Rule Summary: Allow 94 Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN 94 Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses 95 Figure 42 Tutorial Example: WAN Connection with a Static Public IP Address 96 Figure 43 Tutorial Example: WAN Screen 97 Figure 44 Tutorial... Monitor 118 Figure 78 SECURITY > CONTENT FILTER > General 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
...39 SECURITY > FIREWALL > Rule Summary: Allow 94 Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN 94 Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses 95 Figure 42 Tutorial Example: WAN Connection with a Static Public IP Address 96 Figure 43 Tutorial Example: WAN Screen 97 Figure 44 Tutorial... Monitor 118 Figure 78 SECURITY > CONTENT FILTER > General 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 28
... Example 197 Figure 129 Limited LAN to WAN IRC Traffic Example 198 Figure 130 SECURITY > FIREWALL > Default Rule (Router Mode 199 Figure 131 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Figure 132 SECURITY > FIREWALL > Rule Summary 203 Figure 133 SECURITY > FIREWALL... Figure 145 From VPN to LAN Example 217 Figure 146 From VPN to VPN Example 218 Figure 147 Using IP Alias to Solve the Triangle Route Problem 219 Figure 148 Three-Way Handshake ...219 Figure 149 Content Filtering Lookup... Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
... Example 197 Figure 129 Limited LAN to WAN IRC Traffic Example 198 Figure 130 SECURITY > FIREWALL > Default Rule (Router Mode 199 Figure 131 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Figure 132 SECURITY > FIREWALL > Rule Summary 203 Figure 133 SECURITY > FIREWALL... Figure 145 From VPN to LAN Example 217 Figure 146 From VPN to VPN Example 218 Figure 147 Using IP Alias to Solve the Triangle Route Problem 219 Figure 148 Three-Way Handshake ...219 Figure 149 Content Filtering Lookup... Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
User Guide
Page 38
... Table 42 NETWORK > WLAN ...185 Table 43 NETWORK > WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197... Table 47 Limited LAN to WAN IRC Traffic Example 198 Table 48 SECURITY > FIREWALL > Default Rule (Router Mode 199 Table 49 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Table 50 SECURITY > FIREWALL > Rule Summary 203 Table 51 SECURITY >...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
... Table 42 NETWORK > WLAN ...185 Table 43 NETWORK > WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197... Table 47 Limited LAN to WAN IRC Traffic Example 198 Table 48 SECURITY > FIREWALL > Default Rule (Router Mode 199 Table 49 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Table 50 SECURITY > FIREWALL > Rule Summary 203 Table 51 SECURITY >...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 60
...well as to configure VPN connections using IKE key management and view the rule summary. SECURITY FIREWALL Default Rule Use this screen to assign fixed IP addresses on the ZyWALL. Static DHCP Use this screen to activate/deactivate the firewall and the direction of network traffic to ...to display and manage active VPN connections. Object Use this screen to assign fixed IP addresses on the ZyWALL. SA Monitor Use this screen to change your traffic redirect properties and parameters. IP Alias Use this screen to customize the content filter list. Port Roles Use ...
...well as to configure VPN connections using IKE key management and view the rule summary. SECURITY FIREWALL Default Rule Use this screen to assign fixed IP addresses on the ZyWALL. Static DHCP Use this screen to activate/deactivate the firewall and the direction of network traffic to ...to display and manage active VPN connections. Object Use this screen to assign fixed IP addresses on the ZyWALL. SA Monitor Use this screen to change your traffic redirect properties and parameters. IP Alias Use this screen to customize the content filter list. Port Roles Use ...
User Guide
Page 69
... to configure DNS servers. PPPoE is the default selection. Gateway IP Address Enter the gateway IP address in this field. My WAN IP Subnet Mask Enter the IP subnet mask in this field. Chapter 3 Wizard Setup Table 11 ISP Parameters: Ethernet Encapsulation LABEL DESCRIPTION WAN IP Address Assignment IP Address Assignment Select Dynamic If your ISP did... interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks. Select Static If the ISP assigned a fixed IP address. ZyWALL 2 Plus User's Guide 69
... to configure DNS servers. PPPoE is the default selection. Gateway IP Address Enter the gateway IP address in this field. My WAN IP Subnet Mask Enter the IP subnet mask in this field. Chapter 3 Wizard Setup Table 11 ISP Parameters: Ethernet Encapsulation LABEL DESCRIPTION WAN IP Address Assignment IP Address Assignment Select Dynamic If your ISP did... interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks. Select Static If the ISP assigned a fixed IP address. ZyWALL 2 Plus User's Guide 69
User Guide
Page 70
...Nailed-Up if you a fixed IP address. WAN IP Address Assignment IP Address Assignment Select Dynamic If your ISP. Table 12 ISP Parameters: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for confirmation. User Name Type the user name given to you select Static. 70 ZyWALL 2 Plus User's Guide Idle... This is optional. PPP over Ethernet forms a dial-up connection. Retype to time out. The default time is 100 seconds. Select Static If the ISP assigned a fixed IP address. The fields below are available only when you by your ISP did not assign you do ...
...Nailed-Up if you a fixed IP address. WAN IP Address Assignment IP Address Assignment Select Dynamic If your ISP. Table 12 ISP Parameters: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for confirmation. User Name Type the user name given to you select Static. 70 ZyWALL 2 Plus User's Guide Idle... This is optional. PPP over Ethernet forms a dial-up connection. Retype to time out. The default time is 100 seconds. Select Static If the ISP assigned a fixed IP address. The fields below are available only when you by your ISP did not assign you do ...
User Guide
Page 73
... or connection name in the field(s) to the right. This field is the default selection. Select Static If the ISP assigned a fixed IP address. First DNS Server Second DNS Server Enter the DNS server's IP address(es) in this field. Back Click Back to return to complete the ...are available only when you must follow the "c:id" and "n:name" format. My WAN IP Address Enter your xDSL modem. Server IP Address Type the IP address of your WAN IP address in order to save your ZyWALL and activate the free content filtering trial application. For example, C:12 or N:My ISP...
... or connection name in the field(s) to the right. This field is the default selection. Select Static If the ISP assigned a fixed IP address. First DNS Server Second DNS Server Enter the DNS server's IP address(es) in this field. Back Click Back to return to complete the ...are available only when you must follow the "c:id" and "n:name" format. My WAN IP Address Enter your xDSL modem. Server IP Address Type the IP address of your WAN IP address in order to save your ZyWALL and activate the free content filtering trial application. For example, C:12 or N:My ISP...
User Guide
Page 81
...requires more processing power, resulting in this field. Select MD5 for minimal security and SHA-1 for identity protection. DH1 (default) refers to the previous screen. You will receive a PYLD_MALFORMED (payload malformed) packet if the same preshared key is...AES uses a 128-bit key. You must know the same secret key, which is the key itself. ZyWALL 2 Plus User's Guide 81 Select Aggressive Mode to authenticate packet data. When DES is used on DES that...-bit key. Type from 8 to 31 case-sensitive ASCII characters or from dynamic IP addresses to negotiate a phase 2 IPSec SA.
...requires more processing power, resulting in this field. Select MD5 for minimal security and SHA-1 for identity protection. DH1 (default) refers to the previous screen. You will receive a PYLD_MALFORMED (payload malformed) packet if the same preshared key is...AES uses a 128-bit key. You must know the same secret key, which is the key itself. ZyWALL 2 Plus User's Guide 81 Select Aggressive Mode to authenticate packet data. When DES is used on DES that...-bit key. Type from 8 to 31 case-sensitive ASCII characters or from dynamic IP addresses to negotiate a phase 2 IPSec SA.
User Guide
Page 87
...traffic. • how to set up your ZyWALL if you have more fine-tuned control for which the ZyWALL is not one fixed (static) IP address from VPN tunnels to the FTP server. The ZyWALL applies the security settings to or from the ZyWALL's VPN tunnels. You can access the FTP server... through a VPN tunnel (not other services like chat or e-mail going to the traffic before encrypting VPN traffic that have VPN tunnels with IP address 192.168.1.4 behind device B can configure default and custom firewall rules ...
...traffic. • how to set up your ZyWALL if you have more fine-tuned control for which the ZyWALL is not one fixed (static) IP address from VPN tunnels to the FTP server. The ZyWALL applies the security settings to or from the ZyWALL's VPN tunnels. You can access the FTP server... through a VPN tunnel (not other services like chat or e-mail going to the traffic before encrypting VPN traffic that have VPN tunnels with IP address 192.168.1.4 behind device B can configure default and custom firewall rules ...
User Guide
Page 121
... Figure 82 SECURITY > CONTENT FILTER > Policy 2 Select Active. 3 Give the policy a name. 4 Configure a single address of 192.168.1.33. ZyWALL 2 Plus User's Guide 121 Figure 81 HOME > DHCP Table 4.5.4 Create a Content Filter Policy for Bob Do the following to create a content filtering ...button. Chapter 4 Tutorials 4.5.3 Assign Bob's Computer a Specific IP Address You will configure a content filtering policy for traffic from Bob's computer's IP address. Do the following to have the ZyWALL always give Bob's computer the same IP address (192.168.1.33 in order, so make sure ...
... Figure 82 SECURITY > CONTENT FILTER > Policy 2 Select Active. 3 Give the policy a name. 4 Configure a single address of 192.168.1.33. ZyWALL 2 Plus User's Guide 121 Figure 81 HOME > DHCP Table 4.5.4 Create a Content Filter Policy for Bob Do the following to create a content filtering ...button. Chapter 4 Tutorials 4.5.3 Assign Bob's Computer a Specific IP Address You will configure a content filtering policy for traffic from Bob's computer's IP address. Do the following to have the ZyWALL always give Bob's computer the same IP address (192.168.1.33 in order, so make sure ...
User Guide
Page 133
...and will broadcast its routing table periodically. By default, RIP Direction is assigned at the factory and consists of six pairs of hexadecimal characters, for Management of IP Address Space. The MAC address is set to RIP-1. If you disable the ZyWALL's DHCP service, you have another DHCP server....and so will incorporate the RIP information that RIP2B uses subnet broadcasting while RIP-2M uses multicasting. RIP-1 is probably adequate for the default IP pool range. Both RIP-2B and RIP-2M send routing data in the DHCP pool. the difference being that it recognizes both ...
...and will broadcast its routing table periodically. By default, RIP Direction is assigned at the factory and consists of six pairs of hexadecimal characters, for Management of IP Address Space. The MAC address is set to RIP-1. If you disable the ZyWALL's DHCP service, you have another DHCP server....and so will incorporate the RIP information that RIP2B uses subnet broadcasting while RIP-2M uses multicasting. RIP-1 is probably adequate for the default IP pool range. Both RIP-2B and RIP-2M send routing data in the DHCP pool. the difference being that it recognizes both ...
User Guide
Page 383
... in you are similar for most Linux distributions. 1 Test whether the SSH service is available on the ZyWALL (using the default IP address of 192.168.1.1). A message displays indicating the SSH protocol version supported by the ZyWALL. SSH-1.5-1.0.0 2 Enter "ssh -1 192.168.1.1". The SMT main menu displays next. 21.2.2.2 Example 2: Linux This section describes...
... in you are similar for most Linux distributions. 1 Test whether the SSH service is available on the ZyWALL (using the default IP address of 192.168.1.1). A message displays indicating the SSH protocol version supported by the ZyWALL. SSH-1.5-1.0.0 2 Enter "ssh -1 192.168.1.1". The SMT main menu displays next. 21.2.2.2 Example 2: Linux This section describes...
User Guide
Page 481
WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Press ENTER to Confirm or ESC to ....1 Introduction to WAN and Dial Backup Setup This chapter explains how to configure settings for your WAN port and how to configure the ZyWALL for a dial backup connection. 29.2 WAN Setup From the main menu, enter 2 to Cancel: ZyWALL 2 Plus User's Guide 481 Figure 307 MAC Address Cloning in WAN Setup Menu 2 -
WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Press ENTER to Confirm or ESC to ....1 Introduction to WAN and Dial Backup Setup This chapter explains how to configure settings for your WAN port and how to configure the ZyWALL for a dial backup connection. 29.2 WAN Setup From the main menu, enter 2 to Cancel: ZyWALL 2 Plus User's Guide 481 Figure 307 MAC Address Cloning in WAN Setup Menu 2 -
User Guide
Page 483
...Confirm..." Edit Advanced To edit the advanced setup for specific AT commands. Port Speed Press [SPACE BAR] and then press [ENTER] to this menu. ZyWALL 2 Plus User's Guide 483 Figure 308 Menu 2: Dial Backup Setup Chapter 29 WAN and Dial Backup Setup Menu 2 - Consult the manual of the... and then press [ENTER] to go to Cancel: The following table describes the fields in this field; WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at the prompt "Press ENTER to turn the dial-backup feature...
...Confirm..." Edit Advanced To edit the advanced setup for specific AT commands. Port Speed Press [SPACE BAR] and then press [ENTER] to this menu. ZyWALL 2 Plus User's Guide 483 Figure 308 Menu 2: Dial Backup Setup Chapter 29 WAN and Dial Backup Setup Menu 2 - Consult the manual of the... and then press [ENTER] to go to Cancel: The following table describes the fields in this field; WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at the prompt "Press ENTER to turn the dial-backup feature...
User Guide
Page 575
... the TFTP transfer will not be active and the SMT in Menu 24 - Table 208 General Commands for the configuration file is the ZyWALL's default IP address when shipped. To backup the configuration file, follow the procedure shown next. 1 Use Telnet from your computer. The file name for... the TFTP client (see in . Note that you may see the example below) to the ZyWALL. Enter command "sys stdio 5" to restore the five-minute SMT timeout (default) when the file transfer is the ZyWALL IP address, "get rom-0 config.rom Where "i" specifies binary image transfer mode (use TFTP, your...
... the TFTP transfer will not be active and the SMT in Menu 24 - Table 208 General Commands for the configuration file is the ZyWALL's default IP address when shipped. To backup the configuration file, follow the procedure shown next. 1 Use Telnet from your computer. The file name for... the TFTP client (see in . Note that you may see the example below) to the ZyWALL. Enter command "sys stdio 5" to restore the five-minute SMT timeout (default) when the file transfer is the ZyWALL IP address, "get rom-0 config.rom Where "i" specifies binary image transfer mode (use TFTP, your...
User Guide
Page 606
... Login screen in to its factory defaults. Chapter 45 Troubleshooting 45.2 ZyWALL Access and Login V I forgot the IP address for the ZyWALL. 1 The default IP address is a DHCP server by looking up windows and has JavaScripts and Java enabled. The IP address of the Default Gateway might get the IP address of the ZyWALL by default. 5 Reset the device to its...
... Login screen in to its factory defaults. Chapter 45 Troubleshooting 45.2 ZyWALL Access and Login V I forgot the IP address for the ZyWALL. 1 The default IP address is a DHCP server by looking up windows and has JavaScripts and Java enabled. The IP address of the Default Gateway might get the IP address of the ZyWALL by default. 5 Reset the device to its...
User Guide
Page 613
...: CSA International, CE EN60950-1 Table 216 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.160 ZyWALL 2 Plus User's Guide 613 Reset Button Restores factory default settings Console RJ-45 port for RS-232 null modem connection...
...: CSA International, CE EN60950-1 Table 216 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.160 ZyWALL 2 Plus User's Guide 613 Reset Button Restores factory default settings Console RJ-45 port for RS-232 null modem connection...