User Guide
Page 12
...DMZ Screens 171 9.1.2 What You Need To Know About DMZ 172 9.1.3 DMZ Public IP Address Example 172 9.1.4 DMZ Private and Public IP Address Example 173 9.2 The DMZ Screen ...174 9.3 The Static DHCP Screen 177 9.4 The IP Alias Screen ...179 9.5 The DMZ Port Roles Screen 181 Chapter 10 Wireless LAN Screens...Firewall Screens 196 11.1.2 What You Need To Know About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary ...
...DMZ Screens 171 9.1.2 What You Need To Know About DMZ 172 9.1.3 DMZ Public IP Address Example 172 9.1.4 DMZ Private and Public IP Address Example 173 9.2 The DMZ Screen ...174 9.3 The Static DHCP Screen 177 9.4 The IP Alias Screen ...179 9.5 The DMZ Port Roles Screen 181 Chapter 10 Wireless LAN Screens...Firewall Screens 196 11.1.2 What You Need To Know About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary ...
User Guide
Page 20
... 528 36.4 General NAT Examples 530 36.4.1 Internet Access Only 530 36.4.2 Example 2: Internet Access with a Default Server 532 36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two...Configuration...541 38.1 Introduction to Filters ...541 38.1.1 The Filter Structure of the ZyWALL 542 38.2 Configuring a Filter Set ...544 38.2.1 Configuring a Filter Rule 546 38.2.2 Configuring a TCP/IP Filter Rule 546 38.2.3 Configuring a Generic Filter Rule 549 38.3 Example Filter ......
... 528 36.4 General NAT Examples 530 36.4.1 Internet Access Only 530 36.4.2 Example 2: Internet Access with a Default Server 532 36.4.3 Example 3: Multiple Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two...Configuration...541 38.1 Introduction to Filters ...541 38.1.1 The Filter Structure of the ZyWALL 542 38.2 Configuring a Filter Set ...544 38.2.1 Configuring a Filter Rule 546 38.2.2 Configuring a TCP/IP Filter Rule 546 38.2.3 Configuring a Generic Filter Rule 549 38.3 Example Filter ......
User Guide
Page 26
...39 SECURITY > FIREWALL > Rule Summary: Allow 94 Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN 94 Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses 95 Figure 42 Tutorial Example: WAN Connection with a Static Public IP Address 96 Figure 43 Tutorial Example: WAN Screen 97 Figure 44 Tutorial Example... 118 Figure 78 SECURITY > CONTENT FILTER > General 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
...39 SECURITY > FIREWALL > Rule Summary: Allow 94 Figure 40 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN 94 Figure 41 Tutorial Example: Using NAT with Static Public IP Addresses 95 Figure 42 Tutorial Example: WAN Connection with a Static Public IP Address 96 Figure 43 Tutorial Example: WAN Screen 97 Figure 44 Tutorial Example... 118 Figure 78 SECURITY > CONTENT FILTER > General 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 60
... Static DHCP Use this screen to configure the backup WAN dial-up connection. Dial Backup Use this screen to assign fixed IP addresses on the ZyWALL. WLAN WLAN Use this screen to configure VPN connections using manual key management and view the rule summary. VPN VPN Rules... summary. SECURITY FIREWALL Default Rule Use this screen to select which to apply the rule Rule Summary This screen shows a summary of certificates and manage certificates and certification requests. VPN Rules (Manual) Use this screen to assign fixed IP addresses on the ZyWALL. DMZ DMZ Use ...
... Static DHCP Use this screen to configure the backup WAN dial-up connection. Dial Backup Use this screen to assign fixed IP addresses on the ZyWALL. WLAN WLAN Use this screen to configure VPN connections using manual key management and view the rule summary. VPN VPN Rules... summary. SECURITY FIREWALL Default Rule Use this screen to select which to apply the rule Rule Summary This screen shows a summary of certificates and manage certificates and certification requests. VPN Rules (Manual) Use this screen to assign fixed IP addresses on the ZyWALL. DMZ DMZ Use ...
User Guide
Page 69
... fixed IP address. My WAN IP Address Enter your WAN IP address in this field. My WAN IP Subnet Mask Enter the IP subnet mask in this field. First DNS Server Second DNS Server Enter the DNS server's IP address(es) in the field(s) to the previous wizard screen. ZyWALL 2 ...IP Address Assignment IP Address Assignment Select Dynamic If your changes and go to the next screen. 3.2.1.2 PPPoE Encapsulation Point-to-Point Protocol over Ethernet (PPPoE) functions as 0.0.0.0 if you do not configure a DNS server, you must know the IP address of a machine in this field. PPPoE is the default...
... fixed IP address. My WAN IP Address Enter your WAN IP address in this field. My WAN IP Subnet Mask Enter the IP subnet mask in this field. First DNS Server Second DNS Server Enter the DNS server's IP address(es) in the field(s) to the previous wizard screen. ZyWALL 2 ...IP Address Assignment IP Address Assignment Select Dynamic If your changes and go to the next screen. 3.2.1.2 PPPoE Encapsulation Point-to-Point Protocol over Ethernet (PPPoE) functions as 0.0.0.0 if you do not configure a DNS server, you must know the IP address of a machine in this field. PPPoE is the default...
User Guide
Page 70
... you by your ISP did not assign you select Static. 70 ZyWALL 2 Plus User's Guide This is optional. This field is the default selection. Select Static If the ISP assigned a fixed IP address. Password Type the password associated with the user name above. The default time is 100 seconds. Table 12 ISP Parameters: PPPoE Encapsulation...
... you by your ISP did not assign you select Static. 70 ZyWALL 2 Plus User's Guide This is optional. This field is the default selection. Select Static If the ISP assigned a fixed IP address. Password Type the password associated with the user name above. The default time is 100 seconds. Table 12 ISP Parameters: PPPoE Encapsulation...
User Guide
Page 73
... do not configure a DNS server, you a fixed IP address. Back Click Back to return to complete the Internet access setup. Server IP Address Type the IP address of a machine in order to complete the Internet access setup. This field is the default selection. My WAN IP Address Enter your ISP (if given). ZyWALL 2 Plus User's Guide 73 First DNS Server...
... do not configure a DNS server, you a fixed IP address. Back Click Back to return to complete the Internet access setup. Server IP Address Type the IP address of a machine in order to complete the Internet access setup. This field is the default selection. My WAN IP Address Enter your ISP (if given). ZyWALL 2 Plus User's Guide 73 First DNS Server...
User Guide
Page 81
... a message authentication code. Select MD5 for minimal security and SHA-1 for identity protection. DH1 (default) refers to the previous screen. For example, in "0x0123456789ABCDEF", 0x denotes that uses a 168...receive a PYLD_MALFORMED (payload malformed) packet if the same preshared key is the key itself. ZyWALL 2 Plus User's Guide 81 Table 17 VPN Wizard: IKE Tunnel Setting LABEL DESCRIPTION Negotiation...case-sensitive ASCII characters or from dynamic IP addresses to 62 hexadecimal ("0-9", "A-F") characters. Click Next to update the encryption and authentication keys.
... a message authentication code. Select MD5 for minimal security and SHA-1 for identity protection. DH1 (default) refers to the previous screen. For example, in "0x0123456789ABCDEF", 0x denotes that uses a 168...receive a PYLD_MALFORMED (payload malformed) packet if the same preshared key is the key itself. ZyWALL 2 Plus User's Guide 81 Table 17 VPN Wizard: IKE Tunnel Setting LABEL DESCRIPTION Negotiation...case-sensitive ASCII characters or from dynamic IP addresses to 62 hexadecimal ("0-9", "A-F") characters. Click Next to update the encryption and authentication keys.
User Guide
Page 87
You can apply firewall security to other VPN traffic for which the ZyWALL is not one fixed (static) IP address from the ZyWALL's VPN tunnels. The following example. You have VPN tunnels with IP address 192.168.1.4 behind device A. They do this for the firewall. 4.1.1 Firewall Rule for VPN Example The ...configure a VPN rule to allow only FTP traffic to come from the ZyWALL's VPN tunnels. You can apply the firewall and content filtering to the traffic going to the FTP server, you can configure default and custom firewall rules for VPN packets. Take the following examples show...
You can apply firewall security to other VPN traffic for which the ZyWALL is not one fixed (static) IP address from the ZyWALL's VPN tunnels. The following example. You have VPN tunnels with IP address 192.168.1.4 behind device A. They do this for the firewall. 4.1.1 Firewall Rule for VPN Example The ...configure a VPN rule to allow only FTP traffic to come from the ZyWALL's VPN tunnels. You can apply the firewall and content filtering to the traffic going to the FTP server, you can configure default and custom firewall rules for VPN packets. Take the following examples show...
User Guide
Page 121
Do the following to have the ZyWALL always give Bob's computer the same IP address (192.168.1.33 in order, so make sure you add the new policy before the default policy. Figure 82 SECURITY > CONTENT FILTER > Policy 2 Select Active. 3 Give the policy a name. 4 Configure a single address of 192.168.1.33. Figure 81 HOME > DHCP Table...
Do the following to have the ZyWALL always give Bob's computer the same IP address (192.168.1.33 in order, so make sure you add the new policy before the default policy. Figure 82 SECURITY > CONTENT FILTER > Policy 2 Select Active. 3 Give the policy a name. 4 Configure a single address of 192.168.1.33. Figure 81 HOME > DHCP Table...
User Guide
Page 133
For more information. RIP-1 is set to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for the default IP pool range. RIP-1 is probably adequate for example, 00:A0:C5:00:00:02. IP Pool Setup The ZyWALL is assigned at the factory and consists of six pairs of ... Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with a pool of IP addresses for the computers on address assignment, please refer to Both or Out Only, the ZyWALL will not receive the RIP packets. When set to Both or In Only, it will ignore any RIP...
For more information. RIP-1 is set to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for the default IP pool range. RIP-1 is probably adequate for example, 00:A0:C5:00:00:02. IP Pool Setup The ZyWALL is assigned at the factory and consists of six pairs of ... Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with a pool of IP addresses for the computers on address assignment, please refer to Both or Out Only, the ZyWALL will not receive the RIP packets. When set to Both or In Only, it will ignore any RIP...
User Guide
Page 135
... routing table periodically. Table 22 NETWORK > LAN LABEL DESCRIPTION LAN TCP/IP IP Address Type the IP address of your ZyWALL in this screen. Your ZyWALL automatically calculates the subnet mask based on the IP address that it will not send any RIP packets received. Both is the factory default. when set to None, it receives; Figure 92 NETWORK > LAN...
... routing table periodically. Table 22 NETWORK > LAN LABEL DESCRIPTION LAN TCP/IP IP Address Type the IP address of your ZyWALL in this screen. Your ZyWALL automatically calculates the subnet mask based on the IP address that it will not send any RIP packets received. Both is the factory default. when set to None, it receives; Figure 92 NETWORK > LAN...
User Guide
Page 136
... for most networks, unless you are instructed by your network and the IP addresses that do not match those specified in wide use multicasting, also. By default, RIP direction is not used to establish membership in a Multicast group - Unless you have the ZyWALL forward DHCP requests to RIP-1. When you select None, you would...
... for most networks, unless you are instructed by your network and the IP addresses that do not match those specified in wide use multicasting, also. By default, RIP direction is not used to establish membership in a Multicast group - Unless you have the ZyWALL forward DHCP requests to RIP-1. When you select None, you would...
User Guide
Page 137
...and from the WLAN to the LAN. Apply Click Apply to save your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default DMZ to LAN firewall rule that forwards NetBIOS traffic. Chapter 6 LAN Screens Table 22 NETWORK > ...between LAN and WAN Select this screen afresh. 6.3 The Static DHCP Screen This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. If your ZyWALL's static DHCP settings, click NETWORK > LAN > Static DHCP. The screen appears as shown. Clear this ...
...and from the WLAN to the LAN. Apply Click Apply to save your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default DMZ to LAN firewall rule that forwards NetBIOS traffic. Chapter 6 LAN Screens Table 22 NETWORK > ...between LAN and WAN Select this screen afresh. 6.3 The Static DHCP Screen This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. If your ZyWALL's static DHCP settings, click NETWORK > LAN > Static DHCP. The screen appears as shown. Clear this ...
User Guide
Page 383
...Client program. 1 Launch the SSH client and specify the connection information (IP address, port number or device name) for most Linux distributions. 1 Test whether the SSH service is available on the ZyWALL (using the default IP address of 192.168.1.1). Figure 248 SSH Example 1: Store Host Key Enter the... password to log in you to access the ZyWALL using SSH version 1. Escape character is the first time you are...
...Client program. 1 Launch the SSH client and specify the connection information (IP address, port number or device name) for most Linux distributions. 1 Test whether the SSH service is available on the ZyWALL (using the default IP address of 192.168.1.1). Figure 248 SSH Example 1: Store Host Key Enter the... password to log in you to access the ZyWALL using SSH version 1. Escape character is the first time you are...
User Guide
Page 481
WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Press ENTER to Confirm or ESC to open ....1. 29.1 Introduction to WAN and Dial Backup Setup This chapter explains how to configure settings for your WAN port and how to configure the ZyWALL for a dial backup connection. 29.2 WAN Setup From the main menu, enter 2 to Cancel: ZyWALL 2 Plus User's Guide 481 Figure 307 MAC Address Cloning in WAN Setup Menu 2 -
WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Press ENTER to Confirm or ESC to open ....1. 29.1 Introduction to WAN and Dial Backup Setup This chapter explains how to configure settings for your WAN port and how to configure the ZyWALL for a dial backup connection. 29.2 WAN Setup From the main menu, enter 2 to Cancel: ZyWALL 2 Plus User's Guide 481 Figure 307 MAC Address Cloning in WAN Setup Menu 2 -
User Guide
Page 483
...this field; AT Command String: Init Enter the AT command string to turn the dial-backup feature on (Yes) or off (No). Advanced Setup. ZyWALL 2 Plus User's Guide 483 Available speeds are: 9600, 19200, 38400, 57600, 115200 or 230400 bps. Setup press the [SPACE BAR] to ...specific AT commands. Edit Advanced To edit the advanced setup for the Dial Backup port, move the cursor to Menu 2.1 - WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at the prompt "Press ENTER to cancel. 29.5 Advanced WAN...
...this field; AT Command String: Init Enter the AT command string to turn the dial-backup feature on (Yes) or off (No). Advanced Setup. ZyWALL 2 Plus User's Guide 483 Available speeds are: 9600, 19200, 38400, 57600, 115200 or 230400 bps. Setup press the [SPACE BAR] to ...specific AT commands. Edit Advanced To edit the advanced setup for the Dial Backup port, move the cursor to Menu 2.1 - WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at the prompt "Press ENTER to cancel. 29.5 Advanced WAN...
User Guide
Page 575
...TFTP client (see following table describes some of the ZyWALL. 192.168.1.1 is complete. 4 Launch the TFTP client on your computer and connect to restore the five-minute SMT timeout (default) when the file transfer is the ZyWALL's default IP address when shipped. For details on TFTP commands (see ...the example below) to transfer files between the ZyWALL and the computer. For UNIX, use "get" to transfer from...
...TFTP client (see following table describes some of the ZyWALL. 192.168.1.1 is complete. 4 Launch the TFTP client on your computer and connect to restore the five-minute SMT timeout (default) when the file transfer is the ZyWALL's default IP address when shipped. For details on TFTP commands (see ...the example below) to transfer files between the ZyWALL and the computer. For UNIX, use "get" to transfer from...
User Guide
Page 606
... this in the web configurator. 606 1 Make sure you are using a dynamic IP address. The IP address of the Default Gateway might get the IP address of the ZyWALL by default. 5 Reset the device to access the ZyWALL with the default IP address. V I cannot see the troubleshooting suggestions for I forgot the IP address for LAN access. (If you know that there are routers between your...
... this in the web configurator. 606 1 Make sure you are using a dynamic IP address. The IP address of the Default Gateway might get the IP address of the ZyWALL by default. 5 Reset the device to access the ZyWALL with the default IP address. V I cannot see the troubleshooting suggestions for I forgot the IP address for LAN access. (If you know that there are routers between your...
User Guide
Page 613
... B Safety: CSA International, CE EN60950-1 Table 216 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.160 ZyWALL 2 Plus User's Guide 613 Reset Button Restores factory default settings Console RJ-45 port for RS-232 null modem connection...
... B Safety: CSA International, CE EN60950-1 Table 216 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.160 ZyWALL 2 Plus User's Guide 613 Reset Button Restores factory default settings Console RJ-45 port for RS-232 null modem connection...