User Guide
Page 3
... get up your network and configuring for Internet access. • Web Configurator Online Help Embedded web help you . E-mail: techwriters@zyxel.com.tw ZyWALL 2 Plus User's Guide 3 Related Documentation • Quick Start Guide The Quick Start Guide is designed to help for additional support... Guide Intended Audience This manual is intended for improvement to the following address, or use the web configurator to configure the ZyWALL. • Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for descriptions of TCP...
... get up your network and configuring for Internet access. • Web Configurator Online Help Embedded web help you . E-mail: techwriters@zyxel.com.tw ZyWALL 2 Plus User's Guide 3 Related Documentation • Quick Start Guide The Quick Start Guide is designed to help for additional support... Guide Intended Audience This manual is intended for improvement to the following address, or use the web configurator to configure the ZyWALL. • Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for descriptions of TCP...
User Guide
Page 13
... Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277...
... Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277...
User Guide
Page 29
... Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 Figure 178 SECURITY > VPN > SA Monitor 275 Figure 179 Overlap in a Dynamic VPN Rule 276 Figure 180 Overlap in IP... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
... Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 Figure 178 SECURITY > VPN > SA Monitor 275 Figure 179 Overlap in a Dynamic VPN Rule 276 Figure 180 Overlap in IP... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
User Guide
Page 38
... Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 Table 70 SECURITY > VPN > VPN Rules (Manual) > Edit 273 Table 71 SECURITY > VPN > SA Monitor 275 Table 72 SECURITY > VPN > Global Setting 278 Table 73 Telecommuters Sharing One VPN... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
... Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 Table 70 SECURITY > VPN > VPN Rules (Manual) > Edit 273 Table 71 SECURITY > VPN > SA Monitor 275 Table 72 SECURITY > VPN > Global Setting 278 Table 73 Telecommuters Sharing One VPN... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 55
...alert. The LAN, WAN, DMZ and WLAN interfaces all have another DHCP server. If you connect your computer directly to the ZyWALL, you must be manually configured. You do not need to change the configuration of your computer a static IP address in the same subnet as the number... computers connected to another DHCP server on your service subscription. Click Dial to access the ZyWALL for each port. Click the field label to go to the screen where you 're using a manually entered static (fixed) IP address. For the dial backup port, this displays DHCP client...
...alert. The LAN, WAN, DMZ and WLAN interfaces all have another DHCP server. If you connect your computer directly to the ZyWALL, you must be manually configured. You do not need to change the configuration of your computer a static IP address in the same subnet as the number... computers connected to another DHCP server on your service subscription. Click Dial to access the ZyWALL for each port. Click the field label to go to the screen where you 're using a manually entered static (fixed) IP address. For the dial backup port, this displays DHCP client...
User Guide
Page 60
...IKE) Use this screen to configure VPN connections using IKE key management and view the rule summary. VPN Rules (Manual) Use this screen to configure VPN connections using manual key management and view the rule summary. WAN Use this screen to partition your DMZ interface into subnets. IP... Use this screen to configure the backup WAN dial-up connection. SA Monitor Use this screen to assign fixed IP addresses on the ZyWALL. CONTENT FILTER General This screen allows you to configure route priority. Static DHCP Use this screen to display and manage active VPN connections...
...IKE) Use this screen to configure VPN connections using IKE key management and view the rule summary. VPN Rules (Manual) Use this screen to configure VPN connections using manual key management and view the rule summary. WAN Use this screen to partition your DMZ interface into subnets. IP... Use this screen to configure the backup WAN dial-up connection. SA Monitor Use this screen to assign fixed IP addresses on the ZyWALL. CONTENT FILTER General This screen allows you to configure route priority. Static DHCP Use this screen to display and manage active VPN connections...
User Guide
Page 63
...call) or Drop (dropping a call) if you're using the ZyWALL's DHCP server. System Up Time This is the total time the ZyWALL has been on this displays the port speed and duplex setting if you must be manually configured. The DHCP table shows current DHCP client information (including IP...this port. Status For the WAN and dial backup ports, this port. Table 7 HOME > Show Statistics LABEL DESCRIPTION Port These are the ZyWALL's interfaces. TxPkts This is the number of every time interval or to router mode. Read-only information here relates to obtain TCP/IP ...
...call) or Drop (dropping a call) if you're using the ZyWALL's DHCP server. System Up Time This is the total time the ZyWALL has been on this displays the port speed and duplex setting if you must be manually configured. The DHCP table shows current DHCP client information (including IP...this port. Status For the WAN and dial backup ports, this port. Table 7 HOME > Show Statistics LABEL DESCRIPTION Port These are the ZyWALL's interfaces. TxPkts This is the number of every time interval or to router mode. Read-only information here relates to obtain TCP/IP ...
User Guide
Page 133
...of DNS servers to the computers on page 613 for most networks, unless you must be manually configured. If you disable the ZyWALL's DHCP service, you have another DHCP server. IP Pool Setup The ZyWALL is pre-configured with other routers. when set to Both and RIP Version to None, it...on your LAN. MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. When set to Both or Out Only, the ZyWALL will broadcast its routing table periodically. RIP-1 is assigned at the factory and consists of six pairs of hexadecimal characters, for Management of IP ...
...of DNS servers to the computers on page 613 for most networks, unless you must be manually configured. If you disable the ZyWALL's DHCP service, you have another DHCP server. IP Pool Setup The ZyWALL is pre-configured with other routers. when set to Both and RIP Version to None, it...on your LAN. MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. When set to Both or Out Only, the ZyWALL will broadcast its routing table periodically. RIP-1 is assigned at the factory and consists of six pairs of hexadecimal characters, for Management of IP ...
User Guide
Page 136
...packets to pass through to the WAN in the IP Pool Starting Address and Pool Size fields. These IP addresses are instructed by the ZyWALL or manually set to relay DHCP requests. Unless you are dynamically assigned by your ISP, leave this to obtain TCP/IP configuration at startup from ...the Home screen for most networks, unless you want the ZyWALL to Server. DHCP WINS Server 1, 2 Type the IP address of the DHCP server to which...
...packets to pass through to the WAN in the IP Pool Starting Address and Pool Size fields. These IP addresses are instructed by the ZyWALL or manually set to relay DHCP requests. Unless you are dynamically assigned by your ISP, leave this to obtain TCP/IP configuration at startup from ...the Home screen for most networks, unless you want the ZyWALL to Server. DHCP WINS Server 1, 2 Type the IP address of the DHCP server to which...
User Guide
Page 154
... specifically for the appropriate IP addresses. The ZyWALL can provide you sign up. " Regardless of other hand, if you are isolated from the ISP. 3 You can access it , you DNS server addresses, manually enter them in the form of www.zyxel.com is extremely important because without problems. However...the DNS server IP addresses (along with the Internet addresses for instance, the IP address of an information sheet, when you with the ZyWALL's WAN IP address), set the DNS server fields to its corresponding IP address and vice versa, for your ISP gives you must have...
... specifically for the appropriate IP addresses. The ZyWALL can provide you sign up. " Regardless of other hand, if you are isolated from the ISP. 3 You can access it , you DNS server addresses, manually enter them in the form of www.zyxel.com is extremely important because without problems. However...the DNS server IP addresses (along with the Internet addresses for instance, the IP address of an information sheet, when you with the ZyWALL's WAN IP address), set the DNS server fields to its corresponding IP address and vice versa, for your ISP gives you must have...
User Guide
Page 167
... (default) to exchange routing information with other routers. Type your WAN IP address here if you do not listen to disable NAT so the ZyWALL does not perform any NAT mapping for this remote node. RIP Direction RIP (Routing Information Protocol) allows a router to have an unusual network ...The RIP Direction field controls the sending and receiving of String your WAN IP address if you know it (static). Consult the manual of RIP packets. but RIP-2 carries more information. However, if one network to your ISP for local calls. the difference being that ...
... (default) to exchange routing information with other routers. Type your WAN IP address here if you do not listen to disable NAT so the ZyWALL does not perform any NAT mapping for this remote node. RIP Direction RIP (Routing Information Protocol) allows a router to have an unusual network ...The RIP Direction field controls the sending and receiving of String your WAN IP address if you know it (static). Consult the manual of RIP packets. but RIP-2 carries more information. However, if one network to your ISP for local calls. the difference being that ...
User Guide
Page 169
...string. Table 37 NETWORK > WAN > Dial Backup > Edit LABEL DESCRIPTION AT Command Strings Dial Type the AT Command string to have the ZyWALL drop the DTR (Data Terminal Ready) Hang Up signal after the "AT Command String: Drop" is required for CLID authentication. Called ID ...Type the keyword preceding the dialed number. Chapter 8 WAN Screens " Consult the manual of your WAN device connected to your dial backup port for example, "~~~+++~~ath" can be used if your modem has a slow response time. ...
...string. Table 37 NETWORK > WAN > Dial Backup > Edit LABEL DESCRIPTION AT Command Strings Dial Type the AT Command string to have the ZyWALL drop the DTR (Data Terminal Ready) Hang Up signal after the "AT Command String: Drop" is required for CLID authentication. Called ID ...Type the keyword preceding the dialed number. Chapter 8 WAN Screens " Consult the manual of your WAN device connected to your dial backup port for example, "~~~+++~~ath" can be used if your modem has a slow response time. ...
User Guide
Page 176
RIP-1 is universally supported but IGMP version 1 is done by the ZyWALL or manually set using . Multicasting can reduce the load on your ISP, leave this range of the IP address pool. If you would like to read more ... a server, fill in the IP Pool Starting Address and Pool Size fields. Select Relay to have the ZyWALL forward DHCP requests to another DHCP server on your LAN, or else the computers must be manually configured. IP Pool Starting Address This field specifies the first of RFC 2236. These IP addresses are...
RIP-1 is universally supported but IGMP version 1 is done by the ZyWALL or manually set using . Multicasting can reduce the load on your ISP, leave this range of the IP address pool. If you would like to read more ... a server, fill in the IP Pool Starting Address and Pool Size fields. Select Relay to have the ZyWALL forward DHCP requests to another DHCP server on your LAN, or else the computers must be manually configured. IP Pool Starting Address This field specifies the first of RFC 2236. These IP addresses are...
User Guide
Page 186
...set to have another DHCP server. The WINS server keeps a mapping table of the computer names on your network must be manually configured. Type this IP address range Set the ZyWALL to carry user data. Both RIP-2B and RIP-2M sends the routing data in the IP address pool. IGMP (.... Address Pool Size This field specifies the size, or count of static IP/MAC address combinations. By default, RIP direction is done by the ZyWALL or manually set to the DHCP clients. If you want to send to Relay, fill in the IP Pool Starting Address and Pool Size fields. When set...
...set to have another DHCP server. The WINS server keeps a mapping table of the computer names on your network must be manually configured. Type this IP address range Set the ZyWALL to carry user data. Both RIP-2B and RIP-2M sends the routing data in the IP address pool. IGMP (.... Address Pool Size This field specifies the size, or count of static IP/MAC address combinations. By default, RIP direction is done by the ZyWALL or manually set to the DHCP clients. If you want to send to Relay, fill in the IP Pool Starting Address and Pool Size fields. When set...
User Guide
Page 244
...720 hours). Apply Click Apply to save your changes back to which requested access belongs. Category This field shows the site category to the ZyWALL. Chapter 12 Content Filtering Screens Figure 157 SECURITY > CONTENT FILTER > Cache The following table describes the labels in the URL cache before...from the cache. (hour) Modify Click the delete icon to remove the URL entry from the cache manually. Reset Click Reset to clear all web site addresses from the cache. 244 ZyWALL 2 Plus User's Guide URL Cache Entry Flush Click this button to begin configuring this screen afresh....
...720 hours). Apply Click Apply to save your changes back to which requested access belongs. Category This field shows the site category to the ZyWALL. Chapter 12 Content Filtering Screens Figure 157 SECURITY > CONTENT FILTER > Cache The following table describes the labels in the URL cache before...from the cache. (hour) Modify Click the delete icon to remove the URL entry from the cache manually. Reset Click Reset to clear all web site addresses from the cache. 244 ZyWALL 2 Plus User's Guide URL Cache Entry Flush Click this button to begin configuring this screen afresh....
User Guide
Page 253
...14.2 on page 256) to manage the ZyWALL's list of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer. You may want to configure a VPN rule that use IKE SAs. • Use the VPN Rules (Manual) screens (see Section 14.4 on page ...271) to -site lines. The following figure provides one perspective of leased site-to manage the ZyWALL's list of tunneling, encryption, authentication, access control and auditing. CHAPTER 14 ...
...14.2 on page 256) to manage the ZyWALL's list of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer. You may want to configure a VPN rule that use IKE SAs. • Use the VPN Rules (Manual) screens (see Section 14.4 on page ...271) to -site lines. The following figure provides one perspective of leased site-to manage the ZyWALL's list of tunneling, encryption, authentication, access control and auditing. CHAPTER 14 ...
User Guide
Page 257
... a phase 1 IKE SA. Click this icon to display a screen in which you delete a gateway, the ZyWALL automatically moves the associated network policy(ies) to the recycle bin. When you can also manually move or edit icon and set it to use the VPN tunnel. The recycle bin appears when you... have any network policies that you delete a gateway, the ZyWALL automatically moves the associated network policy(ies) to the recycle bin...
... a phase 1 IKE SA. Click this icon to display a screen in which you delete a gateway, the ZyWALL automatically moves the associated network policy(ies) to the recycle bin. When you can also manually move or edit icon and set it to use the VPN tunnel. The recycle bin appears when you... have any network policies that you delete a gateway, the ZyWALL automatically moves the associated network policy(ies) to the recycle bin...
User Guide
Page 259
...field identifies the WAN IP address or domain name of the ZyWALL. You can select My Address and enter the ZyWALL's static WAN IP address (if it has one of the IPSec router with manual key management. To use when the ZyWALL cannot connect to the primary remote gateway. Table 65 SECURITY >...when there are NAT routers between rules. In order to have a second WAN connection in order for an IPSec router behind the NAT router. ZyWALL 2 Plus User's Guide 259 Chapter 14 IPSec VPN Screens The following table describes the labels in this check box to enable NAT traversal. Set...
...field identifies the WAN IP address or domain name of the ZyWALL. You can select My Address and enter the ZyWALL's static WAN IP address (if it has one of the IPSec router with manual key management. To use when the ZyWALL cannot connect to the primary remote gateway. Table 65 SECURITY >...when there are NAT routers between rules. In order to have a second WAN connection in order for an IPSec router behind the NAT router. ZyWALL 2 Plus User's Guide 259 Chapter 14 IPSec VPN Screens The following table describes the labels in this check box to enable NAT traversal. Set...
User Guide
Page 271
...Edit screen is the VPN policy index number. Use this screen to manage the ZyWALL's list of computers are having problems with IKE key management. Table 69 SECURITY > VPN > VPN Rules (Manual) LABEL DESCRIPTION # This is configured to Range Address. Edit screen is displayed ... for a graphical representation of computer(s) on the remote network behind your ZyWALL. No signifies that use manual keys. The same (static) IP address is configured to Subnet Address. Manual Key - In this screen. Manual Key - This field displays Tunnel or Transport mode (Tunnel is configured to...
...Edit screen is the VPN policy index number. Use this screen to manage the ZyWALL's list of computers are having problems with IKE key management. Table 69 SECURITY > VPN > VPN Rules (Manual) LABEL DESCRIPTION # This is configured to Range Address. Edit screen is displayed ... for a graphical representation of computer(s) on the remote network behind your ZyWALL. No signifies that use manual keys. The same (static) IP address is configured to Subnet Address. Manual Key - In this screen. Manual Key - This field displays Tunnel or Transport mode (Tunnel is configured to...
User Guide
Page 272
... the security protocols used for an SA. Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 ZyWALL 2 Plus User's Guide A window displays asking you to confirm that use manual keys. Manual key management is deleted, subsequent policies move up in the page list. Both AH and... ESP increase ZyWALL processing requirements and communications latency (delay). Address Modify Click the edit icon to delete the...
... the security protocols used for an SA. Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 ZyWALL 2 Plus User's Guide A window displays asking you to confirm that use manual keys. Manual key management is deleted, subsequent policies move up in the page list. Both AH and... ESP increase ZyWALL processing requirements and communications latency (delay). Address Modify Click the edit icon to delete the...