User Guide
Page 165
... IP address of your destination IP address handles lots of this screen. Period The ZyWALL tests a WAN connection by periodically sending a ping to have failed. Check WAN IP Address Configuration of traffic. The ZyWALL still checks a "down " (not connected). Apply Click Apply to save your...goes down. Type the IP address of seconds (5 to 300) to the ping before the connection is considered "down " connection to the ZyWALL. Use a higher value in this IP address if the ZyWALL's Internet connection terminates. Chapter 8 WAN Screens The following table describes the ...
... IP address of your destination IP address handles lots of this screen. Period The ZyWALL tests a WAN connection by periodically sending a ping to have failed. Check WAN IP Address Configuration of traffic. The ZyWALL still checks a "down " (not connected). Apply Click Apply to save your...goes down. Type the IP address of seconds (5 to 300) to the ping before the connection is considered "down " connection to the ZyWALL. Use a higher value in this IP address if the ZyWALL's Internet connection terminates. Chapter 8 WAN Screens The following table describes the ...
User Guide
Page 171
These public servers can also still be visible to the outside world (while still being protected from the secure LAN. ZyWALL 2 Plus User's Guide 171 CHAPTER 9 DMZ Screens 9.1 Overview The DeMilitarized Zone (DMZ) provides a way for public servers (Web, e-mail, FTP, etc.) to be accessed from ...DoS (Denial of Service) attacks such as SYN flooding and Ping of Death). Figure 113 DMZ Overview DMZ LAN 9.1.1 What You Can Do in the DMZ Screens • Use the DMZ screen (Section 9.2 on page 174...
These public servers can also still be visible to the outside world (while still being protected from the secure LAN. ZyWALL 2 Plus User's Guide 171 CHAPTER 9 DMZ Screens 9.1 Overview The DeMilitarized Zone (DMZ) provides a way for public servers (Web, e-mail, FTP, etc.) to be accessed from ...DoS (Denial of Service) attacks such as SYN flooding and Ping of Death). Figure 113 DMZ Overview DMZ LAN 9.1.1 What You Can Do in the DMZ Screens • Use the DMZ screen (Section 9.2 on page 174...
User Guide
Page 196
...configurations. 11.2 Firewall Rules Examples Suppose that your company decides to block all of this , you must first decide if the ZyWALL will respond to Ping requests and whether or not the ZyWALL is to respond to probing for unused ports. • Use the Threshold screen (Section 11.7 on page 208) to ....8 on page 210) to configure custom services for example WAN to WAN, VPN to VPN and so on how to specify which of the ZyWALL), then the ZyWALL may reset the 'incomplete' connection. See Section 11.9 on page 215 for information on ) traffic is enabled. You do not match any destination...
...configurations. 11.2 Firewall Rules Examples Suppose that your company decides to block all of this , you must first decide if the ZyWALL will respond to Ping requests and whether or not the ZyWALL is to respond to probing for unused ports. • Use the Threshold screen (Section 11.7 on page 208) to ....8 on page 210) to configure custom services for example WAN to WAN, VPN to VPN and so on how to specify which of the ZyWALL), then the ZyWALL may reset the 'incomplete' connection. See Section 11.9 on page 215 for information on ) traffic is enabled. You do not match any destination...
User Guide
Page 207
...reset packet or an ICMP destination-unreachable message to the sender. You can specify which of the packets. Figure 134 SECURITY > FIREWALL > Anti-Probing ZyWALL 2 Plus User's Guide 207 Select Drop to silently discard the packets without saving. 11.6 The Anti-Probing Screen Click SECURITY > FIREWALL > Anti-... the following screen. Select Permit to allow the passage of the ZyWALL's interfaces will respond to Ping requests and whether or not the ZyWALL is to do with packets that match this screen to help keep the ZyWALL hidden from the LAN. Apply Cancel Note: You may also need...
...reset packet or an ICMP destination-unreachable message to the sender. You can specify which of the packets. Figure 134 SECURITY > FIREWALL > Anti-Probing ZyWALL 2 Plus User's Guide 207 Select Drop to silently discard the packets without saving. 11.6 The Anti-Probing Screen Click SECURITY > FIREWALL > Anti-... the following screen. Select Permit to allow the passage of the ZyWALL's interfaces will respond to Ping requests and whether or not the ZyWALL is to do with packets that match this screen to help keep the ZyWALL hidden from the LAN. Apply Cancel Note: You may also need...
User Guide
Page 208
... User's Guide Do not respond to requests for the threshold and timeout apply to incoming Ping requests. Click SECURITY > FIREWALL > Threshold to the ZyWALL. The global values specified for unauthorized services. Apply Click Apply to save your changes back to bring up the next screen. If you ... unreachable packet for a port probe on Select the check boxes of the interfaces that interface. Clear an interface's check box to have the ZyWALL not respond to any Ping requests that come into that you select this screen afresh. 11.7 The Threshold Screen For DoS attacks, the...
... User's Guide Do not respond to requests for the threshold and timeout apply to incoming Ping requests. Click SECURITY > FIREWALL > Threshold to the ZyWALL. The global values specified for unauthorized services. Apply Click Apply to save your changes back to bring up the next screen. If you ... unreachable packet for a port probe on Select the check boxes of the interfaces that interface. Clear an interface's check box to have the ZyWALL not respond to any Ping requests that come into that you select this screen afresh. 11.7 The Threshold Screen For DoS attacks, the...
User Guide
Page 265
...Up Select this check box to and communicate with a LAN. Select this feature to have the ZyWALL periodically test the VPN tunnel to have overlapping IP addresses. The ZyWALL pings the IP address every minute. Virtual Address Mapping Rule Virtual address mapping over IPSec) translates the source... the Active check box while the tunnel is up feature for the tunnel trigger the ZyWALL to turn off . The ZyWALL also reinitiates the SA when it sends the ping packet. The ZyWALL starts the IPSec connection idle timeout timer when it restarts. NetBIOS (Network Basic Input/...
...Up Select this check box to and communicate with a LAN. Select this feature to have the ZyWALL periodically test the VPN tunnel to have overlapping IP addresses. The ZyWALL pings the IP address every minute. Virtual Address Mapping Rule Virtual address mapping over IPSec) translates the source... the Active check box while the tunnel is up feature for the tunnel trigger the ZyWALL to turn off . The ZyWALL also reinitiates the SA when it sends the ping packet. The ZyWALL starts the IPSec connection idle timeout timer when it restarts. NetBIOS (Network Basic Input/...
User Guide
Page 437
... to a DoS attack ICMP Source Quench ICMP The firewall detected an ICMP Source Quench attack. ICMP The firewall detected an ICMP ping of death. Attempted use of output interface. traceroute ICMP (type:%d, The firewall detected an ICMP traceroute attack. ICMP Destination Unreachable... | UDP | IGMP | ESP | GRE | OSPF ] The firewall classified a packet with no source routing entry as an IP spoofing attack. ZyWALL 2 Plus User's Guide 437 Table 145 Remote Management Logs LOG MESSAGE Remote Management: FTP denied Remote Management: TELNET denied Remote Management: HTTP or UPnP...
... to a DoS attack ICMP Source Quench ICMP The firewall detected an ICMP Source Quench attack. ICMP The firewall detected an ICMP ping of death. Attempted use of output interface. traceroute ICMP (type:%d, The firewall detected an ICMP traceroute attack. ICMP Destination Unreachable... | UDP | IGMP | ESP | GRE | OSPF ] The firewall classified a packet with no source routing entry as an IP spoofing attack. ZyWALL 2 Plus User's Guide 437 Table 145 Remote Management Logs LOG MESSAGE Remote Management: FTP denied Remote Management: TELNET denied Remote Management: HTTP or UPnP...
User Guide
Page 438
...VPN tunnel's connectivity. The connection failed during IKE phase 2 because the router and the peer's Local/Remote Addresses don't match. 438 ZyWALL 2 Plus User's Guide The connection failed during IKE phase 2 because the router and the peer's Local/Remote Addresses don't match....Attempted use the "ipsec timer chk_conn" CI command to remote management settings. Please check the algorithm configuration. The device sent a ping packet to remote management settings. Attempted use of DNS service was blocked according to remote management settings. The router dropped a connection...
...VPN tunnel's connectivity. The connection failed during IKE phase 2 because the router and the peer's Local/Remote Addresses don't match. 438 ZyWALL 2 Plus User's Guide The connection failed during IKE phase 2 because the router and the peer's Local/Remote Addresses don't match....Attempted use the "ipsec timer chk_conn" CI command to remote management settings. Please check the algorithm configuration. The device sent a ping packet to remote management settings. Attempted use of DNS service was blocked according to remote management settings. The router dropped a connection...
User Guide
Page 518
... here. Period(sec) Enter the time interval (in the Fail Tolerance field. The number in this menu, press [ENTER] at any time to cancel. 518 ZyWALL 2 Plus User's Guide Five to 60 is usually a good number. When you have completed this field should be less than the number in the Check... Remote Node Setup Table 188 Menu 11.1.5: Traffic Redirect Setup FIELD DESCRIPTION Check WAN IP Address Enter the IP address of a reliable nearby computer (for a ping response from the IP Address in the Period field. Three to 50 is usually a good number.
... here. Period(sec) Enter the time interval (in the Fail Tolerance field. The number in this menu, press [ENTER] at any time to cancel. 518 ZyWALL 2 Plus User's Guide Five to 60 is usually a good number. When you have completed this field should be less than the number in the Check... Remote Node Setup Table 188 Menu 11.1.5: Traffic Redirect Setup FIELD DESCRIPTION Check WAN IP Address Enter the IP address of a reliable nearby computer (for a ping response from the IP Address in the Period field. Three to 50 is usually a good number.
User Guide
Page 568
... in menu 4 or menu 11 is Dynamic and the Encapsulation field in menu 24.4 for your ZyWALL and associated connections. Ping Host 2. Table 205 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Enter 1 to release and/or renew the assigned WAN IP address, subnet mask and default ...gateway in Figure 392 on your WAN DHCP settings. 568 ZyWALL 2 Plus User's Guide WAN DHCP Renewal 4. LAN DHCP has already ...
... in menu 4 or menu 11 is Dynamic and the Encapsulation field in menu 24.4 for your ZyWALL and associated connections. Ping Host 2. Table 205 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Enter 1 to release and/or renew the assigned WAN IP address, subnet mask and default ...gateway in Figure 392 on your WAN DHCP settings. 568 ZyWALL 2 Plus User's Guide WAN DHCP Renewal 4. LAN DHCP has already ...
User Guide
Page 569
... 1in the Enter Menu Selection Number field, then enter the IP address of the selection you want to renew your WAN DHCP settings. ZyWALL 2 Plus User's Guide 569 This feature is only available for more details. Internet Access. Chapter 40 System Information & Diagnosis Table 205... System Maintenance Menu Diagnostic FIELD DESCRIPTION WAN DHCP Renewal Enter 3 to ping in Menu 4 - Reboot System Enter 11 to cancel. Enter the number of the computer you would like to perform or press [ESC]...
... 1in the Enter Menu Selection Number field, then enter the IP address of the selection you want to renew your WAN DHCP settings. ZyWALL 2 Plus User's Guide 569 This feature is only available for more details. Internet Access. Chapter 40 System Information & Diagnosis Table 205... System Maintenance Menu Diagnostic FIELD DESCRIPTION WAN DHCP Renewal Enter 3 to ping in Menu 4 - Reboot System Enter 11 to cancel. Enter the number of the computer you would like to perform or press [ESC]...
User Guide
Page 608
...about your Ethernet cable type and connections. V I cannot ping any computer on the LAN. 1 Check the 10M/100M LAN LEDs on leaving the factory. V I cannot access servers on separate subnets. 4 Make sure that NAT is configured for your ZyWALL and hub or the station. 2 Verify that the IP ... flow set to none. The communications software should be through the user name and password, the MAC address or the host name. 608 ZyWALL 2 Plus User's Guide Chapter 45 Troubleshooting See the troubleshooting suggestions for I cannot see if the communications program is the default speed on ...
...about your Ethernet cable type and connections. V I cannot ping any computer on the LAN. 1 Check the 10M/100M LAN LEDs on leaving the factory. V I cannot access servers on separate subnets. 4 Make sure that NAT is configured for your ZyWALL and hub or the station. 2 Verify that the IP ... flow set to none. The communications software should be through the user name and password, the MAC address or the host name. 608 ZyWALL 2 Plus User's Guide Chapter 45 Troubleshooting See the troubleshooting suggestions for I cannot see if the communications program is the default speed on ...
User Guide
Page 610
... network (for example, microwaves, other wireless networks, and so on the ZyWALL. 7 Make sure you might consider changing the allocations. 45.4 Wireless Router/AP Troubleshooting V I cannot access the ZyWALL or ping any computer from your computer. 2 Re-connect the Ethernet cable. Advanced Suggestions... • Check the settings for UPnP disappears in the screen. 610 ZyWALL 2 Plus User's Guide If it . V The Local ...
... network (for example, microwaves, other wireless networks, and so on the ZyWALL. 7 Make sure you might consider changing the allocations. 45.4 Wireless Router/AP Troubleshooting V I cannot access the ZyWALL or ping any computer from your computer. 2 Re-connect the Ethernet cable. Advanced Suggestions... • Check the settings for UPnP disappears in the screen. 610 ZyWALL 2 Plus User's Guide If it . V The Local ...
User Guide
Page 655
... systems, including mainframes, midrange systems, UNIX systems and network servers. Stream Works Protocol. Remote Command Service. Secure Shell Remote Login Program. ZyWALL 2 Plus User's Guide 655 Point-to a UNIX server. PPTP (Point-to move messages from a POP3 server through a temporary connection...Terminal Access Controller Access Control System). Remote Login. Appendix D Common Services Table 232 Commonly Used Services (continued) NAME NNTP PING POP3 PROTOCOL TCP User-Defined TCP PPTP TCP PPTP_TUNNEL (GRE) RCMD REAL_AUDIO REXEC RLOGIN RTELNET RTSP User-Defined TCP TCP TCP...
... systems, including mainframes, midrange systems, UNIX systems and network servers. Stream Works Protocol. Remote Command Service. Secure Shell Remote Login Program. ZyWALL 2 Plus User's Guide 655 Point-to a UNIX server. PPTP (Point-to move messages from a POP3 server through a temporary connection...Terminal Access Controller Access Control System). Remote Login. Appendix D Common Services Table 232 Commonly Used Services (continued) NAME NNTP PING POP3 PROTOCOL TCP User-Defined TCP PPTP TCP PPTP_TUNNEL (GRE) RCMD REAL_AUDIO REXEC RLOGIN RTELNET RTSP User-Defined TCP TCP TCP...
User Guide
Page 683
... 468 path cost 148 Perfect Forward Secrecy. See PPTP. pool of IP addresses 133, 136 port filter setup ZyWALL 2 Plus User's Guide R RADIUS 323 and IKE SA 286 Shared Secret Key 324 RADIUS Message Types 324 RADIUS... Spanning Tree Protocol. See RTP. Network Address Translation. see PFS. See NAT. See NetBIOS. registering your ZyWALL 126 registration product 671 related documentation 3 reload factory-default configuration file 51 remote management 378, 595 CNM 394... PFS 292 Diffie-Hellman key group 292 PIN number 128 ping 568 Point-to-Point Protocol over Ethernet. See Rapid STP.
... 468 path cost 148 Perfect Forward Secrecy. See PPTP. pool of IP addresses 133, 136 port filter setup ZyWALL 2 Plus User's Guide R RADIUS 323 and IKE SA 286 Shared Secret Key 324 RADIUS Message Types 324 RADIUS... Spanning Tree Protocol. See RTP. Network Address Translation. see PFS. See NAT. See NetBIOS. registering your ZyWALL 126 registration product 671 related documentation 3 reload factory-default configuration file 51 remote management 378, 595 CNM 394... PFS 292 Diffie-Hellman key group 292 PIN number 128 ping 568 Point-to-Point Protocol over Ethernet. See Rapid STP.