User Guide
Page 13
... 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14....4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
... 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14....4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
User Guide
Page 15
... Overview Screen 332 17.3 The Address Mapping Screen 334 17.3.1 The Address Mapping Edit Screen 335 17.4 The Port Forwarding Screen 336 17.4.1 Configuring Servers Behind Port Forwarding (Example 337 17.4.2 Configuring the Port Forwarding Screen 338 17.5 The Port Triggering Screen 340 17.6 NAT Technical Reference 341 Chapter 18 Static Route Screens ...347 18.1 Overview ...347... ...365 20.1.1 What You Can Do in the DNS Screens 365 20.1.2 What You Need To Know About DNS 365 20.2 The System Screen ...367 ZyWALL 2 Plus User's Guide 15
... Overview Screen 332 17.3 The Address Mapping Screen 334 17.3.1 The Address Mapping Edit Screen 335 17.4 The Port Forwarding Screen 336 17.4.1 Configuring Servers Behind Port Forwarding (Example 337 17.4.2 Configuring the Port Forwarding Screen 338 17.5 The Port Triggering Screen 340 17.6 NAT Technical Reference 341 Chapter 18 Static Route Screens ...347 18.1 Overview ...347... ...365 20.1.1 What You Can Do in the DNS Screens 365 20.1.2 What You Need To Know About DNS 365 20.2 The System Screen ...367 ZyWALL 2 Plus User's Guide 15
User Guide
Page 20
... Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters...
... Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters...
User Guide
Page 26
... FTP Traffic to a Local Computer 104 Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 104 Figure 58 Tutorial Example: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
... FTP Traffic to a Local Computer 104 Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 104 Figure 58 Tutorial Example: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 29
...) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
...) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
User Guide
Page 30
...Edit 335 Figure 216 Multiple Servers Behind NAT Example 337 Figure 217 Port Translation Example 338 Figure 218 ADVANCED > NAT > Port Forwarding 339 Figure 219 Trigger Port Forwarding Process: Example 340 Figure 220 ADVANCED > NAT > Port Triggering 341 Figure 221 How NAT Works ...343 Figure 222 NAT Application...244 Example: Lock Denoting a Secure Connection 381 Figure 245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH Example 2: Test ...383 Figure 250 SSH Example ...
...Edit 335 Figure 216 Multiple Servers Behind NAT Example 337 Figure 217 Port Translation Example 338 Figure 218 ADVANCED > NAT > Port Forwarding 339 Figure 219 Trigger Port Forwarding Process: Example 340 Figure 220 ADVANCED > NAT > Port Triggering 341 Figure 221 How NAT Works ...343 Figure 222 NAT Application...244 Example: Lock Denoting a Secure Connection 381 Figure 245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH Example 2: Test ...383 Figure 250 SSH Example ...
User Guide
Page 38
...> WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic...> VPN > VPN Rules (IKE) > Edit Network Policy 265 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 ...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
...> WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic...> VPN > VPN Rules (IKE) > Edit Network Policy 265 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 ...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 39
... > NAT Overview 333 Table 95 ADVANCED > NAT > Address Mapping 334 Table 96 ADVANCED > NAT > Address Mapping > Edit 336 Table 97 ADVANCED > NAT > Port Forwarding 339 Table 98 ADVANCED > NAT > Port Triggering 341 Table 99 ADVANCED > STATIC ROUTE > IP Static Route 348 Table 100 ADVANCED > STATIC ROUTE > IP Static Route > Edit 349 Table 101... > SNMP 393 Table 119 ADVANCED > REMOTE MGMT > DNS 394 Table 120 ADVANCED > REMOTE MGMT > CNM 395 Table 121 ADVANCED > UPnP ...404 Table 122 ADVANCED > UPnP > Ports 405 Table 123 ADVANCED > Custom APP 408 Table 124 ADVANCED > ALG ...412...
... > NAT Overview 333 Table 95 ADVANCED > NAT > Address Mapping 334 Table 96 ADVANCED > NAT > Address Mapping > Edit 336 Table 97 ADVANCED > NAT > Port Forwarding 339 Table 98 ADVANCED > NAT > Port Triggering 341 Table 99 ADVANCED > STATIC ROUTE > IP Static Route 348 Table 100 ADVANCED > STATIC ROUTE > IP Static Route > Edit 349 Table 101... > SNMP 393 Table 119 ADVANCED > REMOTE MGMT > DNS 394 Table 120 ADVANCED > REMOTE MGMT > CNM 395 Table 121 ADVANCED > UPnP ...404 Table 122 ADVANCED > UPnP > Ports 405 Table 123 ADVANCED > Custom APP 408 Table 124 ADVANCED > ALG ...412...
User Guide
Page 45
You can also deploy the ZyWALL as well. The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP server and many other powerful features. See Chapter 46 on page 613 for a complete list of features. 1.2 Applications for the ZyWALL Here are some examples of what you can add an IEEE 802.11a/b/g-compliant wireless LAN by providing...
You can also deploy the ZyWALL as well. The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP server and many other powerful features. See Chapter 46 on page 613 for a complete list of features. 1.2 Applications for the ZyWALL Here are some examples of what you can add an IEEE 802.11a/b/g-compliant wireless LAN by providing...
User Guide
Page 61
... Route Use this screen to configure servers behind the ZyWALL. Port Forwarding Use this screen to configure IP static routes. Ports Use this screen to view the ZyWALL's bandwidth usage and allotments. Monitor Use this screen to view the NAT port mapping rules that UPnP creates on the ZyWALL. Chapter 2 Introducing the Web Configurator Table 6 Screens Summary...
... Route Use this screen to configure servers behind the ZyWALL. Port Forwarding Use this screen to configure IP static routes. Ports Use this screen to view the ZyWALL's bandwidth usage and allotments. Monitor Use this screen to view the NAT port mapping rules that UPnP creates on the ZyWALL. Chapter 2 Introducing the Web Configurator Table 6 Screens Summary...
User Guide
Page 95
...following figure shows the network you examples of how to set up this example. • Assign the first public address (1.2.3.4) to the ZyWALL's WAN port. • Map the second and third public IP addresses (1.2.3.5 and 1.2.3.6) to the web and mail servers (192.168.1.12 and ... future use the first public IP address (1.2.3.4). 2 Configure NAT address mapping for other public IP addresses (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to forward FTP traffic from the WAN to use . Figure 41 Tutorial Example: Using NAT with Multiple Public IP Addresses This section shows you want...
...following figure shows the network you examples of how to set up this example. • Assign the first public address (1.2.3.4) to the ZyWALL's WAN port. • Map the second and third public IP addresses (1.2.3.5 and 1.2.3.6) to the web and mail servers (192.168.1.12 and ... future use the first public IP address (1.2.3.4). 2 Configure NAT address mapping for other public IP addresses (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to forward FTP traffic from the WAN to use . Figure 41 Tutorial Example: Using NAT with Multiple Public IP Addresses This section shows you want...
User Guide
Page 103
...you expand your network. Refer to another internal server when you should also create a port forwarding (server mapping) rule. You still have the ZyWALL forward incoming traffic to a specific computer on page 105 for more information. 4.2.4 Forwarding Traffic from the WAN to be accessible to the computer with the IP address of 192...Address Mapping Done " To allow traffic from the WAN to a Local Computer A server NAT address mapping rule allows computers behind the NAT be forwarded through the ZyXEL Device, you want to forward FTP traffic using port 21 to the outside world.
...you expand your network. Refer to another internal server when you should also create a port forwarding (server mapping) rule. You still have the ZyWALL forward incoming traffic to a specific computer on page 105 for more information. 4.2.4 Forwarding Traffic from the WAN to be accessible to the computer with the IP address of 192...Address Mapping Done " To allow traffic from the WAN to a Local Computer A server NAT address mapping rule allows computers behind the NAT be forwarded through the ZyXEL Device, you want to forward FTP traffic using port 21 to the outside world.
User Guide
Page 104
Chapter 4 Tutorials Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click ADVANCED > NAT > Address Mapping. 2 Click the forth rule's Edit icon ( ) to configure a server rule. Click Apply. 104 ZyWALL 2 Plus User's Guide Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 3 Click the Port Forwarding tab. 4 Select the Active check box, enter a descriptive name (FTP for example), incoming port number (21) and 192.168.1.39 as the server IP address.
Chapter 4 Tutorials Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click ADVANCED > NAT > Address Mapping. 2 Click the forth rule's Edit icon ( ) to configure a server rule. Click Apply. 104 ZyWALL 2 Plus User's Guide Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 3 Click the Port Forwarding tab. 4 Select the Active check box, enter a descriptive name (FTP for example), incoming port number (21) and 192.168.1.39 as the server IP address.
User Guide
Page 105
...Example: NAT Port Forwarding Chapter 4 Tutorials 4.2.5 Allow WAN-to-LAN Traffic through the Firewall By default, the ZyWALL blocks any traffic initiated from the WAN to a local computer or server on the LAN: • Web server • Mail server • FTP server Figure 59 Tutorial Example: Forwarding Incoming FTP ... Computer 1 Click SECURITY > FIREWALL. 2 Make sure the firewall is enabled and traffic from the WAN to the LAN. To have the ZyWALL forward traffic initiated from the WAN to the LAN is dropped. In this example, you create the firewall rules to allow traffic from the WAN...
...Example: NAT Port Forwarding Chapter 4 Tutorials 4.2.5 Allow WAN-to-LAN Traffic through the Firewall By default, the ZyWALL blocks any traffic initiated from the WAN to a local computer or server on the LAN: • Web server • Mail server • FTP server Figure 59 Tutorial Example: Forwarding Incoming FTP ... Computer 1 Click SECURITY > FIREWALL. 2 Make sure the firewall is enabled and traffic from the WAN to the LAN. To have the ZyWALL forward traffic initiated from the WAN to the LAN is dropped. In this example, you create the firewall rules to allow traffic from the WAN...
User Guide
Page 112
...addresses to the mail server (192.168.1.12) and web server (192.168.1.13) respectively. When you finish configuration, the screen looks as the ZyWALL. 2 Open your WAN connection and NAT address mapping are mapped to other outgoing LAN traffic. The first and second public IP addresses are configured ... Section 4.2.3 on page 99 for more than one rule. If you cannot access it, make sure the NAT port forwarding rule is active and there is in the same subnet as shown. 112 ZyWALL 2 Plus User's Guide After you set up your ISP. If you cannot access the FTP server, make sure...
...addresses to the mail server (192.168.1.12) and web server (192.168.1.13) respectively. When you finish configuration, the screen looks as the ZyWALL. 2 Open your WAN connection and NAT address mapping are mapped to other outgoing LAN traffic. The first and second public IP addresses are configured ... Section 4.2.3 on page 99 for more than one rule. If you cannot access it, make sure the NAT port forwarding rule is active and there is in the same subnet as shown. 112 ZyWALL 2 Plus User's Guide After you set up your ISP. If you cannot access the FTP server, make sure...
User Guide
Page 207
... Cancel Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to allow the passage of the ZyWALL's interfaces will respond to Ping requests and whether or not the ZyWALL is to do with packets that match this screen. ... exit this rule. Note: You also need to configure the remote management settings if you want to allow a WAN computer to manage the ZyWALL or restrict management from probing attempts. Select Drop to silently discard the packets without saving. 11.6 The Anti-Probing Screen Click SECURITY > FIREWALL...
... Cancel Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to allow the passage of the ZyWALL's interfaces will respond to Ping requests and whether or not the ZyWALL is to do with packets that match this screen. ... exit this rule. Note: You also need to configure the remote management settings if you want to allow a WAN computer to manage the ZyWALL or restrict management from probing attempts. Select Drop to silently discard the packets without saving. 11.6 The Anti-Probing Screen Click SECURITY > FIREWALL...
User Guide
Page 216
... tunnels. For example, you may create rules to: • Allow certain types of the ZyWALL's VPN tunnels. 216 ZyWALL 2 Plus User's Guide Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow a WAN computer to or from specific hosts on the ...Internet to specific hosts on the LAN. • Allow public access to a Web server on the LAN. Chapter 11 Firewall Screens By default, the ZyWALL drops packets...
... tunnels. For example, you may create rules to: • Allow certain types of the ZyWALL's VPN tunnels. 216 ZyWALL 2 Plus User's Guide Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow a WAN computer to or from specific hosts on the ...Internet to specific hosts on the LAN. • Allow public access to a Web server on the LAN. Chapter 11 Firewall Screens By default, the ZyWALL drops packets...
User Guide
Page 266
...Subnet Address, this button to go to a screen where you can have the local and remote IP address(es) both . The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in the Type field, enter the ending (static) IP address of a range of computers on the LAN behind your... ZyWALL. Use port forwarding rules to allow incoming traffic from the remote network. When you select Many One-to the remote network. Starting IP Address When the ...
...Subnet Address, this button to go to a screen where you can have the local and remote IP address(es) both . The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in the Type field, enter the ending (static) IP address of a range of computers on the LAN behind your... ZyWALL. Use port forwarding rules to allow incoming traffic from the remote network. When you select Many One-to the remote network. Starting IP Address When the ...
User Guide
Page 268
...encryption keys for your VPN tunnels to let the ZyWALL forward traffic coming in through the VPN tunnel to the appropriate IP address on the LAN. 268 ZyWALL 2 Plus User's Guide Enable Multiple Proposals Select this screen to configure port forwarding for each IPSec SA. Apply Click Apply to... protect against replay attacks. Perfect Forward Secrecy (PFS) Select whether or not you want to ...
...encryption keys for your VPN tunnels to let the ZyWALL forward traffic coming in through the VPN tunnel to the appropriate IP address on the LAN. 268 ZyWALL 2 Plus User's Guide Enable Multiple Proposals Select this screen to configure port forwarding for each IPSec SA. Apply Click Apply to... protect against replay attacks. Perfect Forward Secrecy (PFS) Select whether or not you want to ...
User Guide
Page 269
...) > Edit Network Policy > Port Forwarding LABEL DESCRIPTION Default Server In addition to save these settings. Start Port Type a port number in the Start Port field above and then type it again in this screen are not specified in this screen. To forward only one port, type the port number in the Start Port field above . ZyWALL 2 Plus User's Guide 269...
...) > Edit Network Policy > Port Forwarding LABEL DESCRIPTION Default Server In addition to save these settings. Start Port Type a port number in the Start Port field above and then type it again in this screen are not specified in this screen. To forward only one port, type the port number in the Start Port field above . ZyWALL 2 Plus User's Guide 269...