User Guide
Page 8
... Wireless Setup ...505 Remote Node Setup ...509 IP Static Route Setup ...519 Network Address Translation (NAT 521 Introducing the ZyWALL Firewall 539 Filter Configuration ...541 SNMP Configuration ...557 System Information & Diagnosis 559 Firmware and Configuration File Maintenance 571 System... Maintenance Menus 8 to 10 587 Remote Management ...595 Call Scheduling ...599 Troubleshooting and Specifications 603 Troubleshooting ...605 Product Specifications ...613 Appendices and Index ...619 8 ZyWALL 2 Plus User's Guide Contents Overview SMT ...465 Introducing the SMT ...467 SMT Menu 1 -
... Wireless Setup ...505 Remote Node Setup ...509 IP Static Route Setup ...519 Network Address Translation (NAT 521 Introducing the ZyWALL Firewall 539 Filter Configuration ...541 SNMP Configuration ...557 System Information & Diagnosis 559 Firmware and Configuration File Maintenance 571 System... Maintenance Menus 8 to 10 587 Remote Management ...595 Call Scheduling ...599 Troubleshooting and Specifications 603 Troubleshooting ...605 Product Specifications ...613 Appendices and Index ...619 8 ZyWALL 2 Plus User's Guide Contents Overview SMT ...465 Introducing the SMT ...467 SMT Menu 1 -
User Guide
Page 10
... 103 4.2.5 Allow WAN-to-LAN Traffic through the Firewall 105 4.2.6 Testing the Connections 112 4.3 Using NAT with Multiple Game Players 112 4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example Parameters and Scenario 113 4.4.2 Configuring Bandwidth Management Rules 114 4.5 Configuring Content Filtering 118 4.5.1 Enable Content Filtering 118 4.5.2 Block Categories of Web Content...
... 103 4.2.5 Allow WAN-to-LAN Traffic through the Firewall 105 4.2.6 Testing the Connections 112 4.3 Using NAT with Multiple Game Players 112 4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example Parameters and Scenario 113 4.4.2 Configuring Bandwidth Management Rules 114 4.5 Configuring Content Filtering 118 4.5.1 Enable Content Filtering 118 4.5.2 Block Categories of Web Content...
User Guide
Page 17
....5 The Traffic Statistics Screen 424 25.5.1 Viewing Web Site Hits 425 25.5.2 Viewing Host IP Address 426 25.5.3 Viewing Protocol/Port 427 25.5.4 System Reports Specifications 429 25.6 The E-mail Report Screen 429 25.7 Logs Technical Reference 431 Chapter 26 Maintenance Screens ...447 26.1 Overview ...447 26.1.1 What You Can Do... 26.5 The Device Mode Screen 453 26.5.1 The Device Mode Screen (Router 453 26.5.2 The Device Mode Screen (Bridge 454 26.6 The F/W Upload Screen 457 ZyWALL 2 Plus User's Guide 17
....5 The Traffic Statistics Screen 424 25.5.1 Viewing Web Site Hits 425 25.5.2 Viewing Host IP Address 426 25.5.3 Viewing Protocol/Port 427 25.5.4 System Reports Specifications 429 25.6 The E-mail Report Screen 429 25.7 Logs Technical Reference 431 Chapter 26 Maintenance Screens ...447 26.1 Overview ...447 26.1.1 What You Can Do... 26.5 The Device Mode Screen 453 26.5.1 The Device Mode Screen (Router 453 26.5.2 The Device Mode Screen (Bridge 454 26.6 The F/W Upload Screen 457 ZyWALL 2 Plus User's Guide 17
User Guide
Page 22
... Call Scheduling ...599 44.1 Introduction to Call Scheduling 599 Part VII: Troubleshooting and Specifications 603 Chapter 45 Troubleshooting...605 45.1 Power, Hardware Connections, and LEDs 605 45.2 ZyWALL Access and Login 606 45.3 Internet Access ...608 45.4 Wireless Router/AP Troubleshooting 610... 45.5 UPnP ...610 Chapter 46 Product Specifications ...613 46.1 General ZyWALL Specifications 613 46.2 Cable Pin Assignments 615 46.3 Wall-...
... Call Scheduling ...599 44.1 Introduction to Call Scheduling 599 Part VII: Troubleshooting and Specifications 603 Chapter 45 Troubleshooting...605 45.1 Power, Hardware Connections, and LEDs 605 45.2 ZyWALL Access and Login 606 45.3 Internet Access ...608 45.4 Wireless Router/AP Troubleshooting 610... 45.5 UPnP ...610 Chapter 46 Product Specifications ...613 46.1 General ZyWALL Specifications 613 46.2 Cable Pin Assignments 615 46.3 Wall-...
User Guide
Page 30
... 380 Figure 243 Security Certificate 2 (Netscape 380 Figure 244 Example: Lock Denoting a Secure Connection 381 Figure 245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH Example 2: Test ...383 Figure 250 SSH Example 2: Log in...
... 380 Figure 243 Security Certificate 2 (Netscape 380 Figure 244 Example: Lock Denoting a Secure Connection 381 Figure 245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH Example 2: Test ...383 Figure 250 SSH Example 2: Log in...
User Guide
Page 40
...: Web Site Hits Report 426 Table 130 LOGS > Traffic Statistics: Host IP Address 427 Table 131 LOGS > Traffic Statistics: Protocol/ Port 428 Table 132 Report Specifications ...429 Table 133 LOGS > E-mail Report ...430 Table 134 System Maintenance Logs 431 Table 135 System Error Logs ...432 Table 136 Access Control Logs ...433... Summary ...470 Table 165 SMT Menus Overview ...471 Table 166 Menu 1: General Setup (Router Mode 475 Table 167 Menu 1: General Setup (Bridge Mode 476 40 ZyWALL 2 Plus User's Guide
...: Web Site Hits Report 426 Table 130 LOGS > Traffic Statistics: Host IP Address 427 Table 131 LOGS > Traffic Statistics: Protocol/ Port 428 Table 132 Report Specifications ...429 Table 133 LOGS > E-mail Report ...430 Table 134 System Maintenance Logs 431 Table 135 System Error Logs ...432 Table 136 Access Control Logs ...433... Summary ...470 Table 165 SMT Menus Overview ...471 Table 166 Menu 1: General Setup (Router Mode 475 Table 167 Menu 1: General Setup (Bridge Mode 476 40 ZyWALL 2 Plus User's Guide
User Guide
Page 41
... Fields in Menu 4 (PPPoE) screen 500 Table 184 Menu 11.1: Remote Node Profile for Ethernet Encapsulation 510 Table 185 Fields in Menu 11.1 (PPPoE Encapsulation Specific 513 Table 186 Menu 11.1: Remote Node Profile for PPTP Encapsulation 514 Table 187 Remote Node Network Layer Options Menu Fields 515 Table 188 Menu... GUI-based FTP Clients 574 Table 208 General Commands for GUI-based TFTP Clients 575 Table 209 Valid Commands ...588 Table 210 Budget Management ...590 ZyWALL 2 Plus User's Guide 41
... Fields in Menu 4 (PPPoE) screen 500 Table 184 Menu 11.1: Remote Node Profile for Ethernet Encapsulation 510 Table 185 Fields in Menu 11.1 (PPPoE Encapsulation Specific 513 Table 186 Menu 11.1: Remote Node Profile for PPTP Encapsulation 514 Table 187 Remote Node Network Layer Options Menu Fields 515 Table 188 Menu... GUI-based FTP Clients 574 Table 208 General Commands for GUI-based TFTP Clients 575 Table 209 Valid Commands ...588 Table 210 Budget Management ...590 ZyWALL 2 Plus User's Guide 41
User Guide
Page 42
Remote Management Control 596 Table 214 Schedule Set Setup ...600 Table 215 Hardware Specifications ...613 Table 216 Firmware Specifications ...613 Table 217 Feature and Performance Specifications 615 Table 218 Console Cable Pin Assignments 616 Table 219 Dial Backup Cable Pin Assignments 616 Table 220 Ethernet Cable Pin...230 24-bit Network Number Subnet Planning 651 Table 231 16-bit Network Number Subnet Planning 651 Table 232 Commonly Used Services 654 42 ZyWALL 2 Plus User's Guide List of Tables Table 211 Call History ...591 Table 212 Menu 24.10 System Maintenance: Time and Date ...
Remote Management Control 596 Table 214 Schedule Set Setup ...600 Table 215 Hardware Specifications ...613 Table 216 Firmware Specifications ...613 Table 217 Feature and Performance Specifications 615 Table 218 Console Cable Pin Assignments 616 Table 219 Dial Backup Cable Pin Assignments 616 Table 220 Ethernet Cable Pin...230 24-bit Network Number Subnet Planning 651 Table 231 16-bit Network Number Subnet Planning 651 Table 232 Commonly Used Services 654 42 ZyWALL 2 Plus User's Guide List of Tables Table 211 Call History ...591 Table 212 Menu 24.10 System Maintenance: Time and Date ...
User Guide
Page 50
" If you do not replace the default certificate here or in the CERTIFICATES screen, this screen displays every time you . 50 ZyWALL 2 Plus User's Guide Simply log back into the ZyWALL if this device. Figure 4 Change Password Screen 6 Click Apply in the Administrator Inactivity Timer field expires (default five minutes). Type a...(highly recommended) as shown next. Chapter 2 Introducing the Web Configurator 5 You should now see the HOME screen (see a screen asking you to change your ZyWALL's MAC address that will be specific to this happens to you access the web configurator.
" If you do not replace the default certificate here or in the CERTIFICATES screen, this screen displays every time you . 50 ZyWALL 2 Plus User's Guide Simply log back into the ZyWALL if this device. Figure 4 Change Password Screen 6 Click Apply in the Administrator Inactivity Timer field expires (default five minutes). Type a...(highly recommended) as shown next. Chapter 2 Introducing the Web Configurator 5 You should now see the HOME screen (see a screen asking you to change your ZyWALL's MAC address that will be specific to this happens to you access the web configurator.
User Guide
Page 62
... Port Statistics in the HOME screen. The Poll Interval(s) field is configurable. F/W Upload Use this screen to upload firmware to your ZyWALL Backup & Restore Use this screen to view the logs for sending reports via email. Chapter 2 Introducing the Web Configurator Table 6 Screens...ZyWALL. Log Settings Use this screen to change your ZyWALL work as a router or a bridge. Device Mode Use this screen to configure and have the ZyWALL generate and send diagnostic files by e-mail and/or the console port. Read-only information here includes port status and packet specific...
... Port Statistics in the HOME screen. The Poll Interval(s) field is configurable. F/W Upload Use this screen to upload firmware to your ZyWALL Backup & Restore Use this screen to view the logs for sending reports via email. Chapter 2 Introducing the Web Configurator Table 6 Screens...ZyWALL. Log Settings Use this screen to change your ZyWALL work as a router or a bridge. Device Mode Use this screen to configure and have the ZyWALL generate and send diagnostic files by e-mail and/or the console port. Read-only information here includes port status and packet specific...
User Guide
Page 64
...is unique to your computer (six pairs of security settings related to router mode. A Security Association (SA) is set to a specific VPN tunnel. Figure 12 HOME > VPN Status 64 ZyWALL 2 Plus User's Guide Chapter 2 Introducing the Web Configurator The following table describes the labels in this table. Refresh Click Refresh to... IP address also display in the Static DHCP screen (where you can select up to 32 entries in each entry to have the ZyWALL always assign the selected entry(ies)'s IP address(es) to reload the DHCP table. 2.4.8 VPN Status Click VPN in the HOME screen ...
...is unique to your computer (six pairs of security settings related to router mode. A Security Association (SA) is set to a specific VPN tunnel. Figure 12 HOME > VPN Status 64 ZyWALL 2 Plus User's Guide Chapter 2 Introducing the Web Configurator The following table describes the labels in this table. Refresh Click Refresh to... IP address also display in the Static DHCP screen (where you can select up to 32 entries in each entry to have the ZyWALL always assign the selected entry(ies)'s IP address(es) to reload the DHCP table. 2.4.8 VPN Status Click VPN in the HOME screen ...
User Guide
Page 79
...Address/ Subnet Mask When the Local Network field is selected, packets for a specific range of IP addresses. Chapter 3 Wizard Setup Two active SAs cannot have the same local or remote IP address, but the ZyWALL drops trailing spaces. You may use any time. Network Policy Setting Local Network ... Single, this is N/A. When the Local Network field is configured to Subnet, this field is a subnet mask on the LAN behind your ZyWALL. ZyWALL 2 Plus User's Guide 79 Figure 27 VPN Wizard: Network Setting The following table describes the labels in this is configured to Range IP,...
...Address/ Subnet Mask When the Local Network field is selected, packets for a specific range of IP addresses. Chapter 3 Wizard Setup Two active SAs cannot have the same local or remote IP address, but the ZyWALL drops trailing spaces. You may use any time. Network Policy Setting Local Network ... Single, this is N/A. When the Local Network field is configured to Subnet, this field is a subnet mask on the LAN behind your ZyWALL. ZyWALL 2 Plus User's Guide 79 Figure 27 VPN Wizard: Network Setting The following table describes the labels in this is configured to Range IP,...
User Guide
Page 80
...Starting IP Address When the Remote Network field is configured to negotiate a phase 1 IKE SA. Figure 28 VPN Wizard: IKE Tunnel Setting 80 ZyWALL 2 Plus User's Guide When the Remote Network field is configured to Subnet, enter a (static) IP address on the network behind the remote ..., encryption and other settings needed to Subnet, enter a subnet mask on the network behind the remote IPSec router. Select Single for a specific range of computers on the network behind the remote IPSec router. Select Subnet to the remote IPSec router's configured local IP addresses. Back ...
...Starting IP Address When the Remote Network field is configured to negotiate a phase 1 IKE SA. Figure 28 VPN Wizard: IKE Tunnel Setting 80 ZyWALL 2 Plus User's Guide When the Remote Network field is configured to Subnet, enter a (static) IP address on the network behind the remote ..., encryption and other settings needed to Subnet, enter a subnet mask on the network behind the remote IPSec router. Select Single for a specific range of computers on the network behind the remote IPSec router. Select Subnet to the remote IPSec router's configured local IP addresses. Back ...
User Guide
Page 95
...Map the first public address (1.2.3.4) to incoming traffic from the WAN. • Forward FTP traffic using port 21 from the WAN to a specific local computer (192.168.1.39). • The last public IP address (1.2.3.7) is not mapped to any device and is reserved for other ... (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to forward FTP traffic from your ISP and your ZyWALL's LAN IP address. Public IP Addresses ZyWALL's LAN IP Address 1.2.3.4 to 1.2.3.7 192.168.1.1 The following table shows the public IP addresses from the WAN to a specific computer on your local network.
...Map the first public address (1.2.3.4) to incoming traffic from the WAN. • Forward FTP traffic using port 21 from the WAN to a specific local computer (192.168.1.39). • The last public IP address (1.2.3.7) is not mapped to any device and is reserved for other ... (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to forward FTP traffic from your ISP and your ZyWALL's LAN IP address. Public IP Addresses ZyWALL's LAN IP Address 1.2.3.4 to 1.2.3.7 192.168.1.1 The following table shows the public IP addresses from the WAN to a specific computer on your local network.
User Guide
Page 99
Make sure the status is not down. Figure 47 Tutorial Example: DNS > System: Done Chapter 4 Tutorials 11 Go to the Home screen to them. Figure 48 Tutorial Example: Status 4.2.3 Public IP Address Mapping To have the local computers and servers use specific WAN IP addresses, you need to map static public IP addresses to check your WAN connection status. ZyWALL 2 Plus User's Guide 99
Make sure the status is not down. Figure 47 Tutorial Example: DNS > System: Done Chapter 4 Tutorials 11 Go to the Home screen to them. Figure 48 Tutorial Example: Status 4.2.3 Public IP Address Mapping To have the local computers and servers use specific WAN IP addresses, you need to map static public IP addresses to check your WAN connection status. ZyWALL 2 Plus User's Guide 99
User Guide
Page 103
... can be forwarded through the ZyXEL Device, you want to forward FTP traffic using port 21 to Section 4.2.5 on your network. ZyWALL 2 Plus User's Guide 103 Chapter 4 Tutorials 10 After the configurations, the Address Mapping screen looks as shown. You still have the ZyWALL forward incoming traffic to a specific computer on page 105 for...
... can be forwarded through the ZyXEL Device, you want to forward FTP traffic using port 21 to Section 4.2.5 on your network. ZyWALL 2 Plus User's Guide 103 Chapter 4 Tutorials 10 After the configurations, the Address Mapping screen looks as shown. You still have the ZyWALL forward incoming traffic to a specific computer on page 105 for...
User Guide
Page 118
... request against the first policy. Any traffic that is from Bob's computer. The ZyWALL applies the content filter policies based on the source address and the schedule. For example, you want to allow an employee named Bob to specific users. " You must register for external content filtering before you can even filter...
... request against the first policy. Any traffic that is from Bob's computer. The ZyWALL applies the content filter policies based on the source address and the schedule. For example, you want to allow an employee named Bob to specific users. " You must register for external content filtering before you can even filter...
User Guide
Page 121
... Do the following to create a content filtering policy for Bob's computer and select the Reserve check box as shown next. 3 Click Apply. The ZyWALL applies the content filter policies in this example). 1 Click HOME > DHCP Table. 2 Find the entry for traffic from Bob's computer's IP address.... Do the following to have the ZyWALL always give Bob's computer the same IP address (192.168.1.33 in order, so make sure you add the new policy before the default policy. Chapter 4 Tutorials 4.5.3 Assign Bob's Computer a Specific IP Address You will configure a content filtering policy...
... Do the following to create a content filtering policy for Bob's computer and select the Reserve check box as shown next. 3 Click Apply. The ZyWALL applies the content filter policies in this example). 1 Click HOME > DHCP Table. 2 Find the entry for traffic from Bob's computer's IP address.... Do the following to have the ZyWALL always give Bob's computer the same IP address (192.168.1.33 in order, so make sure you add the new policy before the default policy. Chapter 4 Tutorials 4.5.3 Assign Bob's Computer a Specific IP Address You will configure a content filtering policy...
User Guide
Page 128
...labels in this button to update license information. If a standard service subscription runs out, you need to buy a new iCard (specific to your ZyWALL) and enter the new PIN number to activate or extend a standard service subscription. Status This field displays whether a service is ... (Active) or not (Inactive). License Upgrade License Key Enter your iCard's PIN number (license key). " If you restore the ZyWALL to the default configuration file or upload a different configuration file after you register, click the Service License Refresh button to renew service license...
...labels in this button to update license information. If a standard service subscription runs out, you need to buy a new iCard (specific to your ZyWALL) and enter the new PIN number to activate or extend a standard service subscription. Status This field displays whether a service is ... (Active) or not (Inactive). License Upgrade License Key Enter your iCard's PIN number (license key). " If you restore the ZyWALL to the default configuration file or upload a different configuration file after you register, click the Service License Refresh button to renew service license...
User Guide
Page 132
...Assigned Numbers Authority (IANA) has reserved the following three blocks of the ZyWALL. If your networks are instructed to do computers on a LAN share one common network number. If this block of addresses specifically for your IP address from the IANA, from an ISP or it can... your particular situation. Private IP Addresses Every machine on the Internet must enable the Network Address Translation (NAT) feature of IP addresses specifically for your ZyWALL, but make sure that no other hand, if you have a unique address. The Internet Assigned Number Authority (IANA) reserved this ...
...Assigned Numbers Authority (IANA) has reserved the following three blocks of the ZyWALL. If your networks are instructed to do computers on a LAN share one common network number. If this block of addresses specifically for your IP address from the IANA, from an ISP or it can... your particular situation. Private IP Addresses Every machine on the Internet must enable the Network Address Translation (NAT) feature of IP addresses specifically for your ZyWALL, but make sure that no other hand, if you have a unique address. The Internet Assigned Number Authority (IANA) reserved this ...