User Guide
Page 5
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server DSLAM Firewall Telephone Switch Router ZyWALL 2 Plus User's Guide 5
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server DSLAM Firewall Telephone Switch Router ZyWALL 2 Plus User's Guide 5
User Guide
Page 7
... Introduction and Registration 43 Getting to Know Your ZyWALL 45 Introducing the Web Configurator 49 Wizard Setup ...67 Tutorials ...87 Registration Screens ...125 Network ...129 LAN Screens ...131 Bridge Screens ...143 WAN Screens ...151 DMZ Screens ...171 Wireless LAN Screens ...183 Security ...193 Firewall Screens ...195 Content Filtering Screens ...223 Content Filtering... ...365 Remote Management Screens 377 UPnP Screens ...397 Custom Application Screen ...407 ALG Screen ...409 Logs and Maintenance ...415 Logs Screens ...417 Maintenance Screens ...447 ZyWALL 2 Plus User's Guide 7
... Introduction and Registration 43 Getting to Know Your ZyWALL 45 Introducing the Web Configurator 49 Wizard Setup ...67 Tutorials ...87 Registration Screens ...125 Network ...129 LAN Screens ...131 Bridge Screens ...143 WAN Screens ...151 DMZ Screens ...171 Wireless LAN Screens ...183 Security ...193 Firewall Screens ...195 Content Filtering Screens ...223 Content Filtering... ...365 Remote Management Screens 377 UPnP Screens ...397 Custom Application Screen ...407 ALG Screen ...409 Logs and Maintenance ...415 Logs Screens ...417 Maintenance Screens ...447 ZyWALL 2 Plus User's Guide 7
User Guide
Page 8
...DMZ Setup ...501 Wireless Setup ...505 Remote Node Setup ...509 IP Static Route Setup ...519 Network Address Translation (NAT 521 Introducing the ZyWALL Firewall 539 Filter Configuration ...541 SNMP Configuration ...557 System Information & Diagnosis 559 Firmware and Configuration File Maintenance 571 System Maintenance Menus 8 to...Management ...595 Call Scheduling ...599 Troubleshooting and Specifications 603 Troubleshooting ...605 Product Specifications ...613 Appendices and Index ...619 8 ZyWALL 2 Plus User's Guide Contents Overview SMT ...465 Introducing the SMT ...467 SMT Menu 1 -
...DMZ Setup ...501 Wireless Setup ...505 Remote Node Setup ...509 IP Static Route Setup ...519 Network Address Translation (NAT 521 Introducing the ZyWALL Firewall 539 Filter Configuration ...541 SNMP Configuration ...557 System Information & Diagnosis 559 Firmware and Configuration File Maintenance 571 System Maintenance Menus 8 to...Management ...595 Call Scheduling ...599 Troubleshooting and Specifications 603 Troubleshooting ...605 Product Specifications ...613 Appendices and Index ...619 8 ZyWALL 2 Plus User's Guide Contents Overview SMT ...465 Introducing the SMT ...467 SMT Menu 1 -
User Guide
Page 10
...Wizard Setup Complete 85 Chapter 4 Tutorials ...87 4.1 Security Settings for VPN Traffic 87 4.1.1 Firewall Rule for VPN Example 87 4.1.2 Configuring the VPN Rule 88 4.1.3 Configuring the Firewall Rules 91 4.2 Using NAT with Multiple Public IP Addresses 95 4.2.1 Example Parameters and Scenario...WAN to a Local Computer 103 4.2.5 Allow WAN-to-LAN Traffic through the Firewall 105 4.2.6 Testing the Connections 112 4.3 Using NAT with Multiple Game Players 112 4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example Parameters and Scenario 113 4.4.2 Configuring Bandwidth Management Rules...
...Wizard Setup Complete 85 Chapter 4 Tutorials ...87 4.1 Security Settings for VPN Traffic 87 4.1.1 Firewall Rule for VPN Example 87 4.1.2 Configuring the VPN Rule 88 4.1.3 Configuring the Firewall Rules 91 4.2 Using NAT with Multiple Public IP Addresses 95 4.2.1 Example Parameters and Scenario...WAN to a Local Computer 103 4.2.5 Allow WAN-to-LAN Traffic through the Firewall 105 4.2.6 Testing the Connections 112 4.3 Using NAT with Multiple Game Players 112 4.4 How to Manage the ZyWALL's Bandwidth 113 4.4.1 Example Parameters and Scenario 113 4.4.2 Configuring Bandwidth Management Rules...
User Guide
Page 12
...: Security 193 Chapter 11 Firewall Screens...195 11.1 Overview ...195 11.1.1 What You Can Do in the Firewall Screens 196 11.1.2 What You Need To Know About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router ...Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary Screen...
...: Security 193 Chapter 11 Firewall Screens...195 11.1 Overview ...195 11.1.1 What You Can Do in the Firewall Screens 196 11.1.2 What You Need To Know About The ZyWALL Firewall 196 11.1.3 Before You Begin ...196 11.2 Firewall Rules Examples 196 11.3 The Firewall Default Rule Screen (Router ...Mode 198 11.4 The Firewall Default Rule Screen (Bridge Mode 200 11.5 The Firewall Rule Summary Screen...
User Guide
Page 13
... Contents 11.6 The Anti-Probing Screen 207 11.7 The Threshold Screen ...208 11.8 The Service Screen ...210 11.8.1 The Firewall Edit Custom Service Screen 211 11.8.2 My Service Firewall Rule Example 212 11.9 Firewall Technical Reference 215 Chapter 12 Content Filtering Screens ...223 12.1 Overview ...223 12.1.1 What You Can Do in the... 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
... Contents 11.6 The Anti-Probing Screen 207 11.7 The Threshold Screen ...208 11.8 The Service Screen ...210 11.8.1 The Firewall Edit Custom Service Screen 211 11.8.2 My Service Firewall Rule Example 212 11.9 Firewall Technical Reference 215 Chapter 12 Content Filtering Screens ...223 12.1 Overview ...223 12.1.1 What You Can Do in the... 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
User Guide
Page 20
....4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters ...541 38.1.1 The Filter Structure of the...
....4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters ...541 38.1.1 The Filter Structure of the...
User Guide
Page 25
... Setting 80 Figure 29 VPN Wizard: IPSec Setting ...82 Figure 30 VPN Wizard: VPN Status ...83 Figure 31 VPN Wizard Setup Complete 85 Figure 32 Firewall Rule for VPN ...88 Figure 33 SECURITY > VPN > VPN Rules (IKE 88 Figure 34 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy 89 Figure 35... SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example 90 Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy 91 Figure 37 SECURITY > FIREWALL > Rule Summary 92 Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow 93 ZyWALL 2 Plus User's Guide 25
... Setting 80 Figure 29 VPN Wizard: IPSec Setting ...82 Figure 30 VPN Wizard: VPN Status ...83 Figure 31 VPN Wizard Setup Complete 85 Figure 32 Firewall Rule for VPN ...88 Figure 33 SECURITY > VPN > VPN Rules (IKE 88 Figure 34 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy 89 Figure 35... SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example 90 Figure 36 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy 91 Figure 37 SECURITY > FIREWALL > Rule Summary 92 Figure 38 SECURITY > FIREWALL > Rule Summary > Edit: Allow 93 ZyWALL 2 Plus User's Guide 25
User Guide
Page 26
...: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN 106 Figure 62 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server 107 Figure 63 Tutorial Example... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
...: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN 106 Figure 62 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server 107 Figure 63 Tutorial Example... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 28
... Rule (Router Mode 199 Figure 131 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Figure 132 SECURITY > FIREWALL > Rule Summary 203 Figure 133 SECURITY > FIREWALL > Rule Summary > Edit 205 Figure 134 SECURITY > FIREWALL > Anti-Probing 207 Figure 135 SECURITY > FIREWALL > Threshold 208 Figure 136 SECURITY > FIREWALL > Service 210 Figure 137 Firewall Edit Custom Service 211 Figure 138 My... Global Report Screen Example 249 Figure 165 Requested URLs Example 250 Figure 166 Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
... Rule (Router Mode 199 Figure 131 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Figure 132 SECURITY > FIREWALL > Rule Summary 203 Figure 133 SECURITY > FIREWALL > Rule Summary > Edit 205 Figure 134 SECURITY > FIREWALL > Anti-Probing 207 Figure 135 SECURITY > FIREWALL > Threshold 208 Figure 136 SECURITY > FIREWALL > Service 210 Figure 137 Firewall Edit Custom Service 211 Figure 138 My... Global Report Screen Example 249 Figure 165 Requested URLs Example 250 Figure 166 Web Page Review Process Screen 251 Figure 167 VPN: Example ...253 28 ZyWALL 2 Plus User's Guide
User Guide
Page 33
...Mapping Rules 537 Figure 363 Menu 15.3.1: Trigger Port Setup 538 Figure 364 Menu 21: Filter and Firewall Setup 539 Figure 365 Menu 21.2: Firewall Setup 540 Figure 366 Outgoing Packet Filtering Process 541 Figure 367 Filter Rule Process ...543 Figure 368 ...Menu 21: Filter and Firewall Setup 544 Figure 369 Menu 21.1: Filter Set Configuration 544 Figure 370 Menu 21.1.1: Filter Rules Summary... 381 Menu 22: SNMP Configuration 557 Figure 382 Menu 24: System Maintenance 559 ZyWALL 2 Plus User's Guide 33
...Mapping Rules 537 Figure 363 Menu 15.3.1: Trigger Port Setup 538 Figure 364 Menu 21: Filter and Firewall Setup 539 Figure 365 Menu 21.2: Firewall Setup 540 Figure 366 Outgoing Packet Filtering Process 541 Figure 367 Filter Rule Process ...543 Figure 368 ...Menu 21: Filter and Firewall Setup 544 Figure 369 Menu 21.1: Filter Set Configuration 544 Figure 370 Menu 21.1.1: Filter Rules Summary... 381 Menu 22: SNMP Configuration 557 Figure 382 Menu 24: System Maintenance 559 ZyWALL 2 Plus User's Guide 33
User Guide
Page 38
...(Router Mode 199 Table 49 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Table 50 SECURITY > FIREWALL > Rule Summary 203 Table 51 SECURITY > FIREWALL > Rule Summary > Edit 206 Table 52 SECURITY > FIREWALL > Anti-Probing 208 Table 53 SECURITY > FIREWALL > Threshold 209 Table 54 SECURITY > FIREWALL > Service 210 Table 55 SECURITY > FIREWALL > Service > Add 211 Table 56 ... CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
...(Router Mode 199 Table 49 SECURITY > FIREWALL > Default Rule (Bridge Mode 201 Table 50 SECURITY > FIREWALL > Rule Summary 203 Table 51 SECURITY > FIREWALL > Rule Summary > Edit 206 Table 52 SECURITY > FIREWALL > Anti-Probing 208 Table 53 SECURITY > FIREWALL > Threshold 209 Table 54 SECURITY > FIREWALL > Service 210 Table 55 SECURITY > FIREWALL > Service > Add 211 Table 56 ... CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 45
... your cable or DSL modem for connecting publicly accessible servers. You can also deploy the ZyWALL as well. The ZyWALL guarantees not only high speed Internet access, but secure internal network protection and traffic management as a transparent firewall in a WLAN port role. See Chapter 46 on page 613 for a complete list of what...
... your cable or DSL modem for connecting publicly accessible servers. You can also deploy the ZyWALL as well. The ZyWALL guarantees not only high speed Internet access, but secure internal network protection and traffic management as a transparent firewall in a WLAN port role. See Chapter 46 on page 613 for a complete list of what...
User Guide
Page 54
...MAINTENANCE > Restart), or when you reset it . The bar turns from green to red when the maximum is currently used by ZyNOS (ZyXEL Network Operating System) and is thus available for running since it displays the port speed and duplex setting if you 're using bandwidth ...or full-duplex mode. The difference from green to red when the maximum is activated. Firewall This displays whether or not the ZyWALL's firewall is being approached. Memory The first number shows how many megabytes of the ZyWALL's heap memory is not going to trigger a call) or Drop (dropping a call...
...MAINTENANCE > Restart), or when you reset it . The bar turns from green to red when the maximum is currently used by ZyNOS (ZyXEL Network Operating System) and is thus available for running since it displays the port speed and duplex setting if you 're using bandwidth ...or full-duplex mode. The difference from green to red when the maximum is activated. Firewall This displays whether or not the ZyWALL's firewall is being approached. Memory The first number shows how many megabytes of the ZyWALL's heap memory is not going to trigger a call) or Drop (dropping a call...
User Guide
Page 55
... the IP address automatically from a DHCP server. In bridge mode, the ZyWALL functions as a transparent firewall (also known as the source and destination IP addresses and port numbers of your computer directly to access the ZyWALL. ZyWALL 2 Plus User's Guide 55 Web Site Blocked This displays how many web...assignment requests to another DHCP server on your computer a static IP address in the same subnet as the ZyWALL's IP address in the View Log screen, such as a bridge firewall). You do not need to release the WAN port's dynamically assigned IP address and get an IP ...
... the IP address automatically from a DHCP server. In bridge mode, the ZyWALL functions as a transparent firewall (also known as the source and destination IP addresses and port numbers of your computer directly to access the ZyWALL. ZyWALL 2 Plus User's Guide 55 Web Site Blocked This displays how many web...assignment requests to another DHCP server on your computer a static IP address in the same subnet as the ZyWALL's IP address in the View Log screen, such as a bridge firewall). You do not need to release the WAN port's dynamically assigned IP address and get an IP ...
User Guide
Page 56
Figure 9 Web Configurator HOME Screen in Bridge Mode The following table describes the labels in bridge mode. Firmware Version This is ZyXEL's proprietary Network Operating System design. See the user's guide for a list of other features that are available in this screen. ZyNOS is the ... been running since it (see Section 2.3 on page 51). 56 ZyWALL 2 Plus User's Guide Click the field label to go to the screen where you enter in bridge mode. Chapter 2 Introducing the Web Configurator You can use the firewall and VPN in the MAINTENANCE > General screen. It is the model ...
Figure 9 Web Configurator HOME Screen in Bridge Mode The following table describes the labels in bridge mode. Firmware Version This is ZyXEL's proprietary Network Operating System design. See the user's guide for a list of other features that are available in this screen. ZyNOS is the ... been running since it (see Section 2.3 on page 51). 56 ZyWALL 2 Plus User's Guide Click the field label to go to the screen where you enter in bridge mode. Chapter 2 Introducing the Web Configurator You can use the firewall and VPN in the MAINTENANCE > General screen. It is the model ...
User Guide
Page 57
...the root bridge. CPU This field displays what percent of the maximum number of the ZyWALL's heap memory is in use. Gateway IP Address This is currently used by ZyNOS (ZyXEL Network Operating System) and is disabled. The bridge (or switch) with the difference ...time zone. This includes all sessions that can modify the ZyWALL's date and time settings. Firewall This displays whether or not the ZyWALL's firewall is not going to 100%, the ZyWALL is running processes like NAT, VPN and the firewall. Sessions The first number shows how many megabytes of sessions...
...the root bridge. CPU This field displays what percent of the maximum number of the ZyWALL's heap memory is in use. Gateway IP Address This is currently used by ZyNOS (ZyXEL Network Operating System) and is disabled. The bridge (or switch) with the difference ...time zone. This includes all sessions that can modify the ZyWALL's date and time settings. Firewall This displays whether or not the ZyWALL's firewall is not going to 100%, the ZyWALL is running processes like NAT, VPN and the firewall. Sessions The first number shows how many megabytes of sessions...
User Guide
Page 59
... and TCP/IP settings. IP Alias Use this screen to assign fixed IP addresses on the ZyWALL. Static DHCP Use this screen to partition your ZyWALL and activate the trial service subscriptions. The information in a mode's column shows that the device...Table 6 Screens Summary LINK TAB FUNCTION HOME This screen shows the ZyWALL's general device and network status information. Chapter 2 Introducing the Web Configurator Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE WLAN Firewall Y Content Filter Y VPN Y Certificates Y Authentication Server Y NAT ...
... and TCP/IP settings. IP Alias Use this screen to assign fixed IP addresses on the ZyWALL. Static DHCP Use this screen to partition your ZyWALL and activate the trial service subscriptions. The information in a mode's column shows that the device...Table 6 Screens Summary LINK TAB FUNCTION HOME This screen shows the ZyWALL's general device and network status information. Chapter 2 Introducing the Web Configurator Table 5 Bridge and Router Mode Features Comparison FEATURE BRIDGE MODE WLAN Firewall Y Content Filter Y VPN Y Certificates Y Authentication Server Y NAT ...
User Guide
Page 60
...Roles Use this screen to change the LAN/DMZ/WLAN port roles on the ZyWALL. Global Setting Use this screen to configure the IPSec timer settings. Port Roles Use this screen to change your DMZ connection. SECURITY FIREWALL Default Rule Use this screen to configure the WAN port for internet access..... Object Use this screen to activate/deactivate the firewall and the direction of network traffic to which categories of web pages to filter out, as well as to change the LAN/DMZ/WLAN port roles on the ZyWALL. WAN Use this screen to assign fixed IP addresses on the DMZ....
...Roles Use this screen to change the LAN/DMZ/WLAN port roles on the ZyWALL. Global Setting Use this screen to configure the IPSec timer settings. Port Roles Use this screen to change your DMZ connection. SECURITY FIREWALL Default Rule Use this screen to configure the WAN port for internet access..... Object Use this screen to activate/deactivate the firewall and the direction of network traffic to which categories of web pages to filter out, as well as to change the LAN/DMZ/WLAN port roles on the ZyWALL. WAN Use this screen to assign fixed IP addresses on the DMZ....
User Guide
Page 68
... is used as Telstra) that send UDP heartbeat packets to verify that information. 3.2.1 ISP Parameters The ZyWALL offers three choices of encapsulation that you select in this screen. Otherwise, choose PPPoE or PPTP for ...such as a regular Ethernet. Table 11 ISP Parameters: Ethernet Encapsulation LABEL DESCRIPTION ISP Parameters for a dial-up connection. 68 ZyWALL 2 Plus User's Guide Leave a field blank if you use. Chapter 3 Wizard Setup 3.2 Internet Access The Internet access.... Refer to information provided by your ISP to -WAN/ZyWALL firewall rule for those packets.
... is used as Telstra) that send UDP heartbeat packets to verify that information. 3.2.1 ISP Parameters The ZyWALL offers three choices of encapsulation that you select in this screen. Otherwise, choose PPPoE or PPTP for ...such as a regular Ethernet. Table 11 ISP Parameters: Ethernet Encapsulation LABEL DESCRIPTION ISP Parameters for a dial-up connection. 68 ZyWALL 2 Plus User's Guide Leave a field blank if you use. Chapter 3 Wizard Setup 3.2 Internet Access The Internet access.... Refer to information provided by your ISP to -WAN/ZyWALL firewall rule for those packets.