User Guide
Page 13
... 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14....4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
... 256 14.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen 257 14.2.2 The VPN Rules (IKE) Network Policy Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14....4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
User Guide
Page 15
... Overview Screen 332 17.3 The Address Mapping Screen 334 17.3.1 The Address Mapping Edit Screen 335 17.4 The Port Forwarding Screen 336 17.4.1 Configuring Servers Behind Port Forwarding (Example 337 17.4.2 Configuring the Port Forwarding Screen 338 17.5 The Port Triggering Screen 340 17.6 NAT Technical Reference 341 Chapter 18 Static Route Screens ...347 18.1 Overview ...347... ...365 20.1.1 What You Can Do in the DNS Screens 365 20.1.2 What You Need To Know About DNS 365 20.2 The System Screen ...367 ZyWALL 2 Plus User's Guide 15
... Overview Screen 332 17.3 The Address Mapping Screen 334 17.3.1 The Address Mapping Edit Screen 335 17.4 The Port Forwarding Screen 336 17.4.1 Configuring Servers Behind Port Forwarding (Example 337 17.4.2 Configuring the Port Forwarding Screen 338 17.5 The Port Triggering Screen 340 17.6 NAT Technical Reference 341 Chapter 18 Static Route Screens ...347 18.1 Overview ...347... ...365 20.1.1 What You Can Do in the DNS Screens 365 20.1.2 What You Need To Know About DNS 365 20.2 The System Screen ...367 ZyWALL 2 Plus User's Guide 15
User Guide
Page 20
... Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters...
... Public IP Addresses With Inside Servers 532 36.4.4 Example 4: NAT Unfriendly Application Programs 536 36.5 Trigger Port Forwarding 537 36.5.1 Two Points To Remember About Trigger Ports 537 Chapter 37 Introducing the ZyWALL Firewall 539 37.1 Using ZyWALL SMT Menus 539 37.1.1 Activating the Firewall 539 Chapter 38 Filter Configuration...541 38.1 Introduction to Filters...
User Guide
Page 26
... FTP Traffic to a Local Computer 104 Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 104 Figure 58 Tutorial Example: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
... FTP Traffic to a Local Computer 104 Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 104 Figure 58 Tutorial Example: NAT Port Forwarding 105 Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 105 Figure 60 Tutorial Example: Firewall Default Rule 106 Figure 61 Tutorial Example: Firewall Rule: WAN to LAN... 119 Figure 79 SECURITY > CONTENT FILTER > Policy 120 Figure 80 SECURITY > CONTENT FILTER > Policy > External Database (Default 120 Figure 81 HOME > DHCP Table ...121 26 ZyWALL 2 Plus User's Guide
User Guide
Page 29
...) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
...) > Edit Gateway Policy 258 Figure 173 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 264 Figure 174 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
User Guide
Page 30
...Edit 335 Figure 216 Multiple Servers Behind NAT Example 337 Figure 217 Port Translation Example 338 Figure 218 ADVANCED > NAT > Port Forwarding 339 Figure 219 Trigger Port Forwarding Process: Example 340 Figure 220 ADVANCED > NAT > Port Triggering 341 Figure 221 How NAT Works ...343 Figure 222 NAT Application...244 Example: Lock Denoting a Secure Connection 381 Figure 245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH Example 2: Test ...383 Figure 250 SSH Example ...
...Edit 335 Figure 216 Multiple Servers Behind NAT Example 337 Figure 217 Port Translation Example 338 Figure 218 ADVANCED > NAT > Port Forwarding 339 Figure 219 Trigger Port Forwarding Process: Example 340 Figure 220 ADVANCED > NAT > Port Triggering 341 Figure 221 How NAT Works ...343 Figure 222 NAT Application...244 Example: Lock Denoting a Secure Connection 381 Figure 245 Replace Certificate ...382 Figure 246 Device-specific Certificate 382 Figure 247 Common ZyWALL Certificate 382 Figure 248 SSH Example 1: Store Host Key 383 Figure 249 SSH Example 2: Test ...383 Figure 250 SSH Example ...
User Guide
Page 38
...> WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic...> VPN > VPN Rules (IKE) > Edit Network Policy 265 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 ...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
...> WLAN > Static DHCP 188 Table 44 NETWORK > WLAN > IP Alias 189 Table 45 NETWORK > WLAN > Port Roles 192 Table 46 Blocking All LAN to WAN IRC Traffic Example 197 Table 47 Limited LAN to WAN IRC Traffic...> VPN > VPN Rules (IKE) > Edit Network Policy 265 Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 ...My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 39
... > NAT Overview 333 Table 95 ADVANCED > NAT > Address Mapping 334 Table 96 ADVANCED > NAT > Address Mapping > Edit 336 Table 97 ADVANCED > NAT > Port Forwarding 339 Table 98 ADVANCED > NAT > Port Triggering 341 Table 99 ADVANCED > STATIC ROUTE > IP Static Route 348 Table 100 ADVANCED > STATIC ROUTE > IP Static Route > Edit 349 Table 101... > SNMP 393 Table 119 ADVANCED > REMOTE MGMT > DNS 394 Table 120 ADVANCED > REMOTE MGMT > CNM 395 Table 121 ADVANCED > UPnP ...404 Table 122 ADVANCED > UPnP > Ports 405 Table 123 ADVANCED > Custom APP 408 Table 124 ADVANCED > ALG ...412...
... > NAT Overview 333 Table 95 ADVANCED > NAT > Address Mapping 334 Table 96 ADVANCED > NAT > Address Mapping > Edit 336 Table 97 ADVANCED > NAT > Port Forwarding 339 Table 98 ADVANCED > NAT > Port Triggering 341 Table 99 ADVANCED > STATIC ROUTE > IP Static Route 348 Table 100 ADVANCED > STATIC ROUTE > IP Static Route > Edit 349 Table 101... > SNMP 393 Table 119 ADVANCED > REMOTE MGMT > DNS 394 Table 120 ADVANCED > REMOTE MGMT > CNM 395 Table 121 ADVANCED > UPnP ...404 Table 122 ADVANCED > UPnP > Ports 405 Table 123 ADVANCED > Custom APP 408 Table 124 ADVANCED > ALG ...412...
User Guide
Page 45
... the option to change port roles from LAN to DMZ. The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP server and many other powerful features. You can do with your ZyWALL. 1.2.1 Secure Broadband Internet Access via Cable or DSL Modem For Internet access, connect the WAN Ethernet port to your existing Internet access gateway (company network...
... the option to change port roles from LAN to DMZ. The ZyWALL provides bandwidth management, NAT, port forwarding, DHCP server and many other powerful features. You can do with your ZyWALL. 1.2.1 Secure Broadband Internet Access via Cable or DSL Modem For Internet access, connect the WAN Ethernet port to your existing Internet access gateway (company network...
User Guide
Page 61
...Port Forwarding Use this screen to set up dynamic DNS. DDNS Use this screen to configure servers behind the ZyWALL. REMOTE MGMT WWW Use this screen to configure through the ZyWALL. Custom APP Custom APP Use this screen to specify port numbers for the ZyWALL to manage the ZyWALL. ALG ALG Use this screen to allow your ZyWALL... Route Use this screen to view the NAT port mapping rules that UPnP creates on the ZyWALL. SNMP Use this screen to change your ZyWALL's settings for FTP, HTTP, SMTP, POP3, H323, and SIP traffic. Ports Use this screen to configure LAN/DMZ/WLAN ...
...Port Forwarding Use this screen to set up dynamic DNS. DDNS Use this screen to configure servers behind the ZyWALL. REMOTE MGMT WWW Use this screen to configure through the ZyWALL. Custom APP Custom APP Use this screen to specify port numbers for the ZyWALL to manage the ZyWALL. ALG ALG Use this screen to allow your ZyWALL... Route Use this screen to view the NAT port mapping rules that UPnP creates on the ZyWALL. SNMP Use this screen to change your ZyWALL's settings for FTP, HTTP, SMTP, POP3, H323, and SIP traffic. Ports Use this screen to configure LAN/DMZ/WLAN ...
User Guide
Page 95
...ZyWALL if you want to set up in this network, we are going to: 1 Configure the WAN connection to use the first public IP address (1.2.3.4). 2 Configure NAT address mapping for other local computers. • Map the first public address (1.2.3.4) to incoming traffic from the WAN. • Forward FTP traffic using port... for traffic in both directions. • Map the first public address (1.2.3.4) to outgoing traffic from other public IP addresses (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to forward FTP traffic from the WAN to a specific computer on your local network.
...ZyWALL if you want to set up in this network, we are going to: 1 Configure the WAN connection to use the first public IP address (1.2.3.4). 2 Configure NAT address mapping for other local computers. • Map the first public address (1.2.3.4) to incoming traffic from the WAN. • Forward FTP traffic using port... for traffic in both directions. • Map the first public address (1.2.3.4) to outgoing traffic from other public IP addresses (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to forward FTP traffic from the WAN to a specific computer on your local network.
User Guide
Page 103
... rule allows computers behind the NAT be forwarded through the ZyXEL Device, you must also create a firewall rule. You still have the ZyWALL forward incoming traffic to a specific computer on page 105 for more information. 4.2.4 Forwarding Traffic from the WAN to another internal server when you should also create a port forwarding (server mapping) rule. In this example...
... rule allows computers behind the NAT be forwarded through the ZyXEL Device, you must also create a firewall rule. You still have the ZyWALL forward incoming traffic to a specific computer on page 105 for more information. 4.2.4 Forwarding Traffic from the WAN to another internal server when you should also create a port forwarding (server mapping) rule. In this example...
User Guide
Page 104
Click Apply. 104 ZyWALL 2 Plus User's Guide Chapter 4 Tutorials Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click ADVANCED > NAT > Address Mapping. 2 Click the forth rule's Edit icon ( ) to configure a server rule. Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 3 Click the Port Forwarding tab. 4 Select the Active check box, enter a descriptive name (FTP for example), incoming port number (21) and 192.168.1.39 as the server IP address.
Click Apply. 104 ZyWALL 2 Plus User's Guide Chapter 4 Tutorials Figure 56 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer 1 Click ADVANCED > NAT > Address Mapping. 2 Click the forth rule's Edit icon ( ) to configure a server rule. Figure 57 Tutorial Example: NAT Address Mapping Edit: Server 3 Click the Port Forwarding tab. 4 Select the Active check box, enter a descriptive name (FTP for example), incoming port number (21) and 192.168.1.39 as the server IP address.
User Guide
Page 105
...create the firewall rules to allow it. To have the ZyWALL forward traffic initiated from the WAN to the LAN. Figure 58 Tutorial Example: NAT Port Forwarding Chapter 4 Tutorials 4.2.5 Allow WAN-to-LAN Traffic through the Firewall By default, the ZyWALL blocks any traffic initiated from the WAN to the LAN ...is enabled and traffic from the WAN to a local computer or server on the LAN: • Web server • Mail server • FTP server Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a...
...create the firewall rules to allow it. To have the ZyWALL forward traffic initiated from the WAN to the LAN. Figure 58 Tutorial Example: NAT Port Forwarding Chapter 4 Tutorials 4.2.5 Allow WAN-to-LAN Traffic through the Firewall By default, the ZyWALL blocks any traffic initiated from the WAN to the LAN ...is enabled and traffic from the WAN to a local computer or server on the LAN: • Web server • Mail server • FTP server Figure 59 Tutorial Example: Forwarding Incoming FTP Traffic to a...
User Guide
Page 112
... one rule. When you finish configuration, the screen looks as the ZyWALL. 2 Open your WAN connection and NAT address mapping are mapped to other outgoing LAN traffic. If you cannot access it, make sure the NAT port forwarding rule is active and there is in the WAN and NAT Address ... send or retrieve a file. If you cannot access the FTP server, make sure you entered the correct information in the same subnet as shown. 112 ZyWALL 2 Plus User's Guide Chapter 4 Tutorials 4.2.6 Testing the Connections 1 Open the web browser on one of a many rule instead of the local computers ...
... one rule. When you finish configuration, the screen looks as the ZyWALL. 2 Open your WAN connection and NAT address mapping are mapped to other outgoing LAN traffic. If you cannot access it, make sure the NAT port forwarding rule is active and there is in the WAN and NAT Address ... send or retrieve a file. If you cannot access the FTP server, make sure you entered the correct information in the same subnet as shown. 112 ZyWALL 2 Plus User's Guide Chapter 4 Tutorials 4.2.6 Testing the Connections 1 Open the web browser on one of a many rule instead of the local computers ...
User Guide
Page 207
...to configure the remote management settings if you want to allow a WAN computer to manage the ZyWALL or restrict management from probing attempts. Apply Cancel Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to allow the passage of ...the ZyWALL's interfaces will respond to Ping requests and whether or not the ZyWALL is to do with packets that match this screen to ...
...to configure the remote management settings if you want to allow a WAN computer to manage the ZyWALL or restrict management from probing attempts. Apply Cancel Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to allow the passage of ...the ZyWALL's interfaces will respond to Ping requests and whether or not the ZyWALL is to do with packets that match this screen to ...
User Guide
Page 216
Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow computers on the WAN to traffic before encrypting it . To VPN Packet Direction The ZyWALL can access which computers connected to the WAN can apply firewall rules to access devices on your protected... network. For example, by default the From LAN To VPN default firewall rule allows traffic from the LAN computers to manage the ZyWALL. You could configure one of these rules to allow a WAN computer to send through a VPN tunnel. To VPN means traffic that is ...
Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow computers on the WAN to traffic before encrypting it . To VPN Packet Direction The ZyWALL can access which computers connected to the WAN can apply firewall rules to access devices on your protected... network. For example, by default the From LAN To VPN default firewall rule allows traffic from the LAN computers to manage the ZyWALL. You could configure one of these rules to allow a WAN computer to send through a VPN tunnel. To VPN means traffic that is ...
User Guide
Page 266
...field, enter the beginning IP address of a range of computers on the LAN behind your ZyWALL. Virtual Starting IP Address Enter the (static) IP addresses that can use the VPN tunnel. Use port forwarding rules to allow incoming traffic from the remote network. When you select Many One-to-... Ending IP Address When you select Many One-to-One in through the VPN tunnel, to the remote network. The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in the Type field, enter the ending (static) IP address of a range of virtual IP addresses. Select Range Address ...
...field, enter the beginning IP address of a range of computers on the LAN behind your ZyWALL. Virtual Starting IP Address Enter the (static) IP addresses that can use the VPN tunnel. Use port forwarding rules to allow incoming traffic from the remote network. When you select Many One-to-... Ending IP Address When you select Many One-to-One in through the VPN tunnel, to the remote network. The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in the Type field, enter the ending (static) IP address of a range of virtual IP addresses. Select Range Address ...
User Guide
Page 268
The minimum value is used to generate encryption keys for your VPN tunnels to let the ZyWALL forward traffic coming in through the VPN tunnel to the main VPN screen. 14.2.3 The Network Policy Port Forwarding Screen Click SECURITY > VPN and the add network policy ( ) icon in this field. A short SA Life ...Time increases security by selecting this to have the ZyWALL use for the IPSec SA, even if they are less secure ...
The minimum value is used to generate encryption keys for your VPN tunnels to let the ZyWALL forward traffic coming in through the VPN tunnel to the main VPN screen. 14.2.3 The Network Policy Port Forwarding Screen Click SECURITY > VPN and the add network policy ( ) icon in this field. A short SA Life ...Time increases security by selecting this to have the ZyWALL use for the IPSec SA, even if they are less secure ...
User Guide
Page 269
... port number again in this field. ZyWALL 2 Plus User's Guide 269 To forward only one port, type the port number in this check box to the VPN-Network Policy -Edit screen without saving your server IP address in the Start Port field above . Cancel Click this button to return to activate the port forwarding server entry. Start Port Type a port...
... port number again in this field. ZyWALL 2 Plus User's Guide 269 To forward only one port, type the port number in this check box to the VPN-Network Policy -Edit screen without saving your server IP address in the Start Port field above . Cancel Click this button to return to activate the port forwarding server entry. Start Port Type a port...