User Guide
Page 3
About This User's Guide About This User's Guide Intended Audience This manual is recommended you use e-mail instead. Thank you . E-mail: techwriters@zyxel.com.tw ZyWALL 2 Plus User's Guide 3 " It is intended for Internet access. • Web Configurator Online Help Embedded web help you ! Send all User Guide-related comments, questions or suggestions for improvement to the following...
About This User's Guide About This User's Guide Intended Audience This manual is recommended you use e-mail instead. Thank you . E-mail: techwriters@zyxel.com.tw ZyWALL 2 Plus User's Guide 3 " It is intended for Internet access. • Web Configurator Online Help Embedded web help you ! Send all User Guide-related comments, questions or suggestions for improvement to the following...
User Guide
Page 13
... Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277...
... Edit Screen 263 14.2.3 The Network Policy Port Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277...
User Guide
Page 29
... Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 Figure 178 SECURITY > VPN > SA Monitor 275 Figure 179 Overlap in a Dynamic VPN Rule 276 Figure 180 Overlap in IP... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
... Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 Figure 178 SECURITY > VPN > SA Monitor 275 Figure 179 Overlap in a Dynamic VPN Rule 276 Figure 180 Overlap in IP... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
User Guide
Page 38
... Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 Table 70 SECURITY > VPN > VPN Rules (Manual) > Edit 273 Table 71 SECURITY > VPN > SA Monitor 275 Table 72 SECURITY > VPN > Global Setting 278 Table 73 Telecommuters Sharing One VPN... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
... Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 Table 70 SECURITY > VPN > VPN Rules (Manual) > Edit 273 Table 71 SECURITY > VPN > SA Monitor 275 Table 72 SECURITY > VPN > Global Setting 278 Table 73 Telecommuters Sharing One VPN... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 55
... server. Date/Time This is set to the screen where you must be manually configured. VPN Click VPN to disconnect the PPTP, PPPoE or dial backup connection. In bridge mode, the ZyWALL cannot get the IP address afresh. ZyWALL 2 Plus User's Guide 55 Chapter 2 Introducing the Web Configurator Table 3 Web Configurator HOME Screen in...
... server. Date/Time This is set to the screen where you must be manually configured. VPN Click VPN to disconnect the PPTP, PPPoE or dial backup connection. In bridge mode, the ZyWALL cannot get the IP address afresh. ZyWALL 2 Plus User's Guide 55 Chapter 2 Introducing the Web Configurator Table 3 Web Configurator HOME Screen in...
User Guide
Page 60
... to change your traffic redirect properties and parameters. VPN VPN Rules (IKE) Use this screen to configure VPN connections using manual key management and view the rule summary. Traffic Redirect Use this screen to configure your anti-probing settings. Directory Servers Use... this screen to view and manage the list of the directory servers. 60 ZyWALL 2 Plus User's Guide Cache Use this screen to view and configure the ZyWALL's URL caching. Threshold Use this screen to configure the threshold for external database content filtering and...
... to change your traffic redirect properties and parameters. VPN VPN Rules (IKE) Use this screen to configure VPN connections using manual key management and view the rule summary. Traffic Redirect Use this screen to configure your anti-probing settings. Directory Servers Use... this screen to view and manage the list of the directory servers. 60 ZyWALL 2 Plus User's Guide Cache Use this screen to view and configure the ZyWALL's URL caching. Threshold Use this screen to configure the threshold for external database content filtering and...
User Guide
Page 63
... relates to update all network clients using the ZyWALL's DHCP server. Figure 11 HOME > DHCP Table ZyWALL 2 Plus User's Guide 63 Tx B/s This displays the transmission speed in bridge mode. You can configure the ZyWALL as a server, the ZyWALL provides the TCP/IP configuration for the clients.... For the LAN, DMZ and WLAN ports, this port. Automatic Select a number of every time interval or to trigger a call) or Drop (dropping a call) if you must be manually configured. ...
... relates to update all network clients using the ZyWALL's DHCP server. Figure 11 HOME > DHCP Table ZyWALL 2 Plus User's Guide 63 Tx B/s This displays the transmission speed in bridge mode. You can configure the ZyWALL as a server, the ZyWALL provides the TCP/IP configuration for the clients.... For the LAN, DMZ and WLAN ports, this port. Automatic Select a number of every time interval or to trigger a call) or Drop (dropping a call) if you must be manually configured. ...
User Guide
Page 133
...hexadecimal characters, for the computers on your LAN, or else the computers must be manually configured. If you disable the ZyWALL's DHCP service, you have an unusual network topology. IP Pool Setup The ZyWALL is probably adequate for the default IP pool range. RIP Version controls the format ... DNS servers to automatically assign IP addresses subnet masks, gateways, and some network information like the IP addresses of IP Address Space. ZyWALL 2 Plus User's Guide 133 RIP Direction controls the sending and receiving of IP addresses for example, 00:A0:C5:00:00:02. For more ...
...hexadecimal characters, for the computers on your LAN, or else the computers must be manually configured. If you disable the ZyWALL's DHCP service, you have an unusual network topology. IP Pool Setup The ZyWALL is probably adequate for the default IP pool range. RIP Version controls the format ... DNS servers to automatically assign IP addresses subnet masks, gateways, and some network information like the IP addresses of IP Address Space. ZyWALL 2 Plus User's Guide 133 RIP Direction controls the sending and receiving of IP addresses for example, 00:A0:C5:00:00:02. For more ...
User Guide
Page 136
... allow NetBIOS packets to pass through to copy and/or paste the IP address. By default, RIP direction is done by the ZyWALL or manually set as PPPoE or PPTP, NetBIOS packets cause unwanted calls. IGMP version 2 (RFC 2236) is an improvement over TCP/IP) NetBIOS (... field controls the format and the broadcasting method of the RIP packets that the ZyWALL sends (it may sometimes be manually configured. However, if one router uses multicasting, then all routers on the WAN. 136 ZyWALL 2 Plus User's Guide See the DHCP Table available from a server. Exempt packets in the ...
... allow NetBIOS packets to pass through to copy and/or paste the IP address. By default, RIP direction is done by the ZyWALL or manually set as PPPoE or PPTP, NetBIOS packets cause unwanted calls. IGMP version 2 (RFC 2236) is an improvement over TCP/IP) NetBIOS (... field controls the format and the broadcasting method of the RIP packets that the ZyWALL sends (it may sometimes be manually configured. However, if one router uses multicasting, then all routers on the WAN. 136 ZyWALL 2 Plus User's Guide See the DHCP Table available from a server. Exempt packets in the ...
User Guide
Page 154
...of IP addresses specifically for your local networks. If your ISP gives you DNS server addresses, manually enter them in the form of an information sheet, when you should consult your particular situation,... address from the IANA, from the Internet, for example, 00:A0:C5:00:00:02. 154 ZyWALL 2 Plus User's Guide These servers can be behind a remote IPSec router (see Section 20.1.2 on page 365). The...to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is through an ISP, the ISP can provide you with the Internet addresses for private...
...of IP addresses specifically for your local networks. If your ISP gives you DNS server addresses, manually enter them in the form of an information sheet, when you should consult your particular situation,... address from the IANA, from the Internet, for example, 00:A0:C5:00:00:02. 154 ZyWALL 2 Plus User's Guide These servers can be behind a remote IPSec router (see Section 20.1.2 on page 365). The...to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is through an ISP, the ISP can provide you with the Internet addresses for private...
User Guide
Page 167
... Both, In Only or Out Only. Dial Backup Port Speed Use the drop-down list box to exchange routing information with other routers. Consult the manual of RIP packets. Enable RIP Select this remote node. However, if one network to a different IP address known within one router uses multicasting, then ...the beginning of the phone numbers as required. the difference being that it (static). Available speeds are: 9600, 19200, 38400, 57600, 115200 or 230400 bps. ZyWALL 2 Plus User's Guide 167 RIP Direction RIP (Routing Information Protocol) allows a router to enable NAT.
... Both, In Only or Out Only. Dial Backup Port Speed Use the drop-down list box to exchange routing information with other routers. Consult the manual of RIP packets. Enable RIP Select this remote node. However, if one network to a different IP address known within one router uses multicasting, then ...the beginning of the phone numbers as required. the difference being that it (static). Available speeds are: 9600, 19200, 38400, 57600, 115200 or 230400 bps. ZyWALL 2 Plus User's Guide 167 RIP Direction RIP (Routing Information Protocol) allows a router to enable NAT.
User Guide
Page 169
... string that comes from the WAN device. Drop Type the AT Command string to answer a call . This lets the ZyWALL capture the CLID in the AT response string. ZyWALL 2 Plus User's Guide 169 Table 37 NETWORK > WAN > Dial Backup > Edit LABEL DESCRIPTION AT Command Strings Dial Type the AT...string to have the ZyWALL drop the DTR (Data Terminal Ready) Hang Up signal after the "AT Command String: Drop" is required for CLID authentication. Drop DTR When Select this screen. Speed Type the keyword preceding the connection speed. Chapter 8 WAN Screens " Consult the manual of your WAN ...
... string that comes from the WAN device. Drop Type the AT Command string to answer a call . This lets the ZyWALL capture the CLID in the AT response string. ZyWALL 2 Plus User's Guide 169 Table 37 NETWORK > WAN > Dial Backup > Edit LABEL DESCRIPTION AT Command Strings Dial Type the AT...string to have the ZyWALL drop the DTR (Data Terminal Ready) Hang Up signal after the "AT Command String: Drop" is required for CLID authentication. Drop DTR When Select this screen. Speed Type the keyword preceding the connection speed. Chapter 8 WAN Screens " Consult the manual of your WAN ...
User Guide
Page 176
.... DHCP Server Address Type the IP address of the DHCP server to which have an unusual network topology. This is done by the ZyWALL or manually set to obtain TCP/IP configuration at startup from devices on your network must use . These IP addresses are currently using static DHCP. ... as a server, fill in the Static DHCP screen or DHCP Table. IGMP version 2 (RFC 2236) is an improvement over TCP/IP) 176 ZyWALL 2 Plus User's Guide Select Relay to have another DHCP server. DHCP WINS Server 1, 2 Type the IP address of the WINS (Windows Internet Naming Service) server...
.... DHCP Server Address Type the IP address of the DHCP server to which have an unusual network topology. This is done by the ZyWALL or manually set to obtain TCP/IP configuration at startup from devices on your network must use . These IP addresses are currently using static DHCP. ... as a server, fill in the Static DHCP screen or DHCP Table. IGMP version 2 (RFC 2236) is an improvement over TCP/IP) 176 ZyWALL 2 Plus User's Guide Select Relay to have another DHCP server. DHCP WINS Server 1, 2 Type the IP address of the WINS (Windows Internet Naming Service) server...
User Guide
Page 186
... is universally supported but IGMP version 1 is still in wide use multicasting, also. the difference being that you are instructed by the ZyWALL or manually set to Server. DHCP Setup DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (workstations) to ...to have an unusual network topology. Alternatively, click the right mouse button to Relay, fill in the From and To fields. 186 ZyWALL 2 Plus User's Guide DHCP WINS Server 1, 2 Type the IP address of static IP/MAC address combinations. The WINS server keeps a mapping table ...
... is universally supported but IGMP version 1 is still in wide use multicasting, also. the difference being that you are instructed by the ZyWALL or manually set to Server. DHCP Setup DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (workstations) to ...to have an unusual network topology. Alternatively, click the right mouse button to Relay, fill in the From and To fields. 186 ZyWALL 2 Plus User's Guide DHCP WINS Server 1, 2 Type the IP address of static IP/MAC address combinations. The WINS server keeps a mapping table ...
User Guide
Page 244
...> Cache LABEL DESCRIPTION URL Cache Setup Maximum TTL Type the maximum time to live (TTL) (1 to remove the URL entry from the cache manually. Chapter 12 Content Filtering Screens Figure 157 SECURITY > CONTENT FILTER > Cache The following table describes the labels in the URL cache before the URL... checked with the external content filtering database. This sets how long the ZyWALL is to allow an entry to remain in this button to clear all web site addresses from the cache. 244 ZyWALL 2 Plus User's Guide URL This is discarded from the cache. (hour) Modify Click the ...
...> Cache LABEL DESCRIPTION URL Cache Setup Maximum TTL Type the maximum time to live (TTL) (1 to remove the URL entry from the cache manually. Chapter 12 Content Filtering Screens Figure 157 SECURITY > CONTENT FILTER > Cache The following table describes the labels in the URL cache before the URL... checked with the external content filtering database. This sets how long the ZyWALL is to allow an entry to remain in this button to clear all web site addresses from the cache. 244 ZyWALL 2 Plus User's Guide URL This is discarded from the cache. (hour) Modify Click the ...
User Guide
Page 253
...use manual keys. Internet Protocol Security (IPSec) is used to -site lines. ZyWALL 2 Plus User's Guide 253 The following figure provides one perspective of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer. Figure 167 VPN: Example The VPN tunnel connects the ZyWALL ...You may want to configure a VPN rule that uses manual key management if you are having problems with IKE key management. • Use the SA Monitor screen (see Section 14.4 on page 271) to manage the ZyWALL's list of VPN rules (tunnels) that uses TCP/IP...
...use manual keys. Internet Protocol Security (IPSec) is used to -site lines. ZyWALL 2 Plus User's Guide 253 The following figure provides one perspective of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer. Figure 167 VPN: Example The VPN tunnel connects the ZyWALL ...You may want to configure a VPN rule that uses manual key management if you are having problems with IKE key management. • Use the SA Monitor screen (see Section 14.4 on page 271) to manage the ZyWALL's list of VPN rules (tunnels) that uses TCP/IP...
User Guide
Page 257
... moves the associated network policy(ies) to a remote network. Use this icon to establish a VPN connection to the recycle bin. ZyWALL 2 Plus User's Guide 257 Click this screen to use the VPN tunnel. When you do not need (but may want to configure a VPN gateway policy. When ... routers at either end of a gateway or network policy. Click this icon to display a screen in which devices (behind the IPSec routers) can also manually move a network policy that are not associated to the recycle bin. Click this icon to display a screen in which you delete a gateway, the...
... moves the associated network policy(ies) to a remote network. Use this icon to establish a VPN connection to the recycle bin. ZyWALL 2 Plus User's Guide 257 Click this screen to use the VPN tunnel. When you do not need (but may want to configure a VPN gateway policy. When ... routers at either end of a gateway or network policy. Click this icon to display a screen in which devices (behind the IPSec routers) can also manually move a network policy that are not associated to the recycle bin. Click this icon to display a screen in which you delete a gateway, the...
User Guide
Page 259
...Redundant Remote Gateway Type the WAN IP address or the domain name (up to 31 characters) of the IPSec router with manual key management. Table 65 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy LABEL DESCRIPTION Property Name Type... up a VPN connection when there are NAT routers between rules. Gateway Policy Information My ZyWALL When the ZyWALL is read-only and displays the ZyWALL's IP address. You can use a redundant (backup) VPN connection to use NAT traversal... you're making the VPN connection. To use this field to 0.0.0.0. ZyWALL 2 Plus User's Guide 259
...Redundant Remote Gateway Type the WAN IP address or the domain name (up to 31 characters) of the IPSec router with manual key management. Table 65 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy LABEL DESCRIPTION Property Name Type... up a VPN connection when there are NAT routers between rules. Gateway Policy Information My ZyWALL When the ZyWALL is read-only and displays the ZyWALL's IP address. You can use a redundant (backup) VPN connection to use NAT traversal... you're making the VPN connection. To use this field to 0.0.0.0. ZyWALL 2 Plus User's Guide 259
User Guide
Page 271
...when the Local Network Address Type field in this screen to manage the ZyWALL's list of computer(s) on the remote network behind your ZyWALL. ZyWALL 2 Plus User's Guide 271 Chapter 14 IPSec VPN Screens 14.3 The VPN Rules (Manual) Screen Refer to Figure 170 on page 255 for this case only... the remote IPSec router can initiate the VPN. A Yes signifies that use manual keys. Local Network This is...
...when the Local Network Address Type field in this screen to manage the ZyWALL's list of computer(s) on the remote network behind your ZyWALL. ZyWALL 2 Plus User's Guide 271 Chapter 14 IPSec VPN Screens 14.3 The VPN Rules (Manual) Screen Refer to Figure 170 on page 255 for this case only... the remote IPSec router can initiate the VPN. A Yes signifies that use manual keys. Local Network This is...
User Guide
Page 272
... the page list. Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 ZyWALL 2 Plus User's Guide Add Click Add to add a new VPN policy. 14.3.1 The VPN Rules (Manual) Edit Screen Click the edit icon on the VPN Rules (Manual) screen to remove the VPN policy. Manual key management is useful if you to edit the...
... the page list. Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 ZyWALL 2 Plus User's Guide Add Click Add to add a new VPN policy. 14.3.1 The VPN Rules (Manual) Edit Screen Click the edit icon on the VPN Rules (Manual) screen to remove the VPN policy. Manual key management is useful if you to edit the...