User Guide
Page 1
ZyWALL 5/35/70 Series Internet Security Appliance User's Guide Version 4.04 03/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 Password 1234 www.zyxel.com
ZyWALL 5/35/70 Series Internet Security Appliance User's Guide Version 4.04 03/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 Password 1234 www.zyxel.com
User Guide
Page 3
... Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw ZyWALL 5/35/70 Series User's Guide 3 You should have at least a basic knowledge of individual screens and supplementary information. • CLI Reference Guide...to the following address, or use the Command-Line Interface (CLI) to configure the ZyWALL. • Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help for...
... Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw ZyWALL 5/35/70 Series User's Guide 3 You should have at least a basic knowledge of individual screens and supplementary information. • CLI Reference Guide...to the following address, or use the Command-Line Interface (CLI) to configure the ZyWALL. • Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help for...
User Guide
Page 4
.../70 series may be referred to as the "ZyWALL", the "device" or the "system" in this User's Guide. • Product labels, screen names, field labels and field choices are shown in this User's Guide. 1 ... or your keyboard. • "Enter" means for you to configure or helpful tips) or recommendations. " Notes tell you other important information (for example, other words". 4 ZyWALL 5/35/70 Series User's Guide For example, Maintenance > Log > Log Setting means you may need to type one of measurement may denote "1000000" or "1048576...
.../70 series may be referred to as the "ZyWALL", the "device" or the "system" in this User's Guide. • Product labels, screen names, field labels and field choices are shown in this User's Guide. 1 ... or your keyboard. • "Enter" means for you to configure or helpful tips) or recommendations. " Notes tell you other important information (for example, other words". 4 ZyWALL 5/35/70 Series User's Guide For example, Maintenance > Log > Log Setting means you may need to type one of measurement may denote "1000000" or "1048576...
User Guide
Page 5
The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL 5/35/70 Series User's Guide 5 Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL 5/35/70 Series User's Guide 5 Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
User Guide
Page 6
.... • Do NOT expose your device to dangerous high voltage points or other risks. For detailed information about recycling of the same type and rating. 6 ZyWALL 5/35/70 Series User's Guide Replace a fuse only with a fuse of this product, please contact your local city office, your household waste disposal service or...
.... • Do NOT expose your device to dangerous high voltage points or other risks. For detailed information about recycling of the same type and rating. 6 ZyWALL 5/35/70 Series User's Guide Replace a fuse only with a fuse of this product, please contact your local city office, your household waste disposal service or...
User Guide
Page 7
This product is recyclable. Dispose of it properly. Safety Warnings ZyWALL 5/35/70 Series User's Guide 7
This product is recyclable. Dispose of it properly. Safety Warnings ZyWALL 5/35/70 Series User's Guide 7
User Guide
Page 9
Contents Overview Contents Overview Introduction ...49 Getting to Know Your ZyWALL 51 Hardware Installation ...55 Introducing the Web Configurator 61 Wizard Setup ...87 Tutorials ...109 Registration Screens ...141 Network ...147 LAN Screens ...149 Bridge Screens ...161 ... Policy Route Screens ...457 Bandwidth Management Screens 465 DNS Screens ...479 Remote Management Screens 491 UPnP Screens ...519 Custom Application Screen ...529 ALG Screen ...531 ZyWALL 5/35/70 Series User's Guide 9
Contents Overview Contents Overview Introduction ...49 Getting to Know Your ZyWALL 51 Hardware Installation ...55 Introducing the Web Configurator 61 Wizard Setup ...87 Tutorials ...109 Registration Screens ...141 Network ...147 LAN Screens ...149 Bridge Screens ...161 ... Policy Route Screens ...457 Bandwidth Management Screens 465 DNS Screens ...479 Remote Management Screens 491 UPnP Screens ...519 Custom Application Screen ...529 ALG Screen ...531 ZyWALL 5/35/70 Series User's Guide 9
User Guide
Page 10
...Wireless Setup ...653 Remote Node Setup ...659 IP Static Route Setup ...669 Network Address Translation (NAT 673 Introducing the ZyWALL Firewall 693 Filter Configuration ...695 SNMP Configuration ...711 System Information & Diagnosis 713 Firmware and Configuration File Maintenance 725 ...749 Call Scheduling ...757 Troubleshooting and Product Specifications 761 Troubleshooting ...763 Product Specifications ...769 Appendices and Index ...779 10 ZyWALL 5/35/70 Series User's Guide Contents Overview Reports, Logs and Maintenance 537 Reports Screens ...539 Logs Screens ...555 Maintenance...
...Wireless Setup ...653 Remote Node Setup ...659 IP Static Route Setup ...669 Network Address Translation (NAT 673 Introducing the ZyWALL Firewall 693 Filter Configuration ...695 SNMP Configuration ...711 System Information & Diagnosis 713 Firmware and Configuration File Maintenance 725 ...749 Call Scheduling ...757 Troubleshooting and Product Specifications 761 Troubleshooting ...763 Product Specifications ...769 Appendices and Index ...779 10 ZyWALL 5/35/70 Series User's Guide Contents Overview Reports, Logs and Maintenance 537 Reports Screens ...539 Logs Screens ...555 Maintenance...
User Guide
Page 11
......29 List of Tables...41 Part I: Introduction 49 Chapter 1 Getting to Know Your ZyWALL 51 1.1 ZyWALL Internet Security Appliance Overview 51 1.2 ZyWALL Features ...51 1.3 Applications for the ZyWALL 52 1.3.1 Secure Broadband Internet Access via Cable or DSL Modem 52 1.3.2 VPN Application ......53 1.3.3 3G WAN Application (ZyWALL 5 Only 53 1.4 Ways to Manage the ZyWALL 54 1.5 Good Habits for Managing the ZyWALL 54 Chapter 2 Hardware Installation...55 2.1 General Installation Instructions 55 2.2 Desktop Installation ...55 2.3...
......29 List of Tables...41 Part I: Introduction 49 Chapter 1 Getting to Know Your ZyWALL 51 1.1 ZyWALL Internet Security Appliance Overview 51 1.2 ZyWALL Features ...51 1.3 Applications for the ZyWALL 52 1.3.1 Secure Broadband Internet Access via Cable or DSL Modem 52 1.3.2 VPN Application ......53 1.3.3 3G WAN Application (ZyWALL 5 Only 53 1.4 Ways to Manage the ZyWALL 54 1.5 Good Habits for Managing the ZyWALL 54 Chapter 2 Hardware Installation...55 2.1 General Installation Instructions 55 2.2 Desktop Installation ...55 2.3...
User Guide
Page 12
... 3.3.1 Procedure To Use The Reset Button 63 3.3.2 Uploading a Configuration File Via Console Port 63 3.4 Navigating the ZyWALL Web Configurator 64 3.4.1 Title Bar ...64 3.4.2 Main Window ...65 3.4.3 HOME Screen: Router Mode 65 3.4.4 HOME Screen: Bridge Mode 71 3.4.5 Navigation Panel ...74 3.4.6 Port Statistics ...80 3.4.7 ... Chapter 5 Tutorials ...109 5.1 Dynamic VPN Rule Configuration 109 5.1.1 Configure Bob's User Account 110 5.1.2 VPN Gateway and Network Policy Configuration 110 5.1.3 Configure Zero Configuration Mode on ZyWALL B 116 5.1.4 Testing Your VPN Configuration 117 12...
... 3.3.1 Procedure To Use The Reset Button 63 3.3.2 Uploading a Configuration File Via Console Port 63 3.4 Navigating the ZyWALL Web Configurator 64 3.4.1 Title Bar ...64 3.4.2 Main Window ...65 3.4.3 HOME Screen: Router Mode 65 3.4.4 HOME Screen: Bridge Mode 71 3.4.5 Navigation Panel ...74 3.4.6 Port Statistics ...80 3.4.7 ... Chapter 5 Tutorials ...109 5.1 Dynamic VPN Rule Configuration 109 5.1.1 Configure Bob's User Account 110 5.1.2 VPN Gateway and Network Policy Configuration 110 5.1.3 Configure Zero Configuration Mode on ZyWALL B 116 5.1.4 Testing Your VPN Configuration 117 12...
User Guide
Page 13
... LAN Screen ...152 7.3 The LAN Static DHCP Screen 155 7.4 The LAN IP Alias Screen 156 7.5 The LAN Port Roles Screen 158 Chapter 8 Bridge Screens...161 ZyWALL 5/35/70 Series User's Guide 13
... LAN Screen ...152 7.3 The LAN Static DHCP Screen 155 7.4 The LAN IP Alias Screen 156 7.5 The LAN Port Roles Screen 158 Chapter 8 Bridge Screens...161 ZyWALL 5/35/70 Series User's Guide 13
User Guide
Page 14
... 10.2 The DMZ Screen ...210 10.3 The Static DHCP Screen 213 10.4 The IP Alias Screen ...214 10.5 The DMZ Port Roles Screen 216 14 ZyWALL 5/35/70 Series User's Guide
... 10.2 The DMZ Screen ...210 10.3 The Static DHCP Screen 213 10.4 The IP Alias Screen ...214 10.5 The DMZ Port Roles Screen 216 14 ZyWALL 5/35/70 Series User's Guide
User Guide
Page 15
... 13 Firewall Screens...251 13.1 Overview ...251 13.1.1 What You Can Do Using the Firewall Screens 252 13.1.2 What You Need To Know About the ZyWALL Firewall 252 13.1.3 Before You Begin 252 13.2 Firewall Rules Example 252 13.3 The Firewall Default Rule Screen 254 13.4 The Firewall Default Rule (Bridge... Mode) Screen 256 13.5 The Firewall Rule Summary Screen 259 13.5.1 The Firewall Edit Rule Screen 260 13.6 The Anti-Probing Screen 263 ZyWALL 5/35/70 Series User's Guide 15
... 13 Firewall Screens...251 13.1 Overview ...251 13.1.1 What You Can Do Using the Firewall Screens 252 13.1.2 What You Need To Know About the ZyWALL Firewall 252 13.1.3 Before You Begin 252 13.2 Firewall Rules Example 252 13.3 The Firewall Default Rule Screen 254 13.4 The Firewall Default Rule (Bridge... Mode) Screen 256 13.5 The Firewall Rule Summary Screen 259 13.5.1 The Firewall Edit Rule Screen 260 13.6 The Anti-Probing Screen 263 ZyWALL 5/35/70 Series User's Guide 15
User Guide
Page 16
... Prevention (IDP) Screens 277 14.1 Overview ...277 14.1.1 What You Can Do Using the IDP Screens 277 14.1.2 What You Need To Know About the ZyWALL IDP 278 14.1.3 Before You Begin 279 14.2 The General Setup Screen 279 14.3 The Signatures Screen ...281 14.3.1 Attack Types ...281 14.3.2 Intrusion Severity... Anti-virus Update 307 15.5 The Backup and Restore Screen 309 15.6 Technical Reference ...310 Chapter 16 Anti-Spam Screens ...313 16.1 Overview ...313 16 ZyWALL 5/35/70 Series User's Guide
... Prevention (IDP) Screens 277 14.1 Overview ...277 14.1.1 What You Can Do Using the IDP Screens 277 14.1.2 What You Need To Know About the ZyWALL IDP 278 14.1.3 Before You Begin 279 14.2 The General Setup Screen 279 14.3 The Signatures Screen ...281 14.3.1 Attack Types ...281 14.3.2 Intrusion Severity... Anti-virus Update 307 15.5 The Backup and Restore Screen 309 15.6 Technical Reference ...310 Chapter 16 Anti-Spam Screens ...313 16.1 Overview ...313 16 ZyWALL 5/35/70 Series User's Guide
User Guide
Page 17
...) Screen 375 19.8 The VPN Rules (Manual): Edit Screen 376 19.9 The VPN SA Monitor Screen 379 19.10 The VPN Global Setting Screen 379 ZyWALL 5/35/70 Series User's Guide 17
...) Screen 375 19.8 The VPN Rules (Manual): Edit Screen 376 19.9 The VPN SA Monitor Screen 379 19.10 The VPN Global Setting Screen 379 ZyWALL 5/35/70 Series User's Guide 17
User Guide
Page 18
... You Need To Know About Authentication Server 427 21.2 The Local User Database Screen 428 21.3 The RADIUS Screen ...430 Part IV: Advanced 433 18 ZyWALL 5/35/70 Series User's Guide
... You Need To Know About Authentication Server 427 21.2 The Local User Database Screen 428 21.3 The RADIUS Screen ...430 Part IV: Advanced 433 18 ZyWALL 5/35/70 Series User's Guide
User Guide
Page 19
... 25.1.3 Application and Subnet-based Bandwidth Management Example 466 25.1.4 Over Allotment of Bandwidth Example 467 25.1.5 Maximize Bandwidth Usage With Bandwidth Borrowing Example 467 ZyWALL 5/35/70 Series User's Guide 19
... 25.1.3 Application and Subnet-based Bandwidth Management Example 466 25.1.4 Over Allotment of Bandwidth Example 467 25.1.5 Maximize Bandwidth Usage With Bandwidth Borrowing Example 467 ZyWALL 5/35/70 Series User's Guide 19
User Guide
Page 20
... SSL Client Certificates (Example 496 27.2.6 Installing the CA's Certificate (Example 497 27.2.7 Installing Your Personal Certificate(s) (Example 498 27.2.8 Using a Certificate When Accessing the ZyWALL (Example 501 27.2.9 Secure Telnet Using SSH Examples 502 27.3 The WWW Screen ...504 27.4 Configuring the WWW Screen 505 27.5 The SSH Screen ...507...
... SSL Client Certificates (Example 496 27.2.6 Installing the CA's Certificate (Example 497 27.2.7 Installing Your Personal Certificate(s) (Example 498 27.2.8 Using a Certificate When Accessing the ZyWALL (Example 501 27.2.9 Secure Telnet Using SSH Examples 502 27.3 The WWW Screen ...504 27.4 Configuring the WWW Screen 505 27.5 The SSH Screen ...507...
User Guide
Page 21
... Screens 539 31.2 The Traffic Statistics Screen 539 31.2.1 Viewing Web Site Hits 541 31.2.2 Viewing Host IP Address 542 31.2.3 Viewing Protocol/Port 543 ZyWALL 5/35/70 Series User's Guide 21
... Screens 539 31.2 The Traffic Statistics Screen 539 31.2.1 Viewing Web Site Hits 541 31.2.2 Viewing Host IP Address 542 31.2.3 Viewing Protocol/Port 543 ZyWALL 5/35/70 Series User's Guide 21