User Guide
Page 17
... (IKE) Screen 360 19.3 The VPN Rules (IKE) Gateway Policy Edit Screen 361 19.4 The Network Policy Edit Screen 367 19.5 The Network Policy Edit: Port Forwarding Screen 372 19.6 The Network Policy Move Screen 374 19.7 The VPN Rules (Manual) Screen 375 19.8 The VPN Rules (Manual): Edit Screen 376 19...
... (IKE) Screen 360 19.3 The VPN Rules (IKE) Gateway Policy Edit Screen 361 19.4 The Network Policy Edit Screen 367 19.5 The Network Policy Edit: Port Forwarding Screen 372 19.6 The Network Policy Move Screen 374 19.7 The VPN Rules (Manual) Screen 375 19.8 The VPN Rules (Manual): Edit Screen 376 19...
User Guide
Page 19
... 440 22.4 The Port Forwarding Screen 441 22.4.1 Default Server IP Address 441 22.4.2 Port Forwarding: Services and Port Numbers 442 22.4.3 Configuring Servers Behind Port Forwarding (Example 442 22.4.4 NAT and Multiple WAN 442 22.4.5 Port Translation ...443 22.4.6 Configuring The Port Forwarding Screen 443 22.5 The Port Triggering Screen 445 22.5.1 Configuring Port Triggering 446 22.6...Subnet-based Bandwidth Management Example 466 25.1.4 Over Allotment of Bandwidth Example 467 25.1.5 Maximize Bandwidth Usage With Bandwidth Borrowing Example 467 ZyWALL 5/35/70 Series User's Guide 19
... 440 22.4 The Port Forwarding Screen 441 22.4.1 Default Server IP Address 441 22.4.2 Port Forwarding: Services and Port Numbers 442 22.4.3 Configuring Servers Behind Port Forwarding (Example 442 22.4.4 NAT and Multiple WAN 442 22.4.5 Port Translation ...443 22.4.6 Configuring The Port Forwarding Screen 443 22.5 The Port Triggering Screen 445 22.5.1 Configuring Port Triggering 446 22.6...Subnet-based Bandwidth Management Example 466 25.1.4 Over Allotment of Bandwidth Example 467 25.1.5 Maximize Bandwidth Usage With Bandwidth Borrowing Example 467 ZyWALL 5/35/70 Series User's Guide 19
User Guide
Page 25
... Public IP Addresses With Inside Servers 685 44.4.4 Example 4: NAT Unfriendly Application Programs 689 44.5 Trigger Port Forwarding 690 44.5.1 Two Points To Remember About Trigger Ports 690 Chapter 45 Introducing the ZyWALL Firewall 693 45.1 Using ZyWALL SMT Menus 693 45.1.1 Activating the Firewall 693 Chapter 46 Filter Configuration...695 46.1 Introduction to Filters...
... Public IP Addresses With Inside Servers 685 44.4.4 Example 4: NAT Unfriendly Application Programs 689 44.5 Trigger Port Forwarding 690 44.5.1 Two Points To Remember About Trigger Ports 690 Chapter 45 Introducing the ZyWALL Firewall 693 45.1 Using ZyWALL SMT Menus 693 45.1.1 Activating the Firewall 693 Chapter 46 Filter Configuration...695 46.1 Introduction to Filters...
User Guide
Page 34
List of Figures Figure 211 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 368 Figure 212 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 373 Figure 213 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 374 Figure 214 SECURITY > VPN > VPN Rules (Manual 375 Figure 215 SECURITY > VPN > VPN ... > RADIUS 430 Figure 251 ADVANCED > NAT > NAT Overview 437 Figure 252 ADVANCED > NAT > Address Mapping 439 Figure 253 ADVANCED > NAT > Address Mapping > Edit 440 34 ZyWALL 5/35/70 Series User's Guide
List of Figures Figure 211 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 368 Figure 212 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 373 Figure 213 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 374 Figure 214 SECURITY > VPN > VPN Rules (Manual 375 Figure 215 SECURITY > VPN > VPN ... > RADIUS 430 Figure 251 ADVANCED > NAT > NAT Overview 437 Figure 252 ADVANCED > NAT > Address Mapping 439 Figure 253 ADVANCED > NAT > Address Mapping > Edit 440 34 ZyWALL 5/35/70 Series User's Guide
User Guide
Page 35
... Figure 255 Port Translation Example 443 Figure 256 ADVANCED > NAT > Port Forwarding 444 Figure 257 Trigger Port Forwarding Process: Example 445 Figure 258 ADVANCED > NAT > Port Triggering 446 Figure 259 NAT Overview ...448 Figure 260 NAT Application With IP Alias 449 Figure 261 Port Restricted Cone... a Secure Connection 495 Figure 285 Replace Certificate ...495 Figure 286 Device-specific Certificate 496 Figure 287 Common ZyWALL Certificate 496 Figure 288 ZyWALL Trusted CA Screen 497 Figure 289 CA Certificate Example ...498 Figure 290 Personal Certificate Import Wizard 1 499 Figure...
... Figure 255 Port Translation Example 443 Figure 256 ADVANCED > NAT > Port Forwarding 444 Figure 257 Trigger Port Forwarding Process: Example 445 Figure 258 ADVANCED > NAT > Port Triggering 446 Figure 259 NAT Overview ...448 Figure 260 NAT Application With IP Alias 449 Figure 261 Port Restricted Cone... a Secure Connection 495 Figure 285 Replace Certificate ...495 Figure 286 Device-specific Certificate 496 Figure 287 Common ZyWALL Certificate 496 Figure 288 ZyWALL Trusted CA Screen 497 Figure 289 CA Certificate Example ...498 Figure 290 Personal Certificate Import Wizard 1 499 Figure...
User Guide
Page 43
...) > Edit Gateway Policy 363 Table 102 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 369 Table 103 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 373 Table 104 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 374 Table 105 SECURITY > VPN > VPN Rules (Manual 375 Table 106 SECURITY > VPN > VPN... 122 SECURITY > CERTIFICATES > Trusted Remote Hosts 420 Table 123 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 421 Table 124 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details 423 ZyWALL 5/35/70 Series User's Guide 43
...) > Edit Gateway Policy 363 Table 102 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy 369 Table 103 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy > Port Forwarding 373 Table 104 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 374 Table 105 SECURITY > VPN > VPN Rules (Manual 375 Table 106 SECURITY > VPN > VPN... 122 SECURITY > CERTIFICATES > Trusted Remote Hosts 420 Table 123 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 421 Table 124 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details 423 ZyWALL 5/35/70 Series User's Guide 43
User Guide
Page 44
... Table 132 ADVANCED > NAT > Address Mapping > Edit 441 Table 133 ADVANCED > NAT > Port Forwarding 444 Table 134 ADVANCED > NAT > Port Triggering 446 Table 135 ADVANCED > STATIC ROUTE > IP Static Route 453 Table 136 ADVANCED >... ADVANCED > REMOTE MGMT > CNM 515 Table 157 ADVANCED > UPnP ...526 Table 158 ADVANCED > UPnP > Ports 527 Table 159 ADVANCED > Custom APP 530 Table 160 ADVANCED > ALG ...536 Table 161 REPORTS > Traffic ... 543 Table 164 REPORTS > Traffic Statistics: Protocol/ Port 544 Table 165 Report Specifications ...545 Table 166 REPORTS > IDP ...546 Table 167 REPORTS > Anti...
... Table 132 ADVANCED > NAT > Address Mapping > Edit 441 Table 133 ADVANCED > NAT > Port Forwarding 444 Table 134 ADVANCED > NAT > Port Triggering 446 Table 135 ADVANCED > STATIC ROUTE > IP Static Route 453 Table 136 ADVANCED >... ADVANCED > REMOTE MGMT > CNM 515 Table 157 ADVANCED > UPnP ...526 Table 158 ADVANCED > UPnP > Ports 527 Table 159 ADVANCED > Custom APP 530 Table 160 ADVANCED > ALG ...536 Table 161 REPORTS > Traffic ... 543 Table 164 REPORTS > Traffic Statistics: Protocol/ Port 544 Table 165 Report Specifications ...545 Table 166 REPORTS > IDP ...546 Table 167 REPORTS > Anti...
User Guide
Page 51
... wireless card as a transparent firewall in a WLAN port role. ZyWALL 5/35/70 Series User's Guide 51 If you insert a wireless LAN card to add a WLAN, the ZyWALL offers highly secured wireless connectivity to DMZ. The ZyWALL's De-Militarized Zone (DMZ) increases LAN security by...an access point (AP) to an Ethernet port in an existing network with security features including VPN, firewall, content filtering, antispam, IDP (Intrusion Detection and Prevention), anti-virus and certificates. The ZyWALL provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many ...
... wireless card as a transparent firewall in a WLAN port role. ZyWALL 5/35/70 Series User's Guide 51 If you insert a wireless LAN card to add a WLAN, the ZyWALL offers highly secured wireless connectivity to DMZ. The ZyWALL's De-Militarized Zone (DMZ) increases LAN security by...an access point (AP) to an Ethernet port in an existing network with security features including VPN, firewall, content filtering, antispam, IDP (Intrusion Detection and Prevention), anti-virus and certificates. The ZyWALL provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many ...
User Guide
Page 78
...Trusted Use this screen to configure the address and name server records. BW MGMT Summary Use this screen to view the ZyWALL's bandwidth usage and allotments. DNS System Use this screen to view and manage the certificates belonging to Remote Hosts the trusted... Use this screen to change your ZyWALL's port triggering settings. POLICY ROUTE Policy Route Use this screen to configure servers behind the ZyWALL. ADVANCED NAT NAT Overview Use this screen to configure LAN/DMZ/WLAN DNS information. Port Forwarding Use this screen to enable bandwidth management...
...Trusted Use this screen to configure the address and name server records. BW MGMT Summary Use this screen to view the ZyWALL's bandwidth usage and allotments. DNS System Use this screen to view and manage the certificates belonging to Remote Hosts the trusted... Use this screen to change your ZyWALL's port triggering settings. POLICY ROUTE Policy Route Use this screen to configure servers behind the ZyWALL. ADVANCED NAT NAT Overview Use this screen to configure LAN/DMZ/WLAN DNS information. Port Forwarding Use this screen to enable bandwidth management...
User Guide
Page 263
...send a TCP reset packet (for a TCP packet) or an ICMP destination-unreachable message (for unused ports. Click Apply to save your customized settings and exit this screen to help keep the ZyWALL hidden from the LAN. Select Drop to silently discard the packets without saving. 13.6 The Anti-... Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to the sender. You can specify which of the ZyWALL's interfaces will respond to Ping requests and whether or not the ZyWALL is to do with packets that match this screen...
...send a TCP reset packet (for a TCP packet) or an ICMP destination-unreachable message (for unused ports. Click Apply to save your customized settings and exit this screen to help keep the ZyWALL hidden from the LAN. Select Drop to silently discard the packets without saving. 13.6 The Anti-... Note: You may also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to the sender. You can specify which of the ZyWALL's interfaces will respond to Ping requests and whether or not the ZyWALL is to do with packets that match this screen...
User Guide
Page 272
...server on your protected network. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow a WAN computer to access devices on the LAN. Chapter 13 Firewall Screens By default, the ZyWALL drops packets traveling in through the selected "from the LAN and going out...with other computers on the WAN. For example, by default the From LAN To VPN default firewall rule allows traffic from managing the ZyWALL or using the ZyWALL as a gateway to go out through any of traffic, such as Lotus Notes database synchronization, from the VPN tunnels.
...server on your protected network. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow a WAN computer to access devices on the LAN. Chapter 13 Firewall Screens By default, the ZyWALL drops packets traveling in through the selected "from the LAN and going out...with other computers on the WAN. For example, by default the From LAN To VPN default firewall rule allows traffic from managing the ZyWALL or using the ZyWALL as a gateway to go out through any of traffic, such as Lotus Notes database synchronization, from the VPN tunnels.
User Guide
Page 370
.... Local Network Specify the IP addresses of computers on the LAN behind your ZyWALL. The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in a range of the devices behind the ZyWALL that represent the translated private IP addresses. Virtual Ending IP Address When you ...the same local and remote IP addresses, as long as the translated IP address. Many-to-one rules are for your ZyWALL. Use port forwarding rules to the size of translated IP addresses. These must be equal to allow incoming traffic from the remote network. ...
.... Local Network Specify the IP addresses of computers on the LAN behind your ZyWALL. The VPN network policy port forwarding rules let the ZyWALL forward traffic coming in a range of the devices behind the ZyWALL that represent the translated private IP addresses. Virtual Ending IP Address When you ...the same local and remote IP addresses, as long as the translated IP address. Many-to-one rules are for your ZyWALL. Use port forwarding rules to the size of translated IP addresses. These must be equal to allow incoming traffic from the remote network. ...
User Guide
Page 372
...SA automatically renegotiates in the VPN Rules (IKE) screen to have the ZyWALL use a 768-bit random number DH2 - Then, under Virtual Address Mapping Rule, select Many-to-One as the Type and click the Port Forwarding Rules button to update the encryption and authentication keys. A short SA Life... Time increases security by selecting this to allow the ZyWALL to the appropriate IP address on the LAN. 372 ZyWALL 5/35/70 Series User's Guide Both routers must ...
...SA automatically renegotiates in the VPN Rules (IKE) screen to have the ZyWALL use a 768-bit random number DH2 - Then, under Virtual Address Mapping Rule, select Many-to-One as the Type and click the Port Forwarding Rules button to update the encryption and authentication keys. A short SA Life... Time increases security by selecting this to allow the ZyWALL to the appropriate IP address on the LAN. 372 ZyWALL 5/35/70 Series User's Guide Both routers must ...
User Guide
Page 373
... specified services, NAT supports a default server. Start Port Type a port number in this field. To forward a series of an individual port forwarding server entry. To forward only one port, type the port number again in the End Port field. Apply Click this screen. Chapter 19 IPSec VPN...Network Policy > Port Forwarding The following table describes the labels in this button to save these settings. A default server receives packets from ports that begins with the port number in the Start Port field above and then type it again in this field. ZyWALL 5/35/70 ...
... specified services, NAT supports a default server. Start Port Type a port number in this field. To forward a series of an individual port forwarding server entry. To forward only one port, type the port number again in the End Port field. Apply Click this screen. Chapter 19 IPSec VPN...Network Policy > Port Forwarding The following table describes the labels in this button to save these settings. A default server receives packets from ports that begins with the port number in the Start Port field above and then type it again in this field. ZyWALL 5/35/70 ...
User Guide
Page 435
... (Section 22.3 on page 445) to change your ZyWALL's trigger port settings. 22.1.2 What You Need To Know About NAT NAT Mapping Types NAT supports five types of IP/port mapping. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature (the SUA option). •...Many to One: In Many-to-One mode, the ZyWALL maps multiple local IP addresses to one network is highly recommended that you to a different IP address known within one global IP address. Not all models. • Click Port Forwarding screens (Section 22.4 on page 441) to make ...
... (Section 22.3 on page 445) to change your ZyWALL's trigger port settings. 22.1.2 What You Need To Know About NAT NAT Mapping Types NAT supports five types of IP/port mapping. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature (the SUA option). •...Many to One: In Many-to-One mode, the ZyWALL maps multiple local IP addresses to one network is highly recommended that you to a different IP address known within one global IP address. Not all models. • Click Port Forwarding screens (Section 22.4 on page 441) to make ...
User Guide
Page 438
...Mapping to duplicate this screen to be configured on the ZyWALL. Now if you delete rule 4, rules 5 to 6 in the order that can be rule 7, not 9. Port Forwarding Rules The bar displays how many of the ZyWALL's possible port forwarding rules are configured. The first number shows how many ... Series User's Guide The second number shows the maximum number of the ZyWALL's possible trigger port rules are available on the ZyWALL. Use this WAN interface's NAT port forwarding or trigger port rules on the ZyWALL. Select Full Feature if you have multiple public WAN IP addresses for...
...Mapping to duplicate this screen to be configured on the ZyWALL. Now if you delete rule 4, rules 5 to 6 in the order that can be rule 7, not 9. Port Forwarding Rules The bar displays how many of the ZyWALL's possible port forwarding rules are configured. The first number shows how many ... Series User's Guide The second number shows the maximum number of the ZyWALL's possible trigger port rules are available on the ZyWALL. Use this WAN interface's NAT port forwarding or trigger port rules on the ZyWALL. Select Full Feature if you have multiple public WAN IP addresses for...
User Guide
Page 441
... for One-toOne, Many-to-One and Server mapping types. This field is on port 80 and FTP on the LAN) servers, for One-to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature. 3. ZyWALL 5/35/70 Series User's Guide 441 Many One-to-One: Many One-to-One ... to the ZyWALL. for example both FTP and web service), it discovers any server processes (such as for unknown services or where one server can support more than one of the following table describes the labels in this screen without saving. 22.4 The Port Forwarding Screen A port forwarding set is ...
... for One-toOne, Many-to-One and Server mapping types. This field is on port 80 and FTP on the LAN) servers, for One-to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature. 3. ZyWALL 5/35/70 Series User's Guide 441 Many One-to-One: Many One-to-One ... to the ZyWALL. for example both FTP and web service), it discovers any server processes (such as for unknown services or where one server can support more than one of the following table describes the labels in this screen without saving. 22.4 The Port Forwarding Screen A port forwarding set is ...
User Guide
Page 442
... NAT Example 22.4.4 NAT and Multiple WAN The ZyWALL has two WAN interfaces. You can configure port forwarding and trigger port rule sets for the first WAN interface and separate sets of rules for ports that are shown in the remote management setup. 22.4.2 Port Forwarding: Services and Port Numbers The ZyWALL provides the additional safety of the DMZ...
... NAT Example 22.4.4 NAT and Multiple WAN The ZyWALL has two WAN interfaces. You can configure port forwarding and trigger port rule sets for the first WAN interface and separate sets of rules for ports that are shown in the remote management setup. 22.4.2 Port Forwarding: Services and Port Numbers The ZyWALL provides the additional safety of the DMZ...
User Guide
Page 443
.... " If you do not assign a Default Server IP address, the ZyWALL discards all packets received for particular services. ZyWALL 5/35/70 Series User's Guide 443 The ZyWALL also translates port 8100 of traffic received on page 449. 22.4.6 Configuring The Port Forwarding Screen Click ADVANCED > NAT > Port Forwarding to server B (IP address 192.168.1.34). The letters a.b.c.d represent...
.... " If you do not assign a Default Server IP address, the ZyWALL discards all packets received for particular services. ZyWALL 5/35/70 Series User's Guide 443 The ZyWALL also translates port 8100 of traffic received on page 449. 22.4.6 Configuring The Port Forwarding Screen Click ADVANCED > NAT > Port Forwarding to server B (IP address 192.168.1.34). The letters a.b.c.d represent...
User Guide
Page 444
... or in the remote management setup. Default Server In addition to delete the entry. 444 ZyWALL 5/35/70 Series User's Guide Active Select this check box to disallow forwarding of an individual port forwarding server entry. Clear this check box to view or configure address mapping rules. The rule... is activated only when you want to enable the port forwarding server entry. If you do not assign a Default Server IP address, the ZyWALL discards all packets received for which you set the WAN Encapsulation to Ethernet and the Service Type...
... or in the remote management setup. Default Server In addition to delete the entry. 444 ZyWALL 5/35/70 Series User's Guide Active Select this check box to disallow forwarding of an individual port forwarding server entry. Clear this check box to view or configure address mapping rules. The rule... is activated only when you want to enable the port forwarding server entry. If you do not assign a Default Server IP address, the ZyWALL discards all packets received for which you set the WAN Encapsulation to Ethernet and the Service Type...