User Guide
Page 24
...Port Speed ...636 43.6 DNS Overview ...636 43.6.1 DNS Server Address Assignment 637 43.6.2 Configuring the DNS Screen 637 43.6.3 Address Record ...640 43.6.4 PTR Record ...640 43.6.5 Adding an Address/PTR Record 640 43.6.6 Domain Zone Forwarder 641 43.6.7 Adding a Domain Zone Forwarder...43.7.7 HTTPS Example ...654 43.8 SSH ...661 43.8.1 How SSH Works ...662 43.8.2 SSH Implementation on the ZyWALL 663 43.8.3 Requirements for Using SSH 663 43.8.4 Configuring SSH ...663 43.8.5 Secure Telnet Using SSH Examples 665... 44.1.1 What You Can Do In this Chapter 679 24 ZyWALL USG 20/20W User's Guide
...Port Speed ...636 43.6 DNS Overview ...636 43.6.1 DNS Server Address Assignment 637 43.6.2 Configuring the DNS Screen 637 43.6.3 Address Record ...640 43.6.4 PTR Record ...640 43.6.5 Adding an Address/PTR Record 640 43.6.6 Domain Zone Forwarder 641 43.6.7 Adding a Domain Zone Forwarder...43.7.7 HTTPS Example ...654 43.8 SSH ...661 43.8.1 How SSH Works ...662 43.8.2 SSH Implementation on the ZyWALL 663 43.8.3 Requirements for Using SSH 663 43.8.4 Configuring SSH ...663 43.8.5 Secure Telnet Using SSH Examples 665... 44.1.1 What You Can Do In this Chapter 679 24 ZyWALL USG 20/20W User's Guide
User Guide
Page 29
... following to attach your company. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for a third WAN connection. Alternatively, you set ports to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. ZyWALL USG 20/20W User's Guide 29 It also provides bandwidth management, Instant Messaging (IM) and Peer...
... following to attach your company. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for a third WAN connection. Alternatively, you set ports to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. ZyWALL USG 20/20W User's Guide 29 It also provides bandwidth management, Instant Messaging (IM) and Peer...
User Guide
Page 37
... bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. The ZyWALL also offers hub-and-spoke IPSec VPN. The rest of this section provides more information about the features of the following: • Multiple WAN ports and configure load balancing ...to provide secure communication between these ports. • One or more of the ZyWALL. You can create your own custom zones. You can add interfaces and VPN tunnels to zones. ZyWALL USG 20/20W User's Guide 37 High Availability To ensure the ZyWALL provides reliable, secure Internet access...
... bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. The ZyWALL also offers hub-and-spoke IPSec VPN. The rest of this section provides more information about the features of the following: • Multiple WAN ports and configure load balancing ...to provide secure communication between these ports. • One or more of the ZyWALL. You can create your own custom zones. You can add interfaces and VPN tunnels to zones. ZyWALL USG 20/20W User's Guide 37 High Availability To ensure the ZyWALL provides reliable, secure Internet access...
User Guide
Page 49
... installed 3G card. RIP Configure device-level RIP settings. OSPF Configure device-level OSPF settings, including areas and virtual links. ZyWALL USG 20/20W User's Guide 49 Policy Define rules to define various policies. VPN Gateway Configure IKE tunnels. Cellular Configure a cellular Internet... Static Route Create and manage IP static routing information. HTTP Redirect Set up and manage port forwarding rules. IP/MAC Binding Summary Configure IP to MAC address bindings for devices connected to which the ZyWALL does not apply IP/MAC binding. Auth.
... installed 3G card. RIP Configure device-level RIP settings. OSPF Configure device-level OSPF settings, including areas and virtual links. ZyWALL USG 20/20W User's Guide 49 Policy Define rules to define various policies. VPN Gateway Configure IKE tunnels. Cellular Configure a cellular Internet... Static Route Create and manage IP static routing information. HTTP Redirect Set up and manage port forwarding rules. IP/MAC Binding Summary Configure IP to MAC address bindings for devices connected to which the ZyWALL does not apply IP/MAC binding. Auth.
User Guide
Page 99
... keeps copies of the web pages that the FTP traffic is to -ZyWALL firewall rules for the original IP address. 6 In Mapping Type, select Port. 7 Enter 21 in through -ZyWALL) firewall rules. ZyWALL USG 20/20W User's Guide 99 The ZyWALL will receive the FTP packets. 5 In the Mapped IP field, list...the FTP server. It does check regular (through . 4 Specify the public WAN IP address where the ZyWALL will forward the packets received for packets that page. You could configure a NAT rule to forwards FTP sessions from which you want HTTP requests from your users needs to a proxy server.
... keeps copies of the web pages that the FTP traffic is to -ZyWALL firewall rules for the original IP address. 6 In Mapping Type, select Port. 7 Enter 21 in through -ZyWALL) firewall rules. ZyWALL USG 20/20W User's Guide 99 The ZyWALL will receive the FTP packets. 5 In the Mapped IP field, list...the FTP server. It does check regular (through . 4 Specify the public WAN IP address where the ZyWALL will forward the packets received for packets that page. You could configure a NAT rule to forwards FTP sessions from which you want HTTP requests from your users needs to a proxy server.
User Guide
Page 100
... destination), address groups (source, destination), services, service groups Example: Suppose you forward to the proxy server. 6.5.11 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to control who can...from the SIP proxy server on the LAN can receive calls. 100 ZyWALL USG 20/20W User's Guide Each of these objects must be configured in ...allow VoIP sessions from the LAN or WAN zone. You can also specify additional signaling port numbers. Policy PREREQUISITES Addresses, services, endpoint security objects, users, authentication methods 6.5.13 ...
... destination), address groups (source, destination), services, service groups Example: Suppose you forward to the proxy server. 6.5.11 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to control who can...from the SIP proxy server on the LAN can receive calls. 100 ZyWALL USG 20/20W User's Guide Each of these objects must be configured in ...allow VoIP sessions from the LAN or WAN zone. You can also specify additional signaling port numbers. Policy PREREQUISITES Addresses, services, endpoint security objects, users, authentication methods 6.5.13 ...
User Guide
Page 133
...need a NAT policy to forward H.323 (TCP port 1720) traffic received on the LAN and using IP address 192.168.1.56. Figure 86 WAN to LAN H.323 Peer-to-peer Calls Example 192.168.1.56 10.0.0.8 7.9.1 Turn On the ALG Click Configuration > Network > ALG. ZyWALL USG 20/20W User's Guide 133 ...Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to a H.323 device located on the ZyWALL's 10.0.0.8 WAN IP address to LAN1 IP address 192.168.1.56. Select Enable H.323 ALG...
...need a NAT policy to forward H.323 (TCP port 1720) traffic received on the LAN and using IP address 192.168.1.56. Figure 86 WAN to LAN H.323 Peer-to-peer Calls Example 192.168.1.56 10.0.0.8 7.9.1 Turn On the ALG Click Configuration > Network > ALG. ZyWALL USG 20/20W User's Guide 133 ...Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to a H.323 device located on the ZyWALL's 10.0.0.8 WAN IP address to LAN1 IP address 192.168.1.56. Select Enable H.323 ALG...
User Guide
Page 306
...field. This is bound, the virtual interface and physical interface must be able to dynamically take turns using a port triggering rule. It causes (triggers) the ZyWALL to forward the traffic (received on the outgoing interface) to create a new entry. Click this to the client computer that...as the physical interface to apply bandwidth shaping. 306 ZyWALL USG 20/20W User's Guide Configure trigger port forwarding to allow an incoming service before using a service that uses a dedicated range of ports on the client side and a dedicated range of ports on the LAN to modify it . Select an ...
...field. This is bound, the virtual interface and physical interface must be able to dynamically take turns using a port triggering rule. It causes (triggers) the ZyWALL to forward the traffic (received on the outgoing interface) to create a new entry. Click this to the client computer that...as the physical interface to apply bandwidth shaping. 306 ZyWALL USG 20/20W User's Guide Configure trigger port forwarding to allow an incoming service before using a service that uses a dedicated range of ports on the client side and a dedicated range of ports on the LAN to modify it . Select an ...
User Guide
Page 310
...ports on the client side and a dedicated range of the client computer that sends traffic to a remote server to request a service (incoming service). When the ZyWALL receives a new connection (trigger service) from the remote server) to computer A. 310 ZyWALL USG 20/20W User's Guide The ZyWALL allows and forwards... the traffic to a client computer. Table 82 Assured Forwarding (AF) Behavior Group Class ...
...ports on the client side and a dedicated range of the client computer that sends traffic to a remote server to request a service (incoming service). When the ZyWALL receives a new connection (trigger service) from the remote server) to computer A. 310 ZyWALL USG 20/20W User's Guide The ZyWALL allows and forwards... the traffic to a client computer. Table 82 Assured Forwarding (AF) Behavior Group Class ...
User Guide
Page 311
...there is still bandwidth available. Figure 189 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to that policy route. When multiple policy routes require more bandwidth, the ZyWALL gives the highest priority policy routes the available ...ZyWALL USG 20/20W User's Guide 311 When only one policy route requires more bandwidth, the ZyWALL gives the extra bandwidth to divide up an interface's available bandwidth (bandwidth that each other computers (such as B or C) cannot connect to remote server 1 using the same port...
...there is still bandwidth available. Figure 189 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to that policy route. When multiple policy routes require more bandwidth, the ZyWALL gives the highest priority policy routes the available ...ZyWALL USG 20/20W User's Guide 311 When only one policy route requires more bandwidth, the ZyWALL gives the extra bandwidth to divide up an interface's available bandwidth (bandwidth that each other computers (such as B or C) cannot connect to remote server 1 using the same port...
User Guide
Page 337
...SMTP server (A in the example), port 80 to another network. If the ZyWALL has only one public IP address, you want to assign ports 21-25 to one network is the translation of the IP address of a host in the private network available by using ports to forward packets to a different IP address ... LAN IP addresses and the ISP assigns the WAN IP address. Suppose you can also create new NAT rules and edit or delete existing ones. ZyWALL USG 20/20W User's Guide 337 Use Network Address Translation (NAT) to view and manage the list of 192.168.1.35 to a third (C in this ...
...SMTP server (A in the example), port 80 to another network. If the ZyWALL has only one public IP address, you want to assign ports 21-25 to one network is the translation of the IP address of a host in the private network available by using ports to forward packets to a different IP address ... LAN IP addresses and the ISP assigns the WAN IP address. Suppose you can also create new NAT rules and edit or delete existing ones. ZyWALL USG 20/20W User's Guide 337 Use Network Address Translation (NAT) to view and manage the list of 192.168.1.35 to a third (C in this ...
User Guide
Page 338
.... 338 ZyWALL USG 20/20W User's Guide Figure 203 Configuration > Network > NAT The following screen appears, providing a summary of all NAT rules and their configuration. Edit Double-click an entry or select it and click Edit to open a screen where you to Know NAT is also known as virtual server, port forwarding, or port translation. In...
.... 338 ZyWALL USG 20/20W User's Guide Figure 203 Configuration > Network > NAT The following screen appears, providing a summary of all NAT rules and their configuration. Edit Double-click an entry or select it and click Edit to open a screen where you to Know NAT is also known as virtual server, port forwarding, or port translation. In...
User Guide
Page 342
... incoming interface. 342 ZyWALL USG 20/20W User's Guide Enter the original destination port this NAT rule forwards the packet. The original port range and the mapped port range must have the same number of translated destination ports if this NAT rule supports all the destination ports. The original and ...interface (instead of just the specified Incoming Interface) to use a range of original destination ports this NAT rule forwards the packet. Select to access the Mapped IP device. Port - Port Mapping Type Use the drop-down list box to the Mapped IP device. Enter the ...
... incoming interface. 342 ZyWALL USG 20/20W User's Guide Enter the original destination port this NAT rule forwards the packet. The original port range and the mapped port range must have the same number of translated destination ports if this NAT rule supports all the destination ports. The original and ...interface (instead of just the specified Incoming Interface) to use a range of original destination ports this NAT rule forwards the packet. Select to access the Mapped IP device. Port - Port Mapping Type Use the drop-down list box to the Mapped IP device. Enter the ...
User Guide
Page 350
...or dashes (-), but the first character cannot be received for the ZyWALL to forward it to the specified proxy server. Figure 210 Network > HTTP Redirect > Edit The following table describes the labels in this screen without saving. 350 ZyWALL USG 20/20W User's Guide Interface Select the interface on or off. ... where you can configure the rule. Name Enter a name to identify this option to the ZyWALL. Proxy Server Enter the IP address of the proxy server. Port OK Cancel Enter the port number that the proxy server uses. This value is case-sensitive. Click OK to save your...
...or dashes (-), but the first character cannot be received for the ZyWALL to forward it to the specified proxy server. Figure 210 Network > HTTP Redirect > Edit The following table describes the labels in this screen without saving. 350 ZyWALL USG 20/20W User's Guide Interface Select the interface on or off. ... where you can configure the rule. Name Enter a name to identify this option to the ZyWALL. Proxy Server Enter the IP address of the proxy server. Port OK Cancel Enter the port number that the proxy server uses. This value is case-sensitive. Click OK to save your...
User Guide
Page 352
...port forwarding) and firewall rules if you could make other H.323 calls that do not go through . The ALG on the ZyWALL supports all of the ZyWALL's NAT mapping types. Examples would be in any zone (including LAN, DMZ, WAN), and the SIP server and SIP clients can be calls between H.323 devices A and B. ZyWALL USG 20.../20W User's Guide You can also make a call from the WAN. FTP ALG The FTP ALG allows TCP packets with a specified port destination. • The ZyWALL allows H.323 audio connections. • The ZyWALL can also apply bandwidth management...
...port forwarding) and firewall rules if you could make other H.323 calls that do not go through . The ALG on the ZyWALL supports all of the ZyWALL's NAT mapping types. Examples would be in any zone (including LAN, DMZ, WAN), and the SIP server and SIP clients can be calls between H.323 devices A and B. ZyWALL USG 20.../20W User's Guide You can also make a call from the WAN. FTP ALG The FTP ALG allows TCP packets with a specified port destination. • The ZyWALL allows H.323 audio connections. • The ZyWALL can also apply bandwidth management...
User Guide
Page 353
... ALG allows UDP packets with Multiple Outgoing Calls When you could have LAN IP address A make other SIP servers must configure the firewall and NAT (port forwarding) to allow LAN IP address A to receive calls from the LAN IP addresses. Configure another policy route to have H.323 (or SIP) calls from LAN... example you configure the firewall and NAT (port forwarding) to allow calls from the WAN to -Back User Agent such as the IPPBX x6004 or an asterisk PBX on the DMZ or on the LAN but not on the WAN. Even though only LAN IP address A ZyWALL USG 20/20W User's Guide 353 So for...
... ALG allows UDP packets with Multiple Outgoing Calls When you could have LAN IP address A make other SIP servers must configure the firewall and NAT (port forwarding) to allow LAN IP address A to receive calls from the LAN IP addresses. Configure another policy route to have H.323 (or SIP) calls from LAN... example you configure the firewall and NAT (port forwarding) to allow calls from the WAN to -Back User Agent such as the IPPBX x6004 or an asterisk PBX on the DMZ or on the LAN but not on the WAN. Even though only LAN IP address A ZyWALL USG 20/20W User's Guide 353 So for...
User Guide
Page 354
... lets the ZyWALL correctly forward the return traffic for an example of those LAN or DMZ IP addresses go out through the same WAN IP address that calls come in the DMZ zone accessible from the Internet (the WAN zone). You configure different firewall and port forwarding rules to ... different firewall and NAT (port forwarding) rules to allow incoming calls from each of making an IPPBX using SIP or a SIP server in on page 132 for a tutorial showing how to use the ALG for peer- You configure corresponding policy routes to the Internet. ZyWALL USG 20/20W User's Guide For example...
... lets the ZyWALL correctly forward the return traffic for an example of those LAN or DMZ IP addresses go out through the same WAN IP address that calls come in the DMZ zone accessible from the Internet (the WAN zone). You configure different firewall and port forwarding rules to ... different firewall and NAT (port forwarding) rules to allow incoming calls from each of making an IPPBX using SIP or a SIP server in on page 132 for a tutorial showing how to use the ALG for peer- You configure corresponding policy routes to the Internet. ZyWALL USG 20/20W User's Guide For example...
User Guide
Page 402
...configure a new one). SNAT Select the address object that entry and press [ENTER] to move the entry to the main VPN screen. 402 ZyWALL USG 20/20W User's Guide The size of the original source address range (Source) must be the same size as the size of the translated source ...use this translation. These fields are checked and executed. The size of the original port range must be equal to create a new entry after the selected entry. This is TCP or UDP. Destination NAT Add This translation forwards packets (for where you typed. # This field is a sequential value, and ...
...configure a new one). SNAT Select the address object that entry and press [ENTER] to move the entry to the main VPN screen. 402 ZyWALL USG 20/20W User's Guide The size of the original source address range (Source) must be the same size as the size of the translated source ...use this translation. These fields are checked and executed. The size of the original port range must be equal to create a new entry after the selected entry. This is TCP or UDP. Destination NAT Add This translation forwards packets (for where you typed. # This field is a sequential value, and ...
User Guide
Page 950
... interfaces 224 and RIP 318 and static routes 318 and to -ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering 310 port triggering, see also policy routes prerequisites 99 traversal 420 trigger... Stubby Area (NSSA) 316 stub areas 316 types of 316 OSPF routers 317 area border (ABR) 317 autonomous system boundary (ASBR) 318 backbone (BR) 318 ZyWALL USG 20/20W User's Guide
... interfaces 224 and RIP 318 and static routes 318 and to -ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering 310 port triggering, see also policy routes prerequisites 99 traversal 420 trigger... Stubby Area (NSSA) 316 stub areas 316 types of 316 OSPF routers 317 area border (ABR) 317 autonomous system boundary (ASBR) 318 backbone (BR) 318 ZyWALL USG 20/20W User's Guide
User Guide
Page 951
...522 pop-up windows 43 port forwarding, see NAT port groups 107, 218, 221 port roles 220 and Ethernet interfaces 220 and physical ports 220 port scan, filtered 480 port scanning 479 port sweep 480 port translation, see PPPoE. ...Point-to -Point Protocol over Ethernet, see NAT port triggering 310 and firewall 306, 731 and policy routes 306 and service groups 306 and services 306 troubleshooting 731 ZyWALL USG 20...
...522 pop-up windows 43 port forwarding, see NAT port groups 107, 218, 221 port roles 220 and Ethernet interfaces 220 and physical ports 220 port scan, filtered 480 port scanning 479 port sweep 480 port translation, see PPPoE. ...Point-to -Point Protocol over Ethernet, see NAT port triggering 310 and firewall 306, 731 and policy routes 306 and service groups 306 and services 306 troubleshooting 731 ZyWALL USG 20...