User Guide
Page 27
...-defined NTP Time Servers List 830 50.4.2 Time Server Synchronization 831 50.5 Console Port Speed ...832 50.6 DNS Overview ...832 50.6.1 DNS Server Address Assignment 833...836 50.6.5 Adding an Address/PTR Record 836 50.6.6 Domain Zone Forwarder 837 50.6.7 Adding a Domain Zone Forwarder 837 50.6.8 MX Record ...838 50.6.9 Adding a MX Record...ZyWALL 859 50.8.3 Requirements for Using SSH 859 50.8.4 Configuring SSH ...859 50.8.5 Secure Telnet Using SSH Examples 861 50.9 Telnet ...862 50.9.1 Configuring Telnet 863 50.10 FTP ...864 50.10.1 Configuring FTP 864 50.11 SNMP ...866 ZyWALL USG 300...
...-defined NTP Time Servers List 830 50.4.2 Time Server Synchronization 831 50.5 Console Port Speed ...832 50.6 DNS Overview ...832 50.6.1 DNS Server Address Assignment 833...836 50.6.5 Adding an Address/PTR Record 836 50.6.6 Domain Zone Forwarder 837 50.6.7 Adding a Domain Zone Forwarder 837 50.6.8 MX Record ...838 50.6.9 Adding a MX Record...ZyWALL 859 50.8.3 Requirements for Using SSH 859 50.8.4 Configuring SSH ...859 50.8.5 Secure Telnet Using SSH Examples 861 50.9 Telnet ...862 50.9.1 Configuring Telnet 863 50.10 FTP ...864 50.10.1 Configuring FTP 864 50.11 SNMP ...866 ZyWALL USG 300...
User Guide
Page 33
...and enforce security policies efficiently. ZyWALL USG 300 User's Guide 33 CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of clearance at the sides and 20 cm in a wiring closet with other powerful features. It explains the front panel ports, LEDs, introduces the management ...and so on a standard EIA rack using a rack-mounting kit. Follow the steps below to mount your ZyWALL on ) are mapped to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other equipment. Flexible configuration helps you set up the network and enforce ...
...and enforce security policies efficiently. ZyWALL USG 300 User's Guide 33 CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of clearance at the sides and 20 cm in a wiring closet with other powerful features. It explains the front panel ports, LEDs, introduces the management ...and so on a standard EIA rack using a rack-mounting kit. Follow the steps below to mount your ZyWALL on ) are mapped to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other equipment. Flexible configuration helps you set up the network and enforce ...
User Guide
Page 39
...management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. You can create your own custom zones. The rest of the ZyWALL. 2.1 Features The ZyWALL's security features include...L2TP VPN to change security settings in the event the master ZyWALL fails (device HA). ZyWALL USG 300 User's Guide 39 As a result, it is much simpler to set up and to provide secure communication between these ports. • One or more information about the features of ...
...management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. You can create your own custom zones. The rest of the ZyWALL. 2.1 Features The ZyWALL's security features include...L2TP VPN to change security settings in the event the master ZyWALL fails (device HA). ZyWALL USG 300 User's Guide 39 As a result, it is much simpler to set up and to provide secure communication between these ports. • One or more information about the features of ...
User Guide
Page 53
.... VLAN Create and manage VLAN interfaces and virtual VLAN interfaces. Static Route Create and manage IP static routing information. HTTP Redirect Set up and manage port forwarding rules. ZyWALL USG 300 User's Guide 53 Service View the licensed service status and upgrade licensed services.
.... VLAN Create and manage VLAN interfaces and virtual VLAN interfaces. Static Route Create and manage IP static routing information. HTTP Redirect Set up and manage port forwarding rules. ZyWALL USG 300 User's Guide 53 Service View the licensed service status and upgrade licensed services.
User Guide
Page 106
...to go to a proxy server. The ZyWALL does not check to-ZyWALL firewall rules for the original IP address. 6 In Mapping Type, select Port. 7 Enter 21 in through. 4 Specify the public WAN IP address where the ZyWALL will forward the packets received for packets that have ... NAT to come in both the Original and the Mapped Port fields. 6.5.11 HTTP Redirect Configure this feature to have the ZyWALL transparently forward HTTP (web) traffic to a HTTP proxy server at IP address 192.168.3.80. 1 Click Configuration > Network > HTTP Redirect. 2 Add an entry. 106 ZyWALL USG 300 User's Guide
...to go to a proxy server. The ZyWALL does not check to-ZyWALL firewall rules for the original IP address. 6 In Mapping Type, select Port. 7 Enter 21 in through. 4 Specify the public WAN IP address where the ZyWALL will forward the packets received for packets that have ... NAT to come in both the Original and the Mapped Port fields. 6.5.11 HTTP Redirect Configure this feature to have the ZyWALL transparently forward HTTP (web) traffic to a HTTP proxy server at IP address 192.168.3.80. 1 Click Configuration > Network > HTTP Redirect. 2 Add an entry. 106 ZyWALL USG 300 User's Guide
User Guide
Page 107
..., users, authentication methods 6.5.14 Firewall The firewall controls the travel of the HTTP proxy server. 6 Specify the port number to use for the HTTP traffic that you want to redirect incoming HTTP requests (ge1). 5 Specify the IP...forward to the proxy server. 6.5.12 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to control traffic for remote management. MENU ITEM(S) Configuration > Firewall Zones, schedules, users, user groups, addresses (source, PREREQUISITES destination), address groups (source, destination), services, service groups ZyWALL USG 300...
..., users, authentication methods 6.5.14 Firewall The firewall controls the travel of the HTTP proxy server. 6 Specify the port number to use for the HTTP traffic that you want to redirect incoming HTTP requests (ge1). 5 Specify the IP...forward to the proxy server. 6.5.12 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to control traffic for remote management. MENU ITEM(S) Configuration > Firewall Zones, schedules, users, user groups, addresses (source, PREREQUISITES destination), address groups (source, destination), services, service groups ZyWALL USG 300...
User Guide
Page 164
... > Network > ALG 7.11.2 Set Up a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the ZyWALL's 10.0.0.8 WAN IP address to a H.323 device located on the LAN and using IP address 192.168.1.56. Select Enable ...H.323 ALG and Enable H.323 transformations and click Apply. Chapter 7 Tutorials for ge2 IP address 10.0.0.8 to LAN IP address 192.168.1.56. 164 ZyWALL USG 300...
... > Network > ALG 7.11.2 Set Up a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the ZyWALL's 10.0.0.8 WAN IP address to a H.323 device located on the LAN and using IP address 192.168.1.56. Select Enable ...H.323 ALG and Enable H.323 transformations and click Apply. Chapter 7 Tutorials for ge2 IP address 10.0.0.8 to LAN IP address 192.168.1.56. 164 ZyWALL USG 300...
User Guide
Page 261
Forwarded Data (KB) This is how much of the application's traffic the ZyWALL identified by examining OSI level-3 information such as IP addresses and port numbers. Matched Service Ports Connection This is how much of the application's traffic the ZyWALL identified by Connection examining the ...labels in kilobytes). Dropped Data (KB) This is how much of the application's traffic the ZyWALL has discarded without notifying the client (in this screen. ZyWALL USG 300 User's Guide 261 Chapter 10 Monitor 10.12.3 Application Patrol Statistics: Protocol Statistics The bottom ...
Forwarded Data (KB) This is how much of the application's traffic the ZyWALL identified by examining OSI level-3 information such as IP addresses and port numbers. Matched Service Ports Connection This is how much of the application's traffic the ZyWALL identified by Connection examining the ...labels in kilobytes). Dropped Data (KB) This is how much of the application's traffic the ZyWALL has discarded without notifying the client (in this screen. ZyWALL USG 300 User's Guide 261 Chapter 10 Monitor 10.12.3 Application Patrol Statistics: Protocol Statistics The bottom ...
User Guide
Page 388
...allocate bandwidth to allow an incoming service before using a service that uses a dedicated range of ports on the outgoing interface) to create a new entry after the selected entry. Configure trigger port forwarding to a route and prioritize traffic that the client computer sends to create a new entry. Select... IP address(es) of ports on the LAN to modify it . The incoming service should have the same service or protocol type as they are applied in different subnets. Select an entry and click this to apply bandwidth shaping. 388 ZyWALL USG 300 User's Guide You must ...
...allocate bandwidth to allow an incoming service before using a service that uses a dedicated range of ports on the outgoing interface) to create a new entry after the selected entry. Configure trigger port forwarding to a route and prioritize traffic that the client computer sends to create a new entry. Select... IP address(es) of ports on the LAN to modify it . The incoming service should have the same service or protocol type as they are applied in different subnets. Select an entry and click this to apply bandwidth shaping. 388 ZyWALL USG 300 User's Guide You must ...
User Guide
Page 392
... Some services use the pre-defined port triggering setting to connect to request a service (incoming service). Port triggering allows the client computer to computer A. 392 ZyWALL USG 300 User's Guide The problem is that sends traffic to a remote server to the remote server without manually configuring a port forwarding rule for port triggering: Incoming service: Game (UDP: 1234) Trigger...
... Some services use the pre-defined port triggering setting to connect to request a service (incoming service). Port triggering allows the client computer to computer A. 392 ZyWALL USG 300 User's Guide The problem is that sends traffic to a remote server to the remote server without manually configuring a port forwarding rule for port triggering: Incoming service: Game (UDP: 1234) Trigger...
User Guide
Page 393
...from computer A or until the connection is still bandwidth available. ZyWALL USG 300 User's Guide 393 Chapter 15 Policy and Static Routes 3 Computer A and game server 1 are connected to remote server 1 using the same port triggering rule as computer A unless they require, if there is...multiple policy routes require more bandwidth. The ZyWALL distributes the available bandwidth equally among the policy routes that policy route. Any other until the connection is closed or times out. Figure 303 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth ...
...from computer A or until the connection is still bandwidth available. ZyWALL USG 300 User's Guide 393 Chapter 15 Policy and Static Routes 3 Computer A and game server 1 are connected to remote server 1 using the same port triggering rule as computer A unless they require, if there is...multiple policy routes require more bandwidth. The ZyWALL distributes the available bandwidth equally among the policy routes that policy route. Any other until the connection is closed or times out. Figure 303 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth ...
User Guide
Page 419
ZyWALL USG 300 User's Guide 419 CHAPTER 19 NAT 19.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is changed to a different IP address known within one ... an outgoing packet, used within another (B in the example). Use Network Address Translation (NAT) to make the computers in the private network available by using ports to forward packets to a third (C in the example) and assign a default server IP address of NAT rules and see their configuration details. The NAT network appears...
ZyWALL USG 300 User's Guide 419 CHAPTER 19 NAT 19.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is changed to a different IP address known within one ... an outgoing packet, used within another (B in the example). Use Network Address Translation (NAT) to make the computers in the private network available by using ports to forward packets to a third (C in the example) and assign a default server IP address of NAT rules and see their configuration details. The NAT network appears...
User Guide
Page 420
... select it and click Edit to Know NAT is also known as virtual server, port forwarding, or port translation. In addition, this screen. The following table describes the labels in this screen allows you can modify the entry's settings. 420 ZyWALL USG 300 User's Guide Finding Out More • See Section 6.5.10 on page 105 for...
... select it and click Edit to Know NAT is also known as virtual server, port forwarding, or port translation. In addition, this screen. The following table describes the labels in this screen allows you can modify the entry's settings. 420 ZyWALL USG 300 User's Guide Finding Out More • See Section 6.5.10 on page 105 for...
User Guide
Page 424
...received on page 1009 for Many 1:1 NAT. This field is available if Mapping Type is Ports. Enter the beginning of the range of original destination ports this NAT rule forwards the packet. Chapter 19 NAT Table 108 Configuration > Network > NAT > Add (continued)...for some common port numbers. Enter the original destination port this NAT rule supports. Protocol Type Original Port Mapped Port Original Start Port Original End Port Mapped Start Port Mapped End Port Enable NAT Loopback See Appendix B on the rule's specified incoming interface. 424 ZyWALL USG 300 User's Guide ...
...received on page 1009 for Many 1:1 NAT. This field is available if Mapping Type is Ports. Enter the beginning of the range of original destination ports this NAT rule forwards the packet. Chapter 19 NAT Table 108 Configuration > Network > NAT > Add (continued)...for some common port numbers. Enter the original destination port this NAT rule supports. Protocol Type Original Port Mapped Port Original Start Port Original End Port Mapped Start Port Mapped End Port Enable NAT Loopback See Appendix B on the rule's specified incoming interface. 424 ZyWALL USG 300 User's Guide ...
User Guide
Page 436
... you must also configure NAT (port forwarding) and firewall rules if you could make other H.323 calls that the ZyWALL routes. Figure 326 H.323 ALG Example SIP ALG • SIP phones can be in the same network or different networks. 436 ZyWALL USG 300 User's Guide You can be calls... between H.323 devices A and B. If the FTP server is located on the ZyWALL supports all of the ZyWALL's NAT mapping types. The ZyWALL dynamically creates an implicit NAT session and firewall session...
... you must also configure NAT (port forwarding) and firewall rules if you could make other H.323 calls that the ZyWALL routes. Figure 326 H.323 ALG Example SIP ALG • SIP phones can be in the same network or different networks. 436 ZyWALL USG 300 User's Guide You can be calls... between H.323 devices A and B. If the FTP server is located on the ZyWALL supports all of the ZyWALL's NAT mapping types. The ZyWALL dynamically creates an implicit NAT session and firewall session...
User Guide
Page 437
... peer to peer calls from other SIP servers must configure the firewall and NAT (port forwarding) to allow LAN IP address A to receive calls from LAN IP addresses B and C go through NAT or that the ZyWALL routes. Chapter 21 ALG • There should be calls between LAN IP addresses... The SIP ALG supports peer-to-peer SIP calls. Even though only LAN IP address A ZyWALL USG 300 User's Guide 437 The firewall (by default) allows peer to peer calls from the WAN with a specified port destination to allow incoming (peer-topeer) calls from the LAN IP addresses. You can allow ...
... peer to peer calls from other SIP servers must configure the firewall and NAT (port forwarding) to allow LAN IP address A to receive calls from LAN IP addresses B and C go through NAT or that the ZyWALL routes. Chapter 21 ALG • There should be calls between LAN IP addresses... The SIP ALG supports peer-to-peer SIP calls. Even though only LAN IP address A ZyWALL USG 300 User's Guide 437 The firewall (by default) allows peer to peer calls from the WAN with a specified port destination to allow incoming (peer-topeer) calls from the LAN IP addresses. You can allow ...
User Guide
Page 438
...example of those LAN or DMZ IP addresses go out through WAN IP address 2. ZyWALL USG 300 User's Guide For example, you can still make calls out to the Internet. You configure different firewall and port forwarding rules to allow LAN IP address B to receive calls through WAN IP address 1... IP addresses. Chapter 21 ALG can receive incoming calls from the Internet, LAN IP addresses B and C can configure different firewall and NAT (port forwarding) rules to allow LAN IP address A to receive calls through public WAN IP address 1. You configure corresponding policy routes to have the H.323...
...example of those LAN or DMZ IP addresses go out through WAN IP address 2. ZyWALL USG 300 User's Guide For example, you can still make calls out to the Internet. You configure different firewall and port forwarding rules to allow LAN IP address B to receive calls through WAN IP address 1... IP addresses. Chapter 21 ALG can receive incoming calls from the Internet, LAN IP addresses B and C can configure different firewall and NAT (port forwarding) rules to allow LAN IP address A to receive calls through public WAN IP address 1. You configure corresponding policy routes to have the H.323...
User Guide
Page 940
...Mode only) 1,000 60,000 1024 8K 1,000 60,000 1024 8K 1,000 60,000 1024 8K NAT NAT Entries (Port Forwarding) Trigger Port Rules HTTP Redirect New Session Rate (sessions per second) up to 1,024 up to 8 per PR rule up to ...ZyWALL's features. Chapter 57 Product Specifications Table 272 Hardware Specifications (continued) FEATURE SPECIFICATION Storage Environment Temperature: -30 C to 60 C MTBF Dimensions Weight Rack-mounting Humidity: 20% to interface limit 2000 FIREWALL Firewall ACL Rules Maximum Session Limit per Host Rules 2000 NA 2000 1000 2000 1000 940 ZyWALL USG 300...
...Mode only) 1,000 60,000 1024 8K 1,000 60,000 1024 8K 1,000 60,000 1024 8K NAT NAT Entries (Port Forwarding) Trigger Port Rules HTTP Redirect New Session Rate (sessions per second) up to 1,024 up to 8 per PR rule up to ...ZyWALL's features. Chapter 57 Product Specifications Table 272 Hardware Specifications (continued) FEATURE SPECIFICATION Storage Environment Temperature: -30 C to 60 C MTBF Dimensions Weight Rack-mounting Humidity: 20% to interface limit 2000 FIREWALL Firewall ACL Rules Maximum Session Limit per Host Rules 2000 NA 2000 1000 2000 1000 940 ZyWALL USG 300...
User Guide
Page 1138
Index port forwarding, see NAT port translation, see NAT port triggering 392 port triggering, see also policy routes prerequisites 106 table 100 traversal 509 trigger port, see also policy routes tutorial 167, 170 NAT loopback 101 navigation panel 51 NBNS 307, 333, 348, 358, 367, 524 NetBIOS Broadcast...NSSA) 398 stub areas 398 types of 398 OSPF routers 399 area border (ABR) 399 autonomous system boundary (ASBR) 400 backbone (BR) 400 ZyWALL USG 300 User's Guide NetBIOS Name Server, see NBNS NetMeeting 442 see also H.323 Netscape Navigator 47 network access mode 42 full tunnel 43, 518 reverse ...
Index port forwarding, see NAT port translation, see NAT port triggering 392 port triggering, see also policy routes prerequisites 106 table 100 traversal 509 trigger port, see also policy routes tutorial 167, 170 NAT loopback 101 navigation panel 51 NBNS 307, 333, 348, 358, 367, 524 NetBIOS Broadcast...NSSA) 398 stub areas 398 types of 398 OSPF routers 399 area border (ABR) 399 autonomous system boundary (ASBR) 400 backbone (BR) 400 ZyWALL USG 300 User's Guide NetBIOS Name Server, see NBNS NetMeeting 442 see also H.323 Netscape Navigator 47 network access mode 42 full tunnel 43, 518 reverse ...
User Guide
Page 1140
...-up windows 47 port forwarding, see NAT port groups 117, 296, 299 and Ethernet interfaces 299 and physical ports 299 representative interfaces 299 port mapping 33 port scan, filtered 650 port scanning 649 port speed 872 port sweep 650 port translation, see NAT port triggering 392 and ...917 power on 37 PPP 368 troubleshooting 922 PPP interfaces subnet mask 365 PPPoE 368 and RADIUS 368 TCP port 1723 368 PPPoE/PPTP interfaces 296, 310 and ISP accounts 311, 803 basic characteristics 297 gateway 311 ... 915 vs reset 915 record route 620 Reference Guide, CLI 3 registration 283 ZyWALL USG 300 User's Guide
...-up windows 47 port forwarding, see NAT port groups 117, 296, 299 and Ethernet interfaces 299 and physical ports 299 representative interfaces 299 port mapping 33 port scan, filtered 650 port scanning 649 port speed 872 port sweep 650 port translation, see NAT port triggering 392 and ...917 power on 37 PPP 368 troubleshooting 922 PPP interfaces subnet mask 365 PPPoE 368 and RADIUS 368 TCP port 1723 368 PPPoE/PPTP interfaces 296, 310 and ISP accounts 311, 803 basic characteristics 297 gateway 311 ... 915 vs reset 915 record route 620 Reference Guide, CLI 3 registration 283 ZyWALL USG 300 User's Guide