User Manual
Page 14
... Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP 151 7.12 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the... Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
... Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP 151 7.12 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the... Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 39
...suspected of a particular application's individual features (like voice and video. Application Patrol Application patrol (App. You can mark or discard spam. ZyWALL USG 50 User's Guide 39 Anti-Spam The anti-spam feature can also use of being used by spammers. The... the anti-virus packet scanner, your ZyWALL. Application patrol has powerful bandwidth management including traffic prioritization to identify legitimate e-mail. Use the white list to enhance the performance of servers that gives SIP priority over all other traffic. The ZyWALL helps stop threats at the network edge...
...suspected of a particular application's individual features (like voice and video. Application Patrol Application patrol (App. You can mark or discard spam. ZyWALL USG 50 User's Guide 39 Anti-Spam The anti-spam feature can also use of being used by spammers. The... the anti-virus packet scanner, your ZyWALL. Application patrol has powerful bandwidth management including traffic prioritization to identify legitimate e-mail. Use the white list to enhance the performance of servers that gives SIP priority over all other traffic. The ZyWALL helps stop threats at the network edge...
User Manual
Page 49
... rules. Exempt List Configure ranges of concurrent client NAT/firewall sessions. Firewall Firewall Create and manage level-3 traffic rules. ZyWALL USG 50 User's Guide 49 Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. Cellular Configure a cellular Internet connection for users and groups... Create and manage VLAN interfaces and virtual VLAN interfaces. ALG Configure SIP, H.323, and FTP pass-through settings. Session Limit Limit the number of IP addresses to which the ZyWALL does not apply IP/MAC binding. VPN IPSec VPN VPN Connection ...
... rules. Exempt List Configure ranges of concurrent client NAT/firewall sessions. Firewall Firewall Create and manage level-3 traffic rules. ZyWALL USG 50 User's Guide 49 Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. Cellular Configure a cellular Internet connection for users and groups... Create and manage VLAN interfaces and virtual VLAN interfaces. ALG Configure SIP, H.323, and FTP pass-through settings. Session Limit Limit the number of IP addresses to which the ZyWALL does not apply IP/MAC binding. VPN IPSec VPN VPN Connection ...
User Manual
Page 101
...Allow and the Log field set to control traffic for VoIP calls. You could configure a firewall rule to allow VoIP sessions from the SIP proxy server on DMZ to the LAN so VoIP users on schedules, specific users (or user groups), source or destination addresses (or... groups (source, destination), services, service groups Example: Suppose you have a SIP proxy server connected to the firewall configuration. 4 Select from the LAN or WAN zone. Note: The ZyWALL checks the firewall rules in order. ZyWALL USG 50 User's Guide 101 You can configure firewall rules based on the LAN can ...
...Allow and the Log field set to control traffic for VoIP calls. You could configure a firewall rule to allow VoIP sessions from the SIP proxy server on DMZ to the LAN so VoIP users on schedules, specific users (or user groups), source or destination addresses (or... groups (source, destination), services, service groups Example: Suppose you have a SIP proxy server connected to the firewall configuration. 4 Select from the LAN or WAN zone. Note: The ZyWALL checks the firewall rules in order. ZyWALL USG 50 User's Guide 101 You can configure firewall rules based on the LAN can ...
User Manual
Page 146
DMZ_HTTP is an example of making an IPPBX x6004 using SIP in the DMZ zone accessible from the Internet (the WAN zone). Set the Access field to allow and the Service to traffic before applying the ...'s DMZ IP address object (DMZ_HTTP). Set the From field as WAN and the To field as DMZ. In this example you have public IP 146 ZyWALL USG 50 User's Guide Set the Destination to Use an IPPBX on the DMZ This is the destination because the...
DMZ_HTTP is an example of making an IPPBX x6004 using SIP in the DMZ zone accessible from the Internet (the WAN zone). Set the Access field to allow and the Service to traffic before applying the ...'s DMZ IP address object (DMZ_HTTP). Set the From field as WAN and the To field as DMZ. In this example you have public IP 146 ZyWALL USG 50 User's Guide Set the Destination to Use an IPPBX on the DMZ This is the destination because the...
User Manual
Page 147
The local SIP clients are on the wan1 interface and map to the IPPBX's private IP address of 192.168.3.7. Figure 105 IPPBX Example Network Topology ZyWALL USG 50 User's Guide 147 Chapter 7 Tutorials address 1.1.1.2 that you will use on the LAN.
The local SIP clients are on the wan1 interface and map to the IPPBX's private IP address of 192.168.3.7. Figure 105 IPPBX Example Network Topology ZyWALL USG 50 User's Guide 147 Chapter 7 Tutorials address 1.1.1.2 that you will use on the LAN.
User Manual
Page 148
Figure 106 Configuration > Network > ALG 7.11.2 Create the Address Objects Use Configuration > Object > Address > Add to create the address objects. 1 Create a host address object named IPPBX-DMZ for the IPPBX's Private IP Address 148 ZyWALL USG 50 User's Guide Figure 107 Creating the Address Object for the IPPBX's private DMZ IP address of 192.168.3.9. Chapter 7 Tutorials 7.11.1 Turn On the ALG Click Configuration > Network > ALG. Select Enable SIP ALG and Enable SIP Transformations and click Apply.
Figure 106 Configuration > Network > ALG 7.11.2 Create the Address Objects Use Configuration > Object > Address > Add to create the address objects. 1 Create a host address object named IPPBX-DMZ for the IPPBX's Private IP Address 148 ZyWALL USG 50 User's Guide Figure 107 Creating the Address Object for the IPPBX's private DMZ IP address of 192.168.3.9. Chapter 7 Tutorials 7.11.1 Turn On the ALG Click Configuration > Network > ALG. Select Enable SIP ALG and Enable SIP Transformations and click Apply.
User Manual
Page 149
...the IPPBX (see NAT Loopback on page 327 for thepublic WAN IP address 1.1.1.2. Chapter 7 Tutorials 2 Create a host address object named IPPBX-Public for details). ZyWALL USG 50 User's Guide 149 Figure 108 Creating the Public IP Address Object 7.11.3 Setup a NAT Policy for the IPPBX Click Configuration > Network > NAT > Add.... Classification to NAT 1:1. • Set the Incoming Interface to wan1. • Set the Original IP to use it to connect to for making SIP calls. • Set the Mapped IP to the IPPBX's DMZ IP address object (IPPBX-DMZ). • Set the Port Mapping Type to Port...
...the IPPBX (see NAT Loopback on page 327 for thepublic WAN IP address 1.1.1.2. Chapter 7 Tutorials 2 Create a host address object named IPPBX-Public for details). ZyWALL USG 50 User's Guide 149 Figure 108 Creating the Public IP Address Object 7.11.3 Setup a NAT Policy for the IPPBX Click Configuration > Network > NAT > Add.... Classification to NAT 1:1. • Set the Incoming Interface to wan1. • Set the Original IP to use it to connect to for making SIP calls. • Set the Mapped IP to the IPPBX's DMZ IP address object (IPPBX-DMZ). • Set the Port Mapping Type to Port...
User Manual
Page 150
If a domain name is registered for IP address 1.1.1.2, users can use it to connect to for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to DMZ Firewall Rule for making SIP calls. 150 ZyWALL USG 50 User's Guide Chapter 7 Tutorials • Click OK. Figure 109 Configuration > Network > NAT > Add 7.11.4 Set Up a WAN to the IPPBX.
If a domain name is registered for IP address 1.1.1.2, users can use it to connect to for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to DMZ Firewall Rule for making SIP calls. 150 ZyWALL USG 50 User's Guide Chapter 7 Tutorials • Click OK. Figure 109 Configuration > Network > NAT > Add 7.11.4 Set Up a WAN to the IPPBX.
User Manual
Page 151
...). Set the Destination to traffic before applying the firewall rule. ZyWALL USG 50 User's Guide 151 Set the From field as WAN and the To field as DMZ. Figure 110 Configuration > Firewall > Add 7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN... zone by default so you need to create a firewall rule to allow the IPPBX to send SIP traffic to allow and click OK. Set the Access field to the...
...). Set the Destination to traffic before applying the firewall rule. ZyWALL USG 50 User's Guide 151 Set the From field as WAN and the To field as DMZ. Figure 110 Configuration > Firewall > Add 7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN... zone by default so you need to create a firewall rule to allow the IPPBX to send SIP traffic to allow and click OK. Set the Access field to the...
User Manual
Page 322
...access this screen allows you can modify the entry's settings. 322 ZyWALL USG 50 User's Guide Edit Double-click an entry or select it and ...a summary of all NAT rules and their configuration. In addition, this screen, login to an IPPBX or SIP server on page 149 for an example of the existing NAT rules. Chapter 17 NAT 17.1.2 What You ... 192 Configuration > Network > NAT The following screen appears, providing a summary of how to configure NAT to allow SIP traffic from the WAN to the Web Configurator and click Configuration > Network > NAT. The following table describes the ...
...access this screen allows you can modify the entry's settings. 322 ZyWALL USG 50 User's Guide Edit Double-click an entry or select it and ...a summary of all NAT rules and their configuration. In addition, this screen, login to an IPPBX or SIP server on page 149 for an example of the existing NAT rules. Chapter 17 NAT 17.1.2 What You ... 192 Configuration > Network > NAT The following screen appears, providing a summary of how to configure NAT to allow SIP traffic from the WAN to the Web Configurator and click Configuration > Network > NAT. The following table describes the ...
User Manual
Page 335
... voice and multimedia sessions over Internet. • H.323 - an Internet file transfer service. ZyWALL USG 50 User's Guide 335 Session Initiation Protocol (SIP) - An application-layer protocol that can be used to set up SIP, H.323, and FTP ALG settings. Figure 200 SIP ALG Example The ALG feature is only needed for traffic that provides audio...
... voice and multimedia sessions over Internet. • H.323 - an Internet file transfer service. ZyWALL USG 50 User's Guide 335 Session Initiation Protocol (SIP) - An application-layer protocol that can be used to set up SIP, H.323, and FTP ALG settings. Figure 200 SIP ALG Example The ALG feature is only needed for traffic that provides audio...
User Manual
Page 336
...H.323 ALG handles H.323 calls that go through NAT or routing. Figure 201 H.323 ALG Example SIP ALG • SIP phones can be in the same network or different networks. 336 ZyWALL USG 50 User's Guide The following example shows H.323 signaling (1) and audio (2) sessions between LAN IP addresses... that do not go out through the ZyWALL's NAT and firewall. You can also make a call ...
...H.323 ALG handles H.323 calls that go through NAT or routing. Figure 201 H.323 ALG Example SIP ALG • SIP phones can be in the same network or different networks. 336 ZyWALL USG 50 User's Guide The following example shows H.323 signaling (1) and audio (2) sessions between LAN IP addresses... that do not go out through the ZyWALL's NAT and firewall. You can also make a call ...
User Manual
Page 337
... different WAN IP address. The policy routing lets the ZyWALL correctly forward the return traffic for both . • Using the SIP ALG allows you enable the SIP ALG. • Configuring the SIP ALG to use custom port numbers for SIP traffic also configures the application patrol (see Chapter 28... from the WAN with a specified port destination to pass through. • The ZyWALL allows SIP audio connections. • You do not go through WAN IP address 2. Even though only LAN IP address A ZyWALL USG 50 User's Guide 337 For example, you configure the firewall and NAT to allow incoming...
... different WAN IP address. The policy routing lets the ZyWALL correctly forward the return traffic for both . • Using the SIP ALG allows you enable the SIP ALG. • Configuring the SIP ALG to use custom port numbers for SIP traffic also configures the application patrol (see Chapter 28... from the WAN with a specified port destination to pass through. • The ZyWALL allows SIP audio connections. • You do not go through WAN IP address 2. Even though only LAN IP address A ZyWALL USG 50 User's Guide 337 For example, you configure the firewall and NAT to allow incoming...
User Manual
Page 338
... to have the H.323 (or SIP) calls from each WAN IP address to go to a specific IP address on the LAN (or DMZ). You configure different firewall and port forwarding rules to allow LAN IP address B to receive calls through public WAN IP address 1. ZyWALL USG 50 User's Guide to-peer H.323... traffic. • See Section 7.11 on page 146 for the calls initiated from the LAN IP addresses. The policy routing lets the ZyWALL correctly forward the return traffic for an example of those LAN ...
... to have the H.323 (or SIP) calls from each WAN IP address to go to a specific IP address on the LAN (or DMZ). You configure different firewall and port forwarding rules to allow LAN IP address B to receive calls through public WAN IP address 1. ZyWALL USG 50 User's Guide to-peer H.323... traffic. • See Section 7.11 on page 146 for the calls initiated from the LAN IP addresses. The policy routing lets the ZyWALL correctly forward the return traffic for an example of those LAN ...
User Manual
Page 339
...a service, you must also configure the firewall and enable NAT in order to open the ALG screen. Figure 204 Configuration > Network > ALG ZyWALL USG 50 User's Guide 339 Note: If the ZyWALL provides an ALG for ALG background/technical information. 19.1.3 Before You Begin You must enable the ALG in the... ZyWALL to allow sessions initiated from the WAN. 19.2 The ALG Screen Click Configuration > Network > ALG to use the application patrol on , configure the port numbers to which they apply, and configure SIP ALG time outs. Use this screen to turn...
...a service, you must also configure the firewall and enable NAT in order to open the ALG screen. Figure 204 Configuration > Network > ALG ZyWALL USG 50 User's Guide 339 Note: If the ZyWALL provides an ALG for ALG background/technical information. 19.1.3 Before You Begin You must enable the ALG in the... ZyWALL to allow sessions initiated from the WAN. 19.2 The ALG Screen Click Configuration > Network > ALG to use the application patrol on , configure the port numbers to which they apply, and configure SIP ALG time outs. Use this screen to turn...
User Manual
Page 340
... number (not 1720) for SIP traffic, enter it here. Enabling the SIP ALG also allows you to use this to add fields if you are using a custom UDP port number (not 5060) for H.323 traffic, enter it here. 340 ZyWALL USG 50 User's Guide The SIP user agent sends registration packets... to detect SIP traffic and manage the SIP traffic's bandwidth (see Chapter 28 on the H.323 ALG to remain idle (without voice traffic) before...
... number (not 1720) for SIP traffic, enter it here. Enabling the SIP ALG also allows you to use this to add fields if you are using a custom UDP port number (not 5060) for H.323 traffic, enter it here. 340 ZyWALL USG 50 User's Guide The SIP user agent sends registration packets... to detect SIP traffic and manage the SIP traffic's bandwidth (see Chapter 28 on the H.323 ALG to remain idle (without voice traffic) before...
User Manual
Page 342
... SIP handles telephone calls and can use a different path from a system running an FTP client. A system running the FTP server accepts commands from that does not provide a guaranteed quality of voice signals over the Internet. The media that operates on RTP. 342 ZyWALL USG 50 User...When the active interface's connection fails, the client needs to handle voice data transfer. It allows for uploading and downloading files. SIP is exchanged during the session can interface with traditional circuitswitched telephone networks. H.323 H.323 is used in order to the second (...
... SIP handles telephone calls and can use a different path from a system running an FTP client. A system running the FTP server accepts commands from that does not provide a guaranteed quality of voice signals over the Internet. The media that operates on RTP. 342 ZyWALL USG 50 User...When the active interface's connection fails, the client needs to handle voice data transfer. It allows for uploading and downloading files. SIP is exchanged during the session can interface with traditional circuitswitched telephone networks. H.323 H.323 is used in order to the second (...
User Manual
Page 360
... of the LAN users from using IRC (Internet Relay Chat) through the ZyWALL requires a NAT session and corresponding firewall session. To do not need 360 ZyWALL USG 50 User's Guide Session Limits Accessing the ZyWALL or network resources through the Internet. You do this, you can configure rules... NAT sessions and prevent others from connecting to LAN1 firewall rule or use . The ZyWALL lets you can use intrazone traffic blocking to allow SIP traffic for an IPPBX or SIP server on the DMZ. 22.1.3 Firewall Rule Example Applications Suppose that blocks IRC traffic ...
... of the LAN users from using IRC (Internet Relay Chat) through the ZyWALL requires a NAT session and corresponding firewall session. To do not need 360 ZyWALL USG 50 User's Guide Session Limits Accessing the ZyWALL or network resources through the Internet. You do this, you can configure rules... NAT sessions and prevent others from connecting to LAN1 firewall rule or use . The ZyWALL lets you can use intrazone traffic blocking to allow SIP traffic for an IPPBX or SIP server on the DMZ. 22.1.3 Firewall Rule Example Applications Suppose that blocks IRC traffic ...
User Manual
Page 437
... including traffic prioritization to control what the ZyWALL does when it does not recognize the application, and it identifies the conditions that gives SIP traffic priority over IP (VoIP), and streaming (RSTP) applications. This maximizes SIP traffic throughput for improved VoIP call sound ... and Streaming (see Section 28.4 on page 448) screens to -peer (P2P), Voice over all other traffic going through the ZyWALL. ZyWALL USG 50 User's Guide 437 CHAPTER 28 Application Patrol 28.1 Overview Application patrol provides a convenient way to create new conditions or edit existing ones...
... including traffic prioritization to control what the ZyWALL does when it does not recognize the application, and it identifies the conditions that gives SIP traffic priority over IP (VoIP), and streaming (RSTP) applications. This maximizes SIP traffic throughput for improved VoIP call sound ... and Streaming (see Section 28.4 on page 448) screens to -peer (P2P), Voice over all other traffic going through the ZyWALL. ZyWALL USG 50 User's Guide 437 CHAPTER 28 Application Patrol 28.1 Overview Application patrol provides a convenient way to create new conditions or edit existing ones...