User Manual
Page 25
... Date and Time ...676 45.3.1 Pre-defined NTP Time Servers List 679 45.3.2 Time Server Synchronization 680 45.4 Console Port Speed ...681 45.5 DNS Overview ...681 45.5.1 DNS Server Address Assignment 682 45.5.2 Configuring the DNS Screen 682 45...Address Record ...685 45.5.4 PTR Record ...685 45.5.5 Adding an Address/PTR Record 685 45.5.6 Domain Zone Forwarder 686 45.5.7 Adding a Domain Zone Forwarder 686 45.5.8 MX Record ...687 45.5.9 Adding a MX Record 688 45.5.10 Adding a DNS Service ...SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50 User's Guide 25
... Date and Time ...676 45.3.1 Pre-defined NTP Time Servers List 679 45.3.2 Time Server Synchronization 680 45.4 Console Port Speed ...681 45.5 DNS Overview ...681 45.5.1 DNS Server Address Assignment 682 45.5.2 Configuring the DNS Screen 682 45...Address Record ...685 45.5.4 PTR Record ...685 45.5.5 Adding an Address/PTR Record 685 45.5.6 Domain Zone Forwarder 686 45.5.7 Adding a Domain Zone Forwarder 686 45.5.8 MX Record ...687 45.5.9 Adding a MX Record 688 45.5.10 Adding a DNS Service ...SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50 User's Guide 25
User Manual
Page 31
... excellent throughput, making it an ideal solution for connecting publicly accessible servers. The ZyWALL lets you set ports to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. You can set up the network and... CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the ZyWALL's features. ZyWALL USG 50 User's Guide 31 It also provides bandwidth management, Instant Messaging (IM) and Peer to be part of dual WAN Gigabit Ethernet ports and load balancing. The ZyWALL provides excellent throughput with ...
... excellent throughput, making it an ideal solution for connecting publicly accessible servers. The ZyWALL lets you set ports to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. You can set up the network and... CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the ZyWALL's features. ZyWALL USG 50 User's Guide 31 It also provides bandwidth management, Instant Messaging (IM) and Peer to be part of dual WAN Gigabit Ethernet ports and load balancing. The ZyWALL provides excellent throughput with ...
User Manual
Page 37
...by zone, not by interface, port, or network. You can create your own custom zones. You can add interfaces and VPN tunnels to change security settings in the ZyWALL. ZyWALL USG 50 User's Guide 37 High Availability To ensure the ZyWALL provides reliable, secure Internet access..., set up one or more information about the features of the ZyWALL. As a result, it is much simpler to set up and to zones. It also provides bandwidth management, NAT, port forwarding...
...by zone, not by interface, port, or network. You can create your own custom zones. You can add interfaces and VPN tunnels to change security settings in the ZyWALL. ZyWALL USG 50 User's Guide 37 High Availability To ensure the ZyWALL provides reliable, secure Internet access..., set up one or more information about the features of the ZyWALL. As a result, it is much simpler to set up and to zones. It also provides bandwidth management, NAT, port forwarding...
User Manual
Page 49
...RIP Configure device-level RIP settings. SSL VPN Access Privilege Configure SSL VPN access rights for devices connected to set the ZyWALL's flexible ports as LAN1 or DMZ. Bridge Create and manage bridges and virtual bridge interfaces. Exempt List Configure ranges of concurrent client...interfaces and virtual VLAN interfaces. Static Route Create and manage IP static routing information. HTTP Redirect Set up and manage port forwarding rules. ZyWALL USG 50 User's Guide 49 NAT Set up and manage HTTP redirection rules. IP/MAC Binding Summary Configure IP to MAC address...
...RIP Configure device-level RIP settings. SSL VPN Access Privilege Configure SSL VPN access rights for devices connected to set the ZyWALL's flexible ports as LAN1 or DMZ. Bridge Create and manage bridges and virtual bridge interfaces. Exempt List Configure ranges of concurrent client...interfaces and virtual VLAN interfaces. Static Route Create and manage IP static routing information. HTTP Redirect Set up and manage port forwarding rules. ZyWALL USG 50 User's Guide 49 NAT Set up and manage HTTP redirection rules. IP/MAC Binding Summary Configure IP to MAC address...
User Manual
Page 99
ZyWALL USG 50 User's Guide 99 You could configure a NAT rule to forwards FTP sessions from the WAN to the DMZ. 1 Click Configuration > Network > NAT to make computers on a private network behind the ZyWALL available outside the private network. MENU ITEM(S) Configuration > Network > DDNS PREREQUISITES Interface 6.5.10 NAT ... 3 Select the WAN interface that the FTP traffic is to come in both the Original and the Mapped Port fields. 6.5.11 HTTP Redirect Configure this mapping. The ZyWALL will receive the FTP packets. 5 In the Mapped IP field, list the IP address of your users ...
ZyWALL USG 50 User's Guide 99 You could configure a NAT rule to forwards FTP sessions from the WAN to the DMZ. 1 Click Configuration > Network > NAT to make computers on a private network behind the ZyWALL available outside the private network. MENU ITEM(S) Configuration > Network > DDNS PREREQUISITES Interface 6.5.10 NAT ... 3 Select the WAN interface that the FTP traffic is to come in both the Original and the Mapped Port fields. 6.5.11 HTTP Redirect Configure this mapping. The ZyWALL will receive the FTP packets. 5 In the Mapped IP field, list the IP address of your users ...
User Manual
Page 100
...policies before they can also specify additional signaling port numbers. Policy Addresses, services, endpoint security objects, users, authentication PREREQUISITES methods 100 ZyWALL USG 50 User's Guide Chapter 6 Configuration Basics The ZyWALL does not check to-ZyWALL firewall rules for packets that you want HTTP... Network > HTTP Redirect. 2 Add an entry. 3 Name the entry. 4 Select the interface from which you forward to the proxy server. 6.5.12 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to control who can access the network. MENU ITEM(S) ...
...policies before they can also specify additional signaling port numbers. Policy Addresses, services, endpoint security objects, users, authentication PREREQUISITES methods 100 ZyWALL USG 50 User's Guide Chapter 6 Configuration Basics The ZyWALL does not check to-ZyWALL firewall rules for packets that you want HTTP... Network > HTTP Redirect. 2 Add an entry. 3 Name the entry. 4 Select the interface from which you forward to the proxy server. 6.5.12 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to control who can access the network. MENU ITEM(S) ...
User Manual
Page 140
... 96 Configuration > Network > ALG 7.9.2 Set Up a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the LAN and using IP address 192.168.1.56. Select Enable H.323 ALG and Enable H.323 transformations and click... Apply. Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to a H.323 device located on the ZyWALL's 10.0.0.8 WAN IP address to LAN1 IP address 192.168.1.56. 140 ZyWALL USG 50...
... 96 Configuration > Network > ALG 7.9.2 Set Up a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the LAN and using IP address 192.168.1.56. Select Enable H.323 ALG and Enable H.323 transformations and click... Apply. Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to a H.323 device located on the ZyWALL's 10.0.0.8 WAN IP address to LAN1 IP address 192.168.1.56. 140 ZyWALL USG 50...
User Manual
Page 189
Forwarded Data (KB) This is how much of the application's traffic the ZyWALL has sent (in kilobytes). Dropped Data (KB) This is how much of the application's traffic the ZyWALL has discarded without notifying the client (in kilobytes). ZyWALL USG 50 User's Guide 189 Chapter 9 Monitor 9.10.... Rejected Data (KB) This is how much of the application's traffic the ZyWALL identified by examining OSI level-3 information such as IP addresses and port numbers. Matched Service Ports Connection This is how much of the service's application patrol rules. Matched Auto ...
Forwarded Data (KB) This is how much of the application's traffic the ZyWALL has sent (in kilobytes). Dropped Data (KB) This is how much of the application's traffic the ZyWALL has discarded without notifying the client (in kilobytes). ZyWALL USG 50 User's Guide 189 Chapter 9 Monitor 9.10.... Rejected Data (KB) This is how much of the application's traffic the ZyWALL identified by examining OSI level-3 information such as IP addresses and port numbers. Matched Service Ports Connection This is how much of the service's application patrol rules. Matched Auto ...
User Manual
Page 290
... computer sends to a remote server. Port Triggering Use Create new Object if you want to move an entry to a different number in order to apply bandwidth shaping. 290 ZyWALL USG 50 User's Guide It causes (triggers) the ZyWALL to forward the traffic (received on the LAN ...to dynamically take turns using a port triggering rule. Chapter 13 Policy and Static Routes Table 77 Configuration > Network ...
... computer sends to a remote server. Port Triggering Use Create new Object if you want to move an entry to a different number in order to apply bandwidth shaping. 290 ZyWALL USG 50 User's Guide It causes (triggers) the ZyWALL to forward the traffic (received on the LAN ...to dynamically take turns using a port triggering rule. Chapter 13 Policy and Static Routes Table 77 Configuration > Network ...
User Manual
Page 294
...single IP address. In order to use a dedicated range of ports on the client side and a dedicated range of a client computer that port forwarding only forwards a service to the remote server without manually configuring a port forwarding rule for port triggering: Incoming service: Game (UDP: 1234) Trigger service: ...Precedence AF13 (14) AF23 (22) AF33 (30) AF43 (38) Port Triggering Some services use the same service on the server side. The decimal equivalent is used to computer A. 294 ZyWALL USG 50 User's Guide In the following twelve DSCP encodings from the remote server)...
...single IP address. In order to use a dedicated range of ports on the client side and a dedicated range of a client computer that port forwarding only forwards a service to the remote server without manually configuring a port forwarding rule for port triggering: Incoming service: Game (UDP: 1234) Trigger service: ...Precedence AF13 (14) AF23 (22) AF33 (30) AF43 (38) Port Triggering Some services use the same service on the server side. The decimal equivalent is used to computer A. 294 ZyWALL USG 50 User's Guide In the following twelve DSCP encodings from the remote server)...
User Manual
Page 295
...much as computer A unless they are connected to each policy route gets up any available bandwidth on their priority levels. The ZyWALL distributes the available bandwidth equally among the policy routes that policy route. Chapter 13 Policy and Static Routes 3 Computer A and ... or times out. Figure 179 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to that require more bandwidth. ZyWALL USG 50 User's Guide 295 When multiple policy routes require more bandwidth, the ZyWALL gives the extra bandwidth to divide up...
...much as computer A unless they are connected to each policy route gets up any available bandwidth on their priority levels. The ZyWALL distributes the available bandwidth equally among the policy routes that policy route. Chapter 13 Policy and Static Routes 3 Computer A and ... or times out. Figure 179 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to that require more bandwidth. ZyWALL USG 50 User's Guide 295 When multiple policy routes require more bandwidth, the ZyWALL gives the extra bandwidth to divide up...
User Manual
Page 321
... Translation (NAT) to make the computers in the private network available by using ports to forward packets to the appropriate private IP address. If the ZyWALL has only one public IP address, you want to assign ports 21-25 to one network is the translation of the IP address of a ...their configuration details. Suppose you can also create new NAT rules and edit or delete existing ones. You can make computers on the Internet. ZyWALL USG 50 User's Guide 321 CHAPTER 17 NAT 17.1 NAT Overview NAT (Network Address Translation - You assign the LAN IP addresses and the ISP assigns...
... Translation (NAT) to make the computers in the private network available by using ports to forward packets to the appropriate private IP address. If the ZyWALL has only one public IP address, you want to assign ports 21-25 to one network is the translation of the IP address of a ...their configuration details. Suppose you can also create new NAT rules and edit or delete existing ones. You can make computers on the Internet. ZyWALL USG 50 User's Guide 321 CHAPTER 17 NAT 17.1 NAT Overview NAT (Network Address Translation - You assign the LAN IP addresses and the ISP assigns...
User Manual
Page 322
The following table describes the labels in this screen allows you to open a screen where you can modify the entry's settings. 322 ZyWALL USG 50 User's Guide Table 92 Configuration > Network > NAT LABEL DESCRIPTION Add Click this screen, login to create a new entry. To access this to the Web... 144 for an example of how to configure NAT to allow web traffic from the WAN to Know NAT is also known as virtual server, port forwarding, or port translation. Finding Out More • See Section 6.5.10 on page 99 for related information on these screens. • See Section 17.3 on...
The following table describes the labels in this screen allows you to open a screen where you can modify the entry's settings. 322 ZyWALL USG 50 User's Guide Table 92 Configuration > Network > NAT LABEL DESCRIPTION Add Click this screen, login to create a new entry. To access this to the Web... 144 for an example of how to configure NAT to allow web traffic from the WAN to Know NAT is also known as virtual server, port forwarding, or port translation. Finding Out More • See Section 6.5.10 on page 99 for related information on these screens. • See Section 17.3 on...
User Manual
Page 326
... B on the rule's specified incoming interface. 326 ZyWALL USG 50 User's Guide Enter the end of the range of destination ports. Enter the end of the range of translated destination ports if this NAT rule supports a range of original destination ports this NAT rule forwards the packet. this NAT rule forwards the packet. This field is available if...
... B on the rule's specified incoming interface. 326 ZyWALL USG 50 User's Guide Enter the end of the range of destination ports. Enter the end of the range of translated destination ports if this NAT rule supports a range of original destination ports this NAT rule forwards the packet. this NAT rule forwards the packet. This field is available if...
User Manual
Page 334
...dashes (-), but the first character cannot be received for the ZyWALL to forward it to the ZyWALL. Interface Select the interface on or off. Chapter 18 HTTP Redirect Table 94 Configuration > Network > HTTP Redirect (continued) LABEL DESCRIPTION Port This is case-sensitive. Apply Click Apply to save your...to identify this screen. This value is the service port number used by the proxy server. Cancel Click Cancel to the ZyWALL. OK Click OK to save your changes back to exit this screen without saving. 334 ZyWALL USG 50 User's Guide Then click the Add or Edit ...
...dashes (-), but the first character cannot be received for the ZyWALL to forward it to the ZyWALL. Interface Select the interface on or off. Chapter 18 HTTP Redirect Table 94 Configuration > Network > HTTP Redirect (continued) LABEL DESCRIPTION Port This is case-sensitive. Apply Click Apply to save your...to identify this screen. This value is the service port number used by the proxy server. Cancel Click Cancel to the ZyWALL. OK Click OK to save your changes back to exit this screen without saving. 334 ZyWALL USG 50 User's Guide Then click the Add or Edit ...
User Manual
Page 336
... peer device on the WAN. • The H.323 ALG operates on the LAN, you must also configure NAT (port forwarding) and firewall rules if you could make other H.323 calls that the ZyWALL routes. H.323 ALG • The H.323 ALG supports peer-to-peer H.323 calls. • The H.323 ...is located on TCP packets with a specified port destination to pass through the ZyWALL's NAT and firewall. Figure 201 H.323 ALG Example SIP ALG • SIP phones can be in the same network or different networks. 336 ZyWALL USG 50 User's Guide The ZyWALL dynamically creates an implicit NAT session and ...
... peer device on the WAN. • The H.323 ALG operates on the LAN, you must also configure NAT (port forwarding) and firewall rules if you could make other H.323 calls that the ZyWALL routes. H.323 ALG • The H.323 ALG supports peer-to-peer H.323 calls. • The H.323 ...is located on TCP packets with a specified port destination to pass through the ZyWALL's NAT and firewall. Figure 201 H.323 ALG Example SIP ALG • SIP phones can be in the same network or different networks. 336 ZyWALL USG 50 User's Guide The ZyWALL dynamically creates an implicit NAT session and ...
User Manual
Page 337
... WAN zone to the LAN zone. • The SIP ALG allows UDP packets with Multiple Outgoing Calls When you configure the firewall and NAT (port forwarding) to allow LAN IP address A to receive calls from the WAN to a specific IP address on the LAN, you can also make calls ...calls. Any other SIP servers must configure the firewall and NAT (port forwarding) to allow peer-to use the same port numbers for SIP traffic. Even though only LAN IP address A ZyWALL USG 50 User's Guide 337 Peer-to-Peer Calls and the ZyWALL The ZyWALL ALG can allow incoming (peer-topeer) calls from LAN IP ...
... WAN zone to the LAN zone. • The SIP ALG allows UDP packets with Multiple Outgoing Calls When you configure the firewall and NAT (port forwarding) to allow LAN IP address A to receive calls from the WAN to a specific IP address on the LAN, you can also make calls ...calls. Any other SIP servers must configure the firewall and NAT (port forwarding) to allow peer-to use the same port numbers for SIP traffic. Even though only LAN IP address A ZyWALL USG 50 User's Guide 337 Peer-to-Peer Calls and the ZyWALL The ZyWALL ALG can allow incoming (peer-topeer) calls from LAN IP ...
User Manual
Page 338
... the same WAN IP address that calls come in the DMZ zone accessible from the LAN IP addresses. You configure different firewall and port forwarding rules to allow LAN IP address B to receive calls through public WAN IP address 1. You configure corresponding policy routes to have the...LAN IP address A to receive calls through public WAN IP address 2. ZyWALL USG 50 User's Guide Chapter 19 ALG can receive incoming calls from the Internet, LAN IP addresses B and C can configure different firewall and NAT (port forwarding) rules to allow incoming calls from each of making an IPPBX using...
... the same WAN IP address that calls come in the DMZ zone accessible from the LAN IP addresses. You configure different firewall and port forwarding rules to allow LAN IP address B to receive calls through public WAN IP address 1. You configure corresponding policy routes to have the...LAN IP address A to receive calls through public WAN IP address 2. ZyWALL USG 50 User's Guide Chapter 19 ALG can receive incoming calls from the Internet, LAN IP addresses B and C can configure different firewall and NAT (port forwarding) rules to allow incoming calls from each of making an IPPBX using...
User Manual
Page 933
...policy routes 282, 289 and to-ZyWALL firewall 327 and VoIP pass through 338 and VPN 403 and VPN, see also VPN configuration overview 99 limitations 294 loopback 327 port forwarding, see NAT port translation, see NAT port triggering 294 port triggering, see also policy routes prerequisites... 99 traversal 404 trigger port, see also policy routes tutorial 143, 146 NBNS 228, 253, 263, 269, 416 NetBIOS Broadcast over IPSec 382 ZyWALL USG 50 User's Guide 933
...policy routes 282, 289 and to-ZyWALL firewall 327 and VoIP pass through 338 and VPN 403 and VPN, see also VPN configuration overview 99 limitations 294 loopback 327 port forwarding, see NAT port translation, see NAT port triggering 294 port triggering, see also policy routes prerequisites... 99 traversal 404 trigger port, see also policy routes tutorial 143, 146 NBNS 228, 253, 263, 269, 416 NetBIOS Broadcast over IPSec 382 ZyWALL USG 50 User's Guide 933
User Manual
Page 935
Point-to -Point Protocol over Ethernet, see POP 566 power off 35, 757 power on 35 PPP 270 troubleshooting 762 ZyWALL USG 50 User's Guide 935 Index P P2P (Peer-to-peer) 490 attacks 490 see also Peer-to-peer packet flow 91 inspection signatures 483, 487 scan ...polymorphic virus 477 POP POP2 566 POP3 566 pop-up windows 43 port forwarding, see NAT port groups 109, 216, 219 port roles 218 and Ethernet interfaces 218 and physical ports 218 port scanning 525 port scan, filtered 526 port sweep 526 port translation, see NAT port triggering 294 and firewall 290, 765 and policy routes 290 and service...
Point-to -Point Protocol over Ethernet, see POP 566 power off 35, 757 power on 35 PPP 270 troubleshooting 762 ZyWALL USG 50 User's Guide 935 Index P P2P (Peer-to-peer) 490 attacks 490 see also Peer-to-peer packet flow 91 inspection signatures 483, 487 scan ...polymorphic virus 477 POP POP2 566 POP3 566 pop-up windows 43 port forwarding, see NAT port groups 109, 216, 219 port roles 218 and Ethernet interfaces 218 and physical ports 218 port scanning 525 port scan, filtered 526 port sweep 526 port translation, see NAT port triggering 294 and firewall 290, 765 and policy routes 290 and service...