User Manual
Page 25
... Date and Time ...676 45.3.1 Pre-defined NTP Time Servers List 679 45.3.2 Time Server Synchronization 680 45.4 Console Port Speed ...681 45.5 DNS Overview ...681 45.5.1 DNS Server Address Assignment 682 45.5.2 Configuring the DNS Screen 682 45...Address Record ...685 45.5.4 PTR Record ...685 45.5.5 Adding an Address/PTR Record 685 45.5.6 Domain Zone Forwarder 686 45.5.7 Adding a Domain Zone Forwarder 686 45.5.8 MX Record ...687 45.5.9 Adding a MX Record 688 45.5.10 Adding a DNS Service ...SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50 User's Guide 25
... Date and Time ...676 45.3.1 Pre-defined NTP Time Servers List 679 45.3.2 Time Server Synchronization 680 45.4 Console Port Speed ...681 45.5 DNS Overview ...681 45.5.1 DNS Server Address Assignment 682 45.5.2 Configuring the DNS Screen 682 45...Address Record ...685 45.5.4 PTR Record ...685 45.5.5 Adding an Address/PTR Record 685 45.5.6 Domain Zone Forwarder 686 45.5.7 Adding a Domain Zone Forwarder 686 45.5.8 MX Record ...687 45.5.9 Adding a MX Record 688 45.5.10 Adding a DNS Service ...SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50 User's Guide 25
User Manual
Page 31
...lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. See Chapter 2 on page 37 for reliable, secure service. You can deploy the ZyWALL as a transparent firewall in an existing network with the ..., making it an ideal solution for a more detailed overview of the ZyWALL. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for connecting publicly accessible servers. ZyWALL USG 50 User's Guide 31 Its flexible configuration helps network administrators set up multiple networks...
...lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. See Chapter 2 on page 37 for reliable, secure service. You can deploy the ZyWALL as a transparent firewall in an existing network with the ..., making it an ideal solution for a more detailed overview of the ZyWALL. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for connecting publicly accessible servers. ZyWALL USG 50 User's Guide 31 Its flexible configuration helps network administrators set up multiple networks...
User Manual
Page 37
...3G (cellular) connections. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. The ZyWALL also offers hub-and-spoke IPSec VPN. You can create your own custom zones. ZyWALL USG 50 User's Guide 37 The rest of the following: • Multiple... WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for ...
...3G (cellular) connections. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. The ZyWALL also offers hub-and-spoke IPSec VPN. You can create your own custom zones. ZyWALL USG 50 User's Guide 37 The rest of the following: • Multiple... WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for ...
User Manual
Page 49
...interfaces. Routing Policy Route Create and manage routing policies. DDNS Profile Define and manage the ZyWALL's DDNS domain names. HTTP Redirect Set up and manage port forwarding rules. Policy Define rules to define various policies. VPN IPSec VPN VPN Connection Configure IPSec... Internet connection for devices connected to MAC address bindings for an installed 3G card. VPN Gateway Configure IKE tunnels. ZyWALL USG 50 User's Guide 49 Static Route Create and manage IP static routing information. Zone Configure zones used to force user authentication...
...interfaces. Routing Policy Route Create and manage routing policies. DDNS Profile Define and manage the ZyWALL's DDNS domain names. HTTP Redirect Set up and manage port forwarding rules. Policy Define rules to define various policies. VPN IPSec VPN VPN Connection Configure IPSec... Internet connection for devices connected to MAC address bindings for an installed 3G card. VPN Gateway Configure IKE tunnels. ZyWALL USG 50 User's Guide 49 Static Route Create and manage IP static routing information. Zone Configure zones used to force user authentication...
User Manual
Page 99
You could configure a NAT rule to forwards FTP sessions from the WAN to the DMZ. 1 Click Configuration > Network > NAT to a dynamic IP address. ZyWALL USG 50 User's Guide 99 Chapter 6 Configuration Basics 6.5.9 DDNS Dynamic DNS maps a domain name to configure the NAT entry. MENU ITEM(S) Configuration > ...web browsing because the proxy server keeps copies of the web pages that have the ZyWALL transparently forward HTTP (web) traffic to access that the FTP traffic is to a DMZ port. The ZyWALL helps maintain this feature to have been accessed so they are redirected by NAT, ...
You could configure a NAT rule to forwards FTP sessions from the WAN to the DMZ. 1 Click Configuration > Network > NAT to a dynamic IP address. ZyWALL USG 50 User's Guide 99 Chapter 6 Configuration Basics 6.5.9 DDNS Dynamic DNS maps a domain name to configure the NAT entry. MENU ITEM(S) Configuration > ...web browsing because the proxy server keeps copies of the web pages that have the ZyWALL transparently forward HTTP (web) traffic to access that the FTP traffic is to a DMZ port. The ZyWALL helps maintain this feature to have been accessed so they are redirected by NAT, ...
User Manual
Page 100
MENU ITEM(S) Configuration > Auth. Policy Addresses, services, endpoint security objects, users, authentication PREREQUISITES methods 100 ZyWALL USG 50 User's Guide MENU ITEM(S) Configuration > Network > ALG 6.5.13 Auth. Policy Use authentication policies to control who can access the network. ...incoming HTTP requests (lan1). 5 Specify the IP address of the HTTP proxy server. 6 Specify the port number to use for packets that you forward to the proxy server. 6.5.12 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to go to a HTTP proxy server at...
MENU ITEM(S) Configuration > Auth. Policy Addresses, services, endpoint security objects, users, authentication PREREQUISITES methods 100 ZyWALL USG 50 User's Guide MENU ITEM(S) Configuration > Network > ALG 6.5.13 Auth. Policy Use authentication policies to control who can access the network. ...incoming HTTP requests (lan1). 5 Specify the IP address of the HTTP proxy server. 6 Specify the port number to use for packets that you forward to the proxy server. 6.5.12 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to go to a HTTP proxy server at...
User Manual
Page 140
... LAN H.323 Peer-to LAN1 IP address 192.168.1.56. 140 ZyWALL USG 50 User's Guide Figure 96 Configuration > Network > ALG 7.9.2 Set Up a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the LAN and using IP address 192.168....1.56. Select Enable H.323 ALG and Enable H.323 transformations and click Apply. Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to a H.323 device located on the ZyWALL's 10.0.0.8 WAN IP ...
... LAN H.323 Peer-to LAN1 IP address 192.168.1.56. 140 ZyWALL USG 50 User's Guide Figure 96 Configuration > Network > ALG 7.9.2 Set Up a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the LAN and using IP address 192.168....1.56. Select Enable H.323 ALG and Enable H.323 transformations and click Apply. Chapter 7 Tutorials for wan1 IP address 10.0.0.8 to a H.323 device located on the ZyWALL's 10.0.0.8 WAN IP ...
User Manual
Page 189
..."drop". Matched Auto This is how much of the selected protocols. ZyWALL USG 50 User's Guide 189 Matched Service Ports Connection This is how much of the application's traffic the ZyWALL has discarded and notified the client that the traffic was rejected because ... 133 Monitor > AppPatrol Statistics: Protocol Statistics The following table describes the labels in kilobytes). Forwarded Data (KB) This is how much of the application's traffic the ZyWALL identified by Connection examining the IP payload. This traffic was rejected (in kilobytes). Click the...
..."drop". Matched Auto This is how much of the selected protocols. ZyWALL USG 50 User's Guide 189 Matched Service Ports Connection This is how much of the application's traffic the ZyWALL has discarded and notified the client that the traffic was rejected because ... 133 Monitor > AppPatrol Statistics: Protocol Statistics The following table describes the labels in kilobytes). Forwarded Data (KB) This is how much of the application's traffic the ZyWALL identified by Connection examining the IP payload. This traffic was rejected (in kilobytes). Click the...
User Manual
Page 290
... delete it. Select the service that a remote server sends. Select a service that the client computer sends to dynamically take turns using a port triggering rule. It causes (triggers) the ZyWALL to forward the traffic (received on the LAN to a remote server. Select outgoing-interface to allow computers on the outgoing interface) to which the... allows you can also just double-click an entry to be able to use NAT for this to be able to apply bandwidth shaping. 290 ZyWALL USG 50 User's Guide
... delete it. Select the service that a remote server sends. Select a service that the client computer sends to dynamically take turns using a port triggering rule. It causes (triggers) the ZyWALL to forward the traffic (received on the LAN to a remote server. Select outgoing-interface to allow computers on the outgoing interface) to which the... allows you can also just double-click an entry to be able to use NAT for this to be able to apply bandwidth shaping. 290 ZyWALL USG 50 User's Guide
User Manual
Page 294
... Static Routes following example, you set the port(s) and IP address to forward a service (coming in brackets. Whenever a client computer's packets match the routing policy, it can use the same service on the server side. Port triggering allows the client computer to computer A. 294 ZyWALL USG 50 User's Guide The ZyWALL records the IP address of a client...
... Static Routes following example, you set the port(s) and IP address to forward a service (coming in brackets. Whenever a client computer's packets match the routing policy, it can use the same service on the server side. Port triggering allows the client computer to computer A. 294 ZyWALL USG 50 User's Guide The ZyWALL records the IP address of a client...
User Manual
Page 295
...interface (including unallocated bandwidth and any available bandwidth on their priority levels. Figure 179 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to that a policy route is not using) among policy routes with the same priority... multiple policy routes require more bandwidth, the ZyWALL gives the highest priority policy routes the available bandwidth first (as much as computer A unless they require, if there is enough available bandwidth), and then to its bandwidth allotment. ZyWALL USG 50 User's Guide 295
...interface (including unallocated bandwidth and any available bandwidth on their priority levels. Figure 179 Trigger Port Forwarding Example Maximize Bandwidth Usage The maximize bandwidth usage option allows the ZyWALL to that a policy route is not using) among policy routes with the same priority... multiple policy routes require more bandwidth, the ZyWALL gives the highest priority policy routes the available bandwidth first (as much as computer A unless they require, if there is enough available bandwidth), and then to its bandwidth allotment. ZyWALL USG 50 User's Guide 295
User Manual
Page 321
... as a single host on a private network behind the ZyWALL available outside the private network. Use Network Address Translation (NAT) to view and manage the list of a host in the private network available by using ports to forward packets to a different IP address known within one FTP,...ports 21-25 to one network is the translation of the IP address of NAT rules and see Section 17.2 on page 322) to make the computers in a packet. CHAPTER 17 NAT 17.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is changed to the appropriate private IP address. ZyWALL USG 50...
... as a single host on a private network behind the ZyWALL available outside the private network. Use Network Address Translation (NAT) to view and manage the list of a host in the private network available by using ports to forward packets to a different IP address known within one FTP,...ports 21-25 to one network is the translation of the IP address of NAT rules and see Section 17.2 on page 322) to make the computers in a packet. CHAPTER 17 NAT 17.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is changed to the appropriate private IP address. ZyWALL USG 50...
User Manual
Page 322
...of all NAT rules and their configuration. The following table describes the labels in this screen allows you can modify the entry's settings. 322 ZyWALL USG 50 User's Guide Edit Double-click an entry or select it and click Edit to open a screen where you to create new NAT rules and...149 for an example of how to configure NAT to allow SIP traffic from the WAN to Know NAT is also known as virtual server, port forwarding, or port translation. To access this to the Web Configurator and click Configuration > Network > NAT. Table 92 Configuration > Network > NAT LABEL DESCRIPTION ...
...of all NAT rules and their configuration. The following table describes the labels in this screen allows you can modify the entry's settings. 322 ZyWALL USG 50 User's Guide Edit Double-click an entry or select it and click Edit to open a screen where you to create new NAT rules and...149 for an example of how to configure NAT to allow SIP traffic from the WAN to Know NAT is also known as virtual server, port forwarding, or port translation. To access this to the Web Configurator and click Configuration > Network > NAT. Table 92 Configuration > Network > NAT LABEL DESCRIPTION ...
User Manual
Page 326
... is Port or Ports. For example, if you do not enable NAT loopback, this NAT rule supports for unknown services or when one server supports more details. The original and mapped IP address subnets or ranges must be the same size. See NAT Loopback on the rule's specified incoming interface. 326 ZyWALL USG 50 User...
... is Port or Ports. For example, if you do not enable NAT loopback, this NAT rule supports for unknown services or when one server supports more details. The original and mapped IP address subnets or ranges must be the same size. See NAT Loopback on the rule's specified incoming interface. 326 ZyWALL USG 50 User...
User Manual
Page 334
... > Edit LABEL DESCRIPTION Enable Use this option to exit this screen without saving. 334 ZyWALL USG 50 User's Guide This value is the service port number used by the proxy server. Port Enter the port number that the proxy server uses. Cancel Click Cancel to turn the HTTP redirect rule ...off. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be received for the ZyWALL to forward it to the ZyWALL. OK Click OK to save your changes back to the specified proxy server. Apply Click Apply to save your changes back...
... > Edit LABEL DESCRIPTION Enable Use this option to exit this screen without saving. 334 ZyWALL USG 50 User's Guide This value is the service port number used by the proxy server. Port Enter the port number that the proxy server uses. Cancel Click Cancel to turn the HTTP redirect rule ...off. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be received for the ZyWALL to forward it to the ZyWALL. OK Click OK to save your changes back to the specified proxy server. Apply Click Apply to save your changes back...
User Manual
Page 336
...port forwarding) and firewall rules if you want to allow certain NAT un-friendly applications (such as SIP) to operate properly through the H.323 ALG. If the FTP server is located on TCP packets with a specified port destination to pass through NAT. Examples would be in the same network or different networks. 336 ZyWALL USG 50...through the ZyWALL's NAT and firewall. FTP ALG The FTP ALG allows TCP packets with a specified port destination. • The ZyWALL allows H.323 audio connections. • The ZyWALL can also apply bandwidth management to traffic that the ZyWALL routes. ...
...port forwarding) and firewall rules if you want to allow certain NAT un-friendly applications (such as SIP) to operate properly through the H.323 ALG. If the FTP server is located on TCP packets with a specified port destination to pass through NAT. Examples would be in the same network or different networks. 336 ZyWALL USG 50...through the ZyWALL's NAT and firewall. FTP ALG The FTP ALG allows TCP packets with a specified port destination. • The ZyWALL allows H.323 audio connections. • The ZyWALL can also apply bandwidth management to traffic that the ZyWALL routes. ...
User Manual
Page 337
... SIP ALG allows UDP packets with Multiple Outgoing Calls When you configure the firewall and NAT (port forwarding) to allow incoming (peer-topeer) calls from other SIP servers must configure the firewall and NAT (port forwarding) to allow calls from the WAN to a specific IP address on the LAN, you enable...ALG • There should be on the WAN. Peer-to-Peer Calls and the ZyWALL The ZyWALL ALG can also use bandwidth management on both H.323 and SIP. Even though only LAN IP address A ZyWALL USG 50 User's Guide 337 Examples would be calls between LAN IP addresses that do not need ...
... SIP ALG allows UDP packets with Multiple Outgoing Calls When you configure the firewall and NAT (port forwarding) to allow incoming (peer-topeer) calls from other SIP servers must configure the firewall and NAT (port forwarding) to allow calls from the WAN to a specific IP address on the LAN, you enable...ALG • There should be on the WAN. Peer-to-Peer Calls and the ZyWALL The ZyWALL ALG can also use bandwidth management on both H.323 and SIP. Even though only LAN IP address A ZyWALL USG 50 User's Guide 337 Examples would be calls between LAN IP addresses that do not need ...
User Manual
Page 338
The policy routing lets the ZyWALL correctly forward the return traffic for peer- to the Internet. ZyWALL USG 50 User's Guide Chapter 19 ALG can receive incoming calls from the Internet, LAN IP addresses B and C can configure different firewall and NAT (port forwarding) rules to allow incoming calls from each of those LAN... policy routing to receive calls through WAN IP address 1 and calls from the LAN IP addresses. You configure different firewall and port forwarding rules to allow LAN IP address A to have calls from LAN IP address A go out through public WAN IP address 1.
The policy routing lets the ZyWALL correctly forward the return traffic for peer- to the Internet. ZyWALL USG 50 User's Guide Chapter 19 ALG can receive incoming calls from the Internet, LAN IP addresses B and C can configure different firewall and NAT (port forwarding) rules to allow incoming calls from each of those LAN... policy routing to receive calls through WAN IP address 1 and calls from the LAN IP addresses. You configure different firewall and port forwarding rules to allow LAN IP address A to have calls from LAN IP address A go out through public WAN IP address 1.
User Manual
Page 933
...policy routes 282, 289 and to-ZyWALL firewall 327 and VoIP pass through 338 and VPN 403 and VPN, see also VPN configuration overview 99 limitations 294 loopback 327 port forwarding, see NAT port translation, see NAT port triggering 294 port triggering, see also policy routes prerequisites... 99 traversal 404 trigger port, see also policy routes tutorial 143, 146 NBNS 228, 253, 263, 269, 416 NetBIOS Broadcast over IPSec 382 ZyWALL USG 50 User's Guide 933
...policy routes 282, 289 and to-ZyWALL firewall 327 and VoIP pass through 338 and VPN 403 and VPN, see also VPN configuration overview 99 limitations 294 loopback 327 port forwarding, see NAT port translation, see NAT port triggering 294 port triggering, see also policy routes prerequisites... 99 traversal 404 trigger port, see also policy routes tutorial 143, 146 NBNS 228, 253, 263, 269, 416 NetBIOS Broadcast over IPSec 382 ZyWALL USG 50 User's Guide 933
User Manual
Page 935
...566 POP3 566 pop-up windows 43 port forwarding, see NAT port groups 109, 216, 219 port roles 218 and Ethernet interfaces 218 and physical ports 218 port scanning 525 port scan, filtered 526 port sweep 526 port translation, see NAT port triggering 294 and firewall 290, 765 and... policy routes 290 and service groups 290 and services 290 troubleshooting 765 Post Office Protocol, see PPPoE. Point-to -Point Protocol over Ethernet, see POP 566 power off 35, 757 power on 35 PPP 270 troubleshooting 762 ZyWALL USG 50...
...566 POP3 566 pop-up windows 43 port forwarding, see NAT port groups 109, 216, 219 port roles 218 and Ethernet interfaces 218 and physical ports 218 port scanning 525 port scan, filtered 526 port sweep 526 port translation, see NAT port triggering 294 and firewall 290, 765 and... policy routes 290 and service groups 290 and services 290 troubleshooting 765 Post Office Protocol, see PPPoE. Point-to -Point Protocol over Ethernet, see POP 566 power off 35, 757 power on 35 PPP 270 troubleshooting 762 ZyWALL USG 50...