User Manual
Page 38
... access, e-mail, Voice-over-IP (VoIP), video conferencing and other business-critical applications. It can detect malicious or suspicious packets and respond instantaneously. The ZyWALL's ADP protects against network-based intrusions. Content...ZyWALL can detect malicious or suspicious packets and respond instantaneously. You can protect against defined access rules. It can also inspect sessions. Chapter 2 Features and Applications Firewall The ZyWALL's firewall is initiated by screening data packets against . For example, traffic from a pre-defined list. 38 ZyWALL USG 50...
... access, e-mail, Voice-over-IP (VoIP), video conferencing and other business-critical applications. It can detect malicious or suspicious packets and respond instantaneously. The ZyWALL's ADP protects against network-based intrusions. Content...ZyWALL can detect malicious or suspicious packets and respond instantaneously. You can protect against defined access rules. It can also inspect sessions. Chapter 2 Features and Applications Firewall The ZyWALL's firewall is initiated by screening data packets against . For example, traffic from a pre-defined list. 38 ZyWALL USG 50...
User Manual
Page 39
Application Patrol Application patrol (App. ZyWALL USG 50 User's Guide 39 Use the black list to enhance the performance of a particular application's individual features (like text messaging, voice, video conferencing, and file transfers)....addresses of being used by spammers. Use the white list to -peer (P2P) applications like voice and video. The ZyWALL can mark or discard spam. This maximizes SIP traffic throughput for improved VoIP call sound quality. 2.2 Applications These are suspected of servers that gives SIP priority over all other traffic. Chapter 2 Features...
Application Patrol Application patrol (App. ZyWALL USG 50 User's Guide 39 Use the black list to enhance the performance of a particular application's individual features (like text messaging, voice, video conferencing, and file transfers)....addresses of being used by spammers. Use the white list to -peer (P2P) applications like voice and video. The ZyWALL can mark or discard spam. This maximizes SIP traffic throughput for improved VoIP call sound quality. 2.2 Applications These are suspected of servers that gives SIP priority over all other traffic. Chapter 2 Features...
User Manual
Page 50
...IDP bindings. Group Create and manage groups of the most commonly used web, file transfer and e-mail protocols. VoIP Manage VoIP traffic. Custom Signatures Create, import, or export custom signatures. Filter Profile Create and manage the detailed filtering .... Peer to Peer Manage peer-to identify legitimate e-mail. Streaming Manage streaming traffic. Other Manage other kinds of addresses. 50 ZyWALL USG 50 User's Guide Signature Search for signatures by application and see registration and signature information. Profile Create and manage IDP profiles. ...
...IDP bindings. Group Create and manage groups of the most commonly used web, file transfer and e-mail protocols. VoIP Manage VoIP traffic. Custom Signatures Create, import, or export custom signatures. Filter Profile Create and manage the detailed filtering .... Peer to Peer Manage peer-to identify legitimate e-mail. Streaming Manage streaming traffic. Other Manage other kinds of addresses. 50 ZyWALL USG 50 User's Guide Signature Search for signatures by application and see registration and signature information. Profile Create and manage IDP profiles. ...
User Manual
Page 100
... Example: Suppose you want HTTP requests from which you forward to the proxy server. 6.5.12 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to go to a HTTP proxy server at IP address 192.168.3.80. 1 Click ...ZyWALL firewall rules for packets that you want to redirect incoming HTTP requests (lan1). 5 Specify the IP address of the HTTP proxy server. 6 Specify the port number to use for the HTTP traffic that are redirected by HTTP redirect. Policy Addresses, services, endpoint security objects, users, authentication PREREQUISITES methods 100 ZyWALL USG 50...
... Example: Suppose you want HTTP requests from which you forward to the proxy server. 6.5.12 ALG The ZyWALL's Application Layer Gateway (ALG) allows VoIP and FTP applications to go to a HTTP proxy server at IP address 192.168.3.80. 1 Click ...ZyWALL firewall rules for packets that you want to redirect incoming HTTP requests (lan1). 5 Specify the IP address of the HTTP proxy server. 6 Specify the port number to use for the HTTP traffic that are redirected by HTTP redirect. Policy Addresses, services, endpoint security objects, users, authentication PREREQUISITES methods 100 ZyWALL USG 50...
User Manual
Page 101
...). 2 Create an address object for VoIP calls. You can configure firewall rules based on the LAN can also configure the firewall to control traffic for remote management. Note: The ZyWALL checks the firewall rules in a different screen. ZyWALL USG 50 User's Guide 101 Each of these objects... must be configured in order. To-ZyWALL firewall rules control access to specify the schedule or the user....
...). 2 Create an address object for VoIP calls. You can configure firewall rules based on the LAN can also configure the firewall to control traffic for remote management. Note: The ZyWALL checks the firewall rules in a different screen. ZyWALL USG 50 User's Guide 101 Each of these objects... must be configured in order. To-ZyWALL firewall rules control access to specify the schedule or the user....
User Manual
Page 139
Chapter 7 Tutorials 6 Click Apply. Non-admin users can only come from the WAN. Here is an example of the ZyWALL's zones (to use HTTPS to log into the ZyWALL from any of how to configure NAT and the firewall to -peer calls from the LAN1 zone. Figure 94 Configuration > System > WWW (Second Example... Allow Incoming H.323 Peer-to-peer Calls Suppose you want it to be able to receive peer-to have a H.323 device on the LAN1 for VoIP calls and you have the ZyWALL forward H.323 traffic destined ZyWALL USG 50 User's Guide 139
Chapter 7 Tutorials 6 Click Apply. Non-admin users can only come from the WAN. Here is an example of the ZyWALL's zones (to use HTTPS to log into the ZyWALL from any of how to configure NAT and the firewall to -peer calls from the LAN1 zone. Figure 94 Configuration > System > WWW (Second Example... Allow Incoming H.323 Peer-to-peer Calls Suppose you want it to be able to receive peer-to have a H.323 device on the LAN1 for VoIP calls and you have the ZyWALL forward H.323 traffic destined ZyWALL USG 50 User's Guide 139
User Manual
Page 271
...• Use the Trunk Edit screen (Section 12.3 on page 277) to configure which interfaces belong to improve quality of the ZyWALL's interfaces is also your Australian branch office primarily use least load first load balancing to use ISP B. Load balancing divides traffic loads ... bandwidth utilization for multiple ISP links. You could use policy routing to passive. ZyWALL USG 50 User's Guide 271 CHAPTER 12 Trunks 12.1 Overview Use trunks for WAN traffic load balancing to the VoIP service provider whenever the interface's connection is up a trunk that is connected to...
...• Use the Trunk Edit screen (Section 12.3 on page 277) to configure which interfaces belong to improve quality of the ZyWALL's interfaces is also your Australian branch office primarily use least load first load balancing to use ISP B. Load balancing divides traffic loads ... bandwidth utilization for multiple ISP links. You could use policy routing to passive. ZyWALL USG 50 User's Guide 271 CHAPTER 12 Trunks 12.1 Overview Use trunks for WAN traffic load balancing to the VoIP service provider whenever the interface's connection is up a trunk that is connected to...
User Manual
Page 337
...be on the LAN, you enable the SIP ALG. • Configuring the SIP ALG to -peer SIP calls. VoIP Calls from the WAN zone to the LAN zone. • The SIP ALG allows UDP packets with Multiple Outgoing... Calls When you configure the firewall and NAT (port forwarding) to allow peer-to-peer VoIP calls for VoIP devices behind the ZyWALL when you can also use a policy route to have a Back-to pass through a different WAN... a specific IP address on the WAN. Even though only LAN IP address A ZyWALL USG 50 User's Guide 337 For example, you to use bandwidth management on the...
...be on the LAN, you enable the SIP ALG. • Configuring the SIP ALG to -peer SIP calls. VoIP Calls from the WAN zone to the LAN zone. • The SIP ALG allows UDP packets with Multiple Outgoing... Calls When you configure the firewall and NAT (port forwarding) to allow peer-to-peer VoIP calls for VoIP devices behind the ZyWALL when you can also use a policy route to have a Back-to pass through a different WAN... a specific IP address on the WAN. Even though only LAN IP address A ZyWALL USG 50 User's Guide 337 For example, you to use bandwidth management on the...
User Manual
Page 338
... forward the return traffic for an example of those LAN or DMZ IP addresses go out through WAN IP address 2. ZyWALL USG 50 User's Guide Figure 203 VoIP with Multiple WAN IP Addresses With multiple WAN IP addresses on page 139 for a tutorial showing how to use the ALG for peer- Chapter...on page 100 for related information on these screens. • See Section 7.9 on the ZyWALL, you configure firewall and NAT rules to allow LAN IP address A to receive calls through public WAN IP address 2. Figure 202 VoIP Calls from the Internet, LAN IP addresses B and C can still make calls out ...
... forward the return traffic for an example of those LAN or DMZ IP addresses go out through WAN IP address 2. ZyWALL USG 50 User's Guide Figure 203 VoIP with Multiple WAN IP Addresses With multiple WAN IP addresses on page 139 for a tutorial showing how to use the ALG for peer- Chapter...on page 100 for related information on these screens. • See Section 7.9 on the ZyWALL, you configure firewall and NAT rules to allow LAN IP address A to receive calls through public WAN IP address 2. Figure 202 VoIP Calls from the Internet, LAN IP addresses B and C can still make calls out ...
User Manual
Page 341
...' data payload. You could also have the ZyWALL modify IP addresses and port numbers embedded in the VoIP traffic's data stream. It also records session port numbers and allows the related sessions to go through the ZyWALL's NAT. The ZyWALL does not automatically change ALG-managed ZyWALL USG 50 User's Guide 341 Enable FTP Transformations Select this...
...' data payload. You could also have the ZyWALL modify IP addresses and port numbers embedded in the VoIP traffic's data stream. It also records session port numbers and allows the related sessions to go through the ZyWALL's NAT. The ZyWALL does not automatically change ALG-managed ZyWALL USG 50 User's Guide 341 Enable FTP Transformations Select this...
User Manual
Page 342
... handles telephone calls and can use a different path from that is exchanged during the session can interface with traditional circuitswitched telephone networks. VoIP clients usually re-register automatically at set to have the connection go through the second interface (that does not provide a guaranteed quality ...to handle voice data transfer. FTP File Transfer Protocol (FTP) is a standard teleconferencing protocol suite that operates on RTP. 342 ZyWALL USG 50 User's Guide H.323 H.323 is an Internet file transfer service that provides audio, data and video conferencing.
... handles telephone calls and can use a different path from that is exchanged during the session can interface with traditional circuitswitched telephone networks. VoIP clients usually re-register automatically at set to have the connection go through the second interface (that does not provide a guaranteed quality ...to handle voice data transfer. FTP File Transfer Protocol (FTP) is a standard teleconferencing protocol suite that operates on RTP. 342 ZyWALL USG 50 User's Guide H.323 H.323 is an Internet file transfer service that provides audio, data and video conferencing.
User Manual
Page 437
...for improved VoIP call sound quality. 28.1.1 What You Can Do in this . It also lets you open the Other Configuration Add/ Edit screen to look at the applications the ZyWALL can even control the use of a particular application's individual features (like voice and video. ZyWALL USG 50 User's ... to enable and disable application patrol. • Use the Common, Instant Messenger, Peer to Peer, VoIP, and Streaming (see Section 28.3.2 on page 456) to control what the ZyWALL does when it does not recognize the application, and it identifies the conditions that gives SIP traffic priority...
...for improved VoIP call sound quality. 28.1.1 What You Can Do in this . It also lets you open the Other Configuration Add/ Edit screen to look at the applications the ZyWALL can even control the use of a particular application's individual features (like voice and video. ZyWALL USG 50 User's ... to enable and disable application patrol. • Use the Common, Instant Messenger, Peer to Peer, VoIP, and Streaming (see Section 28.3.2 on page 456) to control what the ZyWALL does when it does not recognize the application, and it identifies the conditions that gives SIP traffic priority...
User Manual
Page 448
... current state of the most commonly used web, file transfer and e-mail protocols. 448 ZyWALL USG 50 User's Guide When this link to go to the screen you can register for the service. Click this option is enabled the ZyWALL ignores any other application patrol rules for SIP traffic (so there is enhanced. Released... Click Reset to return the screen to its last-saved settings. 28.3 Application Patrol Applications Use the application patrol Common, Instant Messenger, Peer to Peer, VoIP, or Streaming screen to manage traffic of SIP traffic to improve SIPbased...
... current state of the most commonly used web, file transfer and e-mail protocols. 448 ZyWALL USG 50 User's Guide When this link to go to the screen you can register for the service. Click this option is enabled the ZyWALL ignores any other application patrol rules for SIP traffic (so there is enhanced. Released... Click Reset to return the screen to its last-saved settings. 28.3 Application Patrol Applications Use the application patrol Common, Instant Messenger, Peer to Peer, VoIP, or Streaming screen to manage traffic of SIP traffic to improve SIPbased...
User Manual
Page 449
... in this screen, go to the application patrol Common, Instant Messenger, Peer to the ZyWALL. Default Access This field displays what the ZyWALL does with a specific application. Apply Click Apply to save your changes back to Peer, VoIP, or ZyWALL USG 50 User's Guide 449 To access this screen. Service This field displays the name of...
... in this screen, go to the application patrol Common, Instant Messenger, Peer to the ZyWALL. Default Access This field displays what the ZyWALL does with a specific application. Apply Click Apply to save your changes back to Peer, VoIP, or ZyWALL USG 50 User's Guide 449 To access this screen. Service This field displays the name of...
User Manual
Page 453
... application. The screen displayed here is for every port number. Figure 278 Application Policy Edit The following table describes the labels in the Policy table. ZyWALL USG 50 User's Guide 453 Chapter 28 Application Patrol Table 131 Application Edit (continued) LABEL DESCRIPTION OK Click OK to save your changes. 28.3.2 The Application Patrol...
... application. The screen displayed here is for every port number. Figure 278 Application Policy Edit The following table describes the labels in the Policy table. ZyWALL USG 50 User's Guide 453 Chapter 28 Application Patrol Table 131 Application Edit (continued) LABEL DESCRIPTION OK Click OK to save your changes. 28.3.2 The Application Patrol...
User Manual
Page 922
... policy routes 337, 338, 341 and trunks 341 configuration overview 100 FTP 336 H.323 336, 342 peer-to-peer calls 337 RTP 342 see also VoIP pass through 336 SIP 336 tutorial 139 Anomaly Detection and Prevention, see ADP anti-spam 565, 571 action for spam mails 571 alerts 570 black... 760, 763 troubleshooting signatures update 760 virus 464 virus types 477 white list 470, 474 worm 464 Apache server 529, 530 Apache-whitespace attack 529 ZyWALL USG 50 User's Guide
... policy routes 337, 338, 341 and trunks 341 configuration overview 100 FTP 336 H.323 336, 342 peer-to-peer calls 337 RTP 342 see also VoIP pass through 336 SIP 336 tutorial 139 Anomaly Detection and Prevention, see ADP anti-spam 565, 571 action for spam mails 571 alerts 570 black... 760, 763 troubleshooting signatures update 760 virus 464 virus types 477 white list 470, 474 worm 464 Apache server 529, 530 Apache-whitespace attack 529 ZyWALL USG 50 User's Guide
User Manual
Page 928
...objects 606 and services 370 and SIP (ALG) 337 and user groups 370, 373 and users 370, 373 and VoIP pass through 338 and zones 358, 368 asymmetrical routes 365, 367 configuration overview 101 global rules 359 928 prerequisites ...101 priority 368 rule criteria 359 see also to-ZyWALL firewall 358 session limits 360, 370 to-ZyWALL, see to-ZyWALL firewall triangle routes 365, 367 troubleshooting 761 vs application patrol 357, 359 firmware and ...411, 416 Fully-Qualified Domain Name, see FQDN G gateway policy, see VPN gateways ge1 32 ZyWALL USG 50 User's Guide
...objects 606 and services 370 and SIP (ALG) 337 and user groups 370, 373 and users 370, 373 and VoIP pass through 338 and zones 358, 368 asymmetrical routes 365, 367 configuration overview 101 global rules 359 928 prerequisites ...101 priority 368 rule criteria 359 see also to-ZyWALL firewall 358 session limits 360, 370 to-ZyWALL, see to-ZyWALL firewall triangle routes 365, 367 troubleshooting 761 vs application patrol 357, 359 firmware and ...411, 416 Fully-Qualified Domain Name, see FQDN G gateway policy, see VPN gateways ge1 32 ZyWALL USG 50 User's Guide
User Manual
Page 933
... 290 and address objects (HOST) 325 and ALG 336, 338 and firewall 366 and interfaces 325 and policy routes 282, 289 and to-ZyWALL firewall 327 and VoIP pass through 338 and VPN 403 and VPN, see also VPN configuration overview 99 limitations 294 loopback 327 port forwarding, see NAT port translation... routes prerequisites 99 traversal 404 trigger port, see also policy routes tutorial 143, 146 NBNS 228, 253, 263, 269, 416 NetBIOS Broadcast over IPSec 382 ZyWALL USG 50 User's Guide 933
... 290 and address objects (HOST) 325 and ALG 336, 338 and firewall 366 and interfaces 325 and policy routes 282, 289 and to-ZyWALL firewall 327 and VoIP pass through 338 and VPN 403 and VPN, see also VPN configuration overview 99 limitations 294 loopback 327 port forwarding, see NAT port translation... routes prerequisites 99 traversal 404 trigger port, see also policy routes tutorial 143, 146 NBNS 228, 253, 263, 269, 416 NetBIOS Broadcast over IPSec 382 ZyWALL USG 50 User's Guide 933
User Manual
Page 935
Point-to -Point Protocol over Ethernet, see POP 566 power off 35, 757 power on 35 PPP 270 troubleshooting 762 ZyWALL USG 50 User's Guide 935 Index P P2P (Peer-to-peer) 490 attacks 490 see also Peer-to-peer packet flow 91 inspection signatures 483, 487 scan 464 ... service objects 606 and trunks 272, 289 and user groups 287, 288, 451, 454, 457, 460 and users 287, 288, 451, 454, 457, 460 and VoIP pass through 337, 338 and VPN connections 289, 767 bandwidth management 291 benefits 282 BWM 285 configuration overview 97 criteria 284 overriding direct routes 285...
Point-to -Point Protocol over Ethernet, see POP 566 power off 35, 757 power on 35 PPP 270 troubleshooting 762 ZyWALL USG 50 User's Guide 935 Index P P2P (Peer-to-peer) 490 attacks 490 see also Peer-to-peer packet flow 91 inspection signatures 483, 487 scan 464 ... service objects 606 and trunks 272, 289 and user groups 287, 288, 451, 454, 457, 460 and users 287, 288, 451, 454, 457, 460 and VoIP pass through 337, 338 and VPN connections 289, 767 bandwidth management 291 benefits 282 BWM 285 configuration overview 97 criteria 284 overriding direct routes 285...
User Manual
Page 943
... method objects 694 and certificates 693 and zones 695 see WINS. VLAN interfaces 216, 248 and Ethernet interfaces 248, 763 basic characteristics 217 VoIP pass through 342 and firewall 338 and NAT 338 and policy routes 337, 338 see also ALG 336 VPN 375 active protocol 405 and ..., 43 access 43 access users 596 requirements 43 supported browsers 43 ZyWALL USG 50 User's Guide Index web features ActiveX 554 cookies 554 Java 554 web proxy servers 554 web proxy servers 332, 554 see also HTTP redirect web site ZyXEL 4 web-based SSL application 659 configuration example 660 create 662 weblink...
... method objects 694 and certificates 693 and zones 695 see WINS. VLAN interfaces 216, 248 and Ethernet interfaces 248, 763 basic characteristics 217 VoIP pass through 342 and firewall 338 and NAT 338 and policy routes 337, 338 see also ALG 336 VPN 375 active protocol 405 and ..., 43 access 43 access users 596 requirements 43 supported browsers 43 ZyWALL USG 50 User's Guide Index web features ActiveX 554 cookies 554 Java 554 web proxy servers 554 web proxy servers 332, 554 see also HTTP redirect web site ZyXEL 4 web-based SSL application 659 configuration example 660 create 662 weblink...