Specification GuideTable of ContentsZyWALL_2WG_071707_p0.pdf1ZyWALL_2WG_071707_p1.pdf2Size: 132 KBPages: 2Language: EnglishOpen manual
User GuideTable of ContentsUser’s Guide1About This User's Guide3Document Conventions4Safety Warnings6Contents Overview9Table of Contents11List of Figures27List of Tables41Introduction49Getting to Know Your ZyWALL511.1 ZyWALL Internet Security Appliance Overview511.2 Applications for the ZyWALL511.2.1 3G WAN Application511.2.2 Secure Broadband Internet Access via Cable or DSL Modem521.2.3 VPN Application521.3 Ways to Manage the ZyWALL531.4 Good Habits for Managing the ZyWALL531.4.1 Front Panel Lights54Introducing the Web Configurator552.1 Web Configurator Overview552.2 Accessing the ZyWALL Web Configurator552.3 Resetting the ZyWALL572.3.1 Procedure To Use The Reset Button572.3.2 Uploading a Configuration File Via Console Port572.4 Navigating the ZyWALL Web Configurator582.4.1 Title Bar582.4.2 Main Window592.4.3 HOME Screen: Router Mode592.4.4 HOME Screen: Bridge Mode652.4.5 Navigation Panel682.4.6 Port Statistics722.4.7 Show Statistics: Line Chart732.4.8 DHCP Table Screen742.4.9 VPN Status752.4.10 Bandwidth Monitor76Wizard Setup793.1 Wizard Setup Overview793.2 Internet Access793.2.1 ISP Parameters803.2.1.1 Ethernet803.2.1.2 PPPoE Encapsulation813.2.1.3 PPTP Encapsulation823.2.2 Internet Access Wizard: Second Screen843.2.3 Internet Access Wizard Setup Complete843.2.4 Internet Access Wizard: Registration853.2.5 Internet Access Wizard: Status873.2.6 Internet Access Wizard: Service Activation883.3 VPN Wizard Gateway Setting883.4 VPN Wizard Network Setting903.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1)913.6 VPN Wizard IPSec Setting (IKE Phase 2)933.7 VPN Wizard Status Summary943.8 VPN Wizard Setup Complete97Tutorial994.1 Security Settings for VPN Traffic994.1.1 Firewall Rule for VPN Example994.1.2 Configuring the VPN Rule1004.1.3 Configuring the Firewall Rules1034.1.3.1 Firewall Rule to Allow Access Example1044.1.3.2 Default Firewall Rule to Block Other Access Example1064.2 Using NAT with Multiple Public IP Addresses1074.2.1 Example Parameters and Scenario1074.2.2 Configuring the WAN Connection with a Static IP Address1084.2.3 Public IP Address Mapping1114.2.4 Forwarding Traffic from the WAN to a Local Computer1164.2.5 Allow WAN-to-LAN Traffic through the Firewall1184.2.6 Testing the Connections1254.3 Using NAT with Multiple Game Players1254.4 How to Manage the ZyWALL’s Bandwidth1264.4.1 Example Parameters and Scenario1264.4.2 Configuring Bandwidth Management Rules1274.5 Configuring Content Filtering1314.5.1 Enable Content Filtering1314.5.2 Block Categories of Web Content1324.5.3 Assign Bob’s Computer a Specific IP Address1344.5.4 Create a Content Filter Policy for Bob1344.5.5 Set the Content Filter Schedule1354.5.6 Block Categories of Web Content for Bob136Registration Screens1395.1 Overview1395.1.1 What You Can Do in the Registration Screens1395.1.2 What You Need to Know About Registration1395.2 The Registration Screen1405.3 The Service Screen142Network and Wireless143LAN Screens1456.1 Overview1456.1.1 What You Can Do in The LAN Screens1456.1.2 What You Need to Know About LAN1466.2 The LAN Screen1486.3 The Static DHCP Screen1516.4 The LAN IP Alias Screen1526.5 The LAN Port Roles Screen154Bridge Screens1577.1 Overview1577.1.1 What You Can Do in the Bridge Screens1577.1.2 What You Need To Know About Bridging1587.2 The Bridge Screen1597.3 The Bridge Port Roles Screen1607.4 Bridge Technical Reference162WAN and 3G Screens1658.1 Overview1658.1.1 What You Can Do in the WAN Screens1658.1.2 What You Need To Know About WAN1668.1.3 Before You Begin1688.2 The General Screen1688.2.1 Configuring the General Screen1698.2.2 Configuring Load Balancing1738.2.2.1 Least Load First1738.2.2.2 Example 11738.2.2.3 Example 21748.2.2.4 Weighted Round Robin1758.2.2.5 Spillover1768.3 The WAN1 Screen1788.3.1 Configuring Ethernet Encapsulation1798.3.2 Configuring PPPoE Encapsulation1828.3.3 Configuring PPTP Encapsulation1858.4 The 3G (WAN 2) Screen1888.5 The Traffic Redirect Screen1938.5.1 Configuring the Traffic Redirect Screen1948.6 The Dial Backup Screen1958.6.1 Advanced Modem Setup1978.7 WAN Technical Reference200DMZ Screens2019.1 Overview2019.1.1 What You Can Do in the DMZ Screens2019.1.2 What You Need To Know About DMZ2029.1.3 DMZ Public IP Address Example2029.1.4 DMZ Private and Public IP Address Example2039.2 The DMZ Screen2049.3 The Static DHCP Screen2079.4 The IP Alias Screen2089.5 The DMZ Port Roles Screen210WLAN Screens21310.1 Overview21310.1.1 What You Can Do in the WLAN Screens21310.1.2 What You Need to Know About Wireless LAN21410.2 The WLAN Screen21410.3 The Static DHCP Screen21710.4 The IP Alias Screen21810.5 The Port Roles Screen220Wi-Fi Screens22311.1 Overview22311.1.1 What You Can Do in the Wi-Fi Screens22311.1.2 What You Need To Know About Wireless22311.2 The Wireless Card Screen22511.2.1 The SSID Profile Screen22811.3 The Wireless Security Screen22911.3.1 No Security23111.3.2 Static WEP23111.3.3 IEEE 802.1x Only23211.3.4 IEEE 802.1x + Static WEP23311.3.5 WPA, WPA2, WPA2-MIX23511.3.6 WPA-PSK, WPA2-PSK, WPA2-PSK-MIX23611.4 The MAC Filter Screen237Security239Firewall Screens24112.1 Overview24112.1.1 What You Can Do in the Firewall Screens24212.1.2 What You Need To Know About The ZyWALL Firewall24212.1.3 Before You Begin24212.2 Firewall Rules Example24212.3 Firewall Default Rule (Router Mode)24412.4 Firewall Default Rule (Bridge Mode)24712.5 The Firewall Rule Summary Screen24812.5.1 The Firewall Edit Rule Screen25012.6 The Anti-Probing Screen25312.7 The Threshold Screen25412.8 The Service Screen25612.8.1 The Firewall Edit Custom Service Screen25712.8.2 My Service Firewall Rule Example25812.9 Firewall Technical Reference261Content Filtering Screens26713.1 Overview26713.1.1 What You Can Do in the Content Filtering Screens26713.1.2 What You Need to Know About Content Filtering26713.2 The General Screen26813.3 The Policy Screen27113.3.1 The Edit Policy Screen: General27313.3.2 The Edit Policy Screen: External Database27413.3.3 The Edit Policy Screen: Customization28113.3.4 The Edit Policy Screen: Schedule28313.4 The Object Screen28513.4.1 Configuring the Object Screen28513.5 The Cache Screen287Content Filtering Reports28914.1 Checking Content Filtering Activation28914.2 Viewing Content Filtering Reports28914.3 Web Site Submission294IPSec VPN Screens29715.1 Overview29715.1.1 What You Can Do in the IPSec VPN Screens29715.1.2 What You Need to Know About IPSec VPN29815.2 The VPN Rules (IKE) Screen30015.2.1 The VPN Rules (IKE) Gateway Policy Edit Screen30115.2.2 The Network Policy Edit Screen30715.2.3 The Network Policy Edit: Port Forwarding Screen31215.2.4 The Network Policy Move Screen31415.2.5 Dialing the VPN Tunnel via Web Configurator31515.3 The VPN Rules (Manual) Screen31615.4 The VPN Rules (Manual) Edit Screen31715.5 The VPN SA Monitor Screen32015.6 The VPN Global Setting Screen32115.6.1 Configuring the Global Setting Screen32315.7 Telecommuter VPN/IPSec Examples32415.7.1 Telecommuters Sharing One VPN Rule Example32415.7.2 Telecommuters Using Unique VPN Rules Example32515.8 VPN and Remote Management32715.9 Hub-and-spoke VPN32715.9.1 Hub-and-spoke VPN Example32815.9.2 Hub-and-spoke Example VPN Rule Addresses32815.9.3 Hub-and-spoke VPN Requirements and Suggestions32915.10 VPN Troubleshooting32915.10.1 IPSec Debug33015.11 IPSec VPN Technical Reference331Certificates Screens34316.1 Overview34316.1.1 What You Can Do in the Certificate Screens34316.1.2 What You Need to Know About Certificates34316.2 The My Certificates Screen34516.2.1 The My Certificate Details Screen34716.3 The My Certificate Export Screen35016.4 The My Certificate Import Screen35116.5 Using the My Certificate Import Screen35116.6 The My Certificate Create Screen35316.7 The Trusted CAs Screen35716.8 The Trusted CA Details Screen35916.9 The Trusted CA Import Screen36216.10 The Trusted Remote Hosts Screen36316.11 The Trusted Remote Hosts Import Screen36516.12 The Trusted Remote Host Certificate Details Screen36616.13 The Directory Servers Screen36816.14 The Directory Server Add or Edit Screen369Authentication Server Screens37117.1 Overview37117.1.1 What You Can Do in the Authentication Server Screens37117.1.2 What You Need To Know About Authentication Server37117.2 The Local User Database Screen37217.3 The RADIUS Screen374Advanced377Network Address Translation (NAT) Screens37918.1 Overview37918.1.1 What You Can Do in the NAT Screens37918.1.2 What You Need To Know About NAT37918.1.3 Before You Begin38018.2 The NAT Overview Screen38018.3 The NAT Address Mapping Screen38218.3.1 The NAT Address Mapping Edit Screen38418.4 The Port Forwarding Screen38518.4.1 Configuring Servers Behind Port Forwarding (Example)38618.4.2 Configuring the Port Forwarding Screen38718.5 The Port Triggering Screen38918.6 NAT Technical Reference391Static Route Screens39519.1 Overview39519.1.1 What You Can Do in the Static Route Screens39519.2 The IP Static Route Screen39619.2.1 The IP Static Route Edit Screen397Policy Route Screens39920.1 Policy Route Overview39920.1.1 What You Can Do in the Policy Route Screens39920.1.2 What You Need To Know About Policy Route39920.2 The Policy Route Summary Screen40020.3 The Policy Route Edit Screen402Bandwidth Management Screens40721.1 Overview40721.1.1 What You Can Do in the Bandwidth Management Screens40721.1.2 What You Need to Know About Bandwidth Management40721.2 Bandwidth Management Examples40921.2.1 Application and Subnet-based Bandwidth Management Example40921.3 Maximize Bandwidth Usage With Bandwidth Borrowing Example40921.4 Over Allotment of Bandwidth Example41021.5 The Summary Screen41021.5.1 Maximize Bandwidth Usage Example41221.5.1.1 Priority-based Allotment of Unused and Unbudgeted Bandwidth41221.5.1.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth41321.5.2 Reserving Bandwidth for Non-Bandwidth Class Traffic41321.6 The Class Setup Screen41321.6.1 Bandwidth Manager Class Configuration41521.6.2 Bandwidth Borrowing Example41821.6.3 The Bandwidth Management Statistics Screen41921.7 Bandwidth Manager Monitor420DNS Screens42122.1 Overview42122.1.1 What You Can Do in the DNS Screens42122.1.2 What You Need To Know About DNS42122.2 The System Screen42322.2.1 The Add Address Record Screen42522.2.2 The Insert Name Server Record Screen42622.3 The DNS Cache Screen42722.4 The DHCP Screen42922.5 The DDNS Screen43022.6 Configuring the Dynamic DNS Screen431Remote Management Screens43323.1 Overview43323.1.1 What You Can Do in the Remote Management Screens43323.1.2 What You Need To Know About Remote Management43423.2 Remote Management Examples43523.2.1 HTTPS Example43523.2.1.1 Internet Explorer Warning Messages43523.2.1.2 Netscape Navigator Warning Messages43523.2.1.3 Avoiding the Browser Warning Messages43623.2.1.4 Login Screen43723.2.2 Secure Telnet Using SSH Examples43923.2.2.1 Example 1: Microsoft Windows43923.2.2.2 Example 2: Linux44023.2.3 Secure FTP Using SSH Example44023.3 The WWW Screen44123.4 Configuring The WWW Screen44223.5 The SSH Screen44323.5.1 Configuring the SSH Screen44423.6 The Telnet Screen44523.7 The FTP Screen44623.8 The SNMP Screen44723.8.1 Configuring the SNMP Screen44923.9 The DNS Screen45023.10 The CNM Screen45123.10.1 Configuring The CNM Screen45123.11 Remote Management Technical Reference453UPnP Screens45524.1 Overview45524.1.1 What You Can Do in the UPnP Screens45524.1.2 What You Need To Know About UPnP45524.2 UPnP Examples45624.2.1 Installing UPnP in Windows Example45624.2.2 Installing UPnP in Windows Me45724.2.3 Installing UPnP in Windows XP45824.3 Using UPnP in Windows XP Example45824.3.1 Auto-discover Your UPnP-enabled Network Device45924.3.2 Web Configurator Easy Access46024.4 The UPnP Screen46224.5 The Ports Screen463ALG Screen46525.1 Overview46525.1.1 What You Need to Know About ALG46525.2 The ALG Screen469Custom Application Screen47126.1 Overview47126.1.1 What You Need to Know About Custom Application47126.2 The Custom Application Screen471Logs and Maintenance473Logs Screens47527.1 Overview47527.1.1 What You Can Do in the Log Screens47527.1.2 What You Need To Know About Logs47527.2 The View Log Screen47527.2.1 Log Description Example47727.2.2 About the Certificate Not Trusted Log47727.3 The Log Settings Screen47827.4 The Traffic Statistics Screen48127.4.1 Viewing Web Site Hits48327.4.2 Viewing Host IP Address48327.4.3 Viewing Protocol/Port48427.4.4 System Reports Specifications48627.5 The E-mail Report Screen48627.6 Logs Technical Reference488Maintenance Screens50728.1 Overview50728.1.1 What You Can Do in the Maintenance Screens50728.2 The General Setup Screen50728.3 The Password Screen50828.4 The Time and Date Screen50928.4.1 Time Server Synchronization Example51228.5 The Device Mode Screen51328.5.1 The Device Mode Screen (Router)51328.5.2 The Device Mode Screen (Bridge)51428.6 The F/W Upload Screen51728.7 The Backup and Restore Screen51828.8 The Restart Screen52128.9 The Diagnostics Screen521SMT525Introducing the SMT52729.1 Introduction to the SMT52729.2 Accessing the SMT via the Console Port52729.2.1 Initial Screen52729.2.2 Entering the Password52829.3 Navigating the SMT Interface52829.3.1 Main Menu52929.3.2 SMT Menus Overview53129.4 Changing the System Password53329.5 Resetting the ZyWALL534SMT Menu 1 - General Setup53530.1 Introduction to General Setup53530.2 Configuring General Setup53530.2.1 Configuring Dynamic DNS53730.2.1.1 Editing DDNS Host537WAN and Dial Backup Setup54131.1 Introduction to WAN, 3G WAN and Dial Backup Setup54131.2 WAN Setup54131.3 Dial Backup54231.3.1 Configuring Dial Backup in Menu 254231.3.2 Advanced WAN Setup54331.3.3 Remote Node Profile (Backup ISP)54531.3.4 Editing TCP/IP Options54731.3.5 Editing Login Script54831.3.6 Remote Node Filter55031.4 3G WAN55031.4.1 3G Modem Setup55031.4.2 Remote Node Profile (3G WAN)552LAN Setup55532.1 Introduction to LAN Setup55532.2 Accessing the LAN Menus55532.3 LAN Port Filter Setup55532.4 TCP/IP and DHCP Ethernet Setup Menu55632.4.1 IP Alias Setup559Internet Access56133.1 Introduction to Internet Access Setup56133.2 Ethernet Encapsulation56133.3 Configuring the PPTP Client56333.4 Configuring the PPPoE Client56433.5 Basic Setup Complete565DMZ Setup56734.1 Configuring DMZ Setup56734.2 DMZ Port Filter Setup56734.3 TCP/IP Setup56834.3.1 IP Address56834.3.2 IP Alias Setup569Route Setup57135.1 Configuring Route Setup57135.2 Route Assessment57135.3 Traffic Redirect57235.4 Route Failover573Wireless Setup57536.1 TCP/IP Setup57536.1.1 IP Address57536.1.2 IP Alias Setup576Remote Node Setup57937.1 Introduction to Remote Node Setup57937.2 Remote Node Setup57937.3 Remote Node Profile Setup57937.3.1 Ethernet Encapsulation58037.3.2 PPPoE Encapsulation58137.3.2.1 Outgoing Authentication Protocol58237.3.2.2 Nailed-Up Connection58237.3.2.3 Metric58237.3.3 PPTP Encapsulation58237.4 Edit IP58337.5 Remote Node Filter585IP Static Route Setup58738.1 IP Static Route Setup587Network Address Translation (NAT)59139.1 Using NAT59139.1.1 SUA (Single User Account) Versus NAT59139.1.2 Applying NAT59139.2 NAT Setup59339.2.1 Address Mapping Sets59439.2.1.1 SUA Address Mapping Set59439.2.1.2 User-Defined Address Mapping Sets59539.2.1.3 Ordering Your Rules59639.3 Configuring a Server behind NAT59839.4 General NAT Examples60139.4.1 Internet Access Only60139.4.2 Example 2: Internet Access with a Default Server60239.4.3 Example 3: Multiple Public IP Addresses With Inside Servers60339.4.4 Example 4: NAT Unfriendly Application Programs60639.5 Trigger Port Forwarding60839.5.1 Two Points To Remember About Trigger Ports608Introducing the ZyWALL Firewall61140.1 Using ZyWALL SMT Menus61140.1.1 Activating the Firewall611Filter Configuration61341.1 Introduction to Filters61341.1.1 The Filter Structure of the ZyWALL61441.2 Configuring a Filter Set61641.2.1 Configuring a Filter Rule61741.2.2 Configuring a TCP/IP Filter Rule61841.2.3 Configuring a Generic Filter Rule62041.3 Example Filter62241.4 Filter Types and NAT62441.5 Firewall Versus Filters62441.5.1 Packet Filtering:62441.5.1.1 When To Use Filtering62541.5.2 Firewall62541.5.2.1 When To Use The Firewall62541.6 Applying a Filter62541.6.1 Applying LAN Filters62641.6.2 Applying DMZ Filters62641.6.3 Applying Remote Node Filters627SNMP Configuration62942.1 SNMP Configuration62942.2 SNMP Traps630System Information & Diagnosis63143.1 Introduction to System Status63143.2 System Status63143.3 System Information and Console Port Speed63343.3.1 System Information63343.3.2 Console Port Speed63443.4 Log and Trace63543.4.1 Viewing Error Log63543.4.2 Syslog Logging63643.4.3 Call-Triggering Packet63943.5 Diagnostic64043.5.1 WAN DHCP641Firmware and Configuration File Maintenance64344.1 Introduction64344.2 Filename Conventions64344.3 Backup Configuration64444.3.1 Backup Configuration64444.3.2 Using the FTP Command from the Command Line64544.3.3 Example of FTP Commands from the Command Line64544.3.4 GUI-based FTP Clients64644.3.5 File Maintenance Over WAN64644.3.6 Backup Configuration Using TFTP64644.3.7 TFTP Command Example64744.3.8 GUI-based TFTP Clients64744.3.9 Backup Via Console Port64744.4 Restore Configuration64844.4.1 Restore Using FTP64944.4.2 Restore Using FTP Session Example65044.4.3 Restore Via Console Port65044.5 Uploading Firmware and Configuration Files65144.5.1 Firmware File Upload65144.5.2 Configuration File Upload65244.5.3 FTP File Upload Command from the DOS Prompt Example65344.5.4 FTP Session Example of Firmware File Upload65344.5.5 TFTP File Upload65344.5.6 TFTP Upload Command Example65444.5.7 Uploading Via Console Port65444.5.8 Uploading Firmware File Via Console Port65444.5.9 Example Xmodem Firmware Upload Using HyperTerminal65544.5.10 Uploading Configuration File Via Console Port65544.5.11 Example Xmodem Configuration Upload Using HyperTerminal656System Maintenance Menus 8 to 1065745.1 Command Interpreter Mode65745.1.1 Command Syntax65845.1.2 Command Usage65845.2 Call Control Support65945.2.1 Budget Management65945.2.2 Call History66045.3 Time and Date Setting661Remote Management66546.1 Remote Management66546.1.1 Remote Management Limitations667IP Policy Routing66947.1 IP Routing Policy Summary66947.2 IP Routing Policy Setup67047.2.1 Applying Policy to Packets67247.3 IP Policy Routing Example673Call Scheduling67748.1 Introduction to Call Scheduling677Troubleshooting and Specifications681Troubleshooting68349.1 Power, Hardware Connections, and LEDs68349.2 ZyWALL Access and Login68449.3 Internet Access686Product Specifications68950.1 General ZyWALL Specifications68950.2 Compatible 3G Cards69250.3 3G Card Installation69350.4 Wall-mounting Instructions69350.5 Power Adaptor Specifications69550.6 Cable Pin Assignments696Appendices and Index699Pop-up Windows, JavaScripts and Java Permissions701Setting up Your Computer’s IP Address709IP Addresses and Subnetting725Common Services733Wireless LANs737Importing Certificates751Legal Information761Customer Support765Index771Size: 23 MBPages: 780Language: EnglishOpen manual
Quick Setup GuideSize: 2.98 MBPages: 146Languages: English, Deutsch, Español, Français, Italiano, Русский, Svenska, 中文(zhōngwén)Open manual