User ManualTable of ContentsUser’s Guide1About This User's Guide3Document Conventions4Safety Warnings6Contents Overview7Table of Contents9List of Figures27List of Tables39Introduction and Registration45Getting to Know Your ZyWALL471.1 ZyWALL Internet Security Appliance Overview471.2 Applications for the ZyWALL471.2.1 Secure Broadband Internet Access via Cable or DSL Modem471.2.2 VPN Application481.3 Ways to Manage the ZyWALL481.4 Good Habits for Managing the ZyWALL491.5 LEDs49Introducing the Web Configurator512.1 Web Configurator Overview512.2 Accessing the ZyWALL Web Configurator512.3 Resetting the ZyWALL532.3.1 Procedure To Use The Reset Button532.3.2 Uploading a Configuration File Via Console Port532.4 Navigating the ZyWALL Web Configurator542.4.1 Title Bar542.4.2 Main Window552.4.3 HOME Screen: Router Mode552.4.4 HOME Screen: Bridge Mode572.4.5 Navigation Panel602.4.6 Port Statistics642.4.7 DHCP Table Screen652.4.8 VPN Status662.4.9 Bandwidth Monitor67Wizard Setup693.1 Wizard Setup Overview693.2 Internet Access703.2.1 ISP Parameters703.2.2 Internet Access Wizard: Second Screen753.2.3 Internet Access Wizard: Registration763.3 VPN Wizard Gateway Setting793.4 VPN Wizard Network Setting803.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1)823.6 VPN Wizard IPSec Setting (IKE Phase 2)833.7 VPN Wizard Status Summary853.8 VPN Wizard Setup Complete87Tutorials894.1 Security Settings for VPN Traffic894.1.1 Firewall Rule for VPN Example894.1.2 Configuring the VPN Rule904.1.3 Configuring the Firewall Rules934.2 Using NAT with Multiple Public IP Addresses974.2.1 Example Parameters and Scenario974.2.2 Configuring the WAN Connection with a Static IP Address984.2.3 Public IP Address Mapping1014.2.4 Forwarding Traffic from the WAN to a Local Computer1054.2.5 Allow WAN-to-LAN Traffic through the Firewall1074.2.6 Testing the Connections1144.3 Using NAT with Multiple Game Players1144.4 How to Manage the ZyWALL’s Bandwidth1154.4.1 Example Parameters and Scenario1154.4.2 Configuring Bandwidth Management Rules1164.5 Configuring Content Filtering1204.5.1 Enable Content Filtering1204.5.2 Block Categories of Web Content1214.5.3 Assign Bob’s Computer a Specific IP Address1234.5.4 Create a Content Filter Policy for Bob1234.5.5 Set the Content Filter Schedule1244.5.6 Block Categories of Web Content for Bob125Registration1275.1 myZyXEL.com overview1275.1.1 Content Filtering Subscription Service1275.2 Registration1285.3 Service129Network131LAN Screens1336.1 LAN, WAN and the ZyWALL1336.2 IP Address and Subnet Mask1336.2.1 Private IP Addresses1346.3 DHCP1356.3.1 IP Pool Setup1356.4 RIP Setup1356.5 Multicast1356.6 WINS1366.7 LAN1366.8 LAN Static DHCP1396.9 LAN IP Alias1406.10 LAN Port Roles142Bridge Screens1457.1 Bridge Loop1457.2 Spanning Tree Protocol (STP)1467.2.1 Rapid STP1467.2.2 STP Terminology1467.2.3 How STP Works1467.2.4 STP Port States1477.3 Bridge1477.4 Bridge Port Roles149WAN Screens1518.1 WAN Overview1518.2 TCP/IP Priority (Metric)1518.3 WAN Route1518.4 WAN IP Address Assignment1538.5 DNS Server Address Assignment1538.6 WAN MAC Address1548.7 WAN1548.7.1 WAN Ethernet Encapsulation1548.7.2 PPPoE Encapsulation1578.7.3 PPTP Encapsulation1608.8 Traffic Redirect1638.9 Configuring Traffic Redirect1648.10 Configuring Dial Backup1658.11 Advanced Modem Setup1688.11.1 AT Command Strings1688.11.2 DTR Signal1688.11.3 Response Strings1698.12 Configuring Advanced Modem Setup169DMZ Screens1719.1 DMZ1719.2 Configuring DMZ1719.3 DMZ Static DHCP1749.4 DMZ IP Alias1759.5 DMZ Public IP Address Example1779.6 DMZ Private and Public IP Address Example1779.7 DMZ Port Roles178Wireless LAN18110.1 Wireless LAN Introduction18110.2 Configuring WLAN18110.3 WLAN Static DHCP18410.4 WLAN IP Alias18510.5 WLAN Port Roles187Security189Firewall19111.1 Firewall Overview19111.2 Packet Direction Matrix19211.3 Packet Direction Examples19311.3.1 To VPN Packet Direction19511.3.2 From VPN Packet Direction19611.3.3 From VPN To VPN Packet Direction19811.4 Security Considerations19911.5 Firewall Rules Example20011.6 Asymmetrical Routes20111.6.1 Asymmetrical Routes and IP Alias20211.7 Firewall Default Rule (Router Mode)20211.8 Firewall Default Rule (Bridge Mode)20411.9 Firewall Rule Summary20611.9.1 Firewall Edit Rule20811.10 Anti-Probing21111.11 Firewall Thresholds21211.11.1 Threshold Values21311.12 Threshold Screen21311.13 Service21511.13.1 Firewall Edit Custom Service21611.14 My Service Firewall Rule Example217Content Filtering Screens22312.1 Content Filtering Overview22312.1.1 Restrict Web Features22312.1.2 Create a Filter List22312.1.3 Customize Web Site Access22312.2 Content Filtering with an External Database22312.3 Content Filter General Screen22412.4 Content Filter Policy22712.5 Content Filter Policy: General22912.6 Content Filter Policy: External Database23012.7 Content Filter Policy: Customization23712.8 Content Filter Policy: Schedule23912.9 Content Filter Object24012.10 Customizing Keyword Blocking URL Checking24212.10.1 Domain Name or IP Address URL Checking24212.10.2 Full Path URL Checking24312.10.3 File Name URL Checking24312.11 Content Filtering Cache243Content Filtering Reports24513.1 Checking Content Filtering Activation24513.2 Viewing Content Filtering Reports24513.3 Web Site Submission250IPSec VPN25314.1 IPSec VPN Overview25314.1.1 IKE SA Overview25414.2 VPN Rules (IKE)25514.3 IKE SA Setup25714.3.1 IKE SA Proposal25714.4 Additional IPSec VPN Topics26114.4.1 SA Life Time26214.4.2 IPSec High Availability26214.4.3 Encryption and Authentication Algorithms26314.5 VPN Rules (IKE) Gateway Policy Edit26414.6 IPSec SA Overview27014.6.1 Local Network and Remote Network27014.6.2 Virtual Address Mapping27114.6.3 Active Protocol27214.6.4 Encapsulation27214.6.5 IPSec SA Proposal and Perfect Forward Secrecy27314.7 VPN Rules (IKE) Network Policy Edit27314.8 Network Policy Port Forwarding27814.9 Network Policy Move28014.10 IPSec SA Using Manual Keys28114.10.1 IPSec SA Proposal Using Manual Keys28114.10.2 Authentication and the Security Parameter Index (SPI)28114.11 VPN Rules (Manual)28114.12 VPN Rules (Manual) Edit28314.13 VPN SA Monitor28514.14 VPN Global Setting28614.14.1 Local and Remote IP Address Conflict Resolution28614.15 Telecommuter VPN/IPSec Examples28914.15.1 Telecommuters Sharing One VPN Rule Example28914.15.2 Telecommuters Using Unique VPN Rules Example29014.16 VPN and Remote Management29114.17 Hub-and-spoke VPN29214.17.1 Hub-and-spoke VPN Example29314.17.2 Hub-and-spoke Example VPN Rule Addresses29314.17.3 Hub-and-spoke VPN Requirements and Suggestions294Certificates29515.1 Certificates Overview29515.1.1 Advantages of Certificates29615.2 Self-signed Certificates29615.3 Verifying a Certificate29615.3.1 Checking the Fingerprint of a Certificate on Your Computer29615.4 Configuration Summary29715.5 My Certificates29815.6 My Certificate Details30015.7 My Certificate Export30215.7.1 Certificate File Export Formats30215.8 My Certificate Import30315.8.1 Certificate File Formats30315.9 My Certificate Create30515.10 Trusted CAs31015.11 Trusted CA Details31215.12 Trusted CA Import31415.13 Trusted Remote Hosts31515.14 Trusted Remote Host Certificate Details31615.15 Trusted Remote Hosts Import31915.16 Directory Servers32015.17 Directory Server Add or Edit321Authentication Server32316.1 Authentication Server Overview32316.1.1 Local User Database32316.1.2 RADIUS32316.1.3 Types of RADIUS Messages32316.2 Local User Database32416.3 RADIUS326Advanced329Network Address Translation (NAT)33117.1 NAT Overview33117.1.1 NAT Definitions33117.1.2 What NAT Does33217.1.3 How NAT Works33217.1.4 NAT Application33317.1.5 Port Restricted Cone NAT33417.1.6 NAT Mapping Types33417.2 Using NAT33517.2.1 SUA (Single User Account) Versus NAT33517.3 NAT Overview Screen33617.4 NAT Address Mapping33717.4.1 What NAT Does33717.4.2 NAT Address Mapping Edit33917.5 Port Forwarding34017.5.1 Default Server IP Address34017.5.2 Port Forwarding: Services and Port Numbers34117.5.3 Configuring Servers Behind Port Forwarding (Example)34117.5.4 Port Translation34117.6 Port Forwarding Screen34217.7 Port Triggering344Static Route34718.1 IP Static Route34718.2 IP Static Route34818.2.1 IP Static Route Edit349Bandwidth Management35119.1 Bandwidth Management Overview35119.2 Bandwidth Classes and Filters35119.3 Proportional Bandwidth Allocation35219.4 Application-based Bandwidth Management35219.5 Subnet-based Bandwidth Management35219.6 Application and Subnet-based Bandwidth Management35219.7 Scheduler35319.7.1 Priority-based Scheduler35319.7.2 Fairness-based Scheduler35319.7.3 Maximize Bandwidth Usage35319.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic35319.7.5 Maximize Bandwidth Usage Example35419.8 Bandwidth Borrowing35519.8.1 Bandwidth Borrowing Example35519.9 Maximize Bandwidth Usage With Bandwidth Borrowing35619.10 Over Allotment of Bandwidth35619.11 Configuring Summary35719.12 Configuring Class Setup35819.12.1 Bandwidth Manager Class Configuration35919.12.2 Bandwidth Management Statistics36219.13 Bandwidth Manager Monitor363DNS36520.1 DNS Overview36520.2 DNS Server Address Assignment36520.3 DNS Servers36520.4 Address Record36620.4.1 DNS Wildcard36620.5 Name Server Record36620.5.1 Private DNS Server36620.6 System Screen36720.6.1 Adding an Address Record36820.6.2 Inserting a Name Server Record36920.7 DNS Cache37120.8 Configure DNS Cache37120.9 Configuring DNS DHCP37220.10 Dynamic DNS37420.10.1 DYNDNS Wildcard37420.11 Configuring Dynamic DNS374Remote Management37721.1 Remote Management Overview37721.1.1 Remote Management Limitations37821.1.2 System Timeout37821.2 WWW (HTTP and HTTPS)37821.3 WWW Configuration37921.4 HTTPS Example38021.4.1 Internet Explorer Warning Messages38121.4.2 Netscape Navigator Warning Messages38121.4.3 Avoiding the Browser Warning Messages38221.4.4 Login Screen38321.5 SSH38521.6 How SSH Works38521.7 SSH Implementation on the ZyWALL38621.7.1 Requirements for Using SSH38621.8 Configuring SSH38621.9 Secure Telnet Using SSH Examples38721.9.1 Example 1: Microsoft Windows38721.9.2 Example 2: Linux38821.10 Secure FTP Using SSH Example38921.11 Telnet39021.12 Configuring TELNET39021.13 FTP39121.14 SNMP39221.14.1 Supported MIBs39321.14.2 SNMP Traps39321.14.3 REMOTE MANAGEMENT: SNMP39321.15 DNS39521.16 Introducing Vantage CNM39521.17 Configuring CNM39621.17.1 Additional Configuration for Vantage CNM397UPnP39922.1 Universal Plug and Play Overview39922.1.1 How Do I Know If I'm Using UPnP?39922.1.2 NAT Traversal39922.1.3 Cautions with UPnP39922.1.4 UPnP and ZyXEL40022.2 Configuring UPnP40022.3 Displaying UPnP Port Mapping40122.4 Installing UPnP in Windows Example40222.4.1 Installing UPnP in Windows Me40322.4.2 Installing UPnP in Windows XP40422.5 Using UPnP in Windows XP Example40422.5.1 Auto-discover Your UPnP-enabled Network Device40522.5.2 Web Configurator Easy Access406Custom Application40923.1 Custom Applicaton40923.2 Custom Applicaton Configuration409ALG Screen41124.1 ALG Introduction41124.1.1 ALG and NAT41124.1.2 ALG and the Firewall41124.2 FTP41224.3 H.32341224.4 RTP41224.4.1 H.323 ALG Details41224.5 SIP41324.5.1 STUN41324.5.2 SIP ALG Details41324.5.3 SIP Signaling Session Timeout41424.5.4 SIP Audio Session Timeout41424.6 ALG Screen414Logs and Maintenance417Logs Screens41925.1 Configuring View Log41925.2 Log Description Example42025.2.1 About the Certificate Not Trusted Log42125.3 Configuring Log Settings42225.4 Configuring Reports42525.4.1 Viewing Web Site Hits42725.4.2 Viewing Host IP Address42725.4.3 Viewing Protocol/Port42825.4.4 System Reports Specifications43025.5 Log Descriptions43025.6 Syslog Logs445Maintenance44726.1 Maintenance Overview44726.2 General Setup and System Name44726.2.1 General Setup44726.3 Configuring Password44826.4 Time and Date44926.5 Pre-defined NTP Time Server Pools45226.5.1 Resetting the Time45226.5.2 Time Server Synchronization45226.6 Introduction To Transparent Bridging45326.7 Transparent Firewalls45426.8 Configuring Device Mode (Router)45426.9 Configuring Device Mode (Bridge)45526.10 F/W Upload Screen45726.11 Backup and Restore45926.11.1 Backup Configuration46026.11.2 Restore Configuration46026.11.3 Back to Factory Defaults46126.12 Restart Screen46126.13 Diagnostics462SMT465Introducing the SMT46727.1 Introduction to the SMT46727.2 Accessing the SMT via the Console Port46727.2.1 Initial Screen46727.2.2 Entering the Password46827.3 Navigating the SMT Interface46827.3.1 Main Menu46927.3.2 SMT Menus Overview47127.4 Changing the System Password47227.5 Resetting the ZyWALL473SMT Menu 1 - General Setup47528.1 Introduction to General Setup47528.2 Configuring General Setup47528.2.1 Configuring Dynamic DNS476WAN and Dial Backup Setup48129.1 Introduction to WAN and Dial Backup Setup48129.2 WAN Setup48129.3 Dial Backup48229.4 Configuring Dial Backup in Menu 248229.5 Advanced WAN Setup48329.6 Remote Node Profile (Backup ISP)48529.7 Editing TCP/IP Options48729.8 Editing Login Script48829.9 Remote Node Filter489LAN Setup49130.1 Introduction to LAN Setup49130.2 Accessing the LAN Menus49130.3 LAN Port Filter Setup49130.4 TCP/IP and DHCP Ethernet Setup Menu49230.4.1 IP Alias Setup495Internet Access49731.1 Introduction to Internet Access Setup49731.2 Ethernet Encapsulation49731.3 Configuring the PPTP Client49931.4 Configuring the PPPoE Client49931.5 Basic Setup Complete500DMZ Setup50132.1 Configuring DMZ Setup50132.2 DMZ Port Filter Setup50132.3 TCP/IP Setup50232.3.1 IP Address50232.3.2 IP Alias Setup503Wireless Setup50533.1 TCP/IP Setup50533.1.1 IP Address50533.1.2 IP Alias Setup506Remote Node Setup50934.1 Introduction to Remote Node Setup50934.2 Remote Node Setup50934.3 Remote Node Profile Setup50934.3.1 Ethernet Encapsulation51034.3.2 PPPoE Encapsulation51134.3.3 PPTP Encapsulation51334.4 Edit IP51434.5 Remote Node Filter51634.6 Traffic Redirect517IP Static Route Setup51935.1 IP Static Route Setup519Network Address Translation (NAT)52136.1 Using NAT52136.1.1 SUA (Single User Account) Versus NAT52136.1.2 Applying NAT52136.2 NAT Setup52336.2.1 Address Mapping Sets52336.3 Configuring a Server behind NAT52836.4 General NAT Examples53036.4.1 Internet Access Only53036.4.2 Example 2: Internet Access with a Default Server53236.4.3 Example 3: Multiple Public IP Addresses With Inside Servers53236.4.4 Example 4: NAT Unfriendly Application Programs53636.5 Trigger Port Forwarding53736.5.1 Two Points To Remember About Trigger Ports537Introducing the ZyWALL Firewall53937.1 Using ZyWALL SMT Menus53937.1.1 Activating the Firewall539Filter Configuration54138.1 Introduction to Filters54138.1.1 The Filter Structure of the ZyWALL54238.2 Configuring a Filter Set54438.2.1 Configuring a Filter Rule54638.2.2 Configuring a TCP/IP Filter Rule54638.2.3 Configuring a Generic Filter Rule54938.3 Example Filter55038.4 Filter Types and NAT55238.5 Firewall Versus Filters55238.5.1 Packet Filtering:55238.5.2 Firewall55338.6 Applying a Filter55338.6.1 Applying LAN Filters55438.6.2 Applying DMZ Filters55438.6.3 Applying Remote Node Filters555SNMP Configuration55739.1 SNMP Configuration55739.2 SNMP Traps558System Information & Diagnosis55940.1 Introduction to System Status55940.2 System Status55940.3 System Information and Console Port Speed56140.3.1 System Information56140.3.2 Console Port Speed56240.4 Log and Trace56240.4.1 Viewing Error Log56240.4.2 Syslog Logging56340.4.3 Call-Triggering Packet56640.5 Diagnostic56740.5.1 WAN DHCP568Firmware and Configuration File Maintenance57141.1 Introduction57141.2 Filename Conventions57141.3 Backup Configuration57241.3.1 Backup Configuration57241.3.2 Using the FTP Command from the Command Line57341.3.3 Example of FTP Commands from the Command Line57441.3.4 GUI-based FTP Clients57441.3.5 File Maintenance Over WAN57441.3.6 Backup Configuration Using TFTP57541.3.7 TFTP Command Example57541.3.8 GUI-based TFTP Clients57541.3.9 Backup Via Console Port57641.4 Restore Configuration57741.4.1 Restore Using FTP57741.4.2 Restore Using FTP Session Example57841.4.3 Restore Via Console Port57941.5 Uploading Firmware and Configuration Files57941.5.1 Firmware File Upload58041.5.2 Configuration File Upload58041.5.3 FTP File Upload Command from the DOS Prompt Example58141.5.4 FTP Session Example of Firmware File Upload58241.5.5 TFTP File Upload58241.5.6 TFTP Upload Command Example58341.5.7 Uploading Via Console Port58341.5.8 Uploading Firmware File Via Console Port58341.5.9 Example Xmodem Firmware Upload Using HyperTerminal58341.5.10 Uploading Configuration File Via Console Port58441.5.11 Example Xmodem Configuration Upload Using HyperTerminal585System Maintenance Menus 8 to 1058742.1 Command Interpreter Mode58742.1.1 Command Syntax58842.1.2 Command Usage58842.2 Call Control Support58942.2.1 Budget Management58942.2.2 Call History59042.3 Time and Date Setting591Remote Management59543.1 Remote Management59543.1.1 Remote Management Limitations597Call Scheduling59944.1 Introduction to Call Scheduling599Troubleshooting and Specifications603Troubleshooting60545.1 Power, Hardware Connections, and LEDs60545.2 ZyWALL Access and Login60645.3 Internet Access60845.4 Wireless Router/AP Troubleshooting61045.5 UPnP610Product Specifications61346.1 General ZyWALL Specifications61346.2 Cable Pin Assignments61546.3 Wall-mounting Instructions617Appendices and Index619Setting up Your Computer’s IP Address621Pop-up Windows, JavaScripts and Java Permissions637IP Addresses and Subnetting645Common Services653Importing Certificates657Legal Information669Customer Support673Index679Size: 21.3 MBPages: 686Language: EnglishOpen manual