User ManualTable of ContentsUsers Guide1About This User's Guide3Document Conventions5Safety Warnings7Contents Overview9Table of Contents11List of Figures29List of Tables43Getting Started51Introducing the ZyWALL531.1 Overview and Key Default Settings531.2 Front Panel LEDs531.3 Management Overview541.4 Starting and Stopping the ZyWALL55Features and Applications572.1 Features572.2 Packet Flow592.2.1 Interface to Interface (Through ZyWALL)592.2.2 Interface to Interface (To/From ZyWALL)602.2.3 Interface to Interface (From VPN Tunnel)602.2.4 Interface to Interface (To VPN Tunnel)602.3 Applications602.3.1 VPN Connectivity602.3.2 SSL VPN Network Access612.3.3 User-Aware Access Control622.3.4 Multiple WAN Interfaces622.3.5 Device HA63Web Configurator653.1 Web Configurator Requirements653.2 Web Configurator Access653.3 Web Configurator Main Screen673.3.1 Title Bar673.3.2 Navigation Panel683.3.3 Main Window723.3.4 Message Bar72Wizard Setup754.1 Wizard Setup Overview754.2 Installation Setup, One ISP764.3 Step 1 Internet Access774.3.1 Ethernet: Auto IP Address Assignment774.3.2 Ethernet: Static IP Address Assignment784.3.3 Step 2 Internet Access Ethernet794.3.4 PPPoE: Auto IP Address Assignment814.3.5 PPPoE: Static IP Address Assignment824.3.6 Step 2 Internet Access PPPoE844.3.7 PPTP: Auto IP Address Assignment854.3.8 PPTP: Static IP Address Assignment884.3.9 Step 2 Internet Access PPTP894.3.10 Step 4 Internet Access - Finish904.4 Device Registration914.5 Installation Setup, Two Internet Service Providers924.5.1 Internet Access Wizard Setup Complete944.6 VPN Setup944.7 VPN Wizards954.7.1 VPN Express Wizard954.8 VPN Express Wizard - Remote Gateway964.8.1 VPN Express Wizard - Policy Setting974.8.2 VPN Express Wizard - Summary984.8.3 VPN Express Wizard - Finish994.8.4 VPN Advanced Wizard1004.8.5 VPN Advanced Wizard - Remote Gateway1014.8.6 VPN Advanced Wizard - Phase 11024.8.7 VPN Advanced Wizard - Phase 21054.8.8 VPN Advanced Wizard - Summary1064.8.9 VPN Advanced Wizard - Finish106Configuration Basics1095.1 Object-based Configuration1095.2 Zones, Interfaces, and Physical Ports1105.2.1 Interface Types1105.2.2 Default Interface and Zone Configuration1115.3 Terminology in the ZyWALL1125.4 Feature Configuration Overview1135.4.1 Feature1135.4.2 Interface1145.4.3 Trunks1145.4.4 IPSec VPN1145.4.5 SSL VPN1155.4.6 L2TP VPN1155.4.7 Zones1155.4.8 Device HA1155.4.9 DDNS1165.4.10 Policy Routes1165.4.11 Static Routes1175.4.12 Firewall1175.4.13 Application Patrol1185.4.14 Anti-Virus1185.4.15 IDP1185.4.16 ADP1195.4.17 Content Filter1195.4.18 Anti-Spam1195.4.19 Virtual Server (Port Forwarding)1195.4.20 HTTP Redirect1205.4.21 ALG1205.5 Objects1215.5.1 User/Group1215.6 System Management and Maintenance1225.6.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM1225.6.2 File Manager1225.6.3 Licensing Registration1235.6.4 Licensing Update1235.6.5 Logs and Reports1235.6.6 Diagnostics123Tutorials1256.1 How to Configure Ethernet Interfaces and Port Roles1256.1.1 How to Configure a WAN Ethernet Interface1256.1.2 How to Configure the OPT Interface for a Local Network1266.1.3 How to Configure Port Roles1286.2 How to Configure a Cellular Interface1296.3 How to Set Up a WLAN Interface1316.3.1 How to Set Up User Accounts1316.3.2 How to Create the WLAN Interface1326.3.3 How to Set Up the Wireless Clients to Use the WLAN Interface1346.4 How to Set Up an IPSec VPN1446.4.1 How to Set Up the VPN Gateway1446.4.2 How to Set Up the VPN Connection1456.4.3 How to Set Up the Policy Route for the VPN Tunnel1466.4.4 How to Configure Security Policies for the VPN Tunnel1476.5 How to Configure User-aware Access Control1486.5.1 How to Set Up User Accounts1486.5.2 How to Set Up User Groups1486.5.3 How to Set Up User Authentication Using the RADIUS Server1496.5.4 How to Set Up Web Surfing Policies With Bandwidth Restrictions1506.5.5 How to Set Up MSN Policies1526.5.6 How to Set Up Firewall Rules1536.6 How to Configure Load Balancing1546.6.1 How to Set Up Available Bandwidth on Ethernet Interfaces1556.6.2 How to Configure the Load Balancing in the WAN Trunk1556.7 How to Configure Service Control1566.7.1 How to Allow HTTPS Administrator Access Only From the LAN1566.8 How to Allow Incoming H.323 Peer-to-peer Calls1596.8.1 How to Turn On the ALG1606.8.2 How to Set Up a Virtual Server Policy For H.3231606.8.3 How to Set Up a Firewall Rule For H.3231616.9 How to Use Device HA1626.9.1 Before You Start1636.9.2 How to Configure Device HA on the Master ZyWALL1636.9.3 How to Configure the Backup ZyWALL1656.9.4 How to Deploy the Backup ZyWALL1666.9.5 How to Check Your Device HA Setup1666.10 How to Allow Public Access to a Server1676.10.1 How to Create the Address Objects1676.10.2 How to Configure a Virtual Server168Status1717.1 Overview1717.1.1 What You Can Do in the Status Screens1717.2 The Status Screen1717.2.1 The CPU Usage Screen1757.2.2 The Memory Usage Screen1767.2.3 The Session Usage Screen1777.2.4 The VPN Status Screen1787.2.5 The DHCP Table Screen1797.2.6 The Port Statistics Screen1807.2.7 The Port Statistics Graph Screen1817.2.8 The Current Users Screen1827.2.9 The Cellular Status Detail Screen183Registration1858.1 Overview1858.1.1 What You Can Do in the Registration Screens1858.1.2 What you Need to Know About Service Registration1858.2 The Registration Screen1868.3 The Service Screen189Signature Update1919.1 Overview1919.1.1 What You Can Do in the Update Screens1919.1.2 What you Need to Know About Signature Updates1919.2 The Antivirus Update Screen1919.3 The IDP/AppPatrol Update Screen1939.4 The System Protect Update Screen194Network197Interface19910.1 Interface Overview19910.1.1 What You Can Do in the Interface Screens19910.1.2 What You Need to Know About Interfaces20010.2 The Interface Status Screen20210.3 The Port Role Screen20510.4 The Ethernet Summary Screen20610.4.1 The Ethernet Edit Screen20710.5 Interface Wizards21410.5.1 Interface Wizard: OPT Interface First Screen21410.5.2 Interface Wizard: WAN Type21510.5.3 Interface Wizard: Non-WAN OPT Interface Setup21510.5.4 Interface Wizard: WAN Zone and IP Address Assignment21610.5.5 Interface Wizard: WAN ISP Connection Settings21710.5.6 Interface Wizard: Summary (Non-WAN)21910.5.7 Interface Wizard: Summary (WAN)21910.6 The PPP Interfaces Screen22110.6.1 PPP Interface Edit Screen22210.7 Cellular Configuration Screen (3G)22610.7.1 Cellular Add/Edit Screen22810.8 Cellular Status Screen23110.9 WLAN Interface General Screen23310.9.1 WLAN Add/Edit Screen23510.9.2 WLAN Add/Edit Screen: WEP Security24110.9.3 WLAN Add/Edit Screen: WPA-PSK/WPA2-PSK Security24210.9.4 WLAN Add/Edit Screen: WPA/WPA2 Security24310.10 WLAN Interface MAC Filter Screen24510.10.1 MAC Filter Add/Edit Screen24510.11 WLAN Interface Station Monitor Screen24610.12 VLAN Interface Screen24710.12.1 Configuring the VLAN Summary Screen24910.12.2 Configuring the VLAN Add/Edit Screen25010.13 Bridge Interface Screen25510.13.1 Configuring the Bridge Summary Screen25610.13.2 Configuring the Bridge Add/Edit Screen25710.14 Auxiliary Interface Screen26110.15 Virtual Interface Screen26310.16 Interface Technical Reference265Trunks26911.1 Overview26911.1.1 What You Can Do in the Trunk Screens26911.1.2 What you Need to Know About Trunks26911.2 The Trunk Summary Screen27211.2.1 The Trunk Edit Screen27311.3 Trunk Technical Reference275Policy and Static Routes27712.1 Policy and Static Routes Overview27712.1.1 What You Can Do in the Policy and Static Route Screens27812.1.2 What You Need to Know About Policy and Static Routing27812.2 Policy Route Screen27912.2.1 Policy Route Edit Screen28112.3 IP Static Route Screen28312.3.1 Static Route Add/Edit Screen28412.4 Policy Routing Technical Reference285Routing Protocols28713.1 Routing Protocols Overview28713.1.1 What You Can Do in the RIP and OSPF Screens28713.1.2 What You Need to Know About Routing Protocols28713.2 The RIP Screen28813.3 The OSPF Screen28913.3.1 Configuring the OSPF Screen29213.3.2 OSPF Area Add/Edit Screen29313.4 Routing Protocol Technical Reference295Zones29914.1 Zones Overview29914.1.1 What You Can Do in the Zones Screens29914.1.2 What You Need to Know About Zones30014.2 The Zone Screen30014.2.1 The Zone Edit Screen301DDNS30315.1 DDNS Overview30315.1.1 What You Can Do in the DDNS Screens30315.1.2 What You Need to Know About DDNS30315.2 The DDNS Screen30415.2.1 The Dynamic DNS Add/Edit Screen30515.3 The DDNS Status Screen307Virtual Servers30916.1 Virtual Servers Overview30916.1.1 What You Can Do in the Virtual Server Screens30916.1.2 What You Need to Know About Virtual Servers30916.2 The Virtual Server Screen31016.2.1 The Virtual Server Add/Edit Screen31116.3 NAT 1:1 and NAT Loopback Examples313HTTP Redirect32117.1 Overview32117.1.1 What You Can Do in the HTTP Redirect Screens32117.1.2 What You Need to Know About HTTP Redirect32217.2 The HTTP Redirect Screen32217.2.1 The HTTP Redirect Edit Screen323ALG32518.1 ALG Overview32518.1.1 What You Can Do in the ALG Screen32518.1.2 What You Need to Know About ALG32618.1.3 Before You Begin32818.2 The ALG Screen32818.3 ALG Technical Reference330Firewall333Firewall33519.1 Overview33519.1.1 What You Can Do in the Firewall Screens33519.1.2 What You Need to Know About the Firewall33619.1.3 Firewall Rule Example Applications33819.1.4 Firewall Rule Configuration Example34019.2 The Firewall Screen34319.2.1 Configuring the Firewall Screen34319.2.2 The Firewall Edit Screen346VPN349IPSec VPN35120.1 IPSec VPN Overview35120.1.1 What You Can Do in the IPSec VPN Screens35120.1.2 What You Need to Know About IPSec VPN35220.1.3 Before You Begin35220.2 The VPN Connection Screen35320.2.1 The VPN Connection Add/Edit (IKE) Screen35520.2.2 The VPN Connection Add/Edit Manual Key Screen36020.3 The VPN Gateway Screen36320.3.1 The VPN Gateway Add/Edit Screen36420.4 The VPN Concentrator Screen36920.4.1 The VPN Concentrator Add/Edit Screen37020.5 The SA Monitor Screen37120.6 IPSec VPN Background Information373SSL VPN38521.1 Overview38521.1.1 What You Can Do in the SSL VPN Screens38521.1.2 What You Need to Know About SSL VPN38521.2 The SSL Access Privilege Screen38721.2.1 The SSL Access Policy Add/Edit Screen38721.3 The SSL Connection Monitor Screen38921.4 The SSL Global Setting Screen39021.4.1 How to Upload a Custom Logo39221.5 Establishing an SSL VPN Connection392SSL User Screens39522.1 Overview39522.1.1 What You Need to Know About the SSL User Screens39522.2 Remote User Login39622.3 The SSL VPN User Screens39822.4 Bookmarking the ZyWALL39922.5 Logging Out of the SSL VPN User Screens399SSL User Application Screens40123.1 SSL User Application Screens Overview40123.2 The Application Screen401SSL User File Sharing40324.1 Overview40324.1.1 What You Need to Know About the SSL VPN File Sharing40324.2 The Main File Sharing Screen40324.3 Opening a File or Folder40424.3.1 Downloading a File40524.3.2 Saving a File40524.4 Creating a New Folder40624.5 Renaming a File or Folder40624.6 Deleting a File or Folder40724.7 Uploading a File408L2TP VPN40925.1 Overview40925.1.1 What You Can Do in the L2TP VPN Screens40925.1.2 What You Need to Know About L2TP VPN40925.2 L2TP VPN Screen41125.3 L2TP VPN Session Monitor Screen412L2TP VPN Example41526.1 L2TP VPN Example41526.2 Configuring the Default L2TP VPN Gateway Example41526.3 Configuring the Default L2TP VPN Connection Example41626.4 Configuring the L2TP VPN Settings Example41826.5 Configuring the Policy Route for L2TP Example41826.6 Configuring L2TP VPN in Windows XP and 200041926.6.1 Configuring L2TP in Windows XP41926.6.2 Configuring L2TP in Windows 2000425Application Patrol441Application Patrol44327.1 Overview44327.1.1 What You Can Do in the Application Patrol Screens44327.1.2 What You Need to Know About Application Patrol44427.1.3 Application Patrol Bandwidth Management Examples44827.2 Application Patrol General Screen45127.3 Application Patrol Applications45327.3.1 The Application Patrol Edit Screen45427.3.2 The Application Patrol Policy Edit Screen45627.4 The Other Applications Screen45827.4.1 The Other Applications Add/Edit Screen46027.5 Application Patrol Statistics46227.5.1 Application Patrol Statistics: General Setup46227.5.2 Application Patrol Statistics: Bandwidth Statistics46327.5.3 Application Patrol Statistics: Protocol Statistics464Anti-X467Anti-Virus46928.1 Overview46928.1.1 What You Can Do in the Anti-Virus Screens46928.1.2 What You Need to Know About Anti-Virus47028.1.3 Before You Begin47128.2 Anti-Virus Summary Screen47128.2.1 Anti-Virus Policy Add or Edit Screen47328.3 Anti-Virus Black List47528.4 Anti-Virus Black List or White List Add/Edit47628.5 Anti-Virus White List47728.6 Signature Searching47828.7 Anti-Virus Technical Reference480IDP48329.1 Overview48329.1.1 What You Can Do Using the IDP Screens48329.1.2 What You Need To Know About IDP48329.1.3 Before You Begin48429.2 The IDP General Screen48429.2.1 Configuring IDP Policies48629.3 Introducing IDP Profiles48729.3.1 Base Profiles48729.4 The Profile Summary Screen48829.5 Creating New Profiles48929.5.1 Procedure To Create a New Profile48929.6 Profiles: Packet Inspection49029.6.1 Profile > Group View Screen49029.6.2 Policy Types49329.6.3 IDP Service Groups49429.6.4 Profile > Query View Screen49529.6.5 Query Example49729.7 Introducing IDP Custom Signatures49829.7.1 IP Packet Header49829.8 Configuring Custom Signatures50029.8.1 Creating or Editing a Custom Signature50129.8.2 Custom Signature Example50529.8.3 Applying Custom Signatures50829.8.4 Verifying Custom Signatures50829.9 IDP Technical Reference509ADP51330.1 Overview51330.1.1 ADP and IDP Comparison51330.1.2 What You Can Do Using the ADP Screens51330.1.3 What You Need To Know About ADP51330.1.4 Before You Begin51430.2 The ADP General Screen51430.2.1 Configuring ADP Policies51530.3 The Profile Summary Screen51630.3.1 Base Profiles51630.3.2 Configuring The ADP Profile Summary Screen51730.3.3 Creating New ADP Profiles51730.3.4 Traffic Anomaly Profiles51830.3.5 Protocol Anomaly Profiles52030.3.6 Protocol Anomaly Configuration52130.4 Technical Reference523Content Filtering53131.1 Overview53131.1.1 What You Can Do in the Content Filter Screens53131.1.2 What You Need to Know About Content Filtering53131.1.3 Before You Begin53231.2 Content Filter General Screen53331.3 Content Filter Policy Add or Edit Screen53531.4 Content Filter Profile Screen53631.5 Content Filter Categories Screen53631.6 Content Filter Customization Screen54331.7 Content Filter Cache Screen54631.8 Content Filter Technical Reference548Content Filter Reports55132.1 Overview55132.2 Viewing Content Filter Reports55132.3 Web Site Submission556Anti-Spam55933.1 Overview55933.1.1 What You Can Do in the Anti-Spam Screens55933.1.2 What You Need to Know About Anti-Spam55933.2 Before You Begin56133.3 The Anti-Spam General Screen56133.3.1 The Anti-Spam Policy Add or Edit Screen56333.4 The Anti-Spam Black List Screen56433.4.1 The Anti-Spam Black or White List Add/Edit Screen56533.4.2 Regular Expressions in Black or White List Entries56733.5 The Anti-Spam White List Screen56733.6 The DNSBL Screen56833.6.1 The DNSBL Add/Edit Screen57033.7 The Anti-Spam Status Screen571Device HA573Device HA57534.1 Overview57534.1.1 What You Can Do in the Device HA Screens57534.1.2 What You Need to Know About Device HA57534.1.3 Before You Begin57634.2 Device HA General57634.3 The Active-Passive Mode Screen57834.3.1 Configuring Active-Passive Mode Device HA57934.4 Configuring an Active-Passive Mode Monitored Interface58234.5 The Legacy Mode Screen58334.6 Configuring the Legacy Mode Screen58334.7 The Legacy Mode Add/Edit Screen58534.8 Device HA Technical Reference587Objects591User/Group59335.1 Overview59335.1.1 What You Can Do Using The User/Group Screens59335.1.2 What You Need To Know About User/Groups59335.2 User Summary Screen59535.2.1 User Add/Edit Screen59635.3 User Group Summary Screen59835.3.1 Group Add/Edit Screen59835.4 Setting Screen59935.4.1 Force User Authentication Policy Add/Edit Screen60235.4.2 User Aware Login Example60335.5 User /Group Technical Reference604Addresses60736.1 Overview60736.1.1 What You Can Do Using The Addresses Screens60736.1.2 What You Need To Know About Addresses /Groups60736.2 Address Summary Screen60736.2.1 Address Add/Edit Screen60836.3 Address Group Summary Screen60936.3.1 Address Group Add/Edit Screen610Services61337.1 Overview61337.1.1 What You Can Do in the Services Screens61337.1.2 What You Need to Know About Protocols61337.2 The Service Summary Screen61437.2.1 The Service Add/Edit Screen61537.3 The Service Group Summary Screen61637.3.1 The Service Group Add/Edit Screen617Schedules61938.1 Overview61938.1.1 What You Can Do in the Schedule Screens61938.1.2 What You Need to Know About Schedules61938.2 The Schedule Summary Screen62038.2.1 The One-Time Schedule Add/Edit Screen62138.2.2 The Recurring Schedule Add/Edit Screen622AAA Server62539.1 Overview62539.1.1 Directory Service (AD/LDAP) Overview62539.1.2 RADIUS Server Overview62539.1.3 ASAS62639.1.4 What You Can Do Using The AAA Screens62639.1.5 What You Need To Know About AAA Servers62639.2 Active Directory or LDAP Default Server Screen62739.2.1 Configuring Active Directory or LDAP Default Server Settings62839.3 Active Directory or LDAP Group Summary Screen62939.3.1 Creating an Active Directory or LDAP Group62939.4 Configuring a Default RADIUS Server63139.5 Configuring a Group of RADIUS Servers63239.5.1 Adding a RADIUS Server Member632Authentication Method63540.1 Overview63540.1.1 What You Can Do Using The Auth. Method Screens63540.1.2 Before You Begin63540.1.3 Example: Selecting a VPN Authentication Method63540.2 Viewing Authentication Method Objects63640.3 Creating an Authentication Method Object637Certificates63941.1 Overview63941.1.1 What You Can Do in the Certificate Screens63941.1.2 What You Need to Know About Certificates63941.1.3 Verifying a Certificate64141.2 The My Certificates Screen64241.2.1 The My Certificates Add Screen64341.2.2 The My Certificates Edit Screen64641.2.3 The My Certificates Import Screen64941.3 The Trusted Certificates Screen65041.3.1 The Trusted Certificates Edit Screen65141.3.2 The Trusted Certificates Import Screen65441.4 Certificates Technical Reference655SSL Application65742.1 Overview65742.1.1 What You Can Do in the SSL Application Screens65742.1.2 What You Need to Know About SSL Application Objects65742.1.3 Example: Specifying a Web Site for Access65742.2 The SSL Application Screen65842.2.1 Creating/Editing a Web-based SSL Application Object65942.2.2 Creating/Editing a File Sharing SSL Application Object660System663System66543.1 Overview66543.1.1 What You Can Do In The System Screens66543.2 Host Name66643.3 Date and Time66643.3.1 Pre-defined NTP Time Servers List66843.3.2 Time Server Synchronization66943.4 Console Port Speed67043.5 DNS Overview67043.5.1 DNS Server Address Assignment67043.5.2 Configuring the DNS Screen67143.5.3 Address Record67343.5.4 PTR Record67343.5.5 Adding an Address/PTR Record67343.5.6 Domain Zone Forwarder67443.5.7 Adding a Domain Zone Forwarder67443.5.8 MX Record67543.5.9 Adding a MX Record67543.5.10 Adding a DNS Service Control Rule67643.6 WWW Overview67643.6.1 Service Access Limitations67743.6.2 System Timeout67743.6.3 HTTPS67843.6.4 Configuring WWW67943.6.5 Service Control Rules68143.6.6 HTTPS Example68243.7 SSH68943.7.1 How SSH Works69043.7.2 SSH Implementation on the ZyWALL69143.7.3 Requirements for Using SSH69143.7.4 Configuring SSH69143.7.5 Secure Telnet Using SSH Examples69243.8 Telnet69343.8.1 Configuring Telnet69343.9 FTP69443.9.1 Configuring FTP69543.10 SNMP69643.10.1 Supported MIBs69743.10.2 SNMP Traps69743.10.3 Configuring SNMP69843.11 Dial-in Management69943.11.1 Configuring Dial-in Mgmt69943.12 Vantage CNM70043.12.1 Configuring Vantage CNM70043.13 Language Screen702Maintenance, Troubleshooting, & Specifications703File Manager70544.1 Overview70544.1.1 What You Can Do in the File Manager Screens70544.1.2 What you Need to Know About the File Manager70544.2 The Configuration File Screen70744.3 The Firmware Package Screen71044.4 The Shell Script Screen712Logs71545.1 Overview71545.2 What You Can Do In The Log Screens71545.3 View Log Screen71545.4 Log Setting Screens71745.4.1 Log Setting Summary71845.4.2 Edit System Log Settings71945.4.3 Edit Remote Server Log Settings72245.4.4 Active Log Summary Screen724Reports72746.1 Overview72746.1.1 What You Can Do in the Report Screens72746.2 The Traffic Statistics Screen72746.3 The Session Screen73046.4 The Anti-Virus Report Screen73246.5 The IDP Report Screen73346.6 The Anti-Spam Report Screen73546.7 The Email Daily Report Screen737Diagnostics74147.1 The Diagnostics Screen741Reboot74348.1 Overview74348.1.1 What You Need To Know About Reboot74348.2 The Reboot Screen743Troubleshooting74549.1 Resetting the ZyWALL74849.2 Getting More Troubleshooting Help748Product Specifications74950.1 General Specifications74950.2 3G or WLAN PCMCIA Card Installation75450.3 Power Adaptor Specifications754Appendices and Index757Log Descriptions759Common Services815Displaying Anti-Virus Alert Messages in Windows819Importing Certificates825Wireless LANs831Open Software Announcements845Legal Information873Customer Support877Index883Size: 20.2 MBPages: 902Language: EnglishOpen manual