User ManualTable of ContentsUser’s Guide1About This User's Guide3Document Conventions4Safety Warnings6Contents Overview9Table of Contents11List of Figures29List of Tables41Introduction49Getting to Know Your ZyWALL511.1 ZyWALL Internet Security Appliance Overview511.2 ZyWALL Features511.3 Applications for the ZyWALL521.3.1 Secure Broadband Internet Access via Cable or DSL Modem521.3.2 VPN Application531.3.3 3G WAN Application (ZyWALL 5 Only)531.4 Ways to Manage the ZyWALL541.5 Good Habits for Managing the ZyWALL54Hardware Installation552.1 General Installation Instructions552.2 Desktop Installation552.3 Rack-mounted Installation Requirements562.4 Rack-Mounted Installation572.5 3G Card, WLAN Card and ZyWALL Turbo Card Installation582.6 Front Panel Lights59Introducing the Web Configurator613.1 Web Configurator Overview613.2 Accessing the ZyWALL Web Configurator613.3 Resetting the ZyWALL633.3.1 Procedure To Use The Reset Button633.3.2 Uploading a Configuration File Via Console Port633.4 Navigating the ZyWALL Web Configurator643.4.1 Title Bar643.4.2 Main Window653.4.3 HOME Screen: Router Mode653.4.4 HOME Screen: Bridge Mode713.4.5 Navigation Panel743.4.6 Port Statistics803.4.7 Show Statistics: Line Chart813.4.8 DHCP Table823.4.9 VPN Status833.4.10 Bandwidth Monitor84Wizard Setup874.1 Wizard Setup Overview874.2 Internet Access884.2.1 ISP Parameters884.2.2 Internet Access Wizard: Second Screen924.2.3 Internet Access Wizard: Registration934.2.4 Internet Access Wizard: Status944.2.5 Internet Access Wizard: Service Activation954.3 VPN Wizard Gateway Setting964.4 VPN Wizard Network Setting974.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1)994.6 VPN Wizard IPSec Setting (IKE Phase 2)1004.7 VPN Wizard Status Summary1024.8 VPN Wizard Setup Complete1044.9 Anti-Spam Wizard: Email Server Location Setting1044.10 Anti-Spam Wizard: Direction Recommendations1054.11 Anti-Spam Wizard: Direction Configuration1064.12 Anti-Spam Wizard: Setup Complete108Tutorials1095.1 Dynamic VPN Rule Configuration1095.1.1 Configure Bob’s User Account1105.1.2 VPN Gateway and Network Policy Configuration1105.1.3 Configure Zero Configuration Mode on ZyWALL B1165.1.4 Testing Your VPN Configuration1175.1.5 Using the Dynamic VPN Rule for More VPN Tunnels1195.2 Security Settings for VPN Traffic1195.2.1 IDP for From VPN Traffic Example1205.2.2 IDP for To VPN Traffic Example1215.3 Firewall Rule for VPN Example1225.3.1 Configuring the VPN Rule1235.3.2 Configuring the Firewall Rules1275.4 How to Set up a 3G WAN Connection1305.4.1 Inserting a 3G Card1305.4.2 Configuring 3G WAN Settings1315.4.3 Checking WAN Connections1325.5 Configuring Load Balancing1325.6 Configuring Content Filtering1335.6.1 Enable Content Filtering1335.6.2 Block Categories of Web Content1345.6.3 Assign Bob’s Computer a Specific IP Address1365.6.4 Create a Content Filter Policy for Bob1365.6.5 Set the Content Filter Schedule1375.6.6 Block Categories of Web Content for Bob138Registration Screens1416.1 Overview1416.1.1 What You Can Do in the Registration Screens1416.1.2 What You Need to Know About Registration1416.2 The Registration Screen1426.3 The Service Screen144Network147LAN Screens1497.1 Overview1497.1.1 What You Can Do in The LAN Screens1497.1.2 What You Need to Know About LAN1507.2 The LAN Screen1527.3 The LAN Static DHCP Screen1557.4 The LAN IP Alias Screen1567.5 The LAN Port Roles Screen158Bridge Screens1618.1 Overview1618.1.1 What You Can Do in the Bridge Screens1618.1.2 What You Need To Know About Bridging1628.2 The Bridge Screen1638.3 The Bridge Port Roles Screen1648.4 Bridge Technical Reference166WAN Screens1699.1 Overview1699.1.1 What You Can Do in the WAN Screens1709.1.2 What You Need to Know About WAN1709.1.3 Before You Begin1729.2 The General Screen1729.2.1 Configuring the General Screen1739.2.2 Configuring Load Balancing1779.2.3 Least Load First1779.2.4 Weighted Round Robin1799.2.5 Spillover1809.3 The WAN1 and WAN2 Screen1829.3.1 WAN Ethernet Encapsulation1839.3.2 PPPoE Encapsulation1869.3.3 PPTP Encapsulation1899.4 The 3G (WAN2) Screen1929.5 The Traffic Redirect Screen1979.6 Configuring the Traffic Redirect Screen1989.7 The Dial Backup Screen1999.7.1 The Advanced Modem Setup Screen2019.7.2 Configuring the Advanced Modem Setup Screen2029.8 WAN Technical Reference204DMZ Screens20710.1 Overview20710.1.1 What You Can Do in the DMZ Screens20710.1.2 What You Need To Know About DMZ20810.1.3 DMZ Public IP Address Example20810.1.4 DMZ Private and Public IP Address Example20910.2 The DMZ Screen21010.3 The Static DHCP Screen21310.4 The IP Alias Screen21410.5 The DMZ Port Roles Screen216WLAN Screens21911.1 Overview21911.1.1 What You Can Do in the WLAN Screens21911.1.2 What You Need to Know About WLAN22011.2 The WLAN Screen22011.3 WLAN Static DHCP22311.4 WLAN IP Alias22411.5 WLAN Port Roles226Wireless Screens22912.1 Overview22912.1.1 What You Can Do in the Wireless Screens22912.1.2 What You Need to Know22912.2 Wireless Card23212.2.1 Static WEP23412.2.2 WPA-PSK23512.2.3 WPA23712.2.4 IEEE 802.1x + Dynamic WEP23812.2.5 IEEE 802.1x + Static WEP23912.2.6 IEEE 802.1x + No WEP24012.2.7 No Access 802.1x + Static WEP24112.2.8 No Access 802.1x + No WEP24212.3 MAC Filter24312.4 Technical Reference244Security249Firewall Screens25113.1 Overview25113.1.1 What You Can Do Using the Firewall Screens25213.1.2 What You Need To Know About the ZyWALL Firewall25213.1.3 Before You Begin25213.2 Firewall Rules Example25213.3 The Firewall Default Rule Screen25413.4 The Firewall Default Rule (Bridge Mode) Screen25613.5 The Firewall Rule Summary Screen25913.5.1 The Firewall Edit Rule Screen26013.6 The Anti-Probing Screen26313.7 The Firewall Thresholds Screen26413.8 The Firewall Services Screen26613.8.1 The Firewall Edit Custom Service Screen26713.8.2 My Service Firewall Rule Example26813.9 Technical Reference271Intrusion Detection and Prevention (IDP) Screens27714.1 Overview27714.1.1 What You Can Do Using the IDP Screens27714.1.2 What You Need To Know About the ZyWALL IDP27814.1.3 Before You Begin27914.2 The General Setup Screen27914.3 The Signatures Screen28114.3.1 Attack Types28114.3.2 Intrusion Severity28214.3.3 Signature Actions28214.3.4 Configuring The IDP Signatures Screen28314.3.5 The Query View Screen28414.4 The Anomaly Screen28914.5 The Update Screen29114.5.1 mySecurityZone29114.5.2 Configuring The IDP Update Screen29214.6 The Backup and Restore Screen29314.7 Technical Reference294Anti-Virus Screens29915.1 Overview29915.1.1 What You Can Do in the Antivirus Screens29915.1.2 What You Need to Know About Antivirus30015.2 The General Screen30115.3 The Signature Screen30315.3.1 Signature Search Example30515.4 The Update Screen30615.4.1 mySecurityZone30715.4.2 Configuring Anti-virus Update30715.5 The Backup and Restore Screen30915.6 Technical Reference310Anti-Spam Screens31316.1 Overview31316.1.1 What You Can Do in the Antispam Screens31316.1.2 What You Need to Know About Antispam31416.2 The General Screen31516.3 The External DB Screen31816.4 The Lists Screen32016.5 Anti-Spam Lists Edit Screen32216.6 Technical Reference324Content Filtering Screens32717.1 Overview32717.1.1 What You Can Do in the Content Filtering Screens32717.1.2 What You Need to Know About Content Filtering32717.2 General Screen32817.3 The Policy Screen33117.4 Content Filter Policy: General33217.5 Content Filter Policy: External Database33417.6 Content Filter Policy: Customization34117.7 Content Filter Policy: Schedule34217.8 Content Filter Object34317.9 Content Filtering Cache346Content Filtering Reports34918.1 Overview34918.2 Checking Content Filtering Activation34918.3 Viewing Content Filtering Reports34918.4 Web Site Submission354IPSec VPN35719.1 Overview35719.1.1 What You Can Do in the IPSec VPN Screens35719.1.2 What You Need to Know About IPSec VPN35819.2 The VPN Rules (IKE) Screen36019.3 The VPN Rules (IKE) Gateway Policy Edit Screen36119.4 The Network Policy Edit Screen36719.5 The Network Policy Edit: Port Forwarding Screen37219.6 The Network Policy Move Screen37419.7 The VPN Rules (Manual) Screen37519.8 The VPN Rules (Manual): Edit Screen37619.9 The VPN SA Monitor Screen37919.10 The VPN Global Setting Screen37919.11 Telecommuter VPN/IPSec Examples38219.11.1 Telecommuters Sharing One VPN Rule Example38319.11.2 Telecommuters Using Unique VPN Rules Example38319.12 VPN and Remote Management38519.13 Hub-and-spoke VPN38519.13.1 Hub-and-spoke VPN Example38619.13.2 Hub-and-spoke Example VPN Rule Addresses38719.13.3 Hub-and-spoke VPN Requirements and Suggestions38719.14 IPSec VPN Background Information388Certificates39920.1 Overview39920.1.1 What You Can Do in the Certificate Screens39920.1.2 What You Need to Know About Certificates39920.1.3 Verifying a Certificate40020.2 The My Certificates Screen40120.2.1 The My Certificate Details Screen40320.3 The My Certificate Export Screen40620.4 The My Certificate Import Screen40720.4.1 Using the My Certificate Import Screen40720.5 The My Certificate Create Screen40920.6 The Trusted CAs Screen41320.7 The Trusted CA Details Screen41520.8 The Trusted CA Import Screen41820.9 The Trusted Remote Hosts Screen41920.10 The Trusted Remote Hosts Import Screen42120.11 The Trusted Remote Host Certificate Details Screen42220.12 The Directory Servers Screen42420.13 The Directory Server Add or Edit Screen425Authentication Server Screens42721.1 Overview42721.1.1 What You Can Do in the Authentication Server Screens42721.1.2 What You Need To Know About Authentication Server42721.2 The Local User Database Screen42821.3 The RADIUS Screen430Advanced433Network Address Translation (NAT)43522.1 Overview43522.1.1 What You Can Do Using the NAT Screens43522.1.2 What You Need To Know About NAT43522.1.3 Before You Begin43622.2 The NAT Overview Screen43622.3 The NAT Address Mapping Screen43822.3.1 NAT Address Mapping Edit44022.4 The Port Forwarding Screen44122.4.1 Default Server IP Address44122.4.2 Port Forwarding: Services and Port Numbers44222.4.3 Configuring Servers Behind Port Forwarding (Example)44222.4.4 NAT and Multiple WAN44222.4.5 Port Translation44322.4.6 Configuring The Port Forwarding Screen44322.5 The Port Triggering Screen44522.5.1 Configuring Port Triggering44622.6 Technical Reference447Static Route Screens45123.1 Overview45123.1.1 What You Can Do in the Static Route Screens45123.2 The IP Static Route Screen45223.2.1 The IP Static Route Edit Screen454Policy Route Screens45724.1 Overview45724.1.1 What You Can Do in the Policy Route Screens45724.1.2 What You Need To Know About Policy Route45724.2 The Policy Route Summary Screen45824.2.1 The Policy Route Edit Screen460Bandwidth Management Screens46525.1 Overview46525.1.1 What You Can Do in the Bandwidth Management Screens46525.1.2 What You Need to Know About Bandwidth Management46525.1.3 Application and Subnet-based Bandwidth Management Example46625.1.4 Over Allotment of Bandwidth Example46725.1.5 Maximize Bandwidth Usage With Bandwidth Borrowing Example46725.2 The Summary Screen46725.2.1 Maximize Bandwidth Usage Example47025.2.2 Reserving Bandwidth for Non-Bandwidth Class Traffic47125.3 The Class Setup Screen47125.4 Bandwidth Manager Class Configuration47325.4.1 Bandwidth Borrowing Example47625.5 Bandwidth Management Statistics47725.6 The Monitor Screen478DNS Screens47926.1 Overview47926.1.1 What You Can Do in the DNS Screens47926.1.2 What You Need To Know About DNS47926.2 The System Screen48126.2.1 The Add Address Record Screen48326.2.2 The Insert Name Server Record Screen48426.3 The DNS Cache Screen48526.4 The DHCP Screen48726.5 The DDNS Screen48826.6 Configuring the Dynamic DNS Screen489Remote Management Screens49127.1 Overview49127.1.1 What You Can Do in the Remote Management Screens49127.1.2 What You Need To Know About Remote Management49227.2 HTTPS Example49327.2.1 Internet Explorer Warning Messages49327.2.2 Netscape Navigator Warning Messages49327.2.3 Avoiding the Browser Warning Messages49427.2.4 Login Screen49527.2.5 Enrolling and Importing SSL Client Certificates (Example)49627.2.6 Installing the CA’s Certificate (Example)49727.2.7 Installing Your Personal Certificate(s) (Example)49827.2.8 Using a Certificate When Accessing the ZyWALL (Example)50127.2.9 Secure Telnet Using SSH Examples50227.3 The WWW Screen50427.4 Configuring the WWW Screen50527.5 The SSH Screen50727.6 Configuring the SSH Screen50727.7 The Telnet Screen50827.8 The FTP Screen50927.9 The SNMP Screen51027.9.1 Configuring the SNMP Screen51227.10 The DNS Screen51327.11 The CNM Screen51427.12 Configuring the CNM Screen51427.13 Remote Management Technical Reference516UPnP Screens51928.1 Overview51928.1.1 What You Can Do in the UPnP Screens51928.1.2 What You Need To Know About UPnP51928.2 UPnP Examples52028.2.1 Installing UPnP in Windows Example52028.2.2 Using UPnP in Windows XP Example52228.3 The UPnP Screen52628.4 The Ports Screen527Custom Application Screen52929.1 Overview52929.1.1 What You Can Do in the Custom Application Screen52929.1.2 What You Need to Know About Custom Application52929.2 The Custom Application Screen529ALG Screen53130.1 Overview53130.1.1 What You Need to Know About ALG53130.2 The ALG Screen535Reports, Logs and Maintenance537Reports Screens53931.1 Overview53931.1.1 What You Can Do in the Reports Screens53931.2 The Traffic Statistics Screen53931.2.1 Viewing Web Site Hits54131.2.2 Viewing Host IP Address54231.2.3 Viewing Protocol/Port54331.2.4 System Reports Specifications54531.3 The IDP Screen54531.4 The Anti-Virus Screen54731.5 The Anti-Spam Screen54931.6 The E-mail Report Screen551Logs Screens55532.1 Overview55532.1.1 What You Can Do in the Log Screens55532.1.2 What You Need To Know About Logs55532.2 The View Log Screen55532.2.1 Log Description Example55632.2.2 About the Certificate Not Trusted Log55732.3 The Log Settings Screen55832.4 Technical Reference561Maintenance Screens58533.1 Overview58533.1.1 What You Can Do in the Maintenance Screens58533.2 The General Setup Screen58533.3 The Password Screen58633.4 The Time and Date Screen58733.4.1 Time Server Synchronization Example59033.5 The Device Mode Screen59133.6 Configuring the Device Mode Screen (Router)59233.7 Configuring the Device Mode Screen (Bridge)59333.8 The F/W Upload Screen59533.9 The Backup and Restore Screen59733.10 The Restart Screen59933.11 The Diagnostics Screen599SMT603Introducing the SMT60534.1 Introduction to the SMT60534.2 Accessing the SMT via the Console Port60534.2.1 Initial Screen60534.2.2 Entering the Password60634.3 Navigating the SMT Interface60634.3.1 Main Menu60734.3.2 SMT Menus Overview60934.4 Changing the System Password61034.5 Resetting the ZyWALL611SMT Menu 1 - General Setup61335.1 Introduction to General Setup61335.2 Configuring General Setup61335.2.1 Configuring Dynamic DNS615WAN and Dial Backup Setup61936.1 Introduction to WAN and Dial Backup Setup61936.2 WAN Setup61936.3 Dial Backup62036.3.1 Configuring Dial Backup in Menu 262036.3.2 Advanced WAN Setup62136.3.3 Remote Node Profile (Backup ISP)62336.3.4 Editing TCP/IP Options62536.3.5 Editing Login Script62636.3.6 Remote Node Filter62836.3.7 3G Modem Setup62936.3.8 Remote Node Profile (3G WAN)630LAN Setup63337.1 Introduction to LAN Setup63337.2 Accessing the LAN Menus63337.3 LAN Port Filter Setup63337.4 TCP/IP and DHCP Ethernet Setup Menu63437.4.1 IP Alias Setup636Internet Access63938.1 Introduction to Internet Access Setup63938.2 Ethernet Encapsulation63938.3 Configuring the PPTP Client64138.4 Configuring the PPPoE Client64238.5 Basic Setup Complete643DMZ Setup64539.1 Configuring DMZ Setup64539.2 DMZ Port Filter Setup64539.3 TCP/IP Setup64639.3.1 IP Address64639.3.2 IP Alias Setup647Route Setup64940.1 Configuring Route Setup64940.2 Route Assessment64940.3 Traffic Redirect65040.4 Route Failover651Wireless Setup65341.1 Wireless LAN Setup65341.1.1 MAC Address Filter Setup65541.2 TCP/IP Setup65641.2.1 IP Address65641.2.2 IP Alias Setup657Remote Node Setup65942.1 Introduction to Remote Node Setup65942.2 Remote Node Setup65942.3 Remote Node Profile Setup66042.3.1 Ethernet Encapsulation66042.3.2 PPPoE Encapsulation66142.3.3 PPTP Encapsulation66342.4 Edit IP66442.5 Remote Node Filter666IP Static Route Setup66943.1 IP Static Route Setup669Network Address Translation (NAT)67344.1 Using NAT67344.1.1 SUA (Single User Account) Versus NAT67344.1.2 Applying NAT67344.2 NAT Setup67544.2.1 Address Mapping Sets67644.3 Configuring a Server behind NAT68144.4 General NAT Examples68344.4.1 Internet Access Only68344.4.2 Example 2: Internet Access with a Default Server68544.4.3 Example 3: Multiple Public IP Addresses With Inside Servers68544.4.4 Example 4: NAT Unfriendly Application Programs68944.5 Trigger Port Forwarding69044.5.1 Two Points To Remember About Trigger Ports690Introducing the ZyWALL Firewall69345.1 Using ZyWALL SMT Menus69345.1.1 Activating the Firewall693Filter Configuration69546.1 Introduction to Filters69546.1.1 The Filter Structure of the ZyWALL69646.2 Configuring a Filter Set69846.2.1 Configuring a Filter Rule69946.2.2 Configuring a TCP/IP Filter Rule70046.2.3 Configuring a Generic Filter Rule70246.3 Example Filter70446.4 Filter Types and NAT70646.5 Firewall Versus Filters70646.5.1 Packet Filtering:70646.5.2 Firewall70746.6 Applying a Filter70746.6.1 Applying LAN Filters70846.6.2 Applying DMZ Filters70846.6.3 Applying Remote Node Filters709SNMP Configuration71147.1 SNMP Configuration71147.2 SNMP Traps712System Information & Diagnosis71348.1 Introduction to System Status71348.2 System Status71348.3 System Information and Console Port Speed71548.3.1 System Information71548.3.2 Console Port Speed71648.4 Log and Trace71748.4.1 Viewing Error Log71748.4.2 Syslog Logging71848.4.3 Call-Triggering Packet72148.5 Diagnostic72248.5.1 WAN DHCP723Firmware and Configuration File Maintenance72549.1 Introduction72549.2 Filename Conventions72549.3 Backup Configuration72649.3.1 Backup Configuration72649.3.2 Using the FTP Command from the Command Line72749.3.3 Example of FTP Commands from the Command Line72749.3.4 GUI-based FTP Clients72849.3.5 File Maintenance Over WAN72849.3.6 Backup Configuration Using TFTP72849.3.7 TFTP Command Example72949.3.8 GUI-based TFTP Clients72949.3.9 Backup Via Console Port72949.4 Restore Configuration73049.4.1 Restore Using FTP73149.4.2 Restore Using FTP Session Example73249.4.3 Restore Via Console Port73249.5 Uploading Firmware and Configuration Files73349.5.1 Firmware File Upload73349.5.2 Configuration File Upload73449.5.3 FTP File Upload Command from the DOS Prompt Example73549.5.4 FTP Session Example of Firmware File Upload73549.5.5 TFTP File Upload73549.5.6 TFTP Upload Command Example73649.5.7 Uploading Via Console Port73649.5.8 Uploading Firmware File Via Console Port73649.5.9 Example Xmodem Firmware Upload Using HyperTerminal73749.5.10 Uploading Configuration File Via Console Port73749.5.11 Example Xmodem Configuration Upload Using HyperTerminal738System Maintenance Menus 8 to 1073950.1 Command Interpreter Mode73950.2 Call Control Support74050.2.1 Budget Management74050.2.2 Call History74150.3 Time and Date Setting742Remote Management74551.1 Remote Management74551.1.1 Remote Management Limitations747IP Policy Routing74952.1 IP Routing Policy Summary74952.2 IP Routing Policy Setup75052.2.1 Applying Policy to Packets75252.3 IP Policy Routing Example753Call Scheduling75753.1 Introduction to Call Scheduling757Troubleshooting and Product Specifications761Troubleshooting76354.1 Power, Hardware Connections, and LEDs76354.2 ZyWALL Access and Login76454.3 Internet Access76654.4 Wireless Router/AP Troubleshooting76754.5 UPnP768Product Specifications76955.1 Compatible 3G Cards77355.2 Power Adaptor Specifications775Appendices and Index779Removing and Installing a Fuse781Common Services783Wireless LANs787Windows 98 SE/Me Requirements for Anti-Virus Message Display801Legal Information805Customer Support809Index815Size: 15.3 MBPages: 824Language: EnglishOpen manual