User ManualTable of ContentsCopyright2Disclaimer2Trademarks2Federal Communications Commission (FCC) Interference Statement3Information for Canadian Users4Caution4Note4Certifications5ZyXEL Limited Warranty6Note6Customer Support7List of Figures25List Of Tables29Preface31About Your ZyWALL31About This User's Manual31Related Documentation31Syntax Conventions32Getting Started33Getting to Know Your ZyWALL35The ZyWALL 50 Internet Security Gateway35Features of The ZyWALL 5035Applications for the ZyWALL 5038Secure Broadband Internet Access via Cable or DSL Modem38VPN Application39Hardware Installation41Front Panel LEDs and Back Panel Ports41Front Panel LEDs41ZyWALL 50 Rear Panel and Connections42Additional Installation Requirements45Initial Setup47Turning On Your ZyWALL47Initial Screen47Entering the Password47Navigating the SMT Interface48Main Menu49System Management Terminal Interface Summary49SMT Menus at a Glance51Changing the System Password53Resetting the ZyWALL54Methods of Restoring Factory-Defaults54Procedure To Use The Reset Button55General And WAN Setup57System Name57Dynamic DNS57WAN Setup59LAN Setup63Introduction63LAN Port Filter Setup63TCP/IP and DHCP for LAN63Factory LAN Defaults64DHCP Configuration64IP Address and Subnet Mask64Private IP Addresses65RIP Setup66IP Multicast66IP Alias67TCP/IP and DHCP Ethernet Setup Menu67IP Alias Setup69Internet Access71Internet Access Setup71Ethernet Encapsulation71PPTP Encapsulation72Configuring the PPTP Client73PPPoE Encapsulation74Basic Setup Complete75Advanced Applications76Remote Node Setup77Remote Node Profile77Ethernet Encapsulation77PPPoE Encapsulation79PPTP Encapsulation81Editing TCP/IP Options (with Ethernet Encapsulation)83Editing TCP/IP Options (with PPTP Encapsulation)84Editing TCP/IP Options (with PPPoE Encapsulation)86Remote Node Filter86IP Static Route Setup89IP Static Route Setup90Network Address Translation (NAT)93Introduction93NAT Definitions93What NAT Does93How NAT Works93NAT Application95NAT Mapping Types96Using NAT98SUA (Single User Account) Versus NAT98Applying NAT98NAT Setup100Address Mapping Sets100NAT Server Sets – Port Forwarding105Configuring a Server behind NAT106General NAT Examples108Internet Access Only108Example 2: Internet Access with an Inside Server109Example 3: Multiple Public IP Addresses With Inside Servers110Example 4: NAT Unfriendly Application Programs114Firewall and Content Filters116Firewalls118What Is a Firewall?118Types of Firewalls118Packet Filtering Firewalls118Application-level Firewalls118Stateful Inspection Firewalls119Introduction to ZyXEL’s Firewall119Denial of Service120Basics120Types of DoS Attacks121Stateful Inspection124Stateful Inspection Process125Stateful Inspection and the ZyWALL126TCP Security127UDP/ICMP Security127Upper Layer Protocols128Guidelines For Enhancing Security With Your Firewall128Security In General129Packet Filtering Vs Firewall129Packet Filtering:130Firewall130Introducing the ZyWALL Firewall132Remote Management and the Firewall132Access Methods132Using ZyWALL SMT Menus132Activating the Firewall132Viewing the Firewall Log133Using the ZyWALL Web Configurator136Web Configurator Login and Main Menu Screens136Enabling the Firewall138E-mail138Alerts138Logs139SMTP Error Messages141Example E-mail Log141Attack Alert142Threshold Values142Half-Open Sessions143Creating Custom Rules148Rules Overview148Rule Logic Overview148Rule Checklist148Security Ramifications149Key Fields For Configuring Rules149Connection Direction150LAN to WAN Rules150WAN to LAN Rules151Rule Summary151Predefined Services154Creating/Editing Firewall Rules157Source and Destination Addresses157Timeout160Factors Influencing Choices for Timeout Values160Custom Ports164Introduction164Creating/Editing A Custom Port166Logs168Log Screen168Example Firewall Rules170Examples170Example 1: Firewall Rule To Allow Web Service From The Internet170Example 2: Small Office With Mail, FTP and Web Servers175Example 3: DHCP Negotiation and Syslog Connection from the Internet181Content Filtering184Categories184Restrict Web Features184Filter List184Days and Times184Update List184Exempt Computers184Customizing185Keywords185Log Records185Advanced Management186Filter Configuration187About Filtering187The Filter Structure of the ZyWALL188Configuring a Filter Set190Filter Rules Summary Menu192Configuring a Filter Rule193TCP/IP Filter Rule193Generic Filter Rule198Example Filter199Filter Types and NAT203Firewall203Applying a Filter and Factory Defaults204LAN traffic204Remote Node Filters204SNMP Configuration207About SNMP207Supported MIBs209Configuring SNMP209SNMP Traps210System Information & Diagnosis213System Status213System Information and Console Port Speed215System Information216Console Port Speed217Log and Trace217Viewing Error Log217UNIX Syslog219Call-Triggering Packet222Diagnostic223WAN DHCP224Firmware and Configuration Maintenance227Filename Conventions227Backup Configuration228Backup Configuration228Using the FTP Command from the Command Line229Example of FTP Commands from the Command Line230GUI-Based FTP Clients230TFTP and FTP over WAN Will Not Work When230Backup Configuration Using TFTP231TFTP Command Example231GUI-Based TFTP Clients232Backup Via Console Port232Restore Configuration233Restore Using FTP or TFTP234Procedure To Restore Using FTP234Restore Using FTP Session Example235Restore Via Console Port235Uploading Firmware and Configuration Files236Firmware File Upload237Configuration File Upload237FTP File Upload Command from the Command Line Example238FTP Session Example of Firmware File Upload239TFTP File Upload239TFTP Upload Command Example240Uploading Via Console Port240Uploading a Firmware File Via Console Port240Example Xmodem Firmware Upload Using HyperTerminal241Uploading a Configuration File Via Console Port242Example Xmodem Configuration Upload Using HyperTerminal242System Maintenance & Information245Command Interpreter Mode245Call Control Support246Budget Management246Call History248Time and Date Setting249Resetting the Time251Remote Management253Telnet253FTP253Web254Remote Management254Remote Management Limitations255Remote Management and NAT256System Timeout256Call Scheduling and VPN/IPSec257Call Scheduling259Introduction259Introduction to IPSec263Introduction263VPN263IPSec263Security Association263Other Terminology263VPN Applications264IPSec Architecture265IPSec Algorithms266Key Management266Encapsulation267Transport Mode267Tunnel Mode267IPSec and NAT267VPN/IPSec Setup269VPN/IPSec Setup269IPSec Algorithms270AH (Authentication Header) Protocol270ESP (Encapsulating Security Payload) Protocol270IPSec Summary271IPSec Setup275IKE Setup278IKE Phases278Negotiation Mode279Pre-Shared Key280Diffie-Hellman (DH) Key Groups280Perfect Forward Secrecy (PFS)280Manual Setup283Active Protocol283Security Parameter Index (SPI)283SA Monitor287Introduction287IPSec Log289Troubleshooting, Appendices and Index293Troubleshooting294Problems Starting Up the ZyWALL294Problems with the LAN Interface295Problems with the WAN interface295Problems with Internet Access296Problems with the Password296Problems with Remote Management296What is PPTP?302How can we transport PPP frames from a PC to a broadband modem over Ethernet?302PPTP and the ZyWALL302PPTP Protocol Overview303Control & PPP connections303Index318Size: 4.31 MBPages: 322Language: EnglishOpen manual