Manuale UtenteSommarioZyWALL USG 10001About This User's Guide3Document Conventions6Safety Warnings8Contents Overview9Table of Contents11User’s Guide31Introducing the ZyWALL331.1 Overview and Key Default Settings331.2 Rack-mounted Installation331.2.1 Rack-Mounted Installation Procedure341.3 Front Panel351.3.1 Front Panel LEDs351.4 Management Overview351.5 Starting and Stopping the ZyWALL36Features and Applications392.1 Features392.2 Applications412.2.1 VPN Connectivity422.2.2 SSL VPN Network Access422.2.3 User-Aware Access Control442.2.4 Multiple WAN Interfaces442.2.5 Device HA45Web Configurator473.1 Web Configurator Requirements473.2 Web Configurator Access473.3 Web Configurator Screens Overview493.3.1 Title Bar503.3.2 Navigation Panel503.3.3 Main Window563.3.4 Tables and Lists59Installation Setup Wizard634.1 Installation Setup Wizard Screens634.1.1 Internet Access Setup - WAN Interface644.1.2 Internet Access: Ethernet644.1.3 Internet Access: PPPoE664.1.4 Internet Access: PPTP674.1.5 ISP Parameters674.1.6 Internet Access Setup - Second WAN Interface694.1.7 Internet Access - Finish694.2 Device Registration70Quick Setup735.1 Quick Setup Overview735.2 WAN Interface Quick Setup745.2.1 Choose an Ethernet Interface745.2.2 Select WAN Type745.2.3 Configure WAN Settings755.2.4 WAN and ISP Connection Settings765.2.5 Quick Setup Interface Wizard: Summary785.3 VPN Quick Setup795.4 VPN Setup Wizard: Wizard Type805.5 VPN Express Wizard - Scenario815.5.1 VPN Express Wizard - Configuration825.5.2 VPN Express Wizard - Summary835.5.3 VPN Express Wizard - Finish845.5.4 VPN Advanced Wizard - Scenario855.5.5 VPN Advanced Wizard - Phase 1 Settings865.5.6 VPN Advanced Wizard - Phase 2885.5.7 VPN Advanced Wizard - Summary895.5.8 VPN Advanced Wizard - Finish90Configuration Basics916.1 Object-based Configuration916.2 Zones, Interfaces, and Physical Ports926.2.1 Interface Types936.2.2 Default Interface and Zone Configuration946.3 Terminology in the ZyWALL956.4 Packet Flow966.4.1 ZLD 2.20 Packet Flow Enhancements966.4.2 Routing Table Checking Flow Enhancements976.4.3 NAT Table Checking Flow986.5 Feature Configuration Overview996.5.1 Feature1006.5.2 Licensing Registration1006.5.3 Licensing Update1006.5.4 Interface1016.5.5 Trunks1016.5.6 Policy Routes1016.5.7 Static Routes1026.5.8 Zones1036.5.9 DDNS1036.5.10 NAT1036.5.11 HTTP Redirect1046.5.12 ALG1056.5.13 Auth. Policy1056.5.14 Firewall1056.5.15 IPSec VPN1066.5.16 SSL VPN1066.5.17 L2TP VPN1076.5.18 Application Patrol1076.5.19 Anti-Virus1086.5.20 IDP1086.5.21 ADP1086.5.22 Content Filter1086.5.23 Anti-Spam1096.5.24 Device HA1096.6 Objects1106.6.1 User/Group1106.7 System1116.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM1116.7.2 Logs and Reports1126.7.3 File Manager1126.7.4 Diagnostics1126.7.5 Shutdown112Tutorials1157.1 How to Configure Interfaces, Port Grouping, and Zones1157.1.1 Configure a WAN Ethernet Interface1167.1.2 Configure Zones1167.1.3 Configure Port Grouping1177.2 How to Configure a Cellular Interface1187.3 How to Configure Load Balancing1207.3.1 Set Up Available Bandwidth on Ethernet Interfaces1207.3.2 Configure the WAN Trunk1217.4 How to Set Up an IPSec VPN Tunnel1237.4.1 Set Up the VPN Gateway1247.4.2 Set Up the VPN Connection1257.4.3 Configure Security Policies for the VPN Tunnel1267.5 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator1277.6 How to Configure User-aware Access Control1297.6.1 Set Up User Accounts1307.6.2 Set Up User Groups1307.6.3 Set Up User Authentication Using the RADIUS Server1317.6.4 Web Surfing Policies With Bandwidth Restrictions1337.6.5 Set Up MSN Policies1367.6.6 Set Up Firewall Rules1377.7 How to Use a RADIUS Server to Authenticate User Accounts based on Groups1387.8 How to Use Endpoint Security and Authentication Policies1407.8.1 Configure the Endpoint Security Objects1407.8.2 Configure the Authentication Policy1427.9 How to Configure Service Control1437.9.1 Allow HTTPS Administrator Access Only From the LAN1447.10 How to Allow Incoming H.323 Peer-to-peer Calls1467.10.1 Turn On the ALG1477.10.2 Set Up a NAT Policy For H.3231477.10.3 Set Up a Firewall Rule For H.3231497.11 How to Allow Public Access to a Web Server1507.11.1 Create the Address Objects1517.11.2 Configure NAT1517.11.3 Set Up a Firewall Rule1527.12 How to Use an IPPBX on the DMZ1537.12.1 Turn On the ALG1557.12.2 Create the Address Objects1557.12.3 Setup a NAT Policy for the IPPBX1567.12.4 Set Up a WAN to DMZ Firewall Rule for SIP1577.12.5 Set Up a DMZ to LAN Firewall Rule for SIP1587.13 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic1597.13.1 Create the Public IP Address Range Object1597.13.2 Configure the Policy Route1607.14 How to Use Active-Passive Device HA1607.14.1 Before You Start1617.14.2 Configure Device HA on the Master ZyWALL1627.14.3 Configure the Backup ZyWALL1637.14.4 Deploy the Backup ZyWALL1647.14.5 Check Your Device HA Setup165L2TP VPN Example1678.1 L2TP VPN Example1678.2 Configuring the Default L2TP VPN Gateway Example1678.3 Configuring the Default L2TP VPN Connection Example1698.4 Configuring the L2TP VPN Settings Example1708.5 Configuring L2TP VPN in Windows Vista, XP, or 20001718.5.1 Configuring L2TP in Windows Vista1718.5.2 Configuring L2TP in Windows XP1818.5.3 Configuring L2TP in Windows 2000187Technical Reference203Dashboard2059.1 Overview2059.1.1 What You Can Do in this Chapter2059.2 The Dashboard Screen2059.2.1 The CPU Usage Screen2129.2.2 The Memory Usage Screen2139.2.3 The Session Usage Screen2149.2.4 The VPN Status Screen2159.2.5 The DHCP Table Screen2159.2.6 The Number of Login Users Screen216Monitor21910.1 Overview21910.1.1 What You Can Do in this Chapter21910.2 The Port Statistics Screen22010.2.1 The Port Statistics Graph Screen22210.3 Interface Status Screen22310.4 The Traffic Statistics Screen22610.5 The Session Monitor Screen22910.6 The DDNS Status Screen23110.7 IP/MAC Binding Monitor23210.8 The Login Users Screen23310.9 Cellular Status Screen23410.10 Application Patrol Statistics23610.10.1 Application Patrol Statistics: General Setup23610.10.2 Application Patrol Statistics: Bandwidth Statistics23710.10.3 Application Patrol Statistics: Protocol Statistics23810.10.4 Application Patrol Statistics: Individual Protocol Statistics by Rule23910.11 The IPSec Monitor Screen24010.11.1 Regular Expressions in Searching IPSec SAs24210.12 The SSL Connection Monitor Screen24310.13 L2TP over IPSec Session Monitor Screen24410.14 The Anti-Virus Statistics Screen24510.15 The IDP Statistics Screen24710.16 The Content Filter Statistics Screen24910.17 Content Filter Cache Screen25010.18 The Anti-Spam Statistics Screen25310.19 The Anti-Spam Status Screen25510.20 Log Screen256Registration25911.1 Overview25911.1.1 What You Can Do in this Chapter25911.1.2 What you Need to Know25911.2 The Registration Screen26111.3 The Service Screen263Signature Update26512.1 Overview26512.1.1 What You Can Do in this Chapter26512.1.2 What you Need to Know26512.2 The Antivirus Update Screen26612.3 The IDP/AppPatrol Update Screen26712.4 The System Protect Update Screen269Interfaces27113.1 Interface Overview27113.1.1 What You Can Do in this Chapter27113.1.2 What You Need to Know27213.2 Port Grouping27413.2.1 Port Grouping Overview27513.2.2 Port Grouping Screen27513.3 Ethernet Summary Screen27613.3.1 Ethernet Edit27813.3.2 Object References28513.4 PPP Interfaces28613.4.1 PPP Interface Summary28713.4.2 PPP Interface Add or Edit28913.5 Cellular Configuration Screen (3G)29313.5.1 Cellular Add/Edit Screen29513.6 VLAN Interfaces30213.6.1 VLAN Summary Screen30413.6.2 VLAN Add/Edit30513.7 Bridge Interfaces31213.7.1 Bridge Summary31413.7.2 Bridge Add/Edit31513.8 Auxiliary Interface32113.8.1 Auxiliary Interface Overview32113.8.2 Auxiliary32113.9 Virtual Interfaces32313.9.1 Virtual Interfaces Add/Edit32413.10 Interface Technical Reference325Trunks33114.1 Overview33114.1.1 What You Can Do in this Chapter33114.1.2 What You Need to Know33214.2 The Trunk Summary Screen33614.3 Configuring a Trunk33714.4 Trunk Technical Reference339Policy and Static Routes34115.1 Policy and Static Routes Overview34115.1.1 What You Can Do in this Chapter34115.1.2 What You Need to Know34215.2 Policy Route Screen34415.2.1 Policy Route Edit Screen34715.3 IP Static Route Screen35115.3.1 Static Route Add/Edit Screen35215.4 Policy Routing Technical Reference353Routing Protocols35716.1 Routing Protocols Overview35716.1.1 What You Can Do in this Chapter35716.1.2 What You Need to Know35716.2 The RIP Screen35816.3 The OSPF Screen35916.3.1 Configuring the OSPF Screen36316.3.2 OSPF Area Add/Edit Screen36616.3.3 Virtual Link Add/Edit Screen36716.4 Routing Protocol Technical Reference368Zones37117.1 Zones Overview37117.1.1 What You Can Do in this Chapter37117.1.2 What You Need to Know37217.2 The Zone Screen37317.3 Zone Edit374DDNS37518.1 DDNS Overview37518.1.1 What You Can Do in this Chapter37518.1.2 What You Need to Know37518.2 The DDNS Screen37618.2.1 The Dynamic DNS Add/Edit Screen378NAT38119.1 NAT Overview38119.1.1 What You Can Do in this Chapter38119.1.2 What You Need to Know38219.2 The NAT Screen38219.2.1 The NAT Add/Edit Screen38419.3 NAT Technical Reference387HTTP Redirect39120.1 Overview39120.1.1 What You Can Do in this Chapter39120.1.2 What You Need to Know39220.2 The HTTP Redirect Screen39320.2.1 The HTTP Redirect Edit Screen394ALG39521.1 ALG Overview39521.1.1 What You Can Do in this Chapter39521.1.2 What You Need to Know39621.1.3 Before You Begin39921.2 The ALG Screen39921.3 ALG Technical Reference401IP/MAC Binding40322.1 IP/MAC Binding Overview40322.1.1 What You Can Do in this Chapter40322.1.2 What You Need to Know40422.2 IP/MAC Binding Summary40422.2.1 IP/MAC Binding Edit40522.2.2 Static DHCP Edit40622.3 IP/MAC Binding Exempt List407Authentication Policy40923.1 Overview40923.1.1 What You Can Do in this Chapter40923.1.2 What You Need to Know41023.2 Authentication Policy Screen41023.2.1 Creating/Editing an Authentication Policy413Firewall41724.1 Overview41724.1.1 What You Can Do in this Chapter41724.1.2 What You Need to Know41824.1.3 Firewall Rule Example Applications42024.1.4 Firewall Rule Configuration Example42324.2 The Firewall Screen42524.2.1 Configuring the Firewall Screen42624.2.2 The Firewall Add/Edit Screen42924.3 The Session Limit Screen43024.3.1 The Session Limit Add/Edit Screen432IPSec VPN43525.1 IPSec VPN Overview43525.1.1 What You Can Do in this Chapter43525.1.2 What You Need to Know43625.1.3 Before You Begin43825.2 The VPN Connection Screen43825.2.1 The VPN Connection Add/Edit (IKE) Screen44025.2.2 The VPN Connection Add/Edit Manual Key Screen44725.3 The VPN Gateway Screen45025.3.1 The VPN Gateway Add/Edit Screen45125.4 VPN Concentrator45925.4.1 IPSec VPN Concentrator Example45925.4.2 VPN Concentrator Screen46225.4.3 The VPN Concentrator Add/Edit Screen46225.5 IPSec VPN Background Information463SSL VPN47526.1 Overview47526.1.1 What You Can Do in this Chapter47526.1.2 What You Need to Know47526.2 The SSL Access Privilege Screen47826.2.1 The SSL Access Policy Add/Edit Screen48026.3 The SSL Global Setting Screen48226.3.1 How to Upload a Custom Logo48426.4 Establishing an SSL VPN Connection485SSL User Screens48727.1 Overview48727.1.1 What You Need to Know48727.2 Remote User Login48827.3 The SSL VPN User Screens49327.4 Bookmarking the ZyWALL49427.5 Logging Out of the SSL VPN User Screens494SSL User Application Screens49728.1 SSL User Application Screens Overview49728.2 The Application Screen497SSL User File Sharing49929.1 Overview49929.1.1 What You Need to Know49929.2 The Main File Sharing Screen50029.3 Opening a File or Folder50029.3.1 Downloading a File50229.3.2 Saving a File50329.4 Creating a New Folder50329.5 Renaming a File or Folder50429.6 Deleting a File or Folder50429.7 Uploading a File505ZyWALL SecuExtender50730.1 The ZyWALL SecuExtender Icon50730.2 Statistics50830.3 View Log50930.4 Suspend and Resume the Connection50930.5 Stop the Connection51030.6 Uninstalling the ZyWALL SecuExtender510L2TP VPN51131.1 Overview51131.1.1 What You Can Do in this Chapter51131.1.2 What You Need to Know51131.2 L2TP VPN Screen513Application Patrol51532.1 Overview51532.1.1 What You Can Do in this Chapter51532.1.2 What You Need to Know51632.1.3 Application Patrol Bandwidth Management Examples52132.2 Application Patrol General Screen52532.3 Application Patrol Applications52632.3.1 The Application Patrol Edit Screen52732.3.2 The Application Patrol Policy Edit Screen53132.4 The Other Applications Screen53432.4.1 The Other Applications Add/Edit Screen537Anti-Virus54133.1 Overview54133.1.1 What You Can Do in this Chapter54133.1.2 What You Need to Know54233.1.3 Before You Begin54433.2 Anti-Virus Summary Screen54433.2.1 Anti-Virus Policy Add or Edit Screen54733.3 Anti-Virus Black List54933.4 Anti-Virus Black List or White List Add/Edit55033.5 Anti-Virus White List55133.6 Signature Searching55233.7 Anti-Virus Technical Reference555IDP55734.1 Overview55734.1.1 What You Can Do in this Chapter55734.1.2 What You Need To Know55734.1.3 Before You Begin55834.2 The IDP General Screen55934.3 Introducing IDP Profiles56134.3.1 Base Profiles56234.4 The Profile Summary Screen56334.5 Creating New Profiles56434.5.1 Procedure To Create a New Profile56434.6 Profiles: Packet Inspection56534.6.1 Profile > Group View Screen56534.6.2 Policy Types56834.6.3 IDP Service Groups56934.6.4 Profile > Query View Screen57034.6.5 Query Example57334.7 Introducing IDP Custom Signatures57534.7.1 IP Packet Header57534.8 Configuring Custom Signatures57634.8.1 Creating or Editing a Custom Signature57834.8.2 Custom Signature Example58434.8.3 Applying Custom Signatures58634.8.4 Verifying Custom Signatures58734.9 IDP Technical Reference588ADP59135.1 Overview59135.1.1 ADP and IDP Comparison59135.1.2 What You Can Do in this Chapter59135.1.3 What You Need To Know59135.1.4 Before You Begin59235.2 The ADP General Screen59335.3 The Profile Summary Screen59435.3.1 Base Profiles59535.3.2 Configuring The ADP Profile Summary Screen59535.3.3 Creating New ADP Profiles59635.3.4 Traffic Anomaly Profiles59635.3.5 Protocol Anomaly Profiles59935.3.6 Protocol Anomaly Configuration59935.4 ADP Technical Reference603Content Filtering61336.1 Overview61336.1.1 What You Can Do in this Chapter61336.1.2 What You Need to Know61336.1.3 Before You Begin61536.2 Content Filter General Screen61536.3 Content Filter Policy Add or Edit Screen61836.4 Content Filter Profile Screen62036.5 Content Filter Categories Screen62036.5.1 Content Filter Blocked and Warning Messages63236.6 Content Filter Customization Screen63336.7 Content Filter Technical Reference635Content Filter Reports63737.1 Overview63737.2 Viewing Content Filter Reports637Anti-Spam64538.1 Overview64538.1.1 What You Can Do in this Chapter64538.1.2 What You Need to Know64538.2 Before You Begin64738.3 The Anti-Spam General Screen64738.3.1 The Anti-Spam Policy Add or Edit Screen64938.4 The Anti-Spam Black List Screen65138.4.1 The Anti-Spam Black or White List Add/Edit Screen65338.4.2 Regular Expressions in Black or White List Entries65438.5 The Anti-Spam White List Screen65538.6 The DNSBL Screen65638.7 Anti-Spam Technical Reference658Device HA66339.1 Overview66339.1.1 What You Can Do in this Chapter66339.1.2 What You Need to Know66339.1.3 Before You Begin66439.2 Device HA General66539.3 The Active-Passive Mode Screen66639.3.1 Configuring Active-Passive Mode Device HA66839.4 Configuring an Active-Passive Mode Monitored Interface67139.5 The Legacy Mode Screen67339.6 Configuring the Legacy Mode Screen67439.7 Device HA Technical Reference678User/Group68540.1 Overview68540.1.1 What You Can Do in this Chapter68540.1.2 What You Need To Know68540.2 User Summary Screen68840.2.1 User Add/Edit Screen68840.3 User Group Summary Screen69140.3.1 Group Add/Edit Screen69240.4 Setting Screen69340.4.1 Default User Authentication Timeout Settings Edit Screens69640.4.2 User Aware Login Example69840.5 User /Group Technical Reference699Addresses70141.1 Overview70141.1.1 What You Can Do in this Chapter70141.1.2 What You Need To Know70141.2 Address Summary Screen70141.2.1 Address Add/Edit Screen70341.3 Address Group Summary Screen70441.3.1 Address Group Add/Edit Screen705Services70742.1 Overview70742.1.1 What You Can Do in this Chapter70742.1.2 What You Need to Know70742.2 The Service Summary Screen70842.2.1 The Service Add/Edit Screen71042.3 The Service Group Summary Screen71042.3.1 The Service Group Add/Edit Screen712Schedules71343.1 Overview71343.1.1 What You Can Do in this Chapter71343.1.2 What You Need to Know71343.2 The Schedule Summary Screen71443.2.1 The One-Time Schedule Add/Edit Screen71543.2.2 The Recurring Schedule Add/Edit Screen716AAA Server71944.1 Overview71944.1.1 Directory Service (AD/LDAP)71944.1.2 RADIUS Server72044.1.3 ASAS72044.1.4 What You Can Do in this Chapter72044.1.5 What You Need To Know72144.2 Active Directory or LDAP Server Summary72344.2.1 Adding an Active Directory or LDAP Server72344.3 RADIUS Server Summary72544.3.1 Adding a RADIUS Server727Authentication Method72945.1 Overview72945.1.1 What You Can Do in this Chapter72945.1.2 Before You Begin72945.1.3 Example: Selecting a VPN Authentication Method72945.2 Authentication Method Objects73045.2.1 Creating an Authentication Method Object731Certificates73546.1 Overview73546.1.1 What You Can Do in this Chapter73546.1.2 What You Need to Know73546.1.3 Verifying a Certificate73746.2 The My Certificates Screen73946.2.1 The My Certificates Add Screen74046.2.2 The My Certificates Edit Screen74546.2.3 The My Certificates Import Screen74846.3 The Trusted Certificates Screen74946.3.1 The Trusted Certificates Edit Screen75046.3.2 The Trusted Certificates Import Screen75446.4 Certificates Technical Reference755ISP Accounts75747.1 Overview75747.1.1 What You Can Do in this Chapter75747.2 ISP Account Summary75747.2.1 ISP Account Edit758SSL Application76148.1 Overview76148.1.1 What You Can Do in this Chapter76148.1.2 What You Need to Know76148.1.3 Example: Specifying a Web Site for Access76248.2 The SSL Application Screen76348.2.1 Creating/Editing a Web-based SSL Application Object76448.2.2 Creating/Editing a File Sharing SSL Application Object766Endpoint Security76949.1 Overview76949.1.1 What You Can Do in this Chapter77049.1.2 What You Need to Know77049.2 Endpoint Security Screen77149.3 Endpoint Security Add/Edit773System77950.1 Overview77950.1.1 What You Can Do in this Chapter77950.2 Host Name78050.3 Date and Time78150.3.1 Pre-defined NTP Time Servers List78350.3.2 Time Server Synchronization78450.4 Console Port Speed78550.5 DNS Overview78550.5.1 DNS Server Address Assignment78650.5.2 Configuring the DNS Screen78650.5.3 Address Record78950.5.4 PTR Record78950.5.5 Adding an Address/PTR Record78950.5.6 Domain Zone Forwarder79050.5.7 Adding a Domain Zone Forwarder79050.5.8 MX Record79150.5.9 Adding a MX Record79250.5.10 Adding a DNS Service Control Rule79250.6 WWW Overview79350.6.1 Service Access Limitations79450.6.2 System Timeout79450.6.3 HTTPS79450.6.4 Configuring WWW Service Control79550.6.5 Service Control Rules79950.6.6 Customizing the WWW Login Page79950.6.7 HTTPS Example80350.7 SSH81050.7.1 How SSH Works81150.7.2 SSH Implementation on the ZyWALL81250.7.3 Requirements for Using SSH81250.7.4 Configuring SSH81250.7.5 Secure Telnet Using SSH Examples81450.8 Telnet81550.8.1 Configuring Telnet81650.9 FTP81750.9.1 Configuring FTP81750.10 SNMP81950.10.1 Supported MIBs82150.10.2 SNMP Traps82150.10.3 Configuring SNMP82150.11 Dial-in Management82350.11.1 Configuring Dial-in Mgmt82450.12 Vantage CNM82550.12.1 Configuring Vantage CNM82650.13 Language Screen828Log and Report82951.1 Overview82951.1.1 What You Can Do In this Chapter82951.2 Email Daily Report82951.3 Log Setting Screens83151.3.1 Log Setting Summary83251.3.2 Edit System Log Settings83351.3.3 Edit Remote Server Log Settings83851.3.4 Active Log Summary Screen840File Manager84352.1 Overview84352.1.1 What You Can Do in this Chapter84352.1.2 What you Need to Know84352.2 The Configuration File Screen84652.3 The Firmware Package Screen85052.4 The Shell Script Screen852Diagnostics85553.1 Overview85553.1.1 What You Can Do in this Chapter85553.2 The Diagnostic Screen85553.3 The Packet Capture Screen85653.3.1 The Packet Capture Files Screen85853.3.2 Example of Viewing a Packet Capture File859Reboot86154.1 Overview86154.1.1 What You Need To Know86154.2 The Reboot Screen861Shutdown86355.1 Overview86355.1.1 What You Need To Know86355.2 The Shutdown Screen863Troubleshooting86556.1 Resetting the ZyWALL88256.2 Getting More Troubleshooting Help883Product Specifications88557.1 3G PCMCIA Card Installation891Log Descriptions893Common Services953Displaying Anti-Virus Alert Messages in Windows957Importing Certificates963Open Software Announcements989Legal Information1045Index1049Dimensioni: 25,1 MBPagine: 1075Language: EnglishApri il manuale
