ユーザーズマニュアル目次ZyWALL USG 501About This User's Guide3Document Conventions6Safety Warnings8Contents Overview9Table of Contents11User’s Guide29Introducing the ZyWALL311.1 Overview and Key Default Settings311.2 Rack-mounted Installation321.2.1 Rack-Mounted Installation Procedure321.3 Front Panel331.3.1 Front Panel LEDs331.4 Management Overview341.5 Starting and Stopping the ZyWALL35Features and Applications372.1 Features372.2 Applications392.2.1 VPN Connectivity402.2.2 SSL VPN Network Access402.2.3 User-Aware Access Control422.2.4 Multiple WAN Interfaces42Web Configurator433.1 Web Configurator Requirements433.2 Web Configurator Access433.3 Web Configurator Screens Overview453.3.1 Title Bar453.3.2 Navigation Panel473.3.3 Main Window523.3.4 Tables and Lists54Installation Setup Wizard594.1 Installation Setup Wizard Screens594.1.1 Internet Access Setup - WAN Interface594.1.2 Internet Access: Ethernet604.1.3 Internet Access: PPPoE624.1.4 Internet Access: PPTP634.1.5 ISP Parameters644.1.6 Internet Access Setup - Second WAN Interface654.1.7 Internet Access - Finish664.2 Device Registration66Quick Setup695.1 Quick Setup Overview695.2 WAN Interface Quick Setup705.2.1 Choose an Ethernet Interface705.2.2 Select WAN Type705.2.3 Configure WAN Settings715.2.4 WAN and ISP Connection Settings725.2.5 Quick Setup Interface Wizard: Summary745.3 VPN Quick Setup755.4 VPN Setup Wizard: Wizard Type765.5 VPN Express Wizard - Scenario775.5.1 VPN Express Wizard - Configuration785.5.2 VPN Express Wizard - Summary795.5.3 VPN Express Wizard - Finish805.5.4 VPN Advanced Wizard - Scenario815.5.5 VPN Advanced Wizard - Phase 1 Settings825.5.6 VPN Advanced Wizard - Phase 2845.5.7 VPN Advanced Wizard - Summary855.5.8 VPN Advanced Wizard - Finish86Configuration Basics876.1 Object-based Configuration876.2 Zones, Interfaces, and Physical Ports886.2.1 Interface Types896.2.2 Default Interface and Zone Configuration896.3 Terminology in the ZyWALL916.4 Packet Flow916.4.1 Routing Table Checking Flow926.4.2 NAT Table Checking Flow946.5 Feature Configuration Overview956.5.1 Feature956.5.2 Licensing Registration966.5.3 Licensing Update966.5.4 Interface966.5.5 Trunks976.5.6 Policy Routes976.5.7 Static Routes986.5.8 Zones986.5.9 DDNS996.5.10 NAT996.5.11 HTTP Redirect996.5.12 ALG1006.5.13 Auth. Policy1006.5.14 Firewall1016.5.15 IPSec VPN1026.5.16 SSL VPN1026.5.17 Application Patrol1026.5.18 Anti-Virus1036.5.19 IDP1036.5.20 ADP1036.5.21 Content Filter1046.5.22 Anti-Spam1046.6 Objects1056.6.1 User/Group1066.7 System1066.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM1066.7.2 Logs and Reports1076.7.3 File Manager1076.7.4 Diagnostics1086.7.5 Shutdown108Tutorials1097.1 How to Configure Interfaces, Port Roles, and Zones1097.1.1 Configure a WAN Ethernet Interface1107.1.2 Configure Port Roles1117.1.3 Configure the DMZ Interface for a Local Network1117.1.4 Configure Zones1127.2 How to Configure a Cellular Interface1137.3 How to Configure Load Balancing1157.3.1 Set Up Available Bandwidth on Ethernet Interfaces1157.3.2 Configure the WAN Trunk1167.4 How to Set Up an IPSec VPN Tunnel1187.4.1 Set Up the VPN Gateway1197.4.2 Set Up the VPN Connection1207.4.3 Configure Security Policies for the VPN Tunnel1217.5 How to Configure User-aware Access Control1227.5.1 Set Up User Accounts1227.5.2 Set Up User Groups1237.5.3 Set Up User Authentication Using the RADIUS Server1247.5.4 Web Surfing Policies With Bandwidth Restrictions1267.5.5 Set Up MSN Policies1297.5.6 Set Up Firewall Rules1307.6 How to Use a RADIUS Server to Authenticate User Accounts based on Groups1317.7 How to Use Endpoint Security and Authentication Policies1337.7.1 Configure the Endpoint Security Objects1337.7.2 Configure the Authentication Policy1357.8 How to Configure Service Control1367.8.1 Allow HTTPS Administrator Access Only From the LAN1377.9 How to Allow Incoming H.323 Peer-to-peer Calls1397.9.1 Turn On the ALG1407.9.2 Set Up a NAT Policy For H.3231407.9.3 Set Up a Firewall Rule For H.3231427.10 How to Allow Public Access to a Web Server1437.10.1 Create the Address Objects1447.10.2 Configure NAT1447.10.3 Set Up a Firewall Rule1457.11 How to Use an IPPBX on the DMZ1467.11.1 Turn On the ALG1487.11.2 Create the Address Objects1487.11.3 Setup a NAT Policy for the IPPBX1497.11.4 Set Up a WAN to DMZ Firewall Rule for SIP1507.11.5 Set Up a DMZ to LAN Firewall Rule for SIP1517.12 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic1527.12.1 Create the Public IP Address Range Object1527.12.2 Configure the Policy Route153Technical Reference155Dashboard1578.1 Overview1578.1.1 What You Can Do in this Chapter1578.2 The Dashboard Screen1578.2.1 The CPU Usage Screen1628.2.2 The Memory Usage Screen1638.2.3 The Active Sessions Screen1648.2.4 The VPN Status Screen1658.2.5 The DHCP Table Screen1658.2.6 The Number of Login Users Screen166Monitor1699.1 Overview1699.1.1 What You Can Do in this Chapter1699.2 The Port Statistics Screen1709.2.1 The Port Statistics Graph Screen1729.3 Interface Status Screen1739.4 The Traffic Statistics Screen1759.5 The Session Monitor Screen1789.6 The DDNS Status Screen1819.7 IP/MAC Binding Monitor1819.8 The Login Users Screen1829.9 Cellular Status Screen1839.9.1 More Information1859.10 Application Patrol Statistics1869.10.1 Application Patrol Statistics: General Setup1879.10.2 Application Patrol Statistics: Bandwidth Statistics1889.10.3 Application Patrol Statistics: Protocol Statistics1899.10.4 Application Patrol Statistics: Individual Protocol Statistics by Rule1909.11 The IPSec Monitor Screen1919.11.1 Regular Expressions in Searching IPSec SAs1929.12 The SSL Connection Monitor Screen1939.13 The Anti-Virus Statistics Screen1949.14 The IDP Statistics Screen1969.15 The Content Filter Statistics Screen1989.16 Content Filter Cache Screen2009.17 The Anti-Spam Statistics Screen2039.18 The Anti-Spam Status Screen2059.19 Log Screen206Registration20910.1 Overview20910.1.1 What You Can Do in this Chapter20910.1.2 What you Need to Know20910.2 The Registration Screen21110.3 The Service Screen213Interfaces21511.1 Interface Overview21511.1.1 What You Can Do in this Chapter21511.1.2 What You Need to Know21611.2 Port Role21811.3 Ethernet Summary Screen21911.3.1 Ethernet Edit22111.3.2 Object References23011.4 PPP Interfaces23111.4.1 PPP Interface Summary23211.4.2 PPP Interface Add or Edit23311.5 Cellular Configuration Screen (3G)23711.5.1 Cellular Add/Edit Screen23911.6 VLAN Interfaces24611.6.1 VLAN Summary Screen24811.6.2 VLAN Add/Edit24911.7 Bridge Interfaces25611.7.1 Bridge Summary25811.7.2 Bridge Add/Edit25911.7.3 Virtual Interfaces Add/Edit26411.8 Interface Technical Reference266Trunks27112.1 Overview27112.1.1 What You Can Do in this Chapter27112.1.2 What You Need to Know27212.2 The Trunk Summary Screen27612.3 Configuring a Trunk27712.4 Trunk Technical Reference279Policy and Static Routes28113.1 Policy and Static Routes Overview28113.1.1 What You Can Do in this Chapter28113.1.2 What You Need to Know28213.2 Policy Route Screen28413.2.1 Policy Route Edit Screen28713.3 IP Static Route Screen29113.3.1 Static Route Add/Edit Screen29213.4 Policy Routing Technical Reference293Routing Protocols29714.1 Routing Protocols Overview29714.1.1 What You Can Do in this Chapter29714.1.2 What You Need to Know29714.2 The RIP Screen29814.3 The OSPF Screen29914.3.1 Configuring the OSPF Screen30314.3.2 OSPF Area Add/Edit Screen30614.3.3 Virtual Link Add/Edit Screen30714.4 Routing Protocol Technical Reference308Zones31115.1 Zones Overview31115.1.1 What You Can Do in this Chapter31115.1.2 What You Need to Know31215.2 The Zone Screen31315.3 Zone Edit314DDNS31516.1 DDNS Overview31516.1.1 What You Can Do in this Chapter31516.1.2 What You Need to Know31516.2 The DDNS Screen31616.2.1 The Dynamic DNS Add/Edit Screen318NAT32117.1 NAT Overview32117.1.1 What You Can Do in this Chapter32117.1.2 What You Need to Know32217.2 The NAT Screen32217.2.1 The NAT Add/Edit Screen32417.3 NAT Technical Reference327HTTP Redirect33118.1 Overview33118.1.1 What You Can Do in this Chapter33118.1.2 What You Need to Know33218.2 The HTTP Redirect Screen33318.2.1 The HTTP Redirect Edit Screen334ALG33519.1 ALG Overview33519.1.1 What You Can Do in this Chapter33519.1.2 What You Need to Know33619.1.3 Before You Begin33919.2 The ALG Screen33919.3 ALG Technical Reference341IP/MAC Binding34320.1 IP/MAC Binding Overview34320.1.1 What You Can Do in this Chapter34320.1.2 What You Need to Know34420.2 IP/MAC Binding Summary34420.2.1 IP/MAC Binding Edit34520.2.2 Static DHCP Edit34620.3 IP/MAC Binding Exempt List347Authentication Policy34921.1 Overview34921.1.1 What You Can Do in this Chapter34921.1.2 What You Need to Know35021.2 Authentication Policy Screen35021.2.1 Creating/Editing an Authentication Policy353Firewall35722.1 Overview35722.1.1 What You Can Do in this Chapter35722.1.2 What You Need to Know35822.1.3 Firewall Rule Example Applications36022.1.4 Firewall Rule Configuration Example36322.2 The Firewall Screen36522.2.1 Configuring the Firewall Screen36622.2.2 The Firewall Add/Edit Screen36922.3 The Session Limit Screen37022.3.1 The Session Limit Add/Edit Screen372IPSec VPN37523.1 IPSec VPN Overview37523.1.1 What You Can Do in this Chapter37523.1.2 What You Need to Know37623.1.3 Before You Begin37823.2 The VPN Connection Screen37823.2.1 The VPN Connection Add/Edit (IKE) Screen38023.2.2 The VPN Connection Add/Edit Manual Key Screen38723.3 The VPN Gateway Screen39023.3.1 The VPN Gateway Add/Edit Screen39123.4 IPSec VPN Background Information399SSL VPN41124.1 Overview41124.1.1 What You Can Do in this Chapter41124.1.2 What You Need to Know41124.2 The SSL Access Privilege Screen41324.2.1 The SSL Access Policy Add/Edit Screen41424.3 The SSL Global Setting Screen41624.3.1 How to Upload a Custom Logo41824.4 Establishing an SSL VPN Connection419SSL User Screens42125.1 Overview42125.1.1 What You Need to Know42125.2 Remote User Login42225.3 The SSL VPN User Screens42725.4 Bookmarking the ZyWALL42825.5 Logging Out of the SSL VPN User Screens428SSL User Application Screens43126.1 SSL User Application Screens Overview43126.2 The Application Screen431ZyWALL SecuExtender43327.1 The ZyWALL SecuExtender Icon43327.2 Statistics43427.3 View Log43527.4 Suspend and Resume the Connection43527.5 Stop the Connection43627.6 Uninstalling the ZyWALL SecuExtender436Application Patrol43728.1 Overview43728.1.1 What You Can Do in this Chapter43728.1.2 What You Need to Know43828.1.3 Application Patrol Bandwidth Management Examples44328.2 Application Patrol General Screen44728.3 Application Patrol Applications44828.3.1 The Application Patrol Edit Screen44928.3.2 The Application Patrol Policy Edit Screen45328.4 The Other Applications Screen45628.4.1 The Other Applications Add/Edit Screen459Anti-Virus46329.1 Overview46329.1.1 What You Can Do in this Chapter46329.1.2 What You Need to Know46429.1.3 Before You Begin46529.2 Anti-Virus Summary Screen46629.2.1 Anti-Virus Policy Add or Edit Screen46929.3 Anti-Virus Black List47129.4 Anti-Virus Black List or White List Add/Edit47229.5 Anti-Virus White List47329.6 Signature Searching47429.7 Anti-Virus Technical Reference477IDP47930.1 Overview47930.1.1 What You Can Do in this Chapter47930.1.2 What You Need To Know47930.1.3 Before You Begin48030.2 The IDP General Screen48130.3 Introducing IDP Profiles48330.3.1 Base Profiles48430.4 The Profile Summary Screen48530.5 Creating New Profiles48630.5.1 Procedure To Create a New Profile48630.6 Profiles: Packet Inspection48730.6.1 Profile > Group View Screen48730.6.2 Policy Types49030.6.3 IDP Service Groups49130.6.4 Profile > Query View Screen49330.6.5 Query Example49530.7 Introducing IDP Custom Signatures49730.7.1 IP Packet Header49730.8 Configuring Custom Signatures49830.8.1 Creating or Editing a Custom Signature50030.8.2 Custom Signature Example50630.8.3 Applying Custom Signatures50830.8.4 Verifying Custom Signatures50930.9 IDP Technical Reference510ADP51331.1 Overview51331.1.1 ADP and IDP Comparison51331.1.2 What You Can Do in this Chapter51331.1.3 What You Need To Know51331.1.4 Before You Begin51431.2 The ADP General Screen51531.3 The Profile Summary Screen51631.3.1 Base Profiles51731.3.2 Configuring The ADP Profile Summary Screen51731.3.3 Creating New ADP Profiles51831.3.4 Traffic Anomaly Profiles51831.3.5 Protocol Anomaly Profiles52131.3.6 Protocol Anomaly Configuration52131.4 ADP Technical Reference525Content Filtering53332.1 Overview53332.1.1 What You Can Do in this Chapter53332.1.2 What You Need to Know53332.1.3 Before You Begin53532.2 Content Filter General Screen53532.3 Content Filter Policy Add or Edit Screen53832.4 Content Filter Profile Screen54032.5 Content Filter Categories Screen54032.5.1 Content Filter Blocked and Warning Messages55232.6 Content Filter Customization Screen55332.7 Content Filter Technical Reference555Content Filter Reports55733.1 Overview55733.2 Viewing Content Filter Reports557Anti-Spam56534.1 Overview56534.1.1 What You Can Do in this Chapter56534.1.2 What You Need to Know56534.2 Before You Begin56734.3 The Anti-Spam General Screen56734.3.1 The Anti-Spam Policy Add or Edit Screen56934.4 The Anti-Spam Black List Screen57134.4.1 The Anti-Spam Black or White List Add/Edit Screen57334.4.2 Regular Expressions in Black or White List Entries57434.5 The Anti-Spam White List Screen57534.6 The DNSBL Screen57634.7 Anti-Spam Technical Reference578User/Group58335.1 Overview58335.1.1 What You Can Do in this Chapter58335.1.2 What You Need To Know58335.2 User Summary Screen58635.2.1 User Add/Edit Screen58635.3 User Group Summary Screen58935.3.1 Group Add/Edit Screen59035.4 Setting Screen59135.4.1 Default User Authentication Timeout Settings Edit Screens59435.4.2 User Aware Login Example59635.5 User /Group Technical Reference597Addresses59936.1 Overview59936.1.1 What You Can Do in this Chapter59936.1.2 What You Need To Know59936.2 Address Summary Screen59936.2.1 Address Add/Edit Screen60136.3 Address Group Summary Screen60236.3.1 Address Group Add/Edit Screen603Services60537.1 Overview60537.1.1 What You Can Do in this Chapter60537.1.2 What You Need to Know60537.2 The Service Summary Screen60637.2.1 The Service Add/Edit Screen60837.3 The Service Group Summary Screen60837.3.1 The Service Group Add/Edit Screen610Schedules61138.1 Overview61138.1.1 What You Can Do in this Chapter61138.1.2 What You Need to Know61138.2 The Schedule Summary Screen61238.2.1 The One-Time Schedule Add/Edit Screen61338.2.2 The Recurring Schedule Add/Edit Screen614AAA Server61739.1 Overview61739.1.1 Directory Service (AD/LDAP)61739.1.2 RADIUS Server61839.1.3 ASAS61839.1.4 What You Can Do in this Chapter61839.1.5 What You Need To Know61939.2 Active Directory or LDAP Server Summary62139.2.1 Adding an Active Directory or LDAP Server62139.3 RADIUS Server Summary62339.3.1 Adding a RADIUS Server625Authentication Method62740.1 Overview62740.1.1 What You Can Do in this Chapter62740.1.2 Before You Begin62740.1.3 Example: Selecting a VPN Authentication Method62740.2 Authentication Method Objects62840.2.1 Creating an Authentication Method Object629Certificates63341.1 Overview63341.1.1 What You Can Do in this Chapter63341.1.2 What You Need to Know63341.1.3 Verifying a Certificate63541.2 The My Certificates Screen63741.2.1 The My Certificates Add Screen63841.2.2 The My Certificates Edit Screen64341.2.3 The My Certificates Import Screen64641.3 The Trusted Certificates Screen64741.3.1 The Trusted Certificates Edit Screen64841.3.2 The Trusted Certificates Import Screen65241.4 Certificates Technical Reference653ISP Accounts65542.1 Overview65542.1.1 What You Can Do in this Chapter65542.2 ISP Account Summary65542.2.1 ISP Account Edit656SSL Application65943.1 Overview65943.1.1 What You Can Do in this Chapter65943.1.2 What You Need to Know65943.1.3 Example: Specifying a Web Site for Access66043.2 The SSL Application Screen66143.2.1 Creating/Editing a Web-based SSL Application Object662Endpoint Security66544.1 Overview66544.1.1 What You Can Do in this Chapter66644.1.2 What You Need to Know66644.2 Endpoint Security Screen66744.3 Endpoint Security Add/Edit669System67545.1 Overview67545.1.1 What You Can Do in this Chapter67545.2 Host Name67645.3 Date and Time67645.3.1 Pre-defined NTP Time Servers List67945.3.2 Time Server Synchronization68045.4 Console Port Speed68145.5 DNS Overview68145.5.1 DNS Server Address Assignment68245.5.2 Configuring the DNS Screen68245.5.3 Address Record68545.5.4 PTR Record68545.5.5 Adding an Address/PTR Record68545.5.6 Domain Zone Forwarder68645.5.7 Adding a Domain Zone Forwarder68645.5.8 MX Record68745.5.9 Adding a MX Record68845.5.10 Adding a DNS Service Control Rule68845.6 WWW Overview68945.6.1 Service Access Limitations68945.6.2 System Timeout69045.6.3 HTTPS69045.6.4 Configuring WWW Service Control69145.6.5 Service Control Rules69545.6.6 Customizing the WWW Login Page69545.6.7 HTTPS Example69945.7 SSH70645.7.1 How SSH Works70745.7.2 SSH Implementation on the ZyWALL70845.7.3 Requirements for Using SSH70845.7.4 Configuring SSH70845.7.5 Secure Telnet Using SSH Examples71045.8 Telnet71145.8.1 Configuring Telnet71245.9 FTP71345.9.1 Configuring FTP71345.10 SNMP71545.10.1 Supported MIBs71745.10.2 SNMP Traps71745.10.3 Configuring SNMP71745.11 Vantage CNM71945.11.1 Configuring Vantage CNM72045.12 Language Screen722Log and Report72346.1 Overview72346.1.1 What You Can Do In this Chapter72346.2 Email Daily Report72346.3 Log Setting Screens72546.3.1 Log Setting Summary72646.3.2 Edit System Log Settings72746.3.3 Edit Remote Server Log Settings73246.3.4 Active Log Summary Screen734File Manager73747.1 Overview73747.1.1 What You Can Do in this Chapter73747.1.2 What you Need to Know73747.2 The Configuration File Screen74047.3 The Firmware Package Screen74447.4 The Shell Script Screen746Diagnostics74948.1 Overview74948.1.1 What You Can Do in this Chapter74948.2 The Diagnostic Screen74948.3 The Packet Capture Screen75048.3.1 The Packet Capture Files Screen75248.3.2 Example of Viewing a Packet Capture File753Reboot75549.1 Overview75549.1.1 What You Need To Know75549.2 The Reboot Screen755Shutdown75750.1 Overview75750.1.1 What You Need To Know75750.2 The Shutdown Screen757Troubleshooting75951.1 Resetting the ZyWALL77351.2 Getting More Troubleshooting Help774Product Specifications77552.1 Power Adaptor Specifications780Log Descriptions783Common Services841Importing Certificates845Open Software Announcements871Legal Information917Index921サイズ: 18.4MBページ数: 944Language: Englishマニュアルを開く