ユーザーズマニュアル目次User’s Guide1About This User's Guide3Document Conventions5Safety Warnings7Contents Overview9Table of Contents11List of Figures31List of Tables43Introduction51Introducing the ZyWALL531.1 Overview and Key Default Settings531.2 Front Panel LEDs531.3 Management Overview541.4 Starting and Stopping the ZyWALL55Features and Applications572.1 Features572.2 Packet Flow582.2.1 Interface to Interface (Through ZyWALL)592.2.2 Interface to Interface (To/From ZyWALL)592.2.3 Interface to Interface (From VPN Tunnel)592.2.4 Interface to Interface (To VPN Tunnel)592.3 Applications602.3.1 VPN Connectivity602.3.2 SSL VPN Network Access602.3.3 User-Aware Access Control612.3.4 Multiple WAN Interfaces622.3.5 Device HA62Web Configurator653.1 Web Configurator Requirements653.2 Web Configurator Access653.3 Web Configurator Main Screen673.3.1 Title Bar673.3.2 Navigation Panel683.3.3 Main Window713.3.4 Message Bar72Wizard Setup754.1 Wizard Setup Overview754.2 Installation Setup, One ISP764.3 Step 1 Internet Access774.3.1 Ethernet: Auto IP Address Assignment784.3.2 Ethernet: Static IP Address Assignment784.3.3 Step 2 Internet Access Ethernet804.3.4 PPPoE: Auto IP Address Assignment814.3.5 PPPoE: Static IP Address Assignment824.3.6 Step 2 Internet Access PPPoE844.3.7 PPTP: Auto IP Address Assignment854.3.8 PPTP: Static IP Address Assignment884.3.9 Step 2 Internet Access PPTP894.3.10 Step 4 Internet Access - Finish914.4 Device Registration914.5 Installation Setup, Two Internet Service Providers934.5.1 Internet Access Wizard Setup Complete954.6 VPN Setup954.7 VPN Wizards964.7.1 VPN Express Wizard974.8 VPN Express Wizard - Remote Gateway974.8.1 VPN Express Wizard - Policy Setting994.8.2 VPN Express Wizard - Summary1004.8.3 VPN Express Wizard - Finish1014.8.4 VPN Advanced Wizard1014.8.5 VPN Advanced Wizard - Remote Gateway1034.8.6 VPN Advanced Wizard - Phase 11054.8.7 VPN Advanced Wizard - Phase 21074.8.8 VPN Advanced Wizard - Summary1084.8.9 VPN Advanced Wizard - Finish109Configuration Basics1115.1 Granular Configuration1115.2 Terminology in the ZyWALL1125.3 Physical Ports, Interfaces, and Zones1125.3.1 Network Topology Example1135.4 Feature Configuration Overview1145.4.1 Feature1145.4.2 Interface1155.4.3 Trunks1155.4.4 IPSec VPN1165.4.5 SSL VPN1165.4.6 L2TP VPN1165.4.7 Zones1165.4.8 Device HA1175.4.9 DDNS1175.4.10 Policy Routes1175.4.11 Static Routes1185.4.12 Firewall1185.4.13 Application Patrol1195.4.14 Anti-Virus1205.4.15 IDP1205.4.16 ADP1205.4.17 Content Filter1205.4.18 Virtual Server (Port Forwarding)1215.4.19 HTTP Redirect1215.4.20 ALG1225.5 Objects1225.5.1 User/Group1225.6 System Management and Maintenance1235.6.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM1235.6.2 File Manager1245.6.3 Licensing Registration1245.6.4 Licensing Update1245.6.5 Logs and Reports1245.6.6 Diagnostics124Tutorials1256.1 Interfaces and Zones1256.1.1 Set up Port Grouping1256.1.2 Set up Ethernet Interfaces1276.1.3 WAN Trunk1296.1.4 Zones1306.2 IPSec VPN1326.2.1 Set up the Ethernet Interfaces and Zones1326.2.2 Set up the VPN Gateway1326.2.3 Set up the VPN Connection1336.2.4 Set up the Policy Route for the VPN Tunnel1346.2.5 Set up the Zone for the VPN Tunnel1356.3 Device HA1366.3.1 Set up DNS for the Virtual Router1366.3.2 Set up the VRRP Groups on the Master1366.3.3 Set up the Password for Synchronization1386.3.4 Finish Configuring the Master1396.3.5 Set up the Ethernet Interfaces on the Backup1396.3.6 Set up the VRRP Groups on the Backup1396.3.7 Synchronize the Backup1406.4 User-Aware Access Control1406.4.1 Set up User Accounts1416.4.2 Set up User Groups1416.4.3 Set up User Authentication Using the RADIUS Server1426.4.4 Set up Web Surfing Policies With Bandwidth Restrictions1436.4.5 Set up MSN Policies1446.4.6 Set up LAN-to-DMZ Policies1456.5 Trunks1466.5.1 Set up Available Bandwidth on Ethernet Interfaces1466.5.2 Change WAN Trunk Algorithm1476.6 NAT 1:1 Example1476.6.1 NAT 1:1 Address Objects1486.6.2 NAT 1:1 Virtual Server1496.6.3 NAT 1:1 Policy Route1496.6.4 NAT 1:1 Firewall Rule1506.7 NAT Loopback1516.7.1 NAT Loopback Virtual Server1526.7.2 NAT Loopback Policy Route1536.8 Service Control and the Firewall1556.8.1 Allowing HTTPS Administrator Access Only From the LAN155Status1577.1 Status Screen1577.2 VPN Status1607.3 DHCP Table1617.4 Port Statistics1627.5 Current Users163Registration1658.1 myZyXEL.com Overview1658.1.1 Subscription Services Available on the ZyWALL1658.2 Registration1668.3 Service168Update1719.1 Updating Anti-virus Signatures1719.2 Updating IDP and Application Patrol Signatures1739.3 Updating System Protect Signatures175Network177Interface17910.1 Interface Overview17910.1.1 Types of Interfaces17910.1.2 IP Address Assignment18010.1.3 Interface Parameters18210.1.4 DHCP Settings18210.1.5 Ping Check Settings18310.1.6 Relationships Between Interfaces18410.2 Ethernet Interfaces18410.2.1 Ethernet Interfaces Overview18410.2.2 Interface Summary Screen18510.2.3 Ethernet Summary Screen18810.2.4 Ethernet Edit18910.3 Port Grouping19410.3.1 Port Grouping Overview19410.3.2 Port Grouping Screen19510.4 VLAN Interfaces19610.4.1 VLAN Overview19610.4.2 VLAN Interfaces Overview19810.4.3 VLAN Summary Screen19810.4.4 VLAN Add/Edit19910.5 Bridge Interfaces20310.5.1 Bridge Overview20410.5.2 Bridge Interface Overview20510.5.3 Bridge Summary20510.5.4 Bridge Add/Edit20610.6 PPPoE/PPTP Interfaces21010.6.1 PPPoE/PPTP Overview21010.6.2 PPPoE/PPTP Interfaces Overview21110.6.3 PPPoE/PPTP Interface Summary21210.6.4 PPPoE/PPTP Interface Add/Edit21310.7 Auxiliary Interface21510.7.1 Auxiliary Interface Overview21510.7.2 Auxiliary21510.8 Virtual Interfaces21710.8.1 Virtual Interfaces Add/Edit217Trunks21911.1 Trunks Overview21911.2 Trunk Scenario Examples21911.3 Load Balancing Introduction21911.4 Load Balancing Algorithms22011.4.1 Least Load First22011.4.2 Weighted Round Robin22111.4.3 Spillover22111.5 Trunk Summary22211.6 Configuring a Trunk222Policy and Static Routes22512.1 Policy Route22512.1.1 Benefits22512.2 Routing Policy22512.2.1 NAT and SNAT22612.2.2 Port Triggering22612.2.3 Maximize Bandwidth Usage22712.2.4 Reserving Bandwidth for Non-Bandwidth Class Traffic22712.3 IP Routing Policy Setup22712.4 Policy Route Edit22912.5 IP Static Routes23212.6 Static Route Summary23312.7 Edit a Static Route233Routing Protocols23513.1 Routing Protocols Overview23513.1.1 RIP Overview23513.1.2 Authentication Types23613.2 RIP Screen23613.3 OSPF Overview23713.3.1 OSPF Areas23813.3.2 OSPF Routers23913.3.3 Virtual Links24013.3.4 OSPF Configuration24013.4 OSPF Screens24113.4.1 OSPF Summary24113.4.2 OSPF Area Add/Edit242Zones24514.1 Zones Overview24514.1.1 Effect of Zones on Different Types of Traffic24514.2 Zone Summary24614.3 Zone Add/Edit247DDNS24915.1 DDNS Overview24915.1.1 DYNDNS Wildcard24915.1.2 High Availability (HA)25015.1.3 Mail Exchanger25015.2 DDNS Screens25015.3 DDNS Summary25115.4 Dynamic DNS Add/Edit252Virtual Servers25516.1 Virtual Server Overview25516.2 Virtual Server Example25616.3 Virtual Server Screens25616.4 Virtual Server Summary Screen25616.4.1 Virtual Server Add/Edit258HTTP Redirect26117.1 HTTP Redirect Overview26117.1.1 Web Proxy Server26117.2 HTTP Redirect, Firewall and Policy Route26117.3 Configuring HTTP Redirect26217.4 HTTP Redirect Edit263ALG26518.1 ALG Introduction26518.1.1 Application Layer Gateway (ALG) and NAT26518.1.2 ALG and Trunks26518.1.3 FTP26618.1.4 H.32326618.1.5 RTP26618.1.6 SIP26718.2 Peer-to-Peer Calls and the ZyWALL26818.2.1 VoIP Calls from the WAN with Multiple Outgoing Calls26818.2.2 VoIP with Multiple WAN IP Addresses26818.3 ALG Screen26918.4 WAN to LAN SIP Peer-to-peer Calls Example271Firewall and VPN275Firewall27719.1 Firewall Overview27719.2 Firewall Rules27819.2.1 Rule Directions27819.2.2 Firewall and VPN Traffic28019.3 Firewall Rule Example Applications28019.4 Alerts28219.5 Asymmetrical Routes28219.5.1 Virtual Interfaces and Asymmetrical Routes28319.6 Configuring the Firewall28319.6.1 Edit a Firewall Rule28619.7 Firewall Rule Configuration Example287IPSec VPN29120.1 IPSec VPN Overview29120.1.1 IPSec SA Overview29220.1.2 Additional Topics for IPSec SA29420.2 VPN Related Configuration29620.3 VPN Connection Screens29720.3.1 VPN Connection Summary29720.3.2 VPN Connection Add/Edit IKE29820.3.3 VPN Connection Add/Edit Manual Key30220.4 VPN Gateway Screens30620.4.1 IKE SA Overview30620.4.2 Additional Topics for IKE SA31020.4.3 VPN Gateway Summary31220.4.4 VPN Gateway Add/Edit31320.5 VPN Concentrator31820.5.1 VPN Concentrator Summary31920.5.2 VPN Concentrator Add/Edit31920.6 SA Monitor Screen32020.6.1 Regular Expressions in Searching IPSec SAs by Name or Policy322SSL VPN32321.1 SSL Access Policy32321.1.1 SSL Access Policy Objects32321.1.2 SSL Access Policy Limitations32421.2 SSL Access Privilege List32421.3 Creating/Editing an SSL Access Policy32521.4 SSL Connection Monitor32621.5 Configuring SSL Global Setting32721.5.1 Uploading a Custom Logo32921.6 Establishing an SSL VPN Connection329SSL User Screens33122.1 Overview33122.1.1 Network Resource Access Methods33122.1.2 System Requirements33122.1.3 Information You Need33222.1.4 Certificates33222.2 Remote User Login33222.3 SSL VPN User Screens33422.4 Bookmark33522.5 Logout335SSL User Application Screens33723.1 Overview33723.1.1 The Application Screen337SSL User File Sharing Screens33924.1 Overview33924.2 Main File Sharing Screen33924.3 Opening a File or Folder34024.3.1 Downloading a File34124.3.2 Saving a File34124.4 Creating a New Folder34224.5 Renaming a File or Folder34224.6 Deleting a File or Folder34324.7 Uploading a File344L2TP VPN34525.1 L2TP VPN Overview34525.2 IPSec Configuration34525.2.1 Using the Default L2TP VPN Connection34625.3 Policy Route34625.4 L2TP VPN Configuration34725.5 L2TP VPN Session Monitor348L2TP VPN Example35126.1 L2TP VPN Example35126.2 Configuring the Default L2TP VPN Gateway Example35126.3 Configuring the Default L2TP VPN Connection Example35326.4 Configuring the L2TP VPN Settings Example35426.5 Configuring the Policy Route for L2TP Example35426.6 Configuring L2TP VPN in Windows XP and 200035526.6.1 Configuring L2TP in Windows XP35626.6.2 Configuring L2TP in Windows 2000361Application Patrol & Anti-X377Application Patrol37927.1 Application Patrol Overview37927.2 Classification of Applications37927.3 Configurable Application Policies38027.4 Bandwidth Management38027.4.1 Connection and Packet Directions38127.4.2 Outbound and Inbound Bandwidth Limits38127.4.3 Bandwidth Management Priority38227.4.4 Maximize Bandwidth Usage38227.4.5 Bandwidth Management Behavior38227.5 Application Patrol Bandwidth Management Examples38427.5.1 Setting the Interface’s Bandwidth38527.5.2 SIP Any to WAN Bandwidth Management Example38527.5.3 SIP WAN to Any Bandwidth Management Example38627.5.4 HTTP Any to WAN Bandwidth Management Example38627.5.5 FTP WAN to DMZ Bandwidth Management Example38627.5.6 FTP LAN to DMZ Bandwidth Management Example38727.6 Other Applications38827.7 Application Patrol Screens38827.8 Application Patrol General38827.9 Application Patrol Applications39027.9.1 Application Patrol Edit39127.9.2 Application Patrol Policy Edit39327.10 Other Protocol Screen39527.10.1 Other Configuration Add/Edit39727.11 Application Patrol Statistics39927.11.1 Application Patrol Statistics: General Setup39927.11.2 Application Patrol Statistics: Bandwidth Statistics40027.11.3 Application Patrol Statistics: Protocol Statistics400Anti-Virus40328.1 Anti-Virus Overview40328.1.1 Types of Computer Viruses40328.1.2 Computer Virus Infection and Prevention40328.1.3 Types of Anti-Virus Scanner40428.2 Introduction to the ZyWALL Anti-Virus Scanner40428.2.1 How the ZyWALL Anti-Virus Scanner Works40428.2.2 Notes About the ZyWALL Anti-Virus40528.3 Anti-Virus Summary40628.3.1 Anti-Virus Policy Edit40828.4 Anti-Virus Setting41028.5 Anti-Virus White List Add/Edit41228.6 Anti-Virus Black List Add/Edit41328.7 Signature Searching413IDP41729.1 Introduction to IDP41729.1.1 Host Intrusions41729.1.2 Network Intrusions41729.1.3 IDP on the ZyWALL41729.1.4 Signatures41829.2 Traffic Directions and Profiles41829.3 Configuring IDP General41829.4 Configuring IDP Bindings42029.5 Introducing IDP Profiles42129.5.1 Base Profiles42129.6 Profile Summary Screen42229.7 Creating New Profiles42329.7.1 Procedure To Create a New Profile42329.8 Profiles: Packet Inspection42429.8.1 Profile > Group View Screen42429.8.2 Policy Types42729.8.3 IDP Service Groups42829.8.4 Profile > Query View Screen42929.8.5 Query Example43129.9 Introducing IDP Custom Signatures43229.9.1 IP Packet Header43229.10 Configuring Custom Signatures43429.10.1 Creating or Editing a Custom Signature43529.10.2 Custom Signature Example43929.10.3 Applying Custom Signatures44229.10.4 Verifying Custom Signatures44229.10.5 Snort Signatures443ADP44530.1 Introduction to ADP44530.1.1 Host Intrusions44530.1.2 Network Intrusions44530.1.3 ADP on the ZyWALL44630.2 Traffic Directions and Profiles44630.3 Configuring ADP General44630.4 Configuring Anomaly Profile Bindings44730.5 Introducing ADP Profiles44830.5.1 Base Profiles44830.6 Profile Summary Screen44930.7 Creating New Profiles45030.7.1 Procedure To Create a New Profile45030.8 Profiles: Traffic Anomaly45030.8.1 Port Scanning45130.8.2 Flood Detection45230.8.3 Profile > Traffic Anomaly Screen45530.9 Profiles: Protocol Anomaly45630.9.1 HTTP Inspection and TCP/UDP/ICMP Decoders45730.9.2 Protocol Anomaly Configuration459Content Filter Screens46331.1 Content Filter Overview46331.1.1 Content Filter Policies46331.1.2 Content Filter Profiles46331.1.3 Content Filter Configuration Guidelines46431.2 Content Filter General Screen46431.3 Content Filter Policy Screen46631.4 Content Filter Profile Screen46731.5 External Web Filtering Service46831.6 Content Filter Categories Screen46931.7 Content Filter Customization Screen47731.8 Keyword Blocking URL Checking48031.9 Content Filter Cache Screen480Content Filter Reports48332.1 Viewing Content Filter Reports48332.2 Web Site Submission488Device HA & Objects491Device HA49333.1 Virtual Router Redundancy Protocol (VRRP) Overview49333.1.1 Additional VRRP Notes49533.2 VRRP Group Overview49533.2.1 Link Monitoring and Remote Management49633.3 Device HA Screens49633.4 VRRP Group Summary49633.5 VRRP Group Add/Edit49833.6 Synchronization Overview50033.6.1 Synchronization and Subscription Services50033.6.2 Synchronize Screen501User/Group50334.1 User Account Overview50334.1.1 User Types50334.1.2 Ext-User Accounts50434.1.3 User Groups50534.1.4 Access Users and the ZyWALL50534.1.5 Force User Authentication Policy50534.2 User Summary50634.2.1 User Add/Edit50634.3 Group Summary50834.3.1 Group Add/Edit50934.4 Setting Screen51034.4.1 Force User Authentication Policy Add/Edit51234.5 Web Configurator for Non-Admin Users513Addresses51535.1 Addresses Overview51535.2 Address Screens51535.2.1 Address Summary51535.2.2 Address Add/Edit51635.3 Address Group Screens51735.3.1 Address Group Summary51735.3.2 Address Group Add/Edit518Services52136.1 Services Overview52136.1.1 IP Protocols52136.1.2 Service Objects and Service Groups52136.2 Service Summary Screen52236.2.1 Service Add/Edit52336.3 Service Group Summary Screen52436.3.1 Service Group Add/Edit524Schedules52737.1 Schedule Overview52737.2 Schedule Screens52737.2.1 Schedule Summary52737.2.2 One-Time Schedule Add/Edit52837.2.3 Recurring Schedule Add/Edit529AAA Server53138.1 AAA Server Overview53138.1.1 ASAS53138.1.2 User Authentication Method53238.2 Directory Service (AD/LDAP) Overview53238.2.1 Directory Structure53238.2.2 Distinguished Name (DN)53338.2.3 Configuring Active Directory or LDAP Default Server Settings53338.3 Active Directory or LDAP Group Summary53438.3.1 Creating an Active Directory or LDAP Group53538.4 RADIUS Server53638.5 Configuring a Default RADIUS Server53738.6 Configuring a Group of RADIUS Servers53838.6.1 Adding a RADIUS Server Member538Authentication Objects54139.1 Authentication Objects Overview54139.2 Viewing Authentication Objects54139.3 Creating an Authentication Object54239.3.1 Example: Selecting a VPN Authentication Method543Certificates54540.1 Certificates Overview54540.1.1 Advantages of Certificates54640.2 Self-signed Certificates54640.3 Factory Default Certificate54640.3.1 Certificate File Formats54640.4 Certificate Configuration Screens Summary54740.5 Verifying a Certificate54740.5.1 Checking the Fingerprint of a Certificate on Your Computer54740.6 My Certificates Screen54840.6.1 My Certificates Add Screen54940.6.2 My Certificate Edit Screen55240.6.3 My Certificate Import Screen55540.7 Trusted Certificates Screen55640.7.1 OCSP55640.8 Trusted Certificates Edit Screen55740.9 Trusted Certificates Import Screen560ISP Accounts56341.1 ISP Accounts Overview56341.2 ISP Account Summary56341.3 ISP Account Edit564SSL Application56742.1 SSL Application Overview56742.1.1 Application Types56742.1.2 Remote User Screen Links56742.2 SSL Application Configuration56742.3 Creating/Editing an SSL Application56842.3.1 Web-based Application56842.3.2 Example: Specifying a Web Site for Access56942.3.3 Configuring File Sharing570System573System57543.1 System Overview57543.2 Host Name57543.3 Time and Date57643.3.1 Pre-defined NTP Time Servers List57843.3.2 Time Server Synchronization57843.4 Console Port Speed57943.5 DNS Overview58043.5.1 DNS Server Address Assignment58043.5.2 DNS Servers58043.5.3 Configuring DNS58043.5.4 Address Record58343.5.5 PTR Record58343.5.6 Adding an Address/PTR Record58343.5.7 Domain Zone Forwarder58443.5.8 Adding a Domain Zone Forwarder58443.5.9 MX Record58543.5.10 Adding a MX Record58543.5.11 DNS Service Control58543.6 Language Screen586Service Control58744.1 Service Control Overview58744.1.1 Service Access Limitations58844.1.2 System Timeout58844.2 HTTPS58844.3 Configuring WWW58944.4 Service Control Rules59244.5 HTTPS Example59244.5.1 Internet Explorer Warning Messages59344.5.2 Netscape Navigator Warning Messages59344.5.3 Avoiding Browser Warning Messages59444.5.4 Login Screen59544.5.5 Enrolling and Importing SSL Client Certificates59544.5.6 Using a Certificate When Accessing the ZyWALL Example59944.6 SSH60044.6.1 How SSH Works60044.6.2 SSH Implementation on the ZyWALL60144.6.3 Requirements for Using SSH60144.6.4 Configuring SSH60144.7 Secure Telnet Using SSH Examples60244.7.1 Example 1: Microsoft Windows60244.7.2 Example 2: Linux60344.8 Telnet60444.8.1 Configuring Telnet60444.9 Configuring FTP60544.10 SNMP60644.10.1 Supported MIBs60744.10.2 SNMP Traps60744.10.3 Configuring SNMP60844.11 Dial-in Management60944.11.1 a managementAT Command Strings60944.11.2 DTR Signal60944.11.3 Response Strings60944.12 Dial-in Mgmt Configuration60944.13 Vantage CNM61044.14 Configuring Vantage CNM611Maintenance & Troubleshooting613File Manager61545.1 Configuration Files and Shell Scripts Overview61545.1.1 Comments in Configuration Files or Shell Scripts61645.1.2 Errors in Configuration Files or Shell Scripts61745.1.3 ZyWALL Configuration File Details61745.1.4 Configuration File Flow at Restart61745.2 Configuration File Screen61845.3 Firmware Package Screen62045.4 Shell Script Screen622Logs62546.1 View Log Screen62546.2 Log Settings Screens62746.3 Log Settings Summary62846.3.1 Log Settings Edit E-mail62946.3.2 Log Settings Edit syslog63246.3.3 Active Log Summary634Reports63747.1 Traffic Screen63747.2 Session Screen64047.3 Anti-Virus Report Screen64247.4 IDP Report Screen643Diagnostics64748.1 Diagnostics647Reboot649Troubleshooting65150.1 Getting More Troubleshooting Help65250.2 Resetting the ZyWALL652Appendices and Index655Product Specifications657Log Descriptions663Common Services703Displaying Anti-Virus Alert Messages in Windows707Importing Certificates713Open Software Announcements719Legal Information755Customer Support759Index765サイズ: 21.3MBページ数: 780Language: Englishマニュアルを開く