ユーザーズマニュアル目次ZyWALL USG 501About This User's Guide3Document Conventions6Safety Warnings8Contents Overview9Table of Contents11User’s Guide29Introducing the ZyWALL311.1 Overview and Key Default Settings311.2 Rack-mounted Installation321.2.1 Rack-Mounted Installation Procedure321.3 Front Panel331.3.1 Front Panel LEDs331.4 Management Overview341.5 Starting and Stopping the ZyWALL35Features and Applications372.1 Features372.2 Applications392.2.1 VPN Connectivity402.2.2 SSL VPN Network Access402.2.3 User-Aware Access Control422.2.4 Multiple WAN Interfaces43Web Configurator453.1 Web Configurator Requirements453.2 Web Configurator Access453.3 Web Configurator Screens Overview473.3.1 Title Bar483.3.2 Navigation Panel493.3.3 Main Window553.3.4 Tables and Lists57Installation Setup Wizard614.1 Installation Setup Wizard Screens614.1.1 Internet Access Setup - WAN Interface614.1.2 Internet Access: Ethernet624.1.3 Internet Access: PPPoE644.1.4 Internet Access: PPTP654.1.5 ISP Parameters664.1.6 Internet Access Setup - Second WAN Interface674.1.7 Internet Access - Finish684.2 Device Registration68Quick Setup715.1 Quick Setup Overview715.2 WAN Interface Quick Setup725.2.1 Choose an Ethernet Interface725.2.2 Select WAN Type725.2.3 Configure WAN Settings735.2.4 WAN and ISP Connection Settings745.2.5 Quick Setup Interface Wizard: Summary765.3 VPN Quick Setup775.4 VPN Setup Wizard: Wizard Type785.5 VPN Express Wizard - Scenario795.5.1 VPN Express Wizard - Configuration805.5.2 VPN Express Wizard - Summary815.5.3 VPN Express Wizard - Finish825.5.4 VPN Advanced Wizard - Scenario835.5.5 VPN Advanced Wizard - Phase 1 Settings845.5.6 VPN Advanced Wizard - Phase 2865.5.7 VPN Advanced Wizard - Summary875.5.8 VPN Advanced Wizard - Finish88Configuration Basics896.1 Object-based Configuration896.2 Zones, Interfaces, and Physical Ports906.2.1 Interface Types916.2.2 Default Interface and Zone Configuration916.3 Terminology in the ZyWALL936.4 Packet Flow936.4.1 Routing Table Checking Flow956.4.2 NAT Table Checking Flow966.5 Feature Configuration Overview976.5.1 Feature976.5.2 Licensing Registration986.5.3 Licensing Update986.5.4 Interface986.5.5 Trunks996.5.6 Policy Routes996.5.7 Static Routes1006.5.8 Zones1006.5.9 DDNS1016.5.10 NAT1016.5.11 HTTP Redirect1016.5.12 ALG1026.5.13 Auth. Policy1026.5.14 Firewall1036.5.15 IPSec VPN1046.5.16 SSL VPN1046.5.17 Application Patrol1046.5.18 Anti-Virus1056.5.19 IDP1056.5.20 ADP1056.5.21 Content Filter1056.5.22 Anti-Spam1066.6 Objects1076.6.1 User/Group1076.7 System1086.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM1086.7.2 Logs and Reports1096.7.3 File Manager1096.7.4 Diagnostics1096.7.5 Shutdown109Tutorials1117.1 How to Configure Interfaces, Port Roles, and Zones1117.1.1 Configure a WAN Ethernet Interface1127.1.2 Configure Port Roles1137.1.3 Configure the DMZ Interface for a Local Network1137.1.4 Configure Zones1147.2 How to Configure a Cellular Interface1157.3 How to Configure Load Balancing1177.3.1 Set Up Available Bandwidth on Ethernet Interfaces1177.3.2 Configure the WAN Trunk1187.4 How to Set Up an IPSec VPN Tunnel1207.4.1 Set Up the VPN Gateway1217.4.2 Set Up the VPN Connection1227.4.3 Configure Security Policies for the VPN Tunnel1237.5 How to Configure User-aware Access Control1247.5.1 Set Up User Accounts1247.5.2 Set Up User Groups1257.5.3 Set Up User Authentication Using the RADIUS Server1267.5.4 Web Surfing Policies With Bandwidth Restrictions1287.5.5 Set Up MSN Policies1317.5.6 Set Up Firewall Rules1327.6 How to Use a RADIUS Server to Authenticate User Accounts based on Groups1337.7 How to Use Endpoint Security and Authentication Policies1357.7.1 Configure the Endpoint Security Objects1357.7.2 Configure the Authentication Policy1377.8 How to Configure Service Control1387.8.1 Allow HTTPS Administrator Access Only From the LAN1397.9 How to Allow Incoming H.323 Peer-to-peer Calls1417.9.1 Turn On the ALG1427.9.2 Set Up a NAT Policy For H.3231427.9.3 Set Up a Firewall Rule For H.3231447.10 How to Allow Public Access to a Web Server1457.10.1 Create the Address Objects1467.10.2 Configure NAT1467.10.3 Set Up a Firewall Rule1477.11 How to Use an IPPBX on the DMZ1487.11.1 Turn On the ALG1507.11.2 Create the Address Objects1507.11.3 Setup a NAT Policy for the IPPBX1517.11.4 Set Up a WAN to DMZ Firewall Rule for SIP1527.11.5 Set Up a DMZ to LAN Firewall Rule for SIP1537.12 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic1547.12.1 Create the Public IP Address Range Object1547.12.2 Configure the Policy Route155Technical Reference157Dashboard1598.1 Overview1598.1.1 What You Can Do in this Chapter1598.2 The Dashboard Screen1598.2.1 The CPU Usage Screen1658.2.2 The Memory Usage Screen1668.2.3 The Active Sessions Screen1678.2.4 The VPN Status Screen1688.2.5 The DHCP Table Screen1688.2.6 The Number of Login Users Screen169Monitor1719.1 Overview1719.1.1 What You Can Do in this Chapter1719.2 The Port Statistics Screen1729.2.1 The Port Statistics Graph Screen1749.3 Interface Status Screen1759.4 The Traffic Statistics Screen1779.5 The Session Monitor Screen1809.6 The DDNS Status Screen1839.7 IP/MAC Binding Monitor1839.8 The Login Users Screen1849.9 Cellular Status Screen1859.9.1 More Information1879.10 USB Storage Screen1889.11 Application Patrol Statistics1899.11.1 Application Patrol Statistics: General Setup1909.11.2 Application Patrol Statistics: Bandwidth Statistics1919.11.3 Application Patrol Statistics: Protocol Statistics1929.11.4 Application Patrol Statistics: Individual Protocol Statistics by Rule1939.12 The IPSec Monitor Screen1949.12.1 Regular Expressions in Searching IPSec SAs1959.13 The SSL Connection Monitor Screen1969.14 The Anti-Virus Statistics Screen1979.15 The IDP Statistics Screen1999.16 The Content Filter Statistics Screen2019.17 Content Filter Cache Screen2039.18 The Anti-Spam Statistics Screen2069.19 The Anti-Spam Status Screen2089.20 Log Screen209Registration21310.1 Overview21310.1.1 What You Can Do in this Chapter21310.1.2 What you Need to Know21310.2 The Registration Screen21510.3 The Service Screen218Interfaces22111.1 Interface Overview22111.1.1 What You Can Do in this Chapter22111.1.2 What You Need to Know22211.2 Port Role22411.3 Ethernet Summary Screen22511.3.1 Ethernet Edit22711.3.2 Object References23611.4 PPP Interfaces23711.4.1 PPP Interface Summary23811.4.2 PPP Interface Add or Edit23911.5 Cellular Configuration Screen (3G)24311.5.1 Cellular Add/Edit Screen24511.6 VLAN Interfaces25211.6.1 VLAN Summary Screen25411.6.2 VLAN Add/Edit25511.7 Bridge Interfaces26211.7.1 Bridge Summary26411.7.2 Bridge Add/Edit26511.7.3 Virtual Interfaces Add/Edit27011.8 Interface Technical Reference272Trunks27712.1 Overview27712.1.1 What You Can Do in this Chapter27712.1.2 What You Need to Know27812.2 The Trunk Summary Screen28212.3 Configuring a Trunk28312.4 Trunk Technical Reference285Policy and Static Routes28713.1 Policy and Static Routes Overview28713.1.1 What You Can Do in this Chapter28713.1.2 What You Need to Know28813.2 Policy Route Screen29013.2.1 Policy Route Edit Screen29313.3 IP Static Route Screen29713.3.1 Static Route Add/Edit Screen29813.4 Policy Routing Technical Reference299Routing Protocols30314.1 Routing Protocols Overview30314.1.1 What You Can Do in this Chapter30314.1.2 What You Need to Know30314.2 The RIP Screen30414.3 The OSPF Screen30514.3.1 Configuring the OSPF Screen30914.3.2 OSPF Area Add/Edit Screen31214.3.3 Virtual Link Add/Edit Screen31314.4 Routing Protocol Technical Reference314Zones31715.1 Zones Overview31715.1.1 What You Can Do in this Chapter31715.1.2 What You Need to Know31815.2 The Zone Screen31915.3 Zone Edit320DDNS32116.1 DDNS Overview32116.1.1 What You Can Do in this Chapter32116.1.2 What You Need to Know32116.2 The DDNS Screen32216.2.1 The Dynamic DNS Add/Edit Screen324NAT32717.1 NAT Overview32717.1.1 What You Can Do in this Chapter32717.1.2 What You Need to Know32817.2 The NAT Screen32817.2.1 The NAT Add/Edit Screen33017.3 NAT Technical Reference333HTTP Redirect33718.1 Overview33718.1.1 What You Can Do in this Chapter33718.1.2 What You Need to Know33818.2 The HTTP Redirect Screen33918.2.1 The HTTP Redirect Edit Screen340ALG34119.1 ALG Overview34119.1.1 What You Can Do in this Chapter34119.1.2 What You Need to Know34219.1.3 Before You Begin34519.2 The ALG Screen34519.3 ALG Technical Reference347IP/MAC Binding34920.1 IP/MAC Binding Overview34920.1.1 What You Can Do in this Chapter34920.1.2 What You Need to Know35020.2 IP/MAC Binding Summary35020.2.1 IP/MAC Binding Edit35120.2.2 Static DHCP Edit35220.3 IP/MAC Binding Exempt List353Authentication Policy35521.1 Overview35521.1.1 What You Can Do in this Chapter35521.1.2 What You Need to Know35621.2 Authentication Policy Screen35621.2.1 Creating/Editing an Authentication Policy359Firewall36322.1 Overview36322.1.1 What You Can Do in this Chapter36322.1.2 What You Need to Know36422.1.3 Firewall Rule Example Applications36622.1.4 Firewall Rule Configuration Example36922.2 The Firewall Screen37122.2.1 Configuring the Firewall Screen37222.2.2 The Firewall Add/Edit Screen37522.3 The Session Limit Screen37622.3.1 The Session Limit Add/Edit Screen378IPSec VPN38123.1 IPSec VPN Overview38123.1.1 What You Can Do in this Chapter38123.1.2 What You Need to Know38223.1.3 Before You Begin38423.2 The VPN Connection Screen38423.2.1 The VPN Connection Add/Edit (IKE) Screen38623.2.2 The VPN Connection Add/Edit Manual Key Screen39323.3 The VPN Gateway Screen39623.3.1 The VPN Gateway Add/Edit Screen39723.4 IPSec VPN Background Information405SSL VPN41724.1 Overview41724.1.1 What You Can Do in this Chapter41724.1.2 What You Need to Know41724.2 The SSL Access Privilege Screen41924.2.1 The SSL Access Policy Add/Edit Screen42024.3 The SSL Global Setting Screen42324.3.1 How to Upload a Custom Logo42424.4 Establishing an SSL VPN Connection425SSL User Screens42725.1 Overview42725.1.1 What You Need to Know42725.2 Remote User Login42825.3 The SSL VPN User Screens43325.4 Bookmarking the ZyWALL43425.5 Logging Out of the SSL VPN User Screens434SSL User Application Screens43726.1 SSL User Application Screens Overview43726.2 The Application Screen437ZyWALL SecuExtender43927.1 The ZyWALL SecuExtender Icon43927.2 Statistics44027.3 View Log44127.4 Suspend and Resume the Connection44127.5 Stop the Connection44227.6 Uninstalling the ZyWALL SecuExtender442Application Patrol44328.1 Overview44328.1.1 What You Can Do in this Chapter44328.1.2 What You Need to Know44428.1.3 Application Patrol Bandwidth Management Examples44928.2 Application Patrol General Screen45328.3 Application Patrol Applications45428.3.1 The Application Patrol Edit Screen45528.3.2 The Application Patrol Policy Edit Screen45928.4 The Other Applications Screen46228.4.1 The Other Applications Add/Edit Screen465Anti-Virus46929.1 Overview46929.1.1 What You Can Do in this Chapter46929.1.2 What You Need to Know47029.1.3 Before You Begin47129.2 Anti-Virus Summary Screen47229.2.1 Anti-Virus Policy Add or Edit Screen47529.3 Anti-Virus Black List47729.4 Anti-Virus Black List or White List Add/Edit47829.5 Anti-Virus White List47929.6 Signature Searching48029.7 Anti-Virus Technical Reference483IDP48530.1 Overview48530.1.1 What You Can Do in this Chapter48530.1.2 What You Need To Know48530.1.3 Before You Begin48630.2 The IDP General Screen48730.3 Introducing IDP Profiles48930.3.1 Base Profiles49030.4 The Profile Summary Screen49130.5 Creating New Profiles49230.5.1 Procedure To Create a New Profile49230.6 Profiles: Packet Inspection49330.6.1 Profile > Group View Screen49330.6.2 Policy Types49630.6.3 IDP Service Groups49730.6.4 Profile > Query View Screen49930.6.5 Query Example50130.7 Introducing IDP Custom Signatures50330.7.1 IP Packet Header50330.8 Configuring Custom Signatures50430.8.1 Creating or Editing a Custom Signature50630.8.2 Custom Signature Example51230.8.3 Applying Custom Signatures51430.8.4 Verifying Custom Signatures51530.9 IDP Technical Reference516ADP51931.1 Overview51931.1.1 ADP and IDP Comparison51931.1.2 What You Can Do in this Chapter51931.1.3 What You Need To Know51931.1.4 Before You Begin52031.2 The ADP General Screen52131.3 The Profile Summary Screen52231.3.1 Base Profiles52331.3.2 Configuring The ADP Profile Summary Screen52331.3.3 Creating New ADP Profiles52431.3.4 Traffic Anomaly Profiles52431.3.5 Protocol Anomaly Profiles52731.3.6 Protocol Anomaly Configuration52731.4 ADP Technical Reference531Content Filtering53932.1 Overview53932.1.1 What You Can Do in this Chapter53932.1.2 What You Need to Know53932.1.3 Before You Begin54132.2 Content Filter General Screen54132.3 Content Filter Policy Add or Edit Screen54432.4 Content Filter Profile Screen54632.5 Content Filter Categories Screen54632.5.1 Content Filter Blocked and Warning Messages56032.6 Content Filter Customization Screen56032.7 Content Filter Technical Reference563Content Filter Reports56533.1 Overview56533.2 Viewing Content Filter Reports565Anti-Spam57334.1 Overview57334.1.1 What You Can Do in this Chapter57334.1.2 What You Need to Know57334.2 Before You Begin57534.3 The Anti-Spam General Screen57534.3.1 The Anti-Spam Policy Add or Edit Screen57734.4 The Anti-Spam Black List Screen57934.4.1 The Anti-Spam Black or White List Add/Edit Screen58134.4.2 Regular Expressions in Black or White List Entries58234.5 The Anti-Spam White List Screen58334.6 The DNSBL Screen58434.7 Anti-Spam Technical Reference586User/Group59135.1 Overview59135.1.1 What You Can Do in this Chapter59135.1.2 What You Need To Know59135.2 User Summary Screen59435.2.1 User Add/Edit Screen59435.3 User Group Summary Screen59735.3.1 Group Add/Edit Screen59835.4 Setting Screen59935.4.1 Default User Authentication Timeout Settings Edit Screens60235.4.2 User Aware Login Example60435.5 User /Group Technical Reference605Addresses60736.1 Overview60736.1.1 What You Can Do in this Chapter60736.1.2 What You Need To Know60736.2 Address Summary Screen60736.2.1 Address Add/Edit Screen60936.3 Address Group Summary Screen61036.3.1 Address Group Add/Edit Screen611Services61337.1 Overview61337.1.1 What You Can Do in this Chapter61337.1.2 What You Need to Know61337.2 The Service Summary Screen61437.2.1 The Service Add/Edit Screen61637.3 The Service Group Summary Screen61637.3.1 The Service Group Add/Edit Screen618Schedules61938.1 Overview61938.1.1 What You Can Do in this Chapter61938.1.2 What You Need to Know61938.2 The Schedule Summary Screen62038.2.1 The One-Time Schedule Add/Edit Screen62138.2.2 The Recurring Schedule Add/Edit Screen622AAA Server62539.1 Overview62539.1.1 Directory Service (AD/LDAP)62539.1.2 RADIUS Server62639.1.3 ASAS62639.1.4 What You Can Do in this Chapter62639.1.5 What You Need To Know62739.2 Active Directory or LDAP Server Summary62939.2.1 Adding an Active Directory or LDAP Server62939.3 RADIUS Server Summary63139.3.1 Adding a RADIUS Server633Authentication Method63540.1 Overview63540.1.1 What You Can Do in this Chapter63540.1.2 Before You Begin63540.1.3 Example: Selecting a VPN Authentication Method63540.2 Authentication Method Objects63640.2.1 Creating an Authentication Method Object637Certificates64141.1 Overview64141.1.1 What You Can Do in this Chapter64141.1.2 What You Need to Know64141.1.3 Verifying a Certificate64341.2 The My Certificates Screen64541.2.1 The My Certificates Add Screen64641.2.2 The My Certificates Edit Screen65141.2.3 The My Certificates Import Screen65441.3 The Trusted Certificates Screen65541.3.1 The Trusted Certificates Edit Screen65641.3.2 The Trusted Certificates Import Screen66041.4 Certificates Technical Reference661ISP Accounts66342.1 Overview66342.1.1 What You Can Do in this Chapter66342.2 ISP Account Summary66342.2.1 ISP Account Edit664SSL Application66743.1 Overview66743.1.1 What You Can Do in this Chapter66743.1.2 What You Need to Know66743.1.3 Example: Specifying a Web Site for Access66843.2 The SSL Application Screen66943.2.1 Creating/Editing a Web-based SSL Application Object670Endpoint Security67344.1 Overview67344.1.1 What You Can Do in this Chapter67444.1.2 What You Need to Know67444.2 Endpoint Security Screen67544.3 Endpoint Security Add/Edit676System68145.1 Overview68145.1.1 What You Can Do in this Chapter68145.2 Host Name68245.3 USB Storage68345.4 Date and Time68345.4.1 Pre-defined NTP Time Servers List68645.4.2 Time Server Synchronization68745.5 Console Port Speed68845.6 DNS Overview68845.6.1 DNS Server Address Assignment68945.6.2 Configuring the DNS Screen68945.6.3 Address Record69245.6.4 PTR Record69245.6.5 Adding an Address/PTR Record69245.6.6 Domain Zone Forwarder69345.6.7 Adding a Domain Zone Forwarder69345.6.8 MX Record69445.6.9 Adding a MX Record69545.6.10 Adding a DNS Service Control Rule69545.7 WWW Overview69645.7.1 Service Access Limitations69645.7.2 System Timeout69745.7.3 HTTPS69745.7.4 Configuring WWW Service Control69845.7.5 Service Control Rules70245.7.6 Customizing the WWW Login Page70245.7.7 HTTPS Example70645.8 SSH71345.8.1 How SSH Works71445.8.2 SSH Implementation on the ZyWALL71545.8.3 Requirements for Using SSH71545.8.4 Configuring SSH71545.8.5 Secure Telnet Using SSH Examples71745.9 Telnet71845.9.1 Configuring Telnet71945.10 FTP72045.10.1 Configuring FTP72045.11 SNMP72245.11.1 Supported MIBs72445.11.2 SNMP Traps72445.11.3 Configuring SNMP72445.12 Vantage CNM72645.12.1 Configuring Vantage CNM72745.13 Language Screen729Log and Report73146.1 Overview73146.1.1 What You Can Do In this Chapter73146.2 Email Daily Report73146.3 Log Setting Screens73346.3.1 Log Setting Summary73446.3.2 Edit System Log Settings73546.3.3 Edit Remote Server Log Settings74046.3.4 Active Log Summary Screen742File Manager74547.1 Overview74547.1.1 What You Can Do in this Chapter74547.1.2 What you Need to Know74547.2 The Configuration File Screen74847.3 The Firmware Package Screen75247.4 The Shell Script Screen754Diagnostics75748.1 Overview75748.1.1 What You Can Do in this Chapter75748.2 The Diagnostic Screen75748.2.1 The Diagnostics Files Screen75848.3 The Packet Capture Screen75948.3.1 The Packet Capture Files Screen76248.3.2 Example of Viewing a Packet Capture File76348.4 Core Dump Screen76448.4.1 Core Dump Files Screen76548.5 The System Log Screen766Packet Flow Explore76749.1 Overview76749.1.1 What You Can Do in this Chapter76749.2 The Routing Status Screen76749.3 The SNAT Status Screen771Reboot77550.1 Overview77550.1.1 What You Need To Know77550.2 The Reboot Screen775Shutdown77751.1 Overview77751.1.1 What You Need To Know77751.2 The Shutdown Screen777Troubleshooting77952.1 Resetting the ZyWALL79352.2 Getting More Troubleshooting Help794Product Specifications79553.1 Power Adaptor Specifications800Log Descriptions803Common Services861Displaying Anti-Virus Alert Messages in Windows865Importing Certificates871Open Software Announcements897Legal Information943Index947サイズ: 18.6MBページ数: 970Language: Englishマニュアルを開く