ZyXEL 35 SERIES User Manual

ZyWALL 5/35/70 SeriesInternet Security ApplianceUser’s GuideVersion 4.0012/2005

ZyWALL 5/35/70 Series User’s Guide Table of Contents 10Table of ContentsCopyright ...

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 100Figure 30 VPN Wizard: VPN StatusThe following table describes the labels in this screen.

ZyWALL 5/35/70 Series User’s Guide101 Chapter 3 Wizard SetupName This is the name of this VPN network policy.Network Policy SettingLocal NetworkStart

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 1023.8 VPN Wizard Setup CompleteCongratulations! You have successfully set up the VPN rule a

ZyWALL 5/35/70 Series User’s Guide103 Chapter 3 Wizard Setup

ZyWALL 5/35/70 Series User’s GuideChapter 4 Registration 104CHAPTER 4Registration4.1 myZyXEL.com overviewmyZyXEL.com is ZyXEL’s online services cente

ZyWALL 5/35/70 Series User’s Guide105 Chapter 4 RegistrationYou will get automatic e-mail notification of new signature releases from mySecurityZone

ZyWALL 5/35/70 Series User’s GuideChapter 4 Registration 106The following table describes the labels in this screen. Note: If the ZyWALL is registered

ZyWALL 5/35/70 Series User’s Guide107 Chapter 4 RegistrationFigure 33 Registration: Registered Device4.3 ServiceAfter you activate a trial, you ca

ZyWALL 5/35/70 Series User’s GuideChapter 4 Registration 108The following table describes the labels in this screen. Table 21 ServiceLABEL DESCRIPTI

ZyWALL 5/35/70 Series User’s Guide109 Chapter 4 Registration

ZyWALL 5/35/70 Series User’s Guide11 Table of Contents2.4.5 Show Statistics: Line Chart...

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 110CHAPTER 5LAN ScreensThis chapter describes how to configure LAN settings. This chapter is o

ZyWALL 5/35/70 Series User’s Guide111 Chapter 5 LAN ScreensThese parameters should work for the majority of installations. If your ISP gives you expl

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 112Both RIP-2B and RIP-2M send routing data in RIP-2 format; the difference being that RIP-2B

ZyWALL 5/35/70 Series User’s Guide113 Chapter 5 LAN ScreensFigure 35 LANThe following table describes the labels in this screen.Table 22 LAN LAB

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 114Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is

ZyWALL 5/35/70 Series User’s Guide115 Chapter 5 LAN Screens5.6 LAN Static DHCPThis table allows you to assign IP addresses on the LAN to specific in

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 1165.7 LAN IP AliasIP alias allows you to partition a physical network into different logical

ZyWALL 5/35/70 Series User’s Guide117 Chapter 5 LAN ScreensFigure 38 LAN IP AliasThe following table describes the labels in this screen.Table 24

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 1185.8 LAN Port RolesUse the Port Roles screen to set ports as LAN, DMZ or WLAN interfaces. T

ZyWALL 5/35/70 Series User’s Guide119 Chapter 5 LAN ScreensTo change your ZyWALL’s port role settings, click NETWORK, LAN and then the Port Roles tab

ZyWALL 5/35/70 Series User’s Guide Table of Contents 12Chapter 6Bridge Screens...

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 120After you change the LAN/DMZ/WLAN port roles and click Apply, please wait for few seconds u

ZyWALL 5/35/70 Series User’s Guide121 Chapter 5 LAN Screens

ZyWALL 5/35/70 Series User’s GuideChapter 6 Bridge Screens 122CHAPTER 6Bridge ScreensThis chapter describes how to configure bridge settings. This cha

ZyWALL 5/35/70 Series User’s Guide123 Chapter 6 Bridge Screens6.2.1 Rapid STPThe ZyWALL uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that al

ZyWALL 5/35/70 Series User’s GuideChapter 6 Bridge Screens 124Once a stable network topology has been established, all bridges listen for Hello BPDUs

ZyWALL 5/35/70 Series User’s Guide125 Chapter 6 Bridge ScreensFigure 43 BridgeThe following table describes the labels in this screen.Table 28 Br

ZyWALL 5/35/70 Series User’s GuideChapter 6 Bridge Screens 1266.4 Bridge Port Roles Use the Port Roles screen to set ports as LAN, DMZ or WLAN interf

ZyWALL 5/35/70 Series User’s Guide127 Chapter 6 Bridge ScreensFigure 44 WLAN Port Role Example To change your ZyWALL’s port role settings, click NE

ZyWALL 5/35/70 Series User’s GuideChapter 6 Bridge Screens 128After you change the LAN/DMZ/WLAN port roles and click Apply, please wait for few second

ZyWALL 5/35/70 Series User’s Guide129 Chapter 6 Bridge Screens

ZyWALL 5/35/70 Series User’s Guide13 Table of Contents7.17 Configuring Advanced Modem Setup ...

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 130CHAPTER 7WAN ScreensThis chapter describes how to configure WAN settings. Multiple WAN and

ZyWALL 5/35/70 Series User’s Guide131 Chapter 7 WAN ScreensYou can select through which WAN port you want to send out traffic from UPnP-enabled appli

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1327.4.1.1 Example 1The following figure depicts an example where both the WAN ports on the Z

ZyWALL 5/35/70 Series User’s Guide133 Chapter 7 WAN Screens7.4.2 Weighted Round Robin Similar to the Round Robin (RR) algorithm, the Weighted Round

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 134Figure 49 Spillover Algorithm Example7.5 TCP/IP Priority (Metric)The metric represents t

ZyWALL 5/35/70 Series User’s Guide135 Chapter 7 WAN ScreensFigure 50 WAN General

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 136The following table describes the labels in this screen.Table 32 WAN General LABEL DESCRI

ZyWALL 5/35/70 Series User’s Guide137 Chapter 7 WAN Screens7.7 Configuring Load Balancing To configure load balancing on the ZyWALL, click NETWORK,

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1387.7.1 Least Load FirstTo configure Least Load First, select Least Load First in the Load B

ZyWALL 5/35/70 Series User’s Guide139 Chapter 7 WAN Screens7.7.2 Weighted Round RobinTo load balance using the weighted round robin method, select W

ZyWALL 5/35/70 Series User’s Guide Table of Contents 149.16.4 IEEE 802.1x + Dynamic WEP ...

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 140Figure 53 Load Balancing: SpilloverThe following table describes the related fields in th

ZyWALL 5/35/70 Series User’s Guide141 Chapter 7 WAN ScreensFigure 54 WAN RouteThe following table describes the labels in this screen.Table 36 WA

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1427.9 WAN IP Address Assignment Every computer on the Internet must have a unique IP address

ZyWALL 5/35/70 Series User’s Guide143 Chapter 7 WAN Screens1 The ISP tells you the DNS server addresses, usually in the form of an information sheet,

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 144Figure 55 WAN: Ethernet EncapsulationThe following table describes the labels in this scr

ZyWALL 5/35/70 Series User’s Guide145 Chapter 7 WAN ScreensRetype to Confirm Type your password again to make sure that you have entered is correctly

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1467.12.2 PPPoE EncapsulationThe ZyWALL supports PPPoE (Point-to-Point Protocol over Ethernet

ZyWALL 5/35/70 Series User’s Guide147 Chapter 7 WAN ScreensOperationally, PPPoE saves significant effort for both you and the ISP or carrier, as it r

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 148The following table describes the labels in this screen.Table 40 WAN: PPPoE Encapsulation

ZyWALL 5/35/70 Series User’s Guide149 Chapter 7 WAN ScreensRIP Direction RIP (Routing Information Protocol) allows a router to exchange routing infor

ZyWALL 5/35/70 Series User’s Guide15 Table of Contents11.3.3.2 Service ...

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1507.12.3 PPTP EncapsulationPoint-to-Point Tunneling Protocol (PPTP) is a network protocol th

ZyWALL 5/35/70 Series User’s Guide151 Chapter 7 WAN ScreensThe following table describes the labels in this screen.Table 41 WAN: PPTP Encapsulation

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 152Enable NAT (Network Address Translation)Network Address Translation (NAT) allows the transl

ZyWALL 5/35/70 Series User’s Guide153 Chapter 7 WAN Screens7.13 Traffic RedirectTraffic redirect forwards WAN traffic to a backup gateway when the Z

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 154Figure 59 Traffic Redirect LAN Setup7.14 Configuring Traffic RedirectTo change your ZyWA

ZyWALL 5/35/70 Series User’s Guide155 Chapter 7 WAN Screens7.15 Configuring Dial BackupClick NETWORK, WAN and then the Dial Backup tab to display t

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 156Figure 61 Dial Backup

ZyWALL 5/35/70 Series User’s Guide157 Chapter 7 WAN ScreensThe following table describes the labels in this screen.Table 43 Dial Backup LABEL DESCR

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 158Enable RIP Select this check box to turn on RIP (Routing Information Protocol), which allow

ZyWALL 5/35/70 Series User’s Guide159 Chapter 7 WAN Screens7.16 Advanced Modem Setup7.16.1 AT Command StringsFor regular telephone lines, the defau

ZyWALL 5/35/70 Series User’s Guide Table of Contents 1613.3.3 Signature Actions ...

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 160Figure 62 Advanced SetupThe following table describes the labels in this screen. Table 44

ZyWALL 5/35/70 Series User’s Guide161 Chapter 7 WAN ScreensDial Timeout (sec) Type a number of seconds for the ZyWALL to try to set up an outgoing ca

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 162CHAPTER 8DMZ ScreensThis chapter describes how to configure the ZyWALL’s DMZ.8.1 DMZThe De

ZyWALL 5/35/70 Series User’s Guide163 Chapter 8 DMZ ScreensFigure 63 DMZThe following table describes the labels in this screen. Table 45 DMZ LAB

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 164RIP Version The RIP Version field controls the format and the broadcasting method of the RI

ZyWALL 5/35/70 Series User’s Guide165 Chapter 8 DMZ Screens8.3 DMZ Static DHCPThis table allows you to assign IP addresses on the DMZ to specific in

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 166Figure 64 DMZ Static DHCPThe following table describes the labels in this screen.Table 46

ZyWALL 5/35/70 Series User’s Guide167 Chapter 8 DMZ Screens8.4 DMZ IP AliasIP alias allows you to partition a physical network into different logica

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 1688.5 DMZ Public IP Address ExampleThe following figure shows a simple network setup with pu

ZyWALL 5/35/70 Series User’s Guide169 Chapter 8 DMZ ScreensFigure 66 DMZ Public Address Example8.6 DMZ Private and Public IP Address ExampleThe fo

ZyWALL 5/35/70 Series User’s Guide17 Table of ContentsChapter 16Content Filtering Screens ...

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 170Figure 67 DMZ Private and Public Address Example8.7 DMZ Port RolesUse the Port Roles scr

ZyWALL 5/35/70 Series User’s Guide171 Chapter 8 DMZ ScreensFigure 68 WLAN Port Role Example Note: Do the following if you are configuring from a co

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 172Figure 69 DMZ: Port RolesThe following table describes the labels in this screen. Table 4

ZyWALL 5/35/70 Series User’s Guide173 Chapter 8 DMZ Screens

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 174CHAPTER 9Wireless LAN This chapter discusses how to configure wireless LAN on the ZyWALL.9

ZyWALL 5/35/70 Series User’s Guide175 Chapter 9 Wireless LANFigure 70 WLANThe following table describes the labels in this screen.Table 49 WLAN

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 176RIP Version The RIP Version field controls the format and the broadcasting method of the R

ZyWALL 5/35/70 Series User’s Guide177 Chapter 9 Wireless LAN9.3 WLAN Static DHCPThis table allows you to assign IP addresses on the WLAN to specific

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 178Figure 71 WLAN Static DHCPThe following table describes the labels in this screen.9.4 W

ZyWALL 5/35/70 Series User’s Guide179 Chapter 9 Wireless LANWhen you use IP alias, you can also configure firewall rules to control access between th

ZyWALL 5/35/70 Series User’s Guide Table of Contents 18Chapter 19VPN Screens...

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1809.5 WLAN Port RolesUse the Port Roles screen to set ports as LAN, DMZ or WLAN interfaces.

ZyWALL 5/35/70 Series User’s Guide181 Chapter 9 Wireless LANNote: Do the following if you are configuring from a computer connected to a LAN, DMZ or

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 182After you change the LAN/DMZ/WLAN port roles and click Apply, please wait for few seconds

ZyWALL 5/35/70 Series User’s Guide183 Chapter 9 Wireless LANFigure 76 ZyWALL Wireless Security LevelsIf you do not enable any wireless security on

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1849.6.3 Restricted AccessThe MAC Filter screen allows you to configure the AP to give exclu

ZyWALL 5/35/70 Series User’s Guide185 Chapter 9 Wireless LAN9.9 802.1x OverviewThe IEEE 802.1x standard outlines enhanced security methods for both

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 186Sent by the RADIUS server to indicate that it has started or stopped accounting. In order

ZyWALL 5/35/70 Series User’s Guide187 Chapter 9 Wireless LANIf this feature is enabled, it is not necessary to configure a default encryption key in

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 188TKIP regularly changes and rotates the encryption keys so that the same encryption key is

ZyWALL 5/35/70 Series User’s Guide189 Chapter 9 Wireless LANFigure 78 WPA-PSK Authentication9.13 Introduction to RADIUSThe ZyWALL can use an exter

ZyWALL 5/35/70 Series User’s Guide19 Table of Contents20.5.1 Certificate File Formats ...

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 190Figure 79 WPA with RADIUS Application Example9.15 Wireless Client WPA SupplicantsA wire

ZyWALL 5/35/70 Series User’s Guide191 Chapter 9 Wireless LANFigure 80 Wireless Card: No SecurityThe following table describes the labels in this sc

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1929.16.1 Static WEPStatic WEP provides a mechanism for encrypting data using encryption key

ZyWALL 5/35/70 Series User’s Guide193 Chapter 9 Wireless LANFigure 81 Wireless Card: Static WEPThe following table describes the wireless LAN secur

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 194Figure 82 Wireless Card: WPA-PSKThe following wireless LAN security fields become availa

ZyWALL 5/35/70 Series User’s Guide195 Chapter 9 Wireless LAN9.16.3 WPAClick the NETWORK and WIRELESS CARD to display the Wireless Card screen. Selec

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1969.16.4 IEEE 802.1x + Dynamic WEPClick the NETWORK and WIRELESS CARD to display the Wirele

ZyWALL 5/35/70 Series User’s Guide197 Chapter 9 Wireless LAN9.16.5 IEEE 802.1x + Static WEPClick the NETWORK and WIRELESS CARD to display the Wirele

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1989.16.6 IEEE 802.1x + No WEPClick the NETWORK and WIRELESS CARD to display the Wireless Ca

ZyWALL 5/35/70 Series User’s Guide199 Chapter 9 Wireless LANThe following wireless LAN security fields become available when you select 802.1x + No W

ZyWALL 5/35/70 Series User’s Guide Copyright 2CopyrightCopyright © 2005 by ZyXEL Communications Corporation.The contents of this publication may not b

ZyWALL 5/35/70 Series User’s Guide Table of Contents 2022.7 Port Triggering ...

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 200The following wireless LAN security fields become available when you select No Access 802.

ZyWALL 5/35/70 Series User’s Guide201 Chapter 9 Wireless LANFigure 88 Wireless Card: MAC Address FilterThe following table describes the labels in

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 202CHAPTER 10FirewallsThis chapter gives some background information on firewalls and introduce

ZyWALL 5/35/70 Series User’s Guide203 Chapter 10 Firewalls1 Information hiding prevents the names of internal systems from being made known via DNS t

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 204Figure 89 ZyWALL Firewall Application10.4 Denial of ServiceDenials of Service (DoS) attac

ZyWALL 5/35/70 Series User’s Guide205 Chapter 10 Firewalls10.4.2 Types of DoS AttacksThere are four types of DoS attacks: 1 Those that exploit bugs

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 206response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up

ZyWALL 5/35/70 Series User’s Guide207 Chapter 10 FirewallsFigure 92 Smurf Attack10.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol th

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 208All SMTP commands are illegal except for those displayed in the following tables.10.4.2.3 T

ZyWALL 5/35/70 Series User’s Guide209 Chapter 10 FirewallsFigure 93 Stateful InspectionThe previous figure shows the ZyWALL’s default firewall rule

ZyWALL 5/35/70 Series User’s Guide21 Table of ContentsChapter 26DNS...

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 210temporary entries might be modified, in order to permit only packets that are valid for the

ZyWALL 5/35/70 Series User’s Guide211 Chapter 10 FirewallsIf an initiation packet originates on the LAN, this means that someone is trying to make a

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 212Any protocol that operates in this way must be supported on a case-by-case basis. You can us

ZyWALL 5/35/70 Series User’s Guide213 Chapter 10 Firewalls10.7.2 Firewall• The firewall inspects packet contents as well as their source and destina

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 214CHAPTER 11Firewall ScreensThis chapter shows you how to configure your ZyWALL firewal

ZyWALL 5/35/70 Series User’s Guide215 Chapter 11 Firewall Screens• WLAN to WANBy default, the ZyWALL’s stateful packet inspection drops packets trave

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 21611.3 Rule Logic OverviewNote: Study these points carefully before configuring rules.

ZyWALL 5/35/70 Series User’s Guide217 Chapter 11 Firewall Screens11.3.3.2 ServiceSelect the service from the Service scrolling list box. If the serv

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 218Figure 94 LAN to WAN Traffic11.4.2 WAN To LAN RulesThe default rule for WAN to LAN

ZyWALL 5/35/70 Series User’s Guide219 Chapter 11 Firewall Screens11.6 Firewall Default Rule (Router Mode)Click SECURITY, FIREWALL to open the Defaul

ZyWALL 5/35/70 Series User’s Guide Table of Contents 2227.13 FTP ...

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 22011.7 Firewall Default Rule (Bridge Mode) Click SECURITY, FIREWALL to open the Defau

ZyWALL 5/35/70 Series User’s Guide221 Chapter 11 Firewall ScreensFigure 97 Default Rule (Bridge Mode)The following table describes the labels in th

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 22211.8 Firewall Rule Summary Click SECURITY, FIREWALL, then the Rule Summary tab to op

ZyWALL 5/35/70 Series User’s Guide223 Chapter 11 Firewall Screens11.8.1 Firewall Edit Rule Follow these directions to create a new rule.1 In the

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 224Figure 99 Firewall Edit Rule

ZyWALL 5/35/70 Series User’s Guide225 Chapter 11 Firewall ScreensThe following table describes the labels in this screen. Table 70 Firewall Edit

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 22611.9 Anti-Probing If an outside user attempts to probe an unsupported port on you

ZyWALL 5/35/70 Series User’s Guide227 Chapter 11 Firewall Screens11.10 Firewall Threshold In the Threshold screen, shown later, you may choose to

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 228When the rate of new connection attempts rises above a threshold (one-minute high), t

ZyWALL 5/35/70 Series User’s Guide229 Chapter 11 Firewall ScreensFigure 101 Firewall ThresholdThe following table describes the labels in this scre

ZyWALL 5/35/70 Series User’s Guide23 Table of ContentsChapter 30Logs Screens...

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 23011.11 Service Click SECURITY, FIREWALL, then the Service tab to open the screen as s

ZyWALL 5/35/70 Series User’s Guide231 Chapter 11 Firewall ScreensFigure 102 Firewall ServiceThe following table describes the labels in this screen

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 23211.11.1 Firewall Edit Custom Service Configure customized ports for services not pre

ZyWALL 5/35/70 Series User’s Guide233 Chapter 11 Firewall Screens11.11.2 Predefined ServicesThe Predefined Services table in the Service screen disp

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 234IMAP(TCP/UDP:143) Internet Message Access Protocol (IMAP) is used to access mail stor

ZyWALL 5/35/70 Series User’s Guide235 Chapter 11 Firewall Screens11.12 Example Firewall Rule The following Internet firewall rule example allows a h

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 236Figure 104 Service2 Configure it as follows and click Apply.Figure 105 Edit Custo

ZyWALL 5/35/70 Series User’s Guide237 Chapter 11 Firewall ScreensFigure 106 Rule Summary6 Enter the name of the firewall rule.7 Select Any in the D

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 238Note: Custom services show up with an * before their names in the Services list box a

ZyWALL 5/35/70 Series User’s Guide239 Chapter 11 Firewall ScreensFigure 109 My Service Example Rule Summary Rule 1: Allows a My Service connection

ZyWALL 5/35/70 Series User’s Guide Table of Contents 2432.4 Changing the System Password ...

ZyWALL 5/35/70 Series User’s GuideChapter 12 Intrusion Detection and Prevention (IDP) 240CHAPTER 12Intrusion Detection and Prevention (IDP) This chapt

ZyWALL 5/35/70 Series User’s Guide241 Chapter 12 Intrusion Detection and Prevention (IDP)Firewalls are usually deployed at the network edge. However,

ZyWALL 5/35/70 Series User’s GuideChapter 12 Intrusion Detection and Prevention (IDP) 24212.1.5 Example IntrusionsThe following are some examples of

ZyWALL 5/35/70 Series User’s Guide243 Chapter 12 Intrusion Detection and Prevention (IDP)12.1.5.4 MyDoomMyDoom W32.Mydoom.A@mm (also known as W32.No

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 244CHAPTER 13Configuring IDPThis chapter shows you how to configure IDP on the ZyWALL. 13

ZyWALL 5/35/70 Series User’s Guide245 Chapter 13 Configuring IDPFigure 111 Applying IDP to Interfaces13.2 General SetupUse this screen to enable I

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 246Figure 112 IDP: GeneralThe following table describes the labels in this screen.13.3

ZyWALL 5/35/70 Series User’s Guide247 Chapter 13 Configuring IDPTo see signatures listed by intrusion type supported by the ZyWALL, select that type

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 24813.3.2 Intrusion SeverityIntrusions are assigned a severity level based on the follow

ZyWALL 5/35/70 Series User’s Guide249 Chapter 13 Configuring IDPFigure 114 Signature Actions The following table describes signature actions. 13.3.

ZyWALL 5/35/70 Series User’s Guide25 Table of Contents37.3 TCP/IP Setup ...

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 250Figure 115 IDP: SignaturesThe following table describes the labels in this screen.Ta

ZyWALL 5/35/70 Series User’s Guide251 Chapter 13 Configuring IDP13.3.5 Query View Click IDP in the navigation panel and then click the Signatures ta

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 252Note: A partial name may be searched but a complete ID number must be entered before a

ZyWALL 5/35/70 Series User’s Guide253 Chapter 13 Configuring IDPFigure 117 Signature Query by Complete ID13.3.5.2 Query Example 21 From the “group

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 254Figure 118 Signature Query by Attribute. 13.4 Update The ZyWALL comes with built-in

ZyWALL 5/35/70 Series User’s Guide255 Chapter 13 Configuring IDP13.4.2 Configuring IDP UpdateWhen scheduling signature updates, you should choose a

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 256The following table describes the labels in this screen.Table 81 Signatures Update L

ZyWALL 5/35/70 Series User’s Guide257 Chapter 13 Configuring IDP13.5 Backup and RestoreYou can change the pre-defined Active, Log, Alert and/or Acti

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 258CHAPTER 14Anti-Virus This chapter introduces and shows you how to configure the anti-virus

ZyWALL 5/35/70 Series User’s Guide259 Chapter 14 Anti-Virus2 The virus spreads to other files and programs on the computer. 3 The infected files are

ZyWALL 5/35/70 Series User’s Guide Table of Contents 2642.2 NAT Setup ...

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 26014.2.1 How the ZyWALL Anti-Virus Scanner WorksThe ZyWALL checks traffic going to the inte

ZyWALL 5/35/70 Series User’s Guide261 Chapter 14 Anti-Virus1 The ZyWALL anti-virus scanner cannot detect polymorphic viruses. 2 The ZyWALL does not

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 262The following table describes the labels in this screen.14.4 Signature Update The ZyWALL

ZyWALL 5/35/70 Series User’s Guide263 Chapter 14 Anti-VirusNote: You should have already registered the ZyWALL at myZyXEL.com (http://www.myzyxel.com

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 264Figure 123 Anti-Virus: UpdateThe following table describes the labels in this screen. Ta

ZyWALL 5/35/70 Series User’s Guide265 Chapter 14 Anti-VirusUpdate Now Click this button to begin downloading signatures from the Update Server immedi

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 266CHAPTER 15Anti-SpamThis chapter covers how to use the ZyWALL’s anti-spam feature to deal wit

ZyWALL 5/35/70 Series User’s Guide267 Chapter 15 Anti-Spam15.1.1.1 SpamBulk EngineThe e-mail fingerprint ID that the ZyWALL generates and sends to t

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 26815.1.1.4 SpamTricks EngineThe SpamTricks engine checks for the tactics that spammers use to

ZyWALL 5/35/70 Series User’s Guide269 Chapter 15 Anti-SpamThe anti-spam external database checks for spoofing of e-mail attributes (like the IP addre

ZyWALL 5/35/70 Series User’s Guide27 Table of Contents46.2 System Status ...

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 27015.1.7 MIME HeadersMIME (Multipurpose Internet Mail Extensions) allows varied media types t

ZyWALL 5/35/70 Series User’s Guide271 Chapter 15 Anti-SpamThe following table describes the labels in this screen. 15.3 Anti-Spam External DB Screen

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 272Figure 126 Anti-Spam: External DBThe following table describes the labels in this screen.

ZyWALL 5/35/70 Series User’s Guide273 Chapter 15 Anti-Spam15.4 Anti-Spam Lists Screen Click SECURITY, ANTI-SPAM, Lists to display the Anti-Spam Lis

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 274Figure 127 Anti-Spam: ListsThe following table describes the labels in this screen. Table

ZyWALL 5/35/70 Series User’s Guide275 Chapter 15 Anti-Spam15.5 Anti-Spam Rule Edit Screen Click SECURITY, ANTI-SPAM, Lists to display the Anti-Spa

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 276The following table describes the labels in this screen. Table 88 Anti-Spam Rule EditLAB

ZyWALL 5/35/70 Series User’s Guide277 Chapter 15 Anti-SpamApply Click Apply to save your settings and exit this screen.Cancel Click Cancel to exit th

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 278CHAPTER 16Content Filtering ScreensThis chapter provides an overview of cont

ZyWALL 5/35/70 Series User’s Guide279 Chapter 16 Content Filtering ScreensFigure 129 Content Filter : GeneralThe following table describes the labe

ZyWALL 5/35/70 Series User’s Guide Table of Contents 28Chapter 48System Maintenance Menus 8 to 10...

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 28016.3 Content Filtering with an External DatabaseWhen you register for and e

ZyWALL 5/35/70 Series User’s Guide281 Chapter 16 Content Filtering ScreensFigure 130 Content Filtering Lookup Procedure1 A computer behind the ZyWA

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 282Figure 131 Content Filter : CategoriesThe following table describes the la

ZyWALL 5/35/70 Series User’s Guide283 Chapter 16 Content Filtering ScreensUnrated Web Pages Select Block to prevent users from accessing web pages th

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 284Alcohol/Tobacco Selecting this category excludes pages that promote or offer

ZyWALL 5/35/70 Series User’s Guide285 Chapter 16 Content Filtering ScreensEducation Selecting this category excludes pages that offer educational inf

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 286News/Media Selecting this category excludes pages that primarily report info

ZyWALL 5/35/70 Series User’s Guide287 Chapter 16 Content Filtering ScreensHumor/Jokes Selecting this category excludes pages that primarily focus on

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 28816.5 Content Filter Customization Click SECURITY, CONTENT FILTER, then th

ZyWALL 5/35/70 Series User’s Guide289 Chapter 16 Content Filtering ScreensThe following table describes the labels in this screen. Table 91 Content

ZyWALL 5/35/70 Series User’s Guide29 Table of ContentsHardware Installation...

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 29016.6 Customizing Keyword Blocking URL CheckingYou can use commands to set h

ZyWALL 5/35/70 Series User’s Guide291 Chapter 16 Content Filtering ScreensUse the ip urlfilter customize actionFlags 8 [disable | enable] command to

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 292The following table describes the labels in this screen.Table 92 Content F

ZyWALL 5/35/70 Series User’s Guide293 Chapter 16 Content Filtering Screens

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 294CHAPTER 17Content Filtering ReportsThis chapter describes how to view conten

ZyWALL 5/35/70 Series User’s Guide295 Chapter 17 Content Filtering ReportsFigure 134 myZyXEL.com: Login3 A welcome screen displays. Click your ZyWA

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 296Figure 136 myZyXEL.com: Service Management5 Enter your ZyXEL device's

ZyWALL 5/35/70 Series User’s Guide297 Chapter 17 Content Filtering ReportsFigure 138 Content Filtering Reports Main Screen8 Select items under Glob

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 298Figure 140 Global Report Screen Example11You can click a category in the C

ZyWALL 5/35/70 Series User’s Guide299 Chapter 17 Content Filtering ReportsFigure 141 Requested URLs Example17.3 Web Site SubmissionYou may find th

ZyWALL 5/35/70 Series User’s Guide3 Federal Communications Commission (FCC) Interference StatementFederal Communications Commission (FCC) Interferen

ZyWALL 5/35/70 Series User’s Guide Table of Contents 30Appendix SLog Descriptions...

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 300Figure 142 Web Page Review Process Screen3 Type the web site’s URL in the

ZyWALL 5/35/70 Series User’s Guide301 Chapter 17 Content Filtering Reports

ZyWALL 5/35/70 Series User’s GuideChapter 18 Introduction to IPSec 302CHAPTER 18Introduction to IPSecThis chapter introduces the basics of IPSec VPNs.

ZyWALL 5/35/70 Series User’s Guide303 Chapter 18 Introduction to IPSecFigure 143 Encryption and Decryption18.1.3.2 Data ConfidentialityThe IPSec s

ZyWALL 5/35/70 Series User’s GuideChapter 18 Introduction to IPSec 30418.2 IPSec ArchitectureThe overall IPSec architecture is shown as follows.Figur

ZyWALL 5/35/70 Series User’s Guide305 Chapter 18 Introduction to IPSecFigure 145 Transport and Tunnel Mode IPSec Encapsulation18.3.1 Transport Mod

ZyWALL 5/35/70 Series User’s GuideChapter 18 Introduction to IPSec 306NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An I

ZyWALL 5/35/70 Series User’s Guide307 Chapter 18 Introduction to IPSec

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 308CHAPTER 19VPN ScreensThis chapter introduces the VPN Web Configurator. See Chapter 30 on p

ZyWALL 5/35/70 Series User’s Guide309 Chapter 19 VPN Screens19.3 My ZyWALLMy ZyWALL identifies the WAN IP address or domain name of the ZyWALL (if i

ZyWALL 5/35/70 Series User’s Guide31 Table of Contents

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 310If the remote secure gateway has a static WAN IP address, enter it in the Remote Gateway A

ZyWALL 5/35/70 Series User’s Guide311 Chapter 19 VPN ScreensFigure 146 NAT Router Between IPSec RoutersNormally you cannot set up a VPN connection

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 312between three encryption algorithms (DES, 3DES and AES), two authentication algorithms (MD

ZyWALL 5/35/70 Series User’s Guide313 Chapter 19 VPN ScreensThe two ZyWALLs in this example cannot complete their negotiation because ZyWALL B’s Loca

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 314• Choose an authentication algorithm.• Choose a Diffie-Hellman public-key cryptography key

ZyWALL 5/35/70 Series User’s Guide315 Chapter 19 VPN Screens19.8.3 Diffie-Hellman (DH) Key GroupsDiffie-Hellman (DH) is a public-key cryptography pr

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 31619.10 VPN Rules (IKE) Click VPN to display the VPN Rules (IKE) screen. This is a read-on

ZyWALL 5/35/70 Series User’s Guide317 Chapter 19 VPN ScreensFigure 149 Gateway and Network Policies This figure helps explain the main fields in th

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 318Note: The Recycle Bin gateway policy is a virtual placeholder for any network policy(ies)

ZyWALL 5/35/70 Series User’s Guide319 Chapter 19 VPN ScreensFigure 151 VPN Rules (IKE): Gateway Policy: Edit

ZyWALL 5/35/70 Series User’s Guide List of Figures 32List of FiguresFigure 1 Secure Internet Access via Cable, DSL or Wireless Modem ...

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 320The following table describes the labels in this screen. Table 101 VPN Rules (IKE): Gate

ZyWALL 5/35/70 Series User’s Guide321 Chapter 19 VPN ScreensRemote Gateway AddressType the WAN IP address or the domain name (up to 31 characters) of

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 322Peer ID Type Select from the following when you set Authentication Key to Pre-shared Key.•

ZyWALL 5/35/70 Series User’s Guide323 Chapter 19 VPN ScreensServer Mode Select Server Mode to have this ZyWALL authenticate extended authentication c

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 32419.12 VPN Rules (IKE): Network Policy Edit Click VPN and the add network policy ( ) ic

ZyWALL 5/35/70 Series User’s Guide325 Chapter 19 VPN ScreensFigure 152 VPN Rules (IKE): Network Policy Edit

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 326The following table describes the labels in this screen. Table 102 VPN Rules (IKE): Netw

ZyWALL 5/35/70 Series User’s Guide327 Chapter 19 VPN ScreensStarting IP Address When the Address Type field is configured to Single Address, enter a

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 32819.13 VPN Rules (IKE): Network Policy Move Click the move ( ) icon in the VPN Rules (IK

ZyWALL 5/35/70 Series User’s Guide329 Chapter 19 VPN ScreensFigure 153 VPN Rules (IKE): Network Policy Move The following table describes the label

ZyWALL 5/35/70 Series User’s Guide33 List of FiguresFigure 39 WLAN Port Role Example ...

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 330You may want to configure a VPN rule that uses manual key management if you are having pro

ZyWALL 5/35/70 Series User’s Guide331 Chapter 19 VPN Screens19.15 VPN Rules (Manual): Edit Manual key management is useful if you have problems wi

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 332Figure 155 VPN Rules (Manual): Edit The following table describes the labels in this scr

ZyWALL 5/35/70 Series User’s Guide333 Chapter 19 VPN ScreensLocal Network Local IP addresses must be static and correspond to the remote IPSec router

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 334My ZyWALL When the ZyWALL is in router mode, enter the WAN IP address or the domain name o

ZyWALL 5/35/70 Series User’s Guide335 Chapter 19 VPN Screens19.16 VPN SA Monitor In the web configurator, click VPN and the SA Monitor tab. Use thi

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 33619.17 VPN Global Setting Click VPN, then the Global Setting tab to open the VPN Global Se

ZyWALL 5/35/70 Series User’s Guide337 Chapter 19 VPN Screens19.18 Telecommuter VPN/IPSec ExamplesThe following examples show how multiple telecommut

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 338Figure 158 Telecommuters Sharing One VPN Rule Example19.18.2 Telecommuters Using Unique

ZyWALL 5/35/70 Series User’s Guide339 Chapter 19 VPN ScreensFigure 159 Telecommuters Using Unique VPN Rules ExampleTable 109 Telecommuters Using

ZyWALL 5/35/70 Series User’s Guide List of Figures 34Figure 82 Wireless Card: WPA-PSK ...

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 34019.19 VPN and Remote ManagementIf a VPN tunnel uses Telnet, FTP, WWW, SNMP, DNS or ICMP,

ZyWALL 5/35/70 Series User’s Guide341 Chapter 19 VPN Screens

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 342CHAPTER 20CertificatesThis chapter gives background information about public-key certific

ZyWALL 5/35/70 Series User’s Guide343 Chapter 20 CertificatesCertification authorities maintain directory servers with databases of valid and revoked

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 34420.4 My Certificates Click SECURITY, CERTIFICATES, My Certificates to open the My Certif

ZyWALL 5/35/70 Series User’s Guide345 Chapter 20 CertificatesType This field displays what kind of certificate this is. REQ represents a certificatio

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 34620.5 My Certificate Import Click SECURITY, CERTIFICATES, My Certificates and then Impor

ZyWALL 5/35/70 Series User’s Guide347 Chapter 20 CertificatesFigure 162 My Certificate ImportThe following table describes the labels in this scree

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 348Figure 163 My Certificate CreateThe following table describes the labels in this screen

ZyWALL 5/35/70 Series User’s Guide349 Chapter 20 CertificatesCountry Type up to 127 characters to identify the nation where the certificate owner is

ZyWALL 5/35/70 Series User’s Guide35 List of FiguresFigure 125 Anti-Spam: General ...

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 350After you click Apply in the My Certificate Create screen, you see a screen that tells yo

ZyWALL 5/35/70 Series User’s Guide351 Chapter 20 CertificatesFigure 164 My Certificate Details

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 352The following table describes the labels in this screen. Table 113 My Certificate Deta

ZyWALL 5/35/70 Series User’s Guide353 Chapter 20 Certificates20.8 Trusted CAs Click SECURITY, CERTIFICATES, Trusted CAs to open the Trusted CAs sc

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 354Figure 165 Trusted CAsThe following table describes the labels in this screen. Table 11

ZyWALL 5/35/70 Series User’s Guide355 Chapter 20 Certificates20.9 Trusted CA Import Click SECURITY, CERTIFICATES, Trusted CAs to open the Trusted

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 356The following table describes the labels in this screen.20.10 Trusted CA Details Click

ZyWALL 5/35/70 Series User’s Guide357 Chapter 20 CertificatesFigure 167 Trusted CA DetailsThe following table describes the labels in this screen.

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 358Certification Path Click the Refresh button to have this read-only text box display the e

ZyWALL 5/35/70 Series User’s Guide359 Chapter 20 Certificates20.11 Trusted Remote Hosts Click SECURITY, CERTIFICATES, Trusted Remote Hosts to open

ZyWALL 5/35/70 Series User’s Guide List of Figures 36Figure 168 Trusted Remote Hosts ...

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 360Figure 168 Trusted Remote HostsThe following table describes the labels in this screen.

ZyWALL 5/35/70 Series User’s Guide361 Chapter 20 Certificates20.12 Verifying a Trusted Remote Host’s CertificateCertificates issued by certification

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 362Figure 170 Certificate Details Verify (over the phone for example) that the remote host

ZyWALL 5/35/70 Series User’s Guide363 Chapter 20 CertificatesFigure 171 Trusted Remote Host ImportThe following table describes the labels in this

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 364Figure 172 Trusted Remote Host DetailsThe following table describes the labels in this

ZyWALL 5/35/70 Series User’s Guide365 Chapter 20 CertificatesCertificate Information These read-only fields display detailed information about the ce

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 36620.15 Directory Servers Click SECURITY, CERTIFICATES, Directory Servers to open the Dir

ZyWALL 5/35/70 Series User’s Guide367 Chapter 20 CertificatesThe following table describes the labels in this screen. 20.16 Directory Server Add or

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 368The following table describes the labels in this screen. Table 121 Directory Server Add

ZyWALL 5/35/70 Series User’s Guide369 Chapter 20 Certificates

ZyWALL 5/35/70 Series User’s Guide37 List of FiguresFigure 211 Login Screen (Internet Explorer) ...

ZyWALL 5/35/70 Series User’s GuideChapter 21 Authentication Server 370CHAPTER 21Authentication ServerThis chapter discusses how to configure the ZyWAL

ZyWALL 5/35/70 Series User’s Guide371 Chapter 21 Authentication ServerFigure 175 Local User Database

ZyWALL 5/35/70 Series User’s GuideChapter 21 Authentication Server 372The following table describes the labels in this screen. 21.3 RADIUS Use RA

ZyWALL 5/35/70 Series User’s Guide373 Chapter 21 Authentication ServerThe following table describes the labels in this screen. Table 123 RADIUSLAB

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 374CHAPTER 22Network Address Translation (NAT) This chapter discusses h

ZyWALL 5/35/70 Series User’s Guide375 Chapter 22 Network Address Translation (NAT)22.1.2 What NAT DoesIn the simplest form, NAT changes the source I

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 376Figure 177 How NAT Works 22.1.4 NAT ApplicationThe following figu

ZyWALL 5/35/70 Series User’s Guide377 Chapter 22 Network Address Translation (NAT)22.1.5 Port Restricted Cone NATAt the time of writing ZyWALL ZyNOS

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 378• Server: This type allows you to specify inside servers of differen

ZyWALL 5/35/70 Series User’s Guide379 Chapter 22 Network Address Translation (NAT)22.3 NAT Overview Click ADVANCED, NAT to open the NAT Overview s

ZyWALL 5/35/70 Series User’s Guide List of Figures 38Figure 254 Firmware Upload In Process ...

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 38022.4 NAT Address Mapping Ordering your rules is important because

ZyWALL 5/35/70 Series User’s Guide381 Chapter 22 Network Address Translation (NAT)Figure 181 NAT Address MappingThe following table describes the l

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 38222.4.1 NAT Address Mapping Edit Click the Edit button to display t

ZyWALL 5/35/70 Series User’s Guide383 Chapter 22 Network Address Translation (NAT)The following table describes the labels in this screen. 22.5 Por

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 38422.5.1 Default Server IP AddressIn addition to the servers for spec

ZyWALL 5/35/70 Series User’s Guide385 Chapter 22 Network Address Translation (NAT)Figure 183 Multiple Servers Behind NAT Example22.5.4 NAT and Mul

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 386Figure 184 Port Translation Example22.6 Port Forwarding Note: If

ZyWALL 5/35/70 Series User’s Guide387 Chapter 22 Network Address Translation (NAT)Figure 185 Port ForwardingThe following table describes the label

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 38822.7 Port Triggering Some services use a dedicated range of ports

ZyWALL 5/35/70 Series User’s Guide389 Chapter 22 Network Address Translation (NAT)4 The ZyWALL forwards the traffic to Jane’s computer IP address. 5

ZyWALL 5/35/70 Series User’s Guide39 List of FiguresFigure 297 Menu 6.3: Route Failover ...

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 390Trigger The trigger port is a port (or a range of ports) that causes

ZyWALL 5/35/70 Series User’s Guide391 Chapter 22 Network Address Translation (NAT)

ZyWALL 5/35/70 Series User’s GuideChapter 23 Static Route 392CHAPTER 23Static RouteThis chapter shows you how to configure static routes for your ZyWA

ZyWALL 5/35/70 Series User’s Guide393 Chapter 23 Static RouteNote: The default route is disabled after you change the static WAN IP address to a dyna

ZyWALL 5/35/70 Series User’s GuideChapter 23 Static Route 39423.2.1 IP Static Route Edit Select a static route index number and click Edit. The scr

ZyWALL 5/35/70 Series User’s Guide395 Chapter 23 Static RouteGateway IP AddressEnter the IP address of the gateway. The gateway is a router or switch

ZyWALL 5/35/70 Series User’s GuideChapter 24 Policy Route 396CHAPTER 24Policy RouteThis chapter covers setting and applying policies used for IP routi

ZyWALL 5/35/70 Series User’s Guide397 Chapter 24 Policy RouteIPPR follows the existing packet filtering facility of RAS in style and in implementatio

ZyWALL 5/35/70 Series User’s GuideChapter 24 Policy Route 398The following table describes the labels in this screen. 24.5 Policy Route Edit Click PO

ZyWALL 5/35/70 Series User’s Guide399 Chapter 24 Policy RouteFigure 192 Edit IP Policy RouteThe following table describes the labels in this screen

ZyWALL 5/35/70 Series User’s Guide Federal Communications Commission (FCC) Interference Statement 4

ZyWALL 5/35/70 Series User’s Guide List of Figures 40Figure 339 Menu 21.2: Firewall Setup ...

ZyWALL 5/35/70 Series User’s GuideChapter 24 Policy Route 400Packet Length Type a length of packet (in bytes). The operators in the Len Compare field

ZyWALL 5/35/70 Series User’s Guide401 Chapter 24 Policy Route

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 402CHAPTER 25Bandwidth ManagementThis chapter describes the functions and configurat

ZyWALL 5/35/70 Series User’s Guide403 Chapter 25 Bandwidth Management25.3 Proportional Bandwidth AllocationBandwidth management allows you to define

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 40425.6 Application and Subnet-based Bandwidth ManagementYou could also create band

ZyWALL 5/35/70 Series User’s Guide405 Chapter 25 Bandwidth ManagementWhen you enable maximize bandwidth usage, the ZyWALL first makes sure that each

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 40625.7.5.1 Priority-based Allotment of Unused and Unbudgeted BandwidthThe followin

ZyWALL 5/35/70 Series User’s Guide407 Chapter 25 Bandwidth Management25.8 Bandwidth BorrowingBandwidth borrowing allows a sub-class to borrow unused

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 408• The Bill class cannot borrow unused bandwidth from the Root class because the S

ZyWALL 5/35/70 Series User’s Guide409 Chapter 25 Bandwidth ManagementFigure 194 Bandwidth Management: SummaryThe following table describes the labe

ZyWALL 5/35/70 Series User’s Guide41 List of FiguresFigure 382 Example Xmodem Upload ...

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 41025.11 Configuring Class Setup The Class Setup screen displays the configured ba

ZyWALL 5/35/70 Series User’s Guide411 Chapter 25 Bandwidth Management25.11.1 Bandwidth Manager Class Configuration Configure a bandwidth management

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 412Figure 196 Bandwidth Management: Edit ClassThe following table describes the la

ZyWALL 5/35/70 Series User’s Guide413 Chapter 25 Bandwidth ManagementEnable Bandwidth Filter Select Enable Bandwidth Filter to have the ZyWALL use th

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 41425.11.2 Bandwidth Management Statistics Use the Bandwidth Management Statis

ZyWALL 5/35/70 Series User’s Guide415 Chapter 25 Bandwidth ManagementFigure 197 Bandwidth Management: Statistics The following table describes the

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 416Figure 198 Bandwidth Management: Monitor The following table describes the labe

ZyWALL 5/35/70 Series User’s Guide417 Chapter 25 Bandwidth Management

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 418CHAPTER 26DNSThis chapter shows you how to configure the DNS screens.26.1 DNS Overview DNS (Doma

ZyWALL 5/35/70 Series User’s Guide419 Chapter 26 DNS26.4 Address RecordAn address record contains the mapping of a fully qualified domain name (FQDN

ZyWALL 5/35/70 Series User’s Guide List of Figures 42Figure 425 Windows XP: Advanced TCP/IP Properties ...

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 420Figure 199 Private DNS Server ExampleNote: If you do not specify an Intranet DNS server on the r

ZyWALL 5/35/70 Series User’s Guide421 Chapter 26 DNSFigure 200 System DNSThe following table describes the labels in this screen.Table 147 System

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 42226.6.1 Adding an Address Record Click Add in the System screen to add an address record.Figure 2

ZyWALL 5/35/70 Series User’s Guide423 Chapter 26 DNSThe following table describes the labels in this screen. 26.6.2 Inserting a Name Server record

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 424The following table describes the labels in this screen.26.7 DNS Cache DNS cache is the temporar

ZyWALL 5/35/70 Series User’s Guide425 Chapter 26 DNS26.8 Configure DNS CacheTo configure your ZyWALL’s DNS caching, click ADVANCED, DNS, then the Ca

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 42626.9 Configuring DNS DHCP Click ADVANCED, DNS and then the DHCP tab to open the DNS DHCP screen

ZyWALL 5/35/70 Series User’s Guide427 Chapter 26 DNSFigure 204 DNS DHCPThe following table describes the labels in this screen.Table 151 DNS DHCP

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 42826.10 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or m

ZyWALL 5/35/70 Series User’s Guide429 Chapter 26 DNSFigure 205 DDNSThe following table describes the labels in this screen.Table 152 DDNSLABEL DE

ZyWALL 5/35/70 Series User’s Guide43 List of FiguresFigure 468 Headquarters Network Policy Edit ...

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 430WAN Interface Select the WAN port to use for updating the IP address of the domain name.IP Address

ZyWALL 5/35/70 Series User’s Guide431 Chapter 26 DNS

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 432CHAPTER 27Remote ManagementThis chapter provides information on the Remote Managemen

ZyWALL 5/35/70 Series User’s Guide433 Chapter 27 Remote Management1 A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 434Figure 206 HTTPS ImplementationNote: If you disable HTTP Server Access (Disable) i

ZyWALL 5/35/70 Series User’s Guide435 Chapter 27 Remote ManagementFigure 207 WWWThe following table describes the labels in this screen. Table 153

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 43627.4 HTTPS ExampleIf you haven’t changed the default HTTPS port on the ZyWALL, then

ZyWALL 5/35/70 Series User’s Guide437 Chapter 27 Remote Management27.4.2 Netscape Navigator Warning MessagesWhen you attempt to access the ZyWALL HT

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 43827.4.3 Avoiding the Browser Warning MessagesThe following describes the main reason

ZyWALL 5/35/70 Series User’s Guide439 Chapter 27 Remote ManagementFigure 211 Login Screen (Internet Explorer)Figure 212 Login Screen (Netscape)Cl

ZyWALL 5/35/70 Series User’s Guide List of Tables 44List of TablesTable 1 Model Specific Features ...

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 440Figure 213 Replace CertificateClick Apply in the Replace Certificate screen to cre

ZyWALL 5/35/70 Series User’s Guide441 Chapter 27 Remote ManagementFigure 215 Common ZyWALL Certificate27.5 SSH Unlike Telnet or FTP, which trans

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 442Figure 217 How SSH Works1 Host IdentificationThe SSH client sends a connection req

ZyWALL 5/35/70 Series User’s Guide443 Chapter 27 Remote Management27.7.1 Requirements for Using SSHYou must install an SSH client program on a clien

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 44427.9 Secure Telnet Using SSH ExamplesThis section shows two examples using a comman

ZyWALL 5/35/70 Series User’s Guide445 Chapter 27 Remote ManagementFigure 220 SSH Example 2: Test 2 Enter “ssh –1 192.168.1.1”. This command forces

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 446Figure 222 Secure FTP: Firmware Upload Example27.11 Telnet You can configure you

ZyWALL 5/35/70 Series User’s Guide447 Chapter 27 Remote ManagementFigure 224 Teln e tThe following table describes the labels in this screen. 27.13

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 448Figure 225 FTPThe following table describes the labels in this screen. 27.14 SNMP

ZyWALL 5/35/70 Series User’s Guide449 Chapter 27 Remote ManagementFigure 226 SNMP Management ModelAn SNMP managed network consists of two main type

ZyWALL 5/35/70 Series User’s Guide45 List of TablesTable 39 WAN: Ethernet Encapsulation ...

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 45027.14.1 Supported MIBsThe ZyWALL supports MIB II that is defined in RFC-1213 and R

ZyWALL 5/35/70 Series User’s Guide451 Chapter 27 Remote ManagementFigure 227 SNMPThe following table describes the labels in this screen. Table 158

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 45227.15 DNS Use DNS (Domain Name System) to map a domain name to its corresponding I

ZyWALL 5/35/70 Series User’s Guide453 Chapter 27 Remote ManagementIf you allow your ZyWALL to be managed by the Vantage CNM server, then you should n

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 454Last Registration Time This field displays the last date (year-month-date) and time

ZyWALL 5/35/70 Series User’s Guide455 Chapter 27 Remote Management

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 456CHAPTER 28UPnPThis chapter introduces the Universal Plug and Play feature. This chapter is only a

ZyWALL 5/35/70 Series User’s Guide457 Chapter 28 UPnPAll UPnP-enabled devices may communicate freely with each other without additional configuration

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 45828.3 Displaying UPnP Port Mapping Click UPnP and then Ports to display the UPnP Ports screen.

ZyWALL 5/35/70 Series User’s Guide459 Chapter 28 UPnPThe following table describes the labels in this screen. 28.4 Installing UPnP in Windows Examp

ZyWALL 5/35/70 Series User’s Guide List of Tables 46Table 82 Common Computer Virus Types ...

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 46028.4.1 Installing UPnP in Windows MeFollow the steps below to install UPnP in Windows Me. 1 Clic

ZyWALL 5/35/70 Series User’s Guide461 Chapter 28 UPnP28.4.2 Installing UPnP in Windows XPFollow the steps below to install UPnP in Windows XP.28.5

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 46228.5.1 Auto-discover Your UPnP-enabled Network Device1 Click Start and Control Panel. Double-cli

ZyWALL 5/35/70 Series User’s Guide463 Chapter 28 UPnPNote: When the UPnP-enabled device is disconnected from your computer, all port mappings will be

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 464Follow the steps below to access the web configurator.1 Click Start and then Control Panel. 2 Dou

ZyWALL 5/35/70 Series User’s Guide465 Chapter 28 UPnP6 Right-click the icon for your ZyXEL device and select Properties. A properties window displays

ZyWALL 5/35/70 Series User’s GuideChapter 29 ALG Screen 466CHAPTER 29ALG ScreenThis chapter covers how to use the ZyWALL’s ALG feature to allow certai

ZyWALL 5/35/70 Series User’s Guide467 Chapter 29 ALG ScreenIf the primary WAN connection fails, the client needs to re-initialize the connection thro

ZyWALL 5/35/70 Series User’s GuideChapter 29 ALG Screen 468Figure 232 H.323 ALG Example • With multiple WAN IP addresses on the ZyWALL, you can conf

ZyWALL 5/35/70 Series User’s Guide469 Chapter 29 ALG ScreenFigure 234 H.323 Calls from the WAN with Multiple Outgoing Calls• The H.323 ALG operates

ZyWALL 5/35/70 Series User’s Guide47 List of TablesTable 125 NAT Mapping Types ...

ZyWALL 5/35/70 Series User’s GuideChapter 29 ALG Screen 470The following example shows SIP signaling and audio sessions between SIP clients A and B an

ZyWALL 5/35/70 Series User’s Guide471 Chapter 29 ALG ScreenFigure 236 ALG The following table describes the labels in this screen. Table 163 ALG

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 472CHAPTER 30Logs ScreensThis chapter contains information about configuring general log set

ZyWALL 5/35/70 Series User’s Guide473 Chapter 30 Logs ScreensThe following table describes the labels in this screen. 30.2 Log Description Exampl

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 47430.2.1 Certificate Not Trusted Log NotemyZyXEL.com and the update server use certificate

ZyWALL 5/35/70 Series User’s Guide475 Chapter 30 Logs ScreensFigure 239 myZyXEL.com: Certificate Download30.3 Configuring Log Settings To change y

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 476Figure 240 Log Settings

ZyWALL 5/35/70 Series User’s Guide477 Chapter 30 Logs ScreensThe following table describes the labels in this screen.Table 166 Log Settings LABEL D

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 47830.4 Configuring Reports The Reports page displays which computers on the LAN send and r

ZyWALL 5/35/70 Series User’s Guide479 Chapter 30 Logs ScreensFigure 241 ReportsNote: Enabling the ZyWALL’s reporting function decreases the overall

ZyWALL 5/35/70 Series User’s Guide List of Tables 48Table 168 Web Site Hits Report ...

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 48030.4.1 Viewing Web Site HitsIn the Reports screen, select Web Site Hits from the Report

ZyWALL 5/35/70 Series User’s Guide481 Chapter 30 Logs ScreensFigure 243 Protocol/Port Report ExampleThe following table describes the labels in thi

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 48230.4.3 Viewing Host IP AddressIn the Reports screen, select Host IP Address from the Rep

ZyWALL 5/35/70 Series User’s Guide483 Chapter 30 Logs Screens30.4.4 Reports SpecificationsThe following table lists detailed specifications on the r

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 484CHAPTER 31MaintenanceThis chapter displays information on the maintenance screens.31.1 Ma

ZyWALL 5/35/70 Series User’s Guide485 Chapter 31 MaintenanceFigure 245 General SetupThe following table describes the labels in this screen. 31.3

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 486Figure 246 Password SetupThe following table describes the labels in this screen.31.4 T

ZyWALL 5/35/70 Series User’s Guide487 Chapter 31 MaintenanceFigure 247 Time and DateThe following table describes the labels in this screen. Table

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 488Get from Time ServerSelect this radio button to have the ZyWALL get the time and date from

ZyWALL 5/35/70 Series User’s Guide489 Chapter 31 Maintenance31.5 Pre-defined NTP Time Servers ListWhen you turn on the ZyWALL for the first time, th

ZyWALL 5/35/70 Series User’s Guide49 List of TablesTable 211 Remote Node Network Layer Options Menu Fields ...

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 490When the System Time and Date Synchronization in Process screen appears, wait up to one mi

ZyWALL 5/35/70 Series User’s Guide491 Chapter 31 Maintenance31.6 Introduction To Transparent Bridging A transparent bridge is invisible to the opera

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 4923 As a transparent bridge does not modify the frames it forwards, it is effectively “steal

ZyWALL 5/35/70 Series User’s Guide493 Chapter 31 Maintenance31.9 Configuring Device Mode (Bridge) To configure and have your ZyWALL work as a router

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 49431.10 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the

ZyWALL 5/35/70 Series User’s Guide495 Chapter 31 MaintenanceFigure 253 Firmware UploadThe following table describes the labels in this screen.Note:

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 496Figure 255 Network Temporarily DisconnectedAfter two minutes, log in again and check you

ZyWALL 5/35/70 Series User’s Guide497 Chapter 31 MaintenanceFigure 257 Backup and Restore31.11.1 Backup Configuration Backup Configuration allows

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 498Note: Do not turn off the ZyWALL while configuration file upload is in progress.After you

ZyWALL 5/35/70 Series User’s Guide499 Chapter 31 Maintenance31.11.3 Back to Factory Defaults Pressing the Reset button in this section clears all u

ZyWALL 5/35/70 Series User’s Guide5 Safety WarningsSafety WarningsFor your safety, be sure to read and follow all warning notices and instructions.•

ZyWALL 5/35/70 Series User’s Guide List of Tables 50Table 254 Classes of IP Addresses ...

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 500CHAPTER 32Introducing the SMTThis chapter explains how to access the System Manage

ZyWALL 5/35/70 Series User’s Guide501 Chapter 32 Introducing the SMTFigure 263 Initial Screen32.2.2 Entering the PasswordThe login screen appears

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 50232.3.1 Main MenuAfter you enter the password, the SMT displays the ZyWALL Main Me

ZyWALL 5/35/70 Series User’s Guide503 Chapter 32 Introducing the SMTFigure 265 Main Menu (Router Mode)Figure 266 Main Menu (Bridge Mode)The follo

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 50432.3.2 SMT Menus OverviewThe following table gives you an overview of your ZyWALL

ZyWALL 5/35/70 Series User’s Guide505 Chapter 32 Introducing the SMT6 Route Setup (for the ZyWALL 35 and the ZyWALL 70)6.1 Route Assessment6.2 Traffi

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 50632.4 Changing the System PasswordChange the system password by following the step

ZyWALL 5/35/70 Series User’s Guide507 Chapter 32 Introducing the SMTFigure 267 Menu 23: System Password2 Type your existing password and press [ENT

ZyWALL 5/35/70 Series User’s GuideChapter 33 SMT Menu 1 - General Setup 508CHAPTER 33SMT Menu 1 - General SetupMenu 1 - General Setup contains adminis

ZyWALL 5/35/70 Series User’s Guide509 Chapter 33 SMT Menu 1 - General SetupFigure 269 Menu 1: General Setup (Bridge Mode)The following table descri

ZyWALL 5/35/70 Series User’s Guide51 List of TablesTable 297 AS Logs ...

ZyWALL 5/35/70 Series User’s GuideChapter 33 SMT Menu 1 - General Setup 51033.2.1 Configuring Dynamic DNSTo configure Dynamic DNS, set the ZyWALL to

ZyWALL 5/35/70 Series User’s Guide511 Chapter 33 SMT Menu 1 - General SetupFigure 271 Menu 1.1.1: DDNS Host SummaryThe following table describes th

ZyWALL 5/35/70 Series User’s GuideChapter 33 SMT Menu 1 - General Setup 512Figure 272 Menu 1.1.1: DDNS Edit HostThe following table describes the fi

ZyWALL 5/35/70 Series User’s Guide513 Chapter 33 SMT Menu 1 - General SetupThe IP address updates when you reconfigure menu 1 or perform DHCP client

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 514CHAPTER 34WAN and Dial Backup SetupThis chapter describes how to configure t

ZyWALL 5/35/70 Series User’s Guide515 Chapter 34 WAN and Dial Backup SetupThe following table describes the fields in this screen.34.3 Dial BackupTh

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 516Figure 274 Menu 2: Dial Backup Setup The following table describes the fi

ZyWALL 5/35/70 Series User’s Guide517 Chapter 34 WAN and Dial Backup SetupTo edit the advanced setup for the Dial Backup port, move the cursor to the

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 51834.6 Remote Node Profile (Backup ISP)On a ZyWALL with multiple WAN ports, e

ZyWALL 5/35/70 Series User’s Guide519 Chapter 34 WAN and Dial Backup SetupFigure 276 Menu 11.3: Remote Node Profile (Backup ISP)The following tabl

ZyWALL 5/35/70 Series User’s Guide Preface 52PrefaceCongratulations on your purchase of the ZyWALL. Note: Register your product online to receive e-ma

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 52034.7 Editing PPP OptionsThe ZyWALL’s dial back-up feature uses PPP. To edit

ZyWALL 5/35/70 Series User’s Guide521 Chapter 34 WAN and Dial Backup SetupFigure 277 Menu 11.3.1: Remote Node PPP OptionsThis table describes the R

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 522Figure 278 Menu 11.3.2: Remote Node Network Layer OptionsThe following tab

ZyWALL 5/35/70 Series User’s Guide523 Chapter 34 WAN and Dial Backup Setup34.9 Editing Login ScriptFor some remote gateways, text login is required

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 524You can use two variables, $USERNAME and $PASSWORD (all UPPER case), to repr

ZyWALL 5/35/70 Series User’s Guide525 Chapter 34 WAN and Dial Backup SetupThe following table describes the fields in this menu.34.10 Remote Node Fi

ZyWALL 5/35/70 Series User’s GuideChapter 35 LAN Setup 526CHAPTER 35LAN SetupThis chapter describes how to configure the LAN using Menu 3 - LAN Setup.

ZyWALL 5/35/70 Series User’s Guide527 Chapter 35 LAN SetupFigure 282 Menu 3.1: LAN Port Filter Setup 35.4 TCP/IP and DHCP Ethernet Setup MenuFrom

ZyWALL 5/35/70 Series User’s GuideChapter 35 LAN Setup 528Figure 284 Menu 3.2: TCP/IP and DHCP Ethernet SetupFollow the instructions in the next tab

ZyWALL 5/35/70 Series User’s Guide529 Chapter 35 LAN SetupUse the instructions in the following table to configure TCP/IP parameters for the LAN port

ZyWALL 5/35/70 Series User’s Guide53 PrefaceSyntax Conventions• “Enter” means for you to type one or more characters. “Select” or “Choose” means for

ZyWALL 5/35/70 Series User’s GuideChapter 35 LAN Setup 53035.4.1 IP Alias SetupIP alias allows you to partition a physical network into different log

ZyWALL 5/35/70 Series User’s Guide531 Chapter 35 LAN SetupOutgoing Protocol FiltersEnter the filter set(s) you wish to apply to the outgoing traffic

ZyWALL 5/35/70 Series User’s GuideChapter 36 Internet Access 532CHAPTER 36Internet AccessThis chapter shows you how to configure your ZyWALL for Inter

ZyWALL 5/35/70 Series User’s Guide533 Chapter 36 Internet AccessThe following table describes the fields in this menu.Table 200 Menu 4: Internet Ac

ZyWALL 5/35/70 Series User’s GuideChapter 36 Internet Access 53436.3 Configuring the PPTP ClientNote: The ZyWALL supports only one PPTP server connec

ZyWALL 5/35/70 Series User’s Guide535 Chapter 36 Internet AccessFigure 288 Internet Access Setup (PPPoE)The following table contains instructions a

ZyWALL 5/35/70 Series User’s GuideChapter 37 DMZ Setup 536CHAPTER 37DMZ SetupThis chapter describes how to configure the ZyWALL’s DMZ using Menu 5 - D

ZyWALL 5/35/70 Series User’s Guide537 Chapter 37 DMZ Setup37.3.1 IP AddressFrom the main menu, enter 5 to open Menu 5 - DMZ Setup to configure TCP/I

ZyWALL 5/35/70 Series User’s GuideChapter 37 DMZ Setup 53837.3.2 IP Alias SetupYou must use menu 5.2 to configure the first network. Move the cursor

ZyWALL 5/35/70 Series User’s Guide539 Chapter 37 DMZ Setup

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 54CHAPTER 1 Getting to Know Your ZyWALLThis chapter introduces the main featur

ZyWALL 5/35/70 Series User’s GuideChapter 38 Route Setup 540CHAPTER 38Route SetupThis chapter describes how to configure the ZyWALL's traffic red

ZyWALL 5/35/70 Series User’s Guide541 Chapter 38 Route SetupThe following table describes the fields in this menu.38.3 Traffic RedirectTo configure

ZyWALL 5/35/70 Series User’s GuideChapter 38 Route Setup 54238.4 Route FailoverThis menu allows you to configure how the ZyWALL uses the route assess

ZyWALL 5/35/70 Series User’s Guide543 Chapter 38 Route Setup

ZyWALL 5/35/70 Series User’s GuideChapter 39 Wireless Setup 544CHAPTER 39Wireless SetupUse menu 7 to set up your ZyWALL as the wireless access point.3

ZyWALL 5/35/70 Series User’s Guide545 Chapter 39 Wireless SetupFollow the instructions in the next table on how to configure the wireless LAN paramet

ZyWALL 5/35/70 Series User’s GuideChapter 39 Wireless Setup 54639.1.1 MAC Address Filter SetupYour ZyWALL checks the MAC address of the wireless stat

ZyWALL 5/35/70 Series User’s Guide547 Chapter 39 Wireless Setup39.2 TCP/IP SetupFor more detailed information about RIP setup, IP Multicast and IP a

ZyWALL 5/35/70 Series User’s GuideChapter 39 Wireless Setup 548Figure 301 Menu 7.2: TCP/IP and DHCP Ethernet SetupThe DHCP and TCP/IP setup fields a

ZyWALL 5/35/70 Series User’s Guide549 Chapter 39 Wireless SetupFigure 302 Menu 7.2.1: IP Alias SetupRefer to Table 199 on page 530 for instructions

ZyWALL 5/35/70 Series User’s Guide55 Chapter 1 Getting to Know Your ZyWALLTable Key: An O in a mode’s column shows that the device mode has the speci

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 550CHAPTER 40Remote Node SetupThis chapter shows you how to configure a remote node.40.

ZyWALL 5/35/70 Series User’s Guide551 Chapter 40 Remote Node SetupFigure 303 Menu 11: Remote Node Setup40.3 Remote Node Profile SetupThe following

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 552The following table describes the fields in this menu.Table 208 Menu 11.1: Remote

ZyWALL 5/35/70 Series User’s Guide553 Chapter 40 Remote Node Setup40.3.2 PPPoE EncapsulationThe ZyWALL supports PPPoE (Point-to-Point Protocol over

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 55440.3.2.3 MetricSee Section 7.5 on page 134 for details on the Metric field.40.3.3

ZyWALL 5/35/70 Series User’s Guide555 Chapter 40 Remote Node SetupFigure 306 Menu 11.1: Remote Node Profile for PPTP EncapsulationThe next table sh

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 556Figure 307 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulati

ZyWALL 5/35/70 Series User’s Guide557 Chapter 40 Remote Node Setup40.5 Remote Node FilterMove the cursor to the field Edit Filter Sets in menu 11.1,

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 558Figure 308 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation)Figure 309 Me

ZyWALL 5/35/70 Series User’s Guide559 Chapter 40 Remote Node SetupFigure 310 Menu 11.1.5: Traffic Redirect SetupThe following table describes the f

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 56Time and DateThe ZyWALL allows you to get the current time and date from an

ZyWALL 5/35/70 Series User’s GuideChapter 41 IP Static Route Setup 560CHAPTER 41IP Static Route SetupThis chapter shows you how to configure static ro

ZyWALL 5/35/70 Series User’s Guide561 Chapter 41 IP Static Route SetupFigure 312 Menu 12. 1: Edit IP Static Route`The following table describes the

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 562CHAPTER 42Network Address Translation (NAT)This chapter discusses ho

ZyWALL 5/35/70 Series User’s Guide563 Chapter 42 Network Address Translation (NAT)Figure 313 Menu 4: Applying NAT for Internet AccessThe following

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 564The following table describes the fields in this menu.42.2 NAT Setu

ZyWALL 5/35/70 Series User’s Guide565 Chapter 42 Network Address Translation (NAT)42.2.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 - Addres

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 566Note: Menu 15.1.255 is read-only. 42.2.1.2 User-Defined Address Map

ZyWALL 5/35/70 Series User’s Guide567 Chapter 42 Network Address Translation (NAT)Figure 318 Menu 15.1.1: First SetNote: The Type, Local and Global

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 568Note: You must press [ENTER] at the bottom of the screen to save the

ZyWALL 5/35/70 Series User’s Guide569 Chapter 42 Network Address Translation (NAT)42.3 Configuring a Server behind NATNote: If you do not assign a D

ZyWALL 5/35/70 Series User’s Guide57 Chapter 1 Getting to Know Your ZyWALLBandwidth ManagementBandwidth management allows you to allocate network res

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 570Figure 321 Menu 15.2.1: NAT Server Sets4 Select Edit Rule in the S

ZyWALL 5/35/70 Series User’s Guide571 Chapter 42 Network Address Translation (NAT)Figure 322 15.2.1.2: NAT Server ConfigurationThe following table

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 572Figure 323 Menu 15.2.1: NAT Server Setup You assign the private ne

ZyWALL 5/35/70 Series User’s Guide573 Chapter 42 Network Address Translation (NAT)Figure 325 NAT Example 1Figure 326 Menu 4: Internet Access &

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 57442.4.2 Example 2: Internet Access with an Default Server Figure 327

ZyWALL 5/35/70 Series User’s Guide575 Chapter 42 Network Address Translation (NAT)1 Map the first IGA to the first inside FTP server for FTP traffic

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 576Figure 330 Example 3: Menu 11.1.2The following figure shows how to

ZyWALL 5/35/70 Series User’s Guide577 Chapter 42 Network Address Translation (NAT)Figure 332 Example 3: Final Menu 15.1.1Now configure the IGA3 to

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 57842.4.4 Example 4: NAT Unfriendly Application ProgramsSome applicati

ZyWALL 5/35/70 Series User’s Guide579 Chapter 42 Network Address Translation (NAT)Figure 336 Example 4: Menu 15.1.1: Address Mapping Rules42.5 Tri

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 58Content FilteringThe ZyWALL can block web features such as ActiveX controls,

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 580Note: Only one LAN computer can use a trigger port (range) at a time

ZyWALL 5/35/70 Series User’s Guide581 Chapter 42 Network Address Translation (NAT)

ZyWALL 5/35/70 Series User’s GuideChapter 43 Introducing the ZyWALL Firewall 582CHAPTER 43Introducing the ZyWALL FirewallThis chapter shows you how to

ZyWALL 5/35/70 Series User’s Guide583 Chapter 43 Introducing the ZyWALL FirewallFigure 339 Menu 21.2: Firewall SetupNote: Configure the firewall rul

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 584CHAPTER 44Filter ConfigurationThis chapter shows you how to create and apply filt

ZyWALL 5/35/70 Series User’s Guide585 Chapter 44 Filter Configuration44.1.1 The Filter Structure of the ZyWALLA filter set consists of one or more f

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 586Figure 341 Filter Rule Process You can apply up to four filter sets to a partic

ZyWALL 5/35/70 Series User’s Guide587 Chapter 44 Filter Configuration44.2 Configuring a Filter SetThe ZyWALL includes filtering for NetBIOS over TCP

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 588The protocol dependent filter rules abbreviation are listed as follows:Refer to t

ZyWALL 5/35/70 Series User’s Guide589 Chapter 44 Filter ConfigurationTo speed up filtering, all rules in a filter set must be of the same class, i.e.

ZyWALL 5/35/70 Series User’s Guide59 Chapter 1 Getting to Know Your ZyWALLIEEE 802.1x for Network SecurityThe ZyWALL supports the IEEE 802.1x standar

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 590The following figure illustrates the logic flow of an IP filter.DestinationIP Add

ZyWALL 5/35/70 Series User’s Guide591 Chapter 44 Filter ConfigurationFigure 345 Executing an IP Filter44.2.3 Configuring a Generic Filter Rule Thi

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 592to allow you to filter non-IP packets. For IP, it is generally easier to use the

ZyWALL 5/35/70 Series User’s Guide593 Chapter 44 Filter Configuration44.3 Example FilterLet’s look at an example to block outside users from accessi

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 594Figure 348 Example Filter: Menu 21.1.3.1The port number for the telnet service

ZyWALL 5/35/70 Series User’s Guide595 Chapter 44 Filter ConfigurationM = N means an action can be taken immediately. The action is to drop the packet

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 59644.6 Applying a Filter This section shows you where to apply the filter(s) after

ZyWALL 5/35/70 Series User’s Guide597 Chapter 44 Filter ConfigurationFigure 352 Filtering DMZ Traffic44.6.3 Applying Remote Node FiltersGo to menu

ZyWALL 5/35/70 Series User’s GuideChapter 45 SNMP Configuration 598CHAPTER 45SNMP ConfigurationThis chapter explains SNMP configuration menu 22.45.1

ZyWALL 5/35/70 Series User’s Guide599 Chapter 45 SNMP Configuration45.2 SNMP Traps The ZyWALL will send traps to the SNMP manager when any one of th

ZyWALL 5/35/70 Series User’s Guide ZyXEL Limited Warranty 6ZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 60Dynamic DNS SupportWith Dynamic DNS (Domain Name System) support, you can ha

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 600CHAPTER 46System Information & DiagnosisThis chapter covers SMT

ZyWALL 5/35/70 Series User’s Guide601 Chapter 46 System Information & Diagnosis3 There are three commands in Menu 24.1 - System Maintenance - Sta

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 60246.3 System Information and Console Port SpeedThis section describ

ZyWALL 5/35/70 Series User’s Guide603 Chapter 46 System Information & DiagnosisFigure 358 Menu 24.2.1: System Maintenance: Information The fol

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 604Figure 359 Menu 24.2.2: System Maintenance: Change Console Port S

ZyWALL 5/35/70 Series User’s Guide605 Chapter 46 System Information & DiagnosisFigure 361 Examples of Error and Information Messages46.4.2 Sys

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 606Your ZyWALL sends five types of syslog messages. Some examples (not

ZyWALL 5/35/70 Series User’s Guide607 Chapter 46 System Information & Diagnosis4 PPP log 5 Firewall logFilter log Message FormatSdcmdSyslogSend(S

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 60846.4.3 Call-Triggering PacketCall-Triggering Packet displays infor

ZyWALL 5/35/70 Series User’s Guide609 Chapter 46 System Information & Diagnosis1 From the main menu, select option 24 to open Menu 24 - System Ma

ZyWALL 5/35/70 Series User’s Guide61 Chapter 1 Getting to Know Your ZyWALLTraffic RedirectTraffic Redirect forwards WAN traffic to a backup gateway o

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 610Table 229 System Maintenance Menu DiagnosticFIELD DESCRIPTIONPing

ZyWALL 5/35/70 Series User’s Guide611 Chapter 46 System Information & Diagnosis

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 612CHAPTER 47Firmware and Configuration File MaintenanceThis

ZyWALL 5/35/70 Series User’s Guide613 Chapter 47 Firmware and Configuration File MaintenanceThe following table is a summary. Please note that the in

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 614Figure 366 Telnet into Menu 24.547.3.2 Using the FTP Co

ZyWALL 5/35/70 Series User’s Guide615 Chapter 47 Firmware and Configuration File Maintenance47.3.3 Example of FTP Commands from the Command Line Fig

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 6164 The IP you entered in the Secured Client IP field in men

ZyWALL 5/35/70 Series User’s Guide617 Chapter 47 Firmware and Configuration File Maintenance47.3.8 GUI-based TFTP ClientsThe following table describ

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 618Figure 370 Backup Configuration ExampleType a location f

ZyWALL 5/35/70 Series User’s Guide619 Chapter 47 Firmware and Configuration File MaintenanceFigure 372 Telnet into Menu 24.61 Launch the FTP client

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 621.3 Applications for the ZyWALL Here are some examples of what you can do w

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 62047.4.2 Restore Using FTP Session ExampleFigure 373 Rest

ZyWALL 5/35/70 Series User’s Guide621 Chapter 47 Firmware and Configuration File Maintenance4 After a successful restoration you will see the followi

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 622Figure 378 Telnet Into Menu 24.7.1: Upload System Firmwa

ZyWALL 5/35/70 Series User’s Guide623 Chapter 47 Firmware and Configuration File Maintenance47.5.3 FTP File Upload Command from the DOS Prompt Examp

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 6241 Use telnet from your computer to connect to the ZyWALL a

ZyWALL 5/35/70 Series User’s Guide625 Chapter 47 Firmware and Configuration File MaintenanceFigure 381 Menu 24.7.1 As Seen Using the Console Port2

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 626Figure 383 Menu 24.7.2 As Seen Using the Console Port 2

ZyWALL 5/35/70 Series User’s Guide627 Chapter 47 Firmware and Configuration File Maintenance

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 628CHAPTER 48System Maintenance Menus 8 to 10This chapter leads you thro

ZyWALL 5/35/70 Series User’s Guide629 Chapter 48 System Maintenance Menus 8 to 10The required fields in a command are enclosed in angle brackets <

ZyWALL 5/35/70 Series User’s Guide63 Chapter 1 Getting to Know Your ZyWALLFigure 2 VPN Application1.3.3 Front Panel LEDsFigure 3 ZyWALL 70 Front

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 63048.2 Call Control SupportThe ZyWALL provides two call control functi

ZyWALL 5/35/70 Series User’s Guide631 Chapter 48 System Maintenance Menus 8 to 10Figure 388 Budget ManagementThe total budget is the time limit on

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 632Figure 389 Call HistoryThe following table describes the fields in

ZyWALL 5/35/70 Series User’s Guide633 Chapter 48 System Maintenance Menus 8 to 10Figure 390 Menu 24: System MaintenanceEnter 10 to go to Menu 24.10

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 634Table 236 Menu 24.10 System Maintenance: Time and Date SettingFIELD

ZyWALL 5/35/70 Series User’s Guide635 Chapter 48 System Maintenance Menus 8 to 10End Date (mm-nth-week-hr)Configure the day and time when Daylight Sa

ZyWALL 5/35/70 Series User’s GuideChapter 49 Remote Management 636CHAPTER 49Remote ManagementThis chapter covers remote management found in SMT menu 2

ZyWALL 5/35/70 Series User’s Guide637 Chapter 49 Remote ManagementFigure 392 Menu 24.11 – Remote Management ControlThe following table describes th

ZyWALL 5/35/70 Series User’s GuideChapter 49 Remote Management 63849.1.1 Remote Management LimitationsRemote management over LAN or WAN will not work

ZyWALL 5/35/70 Series User’s Guide639 Chapter 49 Remote Management

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 64The following table describes the LEDs.Table 2 Front Panel LEDs LED COLOR

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 640CHAPTER 50IP Policy Routing This chapter covers setting and applying policies used f

ZyWALL 5/35/70 Series User’s Guide641 Chapter 50 IP Policy Routing50.2 IP Routing Policy SetupTo setup a routing policy, perform the following proce

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 6421 Type 25 in the main menu to open Menu 25 - IP Routing Policy Summary.2 Select Edit

ZyWALL 5/35/70 Series User’s Guide643 Chapter 50 IP Policy Routing50.2.1 Applying Policy to PacketsTo apply the policy to packets received on the se

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 644Figure 395 Menu 25.1.1: IP Routing Policy SetupThe following table describes the f

ZyWALL 5/35/70 Series User’s Guide645 Chapter 50 IP Policy RoutingFigure 396 Example of IP Policy Routing To force Web packets coming from clients

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 6464 Create another rule in menu 25.1 for this rule to route packets from any host (IP=

ZyWALL 5/35/70 Series User’s Guide647 Chapter 50 IP Policy Routing

ZyWALL 5/35/70 Series User’s GuideChapter 51 Call Scheduling 648CHAPTER 51Call SchedulingCall scheduling allows you to dictate when a remote node shou

ZyWALL 5/35/70 Series User’s Guide649 Chapter 51 Call SchedulingFigure 400 Schedule Set SetupIf a connection has been already established, your ZyW

ZyWALL 5/35/70 Series User’s Guide65 Chapter 1 Getting to Know Your ZyWALL

ZyWALL 5/35/70 Series User’s GuideChapter 51 Call Scheduling 650Once your schedule sets are configured, you must then apply them to the desired remote

ZyWALL 5/35/70 Series User’s Guide651 Chapter 51 Call SchedulingFigure 402 Applying Schedule Set(s) to a Remote Node (PPTP) Menu 11.1 -

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 652CHAPTER 52TroubleshootingThis chapter covers potential problems and possible remedies.

ZyWALL 5/35/70 Series User’s Guide653 Chapter 52 Troubleshooting52.3 Problems with the DMZ Interface52.4 Problems with the WAN InterfaceTable 245

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 65452.5 Problems Accessing the ZyWALL52.5.1 Pop-up Windows, JavaScripts and Java Permis

ZyWALL 5/35/70 Series User’s Guide655 Chapter 52 Troubleshooting• Web browser pop-up windows from your device.• JavaScripts (enabled by default).• Ja

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 656Figure 404 Internet Options: Privacy3 Click Apply to save this setting.52.5.1.1.2 E

ZyWALL 5/35/70 Series User’s Guide657 Chapter 52 TroubleshootingFigure 405 Internet Options: Privacy3 Type the IP address of your device (the web p

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 658Figure 406 Pop-up Blocker Settings5 Click Close to return to the Privacy screen. 6 C

ZyWALL 5/35/70 Series User’s Guide659 Chapter 52 TroubleshootingFigure 407 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 66CHAPTER 2Introducing the Web ConfiguratorThis chapter describes how to

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 660Figure 408 Security Settings - Java Scripting52.5.1.3 Java Permissions1 From Intern

ZyWALL 5/35/70 Series User’s Guide661 Chapter 52 TroubleshootingFigure 409 Security Settings - Java 52.5.1.3.1 JAVA (Sun)1 From Internet Explorer,

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 662Figure 410 Java (Sun)52.6 Packet FlowThe following is the packet check flow on the

ZyWALL 5/35/70 Series User’s Guide663 Chapter 52 Troubleshooting

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 664APPENDIX AProduct SpecificationsSee also the Introduction chapter for a general

ZyWALL 5/35/70 Series User’s Guide665 Appendix A Product SpecificationsOperation Humidity 20% ~ 95% RH (non-condensing)Storage Humidity 20% ~ 95% RH

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 666Anti-Spam Spam, Phishing detectionConfigurable white and black listsSMTP, POP3

ZyWALL 5/35/70 Series User’s Guide667 Appendix A Product Specifications Other Protocol Support PPP (Point-to-Point Protocol) link layer protocol.Tran

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 668Compatible ZyXEL WLAN CardsThe following table lists the ZyXEL WLAN cards that

ZyWALL 5/35/70 Series User’s Guide669 Appendix A Product SpecificationsFigure 411 WLAN Card InstallationCable Pin AssignmentsIn a serial communicat

ZyWALL 5/35/70 Series User’s Guide67 Chapter 2 Introducing the Web ConfiguratorFigure 6 Change Password Screen6 Click Apply in the Replace Certific

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 670 Figure 413 Ethernet Cable Pin AssignmentsTable 253 Console/Dial Backup Por

ZyWALL 5/35/70 Series User’s Guide671 Appendix A Product Specifications

ZyWALL 5/35/70 Series User’s GuideAppendix B Hardware Installation 672APPENDIX BHardware InstallationThe ZyWALL can be placed on a desktop or rack-mou

ZyWALL 5/35/70 Series User’s Guide673 Appendix B Hardware InstallationFigure 414 Attaching Rubber Feet Note: Do not block the ventilation holes

ZyWALL 5/35/70 Series User’s GuideAppendix B Hardware Installation 674Figure 415 Attaching Mounting Brackets and Screws3 After attaching both mounti

ZyWALL 5/35/70 Series User’s Guide675 Appendix B Hardware Installation

ZyWALL 5/35/70 Series User’s GuideAppendix C Removing and Installing a Fuse 676APPENDIX CRemoving and Installing a Fuse This appendix shows you how to

ZyWALL 5/35/70 Series User’s Guide677 Appendix C Removing and Installing a Fuse

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 678APPENDIX DSetting up Your Computer’s IP AddressAll computers mus

ZyWALL 5/35/70 Series User’s Guide679 Appendix D Setting up Your Computer’s IP AddressFigure 417 WIndows 95/98/Me: Network: ConfigurationInstalling

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 682.3.1 Procedure To Use The Reset ButtonMake sure the SYS LED is on (no

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 6803 Select Microsoft from the list of manufacturers.4 Select Clien

ZyWALL 5/35/70 Series User’s Guide681 Appendix D Setting up Your Computer’s IP AddressFigure 419 Windows 95/98/Me: TCP/IP Properties: DNS Configura

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 682Figure 420 Windows XP: Start Menu2 In the Control Panel, doubl

ZyWALL 5/35/70 Series User’s Guide683 Appendix D Setting up Your Computer’s IP AddressFigure 422 Windows XP: Control Panel: Network Connections: Pr

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 684• If you have a static IP address click Use the following IP Add

ZyWALL 5/35/70 Series User’s Guide685 Appendix D Setting up Your Computer’s IP AddressFigure 425 Windows XP: Advanced TCP/IP Properties7 In the Int

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 686Figure 426 Windows XP: Internet Protocol (TCP/IP) Properties8

ZyWALL 5/35/70 Series User’s Guide687 Appendix D Setting up Your Computer’s IP AddressFigure 427 Macintosh OS 8/9: Apple Menu2 Select Ethernet buil

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 6884 For statically assigned settings, do the following:•From the C

ZyWALL 5/35/70 Series User’s Guide689 Appendix D Setting up Your Computer’s IP AddressFigure 430 Macintosh OS X: Network4 For statically assigned s

ZyWALL 5/35/70 Series User’s Guide69 Chapter 2 Introducing the Web ConfiguratorNote: Follow the instructions you see in the HOME screen or click the

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 690Note: Make sure you are logged in as the root administrator. Usi

ZyWALL 5/35/70 Series User’s Guide691 Appendix D Setting up Your Computer’s IP Address• If you have a dynamic IP address, click Automatically obtain

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 6921 Assuming that you have only one network card on the computer,

ZyWALL 5/35/70 Series User’s Guide693 Appendix D Setting up Your Computer’s IP AddressFigure 438 Red Hat 9.0: Restart Ethernet Card Verifying Sett

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Subnetting 694APPENDIX EIP SubnettingIP Addressing Routers “route” based on the network number. The ro

ZyWALL 5/35/70 Series User’s Guide695 Appendix E IP SubnettingSince the first octet of a class “A” IP address must contain a “0”, the first octet of

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Subnetting 696Since the mask is always a continuous number of ones beginning from the left, followed b

ZyWALL 5/35/70 Series User’s Guide697 Appendix E IP SubnettingNote: In the following charts, shaded/bolded last octet bit values indicate host ID bit

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Subnetting 698Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide

ZyWALL 5/35/70 Series User’s Guide699 Appendix E IP SubnettingExample Eight SubnetsSimilarly use a 27-bit mask to create 8 subnets (001, 010, 011, 10

ZyWALL 5/35/70 Series User’s Guide7 Customer SupportCustomer SupportPlease have the following information ready when you contact customer support.•

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 70The following table describes the labels in this screen.Table 3 Web C

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Subnetting 700Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the

ZyWALL 5/35/70 Series User’s Guide701 Appendix E IP Subnetting

ZyWALL 5/35/70 Series User’s GuideAppendix F PPPoE 702APPENDIX FPPPoEPPPoE in ActionAn ADSL modem bridges a PPP session over Ethernet (PPP over Ethern

ZyWALL 5/35/70 Series User’s Guide703 Appendix F PPPoEFigure 440 Single-Computer per Router Hardware ConfigurationHow PPPoE WorksThe PPPoE driver m

ZyWALL 5/35/70 Series User’s GuideAppendix G PPTP 704APPENDIX GPPTPWhat is PPTP?PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary pr

ZyWALL 5/35/70 Series User’s Guide705 Appendix G PPTPPPTP Protocol OverviewPPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Ci

ZyWALL 5/35/70 Series User’s GuideAppendix G PPTP 706Figure 444 Example Message Exchange between Computer and an ANTPPP Data ConnectionThe PPP frame

ZyWALL 5/35/70 Series User’s Guide707 Appendix G PPTP

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 708APPENDIX HWireless LANsWireless LAN TopologiesThis section discusses ad-hoc and infrastr

ZyWALL 5/35/70 Series User’s Guide709 Appendix H Wireless LANsFigure 446 Basic Service SetESSAn Extended Service Set (ESS) consists of a series of

ZyWALL 5/35/70 Series User’s Guide71 Chapter 2 Introducing the Web Configurator2.4.2 Bridge ModeThe following screen displays when the ZyWALL is set

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 710Figure 447 Infrastructure WLANChannelA channel is the radio frequency(ies) used by IEE

ZyWALL 5/35/70 Series User’s Guide711 Appendix H Wireless LANsFigure 448 RTS/CTSWhen station A sends data to the AP, it might not know that the sta

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 712A large Fragmentation Threshold is recommended for networks not prone to interference wh

ZyWALL 5/35/70 Series User’s Guide713 Appendix H Wireless LANsIEEE 802.1xIn June 2001, the IEEE 802.1x standard was designed to extend the features o

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 714• Access-ChallengeSent by a RADIUS server requesting more information in order to allow

ZyWALL 5/35/70 Series User’s Guide715 Appendix H Wireless LANs3 The wireless station replies with identity information, including username and passwo

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 716PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to

ZyWALL 5/35/70 Series User’s Guide717 Appendix H Wireless LANsFigure 450 WEP Authentication StepsOpen system authentication involves an unencrypted

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 718Note: EAP-MD5 cannot be used with Dynamic WEP Key ExchangeFor added security, certificat

ZyWALL 5/35/70 Series User’s Guide719 Appendix H Wireless LANsThe Message Integrity Check (MIC) is designed to prevent an attacker from capturing dat

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 72Figure 10 Web Configurator HOME Screen in Bridge ModeThe following ta

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 720In a network environment with multiple access points, wireless stations are able to swit

ZyWALL 5/35/70 Series User’s Guide721 Appendix H Wireless LANsRequirements for RoamingThe following requirements must be met in order for wireless st

ZyWALL 5/35/70 Series User’s GuideAppendix I Triangle Route 722APPENDIX ITriangle RouteThe Ideal Setup When the firewall is on, your ZyWALL acts as a

ZyWALL 5/35/70 Series User’s Guide723 Appendix I Triangle RouteFigure 453 “Triangle Route” ProblemThe “Triangle Route” SolutionsThis section presen

ZyWALL 5/35/70 Series User’s GuideAppendix I Triangle Route 724Figure 454 IP AliasGateways on the WAN SideA second solution to the “triangle route”

ZyWALL 5/35/70 Series User’s Guide725 Appendix I Triangle Route

ZyWALL 5/35/70 Series User’s GuideAppendix J Windows 98 SE/Me Requirements for Anti-Virus Message Display 726APPENDIX JWindows 98 SE/Me Requirements f

ZyWALL 5/35/70 Series User’s Guide727 Appendix J Windows 98 SE/Me Requirements for Anti-Virus Message DisplayFigure 457 WIndows 98 SE: Program Task

ZyWALL 5/35/70 Series User’s GuideAppendix J Windows 98 SE/Me Requirements for Anti-Virus Message Display 728Figure 459 Windows 98 SE: StartUp 5 A

ZyWALL 5/35/70 Series User’s Guide729 Appendix J Windows 98 SE/Me Requirements for Anti-Virus Message DisplayFigure 461 Windows 98 SE: Startup: Sel

ZyWALL 5/35/70 Series User’s Guide73 Chapter 2 Introducing the Web ConfiguratorFirmware Version This is the ZyNOS Firmware version and the date creat

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 730APPENDIX KVPN Setup This appendix will help you to quickly create a IPSec/VPN connection bet

ZyWALL 5/35/70 Series User’s Guide731 Appendix K VPN SetupThe following pages show a typical configuration that builds a tunnel between two private n

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 732Figure 464 Headquarters Gateway Policy EditThe IP address of the branch office IPSec route

ZyWALL 5/35/70 Series User’s Guide733 Appendix K VPN SetupFigure 465 Branch Office Gateway Policy Edit3 Click the add network policy ( ) icon next

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 734Figure 466 Headquarters VPN RuleFigure 467 Branch Office VPN Rule4 Configure the screens

ZyWALL 5/35/70 Series User’s Guide735 Appendix K VPN SetupFigure 468 Headquarters Network Policy EditIP addresses on different subnets.Activate the

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 736Figure 469 Branch Office Network Policy EditDialing the VPN Tunnel via Web ConfiguratorTo

ZyWALL 5/35/70 Series User’s Guide737 Appendix K VPN SetupFigure 470 VPN Rule ConfiguredThe following screen displays.Figure 471 VPN DialThis scr

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 738VPN TroubleshootingIf the IPSec tunnel does not build properly, the problem is likely a conf

ZyWALL 5/35/70 Series User’s Guide739 Appendix K VPN SetupFigure 473 VPN Log Example ras> sys log disp ike ipsec# .time source

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 742.4.3 Navigation PanelAfter you enter the password, use the sub-menus

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 740IPSec DebugIf you are having difficulty building an IPSec tunnel to a non-ZyXEL IPSec router

ZyWALL 5/35/70 Series User’s Guide741 Appendix K VPN SetupUse a VPN TunnelA VPN tunnel gives you a secure connection to another computer or network.

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 742APPENDIX L Importing CertificatesThis appendix shows importing certificates exa

ZyWALL 5/35/70 Series User’s Guide743 Appendix L Importing CertificatesFigure 476 Login Screen2 Click Install Certificate to open the Install Certi

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 744Figure 478 Certificate Import Wizard 14 Select where you would like to store

ZyWALL 5/35/70 Series User’s Guide745 Appendix L Importing CertificatesFigure 480 Certificate Import Wizard 36 Click Yes to add the ZyWALL certifi

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 746Figure 482 Certificate General Information after ImportEnrolling and Importin

ZyWALL 5/35/70 Series User’s Guide747 Appendix L Importing CertificatesFigure 483 ZyWALL Trusted CA ScreenThe CA sends you a package containing the

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 748Figure 484 CA Certificate Example2 Click Install Certificate and follow the w

ZyWALL 5/35/70 Series User’s Guide749 Appendix L Importing CertificatesFigure 485 Personal Certificate Import Wizard 12 The file name and path of t

ZyWALL 5/35/70 Series User’s Guide75 Chapter 2 Introducing the Web ConfiguratorTable Key: An O in a mode’s column shows that the device mode has the

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 750Figure 487 Personal Certificate Import Wizard 34 Have the wizard determine wh

ZyWALL 5/35/70 Series User’s Guide751 Appendix L Importing CertificatesFigure 489 Personal Certificate Import Wizard 56 You should see the followin

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 752Figure 492 SSL Client Authentication3 You next see the ZyWALL login screen.Fi

ZyWALL 5/35/70 Series User’s Guide753 Appendix L Importing Certificates

ZyWALL 5/35/70 Series User’s GuideAppendix M Command Interpreter 754APPENDIX MCommand InterpreterThe following describes how to use the command interp

ZyWALL 5/35/70 Series User’s Guide755 Appendix M Command Interpreter

ZyWALL 5/35/70 Series User’s GuideAppendix N Firewall Commands 756APPENDIX NFirewall Commands The following describes the firewall commands. See Appen

ZyWALL 5/35/70 Series User’s Guide757 Appendix N Firewall CommandsE-mail config edit firewall e-mail mail-server <ip address of mail server>Th

ZyWALL 5/35/70 Series User’s GuideAppendix N Firewall Commands 758config edit firewall attack minute-high <0-255>This command sets the threshold

ZyWALL 5/35/70 Series User’s Guide759 Appendix N Firewall CommandsConfig edit firewall set <set #> tcp-idle-timeout <seconds>This command

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 76WAN General This screen allows you to configure load balancing, route p

ZyWALL 5/35/70 Series User’s GuideAppendix N Firewall Commands 760config edit firewall set <set #> rule <rule #> destaddr-subnet <ip ad

ZyWALL 5/35/70 Series User’s Guide761 Appendix N Firewall Commands

ZyWALL 5/35/70 Series User’s GuideAppendix O NetBIOS Filter Commands 762APPENDIX ONetBIOS Filter CommandsThe following describes the NetBIOS packet fi

ZyWALL 5/35/70 Series User’s Guide763 Appendix O NetBIOS Filter CommandsThe filter types and their default settings are as follows.NetBIOS Filter Con

ZyWALL 5/35/70 Series User’s GuideAppendix O NetBIOS Filter Commands 764sys filter netbios config 3 onThis command blocks IPSec NetBIOS packets.sys fi

ZyWALL 5/35/70 Series User’s Guide765 Appendix O NetBIOS Filter Commands

ZyWALL 5/35/70 Series User’s GuideAppendix P Certificates Commands 766APPENDIX PCertificates Commands The following describes the certificate commands

ZyWALL 5/35/70 Series User’s Guide767 Appendix P Certificates Commandscreate cmp_enroll <name> <CA addr> <CA cert> <auth key>

ZyWALL 5/35/70 Series User’s GuideAppendix P Certificates Commands 768replace_factoryCreate a certificate using your device MAC address that will be s

ZyWALL 5/35/70 Series User’s Guide769 Appendix P Certificates Commands delete <name> Delete the specified trusted remote host certificate. <

ZyWALL 5/35/70 Series User’s Guide77 Chapter 2 Introducing the Web ConfiguratorIDP General Use this screen to enable IDP on the ZyWALL and choose wha

ZyWALL 5/35/70 Series User’s GuideAppendix Q Brute-Force Password Guessing Protection 770APPENDIX QBrute-Force Password Guessing ProtectionBrute-force

ZyWALL 5/35/70 Series User’s Guide771 Appendix Q Brute-Force Password Guessing Protection

ZyWALL 5/35/70 Series User’s GuideAppendix R Boot Commands 772APPENDIX RBoot CommandsThe BootModule AT commands execute from within the router’s bootu

ZyWALL 5/35/70 Series User’s Guide773 Appendix R Boot CommandsFigure 495 Boot Module CommandsAT just answer OKATHE print helpAT

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 774APPENDIX SLog DescriptionsThis appendix provides descriptions of example log messages

ZyWALL 5/35/70 Series User’s Guide775 Appendix S Log DescriptionsConfiguration Change: PC = 0x%x, Task ID = 0x%xThe router is saving configuration ch

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 776 WAN connection is down. A WAN connection is down. You cannot access the network thro

ZyWALL 5/35/70 Series User’s Guide777 Appendix S Log Descriptions Table 278 TCP Reset Logs LOG MESSAGE DESCRIPTIONUnder SYN flood attack, sent TCP

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 778 For type and code details, see Ta b l e 294 on page 789. Table 280 ICMP Logs LOG

ZyWALL 5/35/70 Series User’s Guide779 Appendix S Log Descriptions ppp:LCP Closing The PPP connection’s Link Control Protocol stage is closing.ppp:I

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 78NAT NAT Overview Use this screen to enable NAT.Address MappingUse this

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 780 For type and code details, see Table 294 on page 789.Connecting to content filter se

ZyWALL 5/35/70 Series User’s Guide781 Appendix S Log DescriptionsFirewall sent TCP packet in response to DoS attack TCPThe firewall sent TCP packet i

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 782 Table 287 Wireless LogsLOG MESSAGE DESCRIPTIONWLAN MAC Filter Fail The MAC filter

ZyWALL 5/35/70 Series User’s Guide783 Appendix S Log Descriptions Table 289 IKE Logs LOG MESSAGE DESCRIPTIONActive connection allowed exceededThe I

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 784Remote IP <Remote IP> / <Remote IP> conflictsThe security gateway is set

ZyWALL 5/35/70 Series User’s Guide785 Appendix S Log DescriptionsRule [%d] Phase 2 authentication algorithm mismatchThe listed rule’s IKE phase 2 aut

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 786 Table 290 PKI Logs LOG MESSAGE DESCRIPTIONEnrollment successful The SCEP online ce

ZyWALL 5/35/70 Series User’s Guide787 Appendix S Log Descriptions Table 291 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION1 A

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 788Local User Database does not find user`s credential.A user was not authenticated by t

ZyWALL 5/35/70 Series User’s Guide789 Appendix S Log Descriptions (L to L/ZW) LAN to LAN/ZyWALLACL set for packets traveling from the LAN to the LAN

ZyWALL 5/35/70 Series User’s Guide79 Chapter 2 Introducing the Web Configurator2.4.4 System StatisticsClick Show Statistics in the HOME screen. Read

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 790 11 Time Exceeded0 Time to live exceeded in transit1 Fragment reassembly time exceede

ZyWALL 5/35/70 Series User’s Guide791 Appendix S Log Descriptions Signature update OK - New signature version: <Signature version> Release Date

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 792 The turbo card is not ready , please insert the card and reboot!The turbo card is no

ZyWALL 5/35/70 Series User’s Guide793 Appendix S Log DescriptionsRemove rating server [%Rating Server IP Address%] from server list!The listed server

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 794Syslog LogsThere are two types of syslog: event logs and traffic logs. The device gen

ZyWALL 5/35/70 Series User’s Guide795 Appendix S Log DescriptionsThe following table shows RFC-2408 ISAKMP payload types that the log displays. Pleas

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 796Log CommandsGo to the command interpreter interface. Appendix M on page 754 explains

ZyWALL 5/35/70 Series User’s Guide797 Appendix S Log Descriptions• Use the sys logs clear command to erase all of the ZyWALL’s logs.Log Command Examp

ZyWALL 5/35/70 Series User’s Guide Index 798IndexNumerics10/100 Mbps Ethernet WAN 55110V AC 5230V AC 5AAbnormal Working Conditions 6AC 5Access control

ZyWALL 5/35/70 Series User’s Guide799 IndexCCA 715Cable Modem 203Cables, Connecting 5Call Back Delay 518Call Control 630Call History 631, 632Call Sc

ZyWALL 5/35/70 Series User’s Guide Customer Support [email protected] +48-22-5286603 www.pl.zyxel.com ZyXEL Communications ul.Emilli Plater 53

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 802.4.5 Show Statistics: Line ChartClick the icon in the Show Statistics

ZyWALL 5/35/70 Series User’s Guide Index 800DNS 452DNS ServerFor VPN Host 419Domain Name 142, 276, 384, 484, 603DoSBasics 204Types 205DoS (Denial of S

ZyWALL 5/35/70 Series User’s Guide801 IndexFirmware FileMaintenance 612Fitness 6Flow Control 500Fragmentation Threshold 711Fragmentation threshold 7

ZyWALL 5/35/70 Series User’s Guide Index 802IP Addressing 694IP Alias 60, 530IP Alias Setup 530IP Classes 694IP Multicast 60Internet Group Management

ZyWALL 5/35/70 Series User’s Guide803 IndexMIME 273MIME Header 276MIME Headers 270MIME Value 276Modifications 3MSDU 545Multicast 112, 114, 176, 523,

ZyWALL 5/35/70 Series User’s Guide Index 804Levels 248Policy-based Routing 396Polyphormic virus 258Pool 5POP2 269POP3 204, 269, 271, 273, 384Port Forw

ZyWALL 5/35/70 Series User’s Guide805 IndexReturn Material Authorization (RMA) Number 6Returned Products 6Returns 6RFC 1889 467RFC 3489 469Rights 2R

ZyWALL 5/35/70 Series User’s Guide Index 806SSH 57, 441SSH Implementation 442startup 728Stateful Inspection 57, 202, 203, 208, 209Process 209ZyWALL 21

ZyWALL 5/35/70 Series User’s Guide807 IndexUnsolicited Commercial E-mail 266Upload Firmware 621UPnP 58, 456UPnP Examples 459UPnP Port Mapping 458Upp

ZyWALL 5/35/70 Series User’s Guide81 Chapter 2 Introducing the Web ConfiguratorThe following table describes the labels in this screen.2.4.6 DHCP Ta

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 82The following table describes the labels in this screen.2.4.7 VPN Stat

ZyWALL 5/35/70 Series User’s Guide83 Chapter 2 Introducing the Web ConfiguratorFigure 14 Home : VPN StatusThe following table describes the labels

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 84CHAPTER 3Wizard SetupThis chapter provides information on the Wizard Setup screens in the w

ZyWALL 5/35/70 Series User’s Guide85 Chapter 3 Wizard SetupFigure 15 ISP Parameters : Ethernet EncapsulationThe following table describes the label

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 863.2.1.2 PPPoE EncapsulationPoint-to-Point Protocol over Ethernet (PPPoE) functions as a di

ZyWALL 5/35/70 Series User’s Guide87 Chapter 3 Wizard Setup3.2.1.3 PPTP EncapsulationPoint-to-Point Tunneling Protocol (PPTP) is a network protocol

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 88Figure 17 ISP Parameters: PPTP EncapsulationThe following table describes the labels in t

ZyWALL 5/35/70 Series User’s Guide89 Chapter 3 Wizard Setup3.2.2 Internet Access Wizard: Second ScreenClick Next to go to the screen where you can r

ZyWALL 5/35/70 Series User’s Guide9 Customer Support

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 90Figure 19 Internet Access Setup Complete3.2.3 Internet Access Wizard: RegistrationIf you

ZyWALL 5/35/70 Series User’s Guide91 Chapter 3 Wizard SetupThe following table describes the labels in this screen. After you fill in the fields and

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 92Figure 22 Internet Access Wizard: StatusThe following screen appears if the registration

ZyWALL 5/35/70 Series User’s Guide93 Chapter 3 Wizard SetupFigure 25 Internet Access Wizard: Activated Services3.3 VPN Wizard Gateway SettingUse t

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 94The following table describes the labels in this screen.3.4 VPN Wizard Network SettingTwo

ZyWALL 5/35/70 Series User’s Guide95 Chapter 3 Wizard SetupFigure 27 VPN Wizard: Network SettingThe following table describes the labels in this sc

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 963.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1)Figure 28 VPN Wizard: IKE Tunnel SettingR

ZyWALL 5/35/70 Series User’s Guide97 Chapter 3 Wizard SetupThe following table describes the labels in this screen.Table 17 VPN Wizard: IKE Tunnel

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 983.6 VPN Wizard IPSec Setting (IKE Phase 2)Figure 29 VPN Wizard: IPSec SettingThe followi

ZyWALL 5/35/70 Series User’s Guide99 Chapter 3 Wizard Setup3.7 VPN Wizard Status SummaryThis read-only screen shows the status of the current VPN se