Zyxel-communications 5 Series User Manual

ZyWALL 5/35/70 SeriesInternet Security ApplianceUser’s GuideVersion 4.017/2006Edition 1

ZyWALL 5/35/70 Series User’s Guide10 Customer Support

ZyWALL 5/35/70 Series User’s Guide100 Chapter 3 Wizard SetupClick VPN Setup in the Wizard Setup Welcome screen (Figure 17 on page 90) to open the VPN

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 1013.4 VPN Wizard Network SettingUse this screen to name the VPN network policy (IPSec SA) a

ZyWALL 5/35/70 Series User’s Guide102 Chapter 3 Wizard SetupFigure 30 VPN Wizard: Network SettingThe following table describes the labels in this sc

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 1033.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1)Use this screen to specify the authenticat

ZyWALL 5/35/70 Series User’s Guide104 Chapter 3 Wizard SetupThe following table describes the labels in this screen.3.6 VPN Wizard IPSec Setting (IKE

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 105Figure 32 VPN Wizard: IPSec SettingThe following table describes the labels in this scre

ZyWALL 5/35/70 Series User’s Guide106 Chapter 3 Wizard Setup3.7 VPN Wizard Status SummaryThis read-only screen shows the status of the current VPN se

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 107Figure 33 VPN Wizard: VPN StatusThe following table describes the labels in this screen.

ZyWALL 5/35/70 Series User’s Guide108 Chapter 3 Wizard SetupName This is the name of this VPN network policy.Network Policy SettingLocal NetworkStarti

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 1093.8 VPN Wizard Setup CompleteCongratulations! You have successfully set up the VPN rule f

ZyWALL 5/35/70 Series User’s GuideTable of Contents 11Table of ContentsCopyright ...

ZyWALL 5/35/70 Series User’s Guide110 Chapter 3 Wizard Setup

ZyWALL 5/35/70 Series User’s GuideChapter 4 Tutorial 111CHAPTER 4TutorialThis chapter describes how to apply security settings to VPN traffic.4.1 Sec

ZyWALL 5/35/70 Series User’s Guide112 Chapter 4 TutorialFigure 35 IDP for From VPN Traffic Here is how you would configure this example. 1 Click SEC

ZyWALL 5/35/70 Series User’s GuideChapter 4 Tutorial 1134.1.2 IDP for To VPN Traffic ExampleYou can also apply security settings to the To VPN packet

ZyWALL 5/35/70 Series User’s Guide114 Chapter 4 TutorialFigure 38 IDP Configuration for To VPN Traffic4.2 Firewall Rule for VPN ExampleThe firewall

ZyWALL 5/35/70 Series User’s GuideChapter 4 Tutorial 115Figure 39 Firewall Rule for VPN4.2.1 Configuring the VPN RuleThis section shows how to conf

ZyWALL 5/35/70 Series User’s Guide116 Chapter 4 TutorialFigure 41 SECURITY > VPN > VPN Rules (IKE)> Add Gateway Policy 3 Click the Add N

ZyWALL 5/35/70 Series User’s GuideChapter 4 Tutorial 117Figure 42 SECURITY > VPN > VPN Rules (IKE): With Gateway Policy Example 4 Use this sc

ZyWALL 5/35/70 Series User’s Guide118 Chapter 4 TutorialFigure 43 SECURITY > VPN > VPN Rules (IKE)> Add Network Policy 4.2.2 Configuring

ZyWALL 5/35/70 Series User’s GuideChapter 4 Tutorial 1194.2.2.1 Firewall Rule to Allow Access ExampleConfigure a firewall rule that allows FTP access

ZyWALL 5/35/70 Series User’s Guide12 Table of Contents2.4.5 Navigation Panel ...

ZyWALL 5/35/70 Series User’s Guide120 Chapter 4 TutorialFigure 45 SECURITY > FIREWALL > Rule Summary > Edit: Allow 4 The rule displays in t

ZyWALL 5/35/70 Series User’s GuideChapter 4 Tutorial 121Figure 46 SECURITY > FIREWALL > Rule Summary: Allow4.2.2.2 Default Firewall Rule to B

ZyWALL 5/35/70 Series User’s Guide122 Chapter 4 Tutorial

ZyWALL 5/35/70 Series User’s GuideChapter 5 Registration 123CHAPTER 5Registration5.1 myZyXEL.com overviewmyZyXEL.com is ZyXEL’s online services cente

ZyWALL 5/35/70 Series User’s Guide124 Chapter 5 RegistrationYou will get automatic e-mail notification of new signature releases from mySecurityZone a

ZyWALL 5/35/70 Series User’s GuideChapter 5 Registration 125The following table describes the labels in this screen. Note: If the ZyWALL is registered

ZyWALL 5/35/70 Series User’s Guide126 Chapter 5 RegistrationFigure 49 REGISTRATION: Registered Device5.3 ServiceAfter you activate a trial, you can

ZyWALL 5/35/70 Series User’s GuideChapter 5 Registration 127The following table describes the labels in this screen. Table 22 REGISTRATION > Serv

ZyWALL 5/35/70 Series User’s Guide128 Chapter 5 Registration

ZyWALL 5/35/70 Series User’s GuideChapter 6 LAN Screens 129CHAPTER 6LAN ScreensThis chapter describes how to configure LAN settings. This chapter is o

ZyWALL 5/35/70 Series User’s GuideTable of Contents 13Chapter 6LAN Screens...

ZyWALL 5/35/70 Series User’s Guide130 Chapter 6 LAN ScreensWhere you obtain your network number depends on your particular situation. If the ISP or yo

ZyWALL 5/35/70 Series User’s GuideChapter 6 LAN Screens 1316.3 DHCP The ZyWALL can use DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 21

ZyWALL 5/35/70 Series User’s Guide132 Chapter 6 LAN ScreensIGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish memb

ZyWALL 5/35/70 Series User’s GuideChapter 6 LAN Screens 133Figure 52 NETWORK > LANThe following table describes the labels in this screen.Table 2

ZyWALL 5/35/70 Series User’s Guide134 Chapter 6 LAN ScreensRIP Version The RIP Version field controls the format and the broadcasting method of the RI

ZyWALL 5/35/70 Series User’s GuideChapter 6 LAN Screens 1356.8 LAN Static DHCPThis table allows you to assign IP addresses on the LAN to specific ind

ZyWALL 5/35/70 Series User’s Guide136 Chapter 6 LAN ScreensFigure 53 NETWORK > LAN > Static DHCPThe following table describes the labels in th

ZyWALL 5/35/70 Series User’s GuideChapter 6 LAN Screens 137The ZyWALL has a single LAN interface. Even though more than one of ports 1~4 may be in the

ZyWALL 5/35/70 Series User’s Guide138 Chapter 6 LAN ScreensFigure 55 NETWORK > LAN > IP AliasThe following table describes the labels in this

ZyWALL 5/35/70 Series User’s GuideChapter 6 LAN Screens 1396.10 LAN Port RolesUse the Port Roles screen to set ports as part of the LAN, DMZ and/or W

ZyWALL 5/35/70 Series User’s Guide14 Table of Contents8.8 WAN Route ...

ZyWALL 5/35/70 Series User’s Guide140 Chapter 6 LAN ScreensFigure 56 NETWORK > LAN > Port RolesThe following table describes the labels in thi

ZyWALL 5/35/70 Series User’s GuideChapter 7 Bridge Screens 141CHAPTER 7Bridge ScreensThis chapter describes how to configure bridge settings. This cha

ZyWALL 5/35/70 Series User’s Guide142 Chapter 7 Bridge Screens7.2 Spanning Tree Protocol (STP)STP detects and breaks network loops and provides backu

ZyWALL 5/35/70 Series User’s GuideChapter 7 Bridge Screens 143STP-aware bridges exchange Bridge Protocol Data Units (BPDUs) periodically. When the bri

ZyWALL 5/35/70 Series User’s Guide144 Chapter 7 Bridge ScreensFigure 59 NETWORK > BridgeThe following table describes the labels in this screen.T

ZyWALL 5/35/70 Series User’s GuideChapter 7 Bridge Screens 1457.4 Bridge Port Roles Use the Port Roles screen to set ports as part of the LAN, DMZ an

ZyWALL 5/35/70 Series User’s Guide146 Chapter 7 Bridge ScreensFigure 60 NETWORK > Bridge > Port RolesThe following table describes the labels

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 147CHAPTER 8WAN ScreensThis chapter describes how to configure WAN settings. Multiple WAN and

ZyWALL 5/35/70 Series User’s Guide148 Chapter 8 WAN ScreensYou can select through which WAN port you want to send out traffic from UPnP-enabled applic

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 1498.4.1.1 Example 1The following figure depicts an example where both the WAN ports on the Z

ZyWALL 5/35/70 Series User’s GuideTable of Contents 1510.9.1 Introduction to RADIUS ...

ZyWALL 5/35/70 Series User’s Guide150 Chapter 8 WAN Screens8.4.2 Weighted Round Robin Similar to the Round Robin (RR) algorithm, the Weighted Round R

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 151Figure 64 Spillover Algorithm Example8.5 TCP/IP Priority (Metric)The metric represents t

ZyWALL 5/35/70 Series User’s Guide152 Chapter 8 WAN ScreensFigure 65 NETWORK > WAN (General)

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 153The following table describes the labels in this screen.Table 33 NETWORK > WAN (Genera

ZyWALL 5/35/70 Series User’s Guide154 Chapter 8 WAN ScreensCheck WAN1/2 ConnectivitySelect the check box to have the ZyWALL periodically test the resp

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 1558.7 Configuring Load Balancing To configure load balancing on the ZyWALL, click NETWORK &g

ZyWALL 5/35/70 Series User’s Guide156 Chapter 8 WAN Screens8.7.2 Weighted Round RobinTo load balance using the weighted round robin method, select We

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 1578.7.3 SpilloverTo load balance using the spillover method, select Spillover in the Load Ba

ZyWALL 5/35/70 Series User’s Guide158 Chapter 8 WAN ScreensFigure 69 NETWORK > WAN (Route)The following table describes the labels in this screen

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 1598.9 WAN IP Address Assignment Every computer on the Internet must have a unique IP address

ZyWALL 5/35/70 Series User’s Guide16 Table of Contents11.13.1 Firewall Edit Custom Service ...

ZyWALL 5/35/70 Series User’s Guide160 Chapter 8 WAN Screens1 The ISP tells you the DNS server addresses, usually in the form of an information sheet,

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 161Figure 70 NETWORK > WAN > WAN (Ethernet Encapsulation) The following table descri

ZyWALL 5/35/70 Series User’s Guide162 Chapter 8 WAN ScreensRetype to Confirm Type your password again to make sure that you have entered is correctly.

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 1638.12.2 PPPoE EncapsulationThe ZyWALL supports PPPoE (Point-to-Point Protocol over Ethernet

ZyWALL 5/35/70 Series User’s Guide164 Chapter 8 WAN ScreensOperationally, PPPoE saves significant effort for both you and the ISP or carrier, as it re

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 165The following table describes the labels in this screen.Table 41 NETWORK > WAN > WA

ZyWALL 5/35/70 Series User’s Guide166 Chapter 8 WAN Screens8.12.3 PPTP EncapsulationPoint-to-Point Tunneling Protocol (PPTP) is a network protocol th

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 167PPTP supports on-demand, multi-protocol and virtual private networking over public networks

ZyWALL 5/35/70 Series User’s Guide168 Chapter 8 WAN ScreensThe following table describes the labels in this screen.Table 42 NETWORK > WAN > WA

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 169Enable NAT (Network Address Translation)Network Address Translation (NAT) allows the transl

ZyWALL 5/35/70 Series User’s GuideTable of Contents 1714.2.2 Notes About the ZyWALL Anti-Virus ...27

ZyWALL 5/35/70 Series User’s Guide170 Chapter 8 WAN Screens8.13 Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when t

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 171Figure 75 NETWORK > WAN > Traffic RedirectThe following table describes the labels

ZyWALL 5/35/70 Series User’s Guide172 Chapter 8 WAN ScreensFigure 76 NETWORK > WAN > Dial Backup

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 173The following table describes the labels in this screen.Table 44 NETWORK > WAN > Di

ZyWALL 5/35/70 Series User’s Guide174 Chapter 8 WAN ScreensEnable RIP Select this check box to turn on RIP (Routing Information Protocol), which allow

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 1758.16 Advanced Modem Setup 8.16.1 AT Command StringsFor regular telephone lines, the defa

ZyWALL 5/35/70 Series User’s Guide176 Chapter 8 WAN ScreensFigure 77 NETWORK > WAN > Dial Backup > Edit The following table describes the

ZyWALL 5/35/70 Series User’s GuideChapter 8 WAN Screens 177Dial Timeout (sec) Type a number of seconds for the ZyWALL to try to set up an outgoing cal

ZyWALL 5/35/70 Series User’s Guide178 Chapter 8 WAN Screens

ZyWALL 5/35/70 Series User’s GuideChapter 9 DMZ Screens 179CHAPTER 9DMZ ScreensThis chapter describes how to configure the ZyWALL’s DMZ.9.1 DMZ The

ZyWALL 5/35/70 Series User’s Guide18 Table of ContentsChapter 17Content Filtering Reports...

ZyWALL 5/35/70 Series User’s Guide180 Chapter 9 DMZ ScreensFigure 78 NETWORK > DMZ The following table describes the labels in this screen. Table

ZyWALL 5/35/70 Series User’s GuideChapter 9 DMZ Screens 181RIP Version The RIP Version field controls the format and the broadcasting method of the RI

ZyWALL 5/35/70 Series User’s Guide182 Chapter 9 DMZ Screens9.3 DMZ Static DHCP This table allows you to assign IP addresses on the DMZ to specific i

ZyWALL 5/35/70 Series User’s GuideChapter 9 DMZ Screens 183Figure 79 NETWORK > DMZ > Static DHCP The following table describes the labels in

ZyWALL 5/35/70 Series User’s Guide184 Chapter 9 DMZ ScreensThe ZyWALL has a single DMZ interface. Even though more than one of ports 1~4 may be in the

ZyWALL 5/35/70 Series User’s GuideChapter 9 DMZ Screens 1859.5 DMZ Public IP Address ExampleThe following figure shows a simple network setup with pu

ZyWALL 5/35/70 Series User’s Guide186 Chapter 9 DMZ ScreensFigure 81 DMZ Public Address Example9.6 DMZ Private and Public IP Address ExampleThe fol

ZyWALL 5/35/70 Series User’s GuideChapter 9 DMZ Screens 187Figure 82 DMZ Private and Public Address Example9.7 DMZ Port Roles Use the Port Roles s

ZyWALL 5/35/70 Series User’s Guide188 Chapter 9 DMZ ScreensFigure 83 NETWORK > DMZ > Port Roles The following table describes the labels in th

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 189CHAPTER 10Wireless LANThis chapter discusses how to configure wireless LAN on the ZyWALL.

ZyWALL 5/35/70 Series User’s GuideTable of Contents 1918.16.1 Hub-and-spoke VPN Example ...35

ZyWALL 5/35/70 Series User’s Guide190 Chapter 10 Wireless LANClick NETWORK, > WLAN to open the WLAN screen to configure the IP address for ZyWALL’s

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 191RIP Version The RIP Version field controls the format and the broadcasting method of the

ZyWALL 5/35/70 Series User’s Guide192 Chapter 10 Wireless LAN10.3 WLAN Static DHCP This table allows you to assign IP addresses on the WLAN to speci

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 193Figure 85 NETWORK > WLAN > Static DHCP The following table describes the labels i

ZyWALL 5/35/70 Series User’s Guide194 Chapter 10 Wireless LANThe ZyWALL has a single WLAN interface. Even though more than one of ports 1~4 may be in

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 19510.5 WLAN Port Roles Use the Port Roles screen to set ports as part of the LAN, DMZ and

ZyWALL 5/35/70 Series User’s Guide196 Chapter 10 Wireless LANFigure 87 WLAN Port Role Example Note: Do the following if you are configuring from a c

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 197The following table describes the labels in this screen. After you change the LAN/DMZ/WLA

ZyWALL 5/35/70 Series User’s Guide198 Chapter 10 Wireless LANFigure 90 ZyWALL Wireless Security LevelsIf you do not enable any wireless security on

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 19910.6.3 Restricted AccessThe MAC Filter screen allows you to configure the AP to give exc

ZyWALL 5/35/70 Series User’s Guide20 Table of Contents21.1.5 Port Restricted Cone NAT ...

ZyWALL 5/35/70 Series User’s Guide200 Chapter 10 Wireless LAN10.9 802.1x OverviewThe IEEE 802.1x standard outlines enhanced security methods for both

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 201Sent by the access point requesting accounting.• Accounting-ResponseSent by the RADIUS se

ZyWALL 5/35/70 Series User’s Guide202 Chapter 10 Wireless LAN10.10 Dynamic WEP Key ExchangeThe AP maps a unique key that is generated with the RADIUS

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 203Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated a

ZyWALL 5/35/70 Series User’s Guide204 Chapter 10 Wireless LANFigure 92 WPA-PSK Authentication10.13 Introduction to RADIUSThe ZyWALL can use an exte

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 205Figure 93 WPA with RADIUS Application Example10.15 Wireless Client WPA SupplicantsA wi

ZyWALL 5/35/70 Series User’s Guide206 Chapter 10 Wireless LANFigure 94 NETWORK > WIRELESS CARD: No SecurityThe following table describes the labe

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 20710.16.1 Static WEPStatic WEP provides a mechanism for encrypting data using encryption k

ZyWALL 5/35/70 Series User’s Guide208 Chapter 10 Wireless LANFigure 95 NETWORK > WIRELESS CARD: Static WEPThe following table describes the wirel

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 209Figure 96 NETWORK > WIRELESS CARD: WPA-PSKThe following wireless LAN security fields

ZyWALL 5/35/70 Series User’s GuideTable of Contents 2124.7.5 Maximize Bandwidth Usage Example ...42624.

ZyWALL 5/35/70 Series User’s Guide210 Chapter 10 Wireless LAN10.16.3 WPAClick NETWORK > WIRELESS CARD to display the Wireless Card screen. Select

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 21110.16.4 IEEE 802.1x + Dynamic WEPClick NETWORK > WIRELESS CARD to display the Wireles

ZyWALL 5/35/70 Series User’s Guide212 Chapter 10 Wireless LANThe following wireless LAN security fields become available when you select 802.1x + Dyna

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 213Figure 99 NETWORK > WIRELESS CARD: 802.1x + Static WEPThe following wireless LAN sec

ZyWALL 5/35/70 Series User’s Guide214 Chapter 10 Wireless LAN10.16.6 IEEE 802.1x + No WEPClick the NETWORK > WIRELESS CARD to display the Wireless

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 215The following wireless LAN security fields become available when you select 802.1x + No W

ZyWALL 5/35/70 Series User’s Guide216 Chapter 10 Wireless LANFigure 101 NETWORK > WIRELESS CARD: No Access 802.1x + Static WEPThe following wirel

ZyWALL 5/35/70 Series User’s GuideChapter 10 Wireless LAN 21710.17 MAC Filter The MAC filter screen allows you to configure the ZyWALL to give exclus

ZyWALL 5/35/70 Series User’s Guide218 Chapter 10 Wireless LANUser Name Enter a descriptive name for the MAC address.MAC AddressEnter the MAC addresses

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 219CHAPTER 11FirewallThis chapter shows you how to configure your ZyWALL’s firewall.11.1 Firewa

ZyWALL 5/35/70 Series User’s Guide22 Table of Contents26.4.2 Netscape Navigator Warning Messages ...45626.

ZyWALL 5/35/70 Series User’s Guide220 Chapter 11 FirewallYour customized rules take precedence and override the ZyWALL’s default settings. The ZyWALL

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 221To set the ZyWALL to by default silently block traffic from WAN 1 from going to the DMZ inter

ZyWALL 5/35/70 Series User’s Guide222 Chapter 11 FirewallBy default, the ZyWALL drops packets traveling in the following directions.See Chapter 4 on p

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 223Figure 106 From LAN to VPN Example In order to do this, you would configure the SECURITY &g

ZyWALL 5/35/70 Series User’s Guide224 Chapter 11 Firewall11.3.2 From VPN Packet Direction You can also apply firewall rules to traffic that comes in

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 225Figure 109 Block VPN to LAN Traffic by Default Example 11.3.3 From VPN To VPN Packet Di

ZyWALL 5/35/70 Series User’s Guide226 Chapter 11 FirewallFigure 110 From VPN to VPN Example You would configure the SECURITY > FIREWALL > Defa

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 227Consider these security ramifications before creating a rule:1 Does this rule stop LAN users

ZyWALL 5/35/70 Series User’s Guide228 Chapter 11 Firewall• The second row is the firewall’s default policy that allows all traffic from the LAN to go

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 229• The third row is (still) the firewall’s default policy of allowing all traffic from the LAN

ZyWALL 5/35/70 Series User’s GuideTable of Contents 2328.1.2 ALG and the Firewall ...

ZyWALL 5/35/70 Series User’s Guide230 Chapter 11 FirewallFigure 114 Using IP Alias to Solve the Triangle Route Problem11.7 Firewall Default Rule (R

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 231The following table describes the labels in this screen. Table 66 SECURITY > FIREWALL &g

ZyWALL 5/35/70 Series User’s Guide232 Chapter 11 Firewall11.8 Firewall Default Rule (Bridge Mode) Click SECURITY > FIREWALL to open the Default R

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 233The following table describes the labels in this screen. Table 67 SECURITY > FIREWALL

ZyWALL 5/35/70 Series User’s Guide234 Chapter 11 Firewall11.9 Firewall Rule Summary Click SECURITY > FIREWALL > Rule Summary to open the screen

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 23511.9.1 Firewall Edit Rule Follow these directions to create a new rule.1 In the Rule Sum

ZyWALL 5/35/70 Series User’s Guide236 Chapter 11 FirewallFigure 118 SECURITY > FIREWALL > Rule Summary > Edit

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 237The following table describes the labels in this screen. Table 69 SECURITY > FIREWALL

ZyWALL 5/35/70 Series User’s Guide238 Chapter 11 Firewall11.10 Anti-Probing Click SECURITY > FIREWALL > Anti-Probing to open the following s

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 239The following table describes the labels in this screen. 11.11 Firewall Thresholds For Do

ZyWALL 5/35/70 Series User’s Guide24 Table of Contents31.5.2 Time Server Synchronization ...

ZyWALL 5/35/70 Series User’s Guide240 Chapter 11 Firewall11.11.1 Threshold ValuesIf everything is working properly, you probably do not need to chang

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 241The following table describes the labels in this screen. Table 71 SECURITY > FIREWALL &g

ZyWALL 5/35/70 Series User’s Guide242 Chapter 11 Firewall11.13 Service Click SECURITY > FIREWALL > Service to open the screen as shown next. Us

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 243Figure 122 SECURITY > FIREWALL > ServiceThe following table describes the labels in t

ZyWALL 5/35/70 Series User’s Guide244 Chapter 11 Firewall11.13.1 Firewall Edit Custom Service Click SECURITY > FIREWALL > Service > Add to d

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 24511.14 My Service Firewall Rule ExampleThe following Internet firewall rule example allows a

ZyWALL 5/35/70 Series User’s Guide246 Chapter 11 FirewallFigure 125 My Service Firewall Rule Example: Edit Custom Service 3 Click Rule Summary. Sele

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 247Figure 127 My Service Firewall Rule Example: Rule Edit 9 In the Edit Rule screen, use the a

ZyWALL 5/35/70 Series User’s Guide248 Chapter 11 FirewallFigure 128 My Service Firewall Rule Example: Rule ConfigurationRule 1 allows a My Service c

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall 249Figure 129 My Service Firewall Rule Example: Rule Summary

ZyWALL 5/35/70 Series User’s GuideTable of Contents 25Chapter 35LAN Setup...

ZyWALL 5/35/70 Series User’s Guide250 Chapter 11 Firewall

ZyWALL 5/35/70 Series User’s GuideChapter 12 Intrusion Detection and Prevention (IDP) 251CHAPTER 12Intrusion Detection andPrevention (IDP)This chapter

ZyWALL 5/35/70 Series User’s Guide252 Chapter 12 Intrusion Detection and Prevention (IDP)Firewalls are usually deployed at the network edge. However,

ZyWALL 5/35/70 Series User’s GuideChapter 12 Intrusion Detection and Prevention (IDP) 25312.1.5 Example IntrusionsThe following are some examples of

ZyWALL 5/35/70 Series User’s Guide254 Chapter 12 Intrusion Detection and Prevention (IDP)12.1.5.4 MyDoomMyDoom W32.Mydoom.A@mm (also known as W32.Nov

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 255CHAPTER 13Configuring IDPThis chapter shows you how to configure IDP on the ZyWALL. 13

ZyWALL 5/35/70 Series User’s Guide256 Chapter 13 Configuring IDP13.2 General SetupUse this screen to enable IDP on the ZyWALL and choose what traffic

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 25713.3 IDP SignaturesThe rules that define how to identify and respond to intrusions ar

ZyWALL 5/35/70 Series User’s Guide258 Chapter 13 Configuring IDPTo see signatures listed by intrusion type supported by the ZyWALL, select that type f

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 25913.3.2 Intrusion SeverityIntrusions are assigned a severity level based on the follow

ZyWALL 5/35/70 Series User’s Guide26 Table of Contents40.3 Remote Node Profile Setup ...

ZyWALL 5/35/70 Series User’s Guide260 Chapter 13 Configuring IDPFigure 134 SECURITY > IDP > Signature: Actions The following table describes s

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 261Figure 135 SECURITY > IDP > Signature: Group ViewThe following table describes

ZyWALL 5/35/70 Series User’s Guide262 Chapter 13 Configuring IDP13.3.5 Query View Click IDP > Signature to see the ZyWALL’s “group view” signature

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 263Figure 136 SECURITY > IDP > Signature: Query ViewThe following table describes

ZyWALL 5/35/70 Series User’s Guide264 Chapter 13 Configuring IDPSearch Click this button to begin the search. The results display at the bottom of the

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 26513.3.5.1 Query Example 11 From the “group view” signature screen, click the Switch to

ZyWALL 5/35/70 Series User’s Guide266 Chapter 13 Configuring IDPFigure 138 SECURITY > IDP > Signature: Query by Complete ID13.3.5.2 Query Exa

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 267Figure 139 Signature Query by Attribute. 13.4 Update The ZyWALL comes with built-in

ZyWALL 5/35/70 Series User’s Guide268 Chapter 13 Configuring IDP13.4.2 Configuring IDP UpdateWhen scheduling signature updates, you should choose a d

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 26913.5 Backup and RestoreYou can change the pre-defined Active, Log, Alert and/or Actio

ZyWALL 5/35/70 Series User’s GuideTable of Contents 2744.2 Configuring a Filter Set ...

ZyWALL 5/35/70 Series User’s Guide270 Chapter 13 Configuring IDPFigure 141 SECURITY > IDP > Backup & RestoreUse the Backup & Restore s

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 271CHAPTER 14Anti-VirusThis chapter introduces and shows you how to configure the anti-virus s

ZyWALL 5/35/70 Series User’s Guide272 Chapter 14 Anti-Virus2 The virus spreads to other files and programs on the computer. 3 The infected files are u

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 27314.2.1 How the ZyWALL Anti-Virus Scanner WorksThe ZyWALL checks traffic going in the dire

ZyWALL 5/35/70 Series User’s Guide274 Chapter 14 Anti-VirusNote: Turn the ZyWALL off before you install or remove the ZyWALL Turbo card. Note: The Zy

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 275Figure 143 SECURITY > ANTI-VIRUS > General The following table describes the labels

ZyWALL 5/35/70 Series User’s Guide276 Chapter 14 Anti-Virus14.4 Signature SearchingClick SECURITY > ANTI-VIRUS > Signature to display this scre

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 277Figure 144 SECURITY > ANTI-VIRUS > Signature: Query ViewThe following table describ

ZyWALL 5/35/70 Series User’s Guide278 Chapter 14 Anti-Virus14.4.1 Signature Search ExampleThis example shows a search for signatures that are enabled

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 279Figure 145 Query Example Search Criteria

ZyWALL 5/35/70 Series User’s Guide28 Table of Contents47.3.4 GUI-based FTP Clients ...

ZyWALL 5/35/70 Series User’s Guide280 Chapter 14 Anti-VirusFigure 146 Query Example Search Results

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 28114.5 Signature Update The ZyWALL comes with built-in signatures created by the ZyXEL Secu

ZyWALL 5/35/70 Series User’s Guide282 Chapter 14 Anti-VirusFigure 147 SECURITY > ANTI-VIRUS > UpdateThe following table describes the labels i

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 28314.6 Backup and Restore Click ANTI-VIRUS > Backup & Restore. The screen displays a

ZyWALL 5/35/70 Series User’s Guide284 Chapter 14 Anti-VirusUse the Backup & Restore screen to:• Back up anti-virus signatures with your custom con

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 285CHAPTER 15Anti-SpamThis chapter covers how to use the ZyWALL’s anti-spam feature to deal wit

ZyWALL 5/35/70 Series User’s Guide286 Chapter 15 Anti-Spam15.1.1.1 SpamBulk EngineThe e-mail fingerprint ID that the ZyWALL generates and sends to th

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 28715.1.1.4 SpamTricks EngineThe SpamTricks engine checks for the tactics that spammers use to

ZyWALL 5/35/70 Series User’s Guide288 Chapter 15 Anti-SpamThe anti-spam external database checks for spoofing of e-mail attributes (like the IP addres

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 28915.1.7 MIME HeadersMIME (Multipurpose Internet Mail Extensions) allows varied media types t

ZyWALL 5/35/70 Series User’s GuideTable of Contents 2950.3 IP Policy Routing Example ...

ZyWALL 5/35/70 Series User’s Guide290 Chapter 15 Anti-SpamFigure 150 SECURITY > ANTI-SPAM > GeneralThe following table describes the labels in

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 291From, To Select the directions of travel of packets that you want to check. Select or clear

ZyWALL 5/35/70 Series User’s Guide292 Chapter 15 Anti-Spam15.3 Anti-Spam External DB Screen Click SECURITY > ANTI-SPAM > External DB to dis

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 293The following table describes the labels in this screen. Table 85 SECURITY > ANTI-SPAM

ZyWALL 5/35/70 Series User’s Guide294 Chapter 15 Anti-Spam15.4 Anti-Spam Lists Screen Click SECURITY > ANTI-SPAM > Lists to display the Anti-S

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 295Figure 152 SECURITY > ANTI-SPAM > ListsThe following table describes the labels in t

ZyWALL 5/35/70 Series User’s Guide296 Chapter 15 Anti-Spam15.5 Anti-Spam Lists Edit Screen Click SECURITY > ANTI-SPAM > Lists to display the

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 297Figure 153 SECURITY > ANTI-SPAM > Lists > Edit The following table describes the

ZyWALL 5/35/70 Series User’s Guide298 Chapter 15 Anti-SpamE-Mail Address This field displays when you select the E-Mail type. Enter an e-mail address

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 299CHAPTER 16Content Filtering ScreensThis chapter provides an overview of cont

ZyWALL 5/35/70 Series User’s GuideCopyright 3CopyrightCopyright © 2006 by ZyXEL Communications Corporation.The contents of this publication may not be

ZyWALL 5/35/70 Series User’s Guide30 Table of ContentsImporting Certificates...

ZyWALL 5/35/70 Series User’s Guide300 Chapter 16 Content Filtering ScreensFigure 154 SECURITY > CONTENT FILTER > GeneralThe following table de

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 301Restrict Web Features Select the check box(es) to restrict a feature. When

ZyWALL 5/35/70 Series User’s Guide302 Chapter 16 Content Filtering Screens16.3 Content Filtering with an External DatabaseWhen you register for and e

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 3035 The external content filtering server sends the category information back

ZyWALL 5/35/70 Series User’s Guide304 Chapter 16 Content Filtering ScreensFigure 156 SECURITY > CONTENT FILTER > CategoriesThe following table

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 305Unrated Web Pages Select Block to prevent users from accessing web pages tha

ZyWALL 5/35/70 Series User’s Guide306 Chapter 16 Content Filtering ScreensNudity Selecting this category excludes pages containing nude or seminude de

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 307Illegal Drugs Selecting this category excludes pages that promote, offer, se

ZyWALL 5/35/70 Series User’s Guide308 Chapter 16 Content Filtering ScreensWeb Communications Selecting this category excludes pages that allow or offe

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 309Vehicles Selecting this category excludes pages that provide information on

ZyWALL 5/35/70 Series User’s GuideList of Figures 31List of FiguresFigure 1 Secure Internet Access via Cable, DSL or Wireless Modem ...

ZyWALL 5/35/70 Series User’s Guide310 Chapter 16 Content Filtering Screens16.5 Content Filter Customization Click SECURITY > CONTENT FILTER >

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 311The following table describes the labels in this screen. Table 90 SECURITY

ZyWALL 5/35/70 Series User’s Guide312 Chapter 16 Content Filtering Screens16.6 Customizing Keyword Blocking URL CheckingYou can use commands to set h

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 313Use the ip urlfilter customize actionFlags 8 [disable | enable] command to e

ZyWALL 5/35/70 Series User’s Guide314 Chapter 16 Content Filtering ScreensThe following table describes the labels in this screen. Table 91 SECURI

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 315CHAPTER 17Content Filtering ReportsThis chapter describes how to view conten

ZyWALL 5/35/70 Series User’s Guide316 Chapter 17 Content Filtering ReportsFigure 159 myZyXEL.com: Login3 A welcome screen displays. Click your ZyWAL

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 317Figure 161 myZyXEL.com: Service Management5 Enter your ZyXEL device's

ZyWALL 5/35/70 Series User’s Guide318 Chapter 17 Content Filtering ReportsFigure 163 Content Filtering Reports Main Screen8 Select items under Globa

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 319Figure 165 Global Report Screen Example11You can click a category in the C

ZyWALL 5/35/70 Series User’s Guide32 List of FiguresFigure 39 Firewall Rule for VPN ...

ZyWALL 5/35/70 Series User’s Guide320 Chapter 17 Content Filtering ReportsFigure 166 Requested URLs Example17.3 Web Site SubmissionYou may find tha

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 321Figure 167 Web Page Review Process Screen3 Type the web site’s URL in the

ZyWALL 5/35/70 Series User’s Guide322 Chapter 17 Content Filtering Reports

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 323CHAPTER 18IPSec VPNThis chapter explains how to set up and maintain IPSec VPNs in the ZyWALL

ZyWALL 5/35/70 Series User’s Guide324 Chapter 18 IPSec VPNA VPN tunnel is usually established in two phases. Each phase establishes a security associa

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 325You can usually provide a static IP address or a domain name for the ZyWALL. Sometimes, your

ZyWALL 5/35/70 Series User’s Guide326 Chapter 18 IPSec VPNFigure 172 SECURITY > VPN > VPN Rules (IKE) The following table describes the label

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 32718.3 IKE SA Setup This section provides more details about IKE SAs.18.3.1 IKE SA Proposa

ZyWALL 5/35/70 Series User’s Guide328 Chapter 18 IPSec VPNSee the field descriptions for information about specific encryption algorithms, authenticat

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 329Router identity consists of ID type and ID content. The ID type can be IP address, domain na

ZyWALL 5/35/70 Series User’s GuideList of Figures 33Figure 82 DMZ Private and Public Address Example ...

ZyWALL 5/35/70 Series User’s Guide330 Chapter 18 IPSec VPN• The local ID type and ID content come from the certificate. On the ZyWALL, you simply sele

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 331Step 2: The remote IPSec router selects an acceptable proposal and sends it back to the ZyWA

ZyWALL 5/35/70 Series User’s Guide332 Chapter 18 IPSec VPN18.4 Additional IPSec VPN TopicsThis section discusses other IPSec VPN topics that apply to

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 333Figure 177 IPSec High AvailabilityWhen setting up a IPSec high availability VPN tunnel, th

ZyWALL 5/35/70 Series User’s Guide334 Chapter 18 IPSec VPN18.5 VPN Rules (IKE) Gateway Policy Edit In the VPN Rule (IKE) screen, click the add gatew

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 335Figure 178 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy

ZyWALL 5/35/70 Series User’s Guide336 Chapter 18 IPSec VPNThe following table describes the labels in this screen. Table 95 SECURITY > VPN > V

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 337Fall back to Primary Remote Gateway when possibleSelect this to have the ZyWALL change back

ZyWALL 5/35/70 Series User’s Guide338 Chapter 18 IPSec VPNPeer ID Type Select from the following when you set Authentication Key to Pre-shared Key.Sel

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 339Server Mode Select Server Mode to have this ZyWALL authenticate extended authentication clie

ZyWALL 5/35/70 Series User’s Guide34 List of FiguresFigure 125 My Service Firewall Rule Example: Edit Custom Service ...

ZyWALL 5/35/70 Series User’s Guide340 Chapter 18 IPSec VPN18.6 IPSec SA Overview Once the ZyWALL and remote IPSec router have established the IKE

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 341Usually, you should select ESP. AH does not support encryption, and ESP is more suitable wit

ZyWALL 5/35/70 Series User’s Guide342 Chapter 18 IPSec VPNIf you enable PFS, the ZyWALL and remote IPSec router perform a DH key exchange every time a

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 343Figure 180 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy

ZyWALL 5/35/70 Series User’s Guide344 Chapter 18 IPSec VPNThe following table describes the labels in this screen. Table 96 SECURITY > VPN > V

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 345Starting IP Address When the Address Type field is configured to Single Address, enter a (st

ZyWALL 5/35/70 Series User’s Guide346 Chapter 18 IPSec VPN18.8 VPN Rules (IKE): Network Policy Move Click the move ( ) icon in the VPN Rules (IKE)

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 347• The gateway policy contains the IKE SA settings. It identifies the IPSec routers at either

ZyWALL 5/35/70 Series User’s Guide348 Chapter 18 IPSec VPN18.9 IPSec SA Using Manual Keys You might set up an IPSec SA using manual keys when you

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 349Figure 182 SECURITY > VPN > VPN Rules (Manual) The following table describes the lab

ZyWALL 5/35/70 Series User’s GuideList of Figures 35Figure 168 VPN: Example ...

ZyWALL 5/35/70 Series User’s Guide350 Chapter 18 IPSec VPN18.11 VPN Rules (Manual): Edit Click the edit icon on the VPN Rules (Manual) screen to op

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 351The following table describes the labels in this screen. Table 99 SECURITY > VPN > V

ZyWALL 5/35/70 Series User’s Guide352 Chapter 18 IPSec VPNEnding IP Address/Subnet MaskWhen the Address Type field is configured to Single Address, th

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 35318.12 VPN SA Monitor In the web configurator, click SECURITY > VPN > SA Monitor. Use

ZyWALL 5/35/70 Series User’s Guide354 Chapter 18 IPSec VPN18.13 VPN Global Setting Click SECURITY > VPN > Global Setting to open the VPN Global

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 35518.14 Telecommuter VPN/IPSec ExamplesThe following examples show how multiple telecommuters

ZyWALL 5/35/70 Series User’s Guide356 Chapter 18 IPSec VPNFigure 186 Telecommuters Sharing One VPN Rule Example18.14.2 Telecommuters Using Unique V

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 357The ZyWALL at headquarters can also initiate VPN connections to the telecommuters since it c

ZyWALL 5/35/70 Series User’s Guide358 Chapter 18 IPSec VPN18.15 VPN and Remote ManagementYou can allow someone to use a service (like Telnet or HTTP)

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 359Figure 189 VPN TopologiesHub-and-spoke VPN reduces the number of VPN connections that you

ZyWALL 5/35/70 Series User’s Guide36 List of FiguresFigure 211 NAT Application With IP Alias ...

ZyWALL 5/35/70 Series User’s Guide360 Chapter 18 IPSec VPNFigure 190 Hub-and-spoke VPN Example18.16.2 Hub-and-spoke Example VPN Rule AddressesThe V

ZyWALL 5/35/70 Series User’s GuideChapter 18 IPSec VPN 36118.16.3 Hub-and-spoke VPN Requirements and SuggestionsConsider the following when implement

ZyWALL 5/35/70 Series User’s Guide362 Chapter 18 IPSec VPN

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 363CHAPTER 19CertificatesThis chapter gives background information about public-key certific

ZyWALL 5/35/70 Series User’s Guide364 Chapter 19 CertificatesCertification authorities maintain directory servers with databases of valid and revoked

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 365Figure 192 Certificate Details 4 Use a secure method to verify that the certificate own

ZyWALL 5/35/70 Series User’s Guide366 Chapter 19 CertificatesUse the Directory Servers screen to configure a list of addresses of directory servers (t

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 367Type This field displays what kind of certificate this is. REQ represents a certification

ZyWALL 5/35/70 Series User’s Guide368 Chapter 19 Certificates19.6 My Certificate Details Click SECURITY > CERTIFICATES > My Certificates to op

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 369The following table describes the labels in this screen. Table 105 SECURITY > CERTI

ZyWALL 5/35/70 Series User’s GuideList of Figures 37Figure 254 Secure FTP: Firmware Upload Example ...

ZyWALL 5/35/70 Series User’s Guide370 Chapter 19 Certificates19.7 My Certificate Export Click SECURITY > CERTIFICATES > My Certificates and th

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 371Figure 196 SECURITY > CERTIFICATES > My Certificates > ExportThe following tab

ZyWALL 5/35/70 Series User’s Guide372 Chapter 19 CertificatesNote: You can only import a certificate that matches a corresponding certification reques

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 373Figure 197 SECURITY > CERTIFICATES > My Certificates > ImportThe following tab

ZyWALL 5/35/70 Series User’s Guide374 Chapter 19 CertificatesThe following table describes the labels in this screen. 19.9 My Certificate Create Cli

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 375The following table describes the labels in this screen. Table 109 SECURITY > CERTIF

ZyWALL 5/35/70 Series User’s Guide376 Chapter 19 CertificatesAfter you click Apply in the My Certificate Create screen, you see a screen that tells yo

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 377Figure 200 SECURITY > CERTIFICATES > Trusted CAsThe following table describes the

ZyWALL 5/35/70 Series User’s Guide378 Chapter 19 Certificates19.11 Trusted CA Details Click SECURITY > CERTIFICATES > Trusted CAs to open the

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 379Figure 201 SECURITY > CERTIFICATES > Trusted CAs > DetailsThe following table

ZyWALL 5/35/70 Series User’s Guide38 List of FiguresFigure 297 Firmware Upload Error ...

ZyWALL 5/35/70 Series User’s Guide380 Chapter 19 CertificatesCertification Path Click the Refresh button to have this read-only text box display the e

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 38119.12 Trusted CA Import Click SECURITY > CERTIFICATES > Trusted CAs to open the

ZyWALL 5/35/70 Series User’s Guide382 Chapter 19 CertificatesFigure 202 SECURITY > CERTIFICATES > Trusted CAs > ImportThe following table d

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 383Figure 203 SECURITY > CERTIFICATES > Trusted Remote HostsThe following table desc

ZyWALL 5/35/70 Series User’s Guide384 Chapter 19 Certificates19.14 Trusted Remote Hosts Import Click SECURITY > CERTIFICATES > Trusted Remote

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 385The following table describes the labels in this screen. 19.15 Trusted Remote Host Certi

ZyWALL 5/35/70 Series User’s Guide386 Chapter 19 CertificatesFigure 205 SECURITY > CERTIFICATES > Trusted Remote Hosts > DetailsThe followi

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 387Type This field displays general information about the certificate. With trusted remote h

ZyWALL 5/35/70 Series User’s Guide388 Chapter 19 Certificates19.16 Directory Servers Click SECURITY > CERTIFICATES > Directory Servers to open

ZyWALL 5/35/70 Series User’s GuideChapter 19 Certificates 389The following table describes the labels in this screen. 19.17 Directory Server Add or

ZyWALL 5/35/70 Series User’s GuideList of Figures 39Figure 340 Menu 7.1.1: WLAN MAC Address Filter ...

ZyWALL 5/35/70 Series User’s Guide390 Chapter 19 CertificatesThe following table describes the labels in this screen. Table 117 SECURITY > CERTIF

ZyWALL 5/35/70 Series User’s GuideChapter 20 Authentication Server 391CHAPTER 20Authentication ServerThis chapter discusses how to configure the ZyWAL

ZyWALL 5/35/70 Series User’s Guide392 Chapter 20 Authentication ServerFigure 208 SECURITY > AUTH SERVER > Local User Database

ZyWALL 5/35/70 Series User’s GuideChapter 20 Authentication Server 393The following table describes the labels in this screen. 20.3 RADIUS Click

ZyWALL 5/35/70 Series User’s Guide394 Chapter 20 Authentication ServerThe following table describes the labels in this screen. Table 119 SECURITY &

ZyWALL 5/35/70 Series User’s GuideChapter 21 Network Address Translation (NAT) 395CHAPTER 21Network Address Translation(NAT)This chapter discusses how

ZyWALL 5/35/70 Series User’s Guide396 Chapter 21 Network Address Translation (NAT)21.1.2 What NAT DoesIn the simplest form, NAT changes the source IP

ZyWALL 5/35/70 Series User’s GuideChapter 21 Network Address Translation (NAT) 39721.1.4 NAT ApplicationThe following figure illustrates a possible N

ZyWALL 5/35/70 Series User’s Guide398 Chapter 21 Network Address Translation (NAT)21.1.5 Port Restricted Cone NATZyWALL ZyNOS version 4.00 and later

ZyWALL 5/35/70 Series User’s GuideChapter 21 Network Address Translation (NAT) 399• Server: This type allows you to specify inside servers of differen

ZyWALL 5/35/70 Series User’s Guide4 CertificationsCertificationsFederal Communications Commission (FCC) Interference StatementThe device complies with

ZyWALL 5/35/70 Series User’s Guide40 List of FiguresFigure 382 Filter Rule Process ...

ZyWALL 5/35/70 Series User’s Guide400 Chapter 21 Network Address Translation (NAT)21.3 NAT Overview Screen Click ADVANCED > NAT to open the NAT O

ZyWALL 5/35/70 Series User’s GuideChapter 21 Network Address Translation (NAT) 40121.4 NAT Address Mapping Click ADVANCED > NAT > Address Map

ZyWALL 5/35/70 Series User’s Guide402 Chapter 21 Network Address Translation (NAT)Figure 214 ADVANCED > NAT > Address MappingThe following tab

ZyWALL 5/35/70 Series User’s GuideChapter 21 Network Address Translation (NAT) 40321.4.1 NAT Address Mapping Edit Click the Edit button to display t

ZyWALL 5/35/70 Series User’s Guide404 Chapter 21 Network Address Translation (NAT)The following table describes the labels in this screen. 21.5 Port

ZyWALL 5/35/70 Series User’s GuideChapter 21 Network Address Translation (NAT) 40521.5.1 Default Server IP AddressIn addition to the servers for spec

ZyWALL 5/35/70 Series User’s Guide406 Chapter 21 Network Address Translation (NAT)Figure 216 Multiple Servers Behind NAT Example21.5.4 NAT and Mult

ZyWALL 5/35/70 Series User’s GuideChapter 21 Network Address Translation (NAT) 407Figure 217 Port Translation Example21.6 Port Forwarding Screen Cl

ZyWALL 5/35/70 Series User’s Guide408 Chapter 21 Network Address Translation (NAT)Figure 218 ADVANCED > NAT > Port ForwardingThe following tab

ZyWALL 5/35/70 Series User’s GuideChapter 21 Network Address Translation (NAT) 40921.7 Port Triggering Some services use a dedicated range of ports

ZyWALL 5/35/70 Series User’s GuideList of Figures 41Figure 425 Example Xmodem Upload ...

ZyWALL 5/35/70 Series User’s Guide410 Chapter 21 Network Address Translation (NAT)4 The ZyWALL forwards the traffic to Jane’s computer IP address. 5 O

ZyWALL 5/35/70 Series User’s GuideChapter 21 Network Address Translation (NAT) 411End Port Type a port number or the ending port number in a range of

ZyWALL 5/35/70 Series User’s Guide412 Chapter 21 Network Address Translation (NAT)

ZyWALL 5/35/70 Series User’s GuideChapter 22 Static Route 413CHAPTER 22Static RouteThis chapter shows you how to configure static routes for your ZyWA

ZyWALL 5/35/70 Series User’s Guide414 Chapter 22 Static RouteFigure 222 ADVANCED > STATIC ROUTE > IP Static RouteThe following table describes

ZyWALL 5/35/70 Series User’s GuideChapter 22 Static Route 41522.2.1 IP Static Route Edit Select a static route index number and click Edit. The scr

ZyWALL 5/35/70 Series User’s Guide416 Chapter 22 Static RouteMetric Metric represents the “cost” of transmission for routing purposes. IP routing uses

ZyWALL 5/35/70 Series User’s GuideChapter 23 Policy Route 417CHAPTER 23Policy RouteThis chapter covers setting and applying policies used for IP routi

ZyWALL 5/35/70 Series User’s Guide418 Chapter 23 Policy RouteIPPR follows the existing packet filtering facility of RAS in style and in implementation

ZyWALL 5/35/70 Series User’s GuideChapter 23 Policy Route 419The following table describes the labels in this screen. 23.5 Policy Route Edit Click AD

ZyWALL 5/35/70 Series User’s Guide42 List of FiguresFigure 468 Macintosh OS 8/9: Apple Menu ...

ZyWALL 5/35/70 Series User’s Guide420 Chapter 23 Policy RouteFigure 225 Edit IP Policy RouteThe following table describes the labels in this screen.

ZyWALL 5/35/70 Series User’s GuideChapter 23 Policy Route 421Packet Length Type a length of packet (in bytes). The operators in the Len Compare field

ZyWALL 5/35/70 Series User’s Guide422 Chapter 23 Policy Route

ZyWALL 5/35/70 Series User’s GuideChapter 24 Bandwidth Management 423CHAPTER 24Bandwidth ManagementThis chapter describes the functions and configurat

ZyWALL 5/35/70 Series User’s Guide424 Chapter 24 Bandwidth Management24.3 Proportional Bandwidth AllocationBandwidth management allows you to define

ZyWALL 5/35/70 Series User’s GuideChapter 24 Bandwidth Management 42524.6 Application and Subnet-based Bandwidth ManagementYou could also create band

ZyWALL 5/35/70 Series User’s Guide426 Chapter 24 Bandwidth ManagementWhen you enable maximize bandwidth usage, the ZyWALL first makes sure that each b

ZyWALL 5/35/70 Series User’s GuideChapter 24 Bandwidth Management 42724.7.5.1 Priority-based Allotment of Unused and Unbudgeted BandwidthThe followin

ZyWALL 5/35/70 Series User’s Guide428 Chapter 24 Bandwidth Management24.8 Bandwidth BorrowingBandwidth borrowing allows a sub-class to borrow unused

ZyWALL 5/35/70 Series User’s GuideChapter 24 Bandwidth Management 429• The Bill class cannot borrow unused bandwidth from the Root class because the S

ZyWALL 5/35/70 Series User’s GuideList of Figures 43Figure 511 Certificate Import Wizard 2 ...

ZyWALL 5/35/70 Series User’s Guide430 Chapter 24 Bandwidth ManagementIf you use VoIP and NetMeeting at the same time, the device allocates up to 500 K

ZyWALL 5/35/70 Series User’s GuideChapter 24 Bandwidth Management 43124.12 Configuring Class Setup The Class Setup screen displays the configured ba

ZyWALL 5/35/70 Series User’s Guide432 Chapter 24 Bandwidth ManagementFigure 228 ADVANCED > BW MGMT > Class SetupThe following table describes

ZyWALL 5/35/70 Series User’s GuideChapter 24 Bandwidth Management 43324.12.1 Bandwidth Manager Class Configuration Configure a bandwidth management

ZyWALL 5/35/70 Series User’s Guide434 Chapter 24 Bandwidth ManagementFigure 229 ADVANCED > BW MGMT > Class Setup > Add Sub-ClassThe followi

ZyWALL 5/35/70 Series User’s GuideChapter 24 Bandwidth Management 435Enable Bandwidth Filter Select Enable Bandwidth Filter to have the ZyWALL use thi

ZyWALL 5/35/70 Series User’s Guide436 Chapter 24 Bandwidth Management24.12.2 Bandwidth Management Statistics Click ADVANCED > BW MGMT > Cl

ZyWALL 5/35/70 Series User’s GuideChapter 24 Bandwidth Management 437Figure 230 ADVANCED > BW MGMT > Class Setup > Statistics The following

ZyWALL 5/35/70 Series User’s Guide438 Chapter 24 Bandwidth ManagementFigure 231 ADVANCED > BW MGMT > Monitor The following table describes the

ZyWALL 5/35/70 Series User’s GuideChapter 25 DNS 439CHAPTER 25DNSThis chapter shows you how to configure the DNS screens.25.1 DNS Overview DNS (Doma

ZyWALL 5/35/70 Series User’s Guide44 List of Figures

ZyWALL 5/35/70 Series User’s Guide440 Chapter 25 DNS25.4 Address RecordAn address record contains the mapping of a fully qualified domain name (FQDN)

ZyWALL 5/35/70 Series User’s GuideChapter 25 DNS 441Figure 232 Private DNS Server ExampleNote: If you do not specify an Intranet DNS server on the r

ZyWALL 5/35/70 Series User’s Guide442 Chapter 25 DNSThe following table describes the labels in this screen.25.6.1 Adding an Address Record Click Ad

ZyWALL 5/35/70 Series User’s GuideChapter 25 DNS 443An address record contains the mapping of a fully qualified domain name (FQDN) to an IP address. C

ZyWALL 5/35/70 Series User’s Guide444 Chapter 25 DNSFigure 235 ADVANCED > DNS > Insert (Name Server Record)The following table describes the l

ZyWALL 5/35/70 Series User’s GuideChapter 25 DNS 44525.7 DNS Cache DNS cache is the temporary storage area where a router stores responses from DNS

ZyWALL 5/35/70 Series User’s Guide446 Chapter 25 DNSThe following table describes the labels in this screen.25.9 Configuring DNS DHCP Click ADVANCED

ZyWALL 5/35/70 Series User’s GuideChapter 25 DNS 447Figure 237 ADVANCED > DNS > DHCPThe following table describes the labels in this screen.LA

ZyWALL 5/35/70 Series User’s Guide448 Chapter 25 DNS25.10 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or m

ZyWALL 5/35/70 Series User’s GuideChapter 25 DNS 449Figure 238 ADVANCED > DNS > DDNSThe following table describes the labels in this screen.LA

ZyWALL 5/35/70 Series User’s GuideList of Tables 45List of TablesTable 1 ZyWALL Model Specific Features ...

ZyWALL 5/35/70 Series User’s Guide450 Chapter 25 DNSIP Address Update PolicySelect Use WAN IP Address to have the ZyWALL update the domain name with t

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 451CHAPTER 26Remote ManagementThis chapter provides information on the Remote Managemen

ZyWALL 5/35/70 Series User’s Guide452 Chapter 26 Remote Management2 The IP address in the Secure Client IP Address field does not match the client IP

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 453Figure 239 HTTPS ImplementationNote: If you disable the HTTP service in the REMOTE

ZyWALL 5/35/70 Series User’s Guide454 Chapter 26 Remote ManagementFigure 240 ADVANCED > REMOTE MGMT > WWWThe following table describes the lab

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 45526.4 HTTPS ExampleIf you haven’t changed the default HTTPS port on the ZyWALL, then

ZyWALL 5/35/70 Series User’s Guide456 Chapter 26 Remote Management26.4.2 Netscape Navigator Warning MessagesWhen you attempt to access the ZyWALL HTT

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 45726.4.3 Avoiding the Browser Warning MessagesThe following describes the main reason

ZyWALL 5/35/70 Series User’s Guide458 Chapter 26 Remote ManagementFigure 244 Example: Lock Denoting a Secure ConnectionClick Login and you then see

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 459Figure 246 Device-specific CertificateClick Ignore in the Replace Certificate scre

ZyWALL 5/35/70 Series User’s Guide46 List of TablesTable 39 Example of Network Properties for LAN Servers with Fixed IP Addresses ... 160Table

ZyWALL 5/35/70 Series User’s Guide460 Chapter 26 Remote ManagementFigure 248 SSH Communication Example26.6 How SSH Works The following table summa

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 461After the identification is verified and data encryption activated, a secure tunnel

ZyWALL 5/35/70 Series User’s Guide462 Chapter 26 Remote ManagementFigure 250 ADVANCED > REMOTE MGMT > SSHThe following table describes the lab

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 4632 Configure the SSH client to accept connection using SSH version 1. 3 A window disp

ZyWALL 5/35/70 Series User’s Guide464 Chapter 26 Remote ManagementFigure 253 SSH Example 2: Log in3 The SMT main menu displays next. 26.10 Secure F

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 465Figure 254 Secure FTP: Firmware Upload Example26.11 Telnet You can configure you

ZyWALL 5/35/70 Series User’s Guide466 Chapter 26 Remote ManagementFigure 256 ADVANCED > REMOTE MGMT > TelnetThe following table describes the

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 467Figure 257 ADVANCED > REMOTE MGMT > FTPThe following table describes the lab

ZyWALL 5/35/70 Series User’s Guide468 Chapter 26 Remote ManagementFigure 258 SNMP Management ModelAn SNMP managed network consists of two main types

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 46926.14.1 Supported MIBsThe ZyWALL supports MIB II that is defined in RFC-1213 and R

ZyWALL 5/35/70 Series User’s GuideList of Tables 47Table 82 SECURITY > ANTI-VIRUS > General ...

ZyWALL 5/35/70 Series User’s Guide470 Chapter 26 Remote ManagementFigure 259 ADVANCED > REMOTE MGMT > SNMPThe following table describes the la

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 47126.15 DNS Use DNS (Domain Name System) to map a domain name to its corresponding I

ZyWALL 5/35/70 Series User’s Guide472 Chapter 26 Remote ManagementIf you allow your ZyWALL to be managed by the Vantage CNM server, then you should no

ZyWALL 5/35/70 Series User’s GuideChapter 26 Remote Management 473Last Registration Time This field displays the last date (year-month-date) and time

ZyWALL 5/35/70 Series User’s Guide474 Chapter 26 Remote Management

ZyWALL 5/35/70 Series User’s GuideChapter 27 UPnP 475CHAPTER 27UPnPThis chapter introduces the Universal Plug and Play feature. This chapter is only a

ZyWALL 5/35/70 Series User’s Guide476 Chapter 27 UPnPWhen a UPnP device joins a network, it announces its presence with a multicast message. For secur

ZyWALL 5/35/70 Series User’s GuideChapter 27 UPnP 47727.3 Displaying UPnP Port Mapping Click ADVANCED > UPnP > Ports to display the UPnP Port

ZyWALL 5/35/70 Series User’s Guide478 Chapter 27 UPnPThe following table describes the labels in this screen. 27.4 Installing UPnP in Windows Exampl

ZyWALL 5/35/70 Series User’s GuideChapter 27 UPnP 47927.4.1 Installing UPnP in Windows MeFollow the steps below to install UPnP in Windows Me. 1 Clic

ZyWALL 5/35/70 Series User’s Guide48 List of TablesTable 125 Services and Port Numbers ...

ZyWALL 5/35/70 Series User’s Guide480 Chapter 27 UPnP27.4.2 Installing UPnP in Windows XPFollow the steps below to install UPnP in Windows XP.27.5 U

ZyWALL 5/35/70 Series User’s GuideChapter 27 UPnP 48127.5.1 Auto-discover Your UPnP-enabled Network Device1 Click Start and Control Panel. Double-cli

ZyWALL 5/35/70 Series User’s Guide482 Chapter 27 UPnPNote: When the UPnP-enabled device is disconnected from your computer, all port mappings will be

ZyWALL 5/35/70 Series User’s GuideChapter 27 UPnP 483Follow the steps below to access the web configurator.1 Click Start and then Control Panel. 2 Dou

ZyWALL 5/35/70 Series User’s Guide484 Chapter 27 UPnP6 Right-click the icon for your ZyXEL device and select Properties. A properties window displays

ZyWALL 5/35/70 Series User’s GuideChapter 28 ALG Screen 485CHAPTER 28ALG ScreenThis chapter covers how to use the ZyWALL’s ALG feature to allow certai

ZyWALL 5/35/70 Series User’s Guide486 Chapter 28 ALG ScreenIf the primary WAN connection fails, the client needs to re-initialize the connection throu

ZyWALL 5/35/70 Series User’s GuideChapter 28 ALG Screen 487Figure 264 H.323 ALG Example • With multiple WAN IP addresses on the ZyWALL, you can conf

ZyWALL 5/35/70 Series User’s Guide488 Chapter 28 ALG ScreenFigure 266 H.323 Calls from the WAN with Multiple Outgoing Calls• The H.323 ALG operates

ZyWALL 5/35/70 Series User’s GuideChapter 28 ALG Screen 489The following example shows SIP signaling (1) and audio (2) sessions between SIP clients A

ZyWALL 5/35/70 Series User’s GuideList of Tables 49Table 168 TCP Reset Logs ...

ZyWALL 5/35/70 Series User’s Guide490 Chapter 28 ALG ScreenFigure 268 ADVANCED > ALG The following table describes the labels in this screen. Ta

ZyWALL 5/35/70 Series User’s GuideChapter 29 Reports 491CHAPTER 29ReportsThis chapter contains information about the ZyWALL’s system and threat report

ZyWALL 5/35/70 Series User’s Guide492 Chapter 29 ReportsFigure 269 REPORTS > SYSTEM REPORTSNote: Enabling the ZyWALL’s reporting function decreas

ZyWALL 5/35/70 Series User’s GuideChapter 29 Reports 49329.2.1 Viewing Web Site HitsIn the Reports screen, select Web Site Hits from the Report Type

ZyWALL 5/35/70 Series User’s Guide494 Chapter 29 Reports29.2.2 Viewing Host IP AddressIn the Reports screen, select Host IP Address from the Report T

ZyWALL 5/35/70 Series User’s GuideChapter 29 Reports 49529.2.3 Viewing Protocol/PortIn the Reports screen, select Protocol/Port from the Report Type

ZyWALL 5/35/70 Series User’s Guide496 Chapter 29 Reports29.2.4 System Reports SpecificationsThe following table lists detailed specifications on the

ZyWALL 5/35/70 Series User’s GuideChapter 29 Reports 497The following table describes the labels in this screen. The statistics display as follows whe

ZyWALL 5/35/70 Series User’s Guide498 Chapter 29 ReportsFigure 274 REPORTS > THREAT REPORTS > IDP > Source The statistics display as follow

ZyWALL 5/35/70 Series User’s GuideChapter 29 Reports 499The following table describes the labels in this screen. The statistics display as follows wh

ZyWALL 5/35/70 Series User’s GuideSafety Warnings 5Safety WarningsFor your safety, be sure to read and follow all warning notices and instructions.• D

ZyWALL 5/35/70 Series User’s Guide50 List of TablesTable 211 Menu 11.3.2: Remote Node Network Layer Options ...

ZyWALL 5/35/70 Series User’s Guide500 Chapter 29 ReportsFigure 278 REPORTS > THREAT REPORTS > Anti-Virus > Destination 29.5 Anti-Spam Thre

ZyWALL 5/35/70 Series User’s GuideChapter 29 Reports 501The statistics display as follows when you display the top entries by source.Spam Mail Detecte

ZyWALL 5/35/70 Series User’s Guide502 Chapter 29 ReportsFigure 280 REPORTS > THREAT REPORTS > Anti-Spam > Source The statistics display as

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 503CHAPTER 30Logs ScreensThis chapter contains information about configuring general log set

ZyWALL 5/35/70 Series User’s Guide504 Chapter 30 Logs ScreensThe following table describes the labels in this screen. 30.2 Log Description Example

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 50530.2.1 About the Certificate Not Trusted LogmyZyXEL.com and the update server use certif

ZyWALL 5/35/70 Series User’s Guide506 Chapter 30 Logs ScreensFigure 284 myZyXEL.com: Certificate Download30.3 Configuring Log Settings To change yo

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 507Figure 285 LOGS > Log Settings

ZyWALL 5/35/70 Series User’s Guide508 Chapter 30 Logs ScreensThe following table describes the labels in this screen. Table 164 LOGS > Log Sett

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 50930.3.1 Log DescriptionsThis section provides descriptions of example log messages. Log S

ZyWALL 5/35/70 Series User’s GuideList of Tables 51Table 254 Menu 25: Sample IP Routing Policy Summary ...

ZyWALL 5/35/70 Series User’s Guide510 Chapter 30 Logs ScreensTime initialized by Time serverThe router got the time and date from the time server.Time

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 511 Table 166 System Error LogsLOG MESSAGE DESCRIPTION%s exceeds the max. number of sessio

ZyWALL 5/35/70 Series User’s Guide512 Chapter 30 Logs Screens Exceed maximum sessions per host (%d).The device blocked a session because the host&apos

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 513 For type and code details, see Table 183 on page 524. Table 169 Packet Filter LogsLOG

ZyWALL 5/35/70 Series User’s Guide514 Chapter 30 Logs Screens Table 172 PPP LogsLOG MESSAGE DESCRIPTIONppp:LCP Starting The PPP connection’s Link

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 515 For type and code details, see Table 183 on page 524.%s When the content filter is not o

ZyWALL 5/35/70 Series User’s Guide516 Chapter 30 Logs Screensip spoofing - no routing entry ICMP (type:%d, code:%d)The firewall classified an ICMP pac

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 517 Remote Management: SNMP denied Attempted use of SNMP service was blocked according to re

ZyWALL 5/35/70 Series User’s Guide518 Chapter 30 Logs Screens Table 179 IKE LogsLOG MESSAGE DESCRIPTIONActive connection allowed exceededThe IKE pro

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 519Remote IP <Remote IP> / <Remote IP> conflictsThe security gateway is set to “

ZyWALL 5/35/70 Series User’s Guide52 List of Tables

ZyWALL 5/35/70 Series User’s Guide520 Chapter 30 Logs ScreensRule [%d] Phase 2 authentication algorithm mismatchThe listed rule’s IKE phase 2 authenti

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 521 Table 180 PKI LogsLOG MESSAGE DESCRIPTIONEnrollment successful The SCEP online certifi

ZyWALL 5/35/70 Series User’s Guide522 Chapter 30 Logs Screens CODE DESCRIPTION1 Algorithm mismatch between the certificate and the search constraints

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 523Local User Database does not find user`s credential.A user was not authenticated by the l

ZyWALL 5/35/70 Series User’s Guide524 Chapter 30 Logs Screens (L to L/ZW) LAN to LAN/ZyWALLACL set for packets traveling from the LAN to the LAN or th

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 525 11 Time Exceeded0 Time to live exceeded in transit1 Fragment reassembly time exceeded12

ZyWALL 5/35/70 Series User’s Guide526 Chapter 30 Logs Screens Signature update OK - New signature version: <Signature version> Release Date: <

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 527 The turbo card is not ready , please insert the card and reboot!The turbo card is not in

ZyWALL 5/35/70 Series User’s Guide528 Chapter 30 Logs ScreensRemove rating server [%Rating Server IP Address%] from server list!The listed server IP a

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 52930.4 Syslog LogsThere are two types of syslog: event logs and traffic logs. The device g

ZyWALL 5/35/70 Series User’s GuidePreface 53PrefaceCongratulations on your purchase of the ZyWALL. Note: Register your product online to receive e-mai

ZyWALL 5/35/70 Series User’s Guide530 Chapter 30 Logs ScreensThe following table shows RFC-2408 ISAKMP payload types that the log displays. Please ref

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 531CHAPTER 31MaintenanceThis chapter displays information on the maintenance screens.31.1 Ma

ZyWALL 5/35/70 Series User’s Guide532 Chapter 31 MaintenanceFigure 286 MAINTENANCE > General SetupThe following table describes the labels in thi

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 533Figure 287 MAINTENANCE > Password The following table describes the labels in this sc

ZyWALL 5/35/70 Series User’s Guide534 Chapter 31 MaintenanceFigure 288 MAINTENANCE > Time and DateThe following table describes the labels in thi

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 535Get from Time ServerSelect this radio button to have the ZyWALL get the time and date from

ZyWALL 5/35/70 Series User’s Guide536 Chapter 31 Maintenance31.5 Pre-defined NTP Time Server PoolsWhen you turn on the ZyWALL for the first time, the

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 537Click the Return button to go back to the Time and Date screen after the time and date is

ZyWALL 5/35/70 Series User’s Guide538 Chapter 31 MaintenanceFor example, if a bridge receives a frame via port 1 from host A (MAC address 00a0c5123478

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 53931.8 Configuring Device Mode (Router) Click MAINTENANCE > Device Mode to open the fol

ZyWALL 5/35/70 Series User’s Guide54 PrefaceSyntax Conventions• “Enter” means for you to type one or more characters. “Select” or “Choose” means for y

ZyWALL 5/35/70 Series User’s Guide540 Chapter 31 Maintenance31.9 Configuring Device Mode (Bridge) Click MAINTENANCE > Device Mode to open the fol

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 541Figure 293 MAINTENANCE > Device Mode (Bridge Mode)The following table describes the l

ZyWALL 5/35/70 Series User’s Guide542 Chapter 31 Maintenance31.10 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 543After you see the Firmware Upload in Process screen, wait two minutes before logging into

ZyWALL 5/35/70 Series User’s Guide544 Chapter 31 Maintenance31.11 Backup and Restore See Section 47.5 on page 672 for transferring configuration fil

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 54531.11.2 Restore Configuration Load a configuration file from your computer to your ZyWALL

ZyWALL 5/35/70 Series User’s Guide546 Chapter 31 MaintenanceFigure 301 Configuration Upload Error31.11.3 Back to Factory Defaults Click the Reset

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 547Figure 303 MAINTENANCE > Restart

ZyWALL 5/35/70 Series User’s Guide548 Chapter 31 Maintenance

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 549CHAPTER 32Introducing the SMTThis chapter explains how to access the System Manage

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 55CHAPTER 1Getting to Know Your ZyWALLThis chapter introduces the main feature

ZyWALL 5/35/70 Series User’s Guide550 Chapter 32 Introducing the SMTFigure 304 Initial Screen32.2.2 Entering the PasswordThe login screen appears a

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 55132.3.1 Main MenuAfter you enter the password, the SMT displays the ZyWALL Main Me

ZyWALL 5/35/70 Series User’s Guide552 Chapter 32 Introducing the SMTFigure 306 Main Menu (Router Mode)Figure 307 Main Menu (Bridge Mode)The follow

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 55332.3.2 SMT Menus OverviewThe following table gives you an overview of your ZyWALL

ZyWALL 5/35/70 Series User’s Guide554 Chapter 32 Introducing the SMT6 Route Setup (for the ZyWALL 35 and the ZyWALL 70)6.1 Route Assessment6.2 Traffic

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 55532.4 Changing the System PasswordChange the system password by following the step

ZyWALL 5/35/70 Series User’s Guide556 Chapter 32 Introducing the SMTFigure 308 Menu 23: System Password2 Type your existing password and press [ENTE

ZyWALL 5/35/70 Series User’s GuideChapter 33 SMT Menu 1 - General Setup 557CHAPTER 33SMT Menu 1 - General SetupMenu 1 - General Setup contains adminis

ZyWALL 5/35/70 Series User’s Guide558 Chapter 33 SMT Menu 1 - General SetupFigure 310 Menu 1: General Setup (Bridge Mode)The following table describ

ZyWALL 5/35/70 Series User’s GuideChapter 33 SMT Menu 1 - General Setup 55933.2.1 Configuring Dynamic DNSTo configure Dynamic DNS, set the ZyWALL to

ZyWALL 5/35/70 Series User’s Guide56 Chapter 1 Getting to Know Your ZyWALLTable Key: An O in a mode’s column shows that the device mode has the specif

ZyWALL 5/35/70 Series User’s Guide560 Chapter 33 SMT Menu 1 - General SetupFigure 312 Menu 1.1.1: DDNS Host SummaryThe following table describes the

ZyWALL 5/35/70 Series User’s GuideChapter 33 SMT Menu 1 - General Setup 561Figure 313 Menu 1.1.1: DDNS Edit HostThe following table describes the fi

ZyWALL 5/35/70 Series User’s Guide562 Chapter 33 SMT Menu 1 - General SetupThe IP address updates when you reconfigure menu 1 or perform DHCP client r

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 563CHAPTER 34WAN and Dial Backup SetupThis chapter describes how to configure t

ZyWALL 5/35/70 Series User’s Guide564 Chapter 34 WAN and Dial Backup SetupThe following table describes the fields in this screen.34.3 Dial BackupThe

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 565Figure 315 Menu 2: Dial Backup Setup The following table describes the fi

ZyWALL 5/35/70 Series User’s Guide566 Chapter 34 WAN and Dial Backup SetupTo edit the advanced setup for the Dial Backup port, move the cursor to the

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 56734.6 Remote Node Profile (Backup ISP)On a ZyWALL with multiple WAN ports, e

ZyWALL 5/35/70 Series User’s Guide568 Chapter 34 WAN and Dial Backup SetupFigure 317 Menu 11.3: Remote Node Profile (Backup ISP)The following table

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 56934.7 Editing PPP OptionsThe ZyWALL’s dial back-up feature uses PPP. To edit

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 57The 10/100 Mbps auto-negotiating Ethernet ports allow the ZyWALL to detect t

ZyWALL 5/35/70 Series User’s Guide570 Chapter 34 WAN and Dial Backup SetupFigure 318 Menu 11.3.1: Remote Node PPP OptionsThis table describes the Re

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 571Figure 319 Menu 11.3.2: Remote Node Network Layer OptionsThe following tab

ZyWALL 5/35/70 Series User’s Guide572 Chapter 34 WAN and Dial Backup Setup34.9 Editing Login ScriptFor some remote gateways, text login is required b

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 573You can use two variables, $USERNAME and $PASSWORD (all UPPER case), to repr

ZyWALL 5/35/70 Series User’s Guide574 Chapter 34 WAN and Dial Backup SetupThe following table describes the fields in this menu.34.10 Remote Node Fil

ZyWALL 5/35/70 Series User’s GuideChapter 35 LAN Setup 575CHAPTER 35LAN SetupThis chapter describes how to configure the LAN using Menu 3 - LAN Setup.

ZyWALL 5/35/70 Series User’s Guide576 Chapter 35 LAN SetupFigure 323 Menu 3.1: LAN Port Filter Setup 35.4 TCP/IP and DHCP Ethernet Setup MenuFrom t

ZyWALL 5/35/70 Series User’s GuideChapter 35 LAN Setup 577Figure 325 Menu 3.2: TCP/IP and DHCP Ethernet SetupFollow the instructions in the next tab

ZyWALL 5/35/70 Series User’s Guide578 Chapter 35 LAN SetupUse the instructions in the following table to configure TCP/IP parameters for the LAN port.

ZyWALL 5/35/70 Series User’s GuideChapter 35 LAN Setup 57935.4.1 IP Alias SetupIP alias allows you to partition a physical network into different log

ZyWALL 5/35/70 Series User’s Guide58 Chapter 1 Getting to Know Your ZyWALLSIP PassthroughThe ZyWALL includes a SIP Application Layer Gateway (ALG). It

ZyWALL 5/35/70 Series User’s Guide580 Chapter 35 LAN SetupOutgoing Protocol FiltersEnter the filter set(s) you wish to apply to the outgoing traffic b

ZyWALL 5/35/70 Series User’s GuideChapter 36 Internet Access 581CHAPTER 36Internet AccessThis chapter shows you how to configure your ZyWALL for Inter

ZyWALL 5/35/70 Series User’s Guide582 Chapter 36 Internet AccessThe following table describes the fields in this menu.Table 216 Menu 4: Internet Acc

ZyWALL 5/35/70 Series User’s GuideChapter 36 Internet Access 58336.3 Configuring the PPTP ClientNote: The ZyWALL supports only one PPTP server connec

ZyWALL 5/35/70 Series User’s Guide584 Chapter 36 Internet AccessFigure 329 Internet Access Setup (PPPoE)The following table contains instructions ab

ZyWALL 5/35/70 Series User’s GuideChapter 37 DMZ Setup 585CHAPTER 37DMZ SetupThis chapter describes how to configure the ZyWALL’s DMZ using Menu 5 - D

ZyWALL 5/35/70 Series User’s Guide586 Chapter 37 DMZ Setup37.3.1 IP AddressFrom the main menu, enter 5 to open Menu 5 - DMZ Setup to configure TCP/IP

ZyWALL 5/35/70 Series User’s GuideChapter 37 DMZ Setup 58737.3.2 IP Alias SetupUse menu 5.2 to configure the first network. Move the cursor to the Ed

ZyWALL 5/35/70 Series User’s Guide588 Chapter 37 DMZ Setup

ZyWALL 5/35/70 Series User’s GuideChapter 38 Route Setup 589CHAPTER 38Route SetupThis chapter describes how to configure the ZyWALL's traffic red

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 59FirewallThe ZyWALL is a stateful inspection firewall with DoS (Denial of Ser

ZyWALL 5/35/70 Series User’s Guide590 Chapter 38 Route SetupThe following table describes the fields in this menu.38.3 Traffic RedirectTo configure t

ZyWALL 5/35/70 Series User’s GuideChapter 38 Route Setup 59138.4 Route FailoverThis menu allows you to configure how the ZyWALL uses the route assess

ZyWALL 5/35/70 Series User’s Guide592 Chapter 38 Route Setup

ZyWALL 5/35/70 Series User’s GuideChapter 39 Wireless Setup 593CHAPTER 39Wireless SetupUse menu 7 to set up your ZyWALL as the wireless access point.3

ZyWALL 5/35/70 Series User’s Guide594 Chapter 39 Wireless SetupFollow the instructions in the next table on how to configure the wireless LAN paramete

ZyWALL 5/35/70 Series User’s GuideChapter 39 Wireless Setup 59539.1.1 MAC Address Filter SetupYour ZyWALL checks the MAC address of the wireless stat

ZyWALL 5/35/70 Series User’s Guide596 Chapter 39 Wireless Setup39.2 TCP/IP SetupFor more detailed information about RIP setup, IP Multicast and IP al

ZyWALL 5/35/70 Series User’s GuideChapter 39 Wireless Setup 597Figure 342 Menu 7.2: TCP/IP and DHCP Ethernet SetupThe DHCP and TCP/IP setup fields a

ZyWALL 5/35/70 Series User’s Guide598 Chapter 39 Wireless SetupFigure 343 Menu 7.2.1: IP Alias SetupRefer to Table 215 on page 579 for instructions

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 599CHAPTER 40Remote Node SetupThis chapter shows you how to configure a remote node.40.

ZyWALL 5/35/70 Series User’s Guide6 Safety WarningsThis product is recyclable. Dispose of it properly.

ZyWALL 5/35/70 Series User’s Guide60 Chapter 1 Getting to Know Your ZyWALLRADIUS (RFC2138, 2139)The ZyWALL can work with a RADIUS (Remote Authenticati

ZyWALL 5/35/70 Series User’s Guide600 Chapter 40 Remote Node SetupFigure 344 Menu 11: Remote Node Setup40.3 Remote Node Profile SetupThe following

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 601The following table describes the fields in this menu.Table 224 Menu 11.1: Remote

ZyWALL 5/35/70 Series User’s Guide602 Chapter 40 Remote Node Setup40.3.2 PPPoE EncapsulationThe ZyWALL supports PPPoE (Point-to-Point Protocol over E

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 60340.3.2.3 MetricSee Section 8.5 on page 151 for details on the Metric field.40.3.3

ZyWALL 5/35/70 Series User’s Guide604 Chapter 40 Remote Node SetupFigure 347 Menu 11.1: Remote Node Profile for PPTP EncapsulationThe next table sho

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 605Figure 348 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulati

ZyWALL 5/35/70 Series User’s Guide606 Chapter 40 Remote Node Setup40.5 Remote Node FilterMove the cursor to the field Edit Filter Sets in menu 11.1,

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 607Figure 349 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation)Figure 350 Me

ZyWALL 5/35/70 Series User’s Guide608 Chapter 40 Remote Node SetupFigure 351 Menu 11.1.5: Traffic Redirect SetupThe following table describes the fi

ZyWALL 5/35/70 Series User’s GuideChapter 41 IP Static Route Setup 609CHAPTER 41IP Static Route SetupThis chapter shows you how to configure static ro

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 61PPTP supports on-demand, multi-protocol and virtual private networking over

ZyWALL 5/35/70 Series User’s Guide610 Chapter 41 IP Static Route SetupFigure 353 Menu 12. 1: Edit IP Static Route`The following table describes the

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 611CHAPTER 42Network Address Translation(NAT)This chapter discusses how

ZyWALL 5/35/70 Series User’s Guide612 Chapter 42 Network Address Translation (NAT)Figure 354 Menu 4: Applying NAT for Internet AccessThe following f

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 613The following table describes the fields in this menu.42.2 NAT Setu

ZyWALL 5/35/70 Series User’s Guide614 Chapter 42 Network Address Translation (NAT)42.2.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 - Address

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 615Note: Menu 15.1.255 is read-only. 42.2.1.2 User-Defined Address Map

ZyWALL 5/35/70 Series User’s Guide616 Chapter 42 Network Address Translation (NAT)Figure 359 Menu 15.1.1: First SetNote: The Type, Local and Global

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 617Note: You must press [ENTER] at the bottom of the screen to save the

ZyWALL 5/35/70 Series User’s Guide618 Chapter 42 Network Address Translation (NAT)42.3 Configuring a Server behind NATNote: If you do not assign a De

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 619Figure 362 Menu 15.2.1: NAT Server Sets4 Select Edit Rule in the S

ZyWALL 5/35/70 Series User’s Guide62 Chapter 1 Getting to Know Your ZyWALLNetwork Address Translation (NATNetwork Address Translation (NAT) allows the

ZyWALL 5/35/70 Series User’s Guide620 Chapter 42 Network Address Translation (NAT)Figure 363 15.2.1.2: NAT Server ConfigurationThe following table d

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 621Figure 364 Menu 15.2.1: NAT Server Setup You assign the private ne

ZyWALL 5/35/70 Series User’s Guide622 Chapter 42 Network Address Translation (NAT)Figure 366 NAT Example 1Figure 367 Menu 4: Internet Access &

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 62342.4.2 Example 2: Internet Access with a Default Server Figure 368

ZyWALL 5/35/70 Series User’s Guide624 Chapter 42 Network Address Translation (NAT)1 Map the first IGA to the first inside FTP server for FTP traffic i

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 625Figure 371 Example 3: Menu 11.1.2The following figure shows how to

ZyWALL 5/35/70 Series User’s Guide626 Chapter 42 Network Address Translation (NAT)Figure 373 Example 3: Final Menu 15.1.1Now configure the IGA3 to m

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 62742.4.4 Example 4: NAT Unfriendly Application ProgramsSome applicati

ZyWALL 5/35/70 Series User’s Guide628 Chapter 42 Network Address Translation (NAT)Figure 377 Example 4: Menu 15.1.1: Address Mapping Rules42.5 Trig

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 629Note: Only one LAN computer can use a trigger port (range) at a time

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 63Upgrade ZyWALL Firmware via LANThe firmware of the ZyWALL can be upgraded vi

ZyWALL 5/35/70 Series User’s Guide630 Chapter 42 Network Address Translation (NAT)

ZyWALL 5/35/70 Series User’s GuideChapter 43 Introducing the ZyWALL Firewall 631CHAPTER 43Introducing the ZyWALL FirewallThis chapter shows you how to

ZyWALL 5/35/70 Series User’s Guide632 Chapter 43 Introducing the ZyWALL FirewallFigure 380 Menu 21.2: Firewall SetupNote: Configure the firewall rul

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 633CHAPTER 44Filter ConfigurationThis chapter shows you how to create and apply filt

ZyWALL 5/35/70 Series User’s Guide634 Chapter 44 Filter Configuration44.1.1 The Filter Structure of the ZyWALLA filter set consists of one or more fi

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 635Figure 382 Filter Rule Process You can apply up to four filter sets to a partic

ZyWALL 5/35/70 Series User’s Guide636 Chapter 44 Filter Configuration44.2 Configuring a Filter SetThe ZyWALL includes filtering for NetBIOS over TCP/

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 637The protocol dependent filter rules abbreviation are listed as follows:Refer to t

ZyWALL 5/35/70 Series User’s Guide638 Chapter 44 Filter ConfigurationTo speed up filtering, all rules in a filter set must be of the same class, i.e.,

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 639The following figure illustrates the logic flow of an IP filter.DestinationIP Add

ZyWALL 5/35/70 Series User’s Guide64 Chapter 1 Getting to Know Your ZyWALLFigure 2 VPN Application1.3.3 Front Panel LightsFigure 3 ZyWALL 70 Fron

ZyWALL 5/35/70 Series User’s Guide640 Chapter 44 Filter ConfigurationFigure 386 Executing an IP Filter44.2.3 Configuring a Generic Filter Rule This

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 641to allow you to filter non-IP packets. For IP, it is generally easier to use the

ZyWALL 5/35/70 Series User’s Guide642 Chapter 44 Filter Configuration44.3 Example FilterLet’s look at an example to block outside users from accessin

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 6436 Enter 1 to configure the first filter rule (the only filter rule of this set).

ZyWALL 5/35/70 Series User’s Guide644 Chapter 44 Filter ConfigurationM = N means an action can be taken immediately. The action is to drop the packet

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 64544.5.1 Packet Filtering:• The router filters packets as they pass through the ro

ZyWALL 5/35/70 Series User’s Guide646 Chapter 44 Filter Configuration6 The firewall can block specific URL traffic that might occur in the future. The

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 647Figure 393 Filtering DMZ Traffic44.6.3 Applying Remote Node FiltersGo to menu

ZyWALL 5/35/70 Series User’s Guide648 Chapter 44 Filter Configuration

ZyWALL 5/35/70 Series User’s GuideChapter 45 SNMP Configuration 649CHAPTER 45SNMP ConfigurationThis chapter explains SNMP configuration menu 22.45.1

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 65CARD Green Off The wireless LAN is not ready, or has failed.On The wireless

ZyWALL 5/35/70 Series User’s Guide650 Chapter 45 SNMP Configuration45.2 SNMP Traps The ZyWALL will send traps to the SNMP manager when any one of the

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 651CHAPTER 46System Information & DiagnosisThis chapter covers SMT

ZyWALL 5/35/70 Series User’s Guide652 Chapter 46 System Information & Diagnosis3 There are three commands in Menu 24.1 - System Maintenance - Stat

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 65346.3 System Information and Console Port SpeedThis section describ

ZyWALL 5/35/70 Series User’s Guide654 Chapter 46 System Information & DiagnosisFigure 399 Menu 24.2.1: System Maintenance: Information The foll

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 655Figure 400 Menu 24.2.2: System Maintenance: Change Console Port S

ZyWALL 5/35/70 Series User’s Guide656 Chapter 46 System Information & DiagnosisFigure 402 Examples of Error and Information Messages46.4.2 Sysl

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 657Your ZyWALL sends five types of syslog messages. Some examples (not

ZyWALL 5/35/70 Series User’s Guide658 Chapter 46 System Information & Diagnosis4 PPP log 5 Firewall logFilter log Message FormatSdcmdSyslogSend(SY

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 65946.4.3 Call-Triggering PacketCall-Triggering Packet displays infor

ZyWALL 5/35/70 Series User’s Guide66 Chapter 1 Getting to Know Your ZyWALL

ZyWALL 5/35/70 Series User’s Guide660 Chapter 46 System Information & Diagnosis1 From the main menu, select option 24 to open Menu 24 - System Mai

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 661Table 245 System Maintenance Menu DiagnosticFIELD DESCRIPTIONPing

ZyWALL 5/35/70 Series User’s Guide662 Chapter 46 System Information & Diagnosis

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 663CHAPTER 47Firmware and Configuration FileMaintenanceThis c

ZyWALL 5/35/70 Series User’s Guide664 Chapter 47 Firmware and Configuration File MaintenanceThe following table is a summary. Please note that the int

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 665Figure 407 Telnet into Menu 24.547.3.2 Using the FTP Co

ZyWALL 5/35/70 Series User’s Guide666 Chapter 47 Firmware and Configuration File Maintenance47.3.3 Example of FTP Commands from the Command Line Figu

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 6674 The IP you entered in the Secured Client IP field in men

ZyWALL 5/35/70 Series User’s Guide668 Chapter 47 Firmware and Configuration File Maintenance47.3.8 GUI-based TFTP ClientsThe following table describe

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 669Figure 411 Backup Configuration ExampleType a location f

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 67CHAPTER 2Introducing the WebConfiguratorThis chapter describes how to a

ZyWALL 5/35/70 Series User’s Guide670 Chapter 47 Firmware and Configuration File MaintenanceFigure 413 Telnet into Menu 24.61 Launch the FTP client

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 67147.4.2 Restore Using FTP Session ExampleFigure 414 Rest

ZyWALL 5/35/70 Series User’s Guide672 Chapter 47 Firmware and Configuration File Maintenance4 After a successful restoration you will see the followin

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 673Figure 419 Telnet Into Menu 24.7.1: Upload System Firmwa

ZyWALL 5/35/70 Series User’s Guide674 Chapter 47 Firmware and Configuration File Maintenance47.5.3 FTP File Upload Command from the DOS Prompt Exampl

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 6751 Use telnet from your computer to connect to the ZyWALL a

ZyWALL 5/35/70 Series User’s Guide676 Chapter 47 Firmware and Configuration File MaintenanceFigure 422 Menu 24.7.1 As Seen Using the Console Port2 A

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 677Figure 424 Menu 24.7.2 As Seen Using the Console Port 2

ZyWALL 5/35/70 Series User’s Guide678 Chapter 47 Firmware and Configuration File Maintenance

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 679CHAPTER 48System Maintenance Menus 8 to10This chapter leads you throu

ZyWALL 5/35/70 Series User’s Guide68 Chapter 2 Introducing the Web ConfiguratorFigure 6 Change Password Screen6 Click Apply in the Replace Certifica

ZyWALL 5/35/70 Series User’s Guide680 Chapter 48 System Maintenance Menus 8 to 10The required fields in a command are enclosed in angle brackets <&

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 68148.2 Call Control SupportThe ZyWALL provides two call control functi

ZyWALL 5/35/70 Series User’s Guide682 Chapter 48 System Maintenance Menus 8 to 10Figure 429 Budget ManagementThe total budget is the time limit on t

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 683Figure 430 Call HistoryThe following table describes the fields in

ZyWALL 5/35/70 Series User’s Guide684 Chapter 48 System Maintenance Menus 8 to 10Figure 431 Menu 24: System MaintenanceEnter 10 to go to Menu 24.10

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 685Table 252 Menu 24.10 System Maintenance: Time and Date SettingFIELD

ZyWALL 5/35/70 Series User’s Guide686 Chapter 48 System Maintenance Menus 8 to 10End Date (mm-nth-week-hr)Configure the day and time when Daylight Sav

ZyWALL 5/35/70 Series User’s GuideChapter 49 Remote Management 687CHAPTER 49Remote ManagementThis chapter covers remote management found in SMT menu 2

ZyWALL 5/35/70 Series User’s Guide688 Chapter 49 Remote ManagementFigure 433 Menu 24.11 – Remote Management ControlThe following table describes the

ZyWALL 5/35/70 Series User’s GuideChapter 49 Remote Management 68949.1.1 Remote Management LimitationsRemote management over LAN or WAN will not work

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 691 Press the RESET button for ten seconds, and then release it. If the S

ZyWALL 5/35/70 Series User’s Guide690 Chapter 49 Remote Management

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 691CHAPTER 50IP Policy RoutingThis chapter covers setting and applying policies used fo

ZyWALL 5/35/70 Series User’s Guide692 Chapter 50 IP Policy Routing50.2 IP Routing Policy SetupTo setup a routing policy, perform the following proced

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 6931 Type 25 in the main menu to open Menu 25 - IP Routing Policy Summary.2 Select Edit

ZyWALL 5/35/70 Series User’s Guide694 Chapter 50 IP Policy Routing50.2.1 Applying Policy to PacketsTo apply the policy to packets received on the sel

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 695Figure 436 Menu 25.1.1: IP Routing Policy SetupThe following table describes the f

ZyWALL 5/35/70 Series User’s Guide696 Chapter 50 IP Policy RoutingFigure 437 Example of IP Policy Routing To force Web packets coming from clients w

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 697Figure 438 IP Routing Policy Example 12 Select Yes in the LAN field in menu 25.1.1

ZyWALL 5/35/70 Series User’s Guide698 Chapter 50 IP Policy RoutingFigure 439 IP Routing Policy Example 25 Select Yes in the LAN field in menu 25.1.1

ZyWALL 5/35/70 Series User’s GuideChapter 51 Call Scheduling 699CHAPTER 51Call SchedulingCall scheduling allows you to dictate when a remote node shou

ZyWALL 5/35/70 Series User’s GuideZyXEL Limited Warranty 7ZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product

ZyWALL 5/35/70 Series User’s Guide70 Chapter 2 Introducing the Web ConfiguratorFigure 9 HOME ScreenAs illustrated above, the main screen is divided

ZyWALL 5/35/70 Series User’s Guide700 Chapter 51 Call SchedulingFigure 441 Schedule Set SetupIf a connection has been already established, your ZyWA

ZyWALL 5/35/70 Series User’s GuideChapter 51 Call Scheduling 701Once your schedule sets are configured, you must then apply them to the desired remote

ZyWALL 5/35/70 Series User’s Guide702 Chapter 51 Call SchedulingFigure 443 Applying Schedule Set(s) to a Remote Node (PPTP) Menu 11.1 -

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 703CHAPTER 52TroubleshootingThis chapter covers potential problems and possible remedies.

ZyWALL 5/35/70 Series User’s Guide704 Chapter 52 Troubleshooting52.3 Problems with the DMZ Interface52.4 Problems with the WAN InterfaceTable 261

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 70552.5 Problems Accessing the ZyWALL52.5.1 Pop-up Windows, JavaScripts and Java Permis

ZyWALL 5/35/70 Series User’s Guide706 Chapter 52 Troubleshooting• Web browser pop-up windows from your device.• JavaScripts (enabled by default).• Jav

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 707Figure 445 Internet Options: Privacy3 Click Apply to save this setting.52.5.1.1.2 E

ZyWALL 5/35/70 Series User’s Guide708 Chapter 52 TroubleshootingFigure 446 Internet Options: Privacy3 Type the IP address of your device (the web pa

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 709Figure 447 Pop-up Blocker Settings5 Click Close to return to the Privacy screen. 6 C

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 712.4.2 Main WindowThe main window shows the screen you select in the na

ZyWALL 5/35/70 Series User’s Guide710 Chapter 52 TroubleshootingFigure 448 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll d

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 711Figure 449 Security Settings - Java Scripting52.5.1.3 Java Permissions1 From Intern

ZyWALL 5/35/70 Series User’s Guide712 Chapter 52 TroubleshootingFigure 450 Security Settings - Java 52.5.1.3.1 JAVA (Sun)1 From Internet Explorer,

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 713Figure 451 Java (Sun)52.6 Packet FlowThe following is the packet check flow on the

ZyWALL 5/35/70 Series User’s Guide714 Chapter 52 Troubleshooting

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 715APPENDIX AProduct SpecificationsSee also the Introduction chapter for a general

ZyWALL 5/35/70 Series User’s Guide716 Appendix A Product SpecificationsOperation Humidity 20% ~ 95% RH (non-condensing)Storage Humidity 20% ~ 95% RH (

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 717Anti-Virus/IDP (Intrusion Detection and Prevention)Accelerated by a ZyWALL Turb

ZyWALL 5/35/70 Series User’s Guide718 Appendix A Product Specifications Other Protocol Support PPP (Point-to-Point Protocol) link layer protocol.Trans

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 719Compatible ZyXEL WLAN CardsThe following table lists the ZyXEL WLAN cards that

ZyWALL 5/35/70 Series User’s Guide72 Chapter 2 Introducing the Web ConfiguratorSystem Name This is the System Name you enter in the MAINTENANCE > G

ZyWALL 5/35/70 Series User’s Guide720 Appendix A Product SpecificationsNote: Only certain ZyXEL wireless LAN cards are compatible with the ZyWALL.Do n

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 721 Figure 454 Ethernet Cable Pin AssignmentsTable 269 Console/Dial Backup Por

ZyWALL 5/35/70 Series User’s Guide722 Appendix A Product Specifications

ZyWALL 5/35/70 Series User’s GuideAppendix B Hardware Installation 723APPENDIX BHardware InstallationThe ZyWALL can be placed on a desktop or rack-mou

ZyWALL 5/35/70 Series User’s Guide724 Appendix B Hardware InstallationFigure 455 Attaching Rubber Feet Note: Do not block the ventilation holes.

ZyWALL 5/35/70 Series User’s GuideAppendix B Hardware Installation 725Figure 456 Attaching Mounting Brackets and Screws3 After attaching both mounti

ZyWALL 5/35/70 Series User’s Guide726 Appendix B Hardware Installation

ZyWALL 5/35/70 Series User’s GuideAppendix C Removing and Installing a Fuse 727APPENDIX CRemoving and Installing a FuseThis appendix shows you how to

ZyWALL 5/35/70 Series User’s Guide728 Appendix C Removing and Installing a Fuse

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 729APPENDIX DSetting up Your Computer’s IP AddressAll computers mus

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 73Status For the LAN, DMZ and WLAN ports, this displays the port speed an

ZyWALL 5/35/70 Series User’s Guide730 Appendix D Setting up Your Computer’s IP AddressFigure 458 WIndows 95/98/Me: Network: ConfigurationInstalling

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 7314 Select Client for Microsoft Networks from the list of network

ZyWALL 5/35/70 Series User’s Guide732 Appendix D Setting up Your Computer’s IP AddressFigure 460 Windows 95/98/Me: TCP/IP Properties: DNS Configurat

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 733Figure 461 Windows XP: Start Menu2 In the Control Panel, doubl

ZyWALL 5/35/70 Series User’s Guide734 Appendix D Setting up Your Computer’s IP AddressFigure 463 Windows XP: Control Panel: Network Connections: Pro

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 735• Click Advanced.Figure 465 Windows XP: Internet Protocol (TCP

ZyWALL 5/35/70 Series User’s Guide736 Appendix D Setting up Your Computer’s IP AddressFigure 466 Windows XP: Advanced TCP/IP Properties7 In the Inte

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 737Figure 467 Windows XP: Internet Protocol (TCP/IP) Properties8

ZyWALL 5/35/70 Series User’s Guide738 Appendix D Setting up Your Computer’s IP AddressFigure 468 Macintosh OS 8/9: Apple Menu2 Select Ethernet built

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 739•From the Configure box, select Manually.• Type your IP address

ZyWALL 5/35/70 Series User’s Guide74 Chapter 2 Introducing the Web Configurator2.4.4 HOME Screen: Bridge Mode The following screen displays when t

ZyWALL 5/35/70 Series User’s Guide740 Appendix D Setting up Your Computer’s IP AddressFigure 471 Macintosh OS X: Network4 For statically assigned se

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 741Note: Make sure you are logged in as the root administrator. Usi

ZyWALL 5/35/70 Series User’s Guide742 Appendix D Setting up Your Computer’s IP Address• If you have a static IP address, click Statically set IP Addre

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 743• If you have a dynamic IP address, enter dhcp in the BOOTPROTO=

ZyWALL 5/35/70 Series User’s Guide744 Appendix D Setting up Your Computer’s IP AddressFigure 479 Red Hat 9.0: Restart Ethernet Card Verifying Setti

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Addresses and Subnetting 745APPENDIX EIP Addresses and SubnettingThis appendix introduces IP addresses

ZyWALL 5/35/70 Series User’s Guide746 Appendix E IP Addresses and SubnettingThe following table shows the network number and host ID arrangement for c

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Addresses and Subnetting 747Subnet MasksA subnet mask is used to determine which bits are part of the

ZyWALL 5/35/70 Series User’s Guide748 Appendix E IP Addresses and SubnettingThe first mask shown is the class “C” natural mask. Normally if no mask is

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Addresses and Subnetting 749Host IDs of all zeros represent the subnet itself and host IDs of all ones

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 75You can use the firewall and VPN in bridge mode.Figure 11 Web Configu

ZyWALL 5/35/70 Series User’s Guide750 Appendix E IP Addresses and SubnettingExample Eight SubnetsSimilarly use a 27-bit mask to create eight subnets (

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Addresses and Subnetting 751The following table shows class C IP address last octet values for each su

ZyWALL 5/35/70 Series User’s Guide752 Appendix E IP Addresses and SubnettingThe following table is a summary for class “B” subnet planning. Table 283

ZyWALL 5/35/70 Series User’s GuideAppendix F Common Services 753Appendix F Common ServicesThe following table lists some commonly-used services and th

ZyWALL 5/35/70 Series User’s Guide754 Appendix F Common ServicesHTTP TCP 80 Hyper Text Transfer Protocol - a client/server protocol for the world wide

ZyWALL 5/35/70 Series User’s GuideAppendix F Common Services 755SFTP TCP 115 Simple File Transfer Protocol.SMTP TCP 25 Simple Mail Transfer Protocol i

ZyWALL 5/35/70 Series User’s Guide756 Appendix F Common Services

ZyWALL 5/35/70 Series User’s GuideAppendix G Wireless LANs 757APPENDIX GWireless LANsWireless LAN TopologiesThis section discusses ad-hoc and infrastr

ZyWALL 5/35/70 Series User’s Guide758 Appendix G Wireless LANsFigure 482 Basic Service SetESSAn Extended Service Set (ESS) consists of a series of o

ZyWALL 5/35/70 Series User’s GuideAppendix G Wireless LANs 759Figure 483 Infrastructure WLANChannelA channel is the radio frequency(ies) used by IEE

ZyWALL 5/35/70 Series User’s Guide76 Chapter 2 Introducing the Web ConfiguratorSystem Time This field displays your ZyWALL’s present date (in yyyy-mm-

ZyWALL 5/35/70 Series User’s Guide760 Appendix G Wireless LANsFigure 484 RTS/CTSWhen station A sends data to the AP, it might not know that the stat

ZyWALL 5/35/70 Series User’s GuideAppendix G Wireless LANs 761A large Fragmentation Threshold is recommended for networks not prone to interference wh

ZyWALL 5/35/70 Series User’s Guide762 Appendix G Wireless LANsIEEE 802.1xIn June 2001, the IEEE 802.1x standard was designed to extend the features of

ZyWALL 5/35/70 Series User’s GuideAppendix G Wireless LANs 763• Access-ChallengeSent by a RADIUS server requesting more information in order to allow

ZyWALL 5/35/70 Series User’s Guide764 Appendix G Wireless LANs3 The wireless station replies with identity information, including username and passwor

ZyWALL 5/35/70 Series User’s GuideAppendix G Wireless LANs 765PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to

ZyWALL 5/35/70 Series User’s Guide766 Appendix G Wireless LANsFigure 486 WEP Authentication StepsOpen system authentication involves an unencrypted

ZyWALL 5/35/70 Series User’s GuideAppendix G Wireless LANs 767If this feature is enabled, it is not necessary to configure a default encryption key in

ZyWALL 5/35/70 Series User’s Guide768 Appendix G Wireless LANsThe RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets u

ZyWALL 5/35/70 Series User’s GuideAppendix G Wireless LANs 769RoamingA wireless station is a device with an IEEE 802.11 mode compliant wireless adapte

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 77Port Status For the WAN, LAN, DMZ, and WLAN Interfaces, this displays t

ZyWALL 5/35/70 Series User’s Guide770 Appendix G Wireless LANs3 Access point P2 acknowledges the presence of wireless station Y and relays this inform

ZyWALL 5/35/70 Series User’s GuideAppendix H Windows 98 SE/Me Requirements for Anti-Virus Message Display 771APPENDIX HWindows 98 SE/Me Requirements f

ZyWALL 5/35/70 Series User’s Guide772 Appendix H Windows 98 SE/Me Requirements for Anti-Virus Message DisplayFigure 490 Windows 98 SE: Task Bar Prop

ZyWALL 5/35/70 Series User’s GuideAppendix H Windows 98 SE/Me Requirements for Anti-Virus Message Display 773Figure 492 Windows 98 SE: Startup: Crea

ZyWALL 5/35/70 Series User’s Guide774 Appendix H Windows 98 SE/Me Requirements for Anti-Virus Message DisplayFigure 494 Windows 98 SE: Startup: Shor

ZyWALL 5/35/70 Series User’s GuideAppendix I VPN Setup 775APPENDIX IVPN SetupThis appendix will help you to quickly create a IPSec/VPN connection betw

ZyWALL 5/35/70 Series User’s Guide776 Appendix I VPN SetupThe following pages show a typical configuration that builds a tunnel between two private ne

ZyWALL 5/35/70 Series User’s GuideAppendix I VPN Setup 777Figure 496 Headquarters Gateway Policy EditThe IP address of the branch office IPSec route

ZyWALL 5/35/70 Series User’s Guide778 Appendix I VPN SetupFigure 497 Branch Office Gateway Policy Edit3 Click the add network policy ( ) icon next t

ZyWALL 5/35/70 Series User’s GuideAppendix I VPN Setup 779Figure 498 Headquarters VPN RuleFigure 499 Branch Office VPN Rule4 Configure the screens

ZyWALL 5/35/70 Series User’s Guide78 Chapter 2 Introducing the Web Configurator2.4.5 Navigation PanelAfter you enter the password, use the sub-menus

ZyWALL 5/35/70 Series User’s Guide780 Appendix I VPN SetupFigure 500 Headquarters Network Policy EditIP addresses on different subnets.Activate the

ZyWALL 5/35/70 Series User’s GuideAppendix I VPN Setup 781Figure 501 Branch Office Network Policy EditDialing the VPN Tunnel via Web ConfiguratorTo

ZyWALL 5/35/70 Series User’s Guide782 Appendix I VPN SetupFigure 502 VPN Rule ConfiguredThe following screen displays.Figure 503 VPN DialThis scre

ZyWALL 5/35/70 Series User’s GuideAppendix I VPN Setup 783VPN TroubleshootingIf the IPSec tunnel does not build properly, the problem is likely a conf

ZyWALL 5/35/70 Series User’s Guide784 Appendix I VPN SetupFigure 505 VPN Log Example ras> sys log disp ike ipsec# .time source

ZyWALL 5/35/70 Series User’s GuideAppendix I VPN Setup 785IPSec DebugIf you are having difficulty building an IPSec tunnel to a non-ZyXEL IPSec router

ZyWALL 5/35/70 Series User’s Guide786 Appendix I VPN SetupUse a VPN TunnelA VPN tunnel gives you a secure connection to another computer or network. T

ZyWALL 5/35/70 Series User’s GuideAppendix J Importing Certificates 787APPENDIX JImporting CertificatesThis appendix shows importing certificates exam

ZyWALL 5/35/70 Series User’s Guide788 Appendix J Importing CertificatesFigure 508 Login Screen2 Click Install Certificate to open the Install Certif

ZyWALL 5/35/70 Series User’s GuideAppendix J Importing Certificates 789Figure 510 Certificate Import Wizard 14 Select where you would like to store

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 79Table Key: An O in a mode’s column shows that the device mode has the s

ZyWALL 5/35/70 Series User’s Guide790 Appendix J Importing CertificatesFigure 512 Certificate Import Wizard 36 Click Yes to add the ZyWALL certific

ZyWALL 5/35/70 Series User’s GuideAppendix J Importing Certificates 791Figure 514 Certificate General Information after ImportEnrolling and Importin

ZyWALL 5/35/70 Series User’s Guide792 Appendix J Importing CertificatesFigure 515 ZyWALL Trusted CA ScreenThe CA sends you a package containing the

ZyWALL 5/35/70 Series User’s GuideAppendix J Importing Certificates 793Figure 516 CA Certificate Example2 Click Install Certificate and follow the w

ZyWALL 5/35/70 Series User’s Guide794 Appendix J Importing CertificatesFigure 517 Personal Certificate Import Wizard 12 The file name and path of th

ZyWALL 5/35/70 Series User’s GuideAppendix J Importing Certificates 795Figure 519 Personal Certificate Import Wizard 34 Have the wizard determine wh

ZyWALL 5/35/70 Series User’s Guide796 Appendix J Importing CertificatesFigure 521 Personal Certificate Import Wizard 56 You should see the following

ZyWALL 5/35/70 Series User’s GuideAppendix J Importing Certificates 797Figure 524 SSL Client Authentication3 You next see the ZyWALL login screen.Fi

ZyWALL 5/35/70 Series User’s Guide798 Appendix J Importing Certificates

ZyWALL 5/35/70 Series User’s GuideAppendix K Command Interpreter 799APPENDIX KCommand InterpreterThe following describes how to use the command interp

ZyWALL 5/35/70 Series User’s Guide8 Customer SupportCustomer SupportPlease have the following information ready when you contact customer support.• Pr

ZyWALL 5/35/70 Series User’s Guide80 Chapter 2 Introducing the Web ConfiguratorWAN General This screen allows you to configure load balancing, route p

ZyWALL 5/35/70 Series User’s Guide800 Appendix K Command InterpreterFigure 526 Displaying Log Categories Example3 Use sys logs category followed by

ZyWALL 5/35/70 Series User’s GuideAppendix K Command Interpreter 801Log Command ExampleThis example shows how to set the ZyWALL to record the access l

ZyWALL 5/35/70 Series User’s Guide802 Appendix K Command InterpreterFigure 528 Routing Command ExampleARP Behavior and the ARP ackGratuitous Command

ZyWALL 5/35/70 Series User’s GuideAppendix K Command Interpreter 803A backup gateway (as in the following graphic) is an example of when you might wan

ZyWALL 5/35/70 Series User’s Guide804 Appendix K Command InterpreterFigure 530 Managing the Bandwidth of an IPSec SAUse on with this command to set

ZyWALL 5/35/70 Series User’s GuideAppendix K Command Interpreter 805Setting the Key Length for Phase 2 IPSec AES Encryption By default the ZyWALL us

ZyWALL 5/35/70 Series User’s Guide806 Appendix K Command Interpreter

ZyWALL 5/35/70 Series User’s GuideAppendix L Firewall Commands 807APPENDIX LFirewall CommandsThe following describes the firewall commands. See Append

ZyWALL 5/35/70 Series User’s Guide808 Appendix L Firewall CommandsE-mail config edit firewall e-mail mail-server <ip address of mail server>Thi

ZyWALL 5/35/70 Series User’s GuideAppendix L Firewall Commands 809config edit firewall attack minute-high <0-255>This command sets the threshold

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 81IDP General Use this screen to enable IDP on the ZyWALL and choose what

ZyWALL 5/35/70 Series User’s Guide810 Appendix L Firewall CommandsConfig edit firewall set <set #> tcp-idle-timeout <seconds>This command

ZyWALL 5/35/70 Series User’s GuideAppendix L Firewall Commands 811config edit firewall set <set #> rule <rule #> destaddr-subnet <ip ad

ZyWALL 5/35/70 Series User’s Guide812 Appendix L Firewall Commands

ZyWALL 5/35/70 Series User’s GuideAppendix M NetBIOS Filter Commands 813APPENDIX MNetBIOS Filter CommandsThe following describes the NetBIOS packet fi

ZyWALL 5/35/70 Series User’s Guide814 Appendix M NetBIOS Filter CommandsThe filter types and their default settings are as follows.NetBIOS Filter Conf

ZyWALL 5/35/70 Series User’s GuideAppendix M NetBIOS Filter Commands 815sys filter netbios config 3 onThis command blocks IPSec NetBIOS packets.sys fi

ZyWALL 5/35/70 Series User’s Guide816 Appendix M NetBIOS Filter Commands

ZyWALL 5/35/70 Series User’s GuideAppendix N Certificates Commands 817APPENDIX NCertificates CommandsThe following describes the certificate commands.

ZyWALL 5/35/70 Series User’s Guide818 Appendix N Certificates Commandscreate cmp_enroll <name> <CA addr> <CA cert> <auth key>

ZyWALL 5/35/70 Series User’s GuideAppendix N Certificates Commands 819replace_factoryCreate a certificate using your device MAC address that will be s

ZyWALL 5/35/70 Series User’s Guide82 Chapter 2 Introducing the Web ConfiguratorAUTH SERVER Local User DatabaseUse this screen to configure the local u

ZyWALL 5/35/70 Series User’s Guide820 Appendix N Certificates Commands delete <name> Delete the specified trusted remote host certificate. <n

ZyWALL 5/35/70 Series User’s GuideAppendix O Brute-Force Password Guessing Protection 821APPENDIX OBrute-Force Password GuessingProtectionBrute-force

ZyWALL 5/35/70 Series User’s Guide822 Appendix O Brute-Force Password Guessing Protection

ZyWALL 5/35/70 Series User’s GuideAppendix P Boot Commands 823APPENDIX PBoot CommandsThe BootModule AT commands execute from within the router’s bootu

ZyWALL 5/35/70 Series User’s Guide824 Appendix P Boot CommandsFigure 534 Boot Module CommandsAT just answer OKATHE print helpATB

ZyWALL 5/35/70 Series User’s GuideIndex 825IndexNumerics10/100 Mbps DMZ 5610/100 Mbps LAN 5610/100 Mbps WAN 579600 baud 549Aaccess control 258Access P

ZyWALL 5/35/70 Series User’s Guide826 Indexblacklist 288, 296boldArial font 54Times New Roman font 54boot sector virus 271BPDU 143bridge firewall 57,

ZyWALL 5/35/70 Series User’s GuideIndex 827use server detected IP 562wildcard 561default configuration 68default server IP address 405default settings