ZyWALL 10~100 Series Internet Security Gateway Reference Guide Versions 3.52, 3.60 and 3.61 March 2003
ZyWALL 10~100 Series Internet Security Gateway x List of Charts List of Charts Chart 8-1 Classes of IP Addresses ...
ZyWALL 10~100 Series Internet Security Gateway List of Charts xi Chart 13-11 Sample IPSec Logs During Packet Transmission ...
ZyWALL 10~100 Series Internet Security Gateway xii Preface Preface About Your ZyWALL Congratulations on your purchase of the ZyWALL Security Gateway.
ZyWALL 10~100 Series Internet Security Gateway Preface xiii Syntax Conventions • “Enter” means for you to type one or more characters and press the
General Information I Part I: General Information This part provides background information about setting up your computer’s IP address, triangl
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-1 Chapter 1 Setting up Your Computer’s IP Address All comput
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-2The Network window Configuration tab displays a list of inst
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-3 1. Click the IP Address tab. -If your IP address is dynami
ZyWALL 10~100 Series Internet Security Gateway ii Copyright Copyright Copyright © 2003 by ZyXEL Communications Corporation. The contents of this publ
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-43. Click the Gateway tab. -If you do not know your gateway
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-5 1. For Windows XP, click start, Control Panel. In Windows
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-64. Select Internet Protocol (TCP/IP) (under the General tab
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-7 6. -If you do not know your gateway's IP address, re
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-8 7. In the Internet Protocol TCP/IP Properties window (the G
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-9 1. Click the Apple menu, Control Panel and double-click TC
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-104. For statically assigned settings, do the following: -F
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-11 2. Click Network in the icon bar. - Select Automatic f
ZyWALL 10~100 Series Internet Security Gateway Triangle Route 2-1 Chapter 2 Triangle Route The Ideal Setup When the firewall is on, your ZyWALL a
ZyWALL 10~100 Series Internet Security Gateway FCC iii Federal Communications Commission (FCC) Interference Statement This device complies with Part
ZyWALL 10~100 Series Internet Security Gateway Triangle Route 2-2 Diagram 2-2 “Triangle Route” Problem The “Triangle Route” Solutions This section p
ZyWALL 10~100 Series Internet Security Gateway Triangle Route 2-3 Gateways on the WAN Side A second solution to the “triangle route” problem is to
ZyWALL 10~100 Series Internet Security Gateway The Big Picture 3-1 Chapter 3 The Big Picture The following figure gives an overview of how filteri
ZyWALL 10~100 Series Internet Security Gateway The Big Picture 3-2
ZyWALL 10~100 Series Internet Security Gateway Wireless LAN and IEEE 802.11 4-1 Chapter 4 Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provi
ZyWALL 10~100 Series Internet Security Gateway The Big Picture 4-2The IEEE 802.11 specifies three different transmission methods for the PHY, the
ZyWALL 10~100 Series Internet Security Gateway Wireless LAN and IEEE 802.11 4-3 Diagram 4-1 Peer-to-Peer Communication in an Ad-hoc Network Infras
ZyWALL 10~100 Series Internet Security Gateway The Big Picture 4-4could be any type of network, it is almost invariably an Ethernet LAN. Mobile no
ZyWALL 10~100 Series Internet Security Gateway Wireless LAN with IEEE 802.1x 5-1 Chapter 5 Wireless LAN With IEEE 802.1x As wireless networks becom
ZyWALL 10~100 Series Internet Security Gateway iv Information for Canadian Users Information for Canadian Users The Industry Canada label identifie
ZyWALL 10~100 Series Internet Security Gateway Wireless LAN with IEEE 802.1x 5-2• Support for RADIUS (Remote Authentication Dial In User Service,
ZyWALL 10~100 Series Internet Security Gateway PPPoE 6-1 Chapter 6 PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over
ZyWALL 10~100 Series Internet Security Gateway 6-2 PPPoE How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and th
ZyWALL 10~100 Series Internet Security Gateway PPTP 7-1 Chapter 7 PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft propri
ZyWALL 10~100 Series Internet Security Gateway 7-2 PPTP PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F
ZyWALL 10~100 Series Internet Security Gateway PPTP 7-3 Diagram 7-3 Example Message Exchange between PC and an ANT PPP Data Connection The PPP fra
ZyWALL 10~100 Series Internet Security Gateway IP Subnetting 8-1 Chapter 8 IP Subnetting IP Addressing Routers “route” based on the network numbe
ZyWALL 10~100 Series Internet Security Gateway 8-2 IP Subnetting A class “B” address (16 host bits) can have 216 –2 or 65534 hosts. A class “A” ad
ZyWALL 10~100 Series Internet Security Gateway IP Subnetting 8-3 With subnetting, the class arrangement of an IP address is ignored. For example, a
ZyWALL 10~100 Series Internet Security Gateway Warranty v ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this produ
ZyWALL 10~100 Series Internet Security Gateway 8-4 IP Subnetting The first three octets of the address make up the network number (class “C”). You wa
ZyWALL 10~100 Series Internet Security Gateway IP Subnetting 8-5 192.168.1.0 with mask 255.255.255.128 is the subnet itself, and 192.168.1.127 with
ZyWALL 10~100 Series Internet Security Gateway 8-6 IP Subnetting Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.1
ZyWALL 10~100 Series Internet Security Gateway IP Subnetting 8-7 Chart 8-12 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUB
ZyWALL 10~100 Series Internet Security Gateway 8-8 IP Subnetting Chart 8-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNET
Command and Log Information II Part II: Command and Log Information This part provides information on the command interpreter interface, firewal
ZyWALL 10~100 Series Internet Security Gateway Command Interpreter 9-1 Chapter 9 Command Interpreter The following describes how to use the command
ZyWALL 10~100 Series Internet Security Gateway Firewall Commands 10-1 Chapter 10 Firewall Commands The following describes the firewall commands.
ZyWALL 10~100 Series Internet Security Gateway vi Customer Support Customer Support When you contact your customer support representative please have
ZyWALL 10~100 Series Internet Security Gateway 10-2 Firewall Commands Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config displa
ZyWALL 10~100 Series Internet Security Gateway Firewall Commands 10-3 Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit fir
ZyWALL 10~100 Series Internet Security Gateway 10-4 Firewall Commands Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firew
ZyWALL 10~100 Series Internet Security Gateway Firewall Commands 10-5 Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION Config edit fir
ZyWALL 10~100 Series Internet Security Gateway 10-6 Firewall Commands Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION Config edit f
ZyWALL 10~100 Series Internet Security Gateway Firewall Commands 10-7 Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit fir
ZyWALL 10~100 Series Internet Security Gateway 10-8 Firewall Commands Chart 10-1 Firewall Commands FUNCTION COMMAND DESCRIPTION config delete fir
ZyWALL 10~100 Series Internet Security Gateway NetBIOS Filter Commands 11-1 Chapter 11 NetBIOS Filter Commands The following describes the NetBIOS
ZyWALL 10~100 Series Internet Security Gateway 11-2 NetBIOS Filter Commands This command gives a read-only list of the current NetBIOS filter mode
ZyWALL 10~100 Series Internet Security Gateway NetBIOS Filter Commands 11-3 Chart 11-1 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE WAN
ZyWALL 10~100 Series Internet Security Gateway Table of Contents vii Table of Contents Copyright...
ZyWALL 10~100 Series Internet Security Gateway 11-4 NetBIOS Filter Commands <on|off> = For types 0 and 1, use on to enable the filter and b
ZyWALL 10~100 Series Internet Security Gateway Boot Commands 12-1 Chapter 12 Boot Commands The BootModule AT commands execute from within the route
ZyWALL 10~100 Series Internet Security Gateway 12-2 Boot Commands Diagram 12-2 Boot Module Commands AT just answer OK ATHE pr
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-1 Chapter 13 Log Descriptions Chart 13-1 System Error Logs LOG MESSAGE DESCRIP
ZyWALL 10~100 Series Internet Security Gateway 13-2 Log Descriptions Chart 13-2 System Maintenance Logs TELNET Login Fail Someone has failed to log
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-3 Chart 13-5 Attack Logs LOG MESSAGE DESCRIPTION attack IGMP The firewall detec
ZyWALL 10~100 Series Internet Security Gateway 13-4 Log Descriptions Chart 13-5 Attack Logs LOG MESSAGE DESCRIPTION syn flood TCP The firewall dete
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-5 Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall default policy: TCP (
ZyWALL 10~100 Series Internet Security Gateway 13-6 Log Descriptions Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule match: IGMP (set:
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-7 Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule NOT match: OSPF
ZyWALL 10~100 Series Internet Security Gateway viii Table of Contents Index ...
ZyWALL 10~100 Series Internet Security Gateway 13-8 Log Descriptions Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Filter match DROP <set %d/ru
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-9 Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall sent TCP reset packet
ZyWALL 10~100 Series Internet Security Gateway 13-10 Log Descriptions Chart 13-7 ACL Setting Notes ACL SET NUMBER DIRECTION DESCRIPTION 9 DMZ to DMZ
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-11 Chart 13-8 ICMP Notes TYPE CODE DESCRIPTION 0 Echo message 11 Time Exceede
ZyWALL 10~100 Series Internet Security Gateway 13-12 Log Descriptions Diagram 13-1 Example VPN Initiator IPSec Log VPN Responder IPSec Log The foll
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-13 The following table shows sample log messages during IKE key exchange. Char
ZyWALL 10~100 Series Internet Security Gateway 13-14 Log Descriptions Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Remote IP
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-15 Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION vs. My Loca
ZyWALL 10~100 Series Internet Security Gateway 13-16 Log Descriptions The following table shows RFC-2408 ISAKMP payload types that the log displays
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-17 Log Commands Go to the command interpreter interface (the Command Interpreter
ZyWALL 10~100 Series Internet Security Gateway List of Diagrams ix List of Diagrams Diagram 2-1 Ideal Setup ...
ZyWALL 10~100 Series Internet Security Gateway 13-2 Log Descriptions Use the sys logs display [log category] command to show the logs in an individu
ZyWALL 10~100 Series Internet Security Gateway Brute-Force Password Guessing Protection 14-1 Chapter 14 Brute-Force Password Guessing Protection Th
Index III Part III: Index This part provides an Index of key terms.
ZyWALL 10~100 Series Internet Security Gateway Index A Index A Ad-hoc Configuration ... 4-2 Alternative Subnet M
ZyWALL 10~100 Series Internet Security Gateway B Index Infrastructure Configuration ....... 4-3 IP Addressing ......
Comments to this Manuals