ZyXEL Communications ZyXEL Prestige 310 User's Guide

Quick Start Guidewww.zyxel.comZyWALL 110/310/1100 SeriesVPN FirewallVersion 3.10Edition 2, 02/2013Copyright © 2013 ZyXEL Communications CorporationUse

ZyWALL 110/310/1100 Series User’s Guide1024.1.2 What You Need to Know ...

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide100Figure 71 Monitor > VPN Monitor > L2TP over IPSecThe following table describes the

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide101Figure 72 Monitor > LogThe following table describes the labels in this screen. Tabl

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide102The Web Configurator saves the filter settings if you leave the View Log screen and return

ZyWALL 110/310/1100 Series User’s Guide 103CHAPTER 7Interfaces7.1 Interface OverviewUse the Interface screens to configure the ZyWALL’s interfaces.

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide104• An interface is a logical entity through which (layer-3) packets pass.• An interface i

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide105 - * The format of interface names other than the Ethernet and ppp interface names is s

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide106* - You cannot set up a PPP interface, virtual Ethernet interface or virtual VLAN interf

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide107Stateless AutoconfigurationWith stateless autoconfiguration in IPv6, addresses can be u

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1087.1.3 What You Need to Do First For IPv6 settings, go to the Configuration > System

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide109Click Reset to change the port groups to their current configuration (last-saved values

ZyWALL 110/310/1100 Series User’s Guide1128.2.1 IPv4 Address Add/Edit Screen ...

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide110Each field is described in the following table. 7.3.1 Ethernet Edit The Ethernet Edit s

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide111• Select which direction(s) routing information is exchanged - The ZyWALL can receive r

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide112Figure 75 Configuration > Network > Interface > Ethernet > Edit (External

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide113Figure 76 Configuration > Network > Interface > Ethernet > Edit (Internal

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide114Figure 77 Configuration > Network > Interface > Ethernet > Edit (OPT)

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide115This screen’s fields are described in the table below. Table 41 Configuration > Ne

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide116Subnet Mask Enter the subnet mask of this interface in dot decimal notation. The subnet

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide117 Address This field displays the combined IPv6 IP address for this interface.Note: Thi

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide118Advertised Hosts Get Other Configuration From DHCPv6Select this to have the ZyWALL indic

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide119Egress BandwidthEnter the maximum amount of traffic, in kilobits per second, the ZyWALL

ZyWALL 110/310/1100 Series User’s Guide1232.2 Authentication Method Objects ...

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide120IP Pool Start AddressEnter the IP address from which the ZyWALL begins allocating IP add

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide121Enable IP/MAC BindingSelect this option to have this interface enforce links between sp

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1227.3.2 Object ReferencesWhen a configuration screen includes an Object Reference icon, s

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide123Figure 78 Object ReferencesThe following table describes labels that can appear in th

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide124Select a DHCPv6 request or lease object in the Select one object field and click OK to s

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide125The following table lists the available DHCP extended options (defined in RFCs) on the

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide126Figure 81 Example: PPPoE/PPTP InterfacesPPPoE/PPTP interfaces are similar to other int

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide127Each field is described in the table below.7.4.2 PPP Interface Add or Edit Note: You h

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide128Figure 83 Configuration > Network > Interface > PPP > Add

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide129Each field is explained in the following table.Table 46 Configuration > Network &g

ZyWALL 110/310/1100 Series User’s Guide13Chapter 37System...

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide130IP Address This field is enabled if you select Use Fixed IP Address.Enter the IP address

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide131Enable Rapid CommitSelect this to shorten the DHCPv6 message exchange process from four

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1327.5 Cellular Configuration Screen (3G)3G (Third Generation) is a digital, packet-switch

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide133Aside from selecting the 3G network, the 3G card may also select an available 2.5G or 2

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide134Figure 84 Configuration > Network > Interface > Cellular The following tabl

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide135Figure 85 Configuration > Network > Interface > Cellular > Add

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide136The following table describes the labels in this screen.Table 49 Configuration > Ne

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide137User Name This field displays when you select an authentication type other than None. T

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide138Check Period Enter the number of seconds between connection check attempts.Check Timeout

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide139Network SelectionHome network is the network to which you are originally subscribed. Se

ZyWALL 110/310/1100 Series User’s Guide1437.12 Language Screen ...

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1407.6 Tunnel InterfacesThe ZyWALL uses tunnel interfaces in Generic Routing Encapsulation

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide141• your ZyWALL has a public IPv4 IP address given from your ISP,and• you want to transmi

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide142Figure 89 6to4 Tunnel7.6.1 Configuring a TunnelThis screen lists the ZyWALL’s configu

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1437.6.2 Tunnel Add or Edit ScreenThis screen lets you configure a tunnel interface. Clic

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide144Figure 91 Network > Interface > Tunnel > Add/EditEach field is explained in t

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide145Tunnel Mode Select the tunneling protocol of the interface (GRE, IPv6-in-IPv4 or 6to4).

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide146Interface ParametersEgress BandwidthEnter the maximum amount of traffic, in kilobits per

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1477.7 VLAN Interfaces A Virtual Local Area Network (VLAN) divides a physical network int

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide148This approach provides a few advantages.• Increased performance - In VLAN 2, the extra s

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide149Figure 94 Configuration > Network > Interface > VLAN Each field is explain

ZyWALL 110/310/1100 Series User’s Guide15Chapter 42Reboot ...

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1507.7.2 VLAN Add/Edit This screen lets you configure IP address assignment, interface ban

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide151Figure 95 Configuration > Network > Interface > VLAN > Create Virtual Int

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide152Each field is explained in the following table. Table 53 Configuration > Network &g

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide153Gateway This field is enabled if you select Use Fixed IP Address.Enter the IP address o

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide154DHCPv6 SettingDUID This field displays the DHCP Unique IDentifier (DUID) of the interfac

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide155Router PreferenceSelect the router preference (Low, Medium or High) for the interface.

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide156MTU Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide157Pool Size Enter the number of IP addresses to allocate. This number must be at least on

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide158Add Click this to create a new entry. Edit Select an entry and click this to be able to

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1597.8 Bridge Interfaces This section introduces bridges and bridge interfaces and then e

ZyWALL 110/310/1100 Series User’s Guide16

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide160If computer B responds to computer A, bridge X records the source address 0B:0B:0B:0B:0B

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide161Figure 96 Configuration > Network > Interface > Bridge Each field is descr

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1627.8.2 Bridge Add/Edit This screen lets you configure IP address assignment, interface b

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide163Figure 97 Configuration > Network > Interface > Bridge > Create Virtual I

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide164Each field is described in the table below.Table 58 Configuration > Network > In

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide165IP Address This field is enabled if you select Use Fixed IP Address.Enter the IP addres

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide166 Suffix AddressEnter the ending part of the IPv6 address, a slash (/), and the prefix

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide167Advertised Hosts Get Network Configuration From DHCPv6Select this to have the ZyWALL in

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide168 Address This is the final network prefix combined by the selected delegated prefix and

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide169First WINS Server, Second WINS Server Type the IP address of the WINS (Windows Internet

ZyWALL 110/310/1100 Series User’s Guide 17CHAPTER 1Introduction1.1 Overview Note: This help covers the following ZyWALL models and refers to them a

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1707.9 Virtual Interfaces Use virtual interfaces to tell the ZyWALL where to route packets

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1717.9.1 Virtual Interfaces Add/EditThis screen lets you configure IP address assignment

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide1727.10 Interface Technical ReferenceHere is more detailed information about interfaces on

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide173In the example above, if the ZyWALL gets a packet with a destination address of 5.5.5.5

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide174In the ZyWALL, some interfaces can provide DHCP services to the network. In this case, t

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide175PPPoE/PPTP OverviewPoint-to-Point Protocol over Ethernet (PPPoE, RFC 2516) and Point-to

Chapter 7 InterfacesZyWALL 110/310/1100 Series User’s Guide176

ZyWALL 110/310/1100 Series User’s Guide 177CHAPTER 8Trunk8.1 OverviewUse trunks for WAN traffic load balancing to increase overall network throughp

Chapter 8 TrunkZyWALL 110/310/1100 Series User’s Guide178• If that interface’s connection goes down, the ZyWALL can still send its traffic through ano

Chapter 8 TrunkZyWALL 110/310/1100 Series User’s Guide179Figure 101 Least Load First ExampleThe outbound bandwidth utilization is used as the load

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide18Figure 2 Applications: VPN ConnectivitySSL VPN Network Access SSL VPN lets remote use

Chapter 8 TrunkZyWALL 110/310/1100 Series User’s Guide180SpilloverThe spillover load balancing algorithm sends network traffic to the first interface

Chapter 8 TrunkZyWALL 110/310/1100 Series User’s Guide181The following table describes the items in this screen. 8.2.1 Configuring a User-Defined Tr

Chapter 8 TrunkZyWALL 110/310/1100 Series User’s Guide182Figure 105 Configuration > Network > Interface > Trunk > Add (or Edit) Each

Chapter 8 TrunkZyWALL 110/310/1100 Series User’s Guide1838.2.2 Configuring the System Default Trunk In the Configuration > Network > Interface

Chapter 8 TrunkZyWALL 110/310/1100 Series User’s Guide184Figure 106 Configuration > Network > Interface > Trunk > Edit (System Default)

Chapter 8 TrunkZyWALL 110/310/1100 Series User’s Guide185Spillover This field displays with the spillover load balancing algorithm. Specify the maxim

Chapter 8 TrunkZyWALL 110/310/1100 Series User’s Guide186

ZyWALL 110/310/1100 Series User’s Guide 187CHAPTER 9Policy and Static Routes9.1 Policy and Static Routes OverviewUse policy routes and static route

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide1889.1.2 What You Need to Know Policy RoutingTraditionally, routing is base

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide189DiffServ (Differentiated Services) is a class of service (CoS) model that

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide19Figure 4 Applications: User-Aware Access ControlLoad BalancingSet up multiple connec

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide190Figure 108 Configuration > Network > Routing > Policy Route

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide1919.2.1 Policy Route Edit ScreenClick Configuration > Network > Rout

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide192Figure 109 Configuration > Network > Routing > Policy Route >

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide193Figure 110 Configuration > Network > Routing > Policy Route &g

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide194DSCP Code Select a DSCP code point value of incoming packets to which this

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide1959.3 IP Static Route ScreenClick Configuration > Network > Routing

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide196The following table describes the labels in this screen. 9.3.1 Static Rou

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide197The following table describes the labels in this screen. 9.4 Policy Rou

Chapter 9 Policy and Static RoutesZyWALL 110/310/1100 Series User’s Guide198the following twelve DSCP encodings from AF11 through AF43. The decimal eq

ZyWALL 110/310/1100 Series User’s Guide 199CHAPTER 10Routing Protocols10.1 Routing Protocols OverviewRouting protocols give the ZyWALL routing info

ZyWALL 110/310/1100 Series User’s Guide2IMPORTANT!READ CAREFULLY BEFORE USE.KEEP THIS GUIDE FOR FUTURE REFERENCE.This is a User’s Guide for a series o

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide20Command-Line Interface (CLI)The CLI allows you to use text-based commands to configure

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide200its routes asynchronously to the network and converges slowly. Therefore, RIP is

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide20110.3 The OSPF ScreenOSPF (Open Shortest Path First, RFC 2328) is a link-state

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide202• A normal area is a group of adjacent networks. A normal area has routing infor

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide203• An Autonomous System Boundary Router (ASBR) exchanges routing information wit

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide204Figure 117 OSPF: Virtual LinkIn this example, area 100 does not have a direct

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide205Figure 118 Configuration > Network > Routing > OSPFThe following tab

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide20610.3.2 OSPF Area Add/Edit Screen The OSPF Area Add/Edit screen allows you to cr

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide207The following table describes the labels in this screen. Table 76 Configurat

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide20810.3.3 Virtual Link Add/Edit Screen The Virtual Link Add/Edit screen allows you

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide209Authentication TypesAuthentication is used to guarantee the integrity, but not

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide214 Click Login. If you logged in using the default user name and password, the Update A

Chapter 10 Routing ProtocolsZyWALL 110/310/1100 Series User’s Guide210

ZyWALL 110/310/1100 Series User’s Guide 211CHAPTER 11Zones11.1 Zones OverviewSet up zones to configure network security and network policies in the

Chapter 11 ZonesZyWALL 110/310/1100 Series User’s Guide212Intra-zone Traffic• Intra-zone traffic is traffic between interfaces or VPN tunnels in the s

Chapter 11 ZonesZyWALL 110/310/1100 Series User’s Guide213The following table describes the labels in this screen. 11.3 Zone EditThe Zone Edit scre

Chapter 11 ZonesZyWALL 110/310/1100 Series User’s Guide214The following table describes the labels in this screen. Table 79 Network > Zone >

ZyWALL 110/310/1100 Series User’s Guide 215CHAPTER 12DDNS12.1 DDNS OverviewDynamic DNS (DDNS) services let you use a domain name with a dynamic IP

Chapter 12 DDNSZyWALL 110/310/1100 Series User’s Guide21612.2 The DDNS ScreenThe DDNS screen provides a summary of all DDNS domain names and their co

Chapter 12 DDNSZyWALL 110/310/1100 Series User’s Guide21712.2.1 The Dynamic DNS Add/Edit ScreenThe DDNS Add/Edit screen allows you to add a domain n

Chapter 12 DDNSZyWALL 110/310/1100 Series User’s Guide218Username Type the user name used when you registered your domain name. You can use up to 31 a

Chapter 12 DDNSZyWALL 110/310/1100 Series User’s Guide219Enable Wildcard This option is only available with a DynDNS account.Enable the wildcard feat

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide22The title bar icons in the upper right corner provide the following functions.About Cli

Chapter 12 DDNSZyWALL 110/310/1100 Series User’s Guide220

ZyWALL 110/310/1100 Series User’s Guide 221CHAPTER 13NAT13.1 NAT OverviewNAT (Network Address Translation - NAT, RFC 1631) is the translation of th

Chapter 13 NATZyWALL 110/310/1100 Series User’s Guide22213.2 The NAT ScreenThe NAT summary screen provides a summary of all NAT rules and their confi

Chapter 13 NATZyWALL 110/310/1100 Series User’s Guide22313.2.1 The NAT Add/Edit ScreenThe NAT Add/Edit screen lets you create new NAT rules and edit

Chapter 13 NATZyWALL 110/310/1100 Series User’s Guide224Incoming Interface Select the interface on which packets for the NAT rule must be received. I

Chapter 13 NATZyWALL 110/310/1100 Series User’s Guide22513.3 NAT Technical ReferenceHere is more detailed information about NAT on the ZyWALL.NAT Lo

Chapter 13 NATZyWALL 110/310/1100 Series User’s Guide226Figure 129 LAN Computer Queries a Public DNS Server The LAN user’s computer then sends tr

Chapter 13 NATZyWALL 110/310/1100 Series User’s Guide227Figure 131 LAN to LAN Return Traffic 192.168.1.21LAN192.168.1.89Source 1.1.1.1SMTPNATSou

Chapter 13 NATZyWALL 110/310/1100 Series User’s Guide228

ZyWALL 110/310/1100 Series User’s Guide 229CHAPTER 14HTTP Redirect14.1 OverviewHTTP redirect forwards the client’s HTTP request (except HTTP traffi

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide23Figure 9 Site Map Object ReferenceClick Object Reference to open the Object Refere

Chapter 14 HTTP RedirectZyWALL 110/310/1100 Series User’s Guide230A client connects to a web proxy server each time he/she wants to access the Interne

Chapter 14 HTTP RedirectZyWALL 110/310/1100 Series User’s Guide231Figure 133 Configuration > Network > HTTP Redirect The following table d

Chapter 14 HTTP RedirectZyWALL 110/310/1100 Series User’s Guide232The following table describes the labels in this screen. Table 86 Network > HTT

ZyWALL 110/310/1100 Series User’s Guide 233CHAPTER 15ALG15.1 ALG OverviewApplication Layer Gateway (ALG) allows the following applications to opera

Chapter 15 ALGZyWALL 110/310/1100 Series User’s Guide234FTP ALGThe FTP ALG allows TCP packets with a specified port destination to pass through. If th

Chapter 15 ALGZyWALL 110/310/1100 Series User’s Guide235Peer-to-Peer Calls and the ZyWALLThe ZyWALL ALG can allow peer-to-peer VoIP calls for both H.

Chapter 15 ALGZyWALL 110/310/1100 Series User’s Guide236Figure 138 VoIP with Multiple WAN IP Addresses•See Section 15.3 on page 238 for ALG backgrou

Chapter 15 ALGZyWALL 110/310/1100 Series User’s Guide237The following table describes the labels in this screen. Table 87 Configuration > Netw

Chapter 15 ALGZyWALL 110/310/1100 Series User’s Guide23815.3 ALG Technical ReferenceHere is more detailed information about the Application Layer Gat

Chapter 15 ALGZyWALL 110/310/1100 Series User’s Guide239RTPWhen you make a VoIP call using H.323 or SIP, the RTP (Real time Transport Protocol) is us

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide24ConsoleClick Console to open a Java-based console window from which you can run CLI com

Chapter 15 ALGZyWALL 110/310/1100 Series User’s Guide240

ZyWALL 110/310/1100 Series User’s Guide 241CHAPTER 16IP/MAC Binding16.1 IP/MAC Binding OverviewIP address to MAC address binding helps ensure that

Chapter 16 IP/MAC BindingZyWALL 110/310/1100 Series User’s Guide242Interfaces Used With IP/MAC BindingIP/MAC address bindings are grouped by interface

Chapter 16 IP/MAC BindingZyWALL 110/310/1100 Series User’s Guide243Figure 142 Configuration > Network > IP/MAC Binding > Edit The followin

Chapter 16 IP/MAC BindingZyWALL 110/310/1100 Series User’s Guide244Figure 143 Configuration > Network > IP/MAC Binding > Edit > Add The

Chapter 16 IP/MAC BindingZyWALL 110/310/1100 Series User’s Guide245Remove To remove an entry, select it and click Remove. The ZyWALL confirms you wan

Chapter 16 IP/MAC BindingZyWALL 110/310/1100 Series User’s Guide246

ZyWALL 110/310/1100 Series User’s Guide 247CHAPTER 17Inbound Load Balancing17.1 Inbound Load Balancing OverviewInbound load balancing enables the Z

Chapter 17 Inbound Load BalancingZyWALL 110/310/1100 Series User’s Guide248•Use the Inbound LB Add/Edit screen (see Section 17.2.1 on page 249) to add

Chapter 17 Inbound Load BalancingZyWALL 110/310/1100 Series User’s Guide24917.2.1 The Inbound LB Add/Edit ScreenThe Add DNS Load Balancing screen al

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide251.3.3 Navigation PanelUse the navigation panel menu items to open status and configur

Chapter 17 Inbound Load BalancingZyWALL 110/310/1100 Series User’s Guide250Figure 147 Configuration > Network > Inbound LB > Add The follow

Chapter 17 Inbound Load BalancingZyWALL 110/310/1100 Series User’s Guide25117.2.2 The Inbound LB Member Add/Edit ScreenThe Add Load Balancing Member

Chapter 17 Inbound Load BalancingZyWALL 110/310/1100 Series User’s Guide252Figure 148 Configuration > Network > Inbound LB > Add/Edit >

ZyWALL 110/310/1100 Series User’s Guide 253CHAPTER 18Authentication Policy18.1 Overview Use authentication policies to control who can access the n

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide254Multiple Endpoint Security ObjectsYou can set an authentication policy to us

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide255Figure 150 Configuration > Auth. PolicyThe following table gives an ov

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide25618.2.1 Creating/Editing an Authentication PolicyClick Configuration > Au

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide257Figure 152 Configuration > Auth. Policy > Add The following table

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide25818.3 User-aware Access Control ExampleYou can configure many policies and s

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide25918.3.2 Set Up User GroupsSet up the user groups and assign the users to th

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide26Configuration MenuUse the configuration menu screens to configure the ZyWALL’s features

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide260Figure 155 Configuration > Object > AAA Server > RADIUS > Add2

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide261Figure 157 Configuration > Auth. Policy > Add In the Auth. Policy s

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide2621 Click Configuration > Object > AAA Server > RADIUS. Double-click

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide263

Chapter 18 Authentication PolicyZyWALL 110/310/1100 Series User’s Guide264

ZyWALL 110/310/1100 Series User’s Guide 265CHAPTER 19Firewall19.1 OverviewUse the firewall to block or allow services that use static port numbers.

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide266Note: At the time of writing the ZyWALL’s VPN and GRE tunnels support IPv4 traffic so IPv

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide267A From Any To ZyWALL direction rule applies to traffic from an interface which is not in

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide26819.2 The Firewall ScreenAsymmetrical RoutesIf an alternate gateway on the LAN has an IP

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide269• Besides configuring the firewall, you also need to configure NAT rules to allow comput

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide27Firewall Firewall Create and manage level-3 traffic rules.Session Control Limit the nu

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide270Figure 163 Configuration > Firewall

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide271The following table describes the labels in this screen. Table 98 Configuration > F

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide27219.2.2 The Firewall Add/Edit ScreenIn the Firewall screen, click the Edit or Add icon to

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide27319.3 The Session Limit ScreenClick Configuration > Firewall > Session Limit to di

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide274Figure 165 Configuration > Firewall > Session LimitThe following table describes

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide27519.3.1 The Session Limit Add/Edit ScreenClick Configuration > Firewall > Session

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide27619.4 Firewall Rule Configuration ExampleThe following Internet firewall rule example all

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide277Figure 169 Firewall Example: Create a Service Object4 Select From WAN and To LAN1 and

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide27819.5 Firewall Rule Example ApplicationsSuppose you decide to block LAN users from using

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide279Now you configure a LAN1 to WAN firewall rule that allows IRC traffic from the IP addres

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide28Maintenance MenuUse the maintenance menu screens to manage configuration and firmware f

Chapter 19 FirewallZyWALL 110/310/1100 Series User’s Guide280The rule for the CEO must come before the rule that blocks all LAN1 to WAN IRC traffic. I

ZyWALL 110/310/1100 Series User’s Guide 281CHAPTER 20IPSec VPN20.1 Virtual Private Networks (VPN) OverviewA virtual private network (VPN) provides

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide282Figure 175 SSL VPN L2TP VPNL2TP VPN uses the L2TP and IPSec client software included i

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide28320.1.2 What You Need to KnowAn IPSec VPN tunnel is usually established in two phases.

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide284Application ScenariosThe ZyWALL’s application scenarios make it easier to configure your

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide285• In any VPN connection, you have to select address objects to specify the local policy

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide286Each field is discussed in the following table. See Section 20.2.2 on page 292 and Secti

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide287Figure 179 Configuration > VPN > IPSec VPN > VPN Connection > Edit (IKE)

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide288Each field is described in the following table. Table 107 Configuration > VPN >

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide289Remote Policy Select the address corresponding to the remote network. Use Create new Ob

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide29Figure 14 Sorting Table Entries by a Column’s CriteriaClick the down arrow next to a

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide290Authentication Select which hash algorithm to use to authenticate packet data in the IPS

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide291Source NAT This translation hides the source address of computers in the local network.

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide29220.2.2 The VPN Connection Add/Edit Manual Key Screen The VPN Connection Add/Edit Manual

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide293This table describes labels specific to manual key configuration. See Section 20.2 on p

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide29420.3 The VPN Gateway ScreenThe VPN Gateway summary screen displays the IPSec VPN gatewa

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide295Figure 181 Configuration > VPN > IPSec VPN > VPN Gateway Each field is d

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide296Figure 182 Configuration > VPN > IPSec VPN > VPN Gateway > Edit

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide297Each field is described in the following table. Table 110 Configuration > VPN >

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide298Certificate Select this to have the ZyWALL and remote IPSec router use certificates to a

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide299Content This field is disabled if the Peer ID Type is Any. Type the identity of the rem

ZyWALL 110/310/1100 Series User’s Guide3Chapter 1Introduction...

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide30Figure 17 Moving ColumnsUse the icons and fields at the bottom of the table to naviga

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide300Encryption Select which key size and encryption algorithm to use in the IKE SA. Choices

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide30120.4 VPN Concentrator A VPN concentrator combines several IPSec VPN connections into o

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide30220.4.1 VPN Concentrator Requirements and SuggestionsConsider the following when using t

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide303Figure 185 Configuration > VPN > IPSec VPN > Concentrator > EditEach fiel

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide304In the ZyWALL Quick Setup wizard, you can use the VPN Settings for Configuration Provisi

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide30520.6 IPSec VPN Background InformationHere is some more detailed IPSec VPN background i

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide306IKE SA ProposalThe IKE SA proposal is used to identify the encryption algorithm, authent

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide307Diffie-Hellman (DH) Key ExchangeThe ZyWALL and the remote IPSec router use DH public-ke

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide308Note: The ZyWALL and the remote IPSec router must use the same pre-shared key.Router ide

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide309Steps 1 - 2: The ZyWALL sends its proposals to the remote IPSec router. The remote IPSe

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide31Working with ListsWhen a list of available entries displays next to a list of selected

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide310Extended AuthenticationExtended authentication is often used when multiple IPSec routers

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide311Note: The ZyWALL and remote IPSec router must use the same active protocol.Usually, you

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide312If you do not enable PFS, the ZyWALL and remote IPSec router use the same root key that

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide313Figure 192 VPN Example: NAT for Inbound and Outbound TrafficSource Address in Outboun

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide314You have to specify one or more rules when you set up this kind of NAT. The ZyWALL check

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide315 Set Up the VPN Connection that Manages the IPSec SA 1 In Configuration > VPN >

Chapter 20 IPSec VPNZyWALL 110/310/1100 Series User’s Guide316

ZyWALL 110/310/1100 Series User’s Guide 317CHAPTER 21SSL VPN21.1 OverviewUse SSL VPN to allow users to use a web browser for secure remote user log

Chapter 21 SSL VPNZyWALL 110/310/1100 Series User’s Guide318SSL Access Policy ObjectsThe SSL access policies reference the following objects. If you u

Chapter 21 SSL VPNZyWALL 110/310/1100 Series User’s Guide319The following table describes the labels in this screen. 21.2.1 The SSL Access Policy Ad

Chapter 1 IntroductionZyWALL 110/310/1100 Series User’s Guide32

Chapter 21 SSL VPNZyWALL 110/310/1100 Series User’s Guide320Figure 196 VPN > SSL VPN > Add/Edit The following table describes the labels i

Chapter 21 SSL VPNZyWALL 110/310/1100 Series User’s Guide321Name Enter a descriptive name to identify this policy. You can enter up to 31 characters

Chapter 21 SSL VPNZyWALL 110/310/1100 Series User’s Guide32221.3 The SSL Global Setting ScreenClick VPN > SSL VPN and click the Global Setting tab

Chapter 21 SSL VPNZyWALL 110/310/1100 Series User’s Guide32321.3.1 How to Upload a Custom LogoFollow the steps below to upload a custom logo to disp

Chapter 21 SSL VPNZyWALL 110/310/1100 Series User’s Guide324Figure 198 Example Logo Graphic Display 21.4 SSL VPN ExampleThis example uses SSL VPN t

Chapter 21 SSL VPNZyWALL 110/310/1100 Series User’s Guide325 3 Display the ZyWALL’s login screen, enter your user account information (the user name

Chapter 21 SSL VPNZyWALL 110/310/1100 Series User’s Guide326 5 The client portal screen displays after the connection is up. In this example, click

ZyWALL 110/310/1100 Series User’s Guide 327CHAPTER 22SSL User Screens22.1 OverviewThis chapter introduces the remote user SSL VPN screens. The foll

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide328• Using RDP requires Internet Explorer• Sun’s Runtime Environment (JRE) version 1

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide329Figure 201 Login Security Screen 3 A login screen displays. Enter the user n

ZyWALL 110/310/1100 Series User’s Guide 33CHAPTER 2Installation Setup Wizard2.1 Installation Setup Wizard Screens When you log into the Web Configu

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide330Figure 204 ActiveX Object Installation Blocked by Browser Figure 205 SecuEx

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide331Figure 207 SecuExtender Progress 8 If a screen like the following displays,

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide332Figure 209 Remote User ScreenThe following table describes the various parts of

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide3333 Click OK to create a bookmark in your web browser. Figure 210 Add Favorite 2

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide334Figure 212 Application 22.7 SSL User File SharingThe File Sharing screen lets

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide335Figure 213 File Sharing 22.7.2 Opening a File or FolderYou can open a file if

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide3364 A list of files/folders displays. Double click a file to open it in a separate

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide337Figure 216 File Sharing: Save a Word File 22.7.5 Creating a New FolderTo cre

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide338A popup window displays. Specify the new name and/or file extension in the field

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide339Note: Uploading a file with the same name and file extension replaces the existi

Chapter 2 Installation Setup WizardZyWALL 110/310/1100 Series User’s Guide34• WAN Interface: This is the interface you are configuring for Internet ac

Chapter 22 SSL User ScreensZyWALL 110/310/1100 Series User’s Guide340

ZyWALL 110/310/1100 Series User’s Guide 341CHAPTER 23ZyWALL SecuExtenderThe ZyWALL automatically loads the ZyWALL SecuExtender client program to you

Chapter 23 ZyWALL SecuExtenderZyWALL 110/310/1100 Series User’s Guide342Figure 222 ZyWALL SecuExtender Status The following table describes the labe

Chapter 23 ZyWALL SecuExtenderZyWALL 110/310/1100 Series User’s Guide343Figure 223 ZyWALL SecuExtender Log Example 23.4 Suspend and Resume the Con

Chapter 23 ZyWALL SecuExtenderZyWALL 110/310/1100 Series User’s Guide344Figure 224 Uninstalling the ZyWALL SecuExtender Confirmation 3 Windows uni

ZyWALL 110/310/1100 Series User’s Guide 345CHAPTER 24L2TP VPN24.1 OverviewL2TP VPN uses the L2TP and IPSec client software included in remote users

Chapter 24 L2TP VPNZyWALL 110/310/1100 Series User’s Guide346Using the Default L2TP VPN ConnectionThe Default_L2TP_VPN_GW gateway entry is pre-configu

Chapter 24 L2TP VPNZyWALL 110/310/1100 Series User’s Guide34724.2 L2TP VPN ScreenClick Configuration > VPN > L2TP VPN to open the following sc

Chapter 24 L2TP VPNZyWALL 110/310/1100 Series User’s Guide348Authentication Server CertificateSelect the certificate to use to identify the ZyWALL for

ZyWALL 110/310/1100 Series User’s Guide 349CHAPTER 25 Bandwidth Management25.1 OverviewBandwidth management provides a convenient way to manage th

Chapter 2 Installation Setup WizardZyWALL 110/310/1100 Series User’s Guide35•Type the Password associated with the user name. Use up to 64 ASCII char

Chapter 25 Bandwidth ManagementZyWALL 110/310/1100 Series User’s Guide350Connection and Packet Directions Bandwidth management looks at the connection

Chapter 25 Bandwidth ManagementZyWALL 110/310/1100 Series User’s Guide351Figure 230 LAN1 to WAN, Outbound 200 kbps, Inbound 500 kbps Bandwidth M

Chapter 25 Bandwidth ManagementZyWALL 110/310/1100 Series User’s Guide352Figure 231 Bandwidth Management BehaviorConfigured Rate EffectIn the follow

Chapter 25 Bandwidth ManagementZyWALL 110/310/1100 Series User’s Guide353Priority and Over Allotment of Bandwidth EffectServer A has a configured rat

Chapter 25 Bandwidth ManagementZyWALL 110/310/1100 Series User’s Guide354The following table describes the labels in this screen. See Section 25.2.1 o

Chapter 25 Bandwidth ManagementZyWALL 110/310/1100 Series User’s Guide35525.2.1 The Bandwidth Management Add/Edit ScreenThe Configuration > Band

Chapter 25 Bandwidth ManagementZyWALL 110/310/1100 Series User’s Guide356Figure 234 Configuration > Bandwidth Management > Add/EditThe follow

Chapter 25 Bandwidth ManagementZyWALL 110/310/1100 Series User’s Guide357Outgoing Interface Select the destination interface of the traffic to which

Chapter 25 Bandwidth ManagementZyWALL 110/310/1100 Series User’s Guide358Outbound kbps Type how much outbound bandwidth, in kilobits per second, this

ZyWALL 110/310/1100 Series User’s Guide 359CHAPTER 26Device HA26.1 OverviewDevice HA lets a backup ZyWALL (B) automatically take over if the master

Chapter 2 Installation Setup WizardZyWALL 110/310/1100 Series User’s Guide36•Type a Connection ID or connection name. It must follow the “c:id” and “n

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide360Note: Only ZyWALLs of the same model and firmware version can synchronize.Otherwise you

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide36126.3 The Active-Passive Mode Screen Virtual RouterThe master and backup ZyWALL form a

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide362Figure 238 Cluster IDs for Multiple Virtual Routers Monitored Interfaces in Active-Pas

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide36326.3.1 Configuring Active-Passive Mode Device HAThe Device HA Active-Passive Mode scre

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide364Inactivate To turn off an entry, select it and click Inactivate.# This is the entry’s in

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide36526.4 Configuring an Active-Passive Mode Monitored InterfaceThe Device HA Active-Passiv

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide366The following table describes the labels in this screen. 26.5 Device HA Technical Ref

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide3672 Configure the bridge interface on the master ZyWALL, set the bridge interface as a mo

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide368Second Option for Connecting the Bridge Interfaces on Two ZyWALLsAnother option is to di

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide3693 Enable the bridge interface on the master ZyWALL and then on the backup ZyWALL. 4 Con

ZyWALL 110/310/1100 Series User’s Guide 37CHAPTER 3Hardware Introduction3.1 Default Zones, Interfaces, and PortsThe default configurations for zone

Chapter 26 Device HAZyWALL 110/310/1100 Series User’s Guide370• The backup ZyWALL cannot be the master. This refers to the actual role at the time of

ZyWALL 110/310/1100 Series User’s Guide 371CHAPTER 27User/Group27.1 OverviewThis chapter describes how to set up user accounts, user groups, and us

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide372Note: The default admin account is always authenticated locally, regardless of the auth

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide373User AwarenessBy default, users do not have to log into the ZyWALL to use the network

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide37427.2.1 User Add/Edit ScreenThe User Add/Edit screen allows you to create a new user ac

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide375Figure 243 Configuration > User/Group > User > AddThe following table descr

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide37627.3 User Group Summary ScreenUser groups consist of access users and other user group

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide37727.3.1 Group Add/Edit ScreenThe Group Add/Edit screen allows you to create a new user

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide37827.4 The User/Group Setting Screen The Setting screen controls default settings, login

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide379# This field is a sequential value, and it is not associated with a specific entry.Use

Chapter 3 Hardware IntroductionZyWALL 110/310/1100 Series User’s Guide38Note: Use an 8-wire Ethernet cable to run your Gigabit Ethernet at 1000 Mbps.

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide38027.4.1 Default User Authentication Timeout Settings Edit ScreensThe Default Authentica

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide381The following table describes the labels in this screen. 27.4.2 User Aware Login Exa

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide382The following table describes the labels in this screen. 27.5 User /Group Technical R

Chapter 27 User/GroupZyWALL 110/310/1100 Series User’s Guide383Creating a Large Number of Ext-User AccountsIf you plan to create a large number of Ex

ZyWALL 110/310/1100 Series User’s Guide 384CHAPTER 28Addresses28.1 OverviewAddress objects can represent a single IP address or a range of IP addre

Chapter 28 AddressesZyWALL 110/310/1100 Series User’s Guide385Figure 251 Configuration > Object > Address > Address The following table

Chapter 28 AddressesZyWALL 110/310/1100 Series User’s Guide38628.2.1 IPv4 Address Add/Edit ScreenThe Configuration > IPv4 Address Add/Edit screen

Chapter 28 AddressesZyWALL 110/310/1100 Series User’s Guide38728.2.2 IPv6 Address Add/Edit ScreenThe Configuration > IPv6 Address Add/Edit screen

Chapter 28 AddressesZyWALL 110/310/1100 Series User’s Guide38828.3 Address Group Summary ScreenThe Address Group screen provides a summary of all add

Chapter 28 AddressesZyWALL 110/310/1100 Series User’s Guide38928.3.1 Address Group Add/Edit ScreenThe Address Group Add/Edit screen allows you to cr

Chapter 3 Hardware IntroductionZyWALL 110/310/1100 Series User’s Guide393.4 Wall-mountingSee Chapter 1 on page 17 for the ZyWALL models that can be

ZyWALL 110/310/1100 Series User’s Guide 390CHAPTER 29Services29.1 OverviewUse service objects to define TCP applications, UDP applications, and ICM

Chapter 29 ServicesZyWALL 110/310/1100 Series User’s Guide391Service Objects and Service GroupsUse service objects to define IP protocols.• TCP appli

Chapter 29 ServicesZyWALL 110/310/1100 Series User’s Guide392The following table describes the labels in this screen. 29.2.1 The Service Add/Edit Sc

Chapter 29 ServicesZyWALL 110/310/1100 Series User’s Guide39329.3 The Service Group Summary Screen The Service Group summary screen provides a summa

Chapter 29 ServicesZyWALL 110/310/1100 Series User’s Guide39429.3.1 The Service Group Add/Edit ScreenThe Service Group Add/Edit screen allows you to

Chapter 29 ServicesZyWALL 110/310/1100 Series User’s Guide395Member List The Member list displays the names of the service and service group objects

ZyWALL 110/310/1100 Series User’s Guide 396CHAPTER 30Schedules30.1 OverviewUse schedules to set up one-time and recurring schedules for policy rout

Chapter 30 SchedulesZyWALL 110/310/1100 Series User’s Guide39730.2 The Schedule Summary ScreenThe Schedule summary screen provides a summary of all

Chapter 30 SchedulesZyWALL 110/310/1100 Series User’s Guide39830.2.1 The One-Time Schedule Add/Edit ScreenThe One-Time Schedule Add/Edit screen allow

Chapter 30 SchedulesZyWALL 110/310/1100 Series User’s Guide39930.2.2 The Recurring Schedule Add/Edit ScreenThe Recurring Schedule Add/Edit screen al

ZyWALL 110/310/1100 Series User’s Guide44.3.5 VPN Express Wizard - Summary ...

Chapter 3 Hardware IntroductionZyWALL 110/310/1100 Series User’s Guide40Figure 21 ZyWALL Front Panel The following tables describe the LEDs. Tab

ZyWALL 110/310/1100 Series User’s Guide 400CHAPTER 31AAA Server31.1 Overview You can use a AAA (Authentication, Authorization, Accounting) server t

Chapter 31 AAA ServerZyWALL 110/310/1100 Series User’s Guide401Figure 264 RADIUS Server Network Example31.1.3 ASASASAS (Authenex Strong Authentica

Chapter 31 AAA ServerZyWALL 110/310/1100 Series User’s Guide402• Directory Service (LDAP/AD) LDAP (Lightweight Directory Access Protocol)/AD (Active D

Chapter 31 AAA ServerZyWALL 110/310/1100 Series User’s Guide403Bind DN A bind DN is used to authenticate with an LDAP/AD server. For example a bind D

Chapter 31 AAA ServerZyWALL 110/310/1100 Series User’s Guide404Figure 267 Configuration > Object > AAA Server > Active Directory (or LDAP)

Chapter 31 AAA ServerZyWALL 110/310/1100 Series User’s Guide405Base DN Specify the directory (up to 127 alphanumerical characters). For example, o=Zy

Chapter 31 AAA ServerZyWALL 110/310/1100 Series User’s Guide40631.3 RADIUS Server SummaryUse the RADIUS screen to manage the list of RADIUS servers t

Chapter 31 AAA ServerZyWALL 110/310/1100 Series User’s Guide407Figure 269 Configuration > Object > AAA Server > RADIUS > Add The follow

Chapter 31 AAA ServerZyWALL 110/310/1100 Series User’s Guide408Group Membership AttributeA RADIUS server defines attributes for its accounts. Select t

ZyWALL 110/310/1100 Series User’s Guide 409CHAPTER 32Authentication Method32.1 Overview Authentication method objects set how the ZyWALL authentica

Chapter 3 Hardware IntroductionZyWALL 110/310/1100 Series User’s Guide413.5.1 Rear PanelsThe following graphic shows the rear panel of the ZyWALL.

Chapter 32 Authentication MethodZyWALL 110/310/1100 Series User’s Guide410Figure 270 Example: Using Authentication Method in VPN 32.2 Authenticatio

Chapter 32 Authentication MethodZyWALL 110/310/1100 Series User’s Guide4112 Click Add.3 Specify a descriptive name for identification purposes in the

Chapter 32 Authentication MethodZyWALL 110/310/1100 Series User’s Guide412Move To change a method’s position in the numbered list, select the method a

ZyWALL 110/310/1100 Series User’s Guide 413CHAPTER 33Certificates33.1 OverviewThe ZyWALL can use certificates (also called digital IDs) to authenti

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide4145 Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide415• Binary PKCS#12: This is a format for transferring public key and private key certi

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide416Figure 274 Certificate Details 4 Use a secure method to verify that the certificate

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide417The following table describes the labels in this screen. 33.2.1 The My Certificates

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide418Figure 276 Configuration > Object > Certificate > My Certificates > Add

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide419If you configured the My Certificate Create screen to have the ZyWALL enroll a certi

Chapter 3 Hardware IntroductionZyWALL 110/310/1100 Series User’s Guide42

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide420Figure 277 Configuration > Object > Certificate > My Certificates > Edi

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide421Certificate InformationThese read-only fields display detailed information about the

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide42233.2.3 The My Certificates Import Screen Click Configuration > Object > Certif

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide423The following table describes the labels in this screen. 33.3 The Trusted Certific

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide42433.3.1 The Trusted Certificates Edit Screen Click Configuration > Object > Cer

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide425Figure 280 Configuration > Object > Certificate > Trusted Certificates &g

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide426The following table describes the labels in this screen. Table 164 Configuration &

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide42733.3.2 The Trusted Certificates Import Screen Click Configuration > Object >

Chapter 33 CertificatesZyWALL 110/310/1100 Series User’s Guide428Note: You must remove any spaces from the certificate’s filename before you can impor

ZyWALL 110/310/1100 Series User’s Guide 429CHAPTER 34ISP Accounts34.1 OverviewUse ISP accounts to manage Internet Service Provider (ISP) account in

ZyWALL 110/310/1100 Series User’s Guide 43CHAPTER 4Quick Setup Wizards4.1 Quick Setup OverviewThe Web Configurator's quick setup wizards help

Chapter 34 ISP AccountsZyWALL 110/310/1100 Series User’s Guide43034.2.1 ISP Account Edit The ISP Account Edit screen lets you add information about n

Chapter 34 ISP AccountsZyWALL 110/310/1100 Series User’s Guide431Authentication TypeUse the drop-down list box to select an authentication protocol f

ZyWALL 110/310/1100 Series User’s Guide 432CHAPTER 35SSL Application35.1 OverviewYou use SSL application objects in SSL VPN. Configure an SSL appli

Chapter 35 SSL ApplicationZyWALL 110/310/1100 Series User’s Guide433The LAN computer to be managed must have VNC (Virtual Network Computing) or RDP (

Chapter 35 SSL ApplicationZyWALL 110/310/1100 Series User’s Guide434Figure 285 Example: SSL Application: Specifying a Web Site for Access 35.2 The

Chapter 35 SSL ApplicationZyWALL 110/310/1100 Series User’s Guide43535.2.1 Creating/Editing an SSL Application ObjectYou can create a web-based appl

Chapter 35 SSL ApplicationZyWALL 110/310/1100 Series User’s Guide436Figure 288 Configuration > Object > SSL Application > Add/Edit: File Sh

Chapter 35 SSL ApplicationZyWALL 110/310/1100 Series User’s Guide437Preview This field only appears when you choose Web Application as the object typ

ZyWALL 110/310/1100 Series User’s Guide 438CHAPTER 36DHCPv636.1 OverviewThis chapter describes how to configure DHCPv6 request type and lease type

Chapter 36 DHCPv6ZyWALL 110/310/1100 Series User’s Guide43936.2.1 DHCPv6 Request Add/Edit ScreenThe Request Add/Edit screen allows you to create a n

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide44Figure 23 WAN Interface Quick Setup Wizard 4.2.1 Choose an Ethernet Interf

Chapter 36 DHCPv6ZyWALL 110/310/1100 Series User’s Guide440Figure 291 Configuration > Object > DHCPv6 > LeaseThe following table describes

Chapter 36 DHCPv6ZyWALL 110/310/1100 Series User’s Guide441The following table describes the labels in this screen. Table 173 Configuration > D

Chapter 36 DHCPv6ZyWALL 110/310/1100 Series User’s Guide442

ZyWALL 110/310/1100 Series User’s Guide 443CHAPTER 37System37.1 OverviewUse the system screens to configure general ZyWALL settings. 37.1.1 What Y

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide44437.2 Host NameA host name is the unique name by which a device is known on a network. Clic

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide445Figure 294 Configuration > System > USB StorageThe following table describes the l

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide446Figure 295 Configuration > System > Date and TimeThe following table describes the

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide447Get from Time ServerSelect this radio button to have the ZyWALL get the time and date from

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide44837.4.1 Pre-defined NTP Time Servers ListWhen you turn on the ZyWALL for the first time, th

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide4497 Click Apply.To get the ZyWALL date and time from a time server1 Click System > Date/T

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide45Figure 25 WAN Interface Setup: Step 2 The screens vary depending on what en

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide45037.6 DNS OverviewDNS (Domain Name System) is for mapping a domain name to its correspondin

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide451The following table describes the labels in this screen. Table 179 Configuration > S

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide45237.6.3 Address Record An address record contains the mapping of a Fully-Qualified Domain N

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide45337.6.5 Adding an Address/PTR Record Click the Add icon in the Address/PTR Record table to

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide454Figure 300 Configuration > System > DNS > Domain Zone Forwarder AddThe following

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide455Figure 301 Configuration > System > DNS > MX Record AddThe following table desc

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide45637.7 WWW OverviewThe following figure shows secure and insecure management of the ZyWALL c

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide457It relies upon certificates, public keys, and private keys (see Chapter 33 on page 413 for

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide458Figure 304 Configuration > System > WWW > Service ControlThe following table des

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide459Authenticate Client CertificatesSelect Authenticate Client Certificates (optional) to requ

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide46Figure 27 WAN and ISP Connection Settings: (PPTP Shown) The following table

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide46037.7.5 Service Control RulesClick Add or Edit in the Service Control table in a WWW, SSH,

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide461The following table describes the labels in this screen. 37.7.6 Customizing the WWW Logi

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide462Figure 306 Configuration > System > WWW > Login PageThe following figures identi

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide463Figure 307 Login Page Customization Figure 308 Access Page Customization You can spe

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide464• Enter a pound sign (#) followed by the six-digit hexadecimal number that represents the d

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide46537.7.7 HTTPS ExampleIf you haven’t changed the default HTTPS port on the ZyWALL, then in

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide466Figure 310 Security Certificate 1 (Firefox)Figure 311 Security Certificate 2 (Firefox)3

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide467Figure 312 Login Screen (Internet Explorer)37.7.7.5 Enrolling and Importing SSL Client

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide468Figure 314 CA Certificate Example2 Click Install Certificate and follow the wizard as sho

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide469Figure 315 Personal Certificate Import Wizard 12 The file name and path of the certifica

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide474.2.5 Quick Setup Interface Wizard: SummaryThis screen displays the WAN interf

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide470Figure 317 Personal Certificate Import Wizard 34 Have the wizard determine where the cert

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide471Figure 319 Personal Certificate Import Wizard 56 You should see the following screen whe

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide472Figure 322 SSL Client Authentication3 You next see the Web Configurator login screen.Figu

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide473Figure 324 SSH Communication Over the WAN Example37.8.1 How SSH WorksThe following figu

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide47437.8.2 SSH Implementation on the ZyWALLYour ZyWALL supports SSH versions 1 and 2 using RSA

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide47537.8.5 Secure Telnet Using SSH ExamplesThis section shows two examples using a command in

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide47637.8.5.2 Example 2: LinuxThis section describes how to access the ZyWALL using the OpenSSH

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide477Figure 330 Configuration > System > TELNETThe following table describes the labels

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide47837.10 FTP You can upload and download the ZyWALL’s firmware and configuration files using

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide47937.11 SNMP Simple Network Management Protocol is a protocol used for exchanging managemen

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide48The following table describes the labels in this screen. 4.3 VPN Setup WizardCl

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide480Figure 332 SNMP Management ModelAn SNMP managed network consists of two main types of com

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide481statistical data and monitor status and performance. You can download the ZyWALL’s MIBs fr

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide482Figure 333 Configuration > System > SNMPThe following table describes the labels in

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide48337.12 Language ScreenClick Configuration > System > Language to open the following

Chapter 37 SystemZyWALL 110/310/1100 Series User’s Guide484Figure 335 Configuration > System > IPv6The following table describes the labels in

ZyWALL 110/310/1100 Series User’s Guide 485CHAPTER 38Log and Report38.1 OverviewUse these screens to configure daily reporting and log settings. 38

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide486Figure 336 Configuration > Log & Report > Email Daily Report The follow

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide48738.3 Log Setting Screens The Log Setting screens control log messages and alerts.

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide488Figure 337 Configuration > Log & Report > Log SettingThe following tabl

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide48938.3.2 Edit System Log Settings The Log Settings Edit screen controls the detaile

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide49• VPN Setup configures a VPN tunnel for a secure connection to another computer

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide490The following table describes the labels in this screen. Table 196 Configuratio

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide49138.3.3 Edit Log on USB Storage Setting The Edit Log on USB Storage Setting screen

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide492Figure 339 Configuration > Log & Report > Log Setting > Edit (USB St

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide493The following table describes the labels in this screen. 38.3.4 Edit Remote Serv

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide494Figure 340 Configuration > Log & Report > Log Setting > Edit (Remote

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide495The following table describes the labels in this screen. 38.3.5 Log Category Set

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide496Figure 341 Log Category Settings This screen provides a different view and a di

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide497The following table describes the fields in this screen. Table 199 Configuratio

Chapter 38 Log and ReportZyWALL 110/310/1100 Series User’s Guide498System Log Select which events you want to log by Log Category. There are three cho

ZyWALL 110/310/1100 Series User’s Guide 499CHAPTER 39File Manager39.1 OverviewConfiguration files define the ZyWALL’s settings. Shell scripts are f

ZyWALL 110/310/1100 Series User’s Guide56.9.1 More Information ...

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide504.3.3 VPN Express Wizard - Scenario Click the Express radio button as shown in

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide500These files have the same syntax, which is also identical to the way you run CLI comm

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide501Line 3 in the following example exits sub command mode.Lines 1 and 3 in the followin

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide502 Configuration File Flow at Restart• If there is not a startup-config.conf when you r

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide503The following table describes the labels in this screen. Table 201 Maintenance &g

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide504Apply Use this button to have the ZyWALL use a specific configuration file.Click a co

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide50539.3 The Firmware Package Screen Click Maintenance > File Manager > Firmware

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide506Figure 347 Maintenance > File Manager > Firmware Package The following ta

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide507Figure 350 Firmware Upload Error39.4 The Shell Script Screen Use shell script fil

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide508Each field is described in the following table. Table 203 Maintenance > File Ma

Chapter 39 File ManagerZyWALL 110/310/1100 Series User’s Guide509Upload Shell ScriptThe bottom part of the screen allows you to upload a new or previ

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide514.3.4 VPN Express Wizard - Configuration Figure 33 VPN Express Wizard: Confi

ZyWALL 110/310/1100 Series User’s Guide 510CHAPTER 40 Diagnostics40.1 OverviewUse the diagnostics screens for troubleshooting.40.1.1 What You Can

Chapter 40 DiagnosticsZyWALL 110/310/1100 Series User’s Guide511The following table describes the labels in this screen. 40.2.1 The Diagnostics Fil

Chapter 40 DiagnosticsZyWALL 110/310/1100 Series User’s Guide51240.3 The Packet Capture ScreenUse this screen to capture network traffic going throug

Chapter 40 DiagnosticsZyWALL 110/310/1100 Series User’s Guide513The following table describes the labels in this screen. Table 206 Maintenance >

Chapter 40 DiagnosticsZyWALL 110/310/1100 Series User’s Guide51440.3.1 The Packet Capture Files ScreenClick Maintenance > Diagnostics > Packet

Chapter 40 DiagnosticsZyWALL 110/310/1100 Series User’s Guide515The following table describes the labels in this screen. 40.4 Core Dump ScreenUse th

Chapter 40 DiagnosticsZyWALL 110/310/1100 Series User’s Guide51640.4.1 Core Dump Files ScreenClick Maintenance > Diagnostics > Core Dump > F

Chapter 40 DiagnosticsZyWALL 110/310/1100 Series User’s Guide517Figure 360 Maintenance > Diagnostics > System Log The following table desc

ZyWALL 110/310/1100 Series User’s Guide 518CHAPTER 41Packet Flow Explore41.1 OverviewUse this to get a clear picture on how the ZyWALL determines w

Chapter 41 Packet Flow ExploreZyWALL 110/310/1100 Series User’s Guide519Figure 361 Maintenance > Packet Flow Explore > Routing Status (Direct

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide52Figure 34 VPN Express Wizard: Summary • Rule Name: Identifies the VPN gateway

Chapter 41 Packet Flow ExploreZyWALL 110/310/1100 Series User’s Guide520Figure 365 Maintenance > Packet Flow Explore > Routing Status (Dynamic

Chapter 41 Packet Flow ExploreZyWALL 110/310/1100 Series User’s Guide521The following table describes the labels in this screen. Table 211 Mainten

Chapter 41 Packet Flow ExploreZyWALL 110/310/1100 Series User’s Guide52241.3 The SNAT Status ScreenThe SNAT Status screen allows you to view and quic

Chapter 41 Packet Flow ExploreZyWALL 110/310/1100 Series User’s Guide523Figure 370 Maintenance > Packet Flow Explore > SNAT Status (1-1 SNAT)

Chapter 41 Packet Flow ExploreZyWALL 110/310/1100 Series User’s Guide524Destination This is the original destination IP address(es).Outgoing This is t

ZyWALL 110/310/1100 Series User’s Guide 525CHAPTER 42Reboot42.1 OverviewUse this to restart the device (for example, if the device begins behaving

ZyWALL 110/310/1100 Series User’s Guide 526CHAPTER 43Shutdown43.1 OverviewUse this to shutdown the device in preparation for disconnecting the powe

ZyWALL 110/310/1100 Series User’s Guide 527CHAPTER 44TroubleshootingThis chapter offers some suggestions to solve problems you might encounter. • Yo

Chapter 44 TroubleshootingZyWALL 110/310/1100 Series User’s Guide528I configured security settings but the ZyWALL is not applying them for certain int

Chapter 44 TroubleshootingZyWALL 110/310/1100 Series User’s Guide529The interface’s IP address may have changed. To avoid this create an IP address o

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide53Figure 35 VPN Express Wizard: Finish Click Close to exit the wizard.4.3.7 VP

Chapter 44 TroubleshootingZyWALL 110/310/1100 Series User’s Guide530The ZyWALL is deleting some zipped files.The ZyWALL cannot unzip password protecte

Chapter 44 TroubleshootingZyWALL 110/310/1100 Series User’s Guide531subnets. See Asymmetrical Routes on page 268 and the chapter about interfaces for

Chapter 44 TroubleshootingZyWALL 110/310/1100 Series User’s Guide532• Make sure regular firewall rules allow traffic between the VPN tunnel and the re

Chapter 44 TroubleshootingZyWALL 110/310/1100 Series User’s Guide533The default admin account is always authenticated locally, regardless of the auth

Chapter 44 TroubleshootingZyWALL 110/310/1100 Series User’s Guide534• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lower

Chapter 44 TroubleshootingZyWALL 110/310/1100 Series User’s Guide535• Your configuration files or shell scripts can use “exit” or a command line cons

Chapter 44 TroubleshootingZyWALL 110/310/1100 Series User’s Guide536If you want to reboot the device without changing the current configuration, see C

ZyWALL 110/310/1100 Series User’s Guide 537APPENDIX ALegal InformationCopyrightCopyright © 2013 by ZyXEL Communications Corporation.The contents of

Appendix A Legal InformationZyWALL 110/310/1100 Series User’s Guide538Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Notice

Appendix A Legal InformationZyWALL 110/310/1100 Series User’s Guide539• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide54Figure 36 VPN Advanced Wizard: Scenario Rule Name: Type the name used to ident

Appendix A Legal InformationZyWALL 110/310/1100 Series User’s Guide540

IndexZyWALL 110/310/1100 Series User’s Guide 541IndexSymbolsNumbers3322 Dynamic DNS 2153DES 3063G see also cellular 1326in4 tunneling 1406to4 tunneli

IndexZyWALL 110/310/1100 Series User’s Guide542address record 452admin usertroubleshooting 533admin users 371multiple logins 379see also users 371Adva

IndexZyWALL 110/310/1100 Series User’s Guide 543signal quality 94, 95SIM card 137status 96system 94, 95troubleshooting 529certificatetroubleshooting

IndexZyWALL 110/310/1100 Series User’s Guide544access user page 461login page 461DData Encryption Standard, see DESdate 445daylight savings 447DDNS 21

IndexZyWALL 110/310/1100 Series User’s Guide 545Eegress bandwidth 137, 146e-maildaily statistics report 485Encapsulating Security Payload, see ESPenc

IndexZyWALL 110/310/1100 Series User’s Guide546and address groups 479and address objects 479and certificates 478and zones 479signaling port 237with Tr

IndexZyWALL 110/310/1100 Series User’s Guide 547status 72, 84, 85troubleshooting 528interfaces 103and DNS servers 174and HTTP redirect 232and layer-3

IndexZyWALL 110/310/1100 Series User’s Guide548and to-ZyWALL firewall 531authentication algorithms 306authentication key (manual keys) 312destination

IndexZyWALL 110/310/1100 Series User’s Guide 549Lightweight Directory Access Protocol, see LDAPload balancing 177algorithms 178, 182, 184DNS inbound

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide55Figure 37 VPN Advanced Wizard: Phase 1 Settings • Secure Gateway: Any displa

IndexZyWALL 110/310/1100 Series User’s Guide550port translation, see NATtraversal 309NBNS 120, 157, 169, 174, 321NetBIOSBroadcast over IPSec 288Name S

IndexZyWALL 110/310/1100 Series User’s Guide 551PIN code 137PIN generator 401pointer record 452Point-to-Point Protocol over Ethernet, see PPPoE.Point

IndexZyWALL 110/310/1100 Series User’s Guide552FTP, see FTPsee also service control 456Telnet 476to-ZyWALL firewall 266WWW, see WWWremote network 281r

IndexZyWALL 110/310/1100 Series User’s Guide 553SHA1 306shell scripttroubleshooting 534shell scripts 499and users 383downloading 508editing 507how ap

IndexZyWALL 110/310/1100 Series User’s Guide554full tunnel mode 317network access mode 18remote desktop connections 432see also SSL 317troubleshooting

IndexZyWALL 110/310/1100 Series User’s Guide 555management access 534packet capture 535policy route 528PPP 529RADIUS server 532routing 530schedules 5

IndexZyWALL 110/310/1100 Series User’s Guide556Guest (type) 371lease time 376limited-admin (type) 371lockout 380reauthentication time 376types of 371u

IndexZyWALL 110/310/1100 Series User’s Guide 557WINS server 120, 348Wizard Setup 33, 43WWW 457and address groups 461and address objects 461and authen

IndexZyWALL 110/310/1100 Series User’s Guide558

IndexZyWALL 110/310/1100 Series User’s Guide 559

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide56• Dead Peer Detection (DPD) has the ZyWALL make sure the remote IPSec device is

IndexZyWALL 110/310/1100 Series User’s Guide560

IndexZyWALL 110/310/1100 Series User’s Guide 561

IndexZyWALL 110/310/1100 Series User’s Guide562

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide574.3.10 VPN Advanced Wizard - Summary This is a read-only summary of the VPN tu

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide58Figure 40 VPN Wizard: Finish Click Close to exit the wizard.4.4 VPN Setting

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide59Choose Express to create a VPN rule with the default phase 1 and phase 2 settin

ZyWALL 110/310/1100 Series User’s Guide68.2 The Trunk Summary Screen ...

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide60Figure 42 VPN for Configuration Provisioning Express Wizard: Settings Scenario

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide61Figure 43 VPN for Configuration Provisioning Express Wizard: Configuration •

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide62Figure 44 VPN for Configuration Provisioning Express Wizard: Save • Rule Name:

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide63Figure 45 VPN for Configuration Provisioning Express Wizard: Finish Click Clo

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide64Rule Name: Type the name used to identify this VPN connection (and VPN gateway).

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide65• Authentication Algorithm: MD5 (Message Digest 5) and SHA (Secure Hash Algorit

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide66• Remote Policy (IP/Mask): Any displays in this field because it is not configu

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide67VPN Connection screen. Enter the IP address of the ZyWALL in the ZyWALL IPSec

Chapter 4 Quick Setup WizardsZyWALL 110/310/1100 Series User’s Guide68

ZyWALL 110/310/1100 Series User’s Guide 69CHAPTER 5Dashboard5.1 OverviewUse the Dashboard screens to check status information about the ZyWALL.5.1.

ZyWALL 110/310/1100 Series User’s Guide7Chapter 13NAT...

Chapter 5 DashboardZyWALL 110/310/1100 Series User’s Guide70Figure 51 Dashboard The following table describes the labels in this screen.Table 14

Chapter 5 DashboardZyWALL 110/310/1100 Series User’s Guide71Device This field displays the name of the device connected to the USB port if one is con

Chapter 5 DashboardZyWALL 110/310/1100 Series User’s Guide72Boot Status This field displays details about the ZyWALL’s startup state.OK - The ZyWALL

Chapter 5 DashboardZyWALL 110/310/1100 Series User’s Guide73Status This field displays the current status of each interface. The possible values depe

Chapter 5 DashboardZyWALL 110/310/1100 Series User’s Guide745.2.1 The CPU Usage ScreenUse this screen to look at a chart of the ZyWALL’s recent CPU u

Chapter 5 DashboardZyWALL 110/310/1100 Series User’s Guide755.2.2 The Memory Usage Screen Use this screen to look at a chart of the ZyWALL’s recent

Chapter 5 DashboardZyWALL 110/310/1100 Series User’s Guide76Figure 54 Dashboard > Session UsageThe following table describes the labels in this s

Chapter 5 DashboardZyWALL 110/310/1100 Series User’s Guide77The following table describes the labels in this screen. 5.2.5 The DHCP Table ScreenUse

Chapter 5 DashboardZyWALL 110/310/1100 Series User’s Guide785.2.6 The Number of Login Users Screen Use this screen to look at a list of the users cur

ZyWALL 110/310/1100 Series User’s Guide 79CHAPTER 6Monitor6.1 OverviewUse the Monitor screens to check status and statistics information.6.1.1 Wha

ZyWALL 110/310/1100 Series User’s Guide8Chapter 18Authentication Policy...

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide806.2 The Port Statistics Screen Use this screen to look at packet statistics for each Gigabi

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide816.2.1 The Port Statistics Graph Screen Use this screen to look at a line graph of packet s

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide826.3 Interface Status ScreenThis screen lists all of the ZyWALL’s interfaces and gives packe

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide83Figure 60 Monitor > System Status > Interface Status

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide84Each field is described in the following table. Table 23 Monitor > System Status > I

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide85Status The activate (light bulb) icon is lit when the entry is active and dimmed when the e

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide866.4 The Traffic Statistics ScreenClick Monitor > System Status > Traffic Statistics t

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide87• LAN IP with heaviest traffic and how much traffic has been sent to and from each oneYou u

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide88Traffic Type Select the type of report to display. Choices are:Host IP Address/User - displa

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide89The following table displays the maximum number of records shown in the report, the byte co

ZyWALL 110/310/1100 Series User’s Guide9Chapter 21SSL VPN ...

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide90The following table describes the labels in this screen. Table 26 Monitor > System Stat

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide916.6 The DDNS Status ScreenThe DDNS Status screen shows the status of the ZyWALL’s DDNS dom

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide92The following table describes the labels in this screen. 6.8 The Login Users Screen Use th

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide936.9 Cellular Status ScreenThis screen displays your 3G connection status. Click Monitor &g

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide94Status No device - no 3G device is connected to the ZyWALL.No Service - no 3G network is ava

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide956.9.1 More Information This screen displays more information on your 3G, such as the signa

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide966.10 USB Storage ScreenThis screen displays information about a connected USB storage devic

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide976.11 The IPSec Monitor ScreenYou can use the IPSec Monitor screen to display and to manage

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide98Each field is described in the following table. 6.11.1 Regular Expressions in Searching IPS

Chapter 6 MonitorZyWALL 110/310/1100 Series User’s Guide99The whole VPN connection or policy name has to match if you do not use a question mark or a