Zyxel-communications Internet Security Gateway ZyWALL 100 Bedienungsanleitung

ZyWALL 100 Internet Security Gateway User’s Guide Version 3.50 May 2002

ZyWALL 100 Internet Security Gateway x Table of Contents 16.2 Rule Logic Overview...

ZyWALL 100 Internet Security Gateway Backup Remote Node Setup 10-1 Chapter 10 Backup Remote Node Setup This chapter shows you how to configure a re

ZyWALL 100 Internet Security Gateway 10-2 Backup Remote Node Setup FIELD DESCRIPTION EXAMPLE Outgoing My Login Enter the login name assigned

ZyWALL 100 Internet Security Gateway Backup Remote Node Setup 10-3 FIELD DESCRIPTION EXAMPLE reset. For example, to allow calls to this remote no

ZyWALL 100 Internet Security Gateway 10-4 Backup Remote Node Setup Figure 10-2 Menu 11.2 - Remote Node PPP Options This table describes the Remote

ZyWALL 100 Internet Security Gateway Backup Remote Node Setup 10-5 10.3 Editing TCP/IP Options Move the cursor to the Edit IP field in menu 11.1, t

ZyWALL 100 Internet Security Gateway 10-6 Backup Remote Node Setup FIELD DESCRIPTION EXAMPLE Network Address Translation Press [SPACE BAR] and th

ZyWALL 100 Internet Security Gateway Backup Remote Node Setup 10-7 To handle the first prompt, you specify “ogin: ” as the ‘Expect’ string and “myL

ZyWALL 100 Internet Security Gateway 10-8 Backup Remote Node Setup Figure 10-5 Menu 11.4 – Remote Node Setup Script The following table describes

ZyWALL 100 Internet Security Gateway Backup Remote Node Setup 10-9 Use menu 11.5 to specify the filter set(s) to apply to the incoming and outgoing

ZyWALL 100 Internet Security Gateway Table of Contents xi 20.3 SNMP Configuration...

ZyWALL 100 Internet Security Gateway IP Static Route Setup 11-1Chapter 11 IP Static Route Setup This chapter shows you how to configure static rout

ZyWALL 100 Internet Security Gateway 11-2 IP Static Route Setup 11.1 IP Static Route Setup You configure IP static routes in menu 12. 1, by select

ZyWALL 100 Internet Security Gateway IP Static Route Setup 11-3 Figure 11-3 Menu 12. 1 — Edit IP Static Route `The following table describes the IP

ZyWALL 100 Internet Security Gateway 11-4 IP Static Route Setup Table 11-1 IP Static Route Menu Fields FIELD DESCRIPTION Route # This is the inde

ZyWALL 100 Internet Security Gateway NAT 12-1Chapter 12 Network Address Translation (NAT) This chapter discusses how to configure NAT on the ZyWALL.

ZyWALL 100 Internet Security Gateway 12-2 NAT NAT never changes the IP address (either local or global) of an outside host. 12.1.2 What NAT Does In t

ZyWALL 100 Internet Security Gateway NAT 12-3 Figure 12-1 How NAT Works

ZyWALL 100 Internet Security Gateway 12-4 NAT 12.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside

ZyWALL 100 Internet Security Gateway NAT 12-52. Many to One: In Many-to-One mode, the ZyWALL maps multiple local IP addresses to one global IP addre

ZyWALL 100 Internet Security Gateway 12-6 NAT TYPE IP MAPPING SMT ABBREVIATION Many-One-to-One ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … M-1-1 Server Se

ZyWALL 100 Internet Security Gateway xii Table of Contents 25.1 Introduction...

ZyWALL 100 Internet Security Gateway NAT 12-7. Figure 12-3 Menu 4 — Applying NAT for Internet Access The following figure shows how you apply NAT to

ZyWALL 100 Internet Security Gateway 12-8 NAT Figure 12-4 Menu 11.3 — Applying NAT to the Remote Node The following table describes the options for

ZyWALL 100 Internet Security Gateway NAT 12-915.1. You can only configure Set 1. Set 255 is used for SUA. When you select Full Feature in menu 4 o

ZyWALL 100 Internet Security Gateway 12-10 NAT Figure 12-7 Menu 15.1.255 — SUA Address Mapping Rules The following table explains the fields in thi

ZyWALL 100 Internet Security Gateway NAT 12-11FIELD DESCRIPTION EXAMPLE Type These are the mapping types discussed above (see Table 12-2). Server a

ZyWALL 100 Internet Security Gateway 12-12 NAT The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the va

ZyWALL 100 Internet Security Gateway NAT 12-13An IP End address must be numerically greater than its corresponding IP Start address. Figure 12-9 Menu

ZyWALL 100 Internet Security Gateway 12-14 NAT 12.4 NAT Server Sets – Port Forwarding A NAT server set is a list of inside (behind NAT on the LAN)

ZyWALL 100 Internet Security Gateway NAT 12-15SERVICES PORT NUMBER Finger 79 HTTP (Hyper Text Transfer protocol or WWW, Web) 80 POP3 (Post Office P

ZyWALL 100 Internet Security Gateway 12-16 NAT Figure 12-10 Menu 15.2 — NAT Server Setup Figure 12-11 Multiple Servers Behind NAT Example

ZyWALL 100 Internet Security Gateway Table of Contents xiii Chapter 31 Troubleshooting ...

ZyWALL 100 Internet Security Gateway NAT 12-1712.5 General NAT Examples 12.5.1 Internet Access Only In the following Internet access example, you onl

ZyWALL 100 Internet Security Gateway 12-18 NAT From menu 4 shown above, simply choose the SUA Only option from the Network Address Translation field

ZyWALL 100 Internet Security Gateway NAT 12-19 Figure 12-15 Menu 15.2 — Specifying an Inside Server 12.5.3 Example 3: Multiple Public IP Addresses Wi

ZyWALL 100 Internet Security Gateway 12-20 NAT Figure 12-16 NAT Example 3 Step 1. In this case you need to configure Address Mapping Set 1 from M

ZyWALL 100 Internet Security Gateway NAT 12-21 Figure 12-17 Example 3: Menu 11.3 The following figure shows how to configure the first rule. Figure

ZyWALL 100 Internet Security Gateway 12-22 NAT Figure 12-19 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail s

ZyWALL 100 Internet Security Gateway NAT 12-2312.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping usin

ZyWALL 100 Internet Security Gateway 12-24 NAT Figure 12-22 Example 4: Menu 15.1.1.1 — Address Mapping Rule After you’ve configured your rule, you

ZyWALL 100 Internet Security Gateway NAT 12-25the requested data comes back, the ZyWALL applies the port mapping rules and uses the recorded IP addre

ZyWALL 100 Internet Security Gateway 12-26 NAT Table 12-8 Menu 15.3—Trigger Port Setup Description FIELD DESCRIPTION EXAMPLE Rule This is the rul

ZyWALL 100 Internet Security Gateway xiv List of Figures List of Figures Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem...

ZyWALL 100 Internet Security Gateway NAT 12-273. The Real Audio server responds using a port number ranging between 6970-7170. 4. The ZyWALL associ

Firewall and Content Filters III Part III: Firewall and Content Filters Part III introduces firewalls in general and the ZyWALL firewall. It also

ZyWALL 100 Internet Security Gateway Firewalls 13-1 Chapter 13 Firewalls This chapter gives some background information on firewalls and explains ho

ZyWALL 100 Internet Security Gateway 13-2 Firewalls i. Information hiding prevents the names of internal systems from being made known via DNS to o

ZyWALL 100 Internet Security Gateway Firewalls 13-3 Figure 13-1 ZyWALL Firewall Application 13.4 Denial of Service Denials of Service (DoS) attac

ZyWALL 100 Internet Security Gateway 13-4 Firewalls for use over a single port, such as Web on port 80, other ports are also active. If the person c

ZyWALL 100 Internet Security Gateway Firewalls 13-5 Figure 13-2 Three-Way Handshake Under normal circumstances, the application that initiates a se

ZyWALL 100 Internet Security Gateway 13-6 Firewalls 2-b In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP addre

ZyWALL 100 Internet Security Gateway Firewalls 13-7 Table 13-3 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: All

ZyWALL 100 Internet Security Gateway List of Figures xv Figure 7-1 Menu 5 — DMZ Setup...

ZyWALL 100 Internet Security Gateway 13-8 Firewalls  Denies all sessions originating from the WAN to the LAN. Figure 13-5 Stateful Inspection The

ZyWALL 100 Internet Security Gateway Firewalls 13-9 3. The packet is inspected by a firewall rule to determine and record information about the sta

ZyWALL 100 Internet Security Gateway 13-10 Firewalls The ability to define firewall rules is a very powerful tool. Using custom rules, it is possibl

ZyWALL 100 Internet Security Gateway Firewalls 13-11 little tracking information. For instance, ICMP redirect packets are never allowed in, since th

ZyWALL 100 Internet Security Gateway 13-12 Firewalls 13.6.1 Security In General You can never be too careful! Factors outside your firewall, filteri

ZyWALL 100 Internet Security Gateway Firewalls 13-13 13.7.1 Packet Filtering:  The router filters packets as they pass through the router’s interf

ZyWALL 100 Internet Security Gateway 13-14 Firewalls 3. To selectively block/allow inbound or outbound traffic between inside host/networks and out

ZyWALL 100 Internet Security Gateway Introducing the ZyWALL Firewall 14-1 Chapter 14 Introducing the ZyWALL Firewall This chapter shows you how to

ZyWALL 100 Internet Security Gateway 14-2 Introducing the ZyWALL Firewall 14.3.1 Activating the Firewall Enter option 2 in this menu to bring up t

ZyWALL 100 Internet Security Gateway Introducing the ZyWALL Firewall 14-3 An “End of Log” message displays for each mail in which a complete log ha

ZyWALL 100 Internet Security Gateway xvi List of Figures Figure 11-1 Example of Static Routing Topology ...

ZyWALL 100 Internet Security Gateway Using the ZyWALL Web Configurator 15-1 Chapter 15 Using the ZyWALL Web Configurator This chapter shows you how

ZyWALL 100 Internet Security Gateway 15-2 Using the ZyWALL Web Configurator Figure 15-1 Enabling the Firewall 15.3 E-mail The E-mail screen show

ZyWALL 100 Internet Security Gateway Using the ZyWALL Web Configurator 15-3 15.3.2 Logs A log is a detailed record that you create for packets that

ZyWALL 100 Internet Security Gateway 15-4 Using the ZyWALL Web Configurator Table 15-1 E-mail FIELD DESCRIPTION OPTIONS Address Info Mail Serv

ZyWALL 100 Internet Security Gateway Using the ZyWALL Web Configurator 15-5 15.3.3 SMTP Error Messages If there are difficulties in sending e-mail t

ZyWALL 100 Internet Security Gateway 15-6 Using the ZyWALL Web Configurator Figure 15-3 E-mail Log 15.4 Attack Alert Attack alerts are the first

ZyWALL 100 Internet Security Gateway Using the ZyWALL Web Configurator 15-7 1. The maximum number of opened sessions. 2. The minimum capacity of s

ZyWALL 100 Internet Security Gateway 15-8 Using the ZyWALL Web Configurator 1. If the Blocking Time timeout is 0 (the default), then the ZyWALL de

ZyWALL 100 Internet Security Gateway Using the ZyWALL Web Configurator 15-9 FIELD DESCRIPTION DEFAULT VALUES Denial of Service Thresholds One Minut

ZyWALL 100 Internet Security Gateway List of Figures xvii Figure 12-25 Trigger Port Forwarding Process — Example...

ZyWALL 100 Internet Security Gateway 15-10 Using the ZyWALL Web Configurator FIELD DESCRIPTION DEFAULT VALUES same destination host IP address. E

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-1 Chapter 16 Creating Custom Rules This chapter contains instructions for defining bo

ZyWALL 100 Internet Security Gateway 16-2 Creating Custom Rules 16.2 Rule Logic Overview Study these points carefully before configuring rules. 1

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-3 16.2.3 Key Fields For Configuring Rules Action Should the action be to Block or For

ZyWALL 100 Internet Security Gateway 16-4 Creating Custom Rules Figure 16-1 LAN to WAN Traffic 16.3.2 WAN to LAN Rules The default rule for WAN t

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-5 16.4 Rule Summary Click Advanced, Firewall and the Summary tab to display the follo

ZyWALL 100 Internet Security Gateway 16-6 Creating Custom Rules The following table describes the fields in the firewall summary screen. Table 16-

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-7 FIELD DESCRIPTION Action This is the specified action for that rule, either Block

ZyWALL 100 Internet Security Gateway 16-8 Creating Custom Rules SERVICE DESCRIPTION BOOTP_CLIENT(UDP:68) DHCP Client. BOOTP_SERVER(UDP:67) D

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-9 SERVICE DESCRIPTION NNTP(TCP:119) Network News Transport Protocol is the delive

ZyWALL 100 Internet Security Gateway xviii List of Figures Figure 19-4 Menu 21 — Filter and Firewall Setup...

ZyWALL 100 Internet Security Gateway 16-10 Creating Custom Rules SERVICE DESCRIPTION System). TELNET(TCP:23) Telnet is the login and terminal

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-11 Figure 16-4 Creating/Editing A Firewall Rule

ZyWALL 100 Internet Security Gateway 16-12 Creating Custom Rules Table 16-3 Creating/Editing A Firewall Rule FIELD DESCRIPTION OPTIONS Active C

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-13 FIELD DESCRIPTION OPTIONS Matched Packets forwarded? Make your choice from the

ZyWALL 100 Internet Security Gateway 16-14 Creating Custom Rules Table 16-4 Adding/Editing Source and Destination Addresses FIELD DESCRIPTION OPT

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-15 Figure 16-6 Creating/Editing A Custom Port The next table describes the fields in

ZyWALL 100 Internet Security Gateway 16-16 Creating Custom Rules 16.8 Example Firewall Rule The following Internet firewall rule example allows

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-17 Figure 16-8 Firewall IP Config Screen Step 6. In the firewall rule configuration

ZyWALL 100 Internet Security Gateway 16-18 Creating Custom Rules Figure 16-9 Custom Port for Syslog Step 7. The firewall rule configuration scre

ZyWALL 100 Internet Security Gateway Creating Custom Rules 16-19 Figure 16-10 Syslog Rule Configuration This is your Syslog custom port. This is t

ZyWALL 100 Internet Security Gateway List of Figures xix Figure 22-3 System Maintenance — Backup Configuration ...

ZyWALL 100 Internet Security Gateway 16-20 Creating Custom Rules Step 8. On completing the configuration procedure for this Internet firewall rul

ZyWALL 100 Internet Security Gateway Logs 17-1 Chapter 17 Logs This chapter contains information about using the log screen to view the results of t

ZyWALL 100 Internet Security Gateway 17-2 Logs Table 17-1 Log Screen FIELD DESCRIPTION EXAMPLES No. This is the index number of the firewall lo

ZyWALL 100 Internet Security Gateway Content Filtering 18-1 Chapter 18 Content Filtering This chapter provides a brief overview of content filterin

ZyWALL 100 Internet Security Gateway 18-2 Content Filtering 18.4 Customizing Customize the content filter list by adding or removing specific sites

Advanced Management IV Part IV: Advanced Management Part IV provides information on Filter Configuration, SNMP Configuration, System Information

ZyWALL 100 Internet Security Gateway Filter Configuration 19-1Chapter 19 Filter Configuration This chapter shows you how to create and apply filter

ZyWALL 100 Internet Security Gateway 19-2 Filter Configuration Figure 19-1 Outgoing Packet Filtering Process For incoming packets, your ZyWALL appli

ZyWALL 100 Internet Security Gateway Filter Configuration 19-3StartFetch FirstFilter SetFetch FirstFilter RuleActive?ExecuteFilter RuleFetch NextFil

ZyWALL 100 Internet Security Gateway 19-4 Filter Configuration You can apply up to four filter sets to a particular port to block multiple types of p

ZyWALL 100 Internet Security Gateway ii Copyright Copyright Copyright © 2002 by ZyXEL Communications Corporation. The contents of this publication ma

ZyWALL 100 Internet Security Gateway xx List of Figures Figure 25-4 Menu 25.1 — Sample IP Routing Policy Setup ...

ZyWALL 100 Internet Security Gateway Filter Configuration 19-5Step 3. Select the filter set you wish to configure ( 1-12) and press [ENTER]. Step 4

ZyWALL 100 Internet Security Gateway 19-6 Filter Configuration Table 19-2 Rule Abbreviations Used ABBREVIATION DESCRIPTION IP Pr Protocol SA Source

ZyWALL 100 Internet Security Gateway Filter Configuration 19-7To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and pr

ZyWALL 100 Internet Security Gateway 19-8 Filter Configuration FIELD DESCRIPTION OPTIONS IP Mask Enter the IP mask to apply to the Destination: IP Ad

ZyWALL 100 Internet Security Gateway Filter Configuration 19-9FIELD DESCRIPTION OPTIONS Both – All packets will be logged. Both Action Matched Pres

ZyWALL 100 Internet Security Gateway 19-10 Filter Configuration Packetinto IP FilterMatchedMatchedYesAction MatchedAction Not MatchedMore?NoFilter Ac

ZyWALL 100 Internet Security Gateway Filter Configuration 19-1119.2.3 Generic Filter Rule This section shows you how to configure a generic filter r

ZyWALL 100 Internet Security Gateway 19-12 Filter Configuration Table 19-4 Generic Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Filter # Thi

ZyWALL 100 Internet Security Gateway Filter Configuration 19-1319.3 Example Filter Let’s look at an example to block outside users from telnetting i

ZyWALL 100 Internet Security Gateway 19-14 Filter Configuration Step 6. Enter 1 to configure the first filter rule (the only filter rule of this se

ZyWALL 100 Internet Security Gateway List of Figures xxi Figure 30-2 Example VPN Responder IPSec Log ...

ZyWALL 100 Internet Security Gateway Filter Configuration 19-15Figure 19-11 Example Filter Rules Summary — Menu 21.1.3 After you’ve created the filt

ZyWALL 100 Internet Security Gateway 19-16 Filter Configuration 19.4 Filter Types and NAT There are two classes of filter rules, Generic Filter (Dev

ZyWALL 100 Internet Security Gateway Filter Configuration 19-1719.6 Applying a Filter and Factory Defaults This section shows you where to apply th

ZyWALL 100 Internet Security Gateway 19-18 Filter Configuration outgoing traffic from the ZyWALL. The ZyWALL already has filters to prevent NetBIOS t

ZyWALL 100 Internet Security Gateway SNMP Configuration 20-1 Chapter 20 SNMP Configuration This chapter explains SNMP configuration menu 22. SNMP

ZyWALL 100 Internet Security Gateway 20-2 SNMP Configuration Figure 20-1 SNMP Management Model An SNMP managed network consists of two main types of

ZyWALL 100 Internet Security Gateway SNMP Configuration 20-3 • GetNext - Allows the manager to retrieve the next object variable from a table or

ZyWALL 100 Internet Security Gateway 20-4 SNMP Configuration FIELD DESCRIPTION EXAMPLE Set Community Type the Set community, which is the passwor

ZyWALL 100 Internet Security Gateway System Information and Diagnosis 21-1 Chapter 21 System Information & Diagnosis This chapter covers SMT m

ZyWALL 100 Internet Security Gateway 21-2 System Information and Diagnosis Step 2. In this menu, enter 1 to open System Maintenance - Status. Ste

ZyWALL 100 Internet Security Gateway xxii List of Tables List of Tables Table 2-1 LED Descriptions ...

ZyWALL 100 Internet Security Gateway System Information and Diagnosis 21-3 FIELD DESCRIPTION Tx B/s Shows the transmission speed in Bytes per sec

ZyWALL 100 Internet Security Gateway 21-4 System Information and Diagnosis 21.2.1 System Information System Information gives you information about

ZyWALL 100 Internet Security Gateway System Information and Diagnosis 21-5 21.2.2 Console Port Speed You can change the speed of the console port

ZyWALL 100 Internet Security Gateway 21-6 System Information and Diagnosis Figure 21-6 Menu 24.3 — System Maintenance — Log and Trace Examples of

ZyWALL 100 Internet Security Gateway System Information and Diagnosis 21-7 Figure 21-8 Menu 24.3.2 — System Maintenance — UNIX Syslog You need to

ZyWALL 100 Internet Security Gateway 21-8 System Information and Diagnosis Your ZyWALL sends five types of syslog messages. Some examples (not all

ZyWALL 100 Internet Security Gateway System Information and Diagnosis 21-9 3. Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILL

ZyWALL 100 Internet Security Gateway 21-10 System Information and Diagnosis 21.3.3 Call-Triggering Packet Call-Triggering Packet displays informati

ZyWALL 100 Internet Security Gateway System Information and Diagnosis 21-11 Follow the procedure below to get to Menu 24.4 - System Maintenance –

ZyWALL 100 Internet Security Gateway 21-12 System Information and Diagnosis Figure 21-11 WAN & LAN DHCP The following table describes the diag

ZyWALL 100 Internet Security Gateway List of Tables xxiii Table 10-1 Fields in Menu 11.1 Remote Node Profile (Backup ISP) ...

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-1 Chapter 22 Firmware and Configuration File Maintenance This

ZyWALL 100 Internet Security Gateway 22-2 Firmware and Configuration File Maintenance local network or FTP site and so the name (but not the extens

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-3 22.2.1 Backup Configuration Follow the instructions as shown

ZyWALL 100 Internet Security Gateway 22-4 Firmware and Configuration File Maintenance Figure 22-2 FTP Session Example 22.2.4 GUI-based FTP Clients

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-5 1. The firewall is active (turn the firewall off in menu 21

ZyWALL 100 Internet Security Gateway 22-6 Firmware and Configuration File Maintenance 22.2.7 TFTP Command Example The following is an example TFTP

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-7 Figure 22-3 System Maintenance — Backup Configuration Step

ZyWALL 100 Internet Security Gateway 22-8 Firmware and Configuration File Maintenance 22.3 Restore Configuration This section shows you how to rest

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-9 Figure 22-7 Telnet into Menu 24.6 Step 1. Launch the FTP c

ZyWALL 100 Internet Security Gateway 22-10 Firmware and Configuration File Maintenance 22.3.2 Restore Using FTP Session Example Figure 22-8 Restore

ZyWALL 100 Internet Security Gateway xxiv List of Tables Table 19-2 Rule Abbreviations Used ...

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-11 Figure 22-11 Restore Configuration Example Step 4. After a

ZyWALL 100 Internet Security Gateway 22-12 Firmware and Configuration File Maintenance WARNING! Do not interrupt the file transfer process as this

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-13 22.4.2 Configuration File Upload You see the following scre

ZyWALL 100 Internet Security Gateway 22-14 Firmware and Configuration File Maintenance transfers the configuration file on the ZyWALL to your compu

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-15 Step 3. Enter the command “sys stdio 0” to disable the con

ZyWALL 100 Internet Security Gateway 22-16 Firmware and Configuration File Maintenance 22.4.8 Uploading Firmware File Via Console Port Step 1. Sel

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-17 22.4.9 Example Xmodem Firmware Upload Using HyperTerminal C

ZyWALL 100 Internet Security Gateway 22-18 Firmware and Configuration File Maintenance Figure 22-18 Menu 24.7.2 as seen using the Console Port St

ZyWALL 100 Internet Security Gateway Firmware and Configuration File Maintenance 22-19 Figure 22-19 Example Xmodem Upload After the configuration

ZyWALL 100 Internet Security Gateway List of Tables xxv Table 29-1 Menu 27.2 — SA Monitor ...

ZyWALL 100 Internet Security Gateway System Maintenance & Information 23-1 Chapter 23 System Maintenance & Information This chapter leads

ZyWALL 100 Internet Security Gateway 23-2 System Maintenance & Information Figure 23-2 Valid Commands 23.2 Call Control Support The ZyWALL pr

ZyWALL 100 Internet Security Gateway System Maintenance & Information 23-3 23.2.1 Budget Management Menu 24.9.1 shows the budget management sta

ZyWALL 100 Internet Security Gateway 23-4 System Maintenance & Information 23.2.2 Call History This is the second option in Menu 24.9 - System

ZyWALL 100 Internet Security Gateway System Maintenance & Information 23-5 Table 23-2 Call History Fields FIELD DESCRIPTION Phone Number The

ZyWALL 100 Internet Security Gateway 23-6 System Maintenance & Information Enter 10 to go to Menu 24.10 - System Maintenance - Time and Date Se

ZyWALL 100 Internet Security Gateway System Maintenance & Information 23-7 FIELD DESCRIPTION New Date Enter the new date in year, month and da

ZyWALL 100 Internet Security Gateway Remote Management 24-1Chapter 24 Remote Management This chapter covers remote management found in SMT menu 24.

ZyWALL 100 Internet Security Gateway 24-2 Remote Management 24.3 Web You can use the ZyWALL’s embedded web configurator for configuration and file ma

ZyWALL 100 Internet Security Gateway xxvi Preface Preface About Your ZyWALL Congratulations on your purchase of the ZyWALL 100 Internet Security Gate

ZyWALL 100 Internet Security Gateway Remote Management 24-3 Figure 24-2 Menu 24.11 – Remote Management Control Table 24-1 Menu 24.11 – Remote Manag

ZyWALL 100 Internet Security Gateway 24-4 Remote Management 24.6.1 Remote Management Limitations Remote management over LAN or WAN will not work when

IPPR, Call Scheduling and VPN/IPSec V Part V: IP Policy Routing, Call Scheduling and VPN/IPSec Part V provides information about IP Policy Rou

ZyWALL 100 Internet Security Gateway IP Policy Routing 25-1 Chapter 25 IP Policy Routing This chapter covers setting and applying policies used fo

ZyWALL 100 Internet Security Gateway 25-2 IP Policy Routing is to differentiate between interactive and bulk traffic. Interactive applications, e.g

ZyWALL 100 Internet Security Gateway IP Policy Routing 25-3 Menu 25.1 shows the summary of a policy set, including the criteria and the action of

ZyWALL 100 Internet Security Gateway 25-4 IP Policy Routing ABBREVIATION MEANING P Outgoing Precedence Service NM Normal MD Mi

ZyWALL 100 Internet Security Gateway IP Policy Routing 25-5 FIELD DESCRIPTION Criteria IP Protocol Enter a number that represents an IP layer 4 p

ZyWALL 100 Internet Security Gateway 25-6 IP Policy Routing 25.5 Applying an IP Policy This section shows you where to apply the IP policies after

ZyWALL 100 Internet Security Gateway Preface xxvii You can configure most features of the ZyWALL 100 via SMT but ZyXEL recommends that you configure

ZyWALL 100 Internet Security Gateway IP Policy Routing 25-7 Figure 25-7 Example of IP Policy Routing To force Web packets coming from clients wi

ZyWALL 100 Internet Security Gateway 25-8 IP Policy Routing Figure 25-8 IP Routing Policy Example Step 3. Check Menu 25.1 - IP Routing Policy Set

ZyWALL 100 Internet Security Gateway IP Policy Routing 25-9 Step 5. Create a rule in menu 25.1.1 for this set to route packets from any host (IP=0

ZyWALL 100 Internet Security Gateway 25-10 IP Policy Routing Figure 25-10 Applying IP Policies Menu 3.2 - TCP/IP and DHCP Ethernet Setup

ZyWALL 100 Internet Security Gateway Call Scheduling 26-1 Chapter 26 Call Scheduling Call scheduling allows you to dictate when a remote node shoul

ZyWALL 100 Internet Security Gateway 26-2 Call Scheduling To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] or [D

ZyWALL 100 Internet Security Gateway Call Scheduling 26-3 FIELD DESCRIPTION OPTIONS Once: Date If you selected Once in the How Often field ab

ZyWALL 100 Internet Security Gateway 26-4 Call Scheduling Figure 26-3 Applying Schedule Set(s) to a Remote Node (PPPoE) You can apply up to four sche

ZyWALL 100 Internet Security Gateway Introduction to IPSec 27-1 Chapter 27 Introduction to IPSec This chapter introduces the basics of IPSec VPNs.

ZyWALL 100 Internet Security Gateway 27-2 Introduction to IPSec Figure 27-1 Encryption and Decryption  Data Confidentiality The IPSec sender can

Getting Started I Part I: Getting Started Part I covers Getting to Know Your ZyWALL, Hardware Installation, Initial Setup, SMT Menu 1 General S

ZyWALL 100 Internet Security Gateway Introduction to IPSec 27-3 Figure 27-2 VPN Application 27.2 IPSec Architecture The overall IPSec architecture

ZyWALL 100 Internet Security Gateway 27-4 Introduction to IPSec Figure 27-3 IPSec Architecture 27.2.1 IPSec Algorithms The ESP (Encapsulating Secu

ZyWALL 100 Internet Security Gateway Introduction to IPSec 27-5 27.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and

ZyWALL 100 Internet Security Gateway 27-6 Introduction to IPSec A NAT device in between the IPSec endpoints will rewrite either the source or desti

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-1 Chapter 28 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 28.1 VPN/IPSec S

ZyWALL 100 Internet Security Gateway 28-2 VPN/IPSec Setup Figure 28-2 Menu 27 — VPN/IPSec Setup 28.2 IPSec Algorithms The ESP and AH protocols are n

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-3 Table 28-1 AH and ESP ESP AH Select DES for minimal security and 3DES for maximum. Selec

ZyWALL 100 Internet Security Gateway 28-4 VPN/IPSec Setup 28.3.1 My IP Address My IP Addr is the WAN IP address of the ZyWALL. If this field is confi

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-5 Figure 28-4 Telecommuter’s ZyWALL Configuration Figure 28-5 Headquarters ZyWALL Configu

ZyWALL 100 Internet Security Gateway 28-6 VPN/IPSec Setup Figure 28-6 Menu 27.1 — IPSec Summary Table 28-3 Menu 27.1 — IPSec Summary FIELD DESCRIP

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-7 Table 28-3 Menu 27.1 — IPSec Summary FIELD DESCRIPTION EXAMPLE Local Addr End When the Ad

ZyWALL 100 Internet Security Gateway 28-8 VPN/IPSec Setup Table 28-3 Menu 27.1 — IPSec Summary FIELD DESCRIPTION EXAMPLE Remote Addr End When the Add

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-9 28.4 IPSec Setup Select Edit in the Select Command field, type the index number of a rule

ZyWALL 100 Internet Security Gateway 28-10 VPN/IPSec Setup Table 28-4 Menu 27.1.1 — IPSec Setup FIELD DESCRIPTION EXAMPLE My IP Addr Enter the WAN I

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-11 Table 28-4 Menu 27.1.1 — IPSec Setup FIELD DESCRIPTION EXAMPLE Port Start 0 is the defa

ZyWALL 100 Internet Security Gateway 28-12 VPN/IPSec Setup Table 28-4 Menu 27.1.1 — IPSec Setup FIELD DESCRIPTION EXAMPLE Port Start 0 is the defaul

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-13 Figure 28-8 Two Phases to set up the IPSec SA In phase 1 you must:  Choose a negotiati

ZyWALL 100 Internet Security Gateway 28-14 VPN/IPSec Setup  Aggressive Mode is quicker than Main Mode because it eliminates several steps when the c

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-15 Figure 28-9 Menu 27.1.1.1 — IKE Setup Table 28-5 Menu 27.1.1.1 — IKE Setup FIELD DESCRI

ZyWALL 100 Internet Security Gateway 28-16 VPN/IPSec Setup Table 28-5 Menu 27.1.1.1 — IKE Setup FIELD DESCRIPTION EXAMPLEAuthentication Algorithm MD5

ZyWALL 100 Internet Security Gateway FCC iii Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC

ZyWALL 100 Internet Security Gateway Getting to Know Your ZyWALL 1-1Chapter 1 Getting to Know Your ZyWALL This chapter introduces the main feature

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-17 28.6 Manual Setup You only configure Menu 27.1.1.2 – Manual Setup when you select Manual

ZyWALL 100 Internet Security Gateway 28-18 VPN/IPSec Setup Figure 28-10 Menu 27.1.1.2 — Manual Setup Table 28-7 Menu 27.1.1.2 — Manual Setup FIELD

ZyWALL 100 Internet Security Gateway VPN/IPSec Setup 28-19 Table 28-7 Menu 27.1.1.2 — Manual Setup FIELD DESCRIPTION EXAMPLE Key3 Enter a unique e

ZyWALL 100 Internet Security Gateway SA Monitor 29-1 Chapter 29 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor

ZyWALL 100 Internet Security Gateway 29-2 SA Monitor Table 29-1 Menu 27.2 — SA Monitor FIELD DESCRIPTION EXAMPLE # This is the security associatio

ZyWALL 100 Internet Security Gateway IPSec Log 30-1 Chapter 30 IPSec Log This chapter interprets common IPSec log messages. 30.1 VPN Initiator IPS

ZyWALL 100 Internet Security Gateway 30-2 IPSec Log 30.2 VPN Responder IPSec Log The following figure shows a typical log from the VPN connection pe

ZyWALL 100 Internet Security Gateway IPSec Log 30-3 Table 30-1 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION Send:<Symbol><Symbol&

ZyWALL 100 Internet Security Gateway 30-4 IPSec Log Table 30-1 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! IKE Packet Retransmit The ZyW

ZyWALL 100 Internet Security Gateway 1-2 Getting to Know Your ZyWALL Reset Button The ZyWALL 100 comes with a reset button built into the rear pane

ZyWALL 100 Internet Security Gateway IPSec Log 30-5 Table 30-3 RFC-2408 ISAKMP Payload TypesLOG DISPLAY PAYLOAD TYPE TRANS Transform KE Key Exchan

Troubleshooting, Appendices and Index VI Part VI: Troubleshooting, Appendices and Index Part VI provides Troubleshooting, followed by some Appen

ZyWALL 100 Internet Security Gateway Troubleshooting 31-1 Chapter 31 Troubleshooting This chapter covers potential problems and possible remedies.

ZyWALL 100 Internet Security Gateway 31-2 Troubleshooting 31.2 Problems with the LAN Interface Table 31-2 Troubleshooting the LAN Interface PROBLEM

ZyWALL 100 Internet Security Gateway Troubleshooting 31-3 31.4 Problems with the WAN Interface Table 31-4 Troubleshooting the WAN interface PROBL

ZyWALL 100 Internet Security Gateway 31-4 Troubleshooting 31.6 Problems with the Password Table 31-6 Troubleshooting the Password PROBLEM CORRECTIVE

ZyWALL 100 Internet Security Gateway The Big Picture A Appendix A The Big Picture The following figure gives an overview of how filtering, the fir

ZyWALL 100 Internet Security Gateway Wireless LAN and IEEE 802.11 B Appendix B Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flex

ZyWALL 100 Internet Security Gateway Wireless LAN and IEEE 802.11 C Spread Spectrum (DSSS) and Frequency-Hopping Spread Spectrum (FHSS), in the 2.4

ZyWALL 100 Internet Security Gateway Getting to Know Your ZyWALL 1-3Packet Filtering The packet filtering mechanism blocks unwanted traffic from en

ZyWALL 100 Internet Security Gateway Wireless LAN and IEEE 802.11 DInfrastructure Wireless LAN Configuration For Infrastructure WLANs, multiple Ac

ZyWALL 100 Internet Security Gateway Wireless LAN and IEEE 802.11 E Diagram 3 ESS Provides Campus-Wide Coverage

ZyWALL 100 Internet Security Gateway PPPoE G Appendix C PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet,

ZyWALL 100 Internet Security Gateway H PPPoE The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while

ZyWALL 100 Internet Security Gateway PPTP I Appendix D PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary proto

ZyWALL 100 Internet Security Gateway J PPTP Access Concentrator) and the PPTP user. The PNS is the box that hosts both the PPP and the PPTP stacks a

ZyWALL 100 Internet Security Gateway PPTP K The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1

ZyWALL 100 Internet Security Gateway L Hardware Specifications Appendix E Hardware Specifications Power Specification 100-240 VAC, 50/60Hz Power Con

ZyWALL 100 Internet Security Gateway Hardware Specifications M Diagram 9 WAN/LAN Cable Pin Layout WAN/LAN Cable Pin Layout: Straight-Throug

ZyWALL 100 Internet Security Gateway 1-4 Getting to Know Your ZyWALL Network Address Translation (NAT) NAT (Network Address Translation - NAT, RFC

ZyWALL 100 Internet Security Gateway N Safety Warnings and Instructions Appendix F Safety Warnings and Instructions 1. Be sure to read and follow

ZyWALL 100 Internet Security Gateway Command Interpreter Appendix G Command Interpreter The following describes how to use the command interpreter. En

ZyWALL 100 Internet Security Gateway P Firewall Commands Appendix H Firewall Commands The following describes the firewall commands. See the Command

ZyWALL 100 Internet Security Gateway Firewall Commands Q FUNCTION COMMAND DESCRIPTION config display firewall ? This command shows all of t

ZyWALL 100 Internet Security Gateway R Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall attack block <yes | no> Set this

ZyWALL 100 Internet Security Gateway Firewall Commands S FUNCTION COMMAND DESCRIPTION Config edit firewall set <set #> icmp-timeout &

ZyWALL 100 Internet Security Gateway T Firewall Commands FUNCTION COMMAND DESCRIPTION Config edit firewall set <set #> rule <rule #>

ZyWALL 100 Internet Security Gateway Firewall Commands U FUNCTION COMMAND DESCRIPTION config edit firewall set <set #> rule <rule #>

ZyWALL 100 Internet Security Gateway V Firewall Commands

ZyWALL 100 Internet Security Gateway NetBIOS Filter Commands W Appendix I NetBIOS Filter Commands The following describes the NetBIOS packet filter

ZyWALL 100 Internet Security Gateway Getting to Know Your ZyWALL 1-51.4 Applications for the ZyWALL 100 1.4.1 Secure Broadband Internet Access vi

ZyWALL 100 Internet Security Gateway X NetBIOS Filter Commands The filter types and their default settings are as follows. NAME DESCRIPTION DEFAULT

ZyWALL 100 Internet Security Gateway NetBIOS Filter Commands Y Command: sys filter netbios config 1 off This command forwards LAN to DMZ NetBIOS pa

ZyWALL 100 Internet Security Gateway Z Boot Commands Appendix J Boot Commands The BootModule AT commands execute from within the router’s bootup soft

ZyWALL 100 Internet Security Gateway Boot Commands AA Diagram 12 Boot Module Commands AT just answer OK ATHE print help ATBA

ZyWALL 100 Internet Security Gateway BB Removing and Installing a Fuse Appendix K Removing and Installing a Fuse This appendix shows you how to rem

ZyWALL 100 Internet Security Gateway Index CC Index 1 10/100 Mbps Ethernet WAN... 1-1 11 Mbps wireless LAN...

ZyWALL 100 Internet Security Gateway DD Index CLI Commands... P Cloning the MAC address...

ZyWALL 100 Internet Security Gateway Index EE TCP/IP Setup See TCP/IP DMZ 100M LED... 2-2 DMZ 10

ZyWALL 100 Internet Security Gateway FF Index Filter log 21-11 Generic Filter Rule 19-11 Generic Rule 19-11 NAT 19-16 Remote Node 19-18 Structure

ZyWALL 100 Internet Security Gateway Index GG Gateway IP Address ... 8-2, 11-4 General Setup ...

ZyWALL 100 Internet Security Gateway 1-6 Getting to Know Your ZyWALL Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem

ZyWALL 100 Internet Security Gateway HH Index IP Pool ...6-2, 6-7 Setup 6-2 IP Ports ...

ZyWALL 100 Internet Security Gateway Index II Mean Time Between Failures... L Metric ...

ZyWALL 100 Internet Security Gateway JJ Index Port Configuration ... 16-15 Port Forwarding...

ZyWALL 100 Internet Security Gateway Index KK Routing Policy... 25-1 RTC...See Real

ZyWALL 100 Internet Security Gateway LL Index Subnet Mask ..6-3, 6-7, 8-2, 9-8, 9-10, 10-5, 10-8, 11-4, 16-14 Support Disk...

ZyWALL 100 Internet Security Gateway Index MM Trusted Network...See LAN Turning On ...

ZyWALL 100 Internet Security Gateway Getting to Know Your ZyWALL 1-71.4.2 VPN Application ZyWALL VPN is an ideal cost-effective way to connect bran

ZyWALL 100 Internet Security Gateway Hardware Installation 2-1Chapter 2 Hardware Installation This chapter explains the LEDs and ports as well as h

ZyWALL 100 Internet Security Gateway 2-2 Hardware Installation LED COLOR STATUS MEANING Green Off The 10M LAN is not connected. On The ZyWALL

ZyWALL 100 Internet Security Gateway iv Information for Canadian Users Information for Canadian Users The Industry Canada label identifies certifie

ZyWALL 100 Internet Security Gateway Hardware Installation 2-3 Figure 2-2 ZyWALL 100 Rear Panel This section outlines how to connect your ZyWALL 100

ZyWALL 100 Internet Security Gateway 2-4 Hardware Installation Step 5. Connecting the Ethernet LAN When the ZyWALL is on and properly connected to a

ZyWALL 100 Internet Security Gateway Initial Setup 3-1Chapter 3 Initial Setup This chapter explains how to perform the initial ZyWALL setup and giv

ZyWALL 100 Internet Security Gateway 3-2 Initial Setup Figure 3-2 Password Screen 3.2 Navigating the SMT Interface The SMT (System Management Termi

ZyWALL 100 Internet Security Gateway Initial Setup 3-3OPERATION KEYSTROKES DESCRIPTION Exit the SMT Type 99, then press [ENTER]. Type 99 at the ma

ZyWALL 100 Internet Security Gateway 3-4 Initial Setup NO. MENU TITLE FUNCTION 11 Remote Node Setup Use this menu to configure detailed remote no

ZyWALL 100 Internet Security Gateway Initial Setup 3-53.2.3 SMT Menus at a Glance Figure 3-4 Getting Started and Advanced Applications SMT Menus

ZyWALL 100 Internet Security Gateway 3-6 Initial Setup Figure 3-5 Advanced Management SMT Menus

ZyWALL 100 Internet Security Gateway Initial Setup 3-7 Figure 3-6 Schedule Setup and IPSec VPN Configuration SMT Menus 3.3 Changing the System Pass

ZyWALL 100 Internet Security Gateway 3-8 Initial Setup 3.4 Resetting the ZyWALL If you forget your password or cannot access the ZyWALL, you will ne

ZyWALL 100 Internet Security Gateway Warranty v ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free

ZyWALL 100 Internet Security Gateway SMT Menu 1 – General Setup 4-1Chapter 4 SMT Menu 1 - General Setup Menu 1 - General Setup contains administrat

ZyWALL 100 Internet Security Gateway 4-2 SMT Menu 1 – General Setup 4.2.1 DYNDNS Wildcard Enabling the wildcard feature for your host causes *.you

ZyWALL 100 Internet Security Gateway SMT Menu 1 – General Setup 4-34.3.1 Configuring Dynamic DNS To configure Dynamic DNS, go to Menu 1 — General S

ZyWALL 100 Internet Security Gateway 4-4 SMT Menu 1 – General Setup FIELD DESCRIPTION EXAMPLE USER Enter your user name. Password Enter the p

ZyWALL 100 Internet Security Gateway WAN Setup 5-1Chapter 5 WAN Setup This chapter describes how to configure the WAN using Menu 2 — WAN Setup. 5.

ZyWALL 100 Internet Security Gateway 5-2 WAN Setup Figure 5-1 Menu 2 — WAN Setup The following table contains instructions on how to configure your

ZyWALL 100 Internet Security Gateway WAN Setup 5-3FIELD DESCRIPTION EXAMPLE Port Speed Press [SPACE BAR] and then press [ENTER] to select the spe

ZyWALL 100 Internet Security Gateway 5-4 WAN Setup 5.4.3 Response Strings The response strings tell the ZyWALL the tags, or labels, immediately prece

ZyWALL 100 Internet Security Gateway WAN Setup 5-5FIELD DESCRIPTION DEFAULTAT Response String: CLID (Calling Line Identification) Enter the

ZyWALL 100 Internet Security Gateway vi Customer Support Customer Support When you contact your customer support representative please have the follo

ZyWALL 100 Internet Security Gateway LAN Setup 6-1 Chapter 6 LAN Setup This chapter describes how to configure the LAN using Menu 3 — LAN Setup. 6

ZyWALL 100 Internet Security Gateway 6-2 LAN Setup Figure 6-2 Menu 3.1 — LAN Port Filter Setup 6.3 TCP/IP and LAN DHCP The ZyWALL has built-in DHCP

ZyWALL 100 Internet Security Gateway LAN Setup 6-3 There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP t

ZyWALL 100 Internet Security Gateway 6-4 LAN Setup Table 6-2 Private IP Address Ranges 10.0.0.0 — 10.255.255.255 172.16.0.0 — 172.31.255.255 192.168.

ZyWALL 100 Internet Security Gateway LAN Setup 6-5 information about interoperability between IGMP version 2 and version 1, please see sections 4 a

ZyWALL 100 Internet Security Gateway 6-6 LAN Setup Figure 6-5 Menu 3 — TCP/IP and DHCP Setup From menu 3, select the submenu option TCP/IP and DHCP

ZyWALL 100 Internet Security Gateway LAN Setup 6-7 Follow the instructions in the next table on how to configure the DHCP fields. Table 6-3 DHCP Et

ZyWALL 100 Internet Security Gateway 6-8 LAN Setup FIELD DESCRIPTION EXAMPLE RIP Direction Press [SPACE BAR] and then [ENTER] to select the RIP di

ZyWALL 100 Internet Security Gateway LAN Setup 6-9 Figure 6-7 Menu 3.2.1 — IP Alias Setup Use the instructions in the following table to configure

ZyWALL 100 Internet Security Gateway 6-10 LAN Setup When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save

ZyWALL 100 Internet Security Gateway Table of Contents vii Table of Contents Getting Started ...

ZyWALL 100 Internet Security Gateway LAN Setup 6-11 Follow the instructions in the next table on how to configure the wireless LAN parameters. Tabl

ZyWALL 100 Internet Security Gateway 6-12 LAN Setup FIELD DESCRIPTION EXAMPLE hexadecimal digits ("0-9", "A-F") preceded by 0x

ZyWALL 100 Internet Security Gateway LAN Setup 6-13 Figure 6-9 Menu 3.5.1 - WLAN MAC Address Filter Table 6-7 Menu 3.5.1 - WLAN MAC Address Filter

ZyWALL 100 Internet Security Gateway DMZ Setup 7-1Chapter 7 DMZ Setup This chapter describes how to configure the DMZ using Menu 5 — DMZ Setup. 7.1

ZyWALL 100 Internet Security Gateway 7-2 DMZ Setup Figure 7-2 Menu 5.1 — DMZ Port Filter Setup 7.3 TCP/IP Setup 7.3.1 IP Address For more detailed in

ZyWALL 100 Internet Security Gateway DMZ Setup 7-3 Figure 7-4 Menu 5.2 — TCP/IP Setup The TCP/IP setup fields are the same as the ones in Menu 3.2

ZyWALL 100 Internet Security Gateway 7-4 DMZ Setup Figure 7-5 Menu 5.2.1 — IP Alias Setup Refer to Table 6-5 for instructions on configuring IP Alia

ZyWALL 100 Internet Security Gateway Internet Access 8-1Chapter 8 Internet Access This chapter shows you how to configure your ZyWALL for Internet a

ZyWALL 100 Internet Security Gateway 8-2 Internet Access FIELD DESCRIPTION Encapsulation Press [SPACE BAR] and then press [ENTER] to choose Etherne

ZyWALL 100 Internet Security Gateway viii Table of Contents 6.1 Introduction...

ZyWALL 100 Internet Security Gateway Internet Access 8-3The ZyWALL 100 supports only one PPTP server connection at any given time. 8.1.3 Configurin

ZyWALL 100 Internet Security Gateway 8-4 Internet Access For the service provider, PPPoE offers an access and authentication method that works with

ZyWALL 100 Internet Security Gateway Internet Access 8-5FIELD DESCRIPTION EXAMPLE Idle Timeout This value specifies the time in seconds that el

Advanced Applications II Part II: Advanced Applications Part II covers Remote Node Setup, Backup Remote Node Setup, IP Static Route Setup and

ZyWALL 100 Internet Security Gateway Remote Node Setup 9-1 Chapter 9 Remote Node Setup This chapter shows you how to configure a remote node. A rem

ZyWALL 100 Internet Security Gateway 9-2 Remote Node Setup 9.2 Remote Node Profile 9.2.1 Ethernet Encapsulation There are two variations of menu 1

ZyWALL 100 Internet Security Gateway Remote Node Setup 9-3 Table 9-1 Fields in Menu 11.1 FIELD DESCRIPTION EXAMPLE Rem Node Name Enter a descript

ZyWALL 100 Internet Security Gateway 9-4 Remote Node Setup 9.2.2 PPPoE Encapsulation The ZyWALL supports PPPoE (Point-to-Point Protocol over Ethern

ZyWALL 100 Internet Security Gateway Remote Node Setup 9-5 Do not specify a nailed-up connection unless your telephone company offers flat-rate ser

ZyWALL 100 Internet Security Gateway 9-6 Remote Node Setup FIELD DESCRIPTION EXAMPLE Period(hr) This field is the time period that the budget sh

ZyWALL 100 Internet Security Gateway Table of Contents ix Chapter 12 Network Address Translation (NAT) ...

ZyWALL 100 Internet Security Gateway Remote Node Setup 9-7 Figure 9-4 Menu 11.1 — Remote Node Profile for PPTP Encapsulation The next table shows

ZyWALL 100 Internet Security Gateway 9-8 Remote Node Setup 9.3 Editing TCP/IP Options (with Ethernet Encapsulation) Move the cursor to the Edit I

ZyWALL 100 Internet Security Gateway Remote Node Setup 9-9 FIELD DESCRIPTION EXAMPLE Metric Enter a number from 1 to 15 to set this route’s prio

ZyWALL 100 Internet Security Gateway 9-10 Remote Node Setup 9.3.1 Editing TCP/IP Options (with PPTP Encapsulation) Make sure that Encapsulation is

ZyWALL 100 Internet Security Gateway Remote Node Setup 9-11 FIELD DESCRIPTION EXAMPLE My WAN Addr Some implementations, especially the UNIX de

ZyWALL 100 Internet Security Gateway 9-12 Remote Node Setup 9.4 Remote Node Filter Move the cursor to the field Edit Filter Sets in menu 11.1, the

ZyWALL 100 Internet Security Gateway Remote Node Setup 9-13 9.5 Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the

ZyWALL 100 Internet Security Gateway 9-14 Remote Node Setup Figure 9-10 Traffic Redirect LAN Setup To configure the parameters for traffic redirec

ZyWALL 100 Internet Security Gateway Remote Node Setup 9-15 Table 9-6 Menu 11.1 — Remote Node Profile (Traffic Redirect Field) FIELD DESCRIPTION

ZyWALL 100 Internet Security Gateway 9-16 Remote Node Setup FIELD DESCRIPTION EXAMPLE Configuration: Backup Gateway IP Address Enter the IP add