Zyxel-communications Internet Security Appliance ZyWALL5UTM 4.0 Manual do Utilizador

ZyWALL 5/35/70 SeriesInternet Security ApplianceUser’s GuideVersion 4.0010/2005

ZyWALL 5/35/70 Series User’s Guide Table of Contents 10Table of ContentsCopyright ...

ZyWALL 5/35/70 Series User’s GuideChapter 4 Registration 100CHAPTER 4Registration4.1 myZyXEL.com overviewmyZyXEL.com is ZyXEL’s online services cente

ZyWALL 5/35/70 Series User’s Guide101 Chapter 4 RegistrationYou will get automatic e-mail notification of new signature releases from mySecurityZone

ZyWALL 5/35/70 Series User’s GuideChapter 4 Registration 102The following table describes the labels in this screen. Table 20 RegistrationLABEL DESC

ZyWALL 5/35/70 Series User’s Guide103 Chapter 4 RegistrationFigure 33 Registration: Registered Device4.3 ServiceAfter you activate a trial, you ca

ZyWALL 5/35/70 Series User’s GuideChapter 4 Registration 104The following table describes the labels in this screen. Table 21 ServiceLABEL DESCRIPTI

ZyWALL 5/35/70 Series User’s Guide105 Chapter 4 Registration

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 106CHAPTER 5LAN ScreensThis chapter describes how to configure LAN settings. This chapter is o

ZyWALL 5/35/70 Series User’s Guide107 Chapter 5 LAN ScreensThese parameters should work for the majority of installations. If your ISP gives you expl

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 108Both RIP-2B and RIP-2M send routing data in RIP-2 format; the difference being that RIP-2B

ZyWALL 5/35/70 Series User’s Guide109 Chapter 5 LAN ScreensFigure 35 LANThe following table describes the labels in this screen.Table 22 LAN LAB

ZyWALL 5/35/70 Series User’s Guide11 Table of ContentsChapter 3Wizard Setup ...

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 110Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is

ZyWALL 5/35/70 Series User’s Guide111 Chapter 5 LAN Screens5.6 LAN Static DHCPThis table allows you to assign IP addresses on the LAN to specific in

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 1125.7 LAN IP AliasIP alias allows you to partition a physical network into different logical

ZyWALL 5/35/70 Series User’s Guide113 Chapter 5 LAN ScreensFigure 38 LAN IP AliasThe following table describes the labels in this screen.Table 24

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 1145.8 LAN Port RolesUse the Port Roles screen to set ports as LAN, DMZ or WLAN interfaces. T

ZyWALL 5/35/70 Series User’s Guide115 Chapter 5 LAN ScreensTo change your ZyWALL’s port role settings, click NETWORK, LAN and then the Port Roles tab

ZyWALL 5/35/70 Series User’s GuideChapter 5 LAN Screens 116After you change the LAN/DMZ/WLAN port roles and click Apply, please wait for few seconds u

ZyWALL 5/35/70 Series User’s Guide117 Chapter 5 LAN Screens

ZyWALL 5/35/70 Series User’s GuideChapter 6 Bridge Screens 118CHAPTER 6Bridge ScreensThis chapter describes how to configure bridge settings. This cha

ZyWALL 5/35/70 Series User’s Guide119 Chapter 6 Bridge Screens6.2.1 Rapid STPThe ZyWALL uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that al

ZyWALL 5/35/70 Series User’s Guide Table of Contents 127.4.2 Weighted Round Robin ...

ZyWALL 5/35/70 Series User’s GuideChapter 6 Bridge Screens 120Once a stable network topology has been established, all bridges listen for Hello BPDUs

ZyWALL 5/35/70 Series User’s Guide121 Chapter 6 Bridge ScreensFigure 43 BridgeThe following table describes the labels in this screen.Table 28 Br

ZyWALL 5/35/70 Series User’s GuideChapter 6 Bridge Screens 1226.4 Bridge Port Roles Use the Port Roles screen to set ports as LAN, DMZ or WLAN interf

ZyWALL 5/35/70 Series User’s Guide123 Chapter 6 Bridge ScreensFigure 44 WLAN Port Role Example To change your ZyWALL’s port role settings, click NE

ZyWALL 5/35/70 Series User’s GuideChapter 6 Bridge Screens 124After you change the LAN/DMZ/WLAN port roles and click Apply, please wait for few second

ZyWALL 5/35/70 Series User’s Guide125 Chapter 6 Bridge Screens

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 126CHAPTER 7WAN ScreensThis chapter describes how to configure WAN settings. Multiple WAN and

ZyWALL 5/35/70 Series User’s Guide127 Chapter 7 WAN ScreensYou can select through which WAN port you want to send out traffic from UPnP-enabled appli

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1287.4.1.1 Example 1The following figure depicts an example where both the WAN ports on the Z

ZyWALL 5/35/70 Series User’s Guide129 Chapter 7 WAN Screens7.4.2 Weighted Round Robin Similar to the Round Robin (RR) algorithm, the Weighted Round

ZyWALL 5/35/70 Series User’s Guide13 Table of Contents9.11.2 Encryption ...

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 130Figure 49 Spillover Algorithm Example7.5 TCP/IP Priority (Metric)The metric represents t

ZyWALL 5/35/70 Series User’s Guide131 Chapter 7 WAN ScreensFigure 50 WAN General

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 132The following table describes the labels in this screen.Table 32 WAN General LABEL DESCRI

ZyWALL 5/35/70 Series User’s Guide133 Chapter 7 WAN Screens7.7 Configuring Load Balancing To configure load balancing on the ZyWALL, click NETWORK,

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1347.7.1 Least Load FirstTo configure Least Load First, select Least Load First in the Load B

ZyWALL 5/35/70 Series User’s Guide135 Chapter 7 WAN Screens7.7.2 Weighted Round RobinTo load balance using the weighted round robin method, select W

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 136Figure 53 Load Balancing: SpilloverThe following table describes the related fields in th

ZyWALL 5/35/70 Series User’s Guide137 Chapter 7 WAN ScreensFigure 54 WAN RouteThe following table describes the labels in this screen.Table 36 WA

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1387.9 WAN IP Address Assignment Every computer on the Internet must have a unique IP address

ZyWALL 5/35/70 Series User’s Guide139 Chapter 7 WAN Screens1 The ISP tells you the DNS server addresses, usually in the form of an information sheet,

ZyWALL 5/35/70 Series User’s Guide Table of Contents 14Chapter 11Firewall Screens...

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 140Figure 55 WAN: Ethernet EncapsulationThe following table describes the labels in this scr

ZyWALL 5/35/70 Series User’s Guide141 Chapter 7 WAN ScreensRetype to Confirm Type your password again to make sure that you have entered is correctly

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1427.12.2 PPPoE EncapsulationThe ZyWALL supports PPPoE (Point-to-Point Protocol over Ethernet

ZyWALL 5/35/70 Series User’s Guide143 Chapter 7 WAN ScreensOperationally, PPPoE saves significant effort for both you and the ISP or carrier, as it r

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 144The following table describes the labels in this screen.Table 40 WAN: PPPoE Encapsulation

ZyWALL 5/35/70 Series User’s Guide145 Chapter 7 WAN ScreensRIP Direction RIP (Routing Information Protocol) allows a router to exchange routing infor

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 1467.12.3 PPTP EncapsulationPoint-to-Point Tunneling Protocol (PPTP) is a network protocol th

ZyWALL 5/35/70 Series User’s Guide147 Chapter 7 WAN ScreensThe following table describes the labels in this screen.Table 41 WAN: PPTP Encapsulation

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 148Enable NAT (Network Address Translation)Network Address Translation (NAT) allows the transl

ZyWALL 5/35/70 Series User’s Guide149 Chapter 7 WAN Screens7.13 Traffic RedirectTraffic redirect forwards WAN traffic to a backup gateway when the Z

ZyWALL 5/35/70 Series User’s Guide15 Table of Contents13.3.3 Signature Actions ...

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 150Figure 59 Traffic Redirect LAN Setup7.14 Configuring Traffic RedirectTo change your ZyWA

ZyWALL 5/35/70 Series User’s Guide151 Chapter 7 WAN Screens7.15 Configuring Dial BackupClick NETWORK, WAN and then the Dial Backup tab to display t

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 152Figure 61 Dial Backup

ZyWALL 5/35/70 Series User’s Guide153 Chapter 7 WAN ScreensThe following table describes the labels in this screen.Table 43 Dial Backup LABEL DESCR

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 154Enable RIP Select this check box to turn on RIP (Routing Information Protocol), which allow

ZyWALL 5/35/70 Series User’s Guide155 Chapter 7 WAN Screens7.16 Advanced Modem Setup7.16.1 AT Command StringsFor regular telephone lines, the defau

ZyWALL 5/35/70 Series User’s GuideChapter 7 WAN Screens 156Figure 62 Advanced SetupThe following table describes the labels in this screen. Table 44

ZyWALL 5/35/70 Series User’s Guide157 Chapter 7 WAN ScreensDial Timeout (sec) Type a number of seconds for the ZyWALL to try to set up an outgoing ca

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 158CHAPTER 8DMZ ScreensThis chapter describes how to configure the ZyWALL’s DMZ.8.1 DMZThe De

ZyWALL 5/35/70 Series User’s Guide159 Chapter 8 DMZ ScreensFigure 63 DMZThe following table describes the labels in this screen. Table 45 DMZ LAB

ZyWALL 5/35/70 Series User’s Guide Table of Contents 1616.6.2 Full Path URL Checking ...

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 160RIP Version The RIP Version field controls the format and the broadcasting method of the RI

ZyWALL 5/35/70 Series User’s Guide161 Chapter 8 DMZ Screens8.3 DMZ Static DHCPThis table allows you to assign IP addresses on the DMZ to specific in

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 162Figure 64 DMZ Static DHCPThe following table describes the labels in this screen.Table 46

ZyWALL 5/35/70 Series User’s Guide163 Chapter 8 DMZ Screens8.4 DMZ IP AliasIP alias allows you to partition a physical network into different logica

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 1648.5 DMZ Public IP Address ExampleThe following figure shows a simple network setup with pu

ZyWALL 5/35/70 Series User’s Guide165 Chapter 8 DMZ ScreensFigure 66 DMZ Public Address Example8.6 DMZ Private and Public IP Address ExampleThe fo

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 166Figure 67 DMZ Private and Public Address Example8.7 DMZ Port RolesUse the Port Roles scr

ZyWALL 5/35/70 Series User’s Guide167 Chapter 8 DMZ ScreensFigure 68 WLAN Port Role Example Note: Do the following if you are configuring from a co

ZyWALL 5/35/70 Series User’s GuideChapter 8 DMZ Screens 168Figure 69 DMZ: Port RolesThe following table describes the labels in this screen. Table 4

ZyWALL 5/35/70 Series User’s Guide169 Chapter 8 DMZ Screens

ZyWALL 5/35/70 Series User’s Guide17 Table of Contents19.7 ID Type and Content ...

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 170CHAPTER 9Wireless LAN This chapter discusses how to configure wireless LAN on the ZyWALL.9

ZyWALL 5/35/70 Series User’s Guide171 Chapter 9 Wireless LANFigure 70 WLANThe following table describes the labels in this screen.Table 49 WLAN

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 172RIP Version The RIP Version field controls the format and the broadcasting method of the R

ZyWALL 5/35/70 Series User’s Guide173 Chapter 9 Wireless LAN9.3 WLAN Static DHCPThis table allows you to assign IP addresses on the WLAN to specific

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 174Figure 71 WLAN Static DHCPThe following table describes the labels in this screen.Table

ZyWALL 5/35/70 Series User’s Guide175 Chapter 9 Wireless LANWhen you use IP alias, you can also configure firewall rules to control access between th

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1769.5 WLAN Port RolesUse the Port Roles screen to set ports as LAN, DMZ or WLAN interfaces.

ZyWALL 5/35/70 Series User’s Guide177 Chapter 9 Wireless LANNote: Do the following if you are configuring from a computer connected to a LAN, DMZ or

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 178After you change the LAN/DMZ/WLAN port roles and click Apply, please wait for few seconds

ZyWALL 5/35/70 Series User’s Guide179 Chapter 9 Wireless LANFigure 76 ZyWALL Wireless Security LevelsIf you do not enable any wireless security on

ZyWALL 5/35/70 Series User’s Guide Table of Contents 1822.5.1 Default Server IP Address ...

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1809.6.3 Restricted AccessThe MAC Filter screen allows you to configure the AP to give exclu

ZyWALL 5/35/70 Series User’s Guide181 Chapter 9 Wireless LAN9.9 802.1x OverviewThe IEEE 802.1x standard outlines enhanced security methods for both

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 182Sent by the RADIUS server to indicate that it has started or stopped accounting. In order

ZyWALL 5/35/70 Series User’s Guide183 Chapter 9 Wireless LANIf this feature is enabled, it is not necessary to configure a default encryption key in

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 184TKIP regularly changes and rotates the encryption keys so that the same encryption key is

ZyWALL 5/35/70 Series User’s Guide185 Chapter 9 Wireless LANFigure 78 WPA-PSK Authentication9.13 Introduction to RADIUSThe ZyWALL can use an exter

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 186Figure 79 WPA with RADIUS Application Example9.15 Wireless Client WPA SupplicantsA wire

ZyWALL 5/35/70 Series User’s Guide187 Chapter 9 Wireless LANFigure 80 Wireless Card: No SecurityThe following table describes the labels in this sc

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1889.16.1 Static WEPStatic WEP provides a mechanism for encrypting data using encryption key

ZyWALL 5/35/70 Series User’s Guide189 Chapter 9 Wireless LANFigure 81 Wireless Card: Static WEPThe following table describes the wireless LAN secur

ZyWALL 5/35/70 Series User’s Guide19 Table of Contents26.5 Name Server Record ...

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 190Figure 82 Wireless Card: WPA-PSKThe following wireless LAN security fields become availa

ZyWALL 5/35/70 Series User’s Guide191 Chapter 9 Wireless LAN9.16.3 WPAClick the NETWORK and WIRELESS CARD to display the Wireless Card screen. Selec

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1929.16.4 IEEE 802.1x + Dynamic WEPClick the NETWORK and WIRELESS CARD to display the Wirele

ZyWALL 5/35/70 Series User’s Guide193 Chapter 9 Wireless LAN9.16.5 IEEE 802.1x + Static WEPClick the NETWORK and WIRELESS CARD to display the Wirele

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 1949.16.6 IEEE 802.1x + No WEPClick the NETWORK and WIRELESS CARD to display the Wireless Ca

ZyWALL 5/35/70 Series User’s Guide195 Chapter 9 Wireless LANThe following wireless LAN security fields become available when you select 802.1x + No W

ZyWALL 5/35/70 Series User’s GuideChapter 9 Wireless LAN 196The following wireless LAN security fields become available when you select No Access 802.

ZyWALL 5/35/70 Series User’s Guide197 Chapter 9 Wireless LANFigure 88 Wireless Card: MAC Address FilterThe following table describes the labels in

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 198CHAPTER 10FirewallsThis chapter gives some background information on firewalls and introduce

ZyWALL 5/35/70 Series User’s Guide199 Chapter 10 Firewalls1 Information hiding prevents the names of internal systems from being made known via DNS t

ZyWALL 5/35/70 Series User’s Guide Copyright 2CopyrightCopyright © 2005 by ZyXEL Communications Corporation.The contents of this publication may not b

ZyWALL 5/35/70 Series User’s Guide Table of Contents 2028.5 Using UPnP in Windows XP Example ...

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 200Figure 89 ZyWALL Firewall Application10.4 Denial of ServiceDenials of Service (DoS) attac

ZyWALL 5/35/70 Series User’s Guide201 Chapter 10 Firewalls10.4.2 Types of DoS AttacksThere are four types of DoS attacks: 1 Those that exploit bugs

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 202response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up

ZyWALL 5/35/70 Series User’s Guide203 Chapter 10 FirewallsFigure 92 Smurf Attack10.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol th

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 204All SMTP commands are illegal except for those displayed in the following tables.Table 66

ZyWALL 5/35/70 Series User’s Guide205 Chapter 10 FirewallsFigure 93 Stateful InspectionThe previous figure shows the ZyWALL’s default firewall rule

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 206temporary entries might be modified, in order to permit only packets that are valid for the

ZyWALL 5/35/70 Series User’s Guide207 Chapter 10 FirewallsIf an initiation packet originates on the LAN, this means that someone is trying to make a

ZyWALL 5/35/70 Series User’s GuideChapter 10 Firewalls 208Any protocol that operates in this way must be supported on a case-by-case basis. You can us

ZyWALL 5/35/70 Series User’s Guide209 Chapter 10 Firewalls10.7.2 Firewall• The firewall inspects packet contents as well as their source and destina

ZyWALL 5/35/70 Series User’s Guide21 Table of ContentsChapter 32Introducing the SMT ...

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 210CHAPTER 11Firewall ScreensThis chapter shows you how to configure your ZyWALL firewal

ZyWALL 5/35/70 Series User’s Guide211 Chapter 11 Firewall Screens• WLAN to WANBy default, the ZyWALL’s stateful packet inspection drops packets trave

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 21211.3 Rule Logic OverviewNote: Study these points carefully before configuring rules.

ZyWALL 5/35/70 Series User’s Guide213 Chapter 11 Firewall Screens11.3.3.2 ServiceSelect the service from the Service scrolling list box. If the serv

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 214Figure 94 LAN to WAN Traffic11.4.2 WAN To LAN RulesThe default rule for WAN to LAN

ZyWALL 5/35/70 Series User’s Guide215 Chapter 11 Firewall Screens11.6 Firewall Default Rule (Router Mode)Click SECURITY, FIREWALL to open the Defaul

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 21611.7 Firewall Default Rule (Bridge Mode) Click SECURITY, FIREWALL to open the Defau

ZyWALL 5/35/70 Series User’s Guide217 Chapter 11 Firewall ScreensFigure 97 Default Rule (Bridge Mode)The following table describes the labels in th

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 21811.8 Firewall Rule Summary Click SECURITY, FIREWALL, then the Rule Summary tab to op

ZyWALL 5/35/70 Series User’s Guide219 Chapter 11 Firewall Screens11.8.1 Firewall Edit Rule Follow these directions to create a new rule.1 In the

ZyWALL 5/35/70 Series User’s Guide Table of Contents 2236.2 Ethernet Encapsulation ...

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 220Figure 99 Firewall Edit Rule

ZyWALL 5/35/70 Series User’s Guide221 Chapter 11 Firewall ScreensThe following table describes the labels in this screen. Table 70 Firewall Edit

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 22211.9 Anti-Probing If an outside user attempts to probe an unsupported port on you

ZyWALL 5/35/70 Series User’s Guide223 Chapter 11 Firewall Screens11.10 Firewall Threshold In the Threshold screen, shown later, you may choose to

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 224When the rate of new connection attempts rises above a threshold (one-minute high), t

ZyWALL 5/35/70 Series User’s Guide225 Chapter 11 Firewall ScreensFigure 101 Firewall ThresholdThe following table describes the labels in this scre

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 22611.11 Service Click SECURITY, FIREWALL, then the Service tab to open the screen as s

ZyWALL 5/35/70 Series User’s Guide227 Chapter 11 Firewall ScreensFigure 102 Firewall ServiceThe following table describes the labels in this screen

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 22811.11.1 Firewall Edit Custom Service Configure customized ports for services not pre

ZyWALL 5/35/70 Series User’s Guide229 Chapter 11 Firewall Screens11.11.2 Predefined ServicesThe Predefined Services table in the Service screen disp

ZyWALL 5/35/70 Series User’s Guide23 Table of ContentsChapter 41IP Static Route Setup ...

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 230IMAP(TCP/UDP:143) Internet Message Access Protocol (IMAP) is used to access mail stor

ZyWALL 5/35/70 Series User’s Guide231 Chapter 11 Firewall Screens11.12 Example Firewall Rule The following Internet firewall rule example allows a h

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 232Figure 104 Service2 Configure it as follows and click Apply.Figure 105 Edit Custo

ZyWALL 5/35/70 Series User’s Guide233 Chapter 11 Firewall ScreensFigure 106 Rule Summary6 Enter the name of the firewall rule.7 Select Any in the D

ZyWALL 5/35/70 Series User’s GuideChapter 11 Firewall Screens 234Note: Custom services show up with an * before their names in the Services list box a

ZyWALL 5/35/70 Series User’s Guide235 Chapter 11 Firewall ScreensFigure 109 My Service Example Rule SummaryRule 1: Allows a My Service connection f

ZyWALL 5/35/70 Series User’s GuideChapter 12 Intrusion Detection and Prevention (IDP) 236CHAPTER 12Intrusion Detection and Prevention (IDP) This chapt

ZyWALL 5/35/70 Series User’s Guide237 Chapter 12 Intrusion Detection and Prevention (IDP)Firewalls are usually deployed at the network edge. However,

ZyWALL 5/35/70 Series User’s GuideChapter 12 Intrusion Detection and Prevention (IDP) 23812.1.5 Example IntrusionsThe following are some examples of

ZyWALL 5/35/70 Series User’s Guide239 Chapter 12 Intrusion Detection and Prevention (IDP)12.1.5.4 MyDoomMyDoom W32.Mydoom.A@mm (also known as W32.No

ZyWALL 5/35/70 Series User’s Guide Table of Contents 24Chapter 45SNMP Configuration ...

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 240CHAPTER 13Configuring IDPThis chapter shows you how to configure IDP on the ZyWALL. 13

ZyWALL 5/35/70 Series User’s Guide241 Chapter 13 Configuring IDPFigure 111 Applying IDP to Interfaces13.2 General SetupUse this screen to enable I

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 242Figure 112 IDP: GeneralThe following table describes the labels in this screen.Table

ZyWALL 5/35/70 Series User’s Guide243 Chapter 13 Configuring IDPTo see signatures listed by intrusion type supported by the ZyWALL, select that type

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 24413.3.2 Intrusion SeverityIntrusions are assigned a severity level based on the follow

ZyWALL 5/35/70 Series User’s Guide245 Chapter 13 Configuring IDPFigure 114 Signature Actions The following table describes signature actions. Table

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 246Figure 115 IDP: SignaturesThe following table describes the labels in this screen.Ta

ZyWALL 5/35/70 Series User’s Guide247 Chapter 13 Configuring IDP13.3.5 Query View Click IDP in the navigation panel and then click the Signatures ta

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 248Note: A partial name may be searched but a complete ID number must be entered before a

ZyWALL 5/35/70 Series User’s Guide249 Chapter 13 Configuring IDPFigure 117 Signature Query by Complete ID13.3.5.2 Query Example 21 From the “group

ZyWALL 5/35/70 Series User’s Guide25 Table of Contents47.5.6 TFTP Upload Command Example ...6204

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 250Figure 118 Signature Query by Attribute. 13.4 Update The ZyWALL comes with built-in

ZyWALL 5/35/70 Series User’s Guide251 Chapter 13 Configuring IDP13.4.2 Configuring IDP UpdateWhen scheduling signature updates, you should choose a

ZyWALL 5/35/70 Series User’s GuideChapter 13 Configuring IDP 252The following table describes the labels in this screen.Table 81 Signatures Update L

ZyWALL 5/35/70 Series User’s Guide253 Chapter 13 Configuring IDP13.5 Backup and RestoreYou can change the pre-defined Active, Log, Alert and/or Acti

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 254CHAPTER 14Anti-Virus This chapter introduces and shows you how to configure the anti-virus

ZyWALL 5/35/70 Series User’s Guide255 Chapter 14 Anti-Virus2 The virus spreads to other files and programs on the computer. 3 The infected files are

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 25614.2.1 How the ZyWALL Anti-Virus Scanner WorksThe ZyWALL checks traffic going to the inte

ZyWALL 5/35/70 Series User’s Guide257 Chapter 14 Anti-Virus1 The ZyWALL anti-virus scanner cannot detect polymorphic viruses. 2 The ZyWALL does not

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 258The following table describes the labels in this screen.Table 83 Anti-Virus: General LABE

ZyWALL 5/35/70 Series User’s Guide259 Chapter 14 Anti-VirusNote: You should have already registered the ZyWALL at myZyXEL.com (http://www.myzyxel.com

ZyWALL 5/35/70 Series User’s Guide Table of Contents 2652.5.1.3 Java Permissions ...

ZyWALL 5/35/70 Series User’s GuideChapter 14 Anti-Virus 260Figure 123 Anti-Virus: UpdateThe following table describes the labels in this screen. Ta

ZyWALL 5/35/70 Series User’s Guide261 Chapter 14 Anti-VirusUpdate Now Click this button to begin downloading signatures from the Update Server immedi

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 262CHAPTER 15Anti-SpamThis chapter covers how to use the ZyWALL’s anti-spam feature to deal wit

ZyWALL 5/35/70 Series User’s Guide263 Chapter 15 Anti-Spam15.1.1.1 SpamBulk EngineThe e-mail fingerprint ID that the ZyWALL generates and sends to t

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 26415.1.1.4 SpamTricks EngineThe SpamTricks engine checks for the tactics that spammers use to

ZyWALL 5/35/70 Series User’s Guide265 Chapter 15 Anti-SpamThe anti-spam external database checks for spoofing of e-mail attributes (like the IP addre

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 26615.1.7 MIME HeadersMIME (Multipurpose Internet Mail Extensions) allows varied media types t

ZyWALL 5/35/70 Series User’s Guide267 Chapter 15 Anti-SpamThe following table describes the labels in this screen. Table 85 Anti-Spam: GeneralLABEL

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 268Figure 126 Anti-Spam: External DBThe following table describes the labels in this screen.

ZyWALL 5/35/70 Series User’s Guide269 Chapter 15 Anti-Spam15.4 Anti-Spam Lists Screen Click SECURITY, ANTI-SPAM, Lists to display the Anti-Spam Lis

ZyWALL 5/35/70 Series User’s Guide27 Table of ContentsCertificates Commands ...

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 270Figure 127 Anti-Spam: ListsThe following table describes the labels in this screen. Table

ZyWALL 5/35/70 Series User’s Guide271 Chapter 15 Anti-Spam15.5 Anti-Spam Rule Edit Screen Click SECURITY, ANTI-SPAM, Lists to display the Anti-Spa

ZyWALL 5/35/70 Series User’s GuideChapter 15 Anti-Spam 272The following table describes the labels in this screen. Table 88 Anti-Spam Rule EditLAB

ZyWALL 5/35/70 Series User’s Guide273 Chapter 15 Anti-SpamApply Click Apply to save your settings and exit this screen.Cancel Click Cancel to exit th

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 274CHAPTER 16Content Filtering ScreensThis chapter provides an overview of cont

ZyWALL 5/35/70 Series User’s Guide275 Chapter 16 Content Filtering ScreensFigure 129 Content Filter : GeneralThe following table describes the labe

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 27616.3 Content Filtering with an External DatabaseWhen you register for and e

ZyWALL 5/35/70 Series User’s Guide277 Chapter 16 Content Filtering ScreensFigure 130 Content Filtering Lookup Procedure1 A computer behind the ZyWA

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 278Figure 131 Content Filter : CategoriesThe following table describes the la

ZyWALL 5/35/70 Series User’s Guide279 Chapter 16 Content Filtering ScreensUnrated Web Pages Select Block to prevent users from accessing web pages th

ZyWALL 5/35/70 Series User’s Guide List of Figures 28List of FiguresFigure 1 Secure Internet Access via Cable, DSL or Wireless Modem ...

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 280Alcohol/Tobacco Selecting this category excludes pages that promote or offer

ZyWALL 5/35/70 Series User’s Guide281 Chapter 16 Content Filtering ScreensEducation Selecting this category excludes pages that offer educational inf

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 282News/Media Selecting this category excludes pages that primarily report info

ZyWALL 5/35/70 Series User’s Guide283 Chapter 16 Content Filtering ScreensHumor/Jokes Selecting this category excludes pages that primarily focus on

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 28416.5 Content Filter Customization Click SECURITY, CONTENT FILTER, then th

ZyWALL 5/35/70 Series User’s Guide285 Chapter 16 Content Filtering ScreensThe following table describes the labels in this screen. Table 91 Content

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 28616.6 Customizing Keyword Blocking URL CheckingYou can use commands to set h

ZyWALL 5/35/70 Series User’s Guide287 Chapter 16 Content Filtering ScreensUse the ip urlfilter customize actionFlags 8 [disable | enable] command to

ZyWALL 5/35/70 Series User’s GuideChapter 16 Content Filtering Screens 288The following table describes the labels in this screen.Table 92 Content F

ZyWALL 5/35/70 Series User’s Guide289 Chapter 16 Content Filtering Screens

ZyWALL 5/35/70 Series User’s Guide29 List of FiguresFigure 39 WLAN Port Role Example ...

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 290CHAPTER 17Content Filtering ReportsThis chapter describes how to view conten

ZyWALL 5/35/70 Series User’s Guide291 Chapter 17 Content Filtering ReportsFigure 134 myZyXEL.com: Login3 A welcome screen displays. Click your ZyWA

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 292Figure 136 myZyXEL.com: Service Management5 Enter your ZyXEL device's

ZyWALL 5/35/70 Series User’s Guide293 Chapter 17 Content Filtering ReportsFigure 138 Content Filtering Reports Main Screen8 Select items under Glob

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 294Figure 140 Global Report Screen Example11You can click a category in the C

ZyWALL 5/35/70 Series User’s Guide295 Chapter 17 Content Filtering ReportsFigure 141 Requested URLs Example17.3 Web Site SubmissionYou may find th

ZyWALL 5/35/70 Series User’s GuideChapter 17 Content Filtering Reports 296Figure 142 Web Page Review Process Screen3 Type the web site’s URL in the

ZyWALL 5/35/70 Series User’s Guide297 Chapter 17 Content Filtering Reports

ZyWALL 5/35/70 Series User’s GuideChapter 18 Introduction to IPSec 298CHAPTER 18Introduction to IPSecThis chapter introduces the basics of IPSec VPNs.

ZyWALL 5/35/70 Series User’s Guide299 Chapter 18 Introduction to IPSecFigure 143 Encryption and Decryption18.1.3.2 Data ConfidentialityThe IPSec s

ZyWALL 5/35/70 Series User’s Guide3 Federal Communications Commission (FCC) Interference StatementFederal Communications Commission (FCC) Interferen

ZyWALL 5/35/70 Series User’s Guide List of Figures 30Figure 82 Wireless Card: WPA-PSK ...

ZyWALL 5/35/70 Series User’s GuideChapter 18 Introduction to IPSec 30018.2 IPSec ArchitectureThe overall IPSec architecture is shown as follows.Figur

ZyWALL 5/35/70 Series User’s Guide301 Chapter 18 Introduction to IPSecFigure 145 Transport and Tunnel Mode IPSec Encapsulation18.3.1 Transport Mod

ZyWALL 5/35/70 Series User’s GuideChapter 18 Introduction to IPSec 302NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An I

ZyWALL 5/35/70 Series User’s Guide303 Chapter 18 Introduction to IPSec

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 304CHAPTER 19VPN ScreensThis chapter introduces the VPN Web Configurator. See Chapter 30 on p

Table 94 ESP and AHESP AHEncryption DES (default)Data Encryption Standard (DES) is a widely used method of data encryption using a secret key. DES a

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 306If the remote secure gateway has a static WAN IP address, enter it in the Remote Gateway A

ZyWALL 5/35/70 Series User’s Guide307 Chapter 19 VPN ScreensFigure 146 NAT Router Between IPSec RoutersNormally you cannot set up a VPN connection

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 308between three encryption algorithms (DES, 3DES and AES), two authentication algorithms (MD

ZyWALL 5/35/70 Series User’s Guide309 Chapter 19 VPN ScreensThe two ZyWALLs in this example cannot complete their negotiation because ZyWALL B’s Loca

ZyWALL 5/35/70 Series User’s Guide31 List of FiguresFigure 125 Anti-Spam: General ...

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 310• Choose an authentication algorithm.• Choose a Diffie-Hellman public-key cryptography key

ZyWALL 5/35/70 Series User’s Guide311 Chapter 19 VPN Screens19.8.3 Diffie-Hellman (DH) Key GroupsDiffie-Hellman (DH) is a public-key cryptography pr

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 31219.10 VPN Rules (IKE) Click VPN to display the VPN Rules (IKE) screen. This is a read-on

ZyWALL 5/35/70 Series User’s Guide313 Chapter 19 VPN ScreensFigure 149 Gateway and Network Policies This figure helps explain the main fields in th

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 314Note: The Recycle Bin gateway policy is a virtual placeholder for any network policy(ies)

ZyWALL 5/35/70 Series User’s Guide315 Chapter 19 VPN ScreensFigure 151 VPN Rules (IKE): Gateway Policy: Edit

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 316The following table describes the labels in this screen. Table 101 VPN Rules (IKE): Gate

ZyWALL 5/35/70 Series User’s Guide317 Chapter 19 VPN ScreensRemote Gateway AddressType the WAN IP address or the domain name (up to 31 characters) of

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 318Peer ID Type Select from the following when you set Authentication Key to Pre-shared Key.•

ZyWALL 5/35/70 Series User’s Guide319 Chapter 19 VPN ScreensServer Mode Select Server Mode to have this ZyWALL authenticate extended authentication c

ZyWALL 5/35/70 Series User’s Guide List of Figures 32Figure 168 Trusted Remote Hosts ...

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 32019.12 VPN Rules (IKE): Network Policy Edit Click VPN and the add network policy ( ) ic

ZyWALL 5/35/70 Series User’s Guide321 Chapter 19 VPN ScreensFigure 152 VPN Rules (IKE): Network Policy Edit

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 322The following table describes the labels in this screen. Table 102 VPN Rules (IKE): Netw

ZyWALL 5/35/70 Series User’s Guide323 Chapter 19 VPN ScreensStarting IP Address When the Address Type field is configured to Single Address, enter a

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 32419.13 VPN Rules (IKE): Network Policy Move Click the move ( ) icon in the VPN Rules (IK

ZyWALL 5/35/70 Series User’s Guide325 Chapter 19 VPN ScreensFigure 153 VPN Rules (IKE): Network Policy Move The following table describes the label

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 326You may want to configure a VPN rule that uses manual key management if you are having pro

ZyWALL 5/35/70 Series User’s Guide327 Chapter 19 VPN Screens19.15 VPN Rules (Manual): Edit Manual key management is useful if you have problems wi

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 328Figure 155 VPN Rules (Manual): Edit The following table describes the labels in this scr

ZyWALL 5/35/70 Series User’s Guide329 Chapter 19 VPN ScreensLocal Network Local IP addresses must be static and correspond to the remote IPSec router

ZyWALL 5/35/70 Series User’s Guide33 List of FiguresFigure 211 Login Screen (Internet Explorer) ...

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 330My ZyWALL When the ZyWALL is in router mode, enter the WAN IP address or the domain name o

ZyWALL 5/35/70 Series User’s Guide331 Chapter 19 VPN Screens19.16 VPN SA Monitor In the web configurator, click VPN and the SA Monitor tab. Use thi

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 33219.17 VPN Global Setting Click VPN, then the Global Setting tab to open the VPN Global Se

ZyWALL 5/35/70 Series User’s Guide333 Chapter 19 VPN Screens19.18 Telecommuter VPN/IPSec ExamplesThe following examples show how multiple telecommut

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 334Figure 158 Telecommuters Sharing One VPN Rule ExampleTable 108 Telecommuters Sharing O

ZyWALL 5/35/70 Series User’s Guide335 Chapter 19 VPN ScreensFigure 159 Telecommuters Using Unique VPN Rules ExampleTable 109 Telecommuters Using

ZyWALL 5/35/70 Series User’s GuideChapter 19 VPN Screens 33619.19 VPN and Remote ManagementIf a VPN tunnel uses Telnet, FTP, WWW, SNMP, DNS or ICMP,

ZyWALL 5/35/70 Series User’s Guide337 Chapter 19 VPN Screens

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 338CHAPTER 20CertificatesThis chapter gives background information about public-key certific

ZyWALL 5/35/70 Series User’s Guide339 Chapter 20 CertificatesCertification authorities maintain directory servers with databases of valid and revoked

ZyWALL 5/35/70 Series User’s Guide List of Figures 34Figure 254 Firmware Upload In Process ...

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 34020.4 My Certificates Click SECURITY, CERTIFICATES, My Certificates to open the My Certif

ZyWALL 5/35/70 Series User’s Guide341 Chapter 20 CertificatesType This field displays what kind of certificate this is. REQ represents a certificatio

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 34220.5 My Certificate Import Click SECURITY, CERTIFICATES, My Certificates and then Impor

ZyWALL 5/35/70 Series User’s Guide343 Chapter 20 CertificatesFigure 162 My Certificate ImportThe following table describes the labels in this scree

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 344Figure 163 My Certificate CreateThe following table describes the labels in this screen

ZyWALL 5/35/70 Series User’s Guide345 Chapter 20 CertificatesCountry Type up to 127 characters to identify the nation where the certificate owner is

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 346After you click Apply in the My Certificate Create screen, you see a screen that tells yo

ZyWALL 5/35/70 Series User’s Guide347 Chapter 20 CertificatesFigure 164 My Certificate Details

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 348The following table describes the labels in this screen. Table 113 My Certificate Deta

ZyWALL 5/35/70 Series User’s Guide349 Chapter 20 Certificates20.8 Trusted CAs Click SECURITY, CERTIFICATES, Trusted CAs to open the Trusted CAs sc

ZyWALL 5/35/70 Series User’s Guide35 List of FiguresFigure 297 Menu 6.3: Route Failover ...

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 350Figure 165 Trusted CAsThe following table describes the labels in this screen. Table 11

ZyWALL 5/35/70 Series User’s Guide351 Chapter 20 Certificates20.9 Trusted CA Import Click SECURITY, CERTIFICATES, Trusted CAs to open the Trusted

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 352The following table describes the labels in this screen.Table 115 Trusted CA ImportLABE

ZyWALL 5/35/70 Series User’s Guide353 Chapter 20 CertificatesFigure 167 Trusted CA DetailsThe following table describes the labels in this screen.

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 354Certification Path Click the Refresh button to have this read-only text box display the e

ZyWALL 5/35/70 Series User’s Guide355 Chapter 20 Certificates20.11 Trusted Remote Hosts Click SECURITY, CERTIFICATES, Trusted Remote Hosts to open

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 356Figure 168 Trusted Remote HostsThe following table describes the labels in this screen.

ZyWALL 5/35/70 Series User’s Guide357 Chapter 20 Certificates20.12 Verifying a Trusted Remote Host’s CertificateCertificates issued by certification

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 358Figure 170 Certificate Details Verify (over the phone for example) that the remote host

ZyWALL 5/35/70 Series User’s Guide359 Chapter 20 CertificatesFigure 171 Trusted Remote Host ImportThe following table describes the labels in this

ZyWALL 5/35/70 Series User’s Guide List of Figures 36Figure 339 Menu 21.2: Firewall Setup ...

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 360Figure 172 Trusted Remote Host DetailsThe following table describes the labels in this

ZyWALL 5/35/70 Series User’s Guide361 Chapter 20 CertificatesCertificate Information These read-only fields display detailed information about the ce

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 36220.15 Directory Servers Click SECURITY, CERTIFICATES, Directory Servers to open the Dir

ZyWALL 5/35/70 Series User’s Guide363 Chapter 20 CertificatesThe following table describes the labels in this screen. Table 120 Directory ServersL

ZyWALL 5/35/70 Series User’s GuideChapter 20 Certificates 364The following table describes the labels in this screen. Table 121 Directory Server Add

ZyWALL 5/35/70 Series User’s Guide365 Chapter 20 Certificates

ZyWALL 5/35/70 Series User’s GuideChapter 21 Authentication Server 366CHAPTER 21Authentication ServerThis chapter discusses how to configure the ZyWAL

ZyWALL 5/35/70 Series User’s Guide367 Chapter 21 Authentication ServerFigure 175 Local User Database

ZyWALL 5/35/70 Series User’s GuideChapter 21 Authentication Server 368The following table describes the labels in this screen. Table 122 Local Use

ZyWALL 5/35/70 Series User’s Guide369 Chapter 21 Authentication ServerThe following table describes the labels in this screen. Table 123 RADIUSLAB

ZyWALL 5/35/70 Series User’s Guide37 List of FiguresFigure 382 Example Xmodem Upload ...

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 370CHAPTER 22Network Address Translation (NAT) This chapter discusses h

ZyWALL 5/35/70 Series User’s Guide371 Chapter 22 Network Address Translation (NAT)22.1.2 What NAT DoesIn the simplest form, NAT changes the source I

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 372Figure 177 How NAT Works 22.1.4 NAT ApplicationThe following figu

ZyWALL 5/35/70 Series User’s Guide373 Chapter 22 Network Address Translation (NAT)22.1.5 Port Restricted Cone NATAt the time of writing ZyWALL ZyNOS

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 374• Server: This type allows you to specify inside servers of differen

ZyWALL 5/35/70 Series User’s Guide375 Chapter 22 Network Address Translation (NAT)22.3 NAT Overview Click ADVANCED, NAT to open the NAT Overview s

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 37622.4 NAT Address Mapping Ordering your rules is important because

ZyWALL 5/35/70 Series User’s Guide377 Chapter 22 Network Address Translation (NAT)Figure 181 NAT Address MappingThe following table describes the l

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 37822.4.1 NAT Address Mapping Edit Click the Edit button to display t

ZyWALL 5/35/70 Series User’s Guide379 Chapter 22 Network Address Translation (NAT)The following table describes the labels in this screen. Table 128

ZyWALL 5/35/70 Series User’s Guide List of Figures 38Figure 425 Windows XP: Advanced TCP/IP Properties ...

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 38022.5.1 Default Server IP AddressIn addition to the servers for spec

ZyWALL 5/35/70 Series User’s Guide381 Chapter 22 Network Address Translation (NAT)Figure 183 Multiple Servers Behind NAT Example22.5.4 NAT and Mul

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 382Figure 184 Port Translation Example22.6 Port Forwarding Note: If

ZyWALL 5/35/70 Series User’s Guide383 Chapter 22 Network Address Translation (NAT)Figure 185 Port ForwardingThe following table describes the label

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 38422.7 Port Triggering Some services use a dedicated range of ports

ZyWALL 5/35/70 Series User’s Guide385 Chapter 22 Network Address Translation (NAT)4 The ZyWALL forwards the traffic to Jane’s computer IP address. 5

ZyWALL 5/35/70 Series User’s GuideChapter 22 Network Address Translation (NAT) 386Trigger The trigger port is a port (or a range of ports) that causes

ZyWALL 5/35/70 Series User’s Guide387 Chapter 22 Network Address Translation (NAT)

ZyWALL 5/35/70 Series User’s GuideChapter 23 Static Route 388CHAPTER 23Static RouteThis chapter shows you how to configure static routes for your ZyWA

ZyWALL 5/35/70 Series User’s Guide389 Chapter 23 Static RouteNote: The default route is disabled after you change the static WAN IP address to a dyna

ZyWALL 5/35/70 Series User’s Guide39 List of FiguresFigure 468 Headquarters Network Policy Edit ...

ZyWALL 5/35/70 Series User’s GuideChapter 23 Static Route 39023.2.1 IP Static Route Edit Select a static route index number and click Edit. The scr

ZyWALL 5/35/70 Series User’s Guide391 Chapter 23 Static RouteGateway IP AddressEnter the IP address of the gateway. The gateway is a router or switch

ZyWALL 5/35/70 Series User’s GuideChapter 24 Policy Route 392CHAPTER 24Policy RouteThis chapter covers setting and applying policies used for IP routi

ZyWALL 5/35/70 Series User’s Guide393 Chapter 24 Policy RouteIPPR follows the existing packet filtering facility of RAS in style and in implementatio

ZyWALL 5/35/70 Series User’s GuideChapter 24 Policy Route 394The following table describes the labels in this screen. Table 134 Policy Route Summary

ZyWALL 5/35/70 Series User’s Guide395 Chapter 24 Policy RouteFigure 192 Edit IP Policy RouteThe following table describes the labels in this screen

ZyWALL 5/35/70 Series User’s GuideChapter 24 Policy Route 396Packet Length Type a length of packet (in bytes). The operators in the Len Compare field

ZyWALL 5/35/70 Series User’s Guide397 Chapter 24 Policy Route

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 398CHAPTER 25Bandwidth ManagementThis chapter describes the functions and configurat

ZyWALL 5/35/70 Series User’s Guide399 Chapter 25 Bandwidth Management25.3 Proportional Bandwidth AllocationBandwidth management allows you to define

ZyWALL 5/35/70 Series User’s Guide Federal Communications Commission (FCC) Interference Statement 4

ZyWALL 5/35/70 Series User’s Guide List of Tables 40List of TablesTable 1 Model Specific Features ...

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 40025.6 Application and Subnet-based Bandwidth ManagementYou could also create band

ZyWALL 5/35/70 Series User’s Guide401 Chapter 25 Bandwidth ManagementWhen you enable maximize bandwidth usage, the ZyWALL first makes sure that each

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 40225.7.5.1 Priority-based Allotment of Unused and Unbudgeted BandwidthThe followin

ZyWALL 5/35/70 Series User’s Guide403 Chapter 25 Bandwidth Management25.8 Bandwidth BorrowingBandwidth borrowing allows a sub-class to borrow unused

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 404• The Bill class cannot borrow unused bandwidth from the Root class because the S

ZyWALL 5/35/70 Series User’s Guide405 Chapter 25 Bandwidth ManagementFigure 194 Bandwidth Management: SummaryThe following table describes the labe

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 40625.11 Configuring Class Setup The Class Setup screen displays the configured ba

ZyWALL 5/35/70 Series User’s Guide407 Chapter 25 Bandwidth Management25.11.1 Bandwidth Manager Class Configuration Configure a bandwidth management

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 408Figure 196 Bandwidth Management: Edit ClassThe following table describes the la

ZyWALL 5/35/70 Series User’s Guide409 Chapter 25 Bandwidth ManagementEnable Bandwidth Filter Select Enable Bandwidth Filter to have the ZyWALL use th

ZyWALL 5/35/70 Series User’s Guide41 List of TablesTable 39 WAN: Ethernet Encapsulation ...

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 41025.11.2 Bandwidth Management Statistics Use the Bandwidth Management Statis

ZyWALL 5/35/70 Series User’s Guide411 Chapter 25 Bandwidth ManagementFigure 197 Bandwidth Management: Statistics The following table describes the

ZyWALL 5/35/70 Series User’s GuideChapter 25 Bandwidth Management 412Figure 198 Bandwidth Management: Monitor The following table describes the labe

ZyWALL 5/35/70 Series User’s Guide413 Chapter 25 Bandwidth Management

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 414CHAPTER 26DNSThis chapter shows you how to configure the DNS screens.26.1 DNS Overview DNS (Doma

ZyWALL 5/35/70 Series User’s Guide415 Chapter 26 DNS26.4 Address RecordAn address record contains the mapping of a fully qualified domain name (FQDN

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 416Figure 199 Private DNS Server ExampleNote: If you do not specify an Intranet DNS server on the r

ZyWALL 5/35/70 Series User’s Guide417 Chapter 26 DNSFigure 200 System DNSThe following table describes the labels in this screen.Table 147 System

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 41826.6.1 Adding an Address Record Click Add in the System screen to add an address record.Figure 2

ZyWALL 5/35/70 Series User’s Guide419 Chapter 26 DNSThe following table describes the labels in this screen. Table 148 System DNS: Add Address Rec

ZyWALL 5/35/70 Series User’s Guide List of Tables 42Table 82 Common Computer Virus Types ...

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 420The following table describes the labels in this screen.Table 149 System DNS: Insert Name Server

ZyWALL 5/35/70 Series User’s Guide421 Chapter 26 DNS26.8 Configure DNS CacheTo configure your ZyWALL’s DNS caching, click ADVANCED, DNS, then the Ca

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 42226.9 Configuring DNS DHCP Click ADVANCED, DNS and then the DHCP tab to open the DNS DHCP screen

ZyWALL 5/35/70 Series User’s Guide423 Chapter 26 DNSFigure 204 DNS DHCPThe following table describes the labels in this screen.Table 151 DNS DHCP

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 42426.10 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or m

ZyWALL 5/35/70 Series User’s Guide425 Chapter 26 DNSFigure 205 DDNSThe following table describes the labels in this screen.Table 152 DDNSLABEL DE

ZyWALL 5/35/70 Series User’s GuideChapter 26 DNS 426WAN Interface Select the WAN port to use for updating the IP address of the domain name.IP Address

ZyWALL 5/35/70 Series User’s Guide427 Chapter 26 DNS

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 428CHAPTER 27Remote ManagementThis chapter provides information on the Remote Managemen

ZyWALL 5/35/70 Series User’s Guide429 Chapter 27 Remote Management1 A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet

ZyWALL 5/35/70 Series User’s Guide43 List of TablesTable 125 NAT Mapping Types ...

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 430Figure 206 HTTPS ImplementationNote: If you disable HTTP Server Access (Disable) i

ZyWALL 5/35/70 Series User’s Guide431 Chapter 27 Remote ManagementFigure 207 WWWThe following table describes the labels in this screen. Table 153

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 43227.4 HTTPS ExampleIf you haven’t changed the default HTTPS port on the ZyWALL, then

ZyWALL 5/35/70 Series User’s Guide433 Chapter 27 Remote Management27.4.2 Netscape Navigator Warning MessagesWhen you attempt to access the ZyWALL HT

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 43427.4.3 Avoiding the Browser Warning MessagesThe following describes the main reason

ZyWALL 5/35/70 Series User’s Guide435 Chapter 27 Remote ManagementFigure 211 Login Screen (Internet Explorer)Figure 212 Login Screen (Netscape)Cl

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 436Figure 213 Replace CertificateClick Apply in the Replace Certificate screen to cre

ZyWALL 5/35/70 Series User’s Guide437 Chapter 27 Remote ManagementFigure 215 Common ZyWALL Certificate27.5 SSH Unlike Telnet or FTP, which trans

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 438Figure 217 How SSH Works1 Host IdentificationThe SSH client sends a connection req

ZyWALL 5/35/70 Series User’s Guide439 Chapter 27 Remote Management27.7.1 Requirements for Using SSHYou must install an SSH client program on a clien

ZyWALL 5/35/70 Series User’s Guide List of Tables 44Table 168 Web Site Hits Report ...

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 44027.9 Secure Telnet Using SSH ExamplesThis section shows two examples using a comman

ZyWALL 5/35/70 Series User’s Guide441 Chapter 27 Remote ManagementFigure 220 SSH Example 2: Test $ telnet 192.168.1.1 22Trying 192.168.1.1...Connec

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 442Figure 222 Secure FTP: Firmware Upload Example$ sftp -1 192.168.1.1Connecting to 1

ZyWALL 5/35/70 Series User’s Guide443 Chapter 27 Remote ManagementFigure 224 Teln e tThe following table describes the labels in this screen. Table

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 444Figure 225 FTPThe following table describes the labels in this screen. Table 156

ZyWALL 5/35/70 Series User’s Guide445 Chapter 27 Remote ManagementFigure 226 SNMP Management ModelAn SNMP managed network consists of two main type

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 44627.14.1 Supported MIBsThe ZyWALL supports MIB II that is defined in RFC-1213 and R

ZyWALL 5/35/70 Series User’s Guide447 Chapter 27 Remote ManagementFigure 227 SNMPThe following table describes the labels in this screen. Table 158

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 44827.15 DNS Use DNS (Domain Name System) to map a domain name to its corresponding I

ZyWALL 5/35/70 Series User’s Guide449 Chapter 27 Remote ManagementIf you allow your ZyWALL to be managed by the Vantage CNM server, then you should n

ZyWALL 5/35/70 Series User’s Guide45 List of TablesTable 211 Remote Node Network Layer Options Menu Fields ...

ZyWALL 5/35/70 Series User’s GuideChapter 27 Remote Management 450Last Registration Time This field displays the last date (year-month-date) and time

ZyWALL 5/35/70 Series User’s Guide451 Chapter 27 Remote Management

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 452CHAPTER 28UPnPThis chapter introduces the Universal Plug and Play feature. This chapter is only a

ZyWALL 5/35/70 Series User’s Guide453 Chapter 28 UPnPAll UPnP-enabled devices may communicate freely with each other without additional configuration

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 45428.3 Displaying UPnP Port Mapping Click UPnP and then Ports to display the UPnP Ports screen.

ZyWALL 5/35/70 Series User’s Guide455 Chapter 28 UPnPThe following table describes the labels in this screen. Table 162 UPnP Ports LABEL DESCRIPTIO

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 45628.4.1 Installing UPnP in Windows MeFollow the steps below to install UPnP in Windows Me. 1 Clic

ZyWALL 5/35/70 Series User’s Guide457 Chapter 28 UPnP28.4.2 Installing UPnP in Windows XPFollow the steps below to install UPnP in Windows XP.1 Clic

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 45828.5.1 Auto-discover Your UPnP-enabled Network Device1 Click Start and Control Panel. Double-cli

ZyWALL 5/35/70 Series User’s Guide459 Chapter 28 UPnPNote: When the UPnP-enabled device is disconnected from your computer, all port mappings will be

ZyWALL 5/35/70 Series User’s Guide List of Tables 46Table 254 Classes of IP Addresses ...

ZyWALL 5/35/70 Series User’s GuideChapter 28 UPnP 460Follow the steps below to access the web configurator.1 Click Start and then Control Panel. 2 Dou

6 Right-click the icon for your ZyXEL device and select Properties. A properties window displays with basic information about the ZyXEL device. ZyWALL

ZyWALL 5/35/70 Series User’s GuideChapter 29 ALG Screen 462CHAPTER 29ALG ScreenThis chapter covers how to use the ZyWALL’s ALG feature to allow certai

ZyWALL 5/35/70 Series User’s Guide463 Chapter 29 ALG ScreenIf the primary WAN connection fails, the client needs to re-initialize the connection thro

ZyWALL 5/35/70 Series User’s GuideChapter 29 ALG Screen 464Figure 232 H.323 ALG Example Signaling session over TCP port 1720Audio session using RTP•

ZyWALL 5/35/70 Series User’s Guide465 Chapter 29 ALG ScreenFigure 234 H.323 Calls from the WAN with Multiple Outgoing Calls• The H.323 ALG operates

ZyWALL 5/35/70 Series User’s GuideChapter 29 ALG Screen 466The following example shows SIP signaling and audio sessions between SIP clients A and B an

ZyWALL 5/35/70 Series User’s Guide467 Chapter 29 ALG ScreenFigure 236 ALG The following table describes the labels in this screen. Table 163 ALG

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 468CHAPTER 30Logs ScreensThis chapter contains information about configuring general log set

ZyWALL 5/35/70 Series User’s Guide469 Chapter 30 Logs ScreensThe following table describes the labels in this screen. Table 164 View Log LABEL D

ZyWALL 5/35/70 Series User’s Guide47 List of TablesTable 297 AS Logs ...

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 47030.2.1 Certificate Not Trusted Log NotemyZyXEL.com and the update server use certificate

ZyWALL 5/35/70 Series User’s Guide471 Chapter 30 Logs ScreensFigure 239 myZyXEL.com: Certificate Download30.3 Configuring Log Settings To change y

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 472Figure 240 Log Settings

ZyWALL 5/35/70 Series User’s Guide473 Chapter 30 Logs ScreensThe following table describes the labels in this screen.Table 166 Log Settings LABEL D

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 47430.4 Configuring Reports The Reports page displays which computers on the LAN send and r

ZyWALL 5/35/70 Series User’s Guide475 Chapter 30 Logs ScreensFigure 241 ReportsNote: Enabling the ZyWALL’s reporting function decreases the overall

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 47630.4.1 Viewing Web Site HitsIn the Reports screen, select Web Site Hits from the Report

ZyWALL 5/35/70 Series User’s Guide477 Chapter 30 Logs ScreensFigure 243 Protocol/Port Report ExampleThe following table describes the labels in thi

ZyWALL 5/35/70 Series User’s GuideChapter 30 Logs Screens 47830.4.3 Viewing Host IP AddressIn the Reports screen, select Host IP Address from the Rep

ZyWALL 5/35/70 Series User’s Guide479 Chapter 30 Logs Screens30.4.4 Reports SpecificationsThe following table lists detailed specifications on the r

ZyWALL 5/35/70 Series User’s Guide Preface 48PrefaceCongratulations on your purchase of the ZyWALL. Note: Register your product online to receive e-ma

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 480CHAPTER 31MaintenanceThis chapter displays information on the maintenance screens.31.1 Ma

ZyWALL 5/35/70 Series User’s Guide481 Chapter 31 MaintenanceFigure 245 General SetupThe following table describes the labels in this screen. Table

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 482Figure 246 Password SetupThe following table describes the labels in this screen.Table 1

ZyWALL 5/35/70 Series User’s Guide483 Chapter 31 MaintenanceFigure 247 Time and DateThe following table describes the labels in this screen. Table

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 484Get from Time ServerSelect this radio button to have the ZyWALL get the time and date from

ZyWALL 5/35/70 Series User’s Guide485 Chapter 31 Maintenance31.5 Pre-defined NTP Time Servers ListWhen you turn on the ZyWALL for the first time, th

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 486When the System Time and Date Synchronization in Process screen appears, wait up to one mi

ZyWALL 5/35/70 Series User’s Guide487 Chapter 31 Maintenance31.6 Introduction To Transparent Bridging A transparent bridge is invisible to the opera

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 4883 As a transparent bridge does not modify the frames it forwards, it is effectively “steal

ZyWALL 5/35/70 Series User’s Guide489 Chapter 31 Maintenance31.9 Configuring Device Mode (Bridge) To configure and have your ZyWALL work as a router

ZyWALL 5/35/70 Series User’s Guide49 PrefaceSyntax Conventions• “Enter” means for you to type one or more characters. “Select” or “Choose” means for

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 49031.10 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the

ZyWALL 5/35/70 Series User’s Guide491 Chapter 31 MaintenanceFigure 253 Firmware UploadThe following table describes the labels in this screen.Table

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 492Figure 255 Network Temporarily DisconnectedAfter two minutes, log in again and check you

ZyWALL 5/35/70 Series User’s Guide493 Chapter 31 MaintenanceFigure 257 Backup and Restore31.11.1 Backup Configuration Backup Configuration allows

ZyWALL 5/35/70 Series User’s GuideChapter 31 Maintenance 494Note: Do not turn off the ZyWALL while configuration file upload is in progress.After you

ZyWALL 5/35/70 Series User’s Guide495 Chapter 31 Maintenance31.11.3 Back to Factory Defaults Pressing the Reset button in this section clears all u

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 496CHAPTER 32Introducing the SMTThis chapter explains how to access the System Manage

ZyWALL 5/35/70 Series User’s Guide497 Chapter 32 Introducing the SMTFigure 263 Initial ScreenCopyright (c) 1994 - 2004 ZyXEL Communications Corp.in

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 49832.3.1 Main MenuAfter you enter the password, the SMT displays the ZyWALL Main Me

ZyWALL 5/35/70 Series User’s Guide499 Chapter 32 Introducing the SMTFigure 265 Main Menu (Router Mode)Copyright (c) 1994 - 2005 ZyXEL Communication

ZyWALL 5/35/70 Series User’s Guide5 Safety WarningsSafety WarningsFor your safety, be sure to read and follow all warning notices and instructions.•

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 50CHAPTER 1 Getting to Know Your ZyWALLThis chapter introduces the main featur

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 50032.3.2 SMT Menus OverviewThe following table gives you an overview of your ZyWALL

ZyWALL 5/35/70 Series User’s Guide501 Chapter 32 Introducing the SMT6 Route Setup (for the ZyWALL 35 and the ZyWALL 70)6.1 Route Assessment6.2 Traffi

ZyWALL 5/35/70 Series User’s GuideChapter 32 Introducing the SMT 50232.4 Changing the System PasswordChange the system password by following the step

ZyWALL 5/35/70 Series User’s Guide503 Chapter 32 Introducing the SMTFigure 267 Menu 23: System Password Menu 23 - System Password

ZyWALL 5/35/70 Series User’s GuideChapter 33 SMT Menu 1 - General Setup 504CHAPTER 33SMT Menu 1 - General SetupMenu 1 - General Setup contains adminis

ZyWALL 5/35/70 Series User’s Guide505 Chapter 33 SMT Menu 1 - General SetupFigure 269 Menu 1: General Setup (Bridge Mode) Menu 1 - Gen

ZyWALL 5/35/70 Series User’s GuideChapter 33 SMT Menu 1 - General Setup 50633.2.1 Configuring Dynamic DNSTo configure Dynamic DNS, set the ZyWALL to

ZyWALL 5/35/70 Series User’s Guide507 Chapter 33 SMT Menu 1 - General SetupFigure 271 Menu 1.1.1: Menu 1.1.1 D

ZyWALL 5/35/70 Series User’s GuideChapter 33 SMT Menu 1 - General Setup 508Figure 272 Menu 1.1.1: Menu 1.1.1 - DDNS Edit Host Hostname=

ZyWALL 5/35/70 Series User’s Guide509 Chapter 33 SMT Menu 1 - General SetupThe IP address updates when you reconfigure menu 1 or perform DHCP client

ZyWALL 5/35/70 Series User’s Guide51 Chapter 1 Getting to Know Your ZyWALLTable Key: An O in a mode’s column shows that the device mode has the speci

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 510CHAPTER 34WAN and Dial Backup SetupThis chapter describes how to configure t

ZyWALL 5/35/70 Series User’s Guide511 Chapter 34 WAN and Dial Backup SetupThe following table describes the fields in this screen.Table 189 MAC Add

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 512Figure 274 Menu 2: Dial Backup Setup Menu 2 - WAN Setup WAN 1 MAC A

ZyWALL 5/35/70 Series User’s Guide513 Chapter 34 WAN and Dial Backup SetupTo edit the advanced setup for the Dial Backup port, move the cursor to the

Table 192 Advanced WAN Port Setup: Call Control ParametersFIELD DESCRIPTIONCall ControlDial Timeout (sec) Enter a number of seconds for the ZyWALL t

ZyWALL 5/35/70 Series User’s Guide515 Chapter 34 WAN and Dial Backup SetupFigure 276 Menu 11.3: Remote Node Profile (Backup ISP)

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 51634.7 Editing PPP OptionsThe ZyWALL’s dial back-up feature uses PPP. To edit

ZyWALL 5/35/70 Series User’s Guide517 Chapter 34 WAN and Dial Backup SetupFigure 277 Menu 11.3.1: Remote Node PPP Options Menu 11.3.1 - Remo

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 518Figure 278 Menu 11.3.2: Remote Node Network Layer Options Menu 11.3

ZyWALL 5/35/70 Series User’s Guide519 Chapter 34 WAN and Dial Backup Setup34.9 Editing Login ScriptFor some remote gateways, text login is required

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 52Time and DateThe ZyWALL allows you to get the current time and date from an

ZyWALL 5/35/70 Series User’s GuideChapter 34 WAN and Dial Backup Setup 520You can use two variables, $USERNAME and $PASSWORD (all UPPER case), to repr

ZyWALL 5/35/70 Series User’s Guide521 Chapter 34 WAN and Dial Backup SetupThe following table describes the fields in this menu.Table 196 Menu 11.3

ZyWALL 5/35/70 Series User’s GuideChapter 35 LAN Setup 522CHAPTER 35LAN SetupThis chapter describes how to configure the LAN using Menu 3 - LAN Setup.

ZyWALL 5/35/70 Series User’s Guide523 Chapter 35 LAN SetupFigure 282 Menu 3.1: LAN Port Filter SetupMenu 3.1 - LAN Port Filter SetupInput Filter Se

ZyWALL 5/35/70 Series User’s GuideChapter 35 LAN Setup 524Figure 284 Menu 3.2: TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Ethern

ZyWALL 5/35/70 Series User’s Guide525 Chapter 35 LAN SetupUse the instructions in the following table to configure TCP/IP parameters for the LAN port

ZyWALL 5/35/70 Series User’s GuideChapter 35 LAN Setup 52635.4.1 IP Alias SetupIP alias allows you to partition a physical network into different log

ZyWALL 5/35/70 Series User’s Guide527 Chapter 35 LAN SetupOutgoing Protocol FiltersEnter the filter set(s) you wish to apply to the outgoing traffic

ZyWALL 5/35/70 Series User’s GuideChapter 36 Internet Access 528CHAPTER 36Internet AccessThis chapter shows you how to configure your ZyWALL for Inter

ZyWALL 5/35/70 Series User’s Guide529 Chapter 36 Internet AccessThe following table describes the fields in this menu.Table 200 Menu 4: Internet Ac

ZyWALL 5/35/70 Series User’s Guide53 Chapter 1 Getting to Know Your ZyWALLBandwidth ManagementBandwidth management allows you to allocate network res

ZyWALL 5/35/70 Series User’s GuideChapter 36 Internet Access 53036.3 Configuring the PPTP ClientNote: The ZyWALL supports only one PPTP server connec

ZyWALL 5/35/70 Series User’s Guide531 Chapter 36 Internet AccessFigure 288 Internet Access Setup (PPPoE) Menu 4 - Internet Access S

ZyWALL 5/35/70 Series User’s GuideChapter 37 DMZ Setup 532CHAPTER 37DMZ SetupThis chapter describes how to configure the ZyWALL’s DMZ using Menu 5 - D

ZyWALL 5/35/70 Series User’s Guide533 Chapter 37 DMZ Setup37.3.1 IP AddressFrom the main menu, enter 5 to open Menu 5 - DMZ Setup to configure TCP/I

ZyWALL 5/35/70 Series User’s GuideChapter 37 DMZ Setup 53437.3.2 IP Alias SetupYou must use menu 5.2 to configure the first network. Move the cursor

ZyWALL 5/35/70 Series User’s Guide535 Chapter 37 DMZ Setup

ZyWALL 5/35/70 Series User’s GuideChapter 38 Route Setup 536CHAPTER 38Route SetupThis chapter describes how to configure the ZyWALL's traffic red

ZyWALL 5/35/70 Series User’s Guide537 Chapter 38 Route SetupThe following table describes the fields in this menu.Table 203 Menu 6.1: Route Assessm

ZyWALL 5/35/70 Series User’s GuideChapter 38 Route Setup 53838.4 Route FailoverThis menu allows you to configure how the ZyWALL uses the route assess

ZyWALL 5/35/70 Series User’s Guide539 Chapter 38 Route Setup

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 54Content FilteringThe ZyWALL can block web features such as ActiveX controls,

ZyWALL 5/35/70 Series User’s GuideChapter 39 Wireless Setup 540CHAPTER 39Wireless SetupUse menu 7 to set up your ZyWALL as the wireless access point.3

ZyWALL 5/35/70 Series User’s Guide541 Chapter 39 Wireless SetupFollow the instructions in the next table on how to configure the wireless LAN paramet

ZyWALL 5/35/70 Series User’s GuideChapter 39 Wireless Setup 54239.1.1 MAC Address Filter SetupYour ZyWALL checks the MAC address of the wireless stat

ZyWALL 5/35/70 Series User’s Guide543 Chapter 39 Wireless Setup39.2 TCP/IP SetupFor more detailed information about RIP setup, IP Multicast and IP a

ZyWALL 5/35/70 Series User’s GuideChapter 39 Wireless Setup 544Figure 301 Menu 7.2: TCP/IP and DHCP Ethernet Setup Menu 7.2 - TCP/IP an

ZyWALL 5/35/70 Series User’s Guide545 Chapter 39 Wireless SetupFigure 302 Menu 7.2.1: IP Alias Setup Menu 7.2.1 - IP Alias Setup

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 546CHAPTER 40Remote Node SetupThis chapter shows you how to configure a remote node.40.

ZyWALL 5/35/70 Series User’s Guide547 Chapter 40 Remote Node SetupFigure 303 Menu 11: Remote Node SetupMenu 11 - Remote Node Setup1. WAN_1 (ISP, SU

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 548The following table describes the fields in this menu.Table 208 Menu 11.1: Remote

ZyWALL 5/35/70 Series User’s Guide549 Chapter 40 Remote Node Setup40.3.2 PPPoE EncapsulationThe ZyWALL supports PPPoE (Point-to-Point Protocol over

ZyWALL 5/35/70 Series User’s Guide55 Chapter 1 Getting to Know Your ZyWALLIEEE 802.1x for Network SecurityThe ZyWALL supports the IEEE 802.1x standar

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 55040.3.2.3 MetricSee Section 7.5 on page 130 for details on the Metric field.Table 20

ZyWALL 5/35/70 Series User’s Guide551 Chapter 40 Remote Node SetupFigure 306 Menu 11.1: Remote Node Profile for PPTP Encapsulation Menu

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 552Figure 307 Menu 11.1.2: Remote Node Network Layer Options for Ethernet Encapsulati

ZyWALL 5/35/70 Series User’s Guide553 Chapter 40 Remote Node Setup40.5 Remote Node FilterMove the cursor to the field Edit Filter Sets in menu 11.1,

ZyWALL 5/35/70 Series User’s GuideChapter 40 Remote Node Setup 554Figure 308 Menu 11.1.4: Remote Node Filter (Ethernet Encapsulation)Menu 11.1.4 - R

ZyWALL 5/35/70 Series User’s Guide555 Chapter 40 Remote Node SetupFigure 310 Menu 11.1.5: Traffic Redirect Menu 11.1.5 - Traffic Redirect Setup

ZyWALL 5/35/70 Series User’s GuideChapter 41 IP Static Route Setup 556CHAPTER 41IP Static Route SetupThis chapter shows you how to configure static ro

ZyWALL 5/35/70 Series User’s Guide557 Chapter 41 IP Static Route SetupFigure 312 Menu 12. 1: Edit IP Static RouteMenu 12.1 - Edit IP Static RouteRo

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 558CHAPTER 42Network Address Translation (NAT)This chapter discusses ho

ZyWALL 5/35/70 Series User’s Guide559 Chapter 42 Network Address Translation (NAT)Figure 313 Menu 4: Applying NAT for Internet AccessMenu 4 - Inter

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 56Dynamic DNS SupportWith Dynamic DNS (Domain Name System) support, you can ha

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 560The following table describes the fields in this menu.Table 214 Ap

ZyWALL 5/35/70 Series User’s Guide561 Chapter 42 Network Address Translation (NAT)42.2.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 - Addres

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 562Note: Menu 15.1.255 is read-only. Table 215 SUA Address Mapping Ru

ZyWALL 5/35/70 Series User’s Guide563 Chapter 42 Network Address Translation (NAT)Figure 318 Menu 15.1.1: First Set M

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 564Note: You must press [ENTER] at the bottom of the screen to save the

ZyWALL 5/35/70 Series User’s Guide565 Chapter 42 Network Address Translation (NAT)42.3 Configuring a Server behind NATNote: If you do not assign a D

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 566Figure 321 Menu 15.2.1: NAT Server Sets M

ZyWALL 5/35/70 Series User’s Guide567 Chapter 42 Network Address Translation (NAT)Figure 322 15.2.1.2: NAT Server Configuration15.2.1.2 - NAT Serve

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 568Figure 323 Menu 15.2.1: NAT Server Setup Me

ZyWALL 5/35/70 Series User’s Guide569 Chapter 42 Network Address Translation (NAT)Figure 325 NAT Example 1Figure 326 Menu 4: Internet Access &

ZyWALL 5/35/70 Series User’s Guide57 Chapter 1 Getting to Know Your ZyWALLTraffic RedirectTraffic Redirect forwards WAN traffic to a backup gateway o

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 57042.4.2 Example 2: Internet Access with an Default Server Figure 327

ZyWALL 5/35/70 Series User’s Guide571 Chapter 42 Network Address Translation (NAT)1 Map the first IGA to the first inside FTP server for FTP traffic

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 572Figure 330 Example 3: Menu 11.1.2Menu 11.1.2 - Remote Node Network

ZyWALL 5/35/70 Series User’s Guide573 Chapter 42 Network Address Translation (NAT)Figure 332 Example 3: Final Menu 15.1.1 Menu 15

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 57442.4.4 Example 4: NAT Unfriendly Application ProgramsSome applicati

ZyWALL 5/35/70 Series User’s Guide575 Chapter 42 Network Address Translation (NAT)Figure 336 Example 4: Menu 15.1.1: Address Mapping Rules

ZyWALL 5/35/70 Series User’s GuideChapter 42 Network Address Translation (NAT) 576Note: Only one LAN computer can use a trigger port (range) at a time

ZyWALL 5/35/70 Series User’s Guide577 Chapter 42 Network Address Translation (NAT)

ZyWALL 5/35/70 Series User’s GuideChapter 43 Introducing the ZyWALL Firewall 578CHAPTER 43Introducing the ZyWALL FirewallThis chapter shows you how to

ZyWALL 5/35/70 Series User’s Guide579 Chapter 43 Introducing the ZyWALL FirewallFigure 339 Menu 21.2: Firewall Setup Menu 21.2 - Firewal

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 581.3 Applications for the ZyWALL Here are some examples of what you can do w

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 580CHAPTER 44Filter ConfigurationThis chapter shows you how to create and apply filt

ZyWALL 5/35/70 Series User’s Guide581 Chapter 44 Filter Configuration44.1.1 The Filter Structure of the ZyWALLA filter set consists of one or more f

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 582Figure 341 Filter Rule Process You can apply up to four filter sets to a partic

ZyWALL 5/35/70 Series User’s Guide583 Chapter 44 Filter Configuration44.2 Configuring a Filter SetThe ZyWALL includes filtering for NetBIOS over TCP

Table 220 Abbreviations Used in the Filter Rules Summary MenuFIELD DESCRIPTIONA Active: “Y” means the rule is active. “N” means the rule is inactive

ZyWALL 5/35/70 Series User’s Guide585 Chapter 44 Filter ConfigurationTo speed up filtering, all rules in a filter set must be of the same class, i.e.

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 586The following figure illustrates the logic flow of an IP filter.DestinationIP Add

ZyWALL 5/35/70 Series User’s Guide587 Chapter 44 Filter ConfigurationFigure 345 Executing an IP Filter44.2.3 Configuring a Generic Filter Rule Thi

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 588to allow you to filter non-IP packets. For IP, it is generally easier to use the

ZyWALL 5/35/70 Series User’s Guide589 Chapter 44 Filter Configuration44.3 Example FilterLet’s look at an example to block outside users from accessi

ZyWALL 5/35/70 Series User’s Guide59 Chapter 1 Getting to Know Your ZyWALLFigure 2 VPN Application1.3.3 Front Panel LEDsFigure 3 ZyWALL 70 Front

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 590Figure 348 Example Filter: Menu 21.1.3.1 Menu 21.1.3.1 - TCP/I

ZyWALL 5/35/70 Series User’s Guide591 Chapter 44 Filter ConfigurationM = N means an action can be taken immediately. The action is to drop the packet

ZyWALL 5/35/70 Series User’s GuideChapter 44 Filter Configuration 59244.6 Applying a Filter This section shows you where to apply the filter(s) after

ZyWALL 5/35/70 Series User’s Guide593 Chapter 44 Filter ConfigurationFigure 352 Filtering DMZ Traffic Menu 5.1 - DMZ Port Filter SetupInput Fil

ZyWALL 5/35/70 Series User’s GuideChapter 45 SNMP Configuration 594CHAPTER 45SNMP ConfigurationThis chapter explains SNMP configuration menu 22.45.1

ZyWALL 5/35/70 Series User’s Guide595 Chapter 45 SNMP Configuration45.2 SNMP Traps The ZyWALL will send traps to the SNMP manager when any one of th

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 596CHAPTER 46System Information & DiagnosisThis chapter covers SMT

ZyWALL 5/35/70 Series User’s Guide597 Chapter 46 System Information & Diagnosis3 There are three commands in Menu 24.1 - System Maintenance - Sta

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 59846.3 System Information and Console Port SpeedThis section describ

ZyWALL 5/35/70 Series User’s Guide599 Chapter 46 System Information & DiagnosisFigure 358 Menu 24.2.1: System Maintenance: Information Men

ZyWALL 5/35/70 Series User’s Guide ZyXEL Limited Warranty 6ZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product

ZyWALL 5/35/70 Series User’s GuideChapter 1 Getting to Know Your ZyWALL 60The following table describes the LEDs.Table 2 Front Panel LEDs LED COLOR

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 600Figure 359 Menu 24.2.2: System Maintenance: Change Console Port S

ZyWALL 5/35/70 Series User’s Guide601 Chapter 46 System Information & DiagnosisFigure 361 Examples of Error and Information Messages52 Thu Jul

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 602Your ZyWALL sends five types of syslog messages. Some examples (not

Filter log Message FormatSdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String );String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S0

ZyWALL 5/35/70 Series User’s GuideChapter 46 System Information & Diagnosis 60446.4.3 Call-Triggering PacketCall-Triggering Packet displays infor

ZyWALL 5/35/70 Series User’s Guide605 Chapter 46 System Information & Diagnosis1 From the main menu, select option 24 to open Menu 24 - System Ma

Table 229 System Maintenance Menu DiagnosticFIELD DESCRIPTIONPing Host Enter 1 to ping any machine (with an IP address) on your LAN or WAN. Enter it

ZyWALL 5/35/70 Series User’s Guide607 Chapter 46 System Information & Diagnosis

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 608CHAPTER 47Firmware and Configuration File MaintenanceThis

ZyWALL 5/35/70 Series User’s Guide609 Chapter 47 Firmware and Configuration File MaintenanceThe following table is a summary. Please note that the in

ZyWALL 5/35/70 Series User’s Guide61 Chapter 1 Getting to Know Your ZyWALL

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 610Figure 366 Telnet into Menu 24.5 Me

ZyWALL 5/35/70 Series User’s Guide611 Chapter 47 Firmware and Configuration File Maintenance47.3.3 Example of FTP Commands from the Command Line Fig

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 6124 The IP you entered in the Secured Client IP field in men

ZyWALL 5/35/70 Series User’s Guide613 Chapter 47 Firmware and Configuration File Maintenance47.3.8 GUI-based TFTP ClientsThe following table describ

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 614Figure 370 Backup Configuration ExampleType a location f

ZyWALL 5/35/70 Series User’s Guide615 Chapter 47 Firmware and Configuration File MaintenanceFigure 372 Telnet into Menu 24.6 Menu 24.6 -- Sy

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 61647.4.2 Restore Using FTP Session ExampleFigure 373 Rest

ZyWALL 5/35/70 Series User’s Guide617 Chapter 47 Firmware and Configuration File Maintenance4 After a successful restoration you will see the followi

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 618Figure 378 Telnet Into Menu 24.7.1: Upload System Firmwa

ZyWALL 5/35/70 Series User’s Guide619 Chapter 47 Firmware and Configuration File Maintenance47.5.3 FTP File Upload Command from the DOS Prompt Examp

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 62CHAPTER 2Introducing the Web ConfiguratorThis chapter describes how to

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 6201 Use telnet from your computer to connect to the ZyWALL a

ZyWALL 5/35/70 Series User’s Guide621 Chapter 47 Firmware and Configuration File MaintenanceFigure 381 Menu 24.7.1 As Seen Using the Console Port

ZyWALL 5/35/70 Series User’s GuideChapter 47 Firmware and Configuration File Maintenance 622Figure 383 Menu 24.7.2 As Seen Using the Console Port Me

ZyWALL 5/35/70 Series User’s Guide623 Chapter 47 Firmware and Configuration File Maintenance

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 624CHAPTER 48System Maintenance Menus 8 to 10This chapter leads you thro

ZyWALL 5/35/70 Series User’s Guide625 Chapter 48 System Maintenance Menus 8 to 10The required fields in a command are enclosed in angle brackets <

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 62648.2 Call Control SupportThe ZyWALL provides two call control functi

ZyWALL 5/35/70 Series User’s Guide627 Chapter 48 System Maintenance Menus 8 to 10Figure 388 Budget Management Menu 24.9.1 - Budget Manag

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 628Figure 389 Call HistoryMenu 24.9.2 - Call History Phone Number

ZyWALL 5/35/70 Series User’s Guide629 Chapter 48 System Maintenance Menus 8 to 10Figure 390 Menu 24: System Maintenance Menu 24 - System Maint

ZyWALL 5/35/70 Series User’s Guide63 Chapter 2 Introducing the Web ConfiguratorFigure 6 Change Password Screen6 Click Apply in the Replace Certific

ZyWALL 5/35/70 Series User’s GuideChapter 48 System Maintenance Menus 8 to 10 630Table 236 Menu 24.10 System Maintenance: Time and Date SettingFIELD

ZyWALL 5/35/70 Series User’s Guide631 Chapter 48 System Maintenance Menus 8 to 10End Date (mm-nth-week-hr)Configure the day and time when Daylight Sa

ZyWALL 5/35/70 Series User’s GuideChapter 49 Remote Management 632CHAPTER 49Remote ManagementThis chapter covers remote management found in SMT menu 2

ZyWALL 5/35/70 Series User’s Guide633 Chapter 49 Remote ManagementFigure 392 Menu 24.11 – Remote Management Control Menu 24.11 - Remote Mana

ZyWALL 5/35/70 Series User’s GuideChapter 49 Remote Management 63449.1.1 Remote Management LimitationsRemote management over LAN or WAN will not work

ZyWALL 5/35/70 Series User’s Guide635 Chapter 49 Remote Management

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 636CHAPTER 50IP Policy Routing This chapter covers setting and applying policies used f

ZyWALL 5/35/70 Series User’s Guide637 Chapter 50 IP Policy Routing50.2 IP Routing Policy SetupTo setup a routing policy, perform the following proce

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 6381 Type 25 in the main menu to open Menu 25 - IP Routing Policy Summary.2 Select Edit

ZyWALL 5/35/70 Series User’s Guide639 Chapter 50 IP Policy Routing50.2.1 Applying Policy to PacketsTo apply the policy to packets received on the se

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 642.3.1 Procedure To Use The Reset ButtonMake sure the SYS LED is on (no

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 640Figure 395 Menu 25.1.1: IP Routing Policy Setup Menu 25.1.1 - IP Routing Policy Se

ZyWALL 5/35/70 Series User’s Guide641 Chapter 50 IP Policy RoutingFigure 396 Example of IP Policy Routing To force Web packets coming from clients

ZyWALL 5/35/70 Series User’s GuideChapter 50 IP Policy Routing 6424 Create another rule in menu 25.1 for this rule to route packets from any host (IP=

ZyWALL 5/35/70 Series User’s Guide643 Chapter 50 IP Policy Routing

ZyWALL 5/35/70 Series User’s GuideChapter 51 Call Scheduling 644CHAPTER 51Call SchedulingCall scheduling allows you to dictate when a remote node shou

ZyWALL 5/35/70 Series User’s Guide645 Chapter 51 Call SchedulingFigure 400 Schedule Set SetupMenu 26.1 - Schedule Set SetupActive= YesHow Often= On

ZyWALL 5/35/70 Series User’s GuideChapter 51 Call Scheduling 646Once your schedule sets are configured, you must then apply them to the desired remote

ZyWALL 5/35/70 Series User’s Guide647 Chapter 51 Call SchedulingFigure 402 Applying Schedule Set(s) to a Remote Node (PPTP) Menu 11.1 -

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 648CHAPTER 52TroubleshootingThis chapter covers potential problems and possible remedies.

ZyWALL 5/35/70 Series User’s Guide649 Chapter 52 Troubleshooting52.3 Problems with the DMZ InterfaceTable 245 Troubleshooting the DMZ InterfacePRO

ZyWALL 5/35/70 Series User’s Guide65 Chapter 2 Introducing the Web ConfiguratorNote: Follow the instructions you see in the HOME screen or click the

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 65052.5 Problems Accessing the ZyWALLTable 247 Troubleshooting Accessing the ZyWALLPRO

ZyWALL 5/35/70 Series User’s Guide651 Chapter 52 Troubleshooting• Web browser pop-up windows from your device.• JavaScripts (enabled by default).• Ja

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 652Figure 404 Internet Options: Privacy3 Click Apply to save this setting.52.5.1.1.2 E

ZyWALL 5/35/70 Series User’s Guide653 Chapter 52 TroubleshootingFigure 405 Internet Options: Privacy3 Type the IP address of your device (the web p

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 654Figure 406 Pop-up Blocker Settings5 Click Close to return to the Privacy screen. 6 C

ZyWALL 5/35/70 Series User’s Guide655 Chapter 52 TroubleshootingFigure 407 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 656Figure 408 Security Settings - Java Scripting52.5.1.3 Java Permissions1 From Intern

ZyWALL 5/35/70 Series User’s Guide657 Chapter 52 TroubleshootingFigure 409 Security Settings - Java 52.5.1.3.1 JAVA (Sun)1 From Internet Explorer,

ZyWALL 5/35/70 Series User’s GuideChapter 52 Troubleshooting 658Figure 410 Java (Sun)52.6 Packet FlowThe following is the packet check flow on the

ZyWALL 5/35/70 Series User’s Guide659 Chapter 52 Troubleshooting

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 66The following table describes the labels in this screen.Table 3 Web C

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 660APPENDIX AProduct SpecificationsSee also the Introduction chapter for a general

ZyWALL 5/35/70 Series User’s Guide661 Appendix A Product SpecificationsOperation Humidity 20% ~ 95% RH (non-condensing)Storage Humidity 20% ~ 95% RH

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 662Anti-Spam Spam, Phishing detectionConfigurable white and black listsSMTP, POP3

ZyWALL 5/35/70 Series User’s Guide663 Appendix A Product Specifications Table 251 Feature Specifications FEATURESPECIFICATIONZYWALL 70 ZYWALL 35 Z

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 664Compatible ZyXEL WLAN CardsThe following table lists the ZyXEL WLAN cards that

ZyWALL 5/35/70 Series User’s Guide665 Appendix A Product SpecificationsFigure 411 WLAN Card InstallationCable Pin AssignmentsIn a serial communicat

ZyWALL 5/35/70 Series User’s GuideAppendix A Product Specifications 666 Table 253 Console/Dial Backup Port Pin AssignmentsCONSOLE Port RS – 232 (Fem

ZyWALL 5/35/70 Series User’s Guide667 Appendix A Product Specifications

ZyWALL 5/35/70 Series User’s GuideAppendix B Hardware Installation 668APPENDIX BHardware InstallationThe ZyWALL can be placed on a desktop or rack-mou

ZyWALL 5/35/70 Series User’s Guide669 Appendix B Hardware InstallationFigure 414 Attaching Rubber Feet Note: Do not block the ventilation holes

ZyWALL 5/35/70 Series User’s Guide67 Chapter 2 Introducing the Web Configurator2.4.2 Bridge ModeThe following screen displays when the ZyWALL is set

ZyWALL 5/35/70 Series User’s GuideAppendix B Hardware Installation 670Figure 415 Attaching Mounting Brackets and Screws3 After attaching both mounti

ZyWALL 5/35/70 Series User’s Guide671 Appendix B Hardware Installation

ZyWALL 5/35/70 Series User’s GuideAppendix C Removing and Installing a Fuse 672APPENDIX CRemoving and Installing a Fuse This appendix shows you how to

ZyWALL 5/35/70 Series User’s Guide673 Appendix C Removing and Installing a Fuse

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 674APPENDIX DSetting up Your Computer’s IP AddressAll computers mus

ZyWALL 5/35/70 Series User’s Guide675 Appendix D Setting up Your Computer’s IP AddressFigure 417 WIndows 95/98/Me: Network: ConfigurationInstalling

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 6763 Select Microsoft from the list of manufacturers.4 Select Clien

ZyWALL 5/35/70 Series User’s Guide677 Appendix D Setting up Your Computer’s IP AddressFigure 419 Windows 95/98/Me: TCP/IP Properties: DNS Configura

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 678Figure 420 Windows XP: Start Menu2 In the Control Panel, doubl

ZyWALL 5/35/70 Series User’s Guide679 Appendix D Setting up Your Computer’s IP AddressFigure 422 Windows XP: Control Panel: Network Connections: Pr

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 68Figure 10 Web Configurator HOME Screen in Bridge ModeThe following ta

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 680• If you have a static IP address click Use the following IP Add

ZyWALL 5/35/70 Series User’s Guide681 Appendix D Setting up Your Computer’s IP AddressFigure 425 Windows XP: Advanced TCP/IP Properties7 In the Int

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 682Figure 426 Windows XP: Internet Protocol (TCP/IP) Properties8

ZyWALL 5/35/70 Series User’s Guide683 Appendix D Setting up Your Computer’s IP AddressFigure 427 Macintosh OS 8/9: Apple Menu2 Select Ethernet buil

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 6844 For statically assigned settings, do the following:•From the C

ZyWALL 5/35/70 Series User’s Guide685 Appendix D Setting up Your Computer’s IP AddressFigure 430 Macintosh OS X: Network4 For statically assigned s

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 686Note: Make sure you are logged in as the root administrator. Usi

ZyWALL 5/35/70 Series User’s Guide687 Appendix D Setting up Your Computer’s IP Address• If you have a dynamic IP address, click Automatically obtain

ZyWALL 5/35/70 Series User’s GuideAppendix D Setting up Your Computer’s IP Address 6881 Assuming that you have only one network card on the computer,

ZyWALL 5/35/70 Series User’s Guide689 Appendix D Setting up Your Computer’s IP AddressFigure 438 Red Hat 9.0: Restart Ethernet Card [root@localhos

ZyWALL 5/35/70 Series User’s Guide69 Chapter 2 Introducing the Web ConfiguratorFirmware Version This is the ZyNOS Firmware version and the date creat

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Subnetting 690APPENDIX EIP SubnettingIP Addressing Routers “route” based on the network number. The ro

ZyWALL 5/35/70 Series User’s Guide691 Appendix E IP SubnettingSince the first octet of a class “A” IP address must contain a “0”, the first octet of

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Subnetting 692Since the mask is always a continuous number of ones beginning from the left, followed b

ZyWALL 5/35/70 Series User’s Guide693 Appendix E IP SubnettingNote: In the following charts, shaded/bolded last octet bit values indicate host ID bit

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Subnetting 694Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide

Table 264 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask

ZyWALL 5/35/70 Series User’s GuideAppendix E IP Subnetting 696Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the

ZyWALL 5/35/70 Series User’s Guide697 Appendix E IP Subnetting

ZyWALL 5/35/70 Series User’s GuideAppendix F PPPoE 698APPENDIX FPPPoEPPPoE in ActionAn ADSL modem bridges a PPP session over Ethernet (PPP over Ethern

ZyWALL 5/35/70 Series User’s Guide699 Appendix F PPPoEFigure 440 Single-Computer per Router Hardware ConfigurationHow PPPoE WorksThe PPPoE driver m

ZyWALL 5/35/70 Series User’s Guide7 Customer SupportCustomer SupportPlease have the following information ready when you contact customer support.•

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 702.4.3 Navigation PanelAfter you enter the password, use the sub-menus

ZyWALL 5/35/70 Series User’s GuideAppendix G PPTP 700APPENDIX GPPTPWhat is PPTP?PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary pr

ZyWALL 5/35/70 Series User’s Guide701 Appendix G PPTPPPTP Protocol OverviewPPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Ci

ZyWALL 5/35/70 Series User’s GuideAppendix G PPTP 702Figure 444 Example Message Exchange between Computer and an ANTPPP Data ConnectionThe PPP frame

ZyWALL 5/35/70 Series User’s Guide703 Appendix G PPTP

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 704APPENDIX HWireless LANsWireless LAN TopologiesThis section discusses ad-hoc and infrastr

ZyWALL 5/35/70 Series User’s Guide705 Appendix H Wireless LANsFigure 446 Basic Service SetESSAn Extended Service Set (ESS) consists of a series of

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 706Figure 447 Infrastructure WLANChannelA channel is the radio frequency(ies) used by IEE

ZyWALL 5/35/70 Series User’s Guide707 Appendix H Wireless LANsFigure 448 RTS/CTSWhen station A sends data to the AP, it might not know that the sta

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 708A large Fragmentation Threshold is recommended for networks not prone to interference wh

ZyWALL 5/35/70 Series User’s Guide709 Appendix H Wireless LANsIEEE 802.1xIn June 2001, the IEEE 802.1x standard was designed to extend the features o

ZyWALL 5/35/70 Series User’s Guide71 Chapter 2 Introducing the Web ConfiguratorTable Key: An O in a mode’s column shows that the device mode has the

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 710• Access-ChallengeSent by a RADIUS server requesting more information in order to allow

ZyWALL 5/35/70 Series User’s Guide711 Appendix H Wireless LANs3 The wireless station replies with identity information, including username and passwo

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 712PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to

ZyWALL 5/35/70 Series User’s Guide713 Appendix H Wireless LANsFigure 450 WEP Authentication StepsOpen system authentication involves an unencrypted

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 714Note: EAP-MD5 cannot be used with Dynamic WEP Key ExchangeFor added security, certificat

ZyWALL 5/35/70 Series User’s Guide715 Appendix H Wireless LANsThe Message Integrity Check (MIC) is designed to prevent an attacker from capturing dat

ZyWALL 5/35/70 Series User’s GuideAppendix H Wireless LANs 716In a network environment with multiple access points, wireless stations are able to swit

ZyWALL 5/35/70 Series User’s Guide717 Appendix H Wireless LANsRequirements for RoamingThe following requirements must be met in order for wireless st

ZyWALL 5/35/70 Series User’s GuideAppendix I Triangle Route 718APPENDIX ITriangle RouteThe Ideal Setup When the firewall is on, your ZyWALL acts as a

ZyWALL 5/35/70 Series User’s Guide719 Appendix I Triangle RouteFigure 453 “Triangle Route” ProblemThe “Triangle Route” SolutionsThis section presen

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 72WAN General This screen allows you to configure load balancing, route p

ZyWALL 5/35/70 Series User’s GuideAppendix I Triangle Route 720Figure 454 IP AliasGateways on the WAN SideA second solution to the “triangle route”

ZyWALL 5/35/70 Series User’s Guide721 Appendix I Triangle Route

ZyWALL 5/35/70 Series User’s GuideAppendix J Windows 98 SE/Me Requirements for Anti-Virus Message Display 722APPENDIX JWindows 98 SE/Me Requirements f

ZyWALL 5/35/70 Series User’s Guide723 Appendix J Windows 98 SE/Me Requirements for Anti-Virus Message DisplayFigure 457 WIndows 98 SE: Program Task

ZyWALL 5/35/70 Series User’s GuideAppendix J Windows 98 SE/Me Requirements for Anti-Virus Message Display 724Figure 459 Windows 98 SE: StartUp 5 A

ZyWALL 5/35/70 Series User’s Guide725 Appendix J Windows 98 SE/Me Requirements for Anti-Virus Message DisplayFigure 461 Windows 98 SE: Startup: Sel

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 726APPENDIX KVPN Setup This appendix will help you to quickly create a IPSec/VPN connection bet

ZyWALL 5/35/70 Series User’s Guide727 Appendix K VPN SetupThe following pages show a typical configuration that builds a tunnel between two private n

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 728Figure 464 The IP address of the branch office IPSec router.Headquarters Gateway Policy Ed

ZyWALL 5/35/70 Series User’s Guide729 Appendix K VPN SetupFigure 465 Branch Office Gateway Policy EditThe IP address of the headquarters IPSec ro

ZyWALL 5/35/70 Series User’s Guide73 Chapter 2 Introducing the Web ConfiguratorIDP General Use this screen to enable IDP on the ZyWALL and choose wha

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 730Figure 466 Headquarters VPN RuleFigure 467 Branch Office VPN Rule4 Configure the screens

ZyWALL 5/35/70 Series User’s Guide731 Appendix K VPN SetupFigure 468 Headquarters Network Policy EditIP addresses on different subnets.Activate the

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 732Figure 469 IP addresses on different subnets.Activate the network policy.Branch Office Net

ZyWALL 5/35/70 Series User’s Guide733 Appendix K VPN SetupFigure 470 VPN Rule ConfiguredThe following screen displays.Figure 471 VPN DialThis scr

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 734VPN TroubleshootingIf the IPSec tunnel does not build properly, the problem is likely a conf

ZyWALL 5/35/70 Series User’s Guide735 Appendix K VPN SetupFigure 473 VPN Log Example ras> sys log disp ike ipsec# .time source

ZyWALL 5/35/70 Series User’s GuideAppendix K VPN Setup 736IPSec DebugIf you are having difficulty building an IPSec tunnel to a non-ZyXEL IPSec router

ZyWALL 5/35/70 Series User’s Guide737 Appendix K VPN SetupUse a VPN TunnelA VPN tunnel gives you a secure connection to another computer or network.

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 738APPENDIX L Importing CertificatesThis appendix shows importing certificates exa

ZyWALL 5/35/70 Series User’s Guide739 Appendix L Importing CertificatesFigure 476 Login Screen2 Click Install Certificate to open the Install Certi

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 74NAT NAT Overview Use this screen to enable NAT.Address MappingUse this

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 740Figure 478 Certificate Import Wizard 14 Select where you would like to store

ZyWALL 5/35/70 Series User’s Guide741 Appendix L Importing CertificatesFigure 480 Certificate Import Wizard 36 Click Yes to add the ZyWALL certifi

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 742Figure 482 Certificate General Information after ImportEnrolling and Importin

ZyWALL 5/35/70 Series User’s Guide743 Appendix L Importing CertificatesFigure 483 ZyWALL Trusted CA ScreenThe CA sends you a package containing the

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 744Figure 484 CA Certificate Example2 Click Install Certificate and follow the w

ZyWALL 5/35/70 Series User’s Guide745 Appendix L Importing CertificatesFigure 485 Personal Certificate Import Wizard 12 The file name and path of t

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 746Figure 487 Personal Certificate Import Wizard 34 Have the wizard determine wh

ZyWALL 5/35/70 Series User’s Guide747 Appendix L Importing CertificatesFigure 489 Personal Certificate Import Wizard 56 You should see the followin

ZyWALL 5/35/70 Series User’s GuideAppendix L Importing Certificates 748Figure 492 SSL Client Authentication3 You next see the ZyWALL login screen.Fi

ZyWALL 5/35/70 Series User’s Guide749 Appendix L Importing Certificates

ZyWALL 5/35/70 Series User’s Guide75 Chapter 2 Introducing the Web Configurator2.4.4 System StatisticsClick Show Statistics in the HOME screen. Read

ZyWALL 5/35/70 Series User’s GuideAppendix M Command Interpreter 750APPENDIX MCommand InterpreterThe following describes how to use the command interp

ZyWALL 5/35/70 Series User’s Guide751 Appendix M Command Interpreter

ZyWALL 5/35/70 Series User’s GuideAppendix N Firewall Commands 752APPENDIX NFirewall Commands The following describes the firewall commands. See Appen

ZyWALL 5/35/70 Series User’s Guide753 Appendix N Firewall CommandsE-mail config edit firewall e-mail mail-server <ip address of mail server>Th

ZyWALL 5/35/70 Series User’s GuideAppendix N Firewall Commands 754config edit firewall attack minute-high <0-255>This command sets the threshold

ZyWALL 5/35/70 Series User’s Guide755 Appendix N Firewall CommandsConfig edit firewall set <set #> tcp-idle-timeout <seconds>This command

ZyWALL 5/35/70 Series User’s GuideAppendix N Firewall Commands 756config edit firewall set <set #> rule <rule #> destaddr-subnet <ip ad

ZyWALL 5/35/70 Series User’s Guide757 Appendix N Firewall Commands

ZyWALL 5/35/70 Series User’s GuideAppendix O NetBIOS Filter Commands 758APPENDIX ONetBIOS Filter CommandsThe following describes the NetBIOS packet fi

ZyWALL 5/35/70 Series User’s Guide759 Appendix O NetBIOS Filter CommandsThe filter types and their default settings are as follows.Table 272 NetBIO

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 762.4.5 Show Statistics: Line ChartClick the icon in the Show Statistics

ZyWALL 5/35/70 Series User’s GuideAppendix O NetBIOS Filter Commands 760sys filter netbios config 3 onThis command blocks IPSec NetBIOS packets.sys fi

ZyWALL 5/35/70 Series User’s Guide761 Appendix O NetBIOS Filter Commands

ZyWALL 5/35/70 Series User’s GuideAppendix P Certificates Commands 762APPENDIX PCertificates Commands The following describes the certificate commands

ZyWALL 5/35/70 Series User’s Guide763 Appendix P Certificates Commandscreate cmp_enroll <name> <CA addr> <CA cert> <auth key>

ZyWALL 5/35/70 Series User’s GuideAppendix P Certificates Commands 764replace_factoryCreate a certificate using your device MAC address that will be s

ZyWALL 5/35/70 Series User’s Guide765 Appendix P Certificates Commands delete <name> Delete the specified trusted remote host certificate. <

ZyWALL 5/35/70 Series User’s GuideAppendix Q Brute-Force Password Guessing Protection 766APPENDIX QBrute-Force Password Guessing ProtectionBrute-force

ZyWALL 5/35/70 Series User’s Guide767 Appendix Q Brute-Force Password Guessing Protection

ZyWALL 5/35/70 Series User’s GuideAppendix R Boot Commands 768APPENDIX RBoot CommandsThe BootModule AT commands execute from within the router’s bootu

ZyWALL 5/35/70 Series User’s Guide769 Appendix R Boot CommandsFigure 495 Boot Module CommandsAT just answer OKATHE print helpAT

ZyWALL 5/35/70 Series User’s Guide77 Chapter 2 Introducing the Web ConfiguratorThe following table describes the labels in this screen.Table 8 Home

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 770APPENDIX SLog DescriptionsThis appendix provides descriptions of example log messages

ZyWALL 5/35/70 Series User’s Guide771 Appendix S Log DescriptionsConfiguration Change: PC = 0x%x, Task ID = 0x%xThe router is saving configuration ch

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 772 Table 277 Access Control Logs LOG MESSAGE DESCRIPTIONFirewall default policy: [ TC

ZyWALL 5/35/70 Series User’s Guide773 Appendix S Log Descriptions Table 278 TCP Reset Logs LOG MESSAGE DESCRIPTIONUnder SYN flood attack, sent TCP

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 774 Table 280 ICMP Logs LOG MESSAGE DESCRIPTIONFirewall default policy: ICMP <Packe

ZyWALL 5/35/70 Series User’s Guide775 Appendix S Log Descriptions Table 283 UPnP Logs LOG MESSAGE DESCRIPTIONUPnP pass through Firewall UPnP packe

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 776 For type and code details, see Table 294 on page 785.Connecting to content filter se

ZyWALL 5/35/70 Series User’s Guide777 Appendix S Log DescriptionsFirewall sent TCP packet in response to DoS attack TCPThe firewall sent TCP packet i

Table 287 Wireless LogsLOG MESSAGE DESCRIPTIONWLAN MAC Filter Fail The MAC filter blocked a wireless station from connecting to the device.WLAN MAC

ZyWALL 5/35/70 Series User’s Guide779 Appendix S Log Descriptions Table 289 IKE Logs LOG MESSAGE DESCRIPTIONActive connection allowed exceededThe I

ZyWALL 5/35/70 Series User’s GuideChapter 2 Introducing the Web Configurator 78The following table describes the labels in this screen.Table 9 Home:

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 780Remote IP <Remote IP> / <Remote IP> conflictsThe security gateway is set

ZyWALL 5/35/70 Series User’s Guide781 Appendix S Log DescriptionsRule [%d] Phase 2 authentication algorithm mismatchThe listed rule’s IKE phase 2 aut

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 782 Table 290 PKI Logs LOG MESSAGE DESCRIPTIONEnrollment successful The SCEP online ce

ZyWALL 5/35/70 Series User’s Guide783 Appendix S Log Descriptions Table 291 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION1 Al

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 784Local User Database does not find user`s credential.A user was not authenticated by t

ZyWALL 5/35/70 Series User’s Guide785 Appendix S Log Descriptions (L to L/ZW) LAN to LAN/ZyWALLACL set for packets traveling from the LAN to the LAN

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 786 11 Time Exceeded0 Time to live exceeded in transit1 Fragment reassembly time exceede

ZyWALL 5/35/70 Series User’s Guide787 Appendix S Log Descriptions Signature update OK - New signature version: <Signature version> Release Date

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 788 The turbo card is not ready , please insert the card and reboot!The turbo card is no

ZyWALL 5/35/70 Series User’s Guide789 Appendix S Log DescriptionsRemove rating server [%Rating Server IP Address%] from server list!The listed server

ZyWALL 5/35/70 Series User’s Guide79 Chapter 2 Introducing the Web ConfiguratorFigure 14 Home : VPN StatusThe following table describes the labels

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 790Syslog LogsThere are two types of syslog: event logs and traffic logs. The device gen

ZyWALL 5/35/70 Series User’s Guide791 Appendix S Log DescriptionsThe following table shows RFC-2408 ISAKMP payload types that the log displays. Pleas

ZyWALL 5/35/70 Series User’s GuideAppendix S Log Descriptions 792Log CommandsGo to the command interpreter interface. Appendix M on page 750 explains

ZyWALL 5/35/70 Series User’s Guide793 Appendix S Log Descriptions• Use the sys logs clear command to erase all of the ZyWALL’s logs.Log Command Examp

ZyWALL 5/35/70 Series User’s Guide Index 794IndexNumerics10/100 Mbps Ethernet WAN 51110V AC 5230V AC 5AAbnormal Working Conditions 6AC 5Access control

ZyWALL 5/35/70 Series User’s Guide795 IndexCCA 711Cable Modem 199Cables, Connecting 5Call Back Delay 514Call Control 626Call History 627, 628Call Sc

ZyWALL 5/35/70 Series User’s Guide Index 796DNS 448DNS ServerFor VPN Host 415Domain Name 138, 272, 380, 480, 599DoSBasics 200Types 201DoS (Denial of S

ZyWALL 5/35/70 Series User’s Guide797 IndexFirmware FileMaintenance 608Fitness 6Flow Control 496Fragmentation Threshold 707Fragmentation threshold 7

ZyWALL 5/35/70 Series User’s Guide Index 798IP Addressing 690IP Alias 56, 526IP Alias Setup 526IP Classes 690IP Multicast 56Internet Group Management

ZyWALL 5/35/70 Series User’s Guide799 IndexMIME 269MIME Header 272MIME Headers 266MIME Value 272Modifications 3MSDU 541Multicast 108, 110, 172, 519,

ZyWALL 5/35/70 Series User’s Guide Customer Support [email protected] +48-22-5286603 www.pl.zyxel.com ZyXEL Communications ul.Emilli Plater 53

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 80CHAPTER 3Wizard SetupThis chapter provides information on the Wizard Setup screens in the w

ZyWALL 5/35/70 Series User’s Guide Index 800Levels 244Policy-based Routing 392Polyphormic virus 254Pool 5POP2 265POP3 200, 265, 267, 269, 380Port Forw

ZyWALL 5/35/70 Series User’s Guide801 IndexReturn Material Authorization (RMA) Number 6Returned Products 6Returns 6RFC 1889 463RFC 3489 465Rights 2R

ZyWALL 5/35/70 Series User’s Guide Index 802SSH 53, 437SSH Implementation 438startup 724Stateful Inspection 53, 198, 199, 204, 205Process 205ZyWALL 20

ZyWALL 5/35/70 Series User’s Guide803 IndexUnsolicited Commercial E-mail 262Upload Firmware 617UPnP 54, 452UPnP Examples 455UPnP Port Mapping 454Upp

ZyWALL 5/35/70 Series User’s Guide81 Chapter 3 Wizard SetupFigure 15 ISP Parameters : Ethernet EncapsulationThe following table describes the label

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 823.2.1.2 PPPoE EncapsulationPoint-to-Point Protocol over Ethernet (PPPoE) functions as a di

ZyWALL 5/35/70 Series User’s Guide83 Chapter 3 Wizard Setup3.2.1.3 PPTP EncapsulationPoint-to-Point Tunneling Protocol (PPTP) is a network protocol

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 84Figure 17 ISP Parameters: PPTP EncapsulationThe following table describes the labels in t

ZyWALL 5/35/70 Series User’s Guide85 Chapter 3 Wizard Setup3.2.2 Internet Access Wizard: Second ScreenClick Next to go to the screen where you can r

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 86Figure 19 Internet Access Setup Complete3.2.3 Internet Access Wizard: RegistrationIf you

ZyWALL 5/35/70 Series User’s Guide87 Chapter 3 Wizard SetupThe following table describes the labels in this screen. Table 14 Internet Access Wizard

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 88Figure 22 Internet Access Wizard: StatusThe following screen appears if the registration

ZyWALL 5/35/70 Series User’s Guide89 Chapter 3 Wizard SetupFigure 25 Internet Access Wizard: Activated Services3.3 VPN Wizard Gateway SettingUse t

ZyWALL 5/35/70 Series User’s Guide9 Customer Support

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 90The following table describes the labels in this screen.Table 15 VPN Wizard: Gateway Sett

ZyWALL 5/35/70 Series User’s Guide91 Chapter 3 Wizard SetupFigure 27 VPN Wizard: Network SettingThe following table describes the labels in this sc

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 923.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1)Figure 28 VPN Wizard: IKE Tunnel SettingR

ZyWALL 5/35/70 Series User’s Guide93 Chapter 3 Wizard SetupThe following table describes the labels in this screen.Table 17 VPN Wizard: IKE Tunnel

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 943.6 VPN Wizard IPSec Setting (IKE Phase 2)Figure 29 VPN Wizard: IPSec SettingThe followi

ZyWALL 5/35/70 Series User’s Guide95 Chapter 3 Wizard Setup3.7 VPN Wizard Status SummaryThis read-only screen shows the status of the current VPN se

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 96Figure 30 VPN Wizard: VPN StatusThe following table describes the labels in this screen.T

ZyWALL 5/35/70 Series User’s Guide97 Chapter 3 Wizard SetupName This is the name of this VPN network policy.Network Policy SettingLocal NetworkStarti

ZyWALL 5/35/70 Series User’s GuideChapter 3 Wizard Setup 983.8 VPN Wizard Setup CompleteCongratulations! You have successfully set up the VPN rule af

ZyWALL 5/35/70 Series User’s Guide99 Chapter 3 Wizard Setup