ZyXEL Communications 10 Manual do Utilizador

ZyWALL SSL 10 Support Notes 1 All contents copyright (c) 2006 ZyXEL Communications Corporation. ZyWALL SSL 10 Integrated SSL-VPN Appliance

ZyWALL SSL 10 Support Notes 10 All contents copyright (c) 2006 ZyXEL Communications Corporation. Note: However, if you have configured a port

ZyWALL SSL 10 Support Notes 100 All contents copyright (c) 2006 ZyXEL Communications Corporation. single user profile where you can manage all

ZyWALL SSL 10 Support Notes 101 All contents copyright (c) 2006 ZyXEL Communications Corporation. D03. SSL VPN vs. PPTP VPN? Here we compare th

ZyWALL SSL 10 Support Notes 102 All contents copyright (c) 2006 ZyXEL Communications Corporation. E2. What are the checking items of EPC on ZyW

ZyWALL SSL 10 Support Notes 11 All contents copyright (c) 2006 ZyXEL Communications Corporation. Configuration on ZyWALL SSL 10 1) Access ZyWA

ZyWALL SSL 10 Support Notes 12 All contents copyright (c) 2006 ZyXEL Communications Corporation. But if it’s not your first time to configure

ZyWALL SSL 10 Support Notes 13 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL SSL 10 Support Notes 14 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5) Then choose "Static" for the devi

ZyWALL SSL 10 Support Notes 15 All contents copyright (c) 2006 ZyXEL Communications Corporation. 7) Then configure the VPN network and the rem

ZyWALL SSL 10 Support Notes 16 All contents copyright (c) 2006 ZyXEL Communications Corporation. 8) Then the system will remind you to rememb

ZyWALL SSL 10 Support Notes 17 All contents copyright (c) 2006 ZyXEL Communications Corporation. 10) Enter the necessary information to regist

ZyWALL SSL 10 Support Notes 18 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step1: Assume the PC_A is an Internet host whi

ZyWALL SSL 10 Support Notes 19 All contents copyright (c) 2006 ZyXEL Communications Corporation. The user can open the application tool to ac

ZyWALL SSL 10 Support Notes 2 All contents copyright (c) 2006 ZyXEL Communications Corporation. INDEX 1. Deployment...

ZyWALL SSL 10 Support Notes 20 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.2 NAT Mode 1.2.1 Deploy ZYWALL SSL 10 at

ZyWALL SSL 10 Support Notes 21 All contents copyright (c) 2006 ZyXEL Communications Corporation. tunnel after user pass the SSL authentication.

ZyWALL SSL 10 Support Notes 22 All contents copyright (c) 2006 ZyXEL Communications Corporation. Note2: Please ensure you turn on JavaScript an

ZyWALL SSL 10 Support Notes 23 All contents copyright (c) 2006 ZyXEL Communications Corporation. But if it’s not your first time to configure Z

ZyWALL SSL 10 Support Notes 24 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5) In this example, we choose “Static” for the

ZyWALL SSL 10 Support Notes 25 All contents copyright (c) 2006 ZyXEL Communications Corporation. 7) In this example, we create one SSL VPN us

ZyWALL SSL 10 Support Notes 26 All contents copyright (c) 2006 ZyXEL Communications Corporation. 8) Then configure the VPN network and the remo

ZyWALL SSL 10 Support Notes 27 All contents copyright (c) 2006 ZyXEL Communications Corporation. 9) It will give you a summery for the ZyWALL S

ZyWALL SSL 10 Support Notes 28 All contents copyright (c) 2006 ZyXEL Communications Corporation. 10) Enter the necessary information to registe

ZyWALL SSL 10 Support Notes 29 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2. Integrated Application The authenticati

ZyWALL SSL 10 Support Notes 3 All contents copyright (c) 2006 ZyXEL Communications Corporation. A10. Does ZyWALL support dynamic IP addressing?

ZyWALL SSL 10 Support Notes 30 All contents copyright (c) 2006 ZyXEL Communications Corporation. There are different access resources avai

ZyWALL SSL 10 Support Notes 31 All contents copyright (c) 2006 ZyXEL Communications Corporation. configuration page. There are two main block f

ZyWALL SSL 10 Support Notes 32 All contents copyright (c) 2006 ZyXEL Communications Corporation. Please switch to User/Group configuration page

ZyWALL SSL 10 Support Notes 33 All contents copyright (c) 2006 ZyXEL Communications Corporation. Finally, adding the outsider group. We can ch

ZyWALL SSL 10 Support Notes 34 All contents copyright (c) 2006 ZyXEL Communications Corporation. There are three SSL application type

ZyWALL SSL 10 Support Notes 35 All contents copyright (c) 2006 ZyXEL Communications Corporation. Application: Select the Application from

ZyWALL SSL 10 Support Notes 36 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL SSL 10 Support Notes 37 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2.2.2 VPN Network Object Please switch

ZyWALL SSL 10 Support Notes 38 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2.2.3 Endpoint Security Object End

ZyWALL SSL 10 Support Notes 39 All contents copyright (c) 2006 ZyXEL Communications Corporation. Outsider Endpoint Security Policy:

ZyWALL SSL 10 Support Notes 4 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1. Deployment SSL topology encapsulates the sen

ZyWALL SSL 10 Support Notes 40 All contents copyright (c) 2006 ZyXEL Communications Corporation. Sales Endpoint Security Policy: Norma

ZyWALL SSL 10 Support Notes 41 All contents copyright (c) 2006 ZyXEL Communications Corporation. RD Endpoint Security Policy: RD needs

ZyWALL SSL 10 Support Notes 42 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2.2.4 Private IP Pool Object Privat

ZyWALL SSL 10 Support Notes 43 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2.3 SSL Policy Configuration After perviou

ZyWALL SSL 10 Support Notes 44 All contents copyright (c) 2006 ZyXEL Communications Corporation. They are only allowed to use the we

ZyWALL SSL 10 Support Notes 45 All contents copyright (c) 2006 ZyXEL Communications Corporation. They are only allowed to use the web applicati

ZyWALL SSL 10 Support Notes 46 All contents copyright (c) 2006 ZyXEL Communications Corporation. private IP pool to connect with VPN network.

ZyWALL SSL 10 Support Notes 47 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3. SSL VPN Solution In the chapter one,

ZyWALL SSL 10 Support Notes 48 All contents copyright (c) 2006 ZyXEL Communications Corporation. Background Story: ZyCompany has a security c

ZyWALL SSL 10 Support Notes 49 All contents copyright (c) 2006 ZyXEL Communications Corporation. To achieve this, we have to complete the follo

ZyWALL SSL 10 Support Notes 5 All contents copyright (c) 2006 ZyXEL Communications Corporation. The network topology above is used to ill

ZyWALL SSL 10 Support Notes 50 All contents copyright (c) 2006 ZyXEL Communications Corporation. However, if you found it’s “Reject” or “Drop

ZyWALL SSL 10 Support Notes 51 All contents copyright (c) 2006 ZyXEL Communications Corporation. WAN IP address depending on server access sett

ZyWALL SSL 10 Support Notes 52 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step4. Register and enable AV/IDP functions

ZyWALL SSL 10 Support Notes 53 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1. In IDP->General, check the Enable Intr

ZyWALL SSL 10 Support Notes 54 All contents copyright (c) 2006 ZyXEL Communications Corporation. Note: Remember to make sure the AV signature

ZyWALL SSL 10 Support Notes 55 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL SSL 10 Support Notes 56 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.2 Seamless Integrate SSL VPN into your exist

ZyWALL SSL 10 Support Notes 57 All contents copyright (c) 2006 ZyXEL Communications Corporation. Configuration information in this example:

ZyWALL SSL 10 Support Notes 58 All contents copyright (c) 2006 ZyXEL Communications Corporation. Configuration on ZyWALL SSL10 Please refer to

ZyWALL SSL 10 Support Notes 59 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1) Configure the static Public IP address to

ZyWALL SSL 10 Support Notes 6 All contents copyright (c) 2006 ZyXEL Communications Corporation. Configuration information in this example: Z

ZyWALL SSL 10 Support Notes 60 All contents copyright (c) 2006 ZyXEL Communications Corporation. (PPPoE with dynamic IP assignment). 4) Con

ZyWALL SSL 10 Support Notes 61 All contents copyright (c) 2006 ZyXEL Communications Corporation. Gateway). NAT routers sit on the border betwe

ZyWALL SSL 10 Support Notes 62 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1) UDP 500 (IKE) must be forwarded to ZyWALL

ZyWALL SSL 10 Support Notes 63 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5) On peer VPN gateway, use the public WAN IP

ZyWALL SSL 10 Support Notes 64 All contents copyright (c) 2006 ZyXEL Communications Corporation. Note: However, if you have to configure the

ZyWALL SSL 10 Support Notes 65 All contents copyright (c) 2006 ZyXEL Communications Corporation. Security Policy Configuration for SSL VPN tra

ZyWALL SSL 10 Support Notes 66 All contents copyright (c) 2006 ZyXEL Communications Corporation. available in IDP/AV and AS General configurati

ZyWALL SSL 10 Support Notes 67 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.3 Integration: SonicWALL+ZyWALL SSL10 We wou

ZyWALL SSL 10 Support Notes 68 All contents copyright (c) 2006 ZyXEL Communications Corporation. y ZyWALL SSL10’s WAN ÅÆ SonicWALL’s OPT port

ZyWALL SSL 10 Support Notes 69 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step3. Setup the port forwarding for SSL tr

ZyWALL SSL 10 Support Notes 7 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2) Go to the GUI > Network > DMZ > P

ZyWALL SSL 10 Support Notes 70 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step5. Access https://172.120.1.10 from an I

ZyWALL SSL 10 Support Notes 71 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.4 Integration: Netscreen+ZyWALL SSL10 We wou

ZyWALL SSL 10 Support Notes 72 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1) Connect the Ethernet cables as following y

ZyWALL SSL 10 Support Notes 73 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4) Configure it as following figure. So any in

ZyWALL SSL 10 Support Notes 74 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3) Configure the destination NAT setting as fo

ZyWALL SSL 10 Support Notes 75 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.5 Integration with NSA-2400 for file sharing

ZyWALL SSL 10 Support Notes 76 All contents copyright (c) 2006 ZyXEL Communications Corporation. See the following step-by-step configuration.

ZyWALL SSL 10 Support Notes 77 All contents copyright (c) 2006 ZyXEL Communications Corporation. Note: It’s better to path by click the Brows

ZyWALL SSL 10 Support Notes 78 All contents copyright (c) 2006 ZyXEL Communications Corporation. Configuration on ZyWALL SSL10 Step1. Pleas

ZyWALL SSL 10 Support Notes 79 All contents copyright (c) 2006 ZyXEL Communications Corporation. Configuration on ZyWALL UTM Step1. Create p

ZyWALL SSL 10 Support Notes 8 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4) Go to the GUI > Network > LAN, conf

ZyWALL SSL 10 Support Notes 80 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step2. Make sure firewall rule allow SSL traf

ZyWALL SSL 10 Support Notes 81 All contents copyright (c) 2006 ZyXEL Communications Corporation. UTM’s HTTPS management port number from port 4

ZyWALL SSL 10 Support Notes 82 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step4. Allow NetBIOS between WAN and DMZ, D

ZyWALL SSL 10 Support Notes 83 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2) Enter the information as below. Note the

ZyWALL SSL 10 Support Notes 84 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3) You will enter the portal, continue to cl

ZyWALL SSL 10 Support Notes 85 All contents copyright (c) 2006 ZyXEL Communications Corporation. 6) Enter the username and password, you will

ZyWALL SSL 10 Support Notes 86 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4. Best Practice: Stronger Password Security

ZyWALL SSL 10 Support Notes 87 All contents copyright (c) 2006 ZyXEL Communications Corporation. Note: To use two-factor authentication, it’s r

ZyWALL SSL 10 Support Notes 88 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step3. Setup AAA server 1) Go to GUI > Sy

ZyWALL SSL 10 Support Notes 89 All contents copyright (c) 2006 ZyXEL Communications Corporation. Configuration on Authenex Server 1). Conne

ZyWALL SSL 10 Support Notes 9 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step3. Check if UTM functions (ex. Firewall, An

ZyWALL SSL 10 Support Notes 90 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2). Go to Server Configuration > Add NAS E

ZyWALL SSL 10 Support Notes 91 All contents copyright (c) 2006 ZyXEL Communications Corporation. Then edit the user and check the Assign only

ZyWALL SSL 10 Support Notes 92 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5). Go to Manage A-Keys > Search A-Keys, se

ZyWALL SSL 10 Support Notes 93 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2). After successful login, you could see the

ZyWALL SSL 10 Support Notes 94 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5. FAQ A. ZyWALL General FAQ A01. How to acces

ZyWALL SSL 10 Support Notes 95 All contents copyright (c) 2006 ZyXEL Communications Corporation. A05. Does the ZyWALL support PPPoE? Yes. The Z

ZyWALL SSL 10 Support Notes 96 All contents copyright (c) 2006 ZyXEL Communications Corporation. A09. What can we do with ZyWALL? Browse the

ZyWALL SSL 10 Support Notes 97 All contents copyright (c) 2006 ZyXEL Communications Corporation. dynamic IP address. Suppose your company'

ZyWALL SSL 10 Support Notes 98 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1. Check if the 'MAC address' is va

ZyWALL SSL 10 Support Notes 99 All contents copyright (c) 2006 ZyXEL Communications Corporation. B. Firmware Upgrade FAQ B01. How to perform th