ZyXEL Communications ZyWALL 70 Informações Técnicas

ZyWALL 1050 Support Notes 1 All contents copyright (c) 2006 ZyXEL Communications Corporation. ZyWALL 1050 Internet Security Appliance Supp

ZyWALL 1050 Support Notes 10 All contents copyright (c) 2006 ZyXEL Communications Corporation. User needs to configure the static IP address an

ZyWALL 1050 Support Notes 100 All contents copyright (c) 2006 ZyXEL Communications Corporation. CLI commands for reference: [0] isakmp policy

ZyWALL 1050 Support Notes 101 All contents copyright (c) 2006 ZyXEL Communications Corporation. [8] authentication pre-share [9] keystring 12345

ZyWALL 1050 Support Notes 102 All contents copyright (c) 2006 ZyXEL Communications Corporation. Note: In ZyWALL 1050-A, we use “Source NAT” to

ZyWALL 1050 Support Notes 103 All contents copyright (c) 2006 ZyXEL Communications Corporation. [0] crypto map IPsec1 [1] ipsec-isakmp IKE1 [2]

ZyWALL 1050 Support Notes 104 All contents copyright (c) 2006 ZyXEL Communications Corporation. Note: The purpose of this policy route is to d

ZyWALL 1050 Support Notes 105 All contents copyright (c) 2006 ZyXEL Communications Corporation. After the configuration is down, you will see

ZyWALL 1050 Support Notes 106 All contents copyright (c) 2006 ZyXEL Communications Corporation. [5] source Local_192_168_1 [6] destination Local

ZyWALL 1050 Support Notes 107 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5. The new firewall rule is available as shown

ZyWALL 1050 Support Notes 108 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2. Configuration on ZyWALL 1050-B (1). LAN/WAN

ZyWALL 1050 Support Notes 109 All contents copyright (c) 2006 ZyXEL Communications Corporation. [1] address-object Remote_192_168_3 192.168.3.0

ZyWALL 1050 Support Notes 11 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2 3 4) User can refer to the user guide to comp

ZyWALL 1050 Support Notes 110 All contents copyright (c) 2006 ZyXEL Communications Corporation. CLI commands for reference: [0] isakmp policy

ZyWALL 1050 Support Notes 111 All contents copyright (c) 2006 ZyXEL Communications Corporation. [8] authentication pre-share [9] keystring 12345

ZyWALL 1050 Support Notes 112 All contents copyright (c) 2006 ZyXEL Communications Corporation. . Note that we use Source NAT to change the VPN

ZyWALL 1050 Support Notes 113 All contents copyright (c) 2006 ZyXEL Communications Corporation. [2] encapsulation tunnel [3] transform-set esp-d

ZyWALL 1050 Support Notes 114 All contents copyright (c) 2006 ZyXEL Communications Corporation. After the configuration is down, you will see

ZyWALL 1050 Support Notes 115 All contents copyright (c) 2006 ZyXEL Communications Corporation. [2] no description [3] no user [4] no interface

ZyWALL 1050 Support Notes 116 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3. Configuration on ZyWALL 2 Plus (1). LAN Net

ZyWALL 1050 Support Notes 117 All contents copyright (c) 2006 ZyXEL Communications Corporation. ras> sys edit autoexec.net EDIT cmd: q(uit)

ZyWALL 1050 Support Notes 118 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3. At the same page of menu Security > VPN

ZyWALL 1050 Support Notes 119 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4. Configure the IPSec rule as following.

ZyWALL 1050 Support Notes 12 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5 The CLI commands for application: Local Gatew

ZyWALL 1050 Support Notes 120 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4. Configuration on ES-4024A (1). Create Two VL

ZyWALL 1050 Support Notes 121 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL 1050 Support Notes 122 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL 1050 Support Notes 123 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3. Switch to menu Advanced Application > VLA

ZyWALL 1050 Support Notes 124 All contents copyright (c) 2006 ZyXEL Communications Corporation. (2). Create Two Routing Domains Switch to menu B

ZyWALL 1050 Support Notes 125 All contents copyright (c) 2006 ZyXEL Communications Corporation. CLI commands for reference: vlan 2 name 2 no

ZyWALL 1050 Support Notes 126 All contents copyright (c) 2006 ZyXEL Communications Corporation. exit interface port-channel 12 pvid 2 exit int

ZyWALL 1050 Support Notes 127 All contents copyright (c) 2006 ZyXEL Communications Corporation. interface port-channel 24 pvid 3 exit interfac

ZyWALL 1050 Support Notes 128 All contents copyright (c) 2006 ZyXEL Communications Corporation. (2). Simulate the WAN connection of ZyWALL2 Pl

ZyWALL 1050 Support Notes 129 All contents copyright (c) 2006 ZyXEL Communications Corporation. The screen capture below shows you the dial bac

ZyWALL 1050 Support Notes 13 All contents copyright (c) 2006 ZyXEL Communications Corporation. Remote Gateway: [0] isakmp policy RemoteSite [1

ZyWALL 1050 Support Notes 130 All contents copyright (c) 2006 ZyXEL Communications Corporation. Then ZyWALL 2 Plus tries to establish VPN tunne

ZyWALL 1050 Support Notes 131 All contents copyright (c) 2006 ZyXEL Communications Corporation. Finally, the VPN tunnel has been successfully e

ZyWALL 1050 Support Notes 132 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.7 Device High Availability In the Global or m

ZyWALL 1050 Support Notes 133 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step by step configuration 1.7.1 Device HA 1.

ZyWALL 1050 Support Notes 134 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step2. We can check all the interface informati

ZyWALL 1050 Support Notes 135 All contents copyright (c) 2006 ZyXEL Communications Corporation. topology. ge1 ge2 ge3 ge4 ge5 LAN WAN1 WAN2 DMZ

ZyWALL 1050 Support Notes 136 All contents copyright (c) 2006 ZyXEL Communications Corporation. ge3 Fix IP: 220.123.133.2/255.255.255.0 Gateway

ZyWALL 1050 Support Notes 137 All contents copyright (c) 2006 ZyXEL Communications Corporation. ge1 Fix IP: 192.168.10.254/255.255.255.0 DHCP

ZyWALL 1050 Support Notes 138 All contents copyright (c) 2006 ZyXEL Communications Corporation. User’s pc network connection will disconnect

ZyWALL 1050 Support Notes 139 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step1. Switch to ZyWALL 1050 > Configuration

ZyWALL 1050 Support Notes 14 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.2 Extranet Deployment The VPN provides the acc

ZyWALL 1050 Support Notes 140 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step3. Check the interface overview table on t

ZyWALL 1050 Support Notes 141 All contents copyright (c) 2006 ZyXEL Communications Corporation. LAN_SUBNET. Step.2 ZyWALL 1050 will automatica

ZyWALL 1050 Support Notes 142 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step4. The PC in ZyWALL 1050 LAN subnet can c

ZyWALL 1050 Support Notes 143 All contents copyright (c) 2006 ZyXEL Communications Corporation. Setup the ge1 (LAN) VRRP group Setup the ge2 (

ZyWALL 1050 Support Notes 144 All contents copyright (c) 2006 ZyXEL Communications Corporation. Setup the ge3 (WAN2) VRRP group Setup the ge4

ZyWALL 1050 Support Notes 145 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step2. Connect the PC to Backup ZyWALL 1050 g

ZyWALL 1050 Support Notes 146 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step3. PC will get a new IP address after upd

ZyWALL 1050 Support Notes 147 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step4. Unplug the PC cable from Backup ZyWALL

ZyWALL 1050 Support Notes 148 All contents copyright (c) 2006 ZyXEL Communications Corporation. synchronize the configuration from the Master to

ZyWALL 1050 Support Notes 149 All contents copyright (c) 2006 ZyXEL Communications Corporation. Switch to ZyWALL 1050 > Maintenance > Log

ZyWALL 1050 Support Notes 15 All contents copyright (c) 2006 ZyXEL Communications Corporation. Juniper NetScreen series and others… 1.2.1 Site

ZyWALL 1050 Support Notes 150 All contents copyright (c) 2006 ZyXEL Communications Corporation. Setup the ge3 (WAN2) VRRP group Setup the ge4

ZyWALL 1050 Support Notes 151 All contents copyright (c) 2006 ZyXEL Communications Corporation. After these steps, the Device HA configuration

ZyWALL 1050 Support Notes 152 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step2. Setup the VPN Gateway. The ZyWALL 2 VPN

ZyWALL 1050 Support Notes 153 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step3. We have to add the local and remote add

ZyWALL 1050 Support Notes 154 All contents copyright (c) 2006 ZyXEL Communications Corporation. Set the range to 192.168.10.0 ~ 192.168.20.255

ZyWALL 1050 Support Notes 155 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step4. Setup the VPN connection. Setup the V

ZyWALL 1050 Support Notes 156 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step6. Connect the PC to ZyWALL 2 Plus and set

ZyWALL 1050 Support Notes 157 All contents copyright (c) 2006 ZyXEL Communications Corporation. Click the Add icon to edit the VPN Network Poli

ZyWALL 1050 Support Notes 158 All contents copyright (c) 2006 ZyXEL Communications Corporation. We will see the new VPN tunnel listed on the VPN

ZyWALL 1050 Support Notes 159 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.8 VoIP over VPN Main Office The VoIP line

ZyWALL 1050 Support Notes 16 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3) Login to ZyWALL70 and go to Security > VP

ZyWALL 1050 Support Notes 160 All contents copyright (c) 2006 ZyXEL Communications Corporation. Fix VoIP Line ApplicationBranch Office Main Off

ZyWALL 1050 Support Notes 161 All contents copyright (c) 2006 ZyXEL Communications Corporation. Switch to the Maintenance menu and check what

ZyWALL 1050 Support Notes 162 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1. Setup the SIP Number in the Branch Office.

ZyWALL 1050 Support Notes 163 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3. Setup the Branch Office SIP number and the

ZyWALL 1050 Support Notes 164 All contents copyright (c) 2006 ZyXEL Communications Corporation. after adding this record. We have finished the

ZyWALL 1050 Support Notes 165 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3. Setup the VPN tunnel to force the VoIP traf

ZyWALL 1050 Support Notes 166 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5. Switch to ZyWALL 1050 > Configuration &g

ZyWALL 1050 Support Notes 167 All contents copyright (c) 2006 ZyXEL Communications Corporation. 6. We have finished the VPN connection and rout

ZyWALL 1050 Support Notes 168 All contents copyright (c) 2006 ZyXEL Communications Corporation. 8. We also can use IDP to detect and intercept

ZyWALL 1050 Support Notes 169 All contents copyright (c) 2006 ZyXEL Communications Corporation. shown in the previous topology diagram. 2. Con

ZyWALL 1050 Support Notes 17 All contents copyright (c) 2006 ZyXEL Communications Corporation. ZyWALL70 local and remote policies are 192.168.2.

ZyWALL 1050 Support Notes 170 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2. Security Policy Enforcement What is a securit

ZyWALL 1050 Support Notes 171 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2.1.2 What does ZyWALL 1050 provide for manag

ZyWALL 1050 Support Notes 172 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2.1.3 Configuration Example Here we show you

ZyWALL 1050 Support Notes 173 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step by step configuration of ZW1050 is as follo

ZyWALL 1050 Support Notes 174 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4. Then press ‘OK’ button to complete the grou

ZyWALL 1050 Support Notes 175 All contents copyright (c) 2006 ZyXEL Communications Corporation. z Corresponding CLI commands for your refer

ZyWALL 1050 Support Notes 176 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4. Enable the service 5. Choose the classifi

ZyWALL 1050 Support Notes 177 All contents copyright (c) 2006 ZyXEL Communications Corporation. Corresponding CLI commands for your reference [

ZyWALL 1050 Support Notes 178 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2. Create a new policy route rule by clicking t

ZyWALL 1050 Support Notes 179 All contents copyright (c) 2006 ZyXEL Communications Corporation. [5] no tunnel [6] source LAN_SUBNET [7] destin

ZyWALL 1050 Support Notes 18 All contents copyright (c) 2006 ZyXEL Communications Corporation. tunnel and routing is built and user can start to

ZyWALL 1050 Support Notes 180 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5. Back to IDP > General, choose the IDP p

ZyWALL 1050 Support Notes 181 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL 1050 Support Notes 182 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2.2 Managing WLAN 2.2.1 Why the wireless netw

ZyWALL 1050 Support Notes 183 All contents copyright (c) 2006 ZyXEL Communications Corporation. We are going to complete the following setting

ZyWALL 1050 Support Notes 184 All contents copyright (c) 2006 ZyXEL Communications Corporation. Leave other fields as default and press ‘ok’ but

ZyWALL 1050 Support Notes 185 All contents copyright (c) 2006 ZyXEL Communications Corporation. Corresponding CLI commands for your reference [

ZyWALL 1050 Support Notes 186 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step4. Configure the LDAP server information.

ZyWALL 1050 Support Notes 187 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1. Go to menu Object > AAA server > LDAP

ZyWALL 1050 Support Notes 188 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4. For security reasons, those user’s attribut

ZyWALL 1050 Support Notes 189 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step5. Configure WWW Authentication Method 1.

ZyWALL 1050 Support Notes 19 All contents copyright (c) 2006 ZyXEL Communications Corporation. 9 10 The CLI command for application: ZyWALL 10

ZyWALL 1050 Support Notes 190 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step6. Define firewall ACL rule for different

ZyWALL 1050 Support Notes 191 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4. Configure a rule to allow employee access fr

ZyWALL 1050 Support Notes 192 All contents copyright (c) 2006 ZyXEL Communications Corporation. [5] no service [6] action allow [7] from Wire

ZyWALL 1050 Support Notes 193 All contents copyright (c) 2006 ZyXEL Communications Corporation. 7. Continue to configure WLAN-to-LAN, WLAN-to-DM

ZyWALL 1050 Support Notes 194 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2.3 Employee Internet Management (EIM) 2.3.1

ZyWALL 1050 Support Notes 195 All contents copyright (c) 2006 ZyXEL Communications Corporation. So we are going to complete the following sett

ZyWALL 1050 Support Notes 196 All contents copyright (c) 2006 ZyXEL Communications Corporation. ge2 or ge3 and on the GUI Home page check whethe

ZyWALL 1050 Support Notes 197 All contents copyright (c) 2006 ZyXEL Communications Corporation. Step2. Login the ZyWALL 1050’s GUI, Go to menu

ZyWALL 1050 Support Notes 198 All contents copyright (c) 2006 ZyXEL Communications Corporation. Click the modify icon to configure the trusted

ZyWALL 1050 Support Notes 199 All contents copyright (c) 2006 ZyXEL Communications Corporation. Then follow the similar configuration to create

ZyWALL 1050 Support Notes 2 All contents copyright (c) 2006 ZyXEL Communications Corporation. INDEX 1. Deploying VPN...

ZyWALL 1050 Support Notes 20 All contents copyright (c) 2006 ZyXEL Communications Corporation. [5] set pfs none [6] policy-enforcement [7] loca

ZyWALL 1050 Support Notes 200 All contents copyright (c) 2006 ZyXEL Communications Corporation. After it’s done, you will see two profiles as

ZyWALL 1050 Support Notes 201 All contents copyright (c) 2006 ZyXEL Communications Corporation. CLI commands for reference: [0] content-filter p

ZyWALL 1050 Support Notes 202 All contents copyright (c) 2006 ZyXEL Communications Corporation. CLI commands for reference: [0] address-object

ZyWALL 1050 Support Notes 203 All contents copyright (c) 2006 ZyXEL Communications Corporation. Then when Engineers try to surf Interface behind

ZyWALL 1050 Support Notes 204 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3. Seamless Incorporation With its robust networ

ZyWALL 1050 Support Notes 205 All contents copyright (c) 2006 ZyXEL Communications Corporation. To make this scenario works the follow the confi

ZyWALL 1050 Support Notes 206 All contents copyright (c) 2006 ZyXEL Communications Corporation. CLI to create this bridge interface: [0] interf

ZyWALL 1050 Support Notes 207 All contents copyright (c) 2006 ZyXEL Communications Corporation. Here we need to modify the “Next-Hop” from “WAN

ZyWALL 1050 Support Notes 208 All contents copyright (c) 2006 ZyXEL Communications Corporation. [12] exit Tips for application: Disable the Fi

ZyWALL 1050 Support Notes 209 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.1.2 NAT & Virtual Server Here is an exa

ZyWALL 1050 Support Notes 21 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.2.2 Interoperability – VPN with other vendor

ZyWALL 1050 Support Notes 210 All contents copyright (c) 2006 ZyXEL Communications Corporation. map any IP from the WAN port to our internal Web

ZyWALL 1050 Support Notes 211 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4) Switch to Configuration > Policy > Fire

ZyWALL 1050 Support Notes 212 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL 1050 Support Notes 213 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.2 Zone-based IDP Protection ZyWALL 1050 comes

ZyWALL 1050 Support Notes 214 All contents copyright (c) 2006 ZyXEL Communications Corporation. To fulfill the above scenario, you will need thr

ZyWALL 1050 Support Notes 215 All contents copyright (c) 2006 ZyXEL Communications Corporation. Tips: You do not need a Gateway here since thi

ZyWALL 1050 Support Notes 216 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2) Your final summary of the Ethernet Interfac

ZyWALL 1050 Support Notes 217 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5) Now go back to the Zone page and click th

ZyWALL 1050 Support Notes 218 All contents copyright (c) 2006 ZyXEL Communications Corporation. 7) Since GE5 is the only interface left, GE5

ZyWALL 1050 Support Notes 219 All contents copyright (c) 2006 ZyXEL Communications Corporation. 9) If your IDP is not licensed, go to the Reg

ZyWALL 1050 Support Notes 22 All contents copyright (c) 2006 ZyXEL Communications Corporation. Authentication :MD5 Key Group :DH1 Authentication

ZyWALL 1050 Support Notes 220 All contents copyright (c) 2006 ZyXEL Communications Corporation. 11) Here, all the Zones are shown. As you can

ZyWALL 1050 Support Notes 221 All contents copyright (c) 2006 ZyXEL Communications Corporation. [10] router ospf [11] exit CLI commands to crea

ZyWALL 1050 Support Notes 222 All contents copyright (c) 2006 ZyXEL Communications Corporation. [2] interface ge5 [3] exit CLI commands for a

ZyWALL 1050 Support Notes 223 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.3 Networking Partitioning Using VLAN Although

ZyWALL 1050 Support Notes 224 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1. Now we need to create three o make this sce

ZyWALL 1050 Support Notes 225 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3) By following the above steps you can create

ZyWALL 1050 Support Notes 226 All contents copyright (c) 2006 ZyXEL Communications Corporation. [1] no shutdown [2] port ge1 [3] vlan-id 10

ZyWALL 1050 Support Notes 227 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2) Give this zone whatever name you can unders

ZyWALL 1050 Support Notes 228 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4) Finally, click “OK” to apply your settings.

ZyWALL 1050 Support Notes 229 All contents copyright (c) 2006 ZyXEL Communications Corporation. The CLI commands to join VLAN10 to the Zone: [0

ZyWALL 1050 Support Notes 23 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4 5) Get back to the VPN configuration page ag

ZyWALL 1050 Support Notes 230 All contents copyright (c) 2006 ZyXEL Communications Corporation. 12) It is optional to give this rule a descrip

ZyWALL 1050 Support Notes 231 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3) Finally, click “Apply” to activate all your c

ZyWALL 1050 Support Notes 232 All contents copyright (c) 2006 ZyXEL Communications Corporation. [7] from Finance [8] to Secret [9] no log

ZyWALL 1050 Support Notes 233 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.4 Connecting Multiple ISP Links The standard o

ZyWALL 1050 Support Notes 234 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1) Login ZyWALL 1050 GUI and go to Configuration

ZyWALL 1050 Support Notes 235 All contents copyright (c) 2006 ZyXEL Communications Corporation. accounts here as well. Repeat the above steps to

ZyWALL 1050 Support Notes 236 All contents copyright (c) 2006 ZyXEL Communications Corporation. 6) Repeat the above steps to create the other

ZyWALL 1050 Support Notes 237 All contents copyright (c) 2006 ZyXEL Communications Corporation. of the WAN Zone. 8) Click the “+” icon to have

ZyWALL 1050 Support Notes 238 All contents copyright (c) 2006 ZyXEL Communications Corporation. 10) Second, we will need to add all three of o

ZyWALL 1050 Support Notes 239 All contents copyright (c) 2006 ZyXEL Communications Corporation. 12) Click on the to pick the right PPPoE inte

ZyWALL 1050 Support Notes 24 All contents copyright (c) 2006 ZyXEL Communications Corporation. 6 7) The VPN tunnel configuration is finished a

ZyWALL 1050 Support Notes 240 All contents copyright (c) 2006 ZyXEL Communications Corporation. CLI commands to create a PPPoE account [0] acc

ZyWALL 1050 Support Notes 241 All contents copyright (c) 2006 ZyXEL Communications Corporation. [6] account ISP1 [7] connectivity nail-up [8

ZyWALL 1050 Support Notes 242 All contents copyright (c) 2006 ZyXEL Communications Corporation. [4] no interface ge3 [5] no interface aux [6

ZyWALL 1050 Support Notes 243 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.4.2 Multiple fixed WAN links Besides multiple

ZyWALL 1050 Support Notes 244 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2) Since we are going to run static IP on GE4

ZyWALL 1050 Support Notes 245 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4) Delete GE4 from the DMZ Zone by clicking t

ZyWALL 1050 Support Notes 246 All contents copyright (c) 2006 ZyXEL Communications Corporation. 6) Click the “+” icon again to make the new i

ZyWALL 1050 Support Notes 247 All contents copyright (c) 2006 ZyXEL Communications Corporation. 8) After the Zone, we need to add GE4 into th

ZyWALL 1050 Support Notes 248 All contents copyright (c) 2006 ZyXEL Communications Corporation. 10) Click the box below to switch the interfac

ZyWALL 1050 Support Notes 249 All contents copyright (c) 2006 ZyXEL Communications Corporation. [1] ip address 211.192.23.41 255.255.255.0 [2]

ZyWALL 1050 Support Notes 25 All contents copyright (c) 2006 ZyXEL Communications Corporation. 10) We will setup the FortiGate to ZyWALL policy

ZyWALL 1050 Support Notes 250 All contents copyright (c) 2006 ZyXEL Communications Corporation. [6] interface ge3 [7] exit CLI commands to jo

ZyWALL 1050 Support Notes 251 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.4.3 Mixed types of WAN links Mixed types of WA

ZyWALL 1050 Support Notes 252 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2 On this screen, you can set a name for this

ZyWALL 1050 Support Notes 253 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4) Now, all the PPPoE accounts are created. Ou

ZyWALL 1050 Support Notes 254 All contents copyright (c) 2006 ZyXEL Communications Corporation. 6) Repeat the above steps to create the other t

ZyWALL 1050 Support Notes 255 All contents copyright (c) 2006 ZyXEL Communications Corporation. 7) Now all the PPPoE interfaces are created. But

ZyWALL 1050 Support Notes 256 All contents copyright (c) 2006 ZyXEL Communications Corporation. 10) Second, we will need to add all three of o

ZyWALL 1050 Support Notes 257 All contents copyright (c) 2006 ZyXEL Communications Corporation. 12) Click on the icon to pick the right PPPoE

ZyWALL 1050 Support Notes 258 All contents copyright (c) 2006 ZyXEL Communications Corporation. 14) By default, GE2 and GE3 were already in th

ZyWALL 1050 Support Notes 259 All contents copyright (c) 2006 ZyXEL Communications Corporation. [2] description ISP1 [3] mtu 1492 [4] upstre

ZyWALL 1050 Support Notes 26 All contents copyright (c) 2006 ZyXEL Communications Corporation. because the traffic sent from wan to internal mus

ZyWALL 1050 Support Notes 260 All contents copyright (c) 2006 ZyXEL Communications Corporation. CLI commands to bind all the WAN Links (PPPoE +

ZyWALL 1050 Support Notes 261 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3.5 Guaranteed Quality of Service Nowadays if yo

ZyWALL 1050 Support Notes 262 All contents copyright (c) 2006 ZyXEL Communications Corporation. SMTP Internet 400Kbps WWW 800Kbps WAN TrunkFTP

ZyWALL 1050 Support Notes 263 All contents copyright (c) 2006 ZyXEL Communications Corporation. 2) The description of the policy is optional.

ZyWALL 1050 Support Notes 264 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3) Repeat the above steps to create two more p

ZyWALL 1050 Support Notes 265 All contents copyright (c) 2006 ZyXEL Communications Corporation. Tips: Policy Route rules are based on first mat

ZyWALL 1050 Support Notes 266 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5) Modify the values of bandwidth and priority h

ZyWALL 1050 Support Notes 267 All contents copyright (c) 2006 ZyXEL Communications Corporation. CLI commands for the first SMTP policy route:

ZyWALL 1050 Support Notes 268 All contents copyright (c) 2006 ZyXEL Communications Corporation. [1] no deactivate [2] description NAT [3] no use

ZyWALL 1050 Support Notes 269 All contents copyright (c) 2006 ZyXEL Communications Corporation. FAQ A. Device Management FAQ A01. How can I conn

ZyWALL 1050 Support Notes 27 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.2.2.2 ZyWALL with NetScreen VPN Tunneling Th

ZyWALL 1050 Support Notes 270 All contents copyright (c) 2006 ZyXEL Communications Corporation. Then switch to menu Configuration > Policy &g

ZyWALL 1050 Support Notes 271 All contents copyright (c) 2006 ZyXEL Communications Corporation. management tasks in GUI? There may be several re

ZyWALL 1050 Support Notes 272 All contents copyright (c) 2006 ZyXEL Communications Corporation. correctly). If you do see the message, please

ZyWALL 1050 Support Notes 273 All contents copyright (c) 2006 ZyXEL Communications Corporation. B. Registration FAQ B01. Why do I need to do the

ZyWALL 1050 Support Notes 274 All contents copyright (c) 2006 ZyXEL Communications Corporation. C. File Manager FAQ C01. How can ZyWALL 1050 man

ZyWALL 1050 Support Notes 275 All contents copyright (c) 2006 ZyXEL Communications Corporation. get enough memory to upgrade firmware, you can p

ZyWALL 1050 Support Notes 276 All contents copyright (c) 2006 ZyXEL Communications Corporation. sure that you add the “configure terminal” in th

ZyWALL 1050 Support Notes 277 All contents copyright (c) 2006 ZyXEL Communications Corporation. servers, you may need to create your own LDAP/RA

ZyWALL 1050 Support Notes 278 All contents copyright (c) 2006 ZyXEL Communications Corporation. becoming disabled. E05. Why does the PPP interf

ZyWALL 1050 Support Notes 279 All contents copyright (c) 2006 ZyXEL Communications Corporation. F. Routing and NAT FAQ F01. How to add a policy

ZyWALL 1050 Support Notes 28 All contents copyright (c) 2006 ZyXEL Communications Corporation. Phase2 Encapsulation: Tunnel Active Protocol: ESP

ZyWALL 1050 Support Notes 280 All contents copyright (c) 2006 ZyXEL Communications Corporation. access web. Why? Your proxy server must support

ZyWALL 1050 Support Notes 281 All contents copyright (c) 2006 ZyXEL Communications Corporation. interface, ZyWALL 1050 will select this as defau

ZyWALL 1050 Support Notes 282 All contents copyright (c) 2006 ZyXEL Communications Corporation. activated to maintain the connectivity. Note: W

ZyWALL 1050 Support Notes 283 All contents copyright (c) 2006 ZyXEL Communications Corporation. G. VPN and Certificate G01. Why can't the V

ZyWALL 1050 Support Notes 284 All contents copyright (c) 2006 ZyXEL Communications Corporation. We need a policy route to notify the ZyWALL 10

ZyWALL 1050 Support Notes 285 All contents copyright (c) 2006 ZyXEL Communications Corporation. traffic. Please check the route rules of the rem

ZyWALL 1050 Support Notes 286 All contents copyright (c) 2006 ZyXEL Communications Corporation. H. Firewall FAQ H01. Why doesn’t my LAN to WAN o

ZyWALL 1050 Support Notes 287 All contents copyright (c) 2006 ZyXEL Communications Corporation. I. Application Patrol FAQ I01. What is Applicati

ZyWALL 1050 Support Notes 288 All contents copyright (c) 2006 ZyXEL Communications Corporation. Application Patrol configuration page? The portl

ZyWALL 1050 Support Notes 289 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL 1050 Support Notes 29 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4 5) To edit the IPSec rule, first set the gate

ZyWALL 1050 Support Notes 290 All contents copyright (c) 2006 ZyXEL Communications Corporation. J. lDP FAQ J01. Why doesn’t the IDP work? Why ha

ZyWALL 1050 Support Notes 291 All contents copyright (c) 2006 ZyXEL Communications Corporation. J05. If I want to use IDP service, will it is en

ZyWALL 1050 Support Notes 292 All contents copyright (c) 2006 ZyXEL Communications Corporation. K. Content Filtering FAQ K01. Why can’t I enable

ZyWALL 1050 Support Notes 293 All contents copyright (c) 2006 ZyXEL Communications Corporation. L. Device HA FAQ L01. What does the “Preempt” me

ZyWALL 1050 Support Notes 294 All contents copyright (c) 2006 ZyXEL Communications Corporation. M. User Management FAQ M01. What is the differen

ZyWALL 1050 Support Notes 295 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3. Another account was used to login from the s

ZyWALL 1050 Support Notes 296 All contents copyright (c) 2006 ZyXEL Communications Corporation. Configuration > User/Group > User tab as b

ZyWALL 1050 Support Notes 297 All contents copyright (c) 2006 ZyXEL Communications Corporation. N. Centralized Log FAQ N01. Why can’t I enable e

ZyWALL 1050 Support Notes 298 All contents copyright (c) 2006 ZyXEL Communications Corporation. O. Traffic Statistics FAQ O01. When I use "

ZyWALL 1050 Support Notes 3 All contents copyright (c) 2006 ZyXEL Communications Corporation. 3. Seamless Incorporation...

ZyWALL 1050 Support Notes 30 All contents copyright (c) 2006 ZyXEL Communications Corporation. 6 7) On Security Level settings, we can set up

ZyWALL 1050 Support Notes 31 All contents copyright (c) 2006 ZyXEL Communications Corporation. 7 8) After applying the previous settings, the

ZyWALL 1050 Support Notes 32 All contents copyright (c) 2006 ZyXEL Communications Corporation. 10 11) In Security Level settings, choose the o

ZyWALL 1050 Support Notes 33 All contents copyright (c) 2006 ZyXEL Communications Corporation. 11 12) After applying the settings, the VPN IKE

ZyWALL 1050 Support Notes 34 All contents copyright (c) 2006 ZyXEL Communications Corporation. 14) Assign a name to this policy, for example “VP

ZyWALL 1050 Support Notes 35 All contents copyright (c) 2006 ZyXEL Communications Corporation. 15 16) Move the added policy rules to the top, s

ZyWALL 1050 Support Notes 36 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.2.2.3 ZyWALL with SonicWall VPN Tunneling T

ZyWALL 1050 Support Notes 37 All contents copyright (c) 2006 ZyXEL Communications Corporation. Phase2 Encapsulation: Tunnel Active Protocol: ESP

ZyWALL 1050 Support Notes 38 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4) Switch to VPN > Settings, check Enable VP

ZyWALL 1050 Support Notes 39 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5) Click the tab General, to bring the Security

ZyWALL 1050 Support Notes 4 All contents copyright (c) 2006 ZyXEL Communications Corporation. C05. How to write a shell script?...

ZyWALL 1050 Support Notes 40 All contents copyright (c) 2006 ZyXEL Communications Corporation. 6) Switch to Network tab to configure the local

ZyWALL 1050 Support Notes 41 All contents copyright (c) 2006 ZyXEL Communications Corporation. 7) The name for this object can be for example

ZyWALL 1050 Support Notes 42 All contents copyright (c) 2006 ZyXEL Communications Corporation. 8) Switch to Proposals tab. In IKE (Phase1) pro

ZyWALL 1050 Support Notes 43 All contents copyright (c) 2006 ZyXEL Communications Corporation. 9) Switch to Advanced tab. In the setting VPN p

ZyWALL 1050 Support Notes 44 All contents copyright (c) 2006 ZyXEL Communications Corporation. 11) Ping the remote host to dial up the tunnel. W

ZyWALL 1050 Support Notes 45 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.3 Remote Access VPN Remote Access VPN provides

ZyWALL 1050 Support Notes 46 All contents copyright (c) 2006 ZyXEL Communications Corporation. So we are going to complete the following tasks

ZyWALL 1050 Support Notes 47 All contents copyright (c) 2006 ZyXEL Communications Corporation. Phase2 Encapsulation: Tunnel Active Protocol: ESP

ZyWALL 1050 Support Notes 48 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4) To create a VPN rule, go to Configuration &g

ZyWALL 1050 Support Notes 49 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5) Go to remote host to configure ZyXEL VPN Cl

ZyWALL 1050 Support Notes 5 All contents copyright (c) 2006 ZyXEL Communications Corporation. H. Firewall FAQ...

ZyWALL 1050 Support Notes 50 All contents copyright (c) 2006 ZyXEL Communications Corporation. In My Identity, select local ID type as Any.

ZyWALL 1050 Support Notes 51 All contents copyright (c) 2006 ZyXEL Communications Corporation. The last step is to go to Security Policy to con

ZyWALL 1050 Support Notes 52 All contents copyright (c) 2006 ZyXEL Communications Corporation. The CLI commands for application: Address Obje

ZyWALL 1050 Support Notes 53 All contents copyright (c) 2006 ZyXEL Communications Corporation. VPN Connection: [0] crypto map remoteaccess [

ZyWALL 1050 Support Notes 54 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.4 Large-scale VPN Deployment With the business

ZyWALL 1050 Support Notes 55 All contents copyright (c) 2006 ZyXEL Communications Corporation. Tunnel 1: London ÅVPN ÆMadrid Tunnel 2: London ÅV

ZyWALL 1050 Support Notes 56 All contents copyright (c) 2006 ZyXEL Communications Corporation. The ZyWALL1050 supports Star topology via the

ZyWALL 1050 Support Notes 57 All contents copyright (c) 2006 ZyXEL Communications Corporation. ~ LAN: 192.168.119.0/24 Phase 1 Negotiation Mod

ZyWALL 1050 Support Notes 58 All contents copyright (c) 2006 ZyXEL Communications Corporation. group is used as a policy route destination crite

ZyWALL 1050 Support Notes 59 All contents copyright (c) 2006 ZyXEL Communications Corporation. NL site policy route for VPN traffic, this policy

ZyWALL 1050 Support Notes 6 All contents copyright (c) 2006 ZyXEL Communications Corporation. N. Centralized Log FAQ ...

ZyWALL 1050 Support Notes 60 All contents copyright (c) 2006 ZyXEL Communications Corporation. Encryption :DES Authentication :MD5 Key Group :DH

ZyWALL 1050 Support Notes 61 All contents copyright (c) 2006 ZyXEL Communications Corporation. Setup the HQ VPN connection for all the remote

ZyWALL 1050 Support Notes 62 All contents copyright (c) 2006 ZyXEL Communications Corporation. concentrator. If this tunnel is already included

ZyWALL 1050 Support Notes 63 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL 1050 Support Notes 64 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.4.3 Star-Mesh Mixed Topology Taipei In a St

ZyWALL 1050 Support Notes 65 All contents copyright (c) 2006 ZyXEL Communications Corporation. Asia Region VPN Concentrator Europe Region VPN C

ZyWALL 1050 Support Notes 66 All contents copyright (c) 2006 ZyXEL Communications Corporation. Remote Policy: 192.168.0.0/16 ZyWALL35 WAN: 179.2

ZyWALL 1050 Support Notes 67 All contents copyright (c) 2006 ZyXEL Communications Corporation. Based on the VPN configuration parameter table t

ZyWALL 1050 Support Notes 68 All contents copyright (c) 2006 ZyXEL Communications Corporation. Please make sure to activate the “VPN rules skip

ZyWALL 1050 Support Notes 69 All contents copyright (c) 2006 ZyXEL Communications Corporation. Asia Regional Center ZyWALL 1050 interface and VP

ZyWALL 1050 Support Notes 7 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1. Deploying VPN VPN (Virtual Private Network) all

ZyWALL 1050 Support Notes 70 All contents copyright (c) 2006 ZyXEL Communications Corporation. The address object AsiaRegion (192.168.10.0 –

ZyWALL 1050 Support Notes 71 All contents copyright (c) 2006 ZyXEL Communications Corporation. After configuration, there will be three VPN g

ZyWALL 1050 Support Notes 72 All contents copyright (c) 2006 ZyXEL Communications Corporation. Now, we have already successfully added thre

ZyWALL 1050 Support Notes 73 All contents copyright (c) 2006 ZyXEL Communications Corporation. The remote regional center ZyWALL 1050 VPN co

ZyWALL 1050 Support Notes 74 All contents copyright (c) 2006 ZyXEL Communications Corporation. Phase2 Encapsulation: Tunnel Active Protocol: ESP

ZyWALL 1050 Support Notes 75 All contents copyright (c) 2006 ZyXEL Communications Corporation. Remember to activate “VPN rules skip applying to

ZyWALL 1050 Support Notes 76 All contents copyright (c) 2006 ZyXEL Communications Corporation. After we finish the configuration of ZyWALL 2 Plu

ZyWALL 1050 Support Notes 77 All contents copyright (c) 2006 ZyXEL Communications Corporation. We have to pre-configure some address objects for

ZyWALL 1050 Support Notes 78 All contents copyright (c) 2006 ZyXEL Communications Corporation. After configuration, there will be three VPN ga

ZyWALL 1050 Support Notes 79 All contents copyright (c) 2006 ZyXEL Communications Corporation. Assign a name to this concentrator and then clic

ZyWALL 1050 Support Notes 8 All contents copyright (c) 2006 ZyXEL Communications Corporation. traffic across multiple remote sites without compl

ZyWALL 1050 Support Notes 80 All contents copyright (c) 2006 ZyXEL Communications Corporation.

ZyWALL 1050 Support Notes 81 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.5 Access via Central Site 1.5.1 VPN Tunnel

ZyWALL 1050 Support Notes 82 All contents copyright (c) 2006 ZyXEL Communications Corporation. Branch Office The network topology below is

ZyWALL 1050 Support Notes 83 All contents copyright (c) 2006 ZyXEL Communications Corporation. VPN configuration table Main office – ZyWALL

ZyWALL 1050 Support Notes 84 All contents copyright (c) 2006 ZyXEL Communications Corporation. Phase2 Encapsulation: Tunnel Active Protocol: ESP

ZyWALL 1050 Support Notes 85 All contents copyright (c) 2006 ZyXEL Communications Corporation. Configure the other address object VPN_LAN

ZyWALL 1050 Support Notes 86 All contents copyright (c) 2006 ZyXEL Communications Corporation. 4) Go to Configuration > Network > IPSec

ZyWALL 1050 Support Notes 87 All contents copyright (c) 2006 ZyXEL Communications Corporation. Try to click the connect icon to confirm the VPN

ZyWALL 1050 Support Notes 88 All contents copyright (c) 2006 ZyXEL Communications Corporation. The CLI commands for application: Address Obje

ZyWALL 1050 Support Notes 89 All contents copyright (c) 2006 ZyXEL Communications Corporation. [9] no nail-up [10] no replay-detection [11] no

ZyWALL 1050 Support Notes 9 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.1 Extended Intranets The ZyXEL VPN solutions pr

ZyWALL 1050 Support Notes 90 All contents copyright (c) 2006 ZyXEL Communications Corporation. Go to the Associated Network Policies of this r

ZyWALL 1050 Support Notes 91 All contents copyright (c) 2006 ZyXEL Communications Corporation. ZyWALL1050 B configuration 1) Login the ZyWALL

ZyWALL 1050 Support Notes 92 All contents copyright (c) 2006 ZyXEL Communications Corporation. (WAN_TRUNK). After we finish the setting in ZyWA

ZyWALL 1050 Support Notes 93 All contents copyright (c) 2006 ZyXEL Communications Corporation. 1.6 Multiple Entry Point (MEP) To ensure high rel

ZyWALL 1050 Support Notes 94 All contents copyright (c) 2006 ZyXEL Communications Corporation. Here, we simulate the topology as on the follow

ZyWALL 1050 Support Notes 95 All contents copyright (c) 2006 ZyXEL Communications Corporation. For this scenario, we need the following device

ZyWALL 1050 Support Notes 96 All contents copyright (c) 2006 ZyXEL Communications Corporation. traffic to go back through the original path(FTP

ZyWALL 1050 Support Notes 97 All contents copyright (c) 2006 ZyXEL Communications Corporation. Encapsulation Tunnel Tunnel Tunnel Active Proto

ZyWALL 1050 Support Notes 98 All contents copyright (c) 2006 ZyXEL Communications Corporation. 5. Create another one for the network for traffic

ZyWALL 1050 Support Notes 99 All contents copyright (c) 2006 ZyXEL Communications Corporation. [0] address-object Local_192_168_1 192.168.1.0 25