Manuel d'utilisation / d'entretien du produit 1100 du fabricant ZyXEL Communications
Aller à la page of 562
Quick Start Guide www .zyxel.com ZyWALL 110/310/1100 Series VPN Firewall V e rsion 3.10 Edition 2, 02/2013 Copyright © 2013 Z yXEL Communications Corpor ation User’s Guide Default Login Details LAN P ort IP Address https://192.
ZyWALL 110/310/1100 Series User’s Guide 2 IMPORT ANT! READ CAREFULL Y BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Gu ide for a series of products.
ZyWALL 110/310/1100 Se ries User’s Guide 3 Chapter 1 Introduction ................................................. ..................................................... ............. ...................... 17 1.1 Overview ................ ... ... .
ZyWALL 110/310/1100 Series User’s Guide 4 4.3.5 VPN Express W izard - Summa ry ... ... .... ............. ... ... ... ............. ... .... ... ............. ... ... ... ............. . 51 4.3.6 VPN Express W izard - Fini sh .......................
ZyWALL 110/310/1100 Se ries User’s Guide 5 6.9.1 More Information .......... ... ... .... ... ... ... ... ............. .... ... ... ... .... ... ............. ... ... ... .... ... ... ....... ............ . 95 6.10 USB S torage Screen .. ..........
ZyWALL 110/310/1100 Series User’s Guide 6 8.2 The Trunk Summary Screen .. ................ ................ ............. ................ ................ ............. ...... ......... 180 8.2.1 Configuring a User-Defined T runk .......... ... ...
ZyWALL 110/310/1100 Se ries User’s Guide 7 Chapter 13 NA T .......................................... ............................................................... ................... ......................... 221 13.1 NA T O verview .............
ZyWALL 110/310/1100 Series User’s Guide 8 Chapter 18 Authentication Policy ........................................... ........... .......... .......................................... ............. 253 18.1 Overview ....... ................ .......
ZyWALL 110/310/1100 Se ries User’s Guide 9 Chapter 21 SSL VPN ........................................................................... ............................................. .................... 317 21.1 Overview ....... ................ .
ZyWALL 110/310/1100 Series User’s Guide 10 24.1.2 What Y ou Need to Know ....... ............ ............. .......... ............. ............. ............. ............. .... .... 345 24.2 L2TP VPN Screen ...................... .... ... ... ...
ZyWALL 110/310/1100 Se ries User’s Guide 11 28.2.1 IPv4 Address Add/ Edit Screen ...... ................ ............. ................ ............. ................ ........... . 386 28.2.2 IPv6 Address Add/ Edit Screen ...... ................ ...
ZyWALL 110/310/1100 Series User’s Guide 12 32.2 Authentication Method Ob jects ............... ............. ................ ............. ................ ............. ...... ......... 410 32.2.1 Creating an Authenticatio n Method Ob jec t .... .
ZyWALL 110/310/1100 Se ries User’s Guide 13 Chapter 37 System .............................................. ................................................................ ........... ...................... 443 37.1 Overview ....... ..............
ZyWALL 110/310/1100 Series User’s Guide 14 37.12 Language Screen ............... ................ ............. ................ ................ ............. ................ ....... ........ 483 37.13 IPv6 Screen .............. ... .... ... ... .
ZyWALL 110/310/1100 Se ries User’s Guide 15 Chapter 42 Reboot .................................... .................................................... ................................. ...................... 525 42.1 Overview ....... ..............
ZyWALL 110/310/1100 Series User’s Guide 16.
ZyWALL 110/310/1100 Se ries User’s Guide 17 C HAPTER 1 Introduction 1.1 Overview Note: This he lp covers the followin g ZyW A L L mo dels and refers to them all as “Z yWALL” . Featur es and interface names v ary by model. K e y fe ature di ffe re nces be tw ee n Z yWALL mod els are as follows.
Chapter 1 Introduction ZyWALL 110/310/1100 Series User’s Guide 18 Figure 2 Applications: VPN Connectivity SSL VPN Network Access SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution.
Chapter 1 Introduction ZyWALL 110/310/1100 Se ries User’s Guide 19 Figure 4 Applications: User-A ware Access Control Load Balancing Set up multiple connections to the Internet on th e same port, or different ports, including cellular interfaces. In either case, you can ba lance the tr affic loads between them.
Chapter 1 Introduction ZyWALL 110/310/1100 Series User’s Guide 20 Command-Line Interface (CLI) The CLI allows you to use text -based commands to configure the Z yWALL. Access it using remote management (for example, SSH or T elnet) or via the physical or W eb Configurator console port.
Chapter 1 Introduction ZyWALL 110/310/1100 Se ries User’s Guide 21 4 Click Login . If you logged in using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. 5 Follow the directions in the Update Admin Info screen.
Chapter 1 Introduction ZyWALL 110/310/1100 Series User’s Guide 22 The title bar icons in the upper right corner pro vide the following functions. About Click About to display basic information about the ZyWALL. Figure 8 About Site Map Click Site MAP to see an overview of links to the W eb Configur ator screens.
Chapter 1 Introduction ZyWALL 110/310/1100 Se ries User’s Guide 23 Figure 9 Site Map Object R eference Click Object Refe rence to open the Object Reference screen. Selec t the type of object and the individual object and click Refresh to show which configur ation settings reference the object.
Chapter 1 Introduction ZyWALL 110/310/1100 Series User’s Guide 24 Console Click Console to open a Java-based console wi ndow from which you can run C LI commands. Y ou will be prompted to enter your user name and password. See the Command Re ference Guide for information about the commands.
Chapter 1 Introduction ZyWALL 110/310/1100 Se ries User’s Guide 25 1.3.3 Navigation Panel Use the navigation panel menu item s to open status and configuratio n screens. Click the arrow in the middle of the right edge of the navigation pa nel to h ide the panel or drag to resize it.
Chapter 1 Introduction ZyWALL 110/310/1100 Series User’s Guide 26 Configuration Menu Use the configur ation menu screens to configure the Z yWALL’ s features. Cellular Status Disp lays details about the ZyWALL’ s 3 G connection statu s. USB Storage Displays details about USB device connect ed to the ZyW ALL.
Chapter 1 Introduction ZyWALL 110/310/1100 Se ries User’s Guide 27 Firewall Firewall Create and manage level-3 traffic rules. Session Control Limit the number of concurrent client NA T/firewall sessions . VPN IPSec VPN VPN Connection Config ure IPSec tu nnels.
Chapter 1 Introduction ZyWALL 110/310/1100 Series User’s Guide 28 Maintenance Menu Use the maintenance menu screens to manage configur ation and firmware files, run diagnostics, and reboot or shut down the Z yWALL. 1.3.4 T ables and Lists W eb Configurator tables and lists are flexible with sev eral options for how to display their entries.
Chapter 1 Introduction ZyWALL 110/310/1100 Se ries User’s Guide 29 Figure 14 Sorting T able Entries by a Column’ s Criter ia Click the down arrow next to a column heading fo r more options about how to displa y the entries. The options av ailable vary depending on the type of fields in the column.
Chapter 1 Introduction ZyWALL 110/310/1100 Series User’s Guide 30 Figure 17 Moving Columns Use the icons and fields at the bottom of the tabl e to na vigate to different pages of entries and control how many entries displa y at a time. Figure 18 Navigating P ages of T able Entries The tables have icons for working with table entries.
Chapter 1 Introduction ZyWALL 110/310/1100 Se ries User’s Guide 31 Working with List s When a list of available entries displays next to a list of selected entries, you can often just double- click an entry to mov e it from one list to the other .
Chapter 1 Introduction ZyWALL 110/310/1100 Series User’s Guide 32.
ZyWALL 110/310/1100 Se ries User’s Guide 33 C HAPTER 2 Installation Setup Wizard 2.1 Inst allation Setup Wizard Screens When you log into the W eb Configurator for the first time or when you reset the Z yWALL to its default configuration, the Installation Setup Wizard screen displays.
Chapter 2 Installation Setup Wizard ZyWALL 110/310/1100 Series User’s Guide 34 • WAN Interface : This is the interface you are configuring for Internet access. • Zone : This is the security zone to which this interface and Intern et connection belong.
Chapter 2 Installation Setup Wizard ZyWALL 110/310/1100 Se ries User’s Guide 35 •T y p e t h e Password associated with the user name. Use up to 64 ASCII characters except the [] and ?. This field can be blank. •S e l e c t Nailed-Up if you do not w ant the connection to time out.
Chapter 2 Installation Setup Wizard ZyWALL 110/310/1100 Series User’s Guide 36 •T y p e a Connection ID or connection name. It must follow the “c:id” and “n:name” format. F or example, C:12 or N:My ISP . This field is opti onal and depends on the requ irements of your broadband modem or router .
ZyWALL 110/310/1100 Se ries User’s Guide 37 C HAPTER 3 Hardware Introduction 3.1 Default Zones, Interfaces, and Port s The default configur ations for zones, interfaces, an d ports are as follows. R eferences to interfaces may be generic r ather than the specific name used in y our model.
Chapter 3 Hardware Introduction ZyWALL 110/310/1100 Series User’s Guide 38 Note: Use an 8-wire Ethernet cable to run your Gigab it Ethernet at 1000 Mbps. Using a 4- wire Ethernet cable limits your connecti on to 100 Mbps. Note that the connection speed also depends on what the Ethernet device at the other end can support.
Chapter 3 Hardware Introduction ZyWALL 110/310/1100 Se ries User’s Guide 39 3.4 W all-mounting See Chapter 1 on page 17 for the Z yWALL models that can be wall-mounted. Do the follow ing to attach your Z yWALL to a wall. 1 Screw two screws with 6 mm ~ 8 mm (0.
Chapter 3 Hardware Introduction ZyWALL 110/310/1100 Series User’s Guide 40 Figure 21 Zy WA L L F r on t Pa n el The following tables describe the LEDs. T a ble 10 Front Panel LEDs LED COLOR STATUS DESCRIPTION PWR Off The ZyW ALL is turned off . Green On The ZyW ALL is turned on.
Chapter 3 Hardware Introduction ZyWALL 110/310/1100 Se ries User’s Guide 41 3.5.1 Rear Panels The following graphic shows the rear panel of the Z yWALL. Ta b l e 1 1 Rear Panel LABEL DESCRIPTION Console Y ou can use the consol e port to manage the ZyW ALL using CLI commands.
Chapter 3 Hardware Introduction ZyWALL 110/310/1100 Series User’s Guide 42.
ZyWALL 110/310/1100 Se ries User’s Guide 43 C HAPTER 4 Quick Setup Wizards 4.1 Quick Setup Overview The W eb Configurator's quick setup wizards help you configure Internet and VPN connection settings. This chapter provides information on configuring the quick setup screens in the W eb Configurator .
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 44 Figure 23 WAN Interface Quick Setup Wizard 4.2.1 Choose an Ethernet Interface Select the Ethernet interface that you w ant to configure for a W AN connection and click Next . Figure 24 Choose an Ethernet Interface 4.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 45 Figure 25 WAN Interface Setup: Step 2 The screens vary depending on what encapsulation type you use. R efer to information provided by your ISP to know w hat to enter in each field.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 46 Figure 27 WAN and ISP Connection Settings: (PPTP Shown) The following table describes the labels in this screen. T a ble 12 WAN and ISP Connection Settings LABEL DESCRIPTION ISP Pa rameter This section appear s if the interface uses a PPPo E or PPTP Internet connection.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 47 4.2.5 Quick Setup Interface Wizard: Summary This screen displays the W AN interface’s settings. Figure 28 Interface Wizard: Summary WAN (PPTP Shown) Server IP T ype the IP address of the PPTP server .
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 48 The following table describes the labels in this screen. 4.3 VPN Setup Wizard Click VPN Setup in the main Quick Se tup screen to open the VPN Setup Wizard Welcome screen. Figure 29 VPN Setup Wizard 4.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 49 • VPN Setup configures a VPN tunnel for a secure connection to another computer or network. • VPN Settings for Configuration Provisioning sets up a VPN rule the Z yWALL IPSec VPN Client can retrieve.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 50 4.3.3 VPN Express Wizard - Scenario Click the Express radio button as shown in Figure 31 on page 49 to display the following screen. Figure 32 VPN Express Wizard: Scenario Rule Name : T ype the name used to identify this VPN connection (and VPN gateway).
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 51 4.3.4 VPN Express Wi zard - Configuration Figure 33 VPN Express Wizard: Configuration • Secure Gateway : Any displays in this field if it is not configurable for the chosen scenario.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 52 Figure 34 VPN Express Wizard: Summary • Rule Name : Identifies the VPN gatewa y policy . • Secure Gateway : IP address or domain name of the remo te IPSec device. If this field displays Any , only the remote IPSec device can initiate the VPN connection.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 53 Figure 35 VPN Express Wizard: Finish Click Close to exit the wizard. 4.3.7 VPN Advanced Wizard - Scenario Click the Advanced radio button as shown in Figu re 31 on page 49 to display the following screen.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 54 Figure 36 VPN Advanced Wizard: Scenario Rule Name : T ype the name used to identify this VPN connection (and VPN gateway). Y ou may use 1-31 alphanumeric char acters, underscores ( _ ), or dashes (-), but the first char acter cannot be a number .
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 55 Figure 37 VPN Advanced Wizard: Phase 1 Settings • Secure Gateway : Any displays in this field if it is not configurable for the chosen scenario.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 56 • Dead Peer De tection (DPD) has the ZyW A LL make sure the remote IPSec device is there before transmitting data through the IKE S A. If th ere has been no tr affic for at least 15 seconds, the Z yWALL sends a message to the remote IPSec device.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 57 4.3.10 VPN Advanced Wizard - Summary This is a read-only summary of the VPN tunnel settin gs. Figure 39 VPN Advanced Wizard: Step 5 • Rule Name : Identifies the VPN connection (and the VPN gatew ay).
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 58 Figure 40 VPN Wizard: Finish Click Close to exit the wizard. 4.4 VPN Settings for Configuration Provisioning Wizard: Wiz a rd T y p e Use VPN Setti n g s for Configura t ion Provision in g to set up a VPN rule that can be retrieved with the Z yWALL IPSec VPN Client.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 59 Choose Express to create a VPN rule with the default phase 1 and phase 2 settings and to use a pre-shared key . Choose Advanced to change the default settings and/or use certificates instead of a pre-shared key i n th e V P N r u le .
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 60 Figure 42 VPN for Configuration Provision ing Express Wizard: Settings Scenario Rule Name : T ype the name used to identify this VPN connection (and VPN gateway).
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 61 Figure 43 VPN for Configuration Provision ing Express Wizard: Configuration • Secure Gateway : Any displays in this field because it is no t configurable in this wizard. It allows incoming connections from the Z yWALL IPSec VPN Client.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 62 Figure 44 VPN for Configuration Provisioning Express Wizard: Sa ve • Rule Name : Identifies the VPN gatewa y policy . • Secure Gateway : Any displays in this field because it is no t configurable in this wizard.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 63 Figure 45 VPN for Configuration Provision ing Express Wizard: Finish Click Close to exit the wizard.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 64 Rule Name : T ype the name used to identify this VPN connection (and VPN gateway). Y ou may use 1-31 alphanumeric char acters, underscores ( _ ), or dashes (-), but the first char acter cannot be a number .
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 65 • Authentication Algorithm : MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. MD5 gives minimal security . SHA1 gives higher security and SHA256 gives the highest security .
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 66 • Remote Policy (IP/Mask) : Any displays in this field because it is not configur able in this wizard. • Nailed-Up : This displays for the site-to-site and remo te access client role scenarios.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Se ries User’s Guide 67 VPN Connection screen. Enter the IP address of the Z yW A LL in the Z yWALL IPSec VPN Client to get all these VPN settings automatically from the Z yWALL. Figure 50 VPN for Configuration Provision ing Advanced Wizard: Finish Click Close to exit the wizard.
Chapter 4 Quick Setup Wizards ZyWALL 110/310/1100 Series User’s Guide 68.
ZyWALL 110/310/1100 Se ries User’s Guide 69 C HAPTER 5 Dashboard 5.1 Overview Use the Dashboard screens to check status information about the Z yWALL. 5.1.1 What Y o u Can Do in this Chapter Use the Dashboard screens for the following. •U s e t h e m a i n Dashboard screen (see Section 5.
Chapter 5 Dashboard ZyWALL 110/310/1100 Series User’s Guide 70 Figure 51 Dashboard The following table describes the labels in this screen. T a ble 14 Dashboard LABEL DESCRIPTION Widget Setting (A) Use this link to open or cl ose widgets by select ing/clearin g the associate d che ckbox.
Chapter 5 Dashboard ZyWALL 110/310/1100 Se ries User’s Guide 71 Device This field displays the name of the device connected to the USB port if one i s connected. Status This field displays the curre nt status of each interface or device installed in a slot.
Chapter 5 Dashboard ZyWALL 110/310/1100 Series User’s Guide 72 Boot Status This field di splays details about the Z yWALL’ s startup state. OK - The ZyW ALL started up su ccessfully .
Chapter 5 Dashboard ZyWALL 110/310/1100 Se ries User’s Guide 73 Status This field displays the current stat us of ea ch interface. The possible v alues depend on what type of interface it is. For Ethernet interfaces: Inactiv e - The Ethernet interface is disabl ed.
Chapter 5 Dashboard ZyWALL 110/310/1100 Series User’s Guide 74 5.2.1 The CPU Usage Screen Use this screen to look at a chart of the Z yWALL’ s recent CPU usage. T o access this screen, click CPU Usage in the dashboard. Figure 52 Dashboard > CPU Usage The following table describes the labels in this screen.
Chapter 5 Dashboard ZyWALL 110/310/1100 Se ries User’s Guide 75 5.2.2 The Memory Usage Screen Use this screen to look at a chart of the Z yWALL’ s recent memory (RAM) usage. T o access this screen, click Memory Usage in the dashboar d. Figure 53 Dashboard > Memory Usage The following table describes the labels in this screen.
Chapter 5 Dashboard ZyWALL 110/310/1100 Series User’s Guide 76 Figure 54 Dashboard > Session Usage The following table describes the labels in this screen. 5.2.4 The VPN St atus Screen Use this screen to look at the VPN tu nnels that are currently established.
Chapter 5 Dashboard ZyWALL 110/310/1100 Se ries User’s Guide 77 The following table describes the labels in this screen. 5.2.5 The DHCP T able Screen Use this screen to look at the IP addresses current ly assigned to DHCP clie nts and the IP addresses reserved for specific MAC addresses.
Chapter 5 Dashboard ZyWALL 110/310/1100 Series User’s Guide 78 5.2.6 The Number of Login Users Screen Use this screen to look at a list of the users currently logged into the Zy WALL. Users wh o close their browsers without logging out are still shown as logged in here.
ZyWALL 110/310/1100 Se ries User’s Guide 79 C HAPTER 6 Monitor 6.1 Overview Use the Monitor screens to check status and statistics information. 6.1.1 What Y o u Can Do in this Chapter Use the Monitor screens for the following. •U s e t h e System Status > Port Statistics screen (see Section 6.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 80 6.2 The Port S t atistics Screen Use this screen to look at packet statistics for each Gigabit Ethernet port. T o access this screen, click Monitor > System St atus > Port Statistics .
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 81 6.2.1 The Port S t atistics Graph Screen Use this screen to look at a line gr aph of packet statistics for each physical port. T o access this screen, click Port Statistics in the Status screen and then the Switch to Graphic View Button .
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 82 6.3 Interface S t atus Screen This screen lists all of the ZyW ALL’s interfaces and gives packet statistics for them. Click Monitor > System Status > Interface Status to access this screen.
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 83 Figure 60 Monitor > System Status > Interface Status.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 84 Each field is described in the following table. T a ble 23 Monitor > System Status > Interface Status LABEL DESCRIPTION Interface Status If an Ethern et interface does not have any ph ysical ports associated with it, its entry is displayed in light gr ay text.
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 85 Status The activ ate (light bulb) icon is lit when the en try is active and dim med when the entry is inactive. Zone This field displays the zone to which the interfa ce i s assigned. IP Address This is the IP address o f the interface.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 86 6.4 The T raffic St atistics Screen Click Monitor > System Status > Traffic Statist ics to display the Traffic Statistics screen. This screen provides basic information about the following for example: • Most- visited Web sites and the number of times each one was visited.
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 87 • LAN IP with heaviest tr affic and how much traffic has been sent to and from each one Y ou use the Traffic Statistics screen to tell the Zy W ALL when to start and when to stop collecting information for these reports.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 88 T raffic T ype Select the type of report to display . Choices are: Host IP Address/User - display s the IP addresse s or users with the most tr affic and how much traffic has been sent to and from each one.
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 89 The following table displays the maximum number of records shown in the report, the byte count limit, and the hit count limit.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 90 The following table describes the labels in this screen. T a ble 26 Monitor > System Status > Session Monitor LABEL DESCRIPTION View Select how you want the established sessions that passed through the ZyWALL to be displayed.
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 91 6.6 The DDNS S t atus Screen The DDNS Status screen shows the status of the ZyW ALL’ s DDNS domain names. Click Monitor > System Status > DDNS St atus to open the following screen.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 92 The following table describes the labels in this screen. 6.8 The Login Users Screen Use this screen to look at a list of the users curre ntly logged into the ZyW ALL. T o access this screen, click Monitor > System St at us > Login Users .
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 93 6.9 Cellular S t atus Screen This screen displays your 3G connection status. Click Monit or > System Stat us > Cellu lar Status to display this screen. Figure 66 Monitor > System Status > Cellular Status The following table describes the labels in this screen.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 94 Status No device - no 3G device is co nnected to the Z yWALL. No Service - no 3G network is a vailable in the area; you cannot connect to the Internet.
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 95 6.9.1 More Information This screen displays more information on your 3G, such as the signal strength, IMEA/ESN and IMSI that helps identify your 3G device and SIM card. Cli ck Monitor > System St atus > More Information to display this screen.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 96 6.10 USB S torage Screen This screen displays information about a connected USB stor age device. Click Monitor > System Status > USB Storage to display this screen. Figure 68 Monitor > System Status > U SB Storage The following table describes the labels in this screen.
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 97 6.1 1 The IPSec Monitor Screen Y ou can use the IPSec Monitor screen to display and to manage active IPSec T o access this screen, click Monitor > VPN Monitor > IPSec . The following screen appears.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 98 Each field is described in the following table. 6.1 1.1 Regular Expressions in Searching IPSec SAs A question mark (?) lets a single character in th e VPN connection or policy name v ary .
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 99 The whole VPN connection or policy nam e has to match if you do not use a question mark or asterisk.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 100 Figure 71 Monitor > VPN Monitor > L2TP over IPSec The following table describes the fields in this screen. 6.14 Log Screen Log messages are stored in two separate logs, one for regular log message s and one for debugging messages.
Chapter 6 Monitor ZyWALL 110/310/1100 Se ries User’s Guide 101 Figure 72 Monitor > Log The following table describes the labels in this screen. T a ble 36 Monitor > Log LABEL DESCRIPTION Show Filt er / Hide Filter Click this button to show or hide the filter se ttings.
Chapter 6 Monitor ZyWALL 110/310/1100 Series User’s Guide 102 The W eb Configurator saves the filter settings if y ou leave the View Log screen and return to it later . Email Log Now Clic k this button to se nd lo g message( s) t o th e Active e-mail address(es) spec ified in the Send Log To field on the Log Settings page (see Section 38.
ZyWALL 110/310/1100 Se ries User’s Guide 103 C HAPTER 7 Interfaces 7.1 Interface Overview Use the Interface screens to configure the ZyW ALL’s interfaces. Y ou can also create interfaces on top of other interfaces. • Ports are the physical ports to which you connect cables.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 104 • An interface is a logical entity through which (lay er-3) packets pass. • An interface is bound to a physical po rt or another interface. • Many interfaces can share the same ph ysical port.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 105 - * The format of interface names other than the Ethernet and p pp interface names is strict. Each nam e consists of 2-4 letters (interface type), followed by a number ( x ) . For most interfaces, x is limited by the maximum number of the type of interface.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 106 * - Y ou cannot set up a PPP interface, virtual Ethernet interface or virtual VLAN interface if the underlying interface is a member of a bridge.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 107 St ateless Autoconfiguration With stateless autoconfiguration in IPv6, addresse s can be uniquely and automatically generated.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 108 7.1.3 What Y ou Need to Do First For IPv6 settings, go to the Con figuration > System > IPv6 screen to enable IPv6 support on the Z yWA LL first. 7.2 Port Role Screen T o access this screen, click Configuration > Network > Interface > Port Role .
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 109 Click Reset to change the port groups to their current configuration (last-sav ed values). 7.3 Ethernet Summary Screen This screen lists every Ethernet interface and virtual interface created on top of Ethernet interfaces.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 11 0 Each field is described in the following table. 7.3.1 Ethernet Edit The Ethernet Edit scree n lets you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP se ttings, connectivity check, and MAC address settings.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 111 • Select which direction(s) routing information is exchanged - The Z yWALL can receive routing information, send routing information, or do both. • Select which version of RIP to support in each direction - The Z yW ALL supports RIP-1, RIP-2, and both versions.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 11 2 Figure 75 Configuration > Network > In terface > Ethernet > E dit (External T ype).
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 11 3 Figure 76 Configuration > Network > In terface > Ethernet > Edit (Internal T ype).
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 11 4 Figure 77 Configuration > Network > In terface > Ethernet > Edit (OPT).
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 11 5 This screen’ s fields are described in the table below. T a ble 41 Conf iguration > Networ k > Interfa ce > Ethernet >.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 11 6 Subnet Mask Enter the subnet mask of this interface in dot deci mal notation . The subnet m ask indicates what part of the IP address is the same for all computers in the network. Gateway This option appears whe n Interface Type is external or general .
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 11 7 Address This fiel d displays the co mbin ed IPv6 IP address for this interface. Note: This field displays the combined address after you click OK and reopen this screen.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 11 8 Advertised Hosts Get Other Configur ation From DHCPv6 Select this to have t he ZyW ALL indicate to hosts to obtain DNS information through DHCPv6. Clear this to h ave the ZyW ALL indic ate to ho sts that DNS information is not av ailable i n this network.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 11 9 Egress Bandwidth Enter the maximum amount of tr affic, in kilobits per second, the ZyWALL can send through the interface to t he network. Allowed v alues are 0 - 1048576. Ingress Bandwidth This is reserved for future use.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 120 IP Pool Start Address Enter the IP address from whic h the Z yWALL begins allocating IP addresses. If you want to assign a static IP address to a spec ific computer , use the Static DHCP Table .
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 121 Enable IP/MAC Binding Selec t this option to have this in terface enforce l inks between spec ific IP addresses an d specific MAC addresse s. This stops any o ne else from manually using a bound IP address on another device conn ected to this inte rfa ce.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 122 7.3.2 Object References When a configuration screen includes an Object Reference icon, select a configuration object and click Object Re ference to open the Object References screen. This screen displays which configuration settings reference the selected object.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 123 Figure 78 Object Referen ces The following table describes labels that can appear in this screen.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 124 Select a DHCPv6 request or lease object in the Select one object field and click OK to save it.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 125 The following table lists the available DHCP extend ed options (defined in RFCs) on the ZyW ALL. See RFCs for more information. 7.4 PPP Interfaces Use PPPoE/PPTP interfaces to connect to your ISP .
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 126 Figure 81 Example : PPPoE/PPTP Interfaces PPPoE/PPTP interfaces are similar to other interfac es in some ways. They have an IP address, subnet mask, and gateway used to mak e routing decisions; they restrict bandwidth and packet size; and they can verify the gatewa y is availabl e.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 127 Each field is described in the table below . 7.4.2 PPP Interface Add or Edit Note: Y ou have to set up an ISP account before you create a PPPoE/PPTP interface. This screen lets you configure a PPP oE or PPTP interface.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 128 Figure 83 Configuration > Network > In terface > PPP > Add.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 129 Each field is explained in the following table. T a ble 46 Conf iguration > Netwo r k > Interf ace > PPP > Add LABEL DESCRIPTION IPv4/IPv 6 View / IPv4 View / IPv6 View Use this button to display bo th IPv4 and IPv6, IPv4-only , or IPv6-only configuration fields.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 130 IP Address This field is en abled if you sele ct Use Fixed IP Address . Enter the IP address for this interface. Metric Enter the priority of the gate way (the ISP) on this interfac e.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 131 Enable Rapid Commit Select this to shorten the DHCPv6 me ssage exchange process from four to two steps. This function helps reduce heavy network t raffic load. Note: Make sure you also ena ble this option in th e DHCPv6 clients to make rapid commit work.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 132 7.5 Cellular Configuration Screen (3G) 3G (Third Generation) is a digital, packet -s witched wireless technology . Bandwidth usage is optimized as multiple users share the same channe l and bandwidth is only allocated to users when t h e y s e n d d a t a .
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 133 Aside from selecting the 3G network, the 3G card ma y also select an available 2.5G or 2.75G network automatically . See the following table fo r a comparison between 2G, 2.5G, 2.75G and 3G of wireless technologies.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 134 Figure 84 Configuration > Network > Interface > Cellular The following table describes the labels in this screen. 7.5.1 Cellular Add/Edit Screen T o change your 3G settings, click Configuration > Network > Interface > Cellular > Add (or Edit ).
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 135 Figure 85 Configuration > Network > In terface > Cellular > Add.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 136 The following table describes the labels in this screen. T a ble 49 Co nf iguration > Net wo rk > Interface > Cellular > .
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 137 User Name This field displays when you se lect an authentication type other than None . This field is read-only if you selected Device in the profile se lection. If this fiel d is configur able, enter the user name for this 3G card exactly as the service provider ga ve it to you.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 138 Check Perio d Enter the numbe r of seconds between connection chec k at tempts. Check Timeout Enter the number of seconds to wait for a response before the attempt is a fail ure.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 139 Network Selection Home network is th e network to which you are originally subsc ribed. Select Home to have the 3G device connect only to the home network. If the home network is down, the ZyW AL L’s 3G Inte rnet connection is also unavailable.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 140 7.6 T unnel Interfaces The Z yW ALL uses tunnel interfaces in Generic R out ing Encapsulation (GRE), IPv6 in IPv4, and 6to4 tunnels. GRE T unneling GRE tunnels encapsulate a wide v ariety of network lay er protocol packet types inside IP tu nnels.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 141 • your Z yWALL has a public IPv4 IP address given from y our ISP , and • you want to transmit your IPv6 packets to on e and only one remote site whose LAN network is also an IPv6 network.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 142 Figure 89 6to4 T unnel 7.6.1 Configuring a T unnel This screen lists the Z yW A LL’ s configured tunn el interfaces. T o access this screen, click Network > Interface > Tunnel .
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 143 7.6.2 T unnel Add or Edit Screen This screen lets you configure a tunnel interface. Click Configuration > Net work > Inte rface > Tunnel > Add (or Edit ) to open the following screen.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 144 Figure 91 Network > Interface > T unnel > Add/Edit Each field is explained in the following table.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 145 T unnel Mode Select the tunnelin g protocol of the interface ( GRE , IPv6-in-IPv4 or 6to4 ). See Section 7.6 on page 140 for more information. IP Address Assignme nt This section is av ailable if you are config uring a GRE tunnel.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 146 Interface Para me t er s Egress Bandwidth Enter the maximum amount of tr affic, in kilobits per second, the ZyWALL can send through the interface to t he network. Allowed v alues are 0 - 1048576.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 147 7.7 VLAN Interfaces A Virtual Local Area Netw ork (VLAN) divides a phys ical network into multiple logical networks. The standard is defined in IEEE 802.1q. Figure 92 Example: Bef ore VLAN In this example, there are two phys ical networks and three departments A , B , and C .
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 148 This approach provides a few adv antages. • Increased performance - In VLAN 2, the extra switch should route traffic inside the sales department faster than the router does. In addition, broadcasts are limited to smaller , more logical groups of users.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 149 Figure 94 Configuration > Network > In terface > VLAN Each field is explained in the following table.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 150 7.7.2 VLAN Add/Edit This screen lets you configure IP address assi gnment, interface bandwidth par amete rs, DHCP settings, and connectivity check for each VLAN interface. T o access this screen, click the Create Virtual Interface icon in the VLAN Summary screen.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 151 Figure 95 Configuration > Network > In terface > VLAN > Create Virtual Interface.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 152 Each field is explained in the following table. T a ble 53 Conf iguration > Netwo r k > Interf ace > VLAN > Create Virtua.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 153 Gateway This field is en abled if you sele ct Use Fixed IP Address . Enter the IP address of the gateway . The ZyW ALL sends packet s to the gateway wh en it d o e s n o t k n o w h ow t o r o u t e t h e p a c k e t t o i t s de stination.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 154 DHCPv6 Setting DUID This field displays the DHCP Unique IDentifier (DUID) of the interface, which is unique and used for identification purposes wh en the interface is exchanging DHCPv6 messages with others.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 155 Rou t e r Prefer ence Select the router preferenc e ( Low , Mediu m or High ) for the interface. The interface sends this preference in th e router advertisements t o tel l hosts what preference th ey should use for the Z yWALL.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 156 MTU Maximum T ransmission Uni t. T ype the m a xim um size of each data packet, i n bytes, that can move through this interface. If a la rger packet arrives, the Z yWALL divides it into smaller fr agments.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 157 Poo l Size Enter the number of IP addresses to al locate. This number must be at least one and is limited by the interface’ s Subne t Mask . For example, if the Subnet Mask is 255.255.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 158 Add Click this to cre ate a new entry . Edit Select an entry and click th is to be able to modif y it. Re move Select an entry and click th is to delete it. # This field is a sequential value, and it is not associated with a specific entry .
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 159 7.8 Bridge Interfaces This section introduces bridges and bridge interf aces and then explains the screens for bridge interfaces. Bridge Overview A bridge creates a connection between two or more network segments at the layer -2 (MAC address) lev el.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 160 If computer B responds to computer A, bridge X records the source address 0B:0B:0B:0B:0B:0B and port 4 in the table. It also looks up 0A:0A:0A:0A:0A:0A in the table and sends the packet to port 2 accordingly .
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 161 Figure 96 Configuration > Network > In terface > Bridge Each field is described in the following table.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 162 7.8.2 Bridge Add/Edit This screen lets you configure IP address assi gnment, interface bandwidth par amete rs, DHCP settings, and connectivity check for each bridge interface. T o access this screen, click the Create Virtual Interface icon in the Bridge Summary screen.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 163 Figure 97 Configuration > Network > In terface > Bridge > Create Virtual Interface.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 164 Each field is described in the table below . T a ble 58 Co nf iguration > Netwo r k > Interf ace > Bridge > Create Virtua.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 165 IP Address This field is en abled if you sele ct Use Fixed IP Address . Enter the IP address for this interface. Subnet Mask This field is enabled if yo u se lect Use Fixed IP Address .
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 166 Suffix Address Enter the ending part of th e IPv6 address, a slash (/), a nd th e prefix length. Th e Z yWALL will append it to the delegated prefix . For e xample, you got a dele gated prefi x of 2003: 1234:5678/4 8.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 167 Advertised Hosts Get Network Configur ation From DHCPv6 Select this to have t he ZyW ALL indicate to ho sts to obtain ne twork settings (such as prefix and DNS settin gs) through DHCPv6.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 168 Address This is the final network prefix comb ined by the selecte d de legated prefix and the suffix. Note: This field displays the combined address after you click OK and reopen this screen.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 169 First WINS Server , Second WINS Server T ype the IP address of the WINS (Windows Internet Naming Servic e) server that y ou want to send to the DHCP cl ients.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 170 7.9 V irtual Interfaces Use virtual interfaces to tell t he Zy WALL where to route packets. Virtual interfaces can also be used in VPN gateways (see Chapter 20 on page 281 ) and VRRP groups (see Chapter 26 on page 359 ).
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 171 7.9.1 V irtual Interfaces Add/Edit This screen lets you configure IP address assignment and interface parameters for virtual interfaces. T o acce ss this screen, click the Create Virtual Interf ace icon in the Ethernet, VLAN, or bridge interface summary screen.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 172 7.10 Interface T echnical Reference Here is more detailed information about interfaces on the ZyW ALL. IP Address Assignment Most interfaces have an IP addre ss and a subnet ma sk. This information is used to create an entry in the routing table.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 173 In the example abo v e, if the Z yW A LL gets a pac k e t with a destination address of 5.5.5 .5, it mig ht not find any entries in the routing table. In this case, the pack et is dropped.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 174 In the Z yW ALL, some interfaces can provide DHCP services to the network. In this case, the interface can be a DHCP relay or a DHCP server . As a DHCP relay , the interface routes DHCP requ ests to DHCP servers on different networks.
Chapter 7 Interfaces ZyWALL 110/310/1100 Se ries User’s Guide 175 PPPoE/PPTP Overview Po int-to-P oint Protocol over Ethernet (PPP oE, RFC 2516) and Point -to-Point T unneling Protocol (PPTP , RFC 26 37) are usually used to connect two computers over phone lines or broadband connections.
Chapter 7 Interfaces ZyWALL 110/310/1100 Series User’s Guide 176.
ZyWALL 110/310/1100 Se ries User’s Guide 177 C HAPTER 8 Trunk 8.1 Overview Use trunks for WAN tr affic load balancing to increase over all network throughput and reliability . Load balancing divides traffic loads between multiple interfaces. This allows you to improve quality of service and maximize bandwidth utilization for multiple ISP links.
Chapter 8 Trunk ZyWALL 110/310/1100 Series User’s Guide 178 • If that interface’ s connection goes down, the ZyW ALL can still send its traffic through another interface.
Chapter 8 Trunk ZyWALL 110/310/1100 Se ries User’s Guide 179 Figure 101 Least Load First Example The outbound bandwidth utilization is used as th e load balancing index. In this example, the measured (current) outbound throughput of WAN 1 is 412K and WAN 2 is 198K.
Chapter 8 Trunk ZyWALL 110/310/1100 Series User’s Guide 180 Spillover The spillover load balancing algorithm sends networ k tr affic to the first interface in the trunk member list until the interface’ s maximum allowa ble load is reached, then sends the excess network traffic of new sessions to the n ext interface in the trunk member list.
Chapter 8 Trunk ZyWALL 110/310/1100 Se ries User’s Guide 181 The following table describes the items in this screen. 8.2.1 Configuring a User-Defined T runk Click Conf iguration > Networ k > Interface > Trunk , in the User Configuration table click the Add (or Edit ) icon to open the fo llowing screen.
Chapter 8 Trunk ZyWALL 110/310/1100 Series User’s Guide 182 Figure 105 Configuration > Net work > Interf ace > T runk > Add (or Edit) Each field is described in the table below .
Chapter 8 Trunk ZyWALL 110/310/1100 Se ries User’s Guide 183 8.2.2 Configuring th e System Default T runk In the Configuration > Network > Interface > Trunk screen and the System Default section, select the default trunk entry and click Edit to open the following screen.
Chapter 8 Trunk ZyWALL 110/310/1100 Series User’s Guide 184 Figure 106 Configuration > Network > Interface > T runk > Edit (System Default) Each field is described in the table below .
Chapter 8 Trunk ZyWALL 110/310/1100 Se ries User’s Guide 185 Spillover This field di spl ays with the spillove r load balancin g al gorithm. Speci fy the maxim um bandwidth of tr affic in kilobits per second ( 1~1048576) to send out through the interface before using anot her interface.
Chapter 8 Trunk ZyWALL 110/310/1100 Series User’s Guide 186.
ZyWALL 110/310/1100 Se ries User’s Guide 187 C HAPTER 9 Policy and Static Routes 9.1 Policy and S t atic Routes Overview Use policy routes and static routes to override the Z yWALL’ s default routing behavior in order to send packets through the appropriate interface or VPN tunnel.
Chapter 9 Policy and Stati c Routes ZyWALL 110/310/1100 Series User’s Guide 188 9.1.2 What Y ou Need to Know Policy Routing T raditionally , routing is based on the destination address only and the Z yW ALL takes the shortest path to forward a pack et.
Chapter 9 Policy and Static Routes ZyWALL 110/310/1100 Se ries User’s Guide 189 DiffServ (Differentiated Services) is a class of se rv ice (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-com pliant network devices along the route base d on the application types and traffic flow .
Chapter 9 Policy and Stati c Routes ZyWALL 110/310/1100 Series User’s Guide 190 Figure 108 Configuration > Network > R outing > P olicy Route The following table describes the labels in this screen.
Chapter 9 Policy and Static Routes ZyWALL 110/310/1100 Se ries User’s Guide 191 9.2.1 Policy Route Edit Screen Click Configuration > Network > Routin g to o pe n t h e Polic y Route screen. Then click the Add or Edit icon in the IPv4 Conf iguration or IPv6 Configuration section.
Chapter 9 Policy and Stati c Routes ZyWALL 110/310/1100 Series User’s Guide 192 Figure 109 Configuration > Network > R outing > P olicy Route > Add/Edit (IPv4 Configur a t ion).
Chapter 9 Policy and Static Routes ZyWALL 110/310/1100 Se ries User’s Guide 193 Figure 1 10 Configuration > Network > R outing > Polic y R oute > Add/Edit (IPv6 Configuration) The following table describes the labels in this screen.
Chapter 9 Policy and Stati c Routes ZyWALL 110/310/1100 Series User’s Guide 194 DSCP Code Select a DSCP code point valu e of incoming packets to which this policy route appl ies or select User Def ine to specify another DS CP code point.
Chapter 9 Policy and Static Routes ZyWALL 110/310/1100 Se ries User’s Guide 195 9.3 IP S t atic Route Screen Click Configuration > Network > Routing > Static Route to open the Static Route screen. This screen displays the configured static routes.
Chapter 9 Policy and Stati c Routes ZyWALL 110/310/1100 Series User’s Guide 196 The following table describes the labels in this screen. 9.3.1 St atic Route Add/Edit Screen Select a static route index number and click Add or Edit . The screen shown next appears.
Chapter 9 Policy and Static Routes ZyWALL 110/310/1100 Se ries User’s Guide 197 The following table describes the labels in this screen. 9.4 Policy Routing T echnical Reference Here is more detailed information about some of the features you can configure in policy routing.
Chapter 9 Policy and Stati c Routes ZyWALL 110/310/1100 Series User’s Guide 198 the following twelve DSCP encodings from AF11 through AF43. The decimal equivalent is listed in brackets.
ZyWALL 110/310/1100 Se ries User’s Guide 199 C HAPTER 10 Routing Protocols 10.1 Routing Protocols Overview R outing protocols give the Z yWALL routing information about the network from other routers. The Z yWALL stores this ro uting information in the routing table it uses to make routing decisions.
Chapter 10 Routing Protoc ol s ZyWALL 110/310/1100 Series User’s Guide 200 its routes asynchronously to the network and con verges slowly . Therefore, RIP is more suitable for small networks (up to 15 routers). • In the Z yW ALL, you can configure two sets of RIP settings before you can use it in an interface.
Chapter 10 Routing Protocols ZyWALL 110/310/1100 Se ries User’s Guide 201 10.3 The OSPF Screen OSPF (Open Shortest P ath First, RFC 2328) is a link -state protocol designed to distribute routing information within a group of networks, called an Autonomous System (AS).
Chapter 10 Routing Protoc ol s ZyWALL 110/310/1100 Series User’s Guide 202 • A normal area is a group of ad jacent networks. A normal area has routing information about the OSPF AS, an y networks .
Chapter 10 Routing Protocols ZyWALL 110/310/1100 Se ries User’s Guide 203 • An Autonomous Sy stem Boundary R outer (ASBR) exch anges routing information with routers in networks outside the OSPF AS. Th is is called redistribution in OSPF . • A backbone router (BR) has at least one interface with area 0.
Chapter 10 Routing Protoc ol s ZyWALL 110/310/1100 Series User’s Guide 204 Figure 1 17 OSPF: Virtual Link In this example, area 100 does not have a dire ct connection to the backbone. As a result, you should set up a virtual link on both ABR in area 10.
Chapter 10 Routing Protocols ZyWALL 110/310/1100 Se ries User’s Guide 205 Figure 1 18 Configuration > Network > R outing > OSPF The following table describes the labels in this screen. See Section 10.3.2 on page 206 for more information as well.
Chapter 10 Routing Protoc ol s ZyWALL 110/310/1100 Series User’s Guide 206 10.3.2 OSPF Area Add/Edit Screen The OSPF Are a Add/Edit screen allows you to create a new area or edit an existing one. T o access this screen, go to the OSPF summary screen (see Section 10.
Chapter 10 Routing Protocols ZyWALL 110/310/1100 Se ries User’s Guide 207 The following table describes the labels in this screen. T a ble 76 Conf iguration > Net wo rk > Routing > OSPF > Add LABEL DESCRIPTION Area ID T ype the uniqu e, 32-bit identifi er for the area in IP address format.
Chapter 10 Routing Protoc ol s ZyWALL 110/310/1100 Series User’s Guide 208 10.3.3 V irtual Link Add/Edit Screen The Virtual Link Add/Edit screen allows you to create a new vi rtual link or edit an existing one. When the OSPF add or edit screen (see Section 10.
Chapter 10 Routing Protocols ZyWALL 110/310/1100 Se ries User’s Guide 209 Authentication T ypes Authentication is used to guarantee the integrit y , but not the confidentialit y , of routing updates.
Chapter 10 Routing Protoc ol s ZyWALL 110/310/1100 Series User’s Guide 210.
ZyWALL 110/310/1100 Se ries User’s Guide 21 1 C HAPTER 11 Zones 1 1.1 Zones Overview Set up zones to configure network security and network policies in the Z yWALL.
Chapter 11 Zones ZyWALL 110/310/1100 Series User’s Guide 212 Intra-zone T raffic • Intra- zone traffic is traffic between interfaces or VPN tunnels in the same zone. F or example, in Figure 121 on page 211 , traffic between VLAN 2 and the Ethernet is intr a-zone traffic.
Chapter 11 Zones ZyWALL 110/310/1100 Se ries User’s Guide 213 The following table describes the labels in this screen. 1 1.3 Zone Edit The Zone Edit screen allows you to add or edit a zone. T o access this screen, go to the Zone screen (see Section 11.
Chapter 11 Zones ZyWALL 110/310/1100 Series User’s Guide 214 The following table describes the labels in this screen. T a ble 79 Network > Zone > Add/Edit LABEL DESCRIPTION Name F or a system default zone , the name is read only . For a user -configured zone, type the name us ed to refer to the zone .
ZyWALL 110/310/1100 Se ries User’s Guide 215 C HAPTER 12 DDNS 12.1 DDNS Overview Dynamic DNS (DDNS) services let you use a domain n ame with a dynamic IP address. 12.1.1 What Y ou Can Do in this Chapter •U s e t h e DDNS screen (see Section 12.2 on page 216 ) to view a list of the configured DDNS domain names and their details.
Chapter 12 DDNS ZyWALL 110/310/1100 Series User’s Guide 216 12.2 The DDNS Screen The DDNS screen provides a summary of all DDNS domain names and their configuration. In addition, this screen allows you to add new doma in names, edit the configuration for existing domain names, and delete domain names.
Chapter 12 DDNS ZyWALL 110/310/1100 Se ries User’s Guide 217 12.2.1 The Dynamic DNS A dd /Edit Screen The DDNS Add/Edit screen allows you to add a domain name to the Z yWALL or to edit the configuration of an existing domain name. Click Configuration > Network > DDNS and then an Add or Edit icon to open this screen.
Chapter 12 DDNS ZyWALL 110/310/1100 Series User’s Guide 218 Username T ype the user nam e used when you registered your domain n ame. Y ou can use up to 31 alphanumeric characters and the underscore.
Chapter 12 DDNS ZyWALL 110/310/1100 Se ries User’s Guide 219 Enable Wildcard T his option is only av ailable with a DynDNS account. Enable the wildcard feature to alias subdoma ins to be aliased to the same IP address as your (dynamic ) domain name.
Chapter 12 DDNS ZyWALL 110/310/1100 Series User’s Guide 220.
ZyWALL 110/310/1100 Se ries User’s Guide 221 C HAPTER 13 NAT 13.1 NA T Overview NA T (Network Address T ranslation - NA T , RFC 1631) is the translation of the IP address of a host in a packet. F or example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.
Chapter 13 NAT ZyWALL 110/310/1100 Series User’s Guide 222 13.2 The NA T Screen The NAT summary screen provides a summary of all NA T rules and their configuration. In addition, this screen allows you to create new NA T rules and ed it and delete existing NA T rules.
Chapter 13 NAT ZyWALL 110/310/1100 Se ries User’s Guide 223 13.2.1 The NA T Add/Edit Screen The NAT Add/Ed it screen lets you create new NA T rules and edit existing ones. T o open this window, open the NAT summary screen. (See Section 13.2 on page 222 .
Chapter 13 NAT ZyWALL 110/310/1100 Series User’s Guide 224 Incoming Interface Select the interface on whic h packets for the NA T ru le mus t be re ceived. It can be an Ethernet, VLAN, bridge, or PPP oE/PPTP interface. Original IP Spec ify the destin ati on IP address of the pac kets received by this NA T rul e’ s specifi ed incoming interface.
Chapter 13 NAT ZyWALL 110/310/1100 Se ries User’s Guide 225 13.3 NA T T echnical Reference Here is more detailed information about NA T on the Z yWALL. NA T Loopback Suppose an NA T 1:1 rule maps a public IP addre ss to the priv ate IP address of a LAN SMTP e-ma il server to give W A N users access.
Chapter 13 NAT ZyWALL 110/310/1100 Series User’s Guide 226 Figure 129 LAN Computer Queries a Public DNS Server The LAN user ’ s computer then se nds traffic to IP address 1.1.1.1. NA T loopback uses the IP address of the Z yWALL’s LAN interface (19 2.
Chapter 13 NAT ZyWALL 110/310/1100 Se ries User’s Guide 227 Figure 131 LAN to LAN R eturn T raffic 192.168.1.21 LAN 192.168.1.89 Source 1.1.1.1 SMTP NA T Source 192.
Chapter 13 NAT ZyWALL 110/310/1100 Series User’s Guide 228.
ZyWALL 110/310/1100 Se ries User’s Guide 229 C HAPTER 14 HTTP Redirect 14.1 Overview HT TP redirect forwards the client’ s HT TP request (except HT TP traffic destined for the Z yW ALL) to a web proxy server . In the following example, proxy server A is connected to the DMZ interface.
Chapter 14 HTTP Redirect ZyWALL 110/310/1100 Series User’s Guide 230 A client connects to a web proxy server each time he/she wants to access the Internet. The web proxy provides caching service to allow quick ac cess and r educe network usage. The proxy checks its local cache for the requested web r esource first.
Chapter 14 HTTP Redirect ZyWALL 110/310/1100 Se ries User’s Guide 231 Figure 133 Configuration > Netw ork > HT TP Redirect The following table describes the labels in this screen. 14.2.1 The HTTP Redirect Edit Screen Click Network > HTTP Redirect to open the HTTP Redir ect screen.
Chapter 14 HTTP Redirect ZyWALL 110/310/1100 Series User’s Guide 232 The following table describes the labels in this screen. T a ble 86 Network > HTTP R edirect > Edit LABEL DESCRIPTION Enable Use this option to turn th e HT TP redirect rule on or off .
ZyWALL 110/310/1100 Se ries User’s Guide 233 C HAPTER 15 ALG 15.1 ALG Overview Application Layer Gatewa y (ALG) allows the following applications to oper ate properly through the Zy W A L L ’s N AT .
Chapter 15 ALG ZyWALL 110/310/1100 Series User’s Guide 234 FTP ALG The FTP ALG allows TCP packets with a specified port destination to pass through. If the F TP server is located on the LAN, you must also configure NA T (port forwarding) and firewall rules if y ou want to allow access to the server from the W AN.
Chapter 15 ALG ZyWALL 110/310/1100 Se ries User’s Guide 235 Peer-to-Peer Calls and the ZyW ALL The Z yWALL ALG can allow peer-to-peer V oIP calls for both H.323 and SIP . Y ou must configure the firewall and NA T (port forwarding) to allow incoming (peer-to-peer) calls from the W AN to a private IP address on the LAN (or DMZ).
Chapter 15 ALG ZyWALL 110/310/1100 Series User’s Guide 236 Figure 138 V oIP with Multiple WAN IP Addresses •S e e Section 15.3 on page 238 for ALG back ground/technical information. 15.1.3 Before Y ou Begin Y ou must also configure the firewall and enable NA T in the ZyW ALL to allow sessions initiated from the WAN.
Chapter 15 ALG ZyWALL 110/310/1100 Se ries User’s Guide 237 The following table describes the labels in this screen. T a ble 87 Co nf iguration > Ne t work > ALG LABEL DESCRIPTION Enable SIP ALG T urn on the SIP ALG to detect SIP traff i c and help build SIP sessions throu gh the Zy WA L L’s N AT .
Chapter 15 ALG ZyWALL 110/310/1100 Series User’s Guide 238 15.3 ALG T echnical Reference Here is more detailed information about the Application Layer Gatew ay . ALG Some applications cannot operate through NA T (are NA T un-friendly) because they embed IP addresses and port numbers in their packets’ da ta payload.
Chapter 15 ALG ZyWALL 110/310/1100 Se ries User’s Guide 239 RTP When you make a V oIP call using H.323 or SIP , the R TP (Real time T ransport Protocol) is used to handle voice data transfer .
Chapter 15 ALG ZyWALL 110/310/1100 Series User’s Guide 240.
ZyWALL 110/310/1100 Se ries User’s Guide 241 C HAPTER 16 IP/MAC Binding 16.1 IP/MAC Binding Overview IP address to MAC address binding helps ensure that only the intended devices get to use privileged IP addresses. The Z yWALL uses DHCP to assign IP addresses and records the MAC address it assigned to each IP address.
Chapter 16 IP/MAC Binding ZyWALL 110/310/1100 Series User’s Guide 242 Interfaces Used With IP/MAC Binding IP/MAC address bindings are grouped by inte rfac e. Y ou can use IP/MAC binding with Ethernet, bridge, VLAN interfaces. Y ou can also enable or di sable IP/MAC binding and logging in an interface’ s configuration screen.
Chapter 16 IP/MAC Binding ZyWALL 110/310/1100 Se ries User’s Guide 243 Figure 142 Configuration > Network > IP/MAC Binding > Edit The following table describes the labels in this screen. 16.2.2 S t atic DHCP Edit Click Configuration > Network > IP/MAC Binding > Edit to open the IP/MAC Binding Edit screen.
Chapter 16 IP/MAC Binding ZyWALL 110/310/1100 Series User’s Guide 244 Figure 143 Configuration > Network > IP /MAC Binding > Edit > Add The following table describes the labels in this screen.
Chapter 16 IP/MAC Binding ZyWALL 110/310/1100 Se ries User’s Guide 245 Rem ov e T o r e m o v e an e n t ry, s e l e c t i t a n d c l i ck Remov e . The ZyW ALL confirms you want to remove it before doing so. # This is the index number of the IP/MAC binding l ist entry .
Chapter 16 IP/MAC Binding ZyWALL 110/310/1100 Series User’s Guide 246.
ZyWALL 110/310/1100 Se ries User’s Guide 247 C HAPTER 17 Inbound Load Balancing 17.1 Inbound Load Balancing Overview Inbound load balancing enables the Z yWALL to respond to a DNS query message with a different IP address for DNS name resolution.
Chapter 17 Inbound Load Bal ancing ZyWALL 110/310/1100 Series User’s Guide 248 •U s e t h e Inbound LB Add/Edit screen (see Se c t io n 17 .2 . 1 on pag e 24 9 ) to add or edit a DNS load balancing rule. 17.2 The Inbound LB Screen The Inbound LB screen provides a summary of all DNS load balancing rules and the details.
Chapter 17 Inbound Load Balancing ZyWALL 110/310/1100 Se ries User’s Guide 249 17.2.1 The Inbound LB Add/Edit Screen The Add DNS Load Balancing screen allows you to add a domain name for which the Z y WALL manages load balancing between the specified interfaces.
Chapter 17 Inbound Load Bal ancing ZyWALL 110/310/1100 Series User’s Guide 250 Figure 147 Configuration > Netw ork > Inbound LB > Add The following table describes the labels in this screen.
Chapter 17 Inbound Load Balancing ZyWALL 110/310/1100 Se ries User’s Guide 251 17.2.2 The Inbound LB Member Add/Edit Screen The Add Load Balancing Member screen allows you to add a memb er interface for the DNS load balancing rule. Click Configuration > Network > Inbound LB > Add or Edit and then an Add or Edit icon to open this screen.
Chapter 17 Inbound Load Bal ancing ZyWALL 110/310/1100 Series User’s Guide 252 Figure 148 Configuration > Network > In bound LB > Add/Edit > Add The following table describes the labels in this screen.
ZyWALL 110/310/1100 Se ries User’s Guide 253 C HAPTER 18 Authentication Policy 18.1 Overview Use authentication policies to control who can access the network. After a user passes authentication the user’s computer must meet the endpoint security object’s Operating System (OS) option and security requirements to gain access.
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Series User’s Guide 254 Multiple End point Security Objects Y ou can set an authentication policy to use multiple endpoint security objects. This allows checking of computers with different OSs or security setting s.
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Se ries User’s Guide 255 Figure 150 Configuration > Auth. P olicy The following table gives an ov erview of the objects you can configure. T a ble 95 Configuration > Auth. Policy LABEL DESCRIPTION Enable Authentica tion Pol ic y Select this t o turn on the authenticati on policy feature.
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Series User’s Guide 256 18.2.1 Creating/Editing an Authentication Policy Click Configuration > Auth. Policy and then the Add (or Edit ) icon to open the Endpoint Security Edit screen. Use this screen to configure an authentication policy .
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Se ries User’s Guide 257 Figure 152 Configuration > Auth. P olicy > Add The following table gives an ov erview of the objects you can configure.
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Series User’s Guide 258 18.3 User-aware A ccess Control Example Y ou can configure many policies and security settings for specific users or groups of users. Users can be authenticated locally by the Z yWALL or by an external (AD, RADIUS , or LDAP) authentication server .
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Se ries User’s Guide 259 18.3.2 Set Up User Group s Set up the user groups and assign the users to the user groups. 1 Click Configuration > Object > User/Group > Group . Click the Add icon.
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Series User’s Guide 260 Figure 155 Configuration > Object > AAA Server > RADIUS > Add 2 Click Configuration > Object > A uth. Method . Double-click the default entry . Click the Add icon.
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Se ries User’s Guide 261 Figure 157 Configuration > Auth. P olicy > Add In the Auth. Policy screen, select Enable Authentication Policy and click Apply .
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Series User’s Guide 262 1 Click Configuration > Object > AAA Server > RADIUS . Double-click the radius entry .
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Se ries User’s Guide 263.
Chapter 18 Authentication Policy ZyWALL 110/310/1100 Series User’s Guide 264.
ZyWALL 110/310/1100 Se ries User’s Guide 265 C HAPTER 19 Firewall 19.1 Overview Use the firewall to block or allow services that use static port numbers. This example shows the Z yW ALL’s default firew all beha vior for W AN to LAN traffic and how stateful inspection works.
Chapter 19 Firewall ZyWALL 110/310/1100 Series User’s Guide 266 Note: At the time of writing the Z yWALL’ s VPN and GRE tunnels support IPv4 tr affic so IPv6 firewall rule s do not apply to IPSec, S SL VPN, and GRE tunnel tr affic. T o-ZyW ALL Rules Rul es wi th ZyWALL as the To Zone appl y to traffic going to the Z yWA LL itself .
Chapter 19 Firewall ZyWALL 110/310/1100 Se ries User’s Guide 267 A From Any To ZyWALL direction rule applies to traffic from an interface which is not in a zone. Global Firewall Rules Firewall rules with from any and/or to any as the packet direction are called global firewall rules.
Chapter 19 Firewall ZyWALL 110/310/1100 Series User’s Guide 268 19.2 The Firewall Screen Asymmetrical Routes If an alternate gateway on the LAN has an IP ad dress in the same subnet as the Z yWALL’s LAN IP address, return traffic ma y not go through the Z yWALL.
Chapter 19 Firewall ZyWALL 110/310/1100 Se ries User’s Guide 269 • Besides configuring the firewall, you also need to configure NA T rules to allow computers on the WAN to access LAN devices. See Chapter 13 on page 221 for more information. • The Z yWALL applies NA T (Destination NA T) settings before applying the firewall rules.
Chapter 19 Firewall ZyWALL 110/310/1100 Series User’s Guide 270 Figure 163 Configuration > Firewall.
Chapter 19 Firewall ZyWALL 110/310/1100 Se ries User’s Guide 271 The following table describes the labels in this screen. T a ble 98 Conf iguration > Firewall LABEL DESCRIPTION General Settings Enable Firewall Select this ch eck bo x to activ ate the firewall.
Chapter 19 Firewall ZyWALL 110/310/1100 Series User’s Guide 272 19.2.2 The Firewall Add/Edit Screen In the Firewall screen, click the Edit or Add icon to display the Firewall Rule Edit screen. Figure 164 Configuration > Firewall > Add The following table describes the labels in this screen.
Chapter 19 Firewall ZyWALL 110/310/1100 Se ries User’s Guide 273 19.3 The Session Limit Screen Click Configuration > Firewall > Session Limit to display the Firewall Session Limit screen. Use this screen to limit the number of concurrent NA T/firewall sessions a client can use.
Chapter 19 Firewall ZyWALL 110/310/1100 Series User’s Guide 274 Figure 165 Configuration > Firewall > Session Limit The following table describes the labels in this screen.
Chapter 19 Firewall ZyWALL 110/310/1100 Se ries User’s Guide 275 19.3.1 The Session Limit Add/Edit Screen Click Configuration > Firewall > Session Limit and the Add or Edit icon to display the Firewall Sessio n Limit Edit screen. Use this screen to configure rules that define a session limit for specific users or addresses.
Chapter 19 Firewall ZyWALL 110/310/1100 Series User’s Guide 276 19.4 Firewall Rule Configuration Example The following Internet firewall rule example allo ws Doom play ers from the WAN to IP addresses 192.168.1.10 through 19 2.168.1.15 (Dest_1) on the LAN1.
Chapter 19 Firewall ZyWALL 110/310/1100 Se ries User’s Guide 277 Figure 169 Firewall Example: Create a Service Object 4 Select From WAN and To LAN1 and enter a name for the firewall rule. Select Dest_1 for the Destination and Doom as the Service . Enter a description and configure the rest of the screen as follows.
Chapter 19 Firewall ZyWALL 110/310/1100 Series User’s Guide 278 19.5 Firewall Rule Example Applications Suppose you decide to block LAN users from using IRC (Internet Relay Chat) through the Internet.
Chapter 19 Firewall ZyWALL 110/310/1100 Se ries User’s Guide 279 Now you configure a LAN1 to W AN fire wall rule that allows IRC tr affic from the IP address of the CEO’ s computer (192.
Chapter 19 Firewall ZyWALL 110/310/1100 Series User’s Guide 280 The rule for the CEO must come before the rule that blocks all LAN1 to WAN IRC traffic. If the rule that blocks all LAN1 to W AN IRC traffic came first, the CEO’s IRC traffic would match that rule and the Z yWALL would drop it and not check any other firewall rules.
ZyWALL 110/310/1100 Se ries User’s Guide 281 C HAPTER 20 IPSec VPN 20.1 V irtual Private Networks (VPN) Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a co mbination of tunneling, encryption, authentication, access control and auditing.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 282 Figure 175 SSL V PN L2TP VPN L2TP VPN uses the L2TP and IPSec client software included in remote users’ Andr oid, iOS, or Windows operating systems for secure connections to the network behind the Z yW ALL.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 283 20.1.2 What Y ou Need to Know An IPSec VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contr act indicating what security parameters the Z yWALL and the remote IPSec router will use.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 284 Application Scenarios The Z yWALL’ s application scenarios make it easier to configure y our VPN connection settings. Finding Out More •S e e Section 20.6 on page 305 for IPSec VPN background information.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 285 • In any VPN connection, you ha v e to select addre ss objects to specify the local policy and remote policy .
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 286 Each field is discussed in the following table. See Section 20.2 .2 on page 292 and Section 20.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 287 Figure 179 Configuration > VPN > IPSec VPN > VPN Connection > Edit (IKE).
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 288 Each field is described in the following table. T a ble 107 Configur ation > VPN > IPSec VPN > VPN Connection > Edit LABEL DESCRIPTION Show Adv anced Settings / Hide Adv anced S etting s Click this butto n t o display a greater or lesser nu mber of configu ration fields.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 289 Re mot e P olicy Select the address cor responding to the rem ote ne twork . Us e Create new Object if you need to configure a new one.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 290 Authenti cation Select which hash al gorithm to use to authen ticate packe t data in the IPSec S A. Choices are SHA1 , SHA256 , SHA512 an d MD5 . SHA is generally considered stronger than MD5 , but it is also slower .
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 291 Source NA T This translation hides the sourc e address of computers in the lo cal network. It may also be necessary if you want the Z yWA LL to route packets from computers outsi de the local ne twork through the IPSec SA.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 292 20.2.2 The VPN Connection Add/Edit Manual Key Screen The VPN Connection Add/Edit Manual Key screen allows you to create a new VPN connection or edit an existing one using a manual key .
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 293 This table describes labels specific to manual key configuration. See Section 20.2 on page 285 for descriptions of the other fields.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 294 20.3 The VPN Gateway Screen The VPN Gateway summary screen displays th e IPSec VPN gateway policies in the Z yWALL, as well as the Z yWALL’ s address, remote IPSec router ’s address, and associated VPN connections for each one.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 295 Figure 181 Configuration > VPN > IPSec VPN > VPN Gatewa y Each field is discussed in the following table.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 296 Figure 182 Configuration > VPN > IPSec VPN > VPN Gatewa y > Edit.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 297 Each field is described in the following table. T a ble 110 Configuration > VPN > IPSec VPN > VPN Gatew ay > Edit LABEL DESCRIPTION Show Adv anced Settings / Hide Adv anced S etting s Click this button to display a greater or lesser number of co nfiguration fields.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 298 Certificate Select th is to have the ZyW ALL and remote IPSec router use certificates to authe nticate each other when they negotiat e the IKE SA. Then select the cert ificate the ZyWALL uses to identify itself to the remote IPsec router .
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 299 Content This field is disabled if the Pee r I D Type is Any . T ype the identity of the remote IPSec router during authentication.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 300 Encryption Select which k e y size and en cryption algorith m to use in the IKE S A.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 301 20.4 VPN Concentrator A VPN concentrator combines se veral IPSec VPN connections into one secure network. Figure 183 VPN T opologies (Fully Meshed and Hub and Spoke) In a fully-meshed VPN topology ( 1 in the figure), there is a VPN connection between every pair of routers.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 302 20.4.1 VPN Concentrator Re quirement s and Suggestions Consider the following when using the VPN concentrator . • The local IP addresses configured in the VPN rules should not ov erlap.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 303 Figure 185 Configuration > VPN > IPSec VPN > Concentrator > Edit Each field is described in the following table.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 304 In the ZyW ALL Quick Setup wizard, y ou can use the VPN Settings for Configuration Provisioni ng wizard to create a VPN rule that will not violate these restrictions.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 305 20.6 IPSec VPN Background Information Here is some more detailed IP Sec VPN background information. IKE SA Overview The IKE SA provides a secure connection between the ZyW A LL and remote IPSec router .
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 306 IKE SA Proposal The IKE SA proposal is used to identify the encr yption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the Z yW ALL and remote IPSec router use in the IKE SA.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 307 Diffie-Hellman (DH) Key Exchange The Z yWALL and the remote IPSec router use DH public -key cryptograph y to establish a shared secret. The shared secret is then used to generate encryption keys for the IKE SA and IPSec S A.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 308 Note: The Z yWALL and the remote IPSec ro uter must use the same pre-shared key . Router ide nti ty co nsi sts of ID ty pe a nd c ont ent .
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 309 Steps 1 - 2: The Z yWALL sends its proposals to the remote IPSec router . The remote IPSec router selects an acceptable proposal and sends i t back to the ZyW ALL.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 310 Extended Authentication Extended authentication is often used when mult iple IPSec routers use the sam e VPN tunnel to connect to a single IPSec router . For exampl e, this might be u sed with telecommuters.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 31 1 Note: The ZyW ALL and remo te IPSec router must use the same active protocol. Usually , you should select ESP . AH does not support encryption, and ESP is more suitable with NA T . Encap sulation There are two ways to encapsulate packets.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 312 If you do not enable PFS, the Z yWALL and remote IPSec router use the same root key that was generated when the IKE SA was established to gener ate encryption keys. The DH key exchange is time-consum ing and may be unnecessary for data that does not require such security .
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 313 Figure 192 VPN Example: NA T for Inbound and Outbound T raffic Source Address in Outbound Packet s (Outbound T raffic, Source NA T) This translation lets the ZyW ALL route packets from computers that are not part of th e specified local network (local policy) through the IPSec SA.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 314 Y ou have to specif y one or more rules when you set up this kind of NA T . The Z yWALL check s these rules similar to the way it checks rules for a fi rewall. The first part of these rules define the conditions in which the rule apply .
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Se ries User’s Guide 315 Set Up the VPN Connection th at Manages the IPSec SA 1 In Configuration > VPN > IPSec VPN > V PN Con nection > Add , click Create New Object > Address to create an address object for the remote network.
Chapter 20 IPSec VPN ZyWALL 110/310/1100 Series User’s Guide 316.
ZyWALL 110/310/1100 Se ries User’s Guide 317 C HAPTER 21 SSL VPN 21.1 Overview Use SSL VPN to allow users to use a web browser fo r secure remote user login. The remote users do not need a VPN router or VPN client softw are. 21.1.1 What Y ou Can Do in this Chapter •U s e t h e VPN > SSL VPN > Access Privilege screens (see Section 21.
Chapter 21 SSL VPN ZyWALL 110/310/1100 Series User’s Guide 318 SSL Access Policy Object s The SSL access policies reference the following objects. If you update this information, in response to changes, the Z yWA LL automatically propagates the changes through the SSL policies that use the object(s).
Chapter 21 SSL VPN ZyWALL 110/310/1100 Se ries User’s Guide 319 The following table describes the labels in this screen. 21.2.1 The SSL Access Policy Add/Edit Screen T o create a new or edit an existing SSL access policy , click the Add or Edi t icon in the Access Privilege screen.
Chapter 21 SSL VPN ZyWALL 110/310/1100 Series User’s Guide 320 Figure 196 VPN > SSL VPN > Add/Edit The following table describes the labels in this screen. T a ble 118 VPN > SSL VPN > Access Privilege > Add/Edit LABEL DESCRIPTION Create n ew Object Use to configu re any new sett ings objects that you need to us e in this screen.
Chapter 21 SSL VPN ZyWALL 110/310/1100 Se ries User’s Guide 321 Name Enter a descriptive na me to identify this policy . Y ou ca n enter up to 31 characters (“a-z” , A- Z” , “0-9”) with no spaces allowed. Zone Se le ct the zone to which to add this SSL access policy .
Chapter 21 SSL VPN ZyWALL 110/310/1100 Series User’s Guide 322 21.3 The SSL Global Setting Screen Click VPN > SSL VPN and click the Global Setting tab to display the following screen.
Chapter 21 SSL VPN ZyWALL 110/310/1100 Se ries User’s Guide 323 21.3.1 How to Upload a Custom Logo Follow th e steps below to upload a custom logo to display on the remote user SSL VPN screens. 1 Click VPN > SSL VPN and click the Global Setting tab to display the configur ation screen.
Chapter 21 SSL VPN ZyWALL 110/310/1100 Series User’s Guide 324 Figure 198 Example Logo Graphic Display 21.4 SSL VPN Example This example uses SSL VPN to let remote users securely access the internal http://info website.
Chapter 21 SSL VPN ZyWALL 110/310/1100 Se ries User’s Guide 325 3 Display the Z yWALL’ s login screen, enter your user account information (the user name and password), and click SSL VPN to establish an SSL VPN connection. 4 Y our computer starts establishing a secure connecti on to the ZyW ALL after the login.
Chapter 21 SSL VPN ZyWALL 110/310/1100 Series User’s Guide 326 5 The client portal screen displays after the connection is up. In this example, click the Web Server link to go to http://info. If the user account is not included in an S SL VPN access policy , the ZyW ALL redi rects the user to the user aware screen.
ZyWALL 110/310/1100 Se ries User’s Guide 327 C HAPTER 22 SSL User Screens 22.1 Overview This chapter introduces the remote user SSL VPN screens. The followin g figure shows a network example where a remote user ( A ) logs into the ZyW ALL from the Internet to access the web server ( WWW ) on the local network.
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Series User’s Guide 328 • Using RDP requires Internet Explorer • Sun’ s Runtime Environment (JRE) v ersion 1.6 or later installed and enabled. Required Information A remote user needs the following information from the network administrator to log in and access network resources.
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Se ries User’s Guide 329 Figure 201 Login Security Screen 3 A login screen displays. Enter the user nam e and password of your login account. If a token password is also required, enter it in the One-Time Password field.
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Series User’s Guide 330 Figure 204 ActiveX Object Installation Blocked by Browser Figure 205 SecuExtender Blocked by Internet Explorer 6 The Z yWALL tries to run the “ssltun” application. Y ou may need to click somethin g to get your browser to allow this.
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Se ries User’s Guide 331 Figure 207 SecuExtender Progress 8 If a screen like the following displays, click Continue Anyway to finish installing the SecuExtender client on your computer .
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Series User’s Guide 332 Figure 209 Remote User Screen The following table describes the various parts of a remote user screen. 22.4 Bookmarking the ZyW ALL Y ou ca n cr e at e a bo o km a rk of t he ZyWAL L by cl i ck i ng th e Add to Favorite icon.
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Se ries User’s Guide 333 3 Click OK to create a bookmark in your web browser . Figure 210 Add F avorite 22.5 Logging Out of th e SSL VPN User Screens T o prope rly terminate a connection, click on the Logout icon in any remote user screen.
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Series User’s Guide 334 Figure 212 Application 22.7 SSL User File Sharing The File Sharing screen lets you access files on a file server through the SSL VPN connection. Use it to display and access shared files/folders on a file serv er .
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Se ries User’s Guide 335 Figure 213 File Sharing 22.7.2 Opening a File or Folder Y ou can open a file if the file extension is re cognized by the web brow ser and the associated application is installed on your computer .
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Series User’s Guide 336 4 A list of files/folders displays. Double click a file to open it in a separ ate browser window or select a file and click Download to save it to your computer . Y ou can also click a folder to access it.
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Se ries User’s Guide 337 Figure 216 File Sharing: Save a W ord File 22.7.5 Creating a New Folder T o create a new folder in the file share location, click the New Folder icon. Specify a descriptive n ame for the folder .
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Series User’s Guide 338 A popup window displays. Specify the new name and/ or file extension in the field provided. Y ou can enter up to 356 characters. Then click Appl y . Note: Make sure th e length of the nam e do es not exceed the maximum allowed on the file server .
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Se ries User’s Guide 339 Note: Uploading a file with the same name and file extensio n replac es the e xisti ng file on the file server .
Chapter 22 SSL User Screens ZyWALL 110/310/1100 Series User’s Guide 340.
ZyWALL 110/310/1100 Se ries User’s Guide 341 C HAPTER 23 ZyWALL SecuExtender The Z yWALL automatically loads the Z yWALL SecuExtender client progr am to your com puter after a successful login to an S SL VPN tunnel with ne twork extension support enabled.
Chapter 23 ZyWALL SecuExtender ZyWALL 110/310/1100 Series User’s Guide 342 Figure 222 ZyW ALL SecuExtender Status The following table describes the labels in this screen. 23.3 V iew Log If you hav e problems with the ZyW ALL SecuExtend er , customer sup port may request you to provide information from the log.
Chapter 23 ZyWALL SecuExtender ZyWALL 110/310/1100 Se ries User’s Guide 343 Figure 223 ZyW ALL SecuExtend er Log Example 23.4 Suspend and Resume the Connection When the Z yWALL SecuExtender icon in .
Chapter 23 ZyWALL SecuExtender ZyWALL 110/310/1100 Series User’s Guide 344 Figure 224 Uninstalling the ZyW A LL Secu Extender Confirmation 3 Windows uninstalls the Z yWA LL SecuExtender .
ZyWALL 110/310/1100 Se ries User’s Guide 345 C HAPTER 24 L2TP VPN 24.1 Overview L2TP VPN uses the L2TP and IPSec client software included in remote users’ Andr oid, iOS, or Windows operating systems for secure connections to the network behind the Z yW ALL.
Chapter 24 L2TP VPN ZyWALL 110/310/1100 Series User’s Guide 346 Using the Default L2 TP VPN Connection The Default_L2TP_VPN_ GW gateway entry is pre-configured to be conv enient to use for L2TP VPN. Edit it as follows: •S e t My Address to the W A N interface domain name or IP address you w ant to use.
Chapter 24 L2TP VPN ZyWALL 110/310/1100 Se ries User’s Guide 347 24.2 L2TP VPN Screen Click Configuration > VPN > L2TP VPN to open the following screen. Use this screen to configure the Z yWALL’ s L2TP VPN settings. Note: Disconnect an y existing L2TP VPN sessions bef ore modifying L2TP VPN setting s.
Chapter 24 L2TP VPN ZyWALL 110/310/1100 Series User’s Guide 348 Authentica tion Server Certificate Select the c erti ficate to use to identify the ZyW ALL for L2TP VPN conne ct ions. Y ou m ust have certificates already configured in the My Certificate s screen (Click My Certificates and see Chapter 33 on page 413 for details).
ZyWALL 110/310/1100 Se ries User’s Guide 349 C HAPTER 25 Bandwidth Management 25.1 Overview Bandwidth management provides a con venient way to manage the use of v arious services on the network.
Chapter 25 Bandwidth Manage ment ZyWALL 110/310/1100 Series User’s Guide 350 Connection and Packet Directions Bandwidth management looks at the connection direction, that is from which interface the connection was initiated and to which interface the connection is going.
Chapter 25 Bandwidth Management ZyWALL 110/310/1100 Se ries User’s Guide 351 Figure 230 LAN1 to WAN, Outbound 200 kbps, Inbound 500 kbps Bandwid th Management Priority • The Z yWA LL gives bandwidth to higher-pr iority tr affic first, until it reaches its configured bandwidth rate.
Chapter 25 Bandwidth Manage ment ZyWALL 110/310/1100 Series User’s Guide 352 Figure 231 Bandwidth Management Behavior Configured Rate Effect In the following table the configured r ates total less than the available bandwidth and maximize bandwidth usage is disabled, both servers get their configured rate.
Chapter 25 Bandwidth Management ZyWALL 110/310/1100 Se ries User’s Guide 353 Priority and Over Allotm ent of Ban dwidth Effect Server A has a configured r ate that equals the total amount of a vailable bandwidth and a higher priority .
Chapter 25 Bandwidth Manage ment ZyWALL 110/310/1100 Series User’s Guide 354 The following table describes the labels in this screen. See Section 25.2.1 on page 355 for more information as well. T a ble 127 Configuration > Bandwidth Management LABEL DESCRIPTION Enable BWM Select this check bo x to activ ate management bandwidt h.
Chapter 25 Bandwidth Management ZyWALL 110/310/1100 Se ries User’s Guide 355 25.2.1 The Bandwid th Ma nagement Add/Edit Screen The Configuration > Bandwi dth Manageme nt Add/Edit screen allows y ou to create a new condition or edit an existing one.
Chapter 25 Bandwidth Manage ment ZyWALL 110/310/1100 Series User’s Guide 356 Figure 234 Configuration > Bandwidth Management > Add/Edit The following table describes the labels in this screen.
Chapter 25 Bandwidth Management ZyWALL 110/310/1100 Se ries User’s Guide 357 Outgoing Interface Select the dest ination in terface of th e traffic to which this polic y applies. Source Select a source add ress or address group for whom this policy applies.
Chapter 25 Bandwidth Manage ment ZyWALL 110/310/1100 Series User’s Guide 358 Outbound kbps T ype how much outbound ban dwidth, in kilobits per second, this policy allows t he traffic to use. Outbound refers to the tra ffic the Z y WAL L sends out from a connec tion’ s initiator .
ZyWALL 110/310/1100 Se ries User’s Guide 359 C HAPTER 26 Device HA 26.1 Overview Device HA lets a backup Zy WALL ( B ) automatically take over if the master Z yWALL ( A ) fails. Figure 235 Device HA Backup T aking Over for the Master 26.1.1 What Y ou Can Do in this Chapter •U s e t h e General screen ( Section 26.
Chapter 26 Device HA ZyWALL 110/310/1100 Series User’s Guide 360 Note: Only ZyW ALLs of the sa me model an d firmware version ca n sy nchronize. Otherwise you must manually configure the master Z yWALL’ s settings on the backup (by editing copies of the configuration files in a text editor for example).
Chapter 26 Device HA ZyWALL 110/310/1100 Se ries User’s Guide 361 26.3 The Active-P assive Mode Screen Virtual Router The master and backup Z y WALL form a single ‘virtual router’ . In the following ex ample, master ZyW A L L A and backup ZyW ALL B form a virtual router .
Chapter 26 Device HA ZyWALL 110/310/1100 Series User’s Guide 362 Figure 238 Cluster IDs for Multiple Virtual Routers Monitored Interfaces in Acti ve-Passive Mode Device HA Y ou can select which interfaces device HA monito rs. If a monitored interf ace on the Z yWALL loses its connection, device HA has the backup Z yWALL take over .
Chapter 26 Device HA ZyWALL 110/310/1100 Se ries User’s Guide 363 26.3.1 Configuring Acti ve-Passive Mode Device HA The Device HA Active -Passive Mode screen lets you configure general active-passiv e mode device HA settings, view and manage the list of monitored interfaces, and synchronize backup Z yWALLs.
Chapter 26 Device HA ZyWALL 110/310/1100 Series User’s Guide 364 Inactiv ate T o turn off an entry , select it and click Inactivate . # This is the ent ry’s index number in the li st. Status The activ ate (light bulb) icon is lit when the entry is activ e and dimmed when the en try is inactive.
Chapter 26 Device HA ZyWALL 110/310/1100 Se ries User’s Guide 365 26.4 Configuring an Acti ve-Passive Mode Monitored Interface The Device HA Active -Passive Mode Monitore d Interface Edi t screen lets you enable or disable monitoring of an interface and set the in terface’ s management IP address and subnet mask.
Chapter 26 Device HA ZyWALL 110/310/1100 Series User’s Guide 366 The following table describes the labels in this screen. 26.5 Device HA T echnical Reference Active-Passive Mode Device HA with Bridge Interfaces Here are two ways to av oid a broadcast storm wh en you connect the bridge interfaces on two ZyW A L L s .
Chapter 26 Device HA ZyWALL 110/310/1100 Se ries User’s Guide 367 2 Configure the bridge interface on the master Z y WA LL, set the bridge interface as a moni tored interface, and activate device HA. 3 Configure the bridge interface on the backup Z y WALL, set the bridge interface as a monitored interface, and activate device HA.
Chapter 26 Device HA ZyWALL 110/310/1100 Series User’s Guide 368 Second Option for Connecting the Bridge Interfaces on T w o ZyW ALLs Another option is to disable the bridge interfaces, connect the bridge interfac es, activate device HA, and finally reactivate the bridge interfaces as shown in the following example.
Chapter 26 Device HA ZyWALL 110/310/1100 Se ries User’s Guide 369 3 Enable the bridge interface on the master Z yWALL and then on the backup Z yWALL. 4 Connect the Z yWALLs. Synchronization During synchronization, the master Z yW A LL sends the following information to the backup Z yWALL.
Chapter 26 Device HA ZyWALL 110/310/1100 Series User’s Guide 370 • The backup Z yWA LL cannot be the master . This refers to the actual role at the time of synchronization, not the role se tting in the configu ration screen.
ZyWALL 110/310/1100 Se ries User’s Guide 371 C HAPTER 27 User/Group 27.1 Overview This chapter describes how to set up user account s, user groups, and use r settings for the ZyW ALL. Y ou can also set up rules that control when users have to log in to the ZyW ALL before the ZyW ALL routes traffic for them .
Chapter 27 User/Group ZyWALL 110/310/1100 Series User’s Guide 372 Note: The de fa ult admin account i s always auth en ticated loc a lly , reg ardless of the authentication method setting. (See Chapt er 32 on page 409 for more information about authentication methods.
Chapter 27 User/Group ZyWALL 110/310/1100 Se ries User’s Guide 373 User A wareness By default, users do not ha ve to log into the Z y WALL to use the network services it provides.
Chapter 27 User/Group ZyWALL 110/310/1100 Series User’s Guide 374 27.2.1 User Add/Edit Screen The User Add/ Edit screen allows you to create a new user account or edit an existing one. 27.2.1.1 Rules for User Names Enter a user name from 1 to 31 char acters.
Chapter 27 User/Group ZyWALL 110/310/1100 Se ries User’s Guide 375 Figure 243 Configuration > User/Group > User > Add The following table describes the labels in this screen. T a ble 134 Configuration > User/Group > User > Add LABEL DESCRIPTION User Name T ype the user name fo r this user account.
Chapter 27 User/Group ZyWALL 110/310/1100 Series User’s Guide 376 27.3 User Group Summary Screen User groups consist of access users and other user groups. Y ou cannot put admin users in user groups. The Grou p screen provides a summary of all user groups.
Chapter 27 User/Group ZyWALL 110/310/1100 Se ries User’s Guide 377 27.3.1 Group Add/Edit Screen The Group Add/Edit screen allows y ou to create a new user group or edit an existing one. T o access this screen, go to the Group screen (see Section 27.
Chapter 27 User/Group ZyWALL 110/310/1100 Series User’s Guide 378 27.4 The User/Group Setting Screen The Setting screen controls default settings, login se ttings, lockout settings, and other user settings for the Z yWALL. Y ou can also use this screen to specify when users must log in to the Z yWALL before it routes traffic for them.
Chapter 27 User/Group ZyWALL 110/310/1100 Se ries User’s Guide 379 # This field is a sequential value, and it is not as so ciated with a spec ific entry .
Chapter 27 User/Group ZyWALL 110/310/1100 Series User’s Guide 380 27.4.1 Default User Authenticati on T imeout Settings Edit Screens The Default Authentication Timeout Settings Edit screen allows you to set the default authentication timeout settings for the selected ty pe of user account.
Chapter 27 User/Group ZyWALL 110/310/1100 Se ries User’s Guide 381 The following table describes the labels in this screen. 27.4.2 User A ware Login Example Access users cannot use the W eb Configurator to br owse the configuration of the Z yWALL. Instead, after access users log into the Z yWALL, the following screen appears.
Chapter 27 User/Group ZyWALL 110/310/1100 Series User’s Guide 382 The following table describes the labels in this screen. 27.5 User /Group T echnical Reference This section provides some information on users wh o use an external authentication server in order to log in.
Chapter 27 User/Group ZyWALL 110/310/1100 Se ries User’s Guide 383 Creating a Large Number of Ext-User Account s If you plan to create a large number of Ext-User accounts, you might use CLI commands, instead of the W eb Configurator , to create the accounts.
ZyWALL 110/310/1100 Se ries User’s Guide 384 C HAPTER 28 Addresses 28.1 Overview Address objects can represent a single IP address or a range of IP addre sses. Address groups are composed of address objects and other address groups. 28.1.1 What Y ou Can Do in this Chapter •T h e Address screen ( Section 28.
Chapter 28 Addresses ZyWALL 110/310/1100 Se ries User’s Guide 385 Figure 251 Configuration > Object > Address > Address The following table describes the labels in this screen.
Chapter 28 Addresses ZyWALL 110/310/1100 Series User’s Guide 386 28.2.1 IPv4 Address Add/Edit Scre en The Configuration > IPv4 Address Add/Edit screen allows you to create a new address or edit an existing one. T o access this screen, go to the Address screen (see Section 28.
Chapter 28 Addresses ZyWALL 110/310/1100 Se ries User’s Guide 387 28.2.2 IPv6 Address Add/Edit Scre en The Configuration > IPv6 Address Add/Edit screen allows you to create a new address or edit an existing one. T o access this screen, go to the Address screen (see Section 28.
Chapter 28 Addresses ZyWALL 110/310/1100 Series User’s Guide 388 28.3 Address Group Summary Screen The Address Group screen provides a summary of all address groups. T o access this screen, click Configuration > Object > Address > Address Group .
Chapter 28 Addresses ZyWALL 110/310/1100 Se ries User’s Guide 389 28.3.1 Address Group Add/Edit Screen The Address Group Add/Edit screen allows you to create a new address group or edit an existing one. T o access this screen, go to the Address Group screen (see Section 28.
ZyWALL 110/310/1100 Se ries User’s Guide 390 C HAPTER 29 Services 29.1 Overview Use service objects to define TCP applications, UD P applications, and ICMP messages. Y ou can also create service groups to refer to mult iple service objects in other features.
Chapter 29 Services ZyWALL 110/310/1100 Se ries User’s Guide 391 Service Object s and Service Group s Use service objects to define IP protocols. • TCP applications • UDP applications • ICMP messages • user-defined services (for other types of IP protocols) These objects are used in policy routes, firewall rules.
Chapter 29 Services ZyWALL 110/310/1100 Series User’s Guide 392 The following table describes the labels in this screen. 29.2.1 The Service Add/Edit Screen The Se rvice Add/Edit screen allows y ou to create a new service or edit an existing one. T o access this screen, go to the Service screen (see Section 29.
Chapter 29 Services ZyWALL 110/310/1100 Se ries User’s Guide 393 29.3 The Service Group Summary Screen The Service Group summary screen provides a summary of all service groups. In addition, this screen allows you to add, edit, and remove service groups.
Chapter 29 Services ZyWALL 110/310/1100 Series User’s Guide 394 29.3.1 The Service Group Add/Edit Screen The Service Group Add/Edit screen allows you to create a new service group or edit an existing one. T o access this screen, go to the Service Group screen (see Section 29.
Chapter 29 Services ZyWALL 110/310/1100 Se ries User’s Guide 395 Member List The Member list displays the names of the servic e and service group objects that have been added to the service group. The order of members is not important. Select items from th e Available list that you want to be members and m ove them to the Member list.
ZyWALL 110/310/1100 Se ries User’s Guide 396 C HAPTER 30 Schedules 30.1 Overview Use schedules to set up one-time and recurring schedules for policy routes, firewall rules. The Z yWALL supports one-time and recurring schedules. One-time schedules are effective only on ce, while recurring schedules usually repeat.
Chapter 30 Schedules ZyWALL 110/310/1100 Se ries User’s Guide 397 30.2 The Schedule Summary Screen The Schedule summary screen prov ides a summary o f all schedules in the Z yWALL. T o access this screen, click Configuration > Object > Schedule .
Chapter 30 Schedules ZyWALL 110/310/1100 Series User’s Guide 398 30.2.1 The One-T ime Schedule Add/Edit Screen The One-Time Schedule Add/Edit screen allows you to define a one-time schedule or edit an existing one. T o ac cess this screen, go to the Schedule screen (see Section 30.
Chapter 30 Schedules ZyWALL 110/310/1100 Se ries User’s Guide 399 30.2.2 The Recurring Sc hedule Add/Edit Screen The Recurring Sche dule Add/Edit screen allows you to define a recurring schedule or edit an existing one. T o ac cess this screen, go to the Schedule screen (see Section 30.
ZyWALL 110/310/1100 Se ries User’s Guide 400 C HAPTER 31 AAA Server 31.1 Overview Y ou can use a AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The AAA server can be a Active Directory , LDAP , or RADIUS serv er .
Chapter 31 AA A Server ZyWALL 110/310/1100 Se ries User’s Guide 401 Figure 264 RADIUS Server Network Example 31.1.3 ASAS ASAS (Authenex Strong Au thentication System) is a RADIUS server that works with the One- Time Password (O TP) feature. Purchase a Z yW ALL O TP pack age in order to use this feature.
Chapter 31 AAA Server ZyWALL 110/310/1100 Series User’s Guide 402 • Directory Service (LDAP/AD) LDAP (Lightweight Directory Access Protocol)/AD (Act ive Directory) is a directory service that is both a directory and a protocol for controlling access to a network.
Chapter 31 AA A Server ZyWALL 110/310/1100 Se ries User’s Guide 403 Bind DN A bind DN is used to authenticate with an LDAP/AD serv er . For example a bind DN of cn=zywallAdmin allows the Z yWALL to log into the LDAP/AD server using the user name of zywallAdmin .
Chapter 31 AAA Server ZyWALL 110/310/1100 Series User’s Guide 404 Figure 267 Configuration > Object > AAA Serv er > Active Dire ctory (or LDAP) > Add The following table describes the labels in this screen.
Chapter 31 AA A Server ZyWALL 110/310/1100 Se ries User’s Guide 405 Base DN Specify the directory (up to 127 al phanumerical characters) . For example, o=ZyXEL, c=US . This is only for LDAP . Use SSL Select Us e SSL to establish a secure connec tion to the AD or LDAP server(s).
Chapter 31 AAA Server ZyWALL 110/310/1100 Series User’s Guide 406 31.3 RADIUS Server Summary Use the RADIUS screen to manage the list of RADIUS servers the Z yWALL can use in authenticating users. Click Configuration > Object > AAA Server > RADIUS to display th e RADIUS screen.
Chapter 31 AA A Server ZyWALL 110/310/1100 Se ries User’s Guide 407 Figure 269 Configuration > Object > AAA Server > RA DIUS > Add The following table describes the labels in this screen.
Chapter 31 AAA Server ZyWALL 110/310/1100 Series User’s Guide 408 Group Membership Attribu te A RADIUS server defines attributes for its accounts. S elect the name and num ber of the attribute that the Z yWALL is t o check to dete rmine to which group a user belongs.
ZyWALL 110/310/1100 Se ries User’s Guide 409 C HAPTER 32 Authentication Method 32.1 Overview Authentication method objects set how the Z yWALL authenticates wireless, HT TP/HTTPS clients, and peer IPSec routers (extended authentication) c lients.
Chapter 32 Authenticatio n Me th od ZyWALL 110/310/1100 Series User’s Guide 410 Figure 270 Example: Using Authentication Method in VPN 32.2 Authentication Method Object s Click Configuration > Object > A uth. Method to display the screen as shown.
Chapter 32 Authentication Method ZyWALL 110/310/1100 Se ries User’s Guide 41 1 2 Click Add . 3 Specify a descriptive name for identification purposes in the Name field. Y ou may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number .
Chapter 32 Authenticatio n Me th od ZyWALL 110/310/1100 Series User’s Guide 412 Move T o change a method’s position in the numbered lis t, select the method an d click Move to display a field to type a number for where yo u want to put it and press [ENTER] to move the rule to th e nu mber that you typed.
ZyWALL 110/310/1100 Se ries User’s Guide 413 C HAPTER 33 Certificates 33.1 Overview The Z yWALL can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate co ntains the certificate owner’s identity and public key .
Chapter 33 Certificat es ZyWALL 110/310/1100 Series User’s Guide 414 5 Additionally , Jenny uses her own private k ey to sign a message and Tim uses Jenny’ s public key to verify the message.
Chapter 33 Certificates ZyWALL 110/310/1100 Se ries User’s Guide 415 • Binary PKCS#12: This is a format for tr ansferring public key and private k ey certificates. The private k ey in a PKCS #12 file is within a passw ord-encrypted envelope. The file’ s password is not connected to your certificate’ s public or private passwor ds.
Chapter 33 Certificat es ZyWALL 110/310/1100 Series User’s Guide 416 Figure 274 Certificate Details 4 Use a secure method to v erify that the cert ificate owner has the sa me information in the Thumbprin t Algorith m and Thumbprint fields. The se c ure metho d may very based on yo ur situation.
Chapter 33 Certificates ZyWALL 110/310/1100 Se ries User’s Guide 417 The following table describes the labels in this screen. 33.2.1 The My Certificates Add Screen Click Configuration > Object > Certifi cate > My Certificates and then the Add icon to open the My Certificates Add screen.
Chapter 33 Certificat es ZyWALL 110/310/1100 Series User’s Guide 418 Figure 276 Configuration > Object > Certificate > My Certificates > Add The following table describes the labels in this screen.
Chapter 33 Certificates ZyWALL 110/310/1100 Se ries User’s Guide 419 If you configured the My Certificate Create screen to have the Z yW ALL enroll a certificate and the certificate enrollment is not successful, you see a screen with a Return button that takes you back to the My Certificate Create screen.
Chapter 33 Certificat es ZyWALL 110/310/1100 Series User’s Guide 420 Figure 277 Configuration > Object > Certificate > My Certificates > Edit The following table describes the labels in this screen.
Chapter 33 Certificates ZyWALL 110/310/1100 Se ries User’s Guide 421 Certifi cate Information These read-only fields display detail ed information about the certific ate. T ype This fiel d displays general info rmation abou t the certifi cate. CA-signed means tha t a Certification Autho rity signed the certi ficate.
Chapter 33 Certificat es ZyWALL 110/310/1100 Series User’s Guide 422 33.2.3 The My Certif icates Import Screen Click Configuration > Object > Certifi cate > My Certificates > Import to open the My Certificate Impor t screen. F ollow the instructions in this screen to save an existing certificate to the Z y WALL.
Chapter 33 Certificates ZyWALL 110/310/1100 Se ries User’s Guide 423 The following table describes the labels in this screen. 33.3 The T rusted Cert ificates Screen Click Configuration > Object > Certifi cate > Trusted Certificates to open the Trusted Certificates screen.
Chapter 33 Certificat es ZyWALL 110/310/1100 Series User’s Guide 424 33.3.1 The T rusted Ce rtificates Edit Screen Click Configuration > Object > Cert ific ate > Tru sted C ertif ic ates and then a certificate’ s Edit icon to open the Trusted Certificates Edit screen.
Chapter 33 Certificates ZyWALL 110/310/1100 Se ries User’s Guide 425 Figure 280 Configuration > Object > Certificate > T rusted Certificates > Edit.
Chapter 33 Certificat es ZyWALL 110/310/1100 Series User’s Guide 426 The following table describes the labels in this screen. T a ble 164 Configuration > Object > Certificate > T rusted Certificate s > Edit LABEL DESCRIPTION Name This field displays the identifyi ng name of this certific ate.
Chapter 33 Certificates ZyWALL 110/310/1100 Se ries User’s Guide 427 33.3.2 The T rusted Cert ificates Import Screen Click Configuration > Object > Certificat e > Trusted Certificates > Import to open the Trusted Certificates Import screen.
Chapter 33 Certificat es ZyWALL 110/310/1100 Series User’s Guide 428 Note: Y ou mus t remove any spaces from t he certificat e’ s filename before you can im port the certificate. Figure 281 Configuration > Object > Certificate > T rusted Certificates > Import The following table describes the labels in this screen.
ZyWALL 110/310/1100 Se ries User’s Guide 429 C HAPTER 34 ISP Accounts 34.1 Overview Use ISP accounts to manage Internet Service Prov ider (ISP) account info rmation for PPPoE/PPTP interfaces. An ISP account is a profile of se ttings for Internet access using PPP oE or PPTP .
Chapter 34 ISP Accounts ZyWALL 110/310/1100 Series User’s Guide 430 34.2.1 ISP Account Edit The ISP Account Edit screen lets y ou add information about new accounts and edit information about existing accounts. T o open this window, open the ISP Account screen.
Chapter 34 ISP Accounts ZyWALL 110/310/1100 Se ries User’s Guide 431 Authentica tion Ty p e Use the drop-down list box to select an authe n tication protocol for outgo ing calls. Options are: CHAP/PAP - Y our ZyW ALL accepts either CHAP or PAP when requested by this remote node.
ZyWALL 110/310/1100 Se ries User’s Guide 432 C HAPTER 35 SSL Application 35.1 Overview Y ou use SSL application objects in SSL VPN. Configur e an S SL application object to specify the type of application and the address of the local computer , server , or web site SSL users are to be able to access.
Chapter 35 SSL Application ZyWALL 110/310/1100 Se ries User’s Guide 433 The LAN computer to be managed m ust have VNC (Virtual Network Com puting) or RDP (R emote Desktop Protocol) server software in stalled. The remote user’s computer does not use VNC or RDP client software.
Chapter 35 SSL Application ZyWALL 110/310/1100 Series User’s Guide 434 Figure 285 Example: SSL Application: Specifying a W eb Site for Access 35.2 The SSL Application Screen The main SSL Application screen displays a list of the configured SSL application objects.
Chapter 35 SSL Application ZyWALL 110/310/1100 Se ries User’s Guide 435 35.2.1 Creating/Editing an SSL Application Object Y ou can create a web-based application that allows remote users to access an application via standard web browsers.
Chapter 35 SSL Application ZyWALL 110/310/1100 Series User’s Guide 436 Figure 288 Configuration > Object > S SL Application > Add/Edit: File Sharing The following table describes the labels in this screen.
Chapter 35 SSL Application ZyWALL 110/310/1100 Se ries User’s Guide 437 Preview This fi eld only appears when yo u choose Web Application as the object type. This field displays if the Server Type is set to Web Server , OWA or W eblink . Click Preview to access the URL you specifie d in a new IE web browser .
ZyWALL 110/310/1100 Se ries User’s Guide 438 C HAPTER 36 DHCPv6 36.1 Overview This chapter describes how to configure DHCP v6 request type and lease type objects. 36.1.1 What Y ou Can Do in this Chapter •T h e Request screen (see Section 27.2 on page 373 ) allows you to configure DHCPv6 request type objects.
Chapter 36 DHCPv6 ZyWALL 110/310/1100 Se ries User’s Guide 439 36.2.1 DHCPv6 Request Add/Edit Screen The Request Add/Edit screen allows you to create a new request object or edit an existing one. T o access this screen, go to the Request screen (see Section 27.
Chapter 36 DHCPv6 ZyWALL 110/310/1100 Series User’s Guide 440 Figure 291 Configuration > Object > DHCPv6 > Lease The following table describes the labels in this screen. 36.3.1 DHCPv6 Lease Add/Edit Screen The Lease Add/Ed it screen allows you to create a new lease object or edit an existing one.
Chapter 36 DHCPv6 ZyWALL 110/310/1100 Se ries User’s Guide 441 The following table describes the labels in this screen. T a ble 173 Configuration > DH CP v6 > Lease > Add LABEL DESCRIPTION Name T ype the name for this lease object.
Chapter 36 DHCPv6 ZyWALL 110/310/1100 Series User’s Guide 442.
ZyWALL 110/310/1100 Se ries User’s Guide 443 C HAPTER 37 System 37.1 Overview Use the system screens to configure general Z yWALL settings. 37.1.1 What Y ou Can Do in this Chapter •U s e t h e System > Host Name screen (see Section 37.2 on page 444 ) to configure a unique name for the Z yWALL in you r network.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 444 37.2 Host Name A host name is the unique name by which a device is k nown on a network. Click Configuration > System > Host Name to open the Host Name screen. Figure 293 Configuration > System > Host Name The following table describes the labels in this screen.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 445 Figure 294 Configuration > System > USB Storage The following table describes the labels in this screen. 37.4 Date and T i me For effectiv e scheduling and logging, the Z yWALL system time must be accur ate.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 446 Figure 295 Configuration > System > Date and Time The following table describes the labels in this screen. T a ble 176 Configuration > System > Date and Time LABEL DESCRIPTION Current Time and Date Current Time This field displays the present time of your Z yWALL.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 447 Get from Time Serve r Select this radio button to have th e Z yWALL get the t ime and dat e from the ti me serv er you specify below . The ZyWALL requests time and date settings from the time serv er under the following circumstances.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 448 37.4.1 Pre-define d NTP Time Serv ers List When you turn on the Z yWALL for the first time, the date and time start at 2003-01-01 00:00:00. The Z yWALL then attempts to synchronize with one of the following pre-defined list of Network Time Protocol (NTP) time servers.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 449 7 Click Apply . T o get the ZyW ALL date and time from a time serv er 1 Click System > Date/Time . 2 Select Get from T ime Server under Time and Date Setup . 3 Under Time Zone Setup , select y our Time Zone from the list.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 450 37.6 DNS Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, y ou must know the IP address of a machine before you can access it.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 451 The following table describes the labels in this screen. T a ble 179 Configuration > System > DNS LABEL DESCRIPTION Address/PTR Rec or d This record spe cifies the ma ppin g of a Full y-Qualified Domai n Name (FQDN) to an IP address.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 452 37.6.3 Address Record An address record contains the mapping of a Fully-Qualified Domain Name (FQDN) to an IP address. An FQDN consists of a host and doma in name. F or example, www.zyxel.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 453 37.6.5 Adding an Address/PTR Record Click the Add icon in the Address/PTR Record table to add an address/ PTR record. Figure 299 Configuration > System > DNS > Address/PTR R ecord Edit The following table describes the labels in this screen.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 454 Figure 300 Configuration > System > DNS > Domain Z one Forw arder Add The following table describes the labels in this screen.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 455 Figure 301 Configuration > System > DNS > MX R ecord Add The following table describes the labels in this screen. 37.6.10 Adding a DN S Service Control Rule Click the Add icon in the Service Contro l table to add a service control rule.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 456 37.7 WWW Overview The following figure shows secure and insecure management of the Z yWALL coming in from the W AN. HTTPS and S SH access are se cure. HTTP and T elnet access are not secure.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 457 It relies upon certificates, public keys, and priv ate keys (see Chapter 33 on page 413 for more information). HT TPS on the Z yWALL is u sed so that you can securely access the Z yWALL using the W eb Configurator .
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 458 Figure 304 Configuration > System > WWW > Service Control The following table describes the labels in this screen.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 459 Authenticate Cl ient Certifi cates Select Authenticate Cl ie nt Certificates (optional) to require the SSL client to authenticate it se lf to the Z yWALL by se n din g th e Z yWALL a certi fic ate .
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 460 37.7.5 Service Control Rules Click Add or Edit in the Service Cont rol table in a WWW , SSH , Telnet , FTP or SNMP screen to add a service control rule.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 461 The following table describes the labels in this screen. 37.7.6 Customizing the WWW Login Page Click Configuration > System > WWW > Login Page to open the Login Page screen. Use this screen to customize the W eb Configurator login screen.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 462 Figure 306 Configuration > System > WWW > Login Page The following figures identify the parts you can customize in the login and access pages.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 463 Figure 307 Login Page Customization Figure 308 Access Page Customization Y ou can specify colors in one of the following ways: • Click Color to display a screen of web-safe colors from which to choose.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 464 • Enter a pound sign (#) followed by the six -d igit hexadecimal number th at represents the desired color . For example, use “#000000” for black. • Enter “rgb” followed by red , green, and blue va lues in parenthesis and separate by commas.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 465 37.7.7 HTTPS Example If you haven’t changed the default HT TPS port on the ZyW ALL, then in your browser enter “https:// Z yWALL IP Address/” as the web site address where “Z yWALL IP Address” is the IP address or domain name of the ZyW ALL you wish to access.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 466 Figure 310 Security Certificate 1 (Firefox) Figure 311 Security Certificate 2 (Firefox) 37.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 467 Figure 312 Login Screen (Internet Explorer) 37.7.7.5 Enrolling and Impor ting SSL Client Certifica tes The SSL client needs a certificate if Authenticate Client Certificates is selected on the Z y WALL.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 468 Figure 314 CA Certificate Example 2 Click Install Certificate and follow the wizard as shown earlier in this appendix. 37.7.7.5.2 Installing Y our Personal Certificate(s) Y ou need a password in advance.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 469 Figure 315 Personal Certificate Import Wizard 1 2 The file name and path of the certificate you do uble-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 470 Figure 317 Personal Certificate Import Wizard 3 4 Have the wizard determine where the certificate should be sav ed on y our computer or select Place all cert ificates i n the fo llowing st ore and choose a different location.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 471 Figure 319 Personal Certificate Import Wizard 5 6 Y ou should see the following screen when the certificate is correctly installed on your compu ter . Figure 320 Personal Certificate Import Wizard 6 37.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 472 Figure 322 SSL Client Authentication 3 Y ou next see the W eb Configurator login screen. Figure 323 Secure W eb Configurator Login Screen 37.8 SSH Y ou can use SSH (Secure SHell) to securely access the Z yWALL’ s command line interface.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 473 Figure 324 SSH Communication Over the W AN Example 37.8.1 How SSH Works The following figure is an example of how a secure connection is estab lished between two remote hosts using SSH v1.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 474 37.8.2 SSH Implementation on the ZyW ALL Y our Z yW ALL supports SSH versions 1 and 2 using RSA authentication and four encryption methods (AES, 3DES, Archfour , and Blowfish). The SSH server is implemented on the ZyW ALL for management using port 22 (by default).
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 475 37.8.5 Secure T eln et Using SSH Examples This section shows two examples using a command interface and a gr aphical interface SSH client program to remotely access the Z yWALL. The conf iguration and connection steps are similar for most SSH client programs.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 476 37.8.5.2 Example 2: Linux This section describes how to access the Z yWALL using the OpenSSH client progr am that comes with most Linux distributions. 1 T est whe ther the SSH service is av ailable on the Z yWALL.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 477 Figure 330 Configuration > System > TELNET The following table describes the labels in this screen.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 478 37.10 FTP Y ou can upload and download the Z y WALL’ s firmware and configuration files using FTP . T o use this feature, your computer must hav e an FTP client. Please see Chapter 39 on page 499 for more information about firmware and configuration files.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 479 37.1 1 SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Y our Z yWALL supports SN MP agent functionality , which allows a manager station to manage and monitor the Z yWALL through the network.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 480 Figure 332 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager . An agent is a management software module that reside s in a managed device (the ZyW A LL).
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 481 statistical data and monitor status and performa nce. Y ou can download the Z yWALL’ s MIBs from www .zyxel.com. 37.1 1.2 SNMP T rap s The Z yWALL will send traps to the SNMP manager when any one of the following events occurs.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 482 Figure 333 Configuration > System > SNMP The following table describes the labels in this screen.
Chapter 37 Sys tem ZyWALL 110/310/1100 Se ries User’s Guide 483 37.12 Language Screen Click Configuration > System > Language to open the following screen. Use th is screen to select a display language for the Z yWALL’ s W eb Configurato r screens.
Chapter 37 System ZyWALL 110/310/1100 Series User’s Guide 484 Figure 335 Configuration > Sy stem > IPv6 The following table describes the labels in this screen.
ZyWALL 110/310/1100 Se ries User’s Guide 485 C HAPTER 38 Log and Report 38.1 Overview Use these screens to configure daily reporting and log settings. 38.1.1 What Y ou Can Do In this Chapter •U s e t h e Email Daily Re port screen ( Section 38.2 on page 485 ) t o configure where and how t o send daily reports and what reports to send.
Chapter 38 Log and Report ZyWALL 110/310/1100 Series User’s Guide 486 Figure 336 Configuration > Log & R eport > Email Daily Report The following table describes the labels in this screen.
Chapter 38 Log and Report ZyWALL 110/310/1100 Se ries User’s Guide 487 38.3 Log Setting Screens The Log Setting screens control log messages and alerts. A log message stores the information for viewing or regular e-mailing later , and an alert is e-mailed immediately .
Chapter 38 Log and Report ZyWALL 110/310/1100 Series User’s Guide 488 Figure 337 Configuration > Log & Report > Log Setting The following table describes the labels in this screen.
Chapter 38 Log and Report ZyWALL 110/310/1100 Se ries User’s Guide 489 38.3.2 Edit System Log Settings The Log Settings Edit screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen (see Section 38.
Chapter 38 Log and Report ZyWALL 110/310/1100 Series User’s Guide 490 The following table describes the labels in this screen. T a ble 196 Configur ation > Log & Report > Log Setting > .
Chapter 38 Log and Report ZyWALL 110/310/1100 Se ries User’s Guide 491 38.3.3 Edit Log on USB S torage Setting The Edit Log on USB Storage Set ting screen controls the detailed settings for saving logs to a connected USB storage device. Go to the Log Setting Summary screen (see Section 38.
Chapter 38 Log and Report ZyWALL 110/310/1100 Series User’s Guide 492 Figure 339 Configuration > Log & Repo rt > Log Setting > Edit (USB Stor age).
Chapter 38 Log and Report ZyWALL 110/310/1100 Se ries User’s Guide 493 The following table describes the labels in this screen. 38.3.4 Edit Remote Server Log Settings The Log Settings Edit screen controls the detailed settings for each log in the remote server (syslog).
Chapter 38 Log and Report ZyWALL 110/310/1100 Series User’s Guide 494 Figure 340 Configuration > Log & Report > Log Setting > Edit (R emote Server).
Chapter 38 Log and Report ZyWALL 110/310/1100 Se ries User’s Guide 495 The following table describes the labels in this screen. 38.3.5 Log Category Settings Screen The Log Category Settings screen allows you to view and to edit what information is included in the system log, USB storage, e-mail profiles, and re mote servers at the same time.
Chapter 38 Log and Report ZyWALL 110/310/1100 Series User’s Guide 496 Figure 341 Log Category Settings This screen provides a different view and a different wa y of indicating which messages are included in each log and each alert. Please see Section 38.
Chapter 38 Log and Report ZyWALL 110/310/1100 Se ries User’s Guide 497 The following table describes the fields in this screen. T a ble 199 Configur ation > Log & Report > Log Setting > Log Category Settings LABEL DESCRIPTION System L og U se the System Log drop-down list to change the log se ttings for all of the log categories.
Chapter 38 Log and Report ZyWALL 110/310/1100 Series User’s Guide 498 System Log S el ect which events you want to l og by Log Category . There are three choi ces: disable all logs (red X) - do not .
ZyWALL 110/310/1100 Se ries User’s Guide 499 C HAPTER 39 File Manager 39.1 Overview Configuration files define the Z yWALL’ s settings. Shell scripts are files of commands that you can store on the Z yW ALL and run when you need th em. Y ou can apply a configuration file or run a shell script without the Z yW ALL restarting.
Chapter 39 File Manager ZyWALL 110/310/1100 Series User’s Guide 500 These files have the same syntax, which is also identical to the way y ou run CLI commands manually . An example is shown below . While configuration files and shell scripts have th e same syntax, the Z yWALL applies configuration files differently than it runs shell scripts.
Chapter 39 File Manager ZyWALL 110/310/1100 Se ries User’s Guide 501 Line 3 in the following exam ple exits sub command mode. Lines 1 and 3 in the following example are comments and line 4 exits sub command mode. Lines 1 and 2 are comments. Line 5 exits sub command mode.
Chapter 39 File Manager ZyWALL 110/310/1100 Series User’s Guide 502 Configuration File Flow at Rest art • If there is not a startup-config.conf when you restart the Z yWALL (whether through a management interface or by physically turning th e power off and back on), the ZyW ALL uses the system-default.
Chapter 39 File Manager ZyWALL 110/310/1100 Se ries User’s Guide 503 The following table describes the labels in this screen. T a ble 201 Maintenance > File Manager > Configuration File LABEL DESCRIPTION Ren am e Use this button to chan ge the label of a configu ration file on the Z yWALL.
Chapter 39 File Manager ZyWALL 110/310/1100 Series User’s Guide 504 Apply Use this but ton to have the ZyWALL use a specific co n figuration file. Click a configuration file ’s row to select it and cl ick Apply to have the ZyWALL use that configuration file.
Chapter 39 File Manager ZyWALL 110/310/1100 Se ries User’s Guide 505 39.3 The Firmware Package Screen Click Maintenance > File Manager > Firmware Package to open the Firmware Package screen. Use the Firmware Package screen to check your current firmware v ersion and upload firmware to the Z yWALL.
Chapter 39 File Manager ZyWALL 110/310/1100 Series User’s Guide 506 Figure 347 Maintenance > File Manager > Firmware P ackage The following table describes the labels in this screen. After you see the Firmware Upload in Process screen, wait tw o minutes before logging into the Z yWALL again.
Chapter 39 File Manager ZyWALL 110/310/1100 Se ries User’s Guide 507 Figure 350 Firmware Upload Error 39.4 The Shell Script Screen Use shell script files to have the Z yWALL use command s that you specify . Use a text editor to create the shell script files.
Chapter 39 File Manager ZyWALL 110/310/1100 Series User’s Guide 508 Each field is described in the following table. T a ble 203 Maintenance > File Manager > Shell Script LABEL DESCRIPTION Ren am e Use this button to change the label of a shell script file on the Z yWALL.
Chapter 39 File Manager ZyWALL 110/310/1100 Se ries User’s Guide 509 Upload Shell Script The bottom part of the screen allows you to upload a new or previously saved shell script file from your computer to your Z yWALL. File Pat h T ype in the location of the file you wa nt to upload in this field or click Browse .
ZyWALL 110/310/1100 Se ries User’s Guide 510 C HAPTER 40 Diagnostics 40.1 Overview Use the diagnostics screens for troubleshooting. 40.1.1 What Y ou Can Do in this Chapter •U s e t h e Diagnostics screen (see Section 40.
Chapter 40 Diagnostics ZyWALL 110/310/1100 Se ries User’s Guide 51 1 The following table describes the labels in this screen. 40.2.1 The Diagnostics Files Screen Click Maintenance > Diagnostics > Files to open the diagnostic files screen.
Chapter 40 Diagnostics ZyWALL 110/310/1100 Series User’s Guide 512 40.3 The Packet Capture Screen Use this screen to capture network traffic going throu gh the Z yWALL’ s interfaces. Studying these packet captures may help you identify network problems.
Chapter 40 Diagnostics ZyWALL 110/310/1100 Se ries User’s Guide 513 The following table describes the labels in this screen. T a ble 206 Maintenance > Diagnostics > P acket Capture LABEL DESCRIPTION Interfaces Enabled interface s (except for virtual in terfaces) appear under Availabl e Interfaces .
Chapter 40 Diagnostics ZyWALL 110/310/1100 Series User’s Guide 514 40.3.1 The Packet Capture Files Screen Click Maintenance > Diagnostics > Packet Capture > File s to open the packet capture files screen. This screen lists the files of packet captures stored on the ZyW ALL or a connected USB storage device.
Chapter 40 Diagnostics ZyWALL 110/310/1100 Se ries User’s Guide 515 The following table describes the labels in this screen. 40.4 Core Dump Screen Use the Core Dump screen to have the Z yWALL save a process’ s core dump to an attached USB storage device if the process terminates abnormally (crashes).
Chapter 40 Diagnostics ZyWALL 110/310/1100 Series User’s Guide 516 40.4.1 Core Dump Files Screen Click Maintenance > Diagnostics > Core Dump > Files to open the core dump files screen. This screen lists the core dump files stored on the Z y W ALL or a connected USB stor age device.
Chapter 40 Diagnostics ZyWALL 110/310/1100 Se ries User’s Guide 517 Figure 360 Maintenance > Diagnostics > System Log The following table describes the labels in this screen. T a ble 210 Maintenance > Diagnostics > System Log LABEL DESCRIPTION Rem ov e Select files an d cli ck Remove to delete them from the ZyW ALL.
ZyWALL 110/310/1100 Se ries User’s Guide 518 C HAPTER 41 Packet Flow Explore 41.1 Overview Use this to get a clear picture on how the Z yWALL determines where to forward a packet and how to change the source IP address of the packet according to your current settings.
Chapter 41 Packet Flow Explore ZyWALL 110/310/1100 Se ries User’s Guide 519 Figure 361 Maintenance > P acket Flow Explore > Routing Status (Direct R oute) Figure 362 Maintenance > P acket F.
Chapter 41 Packet Flow Exp lore ZyWALL 110/310/1100 Series User’s Guide 520 Figure 365 Maintenance > P acket Flow Explore > Routing Status (Dynamic VPN) Figure 366 Maintenance > P acket Flo.
Chapter 41 Packet Flow Explore ZyWALL 110/310/1100 Se ries User’s Guide 521 The following table describes the labels in this screen. T a ble 211 Maintena nce > Packet Flow Explore > Routing Status LABEL DESCRIPTION Rou ti n g F l ow This section shows you the flow of how the Z yWALL determines wher e to route a pa cket.
Chapter 41 Packet Flow Exp lore ZyWALL 110/310/1100 Series User’s Guide 522 41.3 The SNA T St atus Screen The SNAT Status screen allows you to view and quickly link to specific source NA T (SNA T) settings. Click a function box in the SNAT Flow section, the related SNA T rules (activ ated) will display in the SNAT Table section.
Chapter 41 Packet Flow Explore ZyWALL 110/310/1100 Se ries User’s Guide 523 Figure 370 Maintenance > Pack et Flow Expl ore > SNA T Status (1-1 SNA T) Figure 371 Maintenance > P acket Flow E.
Chapter 41 Packet Flow Exp lore ZyWALL 110/310/1100 Series User’s Guide 524 Destination This is the original destinat ion IP address(es). Outgoing This is the outgoing interface that the SNA T rule uses to transmit packets. SNA T This is the sou rce IP address(es ) that the SNA T rule uses finally .
ZyWALL 110/310/1100 Se ries User’s Guide 525 C HAPTER 42 Reboot 42.1 Overview Use this to restart the device (for example, if the device begins beha ving erratically). See also Section on page 31 for information on different ways to start an d stop the Z yWALL.
ZyWALL 110/310/1100 Se ries User’s Guide 526 C HAPTER 43 Shutdown 43.1 Overview Use this to shutdown the device in preparation for disconnecting the power . See also Section on page 31 for information on different ways to start and stop the Z yWALL.
ZyWALL 110/310/1100 Se ries User’s Guide 527 C HAPTER 44 Troubleshooting This chapter offers some suggestions to solve problems you might encounter . • Y ou can also refer to the logs (see Chapter 6 on page 100 ). • For the order in which the Z yWALL applies its features and checks, see Chapter 41 on page 518 .
Chapter 44 Troubleshooting ZyWALL 110/310/1100 Series User’s Guide 528 I configured securi ty settings but the Z yWALL i s not applying them for certain interfaces. Many security settings are usually applied to zones. Make su re you assign the interfaces to the appropriate zones.
Chapter 44 Troubleshooting ZyWALL 110/310/1100 Se ries User’s Guide 529 The interface’ s IP address may have changed. T o av oid this create an IP address object based on the interface. This way the Z yW ALL automatically upda tes every rule or setting that u ses the object whenever the interface’ s IP address settings change.
Chapter 44 Troubleshooting ZyWALL 110/310/1100 Series User’s Guide 530 The Z yWALL is deleting some zi pped files. The Z yWALL cannot unzip password protected ZIP files or a ZIP file within another ZIP file. There are also limits to the number of ZIP files that the Z yWA LL can concurrently unzip.
Chapter 44 Troubleshooting ZyWALL 110/310/1100 Se ries User’s Guide 531 subnets. See Asymmetrical Routes on page 268 and the chapter about interfaces for more information. I cannot set up an IPSec VPN tunnel to anot her device. If the IPSec tunnel does not build properly , the problem is likely a configuration error at one of the IPSec routers.
Chapter 44 Troubleshooting ZyWALL 110/310/1100 Series User’s Guide 532 • Make sure regular firew all rules allow traffic betw een the VPN tunnel and the rest of the network. R egular firewall rules check packets the Z yWALL sends before the Z yWALL encrypts them and check packets the Z yWALL receives after the Z yWALL decrypts them.
Chapter 44 Troubleshooting ZyWALL 110/310/1100 Se ries User’s Guide 533 The default admin account is always authenticated locally , regardless of the authentication method setting. (See Chapter 31 on page 400 for more inform ation about authentication methods.
Chapter 44 Troubleshooting ZyWALL 110/310/1100 Series User’s Guide 534 • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable form.
Chapter 44 Troubleshooting ZyWALL 110/310/1100 Se ries User’s Guide 535 • Y our configuration files or shell scripts can use “e xit” or a command line consisting of a single “! ” to have the Z yWALL exit sub command mode. •I n c l u d e write commands in your scripts.
Chapter 44 Troubleshooting ZyWALL 110/310/1100 Series User’s Guide 536 If you want to reboot the device withou t changing the current configuration, see Chapter 42 on page 525 . 1 Make sure the SYS LED is on and not blinking. 2 Press the RESET button and hold it until the SYS LED begins to blink.
ZyWALL 110/310/1100 Se ries User’s Guide 537 A PPENDIX A Legal Information Copyright Copyright © 2013 b y ZyXEL Communi cations Corpor ation. Th e co n te n t s o f th i s p u b li ca t i on m ay n.
Appendix A Legal Information ZyWALL 110/310/1100 Series User’s Guide 538 T a iwanese BSMI (Bureau of St andards, Metrology and Inspectio n) A W arning: Notices Changes or modific ations not exp ressly approved by the party re sp onsible f or complianc e could vo id the user's au thority to ope r ate the equipment.
Appendix A Legal Information ZyWALL 110/310/1100 Se ries User’s Guide 539 • CAUTION: RISK OF EXPLOSION IF BAT TERY (on the mother boar d) IS REPLACED BY AN INCORREC T TYPE. DISPOSE OF USED BA TTERIES ACCORDING TO T HE INSTRUCTIONS. Di spose them at the applicable collec tion point for t he recycling of el ectrical and electronic eq uipment.
Appendix A Legal Information ZyWALL 110/310/1100 Series User’s Guide 540.
Index ZyWALL 110/310/1100 Se ries User’s Guide 541 Index Symbols Numbers 3322 Dynamic DNS 215 3DES 306 3G see also cellular 13 2 6in4 tunneling 140 6to4 tunneling 141 A AAA Base DN 40 2 Bind DN 403 .
Index ZyWALL 110/310/1100 Series User’s Guide 542 address record 452 admin user troubleshooting 533 admin users 371 multiple logins 37 9 see also users 37 1 Advanced Encryption Standard, see AES AES.
Index ZyWALL 110/310/1100 Se ries User’s Guide 543 signal quality 94 , 95 SIM card 137 status 96 system 94 , 95 troubleshooting 529 certificate troubleshooting 533 Certificate Authority (CA) see cer.
Index ZyWALL 110/310/1100 Series User’s Guide 544 access user page 461 login page 461 D Data Encryption Standard, see DES date 445 daylight savings 447 DDNS 215 backup mail exchanger 219 mail exchan.
Index ZyWALL 110/310/1100 Se ries User’s Guide 545 E egress bandwidth 137 , 146 e-mail daily statistics report 48 5 Encapsulating Security Pa yload, see ESP encapsulation and active protocol 31 1 IP.
Index ZyWALL 110/310/1100 Series User’s Guide 546 and address groups 479 and address objects 479 and certificates 478 and zones 479 signaling port 237 with T ransport Lay er Security (TLS) 478 full tunnel mode 317 , 32 1 Fully-Qualified Domain Name, see FQDN G Generic Ro uting Encapsulation, see GRE.
Index ZyWALL 110/310/1100 Se ries User’s Guide 547 status 72 , 84 , 85 troubleshooting 528 interfaces 103 and DNS servers 174 and HT TP redirect 232 and layer-3 virtualization 104 and NA T 224 and p.
Index ZyWALL 110/310/1100 Series User’s Guide 548 and to-Z yWALL firewall 531 authentication algorithms 306 authentication key (manual keys) 312 destination NA T for inbound traffic 313 encapsulatio.
Index ZyWALL 110/310/1100 Se ries User’s Guide 549 Lightweight Directory Access Protocol, see LDAP load balancing 177 algorithms 178 , 182 , 18 4 DNS inbound 247 least load first 178 round robin 179.
Index ZyWALL 110/310/1100 Series User’s Guide 550 port translation, see NA T tra versal 309 NBNS 120 , 157 , 169 , 174 , 321 NetBIOS Broad c ast over I PSec 288 Name Server , see NBNS.
Index ZyWALL 110/310/1100 Se ries User’s Guide 551 PIN code 137 PIN generator 401 pointer record 452 Po int-to-P oint Protocol over Ethernet, see PPP oE.
Index ZyWALL 110/310/1100 Series User’s Guide 552 FTP , s ee FT P see also service control 456 Te l n e t 476 to-Z yWALL firewall 266 WWW , se e WWW remote network 281 remote user screen links 432 r.
Index ZyWALL 110/310/1100 Se ries User’s Guide 553 SHA1 306 shell script troubleshooting 534 shell scripts 499 and users 383 downloading 508 editing 507 how applied 500 managing 507 syntax 500 uploa.
Index ZyWALL 110/310/1100 Series User’s Guide 554 full tunnel mode 317 network access mode 18 remote desktop connections 432 see also SSL 317 troubleshooting 532 weblink 433 stac compression 431 startup-config.conf 505 and synchronization (device HA) 369 if errors 502 missing at restart 502 present at restart 502 startup-config-bad.
Index ZyWALL 110/310/1100 Se ries User’s Guide 555 management access 534 packet capture 535 policy route 528 PPP 529 RADIUS server 532 routing 530 schedules 533 security settings 52 8 shell scripts .
Index ZyWALL 110/310/1100 Series User’s Guide 556 Guest (type) 371 lease time 376 limited-admin (type) 371 lockout 380 reauthentication time 376 types of 371 user (type) 37 1 user names 374 V Va n t.
Index ZyWALL 110/310/1100 Se ries User’s Guide 557 WINS server 120 , 348 Wizard Setup 33 , 43 WWW 457 and address groups 461 and address objects 461 and authentication method objects 460 and certifi.
Index ZyWALL 110/310/1100 Series User’s Guide 558.
Index ZyWALL 110/310/1100 Se ries User’s Guide 559.
Index ZyWALL 110/310/1100 Series User’s Guide 560.
Index ZyWALL 110/310/1100 Se ries User’s Guide 561.
Index ZyWALL 110/310/1100 Series User’s Guide 562.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté ZyXEL Communications 1100 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du ZyXEL Communications 1100 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation ZyXEL Communications 1100, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le ZyXEL Communications 1100 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le ZyXEL Communications 1100, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du ZyXEL Communications 1100.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le ZyXEL Communications 1100. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei ZyXEL Communications 1100 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.