2. Computers & electronics
  3. Networking
  4. ZyXEL
  5. ZyWALL 35 Series
ZyWALL 35 Series

ZyXEL ZyWALL 35 Series, 35 SERIES, 5 series, 70 Series User manual

  • Hello! I am an AI chatbot trained to assist you with the ZyXEL ZyWALL 35 Series User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
ZyWALL 5/35/70 Series
Internet Security Appliance
Users Guide
Version 4.00
12/2005
ZyWALL 5/35/70 Series User’s Guide
Copyright 2
Copyright
Copyright © 2005 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
ZyWALL 5/35/70 Series User’s Guide
3 Federal Communications Commission (FCC) Interference Statement
Federal Communications
Commission (FCC) Interference
Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
This device may not cause harmful interference.
This device must accept any interference received, including interference that may cause
undesired operations.
This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy, and if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and the receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Certifications
1 Go to www.zyxel.com.
2 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
3 Select the certification you wish to view from this page.
ZyWALL 5/35/70 Series User’s Guide
Federal Communications Commission (FCC) Interference Statement 4
ZyWALL 5/35/70 Series User’s Guide
5 Safety Warnings
Safety Warnings
For your safety, be sure to read and follow all warning notices and instructions.
Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel can
service the device. Please contact your vendor for further information.
Connect the power cord to the right supply voltage (110V AC in North America or 230V
AC in Europe).
Place connecting cables carefully so that no one will step on them or stumble over them.
Do NOT allow anything to rest on the power cord and do NOT locate the product where
anyone can walk on the power cord.
If you wall mount your device, make sure that no electrical, gas or water pipes will be
damaged.
Do NOT install nor use your device during a thunderstorm. There may be a remote risk of
electric shock from lightning.
Do NOT expose your device to dampness, dust or corrosive liquids.
Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
Make sure to connect the cables to the correct ports.
Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
Do NOT store things on the device.
Connect ONLY suitable accessories to the device.
ZyWALL 5/35/70 Series User’s Guide
ZyXEL Limited Warranty 6
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or
subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind of character to the
purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
ZyWALL 5/35/70 Series User’s Guide
7 Customer Support
Customer Support
Please have the following information ready when you contact customer support.
Product model and serial number.
Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve it.
METHOD
LOCATION
SUPPORT E-MAIL TELEPHONE
A
WEB SITE
REGULAR MAIL
SALES E-MAIL FAX FTP SITE
CORPORATE
HEADQUARTERS
(WORLDWIDE)
[email protected] +886-3-578-3942 www.zyxel.com
www.europe.zyxel.com
ZyXEL Communications Corp.
6 Innovation Road II
Science Park
Hsinchu 300
Taiwan
[email protected] +886-3-578-2439 ftp.zyxel.com
ftp.europe.zyxel.com
CZECH REPUBLIC
[email protected]om +420-241-091-350 www.zyxel.cz ZyXEL Communications
Czech s.r.o.
Modranská 621
143 01 Praha 4 - Modrany
Ceská Republika
[email protected]om +420-241-091-359
DENMARK
[email protected] +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S
Columbusvej
2860 Soeborg
Denmark
[email protected] +45-39-55-07-07
FINLAND
[email protected] +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy
Malminkaari 10
00700 Helsinki
Finland
[email protected] +358-9-4780 8448
FRANCE
[email protected] +33-4-72-52-97-97 www.zyxel.fr ZyXEL France
1 rue des Vergers
Bat. 1 / C
69760 Limonest
France
+33-4-72-52-19-20
GERMANY
[email protected] +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.
Adenauerstr. 20/A2 D-52146
Wuerselen
Germany
[email protected] +49-2405-6909-99
HUNGARY
[email protected] +36-1-3361649 www.zyxel.hu ZyXEL Hungary
48, Zoldlomb Str.
H-1025, Budapest
Hungary
[email protected] +36-1-3259100
KAZAKHSTAN
http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan
43, Dostyk ave.,Office 414
Dostyk Business Centre
050010, Almaty
Republic of Kazakhstan
[email protected] +7-3272-590-689
NORTH AMERICA
[email protected] 1-800-255-4101
+1-714-632-0882
www.us.zyxel.com ZyXEL Communications Inc.
1130 N. Miller St.
Anaheim
CA 92806-2001
U.S.A.
[email protected] +1-714-632-0858 ftp.us.zyxel.com
NORWAY
[email protected] +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S
Nils Hansens vei 13
0667 Oslo
Norway
[email protected] +47-22-80-61-81
ZyWALL 5/35/70 Series User’s Guide
Customer Support 8
POLAND
[email protected] +48-22-5286603 www.pl.zyxel.com ZyXEL Communications
ul.Emilli Plater 53
00-113 Warszawa
Poland
+48-22-5206701
RUSSIA
http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia
Ostrovityanova 37a Str.
Moscow, 117279
Russia
[email protected] +7-095-542-89-25
SPAIN
[email protected] +34-902-195-420 www.zyxel.es ZyXEL Communications
Alejandro Villegas 33
1º, 28043 Madrid
Spain
[email protected] +34-913-005-345
SWEDEN
[email protected] +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S
Sjöporten 4, 41764 Göteborg
Sweden
[email protected] +46-31-744-7701
UKRAINE
[email protected] +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine
13, Pimonenko Str.
Kiev, 04050
Ukraine
[email protected] +380-44-494-49-32
UNITED KINGDOM
[email protected] +44-1344 303044
08707 555779 (UK only)
www.zyxel.co.uk ZyXEL Communications UK
Ltd.,11 The Courtyard,
Eastern Road, Bracknell,
Berkshire, RG12 2XB,
United Kingdom (UK)
[email protected] +44-1344 303034 ftp.zyxel.co.uk
a. “+” is the (prefix) number you enter to make an international telephone call.
METHOD
LOCATION
SUPPORT E-MAIL TELEPHONE
A
WEB SITE
REGULAR MAIL
SALES E-MAIL FAX FTP SITE
ZyWALL 5/35/70 Series User’s Guide
9 Customer Support
ZyWALL 5/35/70 Series User’s Guide
Table of Contents 10
Table of Contents
Copyright .................................................................................................................. 2
Federal Communications Commission (FCC) Interference Statement ............... 3
Safety Warnings ....................................................................................................... 5
ZyXEL Limited Warranty.......................................................................................... 6
Customer Support.................................................................................................... 7
Table of Contents ................................................................................................... 10
List of Figures ........................................................................................................ 32
List of Tables .......................................................................................................... 44
Preface .................................................................................................................... 52
Chapter 1
Getting to Know Your ZyWALL ............................................................................. 54
1.1 ZyWALL Internet Security Appliance Overview ..................................................54
1.2 ZyWALL Features ..............................................................................................54
1.2.1 Physical Features .....................................................................................55
1.2.2 Non-Physical Features .............................................................................56
1.3 Applications for the ZyWALL ..............................................................................62
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem .................62
1.3.2 VPN Application ........................................................................................62
1.3.3 Front Panel LEDs .....................................................................................63
Chapter 2
Introducing the Web Configurator........................................................................ 66
2.1 Web Configurator Overview ...............................................................................66
2.2 Accessing the ZyWALL Web Configurator .........................................................66
2.3 Resetting the ZyWALL .......................................................................................67
2.3.1 Procedure To Use The Reset Button ........................................................68
2.3.2 Uploading a Configuration File Via Console Port .....................................68
2.4 Navigating the ZyWALL Web Configurator ........................................................68
2.4.1 Router Mode ..............................................................................................69
2.4.2 Bridge Mode ..............................................................................................71
2.4.3 Navigation Panel .......................................................................................74
2.4.4 System Statistics........................................................................................79
ZyWALL 5/35/70 Series User’s Guide
11 Table of Contents
2.4.5 Show Statistics: Line Chart........................................................................80
2.4.6 DHCP Table Screen ..................................................................................81
2.4.7 VPN Status ................................................................................................82
Chapter 3
Wizard Setup .......................................................................................................... 84
3.1 Wizard Setup Overview ......................................................................................84
3.2 Internet Access .................................................................................................84
3.2.1 ISP Parameters ........................................................................................84
3.2.1.1 Ethernet ...........................................................................................84
3.2.1.2 PPPoE Encapsulation .....................................................................86
3.2.1.3 PPTP Encapsulation .......................................................................87
3.2.2 Internet Access Wizard: Second Screen ...................................................89
3.2.3 Internet Access Wizard: Registration.........................................................90
3.3 VPN Wizard Gateway Setting ............................................................................93
3.4 VPN Wizard Network Setting .............................................................................94
3.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1) .................................................96
3.6 VPN Wizard IPSec Setting (IKE Phase 2) .........................................................98
3.7 VPN Wizard Status Summary ............................................................................99
3.8 VPN Wizard Setup Complete ...........................................................................102
Chapter 4
Registration .......................................................................................................... 104
4.1 myZyXEL.com overview ...................................................................................104
4.1.1 Subscription Services Available on the ZyWALL ....................................104
4.2 Registration ......................................................................................................105
4.3 Service .............................................................................................................107
Chapter 5
LAN Screens......................................................................................................... 110
5.1 LAN Overview ..................................................................................................110
5.2 DHCP Setup .....................................................................................................110
5.2.1 IP Pool Setup ..........................................................................................110
5.3 LAN TCP/IP ......................................................................................................110
5.3.1 Factory LAN Defaults ..............................................................................110
5.3.2 IP Address and Subnet Mask ................................................................. 111
5.3.3 RIP Setup ............................................................................................... 111
5.3.4 Multicast .................................................................................................. 112
5.4 DNS Servers ....................................................................................................112
5.5 LAN ..................................................................................................................112
5.6 LAN Static DHCP .............................................................................................115
5.7 LAN IP Alias .....................................................................................................116
5.8 LAN Port Roles ................................................................................................ 118
ZyWALL 5/35/70 Series User’s Guide
Table of Contents 12
Chapter 6
Bridge Screens..................................................................................................... 122
6.1 Bridge Loop ......................................................................................................122
6.2 Spanning Tree Protocol (STP) .........................................................................122
6.2.1 Rapid STP ..............................................................................................123
6.2.2 STP Terminology ....................................................................................123
6.2.3 How STP Works .....................................................................................123
6.2.4 STP Port States ......................................................................................124
6.3 Bridge ...............................................................................................................124
6.4 Bridge Port Roles ............................................................................................126
Chapter 7
WAN Screens........................................................................................................ 130
7.1 WAN Overview .................................................................................................130
7.2 Multiple WAN ....................................................................................................130
7.3 Load Balancing Introduction .............................................................................131
7.4 Load Balancing Algorithms ..............................................................................131
7.4.1 Least Load First ......................................................................................131
7.4.1.1 Example 1 .....................................................................................132
7.4.1.2 Example 2 .....................................................................................132
7.4.2 Weighted Round Robin ...........................................................................133
7.4.3 Spillover ..................................................................................................133
7.5 TCP/IP Priority (Metric) ....................................................................................134
7.6 WAN General ...................................................................................................134
7.7 Configuring Load Balancing .............................................................................137
7.7.1 Least Load First ......................................................................................138
7.7.2 Weighted Round Robin ...........................................................................139
7.7.3 Spillover ..................................................................................................139
7.8 WAN Route ......................................................................................................140
7.9 WAN IP Address Assignment ...........................................................................142
7.10 DNS Server Address Assignment ..................................................................142
7.11 WAN MAC Address ........................................................................................143
7.12 WAN ...............................................................................................................143
7.12.1 WAN Ethernet Encapsulation ...............................................................143
7.12.2 PPPoE Encapsulation ...........................................................................146
7.12.3 PPTP Encapsulation .............................................................................150
7.13 Traffic Redirect ...............................................................................................153
7.14 Configuring Traffic Redirect ............................................................................154
7.15 Configuring Dial Backup .................................................................................155
7.16 Advanced Modem Setup ................................................................................159
7.16.1 AT Command Strings ............................................................................159
7.16.2 DTR Signal ...........................................................................................159
7.16.3 Response Strings ..................................................................................159
ZyWALL 5/35/70 Series User’s Guide
13 Table of Contents
7.17 Configuring Advanced Modem Setup ............................................................159
Chapter 8
DMZ Screens ........................................................................................................ 162
8.1 DMZ .................................................................................................................162
8.2 Configuring DMZ ..............................................................................................162
8.3 DMZ Static DHCP ............................................................................................165
8.4 DMZ IP Alias ....................................................................................................167
8.5 DMZ Public IP Address Example .....................................................................168
8.6 DMZ Private and Public IP Address Example ..................................................169
8.7 DMZ Port Roles ................................................................................................170
Chapter 9
Wireless LAN ........................................................................................................ 174
9.1 Wireless LAN Introduction ................................................................................174
9.1.1 Additional Installation Requirements for Using 802.1x ...........................174
9.2 Configuring WLAN ...........................................................................................174
9.3 WLAN Static DHCP ..........................................................................................177
9.4 WLAN IP Alias ..................................................................................................178
9.5 WLAN Port Roles .............................................................................................180
9.6 Wireless Security .............................................................................................182
9.6.1 Encryption ...............................................................................................183
9.6.2 Authentication .........................................................................................183
9.6.3 Restricted Access ...................................................................................184
9.6.4 Hide ZyWALL Identity .............................................................................184
9.7 Security Parameters Summary ........................................................................184
9.8 WEP Encryption ...............................................................................................184
9.9 802.1x Overview ..............................................................................................185
9.9.1 Introduction to RADIUS ..........................................................................185
9.9.1.1 Types of RADIUS Messages .........................................................185
9.9.2 EAP Authentication Overview .................................................................186
9.10 Dynamic WEP Key Exchange ........................................................................186
9.11 Introduction to WPA ........................................................................................187
9.11.1 User Authentication ...............................................................................187
9.11.2 Encryption .............................................................................................187
9.12 WPA-PSK Application Example .....................................................................188
9.13 Introduction to RADIUS ..................................................................................189
9.14 WPA with RADIUS Application Example ........................................................189
9.15 Wireless Client WPA Supplicants ...................................................................190
9.16 Wireless Card .................................................................................................190
9.16.1 Static WEP ............................................................................................192
9.16.2 WPA-PSK .............................................................................................193
9.16.3 WPA ......................................................................................................195
ZyWALL 5/35/70 Series User’s Guide
Table of Contents 14
9.16.4 IEEE 802.1x + Dynamic WEP ..............................................................196
9.16.5 IEEE 802.1x + Static WEP ....................................................................197
9.16.6 IEEE 802.1x + No WEP ........................................................................198
9.16.7 No Access 802.1x + Static WEP ...........................................................199
9.16.8 No Access 802.1x + No WEP ...............................................................200
9.17 MAC Filter ......................................................................................................200
Chapter 10
Firewalls................................................................................................................ 202
10.1 Firewall Overview ...........................................................................................202
10.2 Types of Firewalls ..........................................................................................202
10.2.1 Packet Filtering Firewalls ......................................................................202
10.2.2 Application-level Firewalls ....................................................................202
10.2.3 Stateful Inspection Firewalls .................................................................203
10.3 Introduction to ZyXEL’s Firewall .....................................................................203
10.4 Denial of Service ............................................................................................204
10.4.1 Basics ...................................................................................................204
10.4.2 Types of DoS Attacks ...........................................................................205
10.4.2.1 ICMP Vulnerability ......................................................................207
10.4.2.2 Illegal Commands (NetBIOS and SMTP) ....................................207
10.4.2.3 Traceroute ...................................................................................208
10.5 Stateful Inspection ..........................................................................................208
10.5.1 Stateful Inspection Process ..................................................................209
10.5.2 Stateful Inspection and the ZyWALL .....................................................210
10.5.3 TCP Security .........................................................................................210
10.5.4 UDP/ICMP Security ..............................................................................211
10.5.5 Upper Layer Protocols ..........................................................................211
10.6 Guidelines For Enhancing Security With Your Firewall ..................................212
10.7 Packet Filtering Vs Firewall ............................................................................212
10.7.1 Packet Filtering: ....................................................................................212
10.7.1.1 When To Use Filtering .................................................................212
10.7.2 Firewall .................................................................................................213
10.7.2.1 When To Use The Firewall ..........................................................213
Chapter 11
Firewall Screens................................................................................................... 214
11.1 Access Methods .............................................................................................214
11.2 Firewall Policies Overview ..............................................................................214
11.3 Rule Logic Overview ......................................................................................216
11.3.1 Rule Checklist .......................................................................................216
11.3.2 Security Ramifications ..........................................................................216
11.3.3 Key Fields For Configuring Rules .........................................................216
11.3.3.1 Action ...........................................................................................216
ZyWALL 5/35/70 Series User’s Guide
15 Table of Contents
11.3.3.2 Service .........................................................................................217
11.3.3.3 Source Address ...........................................................................217
11.3.3.4 Destination Address ....................................................................217
11.4 Connection Direction Examples .....................................................................217
11.4.1 LAN To WAN Rules ...............................................................................217
11.4.2 WAN To LAN Rules ...............................................................................218
11.5 Alerts ..............................................................................................................218
11.6 Firewall Default Rule (Router Mode) ..............................................................219
11.7 Firewall Default Rule (Bridge Mode) ............................................................220
11.8 Firewall Rule Summary .................................................................................222
11.8.1 Firewall Edit Rule ..............................................................................223
11.9 Anti-Probing ................................................................................................226
11.10 Firewall Threshold .....................................................................................227
11.10.1 Threshold Values ................................................................................227
11.10.2 Half-Open Sessions ............................................................................227
11.10.2.1 TCP Maximum Incomplete and Blocking Time ..........................228
11.11 Service .........................................................................................................230
11.11.1 Firewall Edit Custom Service ..............................................................232
11.11.2 Predefined Services ............................................................................233
11.12 Example Firewall Rule ..................................................................................235
Chapter 12
Intrusion Detection and Prevention (IDP) .......................................................... 240
12.1 Introduction to IDP .......................................................................................240
12.1.1 Firewalls and Intrusions ........................................................................240
12.1.2 IDS and IDP .........................................................................................241
12.1.3 Host IDP ..............................................................................................241
12.1.4 Network IDP .........................................................................................241
12.1.5 Example Intrusions ...............................................................................242
12.1.5.1 SQL Slammer Worm ...................................................................242
12.1.5.2 Blaster W32.Worm ......................................................................242
12.1.5.3 Nimda ..........................................................................................242
12.1.5.4 MyDoom ......................................................................................243
12.1.6 ZyWALL IDP .........................................................................................243
Chapter 13
Configuring IDP.................................................................................................... 244
13.1 Overview ........................................................................................................244
13.1.1 Interfaces ..............................................................................................244
13.2 General Setup ................................................................................................245
13.3 IDP Signatures ...............................................................................................246
13.3.1 Attack Types .........................................................................................246
13.3.2 Intrusion Severity ..................................................................................248
ZyWALL 5/35/70 Series User’s Guide
Table of Contents 16
13.3.3 Signature Actions ..................................................................................248
13.3.4 Configuring IDP Signatures ..................................................................249
13.3.5 Query View ...........................................................................................251
13.3.5.1 Query Example 1 ........................................................................251
13.3.5.2 Query Example 2 ........................................................................253
13.4 Update ...........................................................................................................254
13.4.1 mySecurity Zone ...................................................................................254
13.4.2 Configuring IDP Update ........................................................................255
13.5 Backup and Restore .......................................................................................257
Chapter 14
Anti-Virus .............................................................................................................. 258
14.1 Anti-Virus Overview .......................................................................................258
14.1.1 Types of Computer Viruses .................................................................258
14.1.2 Computer Virus Infection and Prevention .............................................258
14.1.3 Types of Anti-Virus Scanner ................................................................259
14.2 Introduction to the ZyWALL Anti-Virus Scanner .............................................259
14.2.1 How the ZyWALL Anti-Virus Scanner Works .......................................260
14.2.2 Notes About the ZyWALL Anti-Virus .....................................................260
14.3 General Anti-Virus Setup ...............................................................................261
14.4 Signature Update .........................................................................................262
14.4.1 mySecurity Zone ...................................................................................263
14.4.2 Configuring Anti-virus Update ...............................................................263
Chapter 15
Anti-Spam ............................................................................................................. 266
15.1 Anti-Spam Overview ....................................................................................266
15.1.1 Anti-Spam External Database ...............................................................266
15.1.1.1 SpamBulk Engine ........................................................................267
15.1.1.2 SpamRepute Engine ...................................................................267
15.1.1.3 SpamContent Engine ..................................................................267
15.1.1.4 SpamTricks Engine .....................................................................268
15.1.2 Spam Threshold ....................................................................................268
15.1.3 Phishing ................................................................................................268
15.1.4 Whitelist ................................................................................................269
15.1.5 Blacklist .................................................................................................269
15.1.6 SMTP and POP3 ..................................................................................269
15.1.7 MIME Headers ......................................................................................270
15.2 Anti-Spam General Screen ............................................................................270
15.3 Anti-Spam External DB Screen .................................................................271
15.4 Anti-Spam Lists Screen .................................................................................273
15.5 Anti-Spam Rule Edit Screen .........................................................................275
ZyWALL 5/35/70 Series User’s Guide
17 Table of Contents
Chapter 16
Content Filtering Screens ................................................................................... 278
16.1 Content Filtering Overview .............................................................................278
16.1.1 Restrict Web Features ..........................................................................278
16.1.2 Create a Filter List ................................................................................278
16.1.3 Customize Web Site Access ................................................................278
16.2 Content Filter General .................................................................................278
16.3 Content Filtering with an External Database ..................................................280
16.4 Content Filter Categories ............................................................................281
16.5 Content Filter Customization .......................................................................288
16.6 Customizing Keyword Blocking URL Checking ..............................................290
16.6.1 Domain Name or IP Address URL Checking ........................................290
16.6.2 Full Path URL Checking .......................................................................290
16.6.3 File Name URL Checking .....................................................................290
16.7 Content Filtering Cache .................................................................................291
Chapter 17
Content Filtering Reports .................................................................................... 294
17.1 Checking Content Filtering Activation ............................................................294
17.2 Viewing Content Filtering Reports ..................................................................294
17.3 Web Site Submission .....................................................................................299
Chapter 18
Introduction to IPSec ........................................................................................... 302
18.1 VPN Overview ................................................................................................302
18.1.1 IPSec ....................................................................................................302
18.1.2 Security Association .............................................................................302
18.1.3 Other Terminology ................................................................................302
18.1.3.1 Encryption ...................................................................................302
18.1.3.2 Data Confidentiality .....................................................................303
18.1.3.3 Data Integrity ...............................................................................303
18.1.3.4 Data Origin Authentication ..........................................................303
18.1.4 VPN Applications ..................................................................................303
18.1.4.1 Linking Two or More Private Networks Together .........................303
18.1.4.2 Accessing Network Resources When NAT Is Enabled ...............303
18.1.4.3 Unsupported IP Applications .......................................................303
18.2 IPSec Architecture .........................................................................................304
18.2.1 IPSec Algorithms ..................................................................................304
18.2.2 Key Management ..................................................................................304
18.3 Encapsulation .................................................................................................304
18.3.1 Transport Mode ....................................................................................305
18.3.2 Tunnel Mode .........................................................................................305
18.4 IPSec and NAT ...............................................................................................305
ZyWALL 5/35/70 Series User’s Guide
Table of Contents 18
Chapter 19
VPN Screens......................................................................................................... 308
19.1 VPN/IPSec Overview .....................................................................................308
19.2 IPSec Algorithms ............................................................................................308
19.2.1 AH (Authentication Header) Protocol ....................................................308
19.2.2 ESP (Encapsulating Security Payload) Protocol ..................................308
19.3 My ZyWALL ....................................................................................................309
19.4 Remote Gateway Address .............................................................................309
19.4.1 Dynamic Remote Gateway Address .....................................................310
19.5 Nailed Up .......................................................................................................310
19.6 NAT Traversal ................................................................................................310
19.6.1 NAT Traversal Configuration .................................................................311
19.7 ID Type and Content ......................................................................................311
19.7.1 ID Type and Content Examples ............................................................312
19.8 IKE Phases ....................................................................................................313
19.8.1 Negotiation Mode ..................................................................................314
19.8.2 Pre-Shared Key ....................................................................................314
19.8.3 Diffie-Hellman (DH) Key Groups ...........................................................315
19.8.4 Perfect Forward Secrecy (PFS) ...........................................................315
19.9 X-Auth (Extended Authentication) ..................................................................315
19.9.1 Authentication Server ...........................................................................315
19.10 VPN Rules (IKE) .........................................................................................316
19.11 VPN Rules (IKE) Gateway Policy Edit .........................................................318
19.12 VPN Rules (IKE): Network Policy Edit ......................................................324
19.13 VPN Rules (IKE): Network Policy Move .....................................................328
19.14 VPN Rules (Manual) ...................................................................................329
19.15 VPN Rules (Manual): Edit .........................................................................331
19.15.1 Security Parameter Index (SPI) ..........................................................331
19.16 VPN SA Monitor .........................................................................................335
19.17 VPN Global Setting .....................................................................................336
19.18 Telecommuter VPN/IPSec Examples ...........................................................337
19.18.1 Telecommuters Sharing One VPN Rule Example ..............................337
19.18.2 Telecommuters Using Unique VPN Rules Example ...........................338
19.19 VPN and Remote Management ...................................................................340
Chapter 20
Certificates............................................................................................................ 342
20.1 Certificates Overview .....................................................................................342
20.1.1 Advantages of Certificates ....................................................................343
20.2 Self-signed Certificates ..................................................................................343
20.3 Configuration Summary .................................................................................343
20.4 My Certificates ..............................................................................................344
20.5 My Certificate Import ....................................................................................346
ZyWALL 5/35/70 Series User’s Guide
19 Table of Contents
20.5.1 Certificate File Formats .........................................................................346
20.6 My Certificate Create ...................................................................................347
20.7 My Certificate Details ...................................................................................350
20.8 Trusted CAs .................................................................................................353
20.9 Trusted CA Import ........................................................................................355
20.10 Trusted CA Details ......................................................................................356
20.11 Trusted Remote Hosts ................................................................................359
20.12 Verifying a Trusted Remote Host’s Certificate ..............................................361
20.12.1 Trusted Remote Host Certificate Fingerprints .....................................361
20.13 Trusted Remote Hosts Import ....................................................................362
20.14 Trusted Remote Host Certificate Details ....................................................363
20.15 Directory Servers ........................................................................................366
20.16 Directory Server Add or Edit ......................................................................367
Chapter 21
Authentication Server.......................................................................................... 370
21.1 Authentication Server Overview .....................................................................370
21.1.1 Local User Database ............................................................................370
21.1.2 RADIUS ................................................................................................370
21.2 Local User Database ....................................................................................370
21.3 RADIUS ........................................................................................................372
Chapter 22
Network Address Translation (NAT) ................................................................... 374
22.1 NAT Overview ................................................................................................374
22.1.1 NAT Definitions .....................................................................................374
22.1.2 What NAT Does ....................................................................................375
22.1.3 How NAT Works ...................................................................................375
22.1.4 NAT Application ....................................................................................376
22.1.5 Port Restricted Cone NAT ....................................................................377
22.1.6 NAT Mapping Types .............................................................................377
22.2 Using NAT ......................................................................................................378
22.2.1 SUA (Single User Account) Versus NAT ..............................................378
22.3 NAT Overview ..............................................................................................379
22.4 NAT Address Mapping .................................................................................380
22.4.1 NAT Address Mapping Edit ..................................................................382
22.5 Port Forwarding ..............................................................................................383
22.5.1 Default Server IP Address ....................................................................384
22.5.2 Port Forwarding: Services and Port Numbers ......................................384
22.5.3 Configuring Servers Behind Port Forwarding (Example) ......................384
22.5.4 NAT and Multiple WAN .........................................................................385
22.5.5 Port Translation ....................................................................................385
22.6 Port Forwarding .............................................................................................386
ZyWALL 5/35/70 Series User’s Guide
Table of Contents 20
22.7 Port Triggering ..............................................................................................388
Chapter 23
Static Route .......................................................................................................... 392
23.1 IP Static Route ............................................................................................392
23.2 IP Static Route ...............................................................................................392
23.2.1 IP Static Route Edit ..............................................................................394
Chapter 24
Policy Route ......................................................................................................... 396
24.1 Policy Route ..................................................................................................396
24.2 Benefits ..........................................................................................................396
24.3 Routing Policy ................................................................................................396
24.4 IP Routing Policy Setup .................................................................................397
24.5 Policy Route Edit ...........................................................................................398
Chapter 25
Bandwidth Management ...................................................................................... 402
25.1 Bandwidth Management Overview ...............................................................402
25.2 Bandwidth Classes and Filters .......................................................................402
25.3 Proportional Bandwidth Allocation .................................................................403
25.4 Application-based Bandwidth Management ...................................................403
25.5 Subnet-based Bandwidth Management .........................................................403
25.6 Application and Subnet-based Bandwidth Management ...............................404
25.7 Scheduler .......................................................................................................404
25.7.1 Priority-based Scheduler ......................................................................404
25.7.2 Fairness-based Scheduler ....................................................................404
25.7.3 Maximize Bandwidth Usage .................................................................404
25.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................405
25.7.5 Maximize Bandwidth Usage Example ..................................................405
25.7.5.1 Priority-based Allotment of Unused and Unbudgeted Bandwidth 406
25.7.5.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth ...
406
25.8 Bandwidth Borrowing .....................................................................................407
25.8.1 Bandwidth Borrowing Example .............................................................407
25.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................408
25.10 Configuring Summary ..................................................................................408
25.11 Configuring Class Setup .............................................................................410
25.11.1 Bandwidth Manager Class Configuration ...........................................411
25.11.2 Bandwidth Management Statistics ...................................................414
25.12 Configuring Monitor ...................................................................................415
/