manualshive.com logo in svg

ZyXEL Communications VANTAGE CNM, User Manual

Get the user manual for ZyXEL Communications VANTAGE CNM for free by downloading it from manualshive.com. This manual provides detailed information on how to set up and manage your network efficiently. Access step-by-step instructions, troubleshooting tips, and more to optimize your networking experience.

Share
Download
background image

www.zyxel.com

www.zyxel.com

Vantage CNM

Centralized Network Management

Copyright © 2009 
ZyXEL Communications Corporation

Software Version 3.2

Edition 1, 7/2009

Default Login Details

IP Address

https://localhost

or

https://{Vantage 

CNM Server’s IP 

address}

User Name

root

Password

root

Summary of Contents for VANTAGE CNM

Page 1: ...M Centralized Network Management Copyright 2009 ZyXEL Communications Corporation Software Version 3 2 Edition 1 7 2009 Default Login Details IP Address https localhost or https Vantage CNM Server s IP...

Page 2: ......

Page 3: ...o manage Related Documentation Quick Start Guide The Quick Start Guide is designed to help you get up and running right away It contains information on setting up and connecting to your software Web C...

Page 4: ...wers to previously asked questions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support S...

Page 5: ...Guide Product labels screen names field labels and field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on...

Page 6: ...s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons Device icons are not an exact representations of your devices Device example Computer Notebook computer...

Page 7: ...curity Settings 123 Device Advanced Settings 215 Device Log 241 Device Configuration ZLD 245 Device Network Settings 247 Firewall 315 IPSec VPN 323 SSL VPN 347 L2TP VPN 353 Object 357 383 AAA 385 Main...

Page 8: ...5 Device Operation Report 537 CNM Logs 553 VRPT 555 CNM System Setting 559 CNM System Setting 561 Maintenance 581 Device Owner 585 Vantage CNM Software Upgrade 587 License 589 About CNM 591 Account Ma...

Page 9: ...Title Bar 27 2 3 Device Window 27 2 3 1 Topology 27 2 3 2 Device Search 36 2 4 Navigation Panel and Configuration Window 37 2 5 Security Risk Pop up Messages in Internet Explorer 7 0 41 Part II Devic...

Page 10: ...y Settings 115 5 4 3 MAC Filter 121 Chapter 6 Device Security Settings 123 6 1 Firewall 123 6 1 1 Default Rule 123 6 1 2 Rule Summary 126 6 1 3 Add Edit a Rule 128 6 1 4 Anti Probing 131 6 1 5 Thresho...

Page 11: ...icy Customization 204 6 13 4 Content Filter Policy Schedule 207 6 14 Content Filter Objects 208 6 15 Content Filtering Cache 210 6 16 X Auth 211 6 16 1 Local User Database 211 6 16 2 RADIUS 212 Chapte...

Page 12: ...Interface MAC Filter 269 9 2 6 MAC Filter Add Edit Screen 271 9 3 VLAN Summary Screen 272 9 3 1 VLAN Add Edit 272 9 4 Bridge Summary 277 9 4 1 Bridge Add Edit 278 9 5 PPPoE PPTP Interface Summary 283...

Page 13: ...SL Access Privilege Screen 347 12 2 1 The SSL Access Policy Add Edit Screen 349 12 3 The SSL Global Setting Screen 351 Chapter 13 L2TP VPN 353 13 1 Overview 353 13 2 L2TP VPN Screen 353 Chapter 14 Obj...

Page 14: ...15 5 Creating an Authentication Method Object 394 15 6 The My Certificates Screen 396 15 7 ISP Account Summary 397 15 7 1 ISP Account Edit 398 15 8 The SSL Application Screen 400 15 8 1 Creating Edit...

Page 15: ...guration BB ZLD 439 17 8 4 Create a Service Configuration BB ZLD 440 17 9 Component BB 441 17 10 Add Edit Save as a Component BB 443 17 11 ZLD Firewall Rule Group Configuration 443 17 12 Add Edit a Fi...

Page 16: ...2 VPN Tunnel Diagnostics 487 22 2 Monitor VPN by Device 489 22 2 1 VPN Tunnel Status 489 22 2 2 Search VPN Tunnels 490 22 2 3 SA Monitor 491 Part VI Monitor 493 Chapter 23 Device Status Monitor 495 23...

Page 17: ...Details 542 27 3 Configuration File Backup Report 543 27 3 1 Configuration File Backup Report Details 545 27 4 Configuration File Restore Report 546 27 5 Signature Profile Backup Report 548 27 6 Signa...

Page 18: ...es 575 30 7 2 Current Certificate Information 576 30 7 3 Create CSR 577 30 7 4 Import Certificate 578 Chapter 31 Maintenance 581 31 1 System Maintenance 581 31 1 1 Backup 582 31 2 Device Maintenance 5...

Page 19: ...anagement 606 38 3 Device Firmware Management 606 38 4 Vantage Report 607 Part XI Appendices and Index 609 Appendix A Product Specifications 611 Appendix B Setting up Your Computer s IP Address 617 Ap...

Page 20: ...New Template User s Guide 20...

Page 21: ...the following example Figure 1 Vantage CNM Application In this example you use the Vantage CNM web configurator A to access the Vantage CNM server B The Vantage CNM server is connected to the devices...

Page 22: ...o the following things regularly to make Vantage CNM more secure and to manage Vantage CNM more effectively Change the root password Use a password that s not easy to guess and that consists of differ...

Page 23: ...23 PART I Introduction Introducing Vantage CNM 21 GUI Introduction 25...

Page 24: ...24...

Page 25: ...Vantage CNM main screen Figure 2 Main Screen The main screen consists of three main parts and are numbered in the sequence you typically follow to configure a device 1 Menu bar Displays main menu link...

Page 26: ...ure manage firmware or license for a selected device Click this icon to display the navigation links to screens that allow you to manage VPN tunnels among ZyWALL devices and provide diagnostics for fa...

Page 27: ...topology search for a device view general device status or select which device s you want to edit configuration settings 2 3 1 Topology You can view the logical network topology in the Topology scree...

Page 28: ...wing table describes the labels in the Device window There are a couple icons in the device window that perform additional functions related to views Table 3 Device Window Topology LABEL DESCRIPTION T...

Page 29: ...ith an alarm Off_Alarm Open This is a opened folder which contains one or some offline devices Some devices are with an alarm On_Pending Closed This is a closed folder which contains some online devic...

Page 30: ...logy screen 1 In the device window click Topology 2 Right click on a folder and click Add Folder Figure 5 Device Window Topology Right Click to Add a Folder 3 The screen displays in the configuration...

Page 31: ...In the device window click Topology 2 Right click on the folder you want to edit and click Edit Folder 3 The screen displays in the configuration window as shown Rename it and or modify its descripti...

Page 32: ...a folder and click Add Device or right click on a device and click Edit Device Figure 10 Device Window Topology Right Click to Add Edit a Device Not Yet Acquired This is a device never registered its...

Page 33: ...UI Introduction Vantage CNM User s Guide 33 3 The screen displays in the configuration window as shown Figure 11 Device Window Topology Add Edit Device ZyNOS Figure 12 Device Window Topology Add Edit...

Page 34: ...on overwrites Vantage CNM configurations Select Set Vantage CNM configuration to device if you want Vantage CNM to push all current configurations from Vantage CNM to the device The current device con...

Page 35: ...is only available for a ZLD device Type the administrator s login password of the device in this field Device HA This field is only available for a ZLD device Select this if you want to monitor the d...

Page 36: ...sociate a Device 2 3 1 2 4 Login a Device You can log into a device s web configurator from Vantage CNM web configuration directly 1 In the device window click Topology 2 Right click on an on line dev...

Page 37: ...ay the screens These screens are organized into different menus You can only expand the submenus from a menu at one time If you expand another one the previous one automatically contracts Menus availa...

Page 38: ...License Status Signature Status Device Configuration Network Interface Routing Firewall VPN IPSec VPN SSL VPN L2TP VPN Object User Group Address Service Schedule AAA Server Auth method Certificate SSL...

Page 39: ...t CNM Logs VRPT CNM SYSTEM SETTING ACCOUNT MANAGEMENT Configuration Servers User Access Notification Log Setting VRPT Management Certificate Management Maintenance Device Owner Upgrade License About G...

Page 40: ...ability HA status for ZLD devices ex ZyWALL1050 or ZyWALL USG 300 Device Alarm This link takes you to a screen where you can monitor device alarms Log Report Operation Report This link takes you to a...

Page 41: ...w these steps to get rid of this pop up message 1 Click CNM System Setting in the menu bar 2 Click Configuration Certificate Management in the navigation panel Group This link takes you to a screen wh...

Page 42: ...in http your IP address 8080 vantage The value localhost cannot be used in the Common Name field 5 Enter the rest of the required information and click Apply See Section 30 7 on page 574 for more inf...

Page 43: ...9 CNM System Setting Configuration Certificate Management Import Certificate 8 Enter the signed certificate file path and click Apply 9 Restart the Vantage CNM server 10 Use the IP address and log int...

Page 44: ...Chapter 2 GUI Introduction Vantage CNM User s Guide 44 12 Certificate screen appears Click Install Certificate and follow instruction to install the new certificate...

Page 45: ...esponding firmware version CNM supports Note The examples in this section use one of the most comprehensive examples of each screen not every variation for each device type and firmware version If you...

Page 46: ...46...

Page 47: ...a BB ready to be applied to another device of the same model type This allows rapid configuration of new devices as you can essentially copy one device s configuration to another Note These menus only...

Page 48: ...ary of the information in each type of building block Click the Load a BB icon to load a building block to the selected device The following pop up screen appears Figure 22 Device Operation Device Con...

Page 49: ...and click Apply The name must be 1 32 alphanumeric characters or underscores _ It cannot include spaces The name is case sensitive If you have an existing BB the Select a BB field appears You can rep...

Page 50: ...Chapter 3 Load or Save Building Blocks BB Vantage CNM User s Guide 50...

Page 51: ...Figure 24 Device Operation Device Configuration General System The following table describes the fields in this screen Table 11 Device Operation Device Configuration General System FIELD DESCRIPTION...

Page 52: ...ng Figure 25 Device Operation Device Configuration General Time Setting Administrator Inactivity Timer Set how long a management session can remain idle before it expires After it expires you have to...

Page 53: ...ocation This will set the time difference between your time zone and Greenwich Mean Time GMT Daylight Savings Daylight saving is a period from late spring to early fall when many countries set their c...

Page 54: ...er and type 2 in the o clock field Daylight Saving Time ends in the European Union on the last Sunday of October All of the time zones in the European Union stop using Daylight Saving Time at the same...

Page 55: ...Prestige such as LAN WAN wireless card 5 1 LAN ZyNOS ZyWALL Note This section refers only to the LAN screen but the information is applicable for the LAN WLAN and DMZ screens Use this screen to config...

Page 56: ...etwork Settings Vantage CNM User s Guide 56 Operation in the menu bar and click Device Configuration Network LAN LAN in the navigation panel Figure 26 Device Operation Device Configuration Network LAN...

Page 57: ...the DHCP clients The WINS server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using Pool Size This field specifies the size or count of the...

Page 58: ...hich have received an IP address from the selected device This is done by allowing traffic only from devices on the LAN with specific combinations of IP and MAC addresses These IP addresses are dynami...

Page 59: ...ets going from the LAN to WAN port 2 and from WAN port 2 to the LAN Allow between LAN and DMZ Select this check box to forward NetBIOS packets from the LAN to the DMZ and from the DMZ to the LAN If yo...

Page 60: ...evice Network Settings Vantage CNM User s Guide 60 in the menu bar and click Device Configuration Network LAN LAN in the navigation panel Figure 27 Device Operation Device Configuration Network LAN LA...

Page 61: ...ol Starting Address This field specifies the first of the contiguous addresses in the IP address pool DHCP Server IP If Relay is selected in the DHCP field above then type the IP address of the actual...

Page 62: ...se multicasting also By default RIP direction is set to Both and the Version set to RIP 1 Multicast Select IGMP V 1 or IGMP V 2 or None IGMP Internet Group Multicast Protocol is a network layer protoc...

Page 63: ...ical interfaces subnets via its single physical Ethernet interface with the device itself being the gateway for each network You can also configure firewall rules to control access between the logical...

Page 64: ...imal notation IP Subnet Mask The device automatically calculates the subnet mask based how many aliases you select See also the appendices for more information on IP subnetting RIP Direction RIP Routi...

Page 65: ...bly adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while...

Page 66: ...onfiguring a device s WAN as an incorrect configuration could result in the device being inaccessible from Vantage CNM or by the web configurator from the WAN and may necessitate a site visit to corre...

Page 67: ...way Allow more time if your destination IP address handles lots of traffic Timeout sec Type the number of seconds for the device to wait for a ping response from the IP Address in the Check WAN IP Add...

Page 68: ...NetBIOS packets from the WAN2 port to the DMZ port and from the DMZ port to WAN2 Clear this check box to block all NetBIOS packets going from the WAN2 port to the DMZ port and from DMZ port to WAN2 Al...

Page 69: ...n the Ethernet encapsulation screen Table 18 Device Operation Device Configuration Network WAN ISP Ethernet ZyNOS ZyWALL one WAN port LABEL DESCRIPTION Encapsulation You must choose the Ethernet optio...

Page 70: ...casting method of the RIP packets that the device sends it recognizes both formats when receiving Choose RIP 1 RIP 2B or RIP 2M RIP 1 is universally supported but RIP 2 carries more information RIP 1...

Page 71: ...crosoft Dial Up Networking software can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let you access one of multiple ne...

Page 72: ...er s Guide 72 Select PPP Over Ethernet from the Encapsulation field A warning message appears Click OK Figure 32 Warning Message When Select PPPoE Figure 33 Device Operation Device Configuration Netwo...

Page 73: ...ser name given to you by your ISP Password Type the password associated with the User Name above Retype to confirm Password Type your password again to make sure that you have entered it correctly Nai...

Page 74: ...P 2B or RIP 2M RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends t...

Page 75: ...ser s Guide 75 Select PPP Over Ethernet from the Encapsulation field A warning message appears Click OK Figure 34 Warning Message When Select PPTP Figure 35 Device Operation Device Configuration Netwo...

Page 76: ...ly Nailed up Connection Select Nailed Up Connection if you do not want the connection to time out Idle Timeout This value specifies the time in seconds that elapses before the device automatically dis...

Page 77: ...universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2...

Page 78: ...ion Use this screen to configure an Ethernet connection on one of the device s WAN ports To open this screen click Device Operation Device Configuration Network WAN WAN1 2 Figure 36 Device Operation D...

Page 79: ...nt Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address This is the default selection Use fixed IP address Select this option If the ISP assigned a fixed IP...

Page 80: ...ats when receiving Choose RIP 1 RIP 2B or RIP 2M RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topol...

Page 81: ...ings Vantage CNM User s Guide 81 does that part of the task Furthermore with NAT all of the LANs computers will have access Figure 37 Device Operation Device Configuration Network WAN WAN1 2 PPPoE ZyN...

Page 82: ...he user name given to you by your ISP Password Type the password associated with the user name above Retype to confirm Password Type your password again to make sure that you have entered is correctly...

Page 83: ...P 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being...

Page 84: ...ge CNM User s Guide 84 PPTP supports on demand multi protocol and virtual private networking over public networks such as the Internet Figure 38 Device Operation Device Configuration Network WAN WAN1...

Page 85: ...ord Type your password again to make sure that you have entered is correctly Nailed up Connection Select this if you do not want the connection to time out Idle Timeout This value specifies the time i...

Page 86: ...lly supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format...

Page 87: ...is optimized as multiple users share the same channel and bandwidth is only allocated to users when they send data It allows fast transfer of voice and non voice data and provides broadband Internet...

Page 88: ...imes Radio Transmission Technology is the core CDMA2000 wireless air interface standard It is also known as 1x 1xRTT or IS 2000 and considered to be a 2 5G or 2 75G technology 2 75G Packet switched En...

Page 89: ...ert a 3G card in a device the 3G connection becomes WAN 2 Refer to the device s User s Guide for the type of 3G cards that you can use in the device along with the corresponding supported features Not...

Page 90: ...Chapter 5 Device Network Settings Vantage CNM User s Guide 90 Note The WAN 1 and WAN 2 IP addresses of the device with multiple WAN interfaces must be on different subnets...

Page 91: ...Chapter 5 Device Network Settings Vantage CNM User s Guide 91 Figure 39 Device Configuration Network WAN 3G WAN 2...

Page 92: ...ant the card to connect Otherwise select Automatically to have the selected device use the default settings on the 3G card and connect to your service provider s base station This shows Automatically...

Page 93: ...er code is a key to a 3G card Without the PIN code you cannot use the 3G card Enter the PIN code four to eight digits 0000 for example provided by your ISP If you enter the PIN code incorrectly the 3G...

Page 94: ...r the user account of the installed 3G card You must insert a 3G card before you enable budget control on the selected device You can set a limit on the total traffic and or call time The selected dev...

Page 95: ...e existing 3G connection or Drop to disconnect it You cannot select Allow and Drop at the same time If you select Disallow and Keep the selected device allows you to transmit data using the current co...

Page 96: ...nfiguration Network WAN Dial Backup ZyNOS ZyWALL The following table describes the labels in this screen Table 26 Device Operation Device Configuration Network WAN Dial Backup ZyNOS ZyWALL LABEL DESCR...

Page 97: ...screen and edit the details of your dial backup setup TCP IP Options Click Edit to display the WAN Dial Backup TCP IP Options screen Budget Select Always On to have the dial backup connection on all o...

Page 98: ...5 1 1 DTR Signal The majority of WAN devices default to hanging up the current call when the DTR Data Terminal Ready signal is dropped by the DTE When the Drop DTR When Hang Up check box is selected t...

Page 99: ...Command string to drop a call represents a one second wait for example ath can be used if your modem has a slow response time ath Answer Type the AT Command string to answer a call ata Drop DTR When H...

Page 100: ...the number 0 Retry Interval sec Type a number of seconds for the device to wait before trying another call after a call has failed This applies before a phone number is blacklisted 10 Drop Timeout sec...

Page 101: ...SUA Clear the check box to disable SUA so the device does not perform any NAT mapping for the dial backup connection Broadcast Dial Backup Route Select this check box to forward the backup route broa...

Page 102: ...unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting Multicasting can reduce...

Page 103: ...ame Enter the name of your Internet Service Provider for example MyISP This information is for identification purposes only Mode Select Routing from the drop down list box if your ISP allows multiple...

Page 104: ...Note that system default is 0 cells sec Maximum Burst Size Maximum Burst Size MBS refers to the maximum number of cells that can be sent at the peak rate Type the MBS which is less than 65535 Login In...

Page 105: ...bring up the connection automatically if it is disconnected Connect on Demand Appears when you use PPPoA and PPPoE encapsulation Select Connect on Demand when you don t want the connection up all the...

Page 106: ...Use this screen to change your device s WAN backup settings To open this screen select a device click Device Operation in the menu bar and then click Device Configuration Network WAN Backup in the nav...

Page 107: ...ion Recovery Interval When the device is using a lower priority connection usually a WAN backup connection it periodically checks to whether or not it can use a higher priority connection Type the num...

Page 108: ...iority of the routes is as follows WAN Traffic Redirect Dial Backup Port Speed Use the drop down list box to select the speed of the connection between the dial backup port and the external device Ava...

Page 109: ...ice Operation Device Configuration Network WAN Backup Advanced Prestige The following table describes the fields in this screen Table 31 Device Operation Device Configuration Network WAN Backup Advanc...

Page 110: ...ction RIP Routing Information Protocol allows a router to exchange routing information with other routers The RIP Direction field controls the sending and receiving of RIP packets Choose Both In Only...

Page 111: ...and specify an idle time out in the Max Idle Timeout field Max Idle Timeout Specify an idle time out in the Max Idle Timeout field when you select Connect on Demand The default setting is 0 which mea...

Page 112: ...Configuration Network Wireless Card Wireless Card Figure 46 Device Operation Device Configuration Network Wireless Card Wireless Card The following table describes the fields in this screen Table 32...

Page 113: ...s is for enabling RTS CTS Data with its frame size larger than this value will perform the RTS CTS handshake A wireless client sends an RTS for all packets larger than the number of bytes that you ent...

Page 114: ...he security you need and see the following sections for more information Note The installed ZyXEL wireless card may not support all of the wireless security features you can configure in the Vantage C...

Page 115: ...ity Settings Use these screens to configure wireless security settings To see these settings select any option from the Security field in the Device Operation Device Configuration Network Wireless Car...

Page 116: ...Chapter 5 Device Network Settings Vantage CNM User s Guide 116 Wireless Card Advanced Wireless Security Settings...

Page 117: ...F preceded by 0x for each key There are four data encryption keys to secure your data from eavesdropping by unauthorized wireless users The values for the keys must be set up exactly the same on the a...

Page 118: ...end user names and passwords in order to stay connected Enter a time interval between 10 and 65535 seconds If wireless station authentication is done using a RADIUS server the reauthentication timer o...

Page 119: ...example using an authentication server If the wireless network is not keeping track of this information you can usually set this value higher to reduce the number of delays caused by logging in again...

Page 120: ...age CNM to check an external RADIUS server Table 38 Wireless Card 802 1x No WEP LABEL DESCRIPTION Security Select 802 1x No WEP from the drop down list ReAuthenticati on Timer Seconds Specify how ofte...

Page 121: ...zed wireless stations from accessing data transmitted over the wireless network Select 64 bit WEP or 128 bit WEP to enable data encryption Key 1 to Key 4 If you chose 64 bit WEP in the WEP Encryption...

Page 122: ...the filter action for the list of MAC addresses in the MAC Address table Select Deny Association to block access to the router MAC addresses not listed will be allowed to access the device Select All...

Page 123: ...you how to configure the Firewall screens These screens may vary depending on which model you re configuring Please see the device s User s Guide for more information about any of these screens or fi...

Page 124: ...s the labels in this screen Table 42 Device Operation Device Configuration Security Firewall Default Rule LABEL DESCRIPTION Default Rule Setup Enable Firewall Select this check box to activate the fir...

Page 125: ...ough another VPN tunnel or terminates at the device This is the case when the device is the hub in a hub and spoke VPN This is also the case if you allow someone to use a service like Telnet or HTTP t...

Page 126: ...ice Operation in the menu bar and then click Device Configuration Security Firewall Rule Summary in the navigation panel Figure 50 Device Operation Device Configuration Security Firewall Rule Summary...

Page 127: ...achable message for a UDP packet to the sender Select Permit to allow the passage of the packets Apply Click this to save your changes back to the device Reset Click this to reset this screen to its l...

Page 128: ...or not false when the rule is matched Insert Click the insert icon to display the screen where you can configure a new firewall rule The insert icon at the top of the row creates the new firewall rul...

Page 129: ...s Vantage CNM User s Guide 129 In Figure 50 on page 126 click Edit to modify an existing firewall rule or click Insert to create a new firewall rule Figure 51 Device Operation Device Configuration Sec...

Page 130: ...it an existing source or destination address select it from the box and click Modify Delete Highlight an existing source or destination address from the Source or Destination Address es box above and...

Page 131: ...Use the drop down list box to select what the firewall is to do with packets that match this rule Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination...

Page 132: ...o prevent hackers from finding the device by probing for unused ports If you select this option the device will not respond to port request s for unused ports thus leaving the unused ports and the dev...

Page 133: ...DoS protection on the selected interface or all VPN tunnels You may want to disable DoS protection for an interface if the device is treating valid traffic as DoS attacks Another option would be to ra...

Page 134: ...nt Maximum Incomplete Low number For example if you set the maximum incomplete high to 100 the device starts deleting half open sessions when the number of existing half open sessions rises above 100...

Page 135: ...ion Device Configuration Security Firewall Service screen to open the Table 47 Device Operation Device Configuration Security Firewall Service LABEL DESCRIPTION Custom Service This table shows all con...

Page 136: ...example ICMP is 1 TCP is 6 UDP is 17 and so on Port Range This field is available only when you select TCP UDP TCP or UDP in the IP Protocol field Enter the port number from 1 to 255 that defines the...

Page 137: ...remote IPSec router if the primary regular VPN connection goes down In the following figure if the primary VPN tunnel A goes down the device uses the redundant VPN tunnel B Figure 56 IPSec High Avail...

Page 138: ...ice Configuration Security VPN VPN Rules IKE LABEL Description This is the VPN policy index number Name This field displays the identification name for this VPN policy Local IP Address This field disp...

Page 139: ...e 139 6 3 2 Add Edit an IKE Gateway Policy In the VPN Rule IKE screen click Add in the top of the column or click Edit from a existing gateway policy to display the Gateway Policy screen Figure 58 Dev...

Page 140: ...Chapter 6 Device Security Settings Vantage CNM User s Guide 140 IKE Gateway Policy Add Edit...

Page 141: ...s IP address is the IP address mapped to a specified domain name DDNS Domain Name The device s IP address is the IP address mapped to a specified DDNS domain name The VPN tunnel has to be rebuilt if t...

Page 142: ...VPN connection goes down The remote IPSec router must have a second WAN connection in order for you to use this To use this you must identify both the primary and the redundant remote IPSec routers by...

Page 143: ...ocal ID Type Select IP to identify this device by its IP address Select DNS to identify this device by a domain name Select E mail to identify this device by an e mail address You do not configure the...

Page 144: ...alternative name field of the certificate it uses for this VPN connection Select DNS to identify the remote IPSec router by the domain name in the subject alternative name field of the certificate it...

Page 145: ...in from remote IPSec routers with dynamic WAN IP addresses Do the following when you set Authentication Key to Certificate For IP type the IP address from the subject alternative name field of the ce...

Page 146: ...e user name can be up to 31 case sensitive ASCII characters but spaces are not allowed You must enter a user name and password when you select client mode Password Enter the corresponding password for...

Page 147: ...ion but also the longer it takes to encrypt and decrypt information Both routers must use the same DH key group Enable Multiple Proposals Select this check box to allow the device to use any of its ph...

Page 148: ...dit an IKE Network Policy In the VPN Rule IKE screen click the Add icon from a gateway policy or click Edit from an existing network policy to display the Network Policy screen Figure 59 Device Operat...

Page 149: ...S Traffic Through IPSec Tunnel NetBIOS Network Basic Input Output System are TCP or UDP packets that enable a computer to connect to and communicate with a LAN It may sometimes be necessary to allow N...

Page 150: ...en where you can configure port forwarding for your VPN tunnels The VPN network policy port forwarding rules let the device forward traffic coming in through the VPN tunnel to the appropriate IP addre...

Page 151: ...n the Address Type field is configured to Subnet Address this is a static IP address on the LAN behind your device Ending IP Address Subnet Mask When the Address Type field is configured to Single Add...

Page 152: ...he security protocols used for an SA Both AH and ESP increase the device s processing requirements and communications latency delay Encryption Algorithm Select which key size and encryption algorithm...

Page 153: ...s The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks Enable replay detection by selecting this check box Enable Multiple Proposals Select this check bo...

Page 154: ...neral network settings of this VPN policy Name This field displays the policy name Local Network This field displays one or a range of IP address es of the computer s behind the Vantage CNM Remote Net...

Page 155: ...on name for this VPN policy Click the hyperlink to edit the VPN policy Active This field displays whether the VPN policy is active or not A true signifies that this VPN policy is active false signifie...

Page 156: ...and a subnet mask are displayed when the Remote Network Address Type field in the VPN Manual Key Edit screen is configured to Subnet Address Encap This field displays Tunnel or Transport mode Tunnel i...

Page 157: ...Rules Manual screen Use this screen to configure a new or an existing manual VPN rule Figure 62 Device Operation Device Configuration Security VPN VPN Rules Manual Add Edit The following table describ...

Page 158: ...gured to Single enter a static IP address on the LAN behind the device When the Address Type field is configured to Range enter the beginning static IP address in a range of computers on the LAN behin...

Page 159: ...ecreased throughput Select NULL to set up a tunnel without encryption When you select NULL you do not enter an encryption key Authentication Algorithm When you use SHA1 or MD5 both sender and receiver...

Page 160: ...which no reply is received after the specified time period the device checks the VPN connectivity If the remote IPSec router does not reply the device automatically disconnects the VPN tunnel Enter th...

Page 161: ...lly triggers a VPN tunnel to the remote device with the same IP address Adjust TCP Maximum Segment Size The TCP packets are larger after the device encrypts them for VPN The device fragments packets t...

Page 162: ...mation about any of these screens or fields 6 4 1 General Anti Virus Setup Click Device Operation in the menu bar and then click Device Configuration Security Anti Virus General in the navigation pane...

Page 163: ...check box to have the device scan a ZIP file with the zip gzip or gz file extension The device first decompresses the ZIP file and then scans the contents for viruses Note The device decompresses a ZI...

Page 164: ...d to interface For example From VPN To LAN specifies the VPN traffic that is going to the LAN or terminating at the device s LAN interface The device checks the traffic after decrypting it To VPN is t...

Page 165: ...e treats spam Figure 65 Device Operation Device Configuration Security Anti Spam General The following table describes the labels in this screen Table 57 Device Operation Device Configuration Security...

Page 166: ...means traffic that comes in through a VPN tunnel and goes out through another VPN tunnel or terminates at the device This is the case when the device is the hub in a hub and spoke VPN This is also the...

Page 167: ...s are Check the e mail the device forwards to you to make sure that unwanted e mail is marked as spam and legitimate e mail is not marked as spam Discard SMTP mail Forward POP3 mail with tag in mail s...

Page 168: ...spam external database sends a spam score for the e mail back to the device Spam Threshold The anti spam external database checks an e mail s digest and sends back a score that rates how likely the e...

Page 169: ...ubject of e mails that it forwards if a valid spam score was not received within ten seconds Forward SMTP POP3 mail with tag in mail subject Select this radio button to have the device forward mail wi...

Page 170: ...specific subject text Figure 67 Device Operation Device Configuration Security Anti Spam Lists The following table describes the labels in this screen Apply Click this to save your changes back to the...

Page 171: ...revious entry 6 if there is one becomes entry 7 Click Insert to display the screen where you edit an entry Blacklist Use Blacklist Select this check box to have the device treat e mail that matches a...

Page 172: ...source e mail address or an MIME header Select IP to have the device check e mail for a specific source IP address You can create whitelist IP address entries for e mail servers on your LAN or DMZ to...

Page 173: ...re must be other characters between them The device can check up to the first 63 characters of an e mail s address The whitelist or blacklist check fails for addresses over 63 characters However a whi...

Page 174: ...is very good and this is not so good both match The wildcard can be anywhere in the text string and you can use more than one wildcard You cannot use two wildcards side by side there must be other cha...

Page 175: ...his screen Table 61 Device Operation Device Configuration Security IDP General LABEL DESCRIPTION General Setup Enable Intrusion Detection and Prevention Select this check box to enable IDP on the devi...

Page 176: ...e selected to interface For example From VPN To LAN specifies the VPN traffic that is going to the LAN or terminating at the device s LAN interface The device checks the traffic after decrypting it To...

Page 177: ...odes in the overflow buffer region to obtain control of the system install a backdoor or use the victim to launch attacks on other devices AccessControl Access control refers to procedures and control...

Page 178: ...s The Anti Virus AV screen refers to file based viruses and worms Refer to the anti virus chapter for additional information on file based anti virus scanning in the device Porn The device can block w...

Page 179: ...Table 64 Device Operation Device Configuration Security IDP Signature Actions ACTION DESCRIPTION No Action The intrusion is detected but no action is taken Drop Packet The packet is silently discarded...

Page 180: ...ion on types of signatures The table displays the signatures of the type that you selected Click a column s header to sort the entries by that attribute Name The read only signature name identifies a...

Page 181: ...entries on the current page Alternatively you may select or clear individual entries The check box becomes gray when you select the check box If you edited any of the check boxes in this column on th...

Page 182: ...up view screen where IDP signatures are grouped by attack type Signature Search Select this to search for a specific signature name or ID that you already know Then select whether to search the signat...

Page 183: ...unique identification number This number may be searched at myZyXEL com for more detailed information Severity This field displays the level of threat that the intrusion may pose See Table 63 on page...

Page 184: ...e check box in the heading row to switch between the settings last partial edited all selected and all cleared Alert You can only edit the Alert check box when the corresponding Log check box is selec...

Page 185: ...he labels in this screen Table 67 Device Operation Device Configuration Security IDP Anomaly TYPE DESCRIPTION HTTP Inspection TCP Decoder UDP Decoder ICMP Decoder Name This is the name of the protocol...

Page 186: ...on The selected device takes no action when a packet matches the signature s Drop Packet The packet is silently discarded Drop Session When the firewall is enabled subsequent TCP IP packets belonging...

Page 187: ...te The device does not have to reboot when you upload new signatures To open this screen click Device Operation in the menu bar and then click Device Configuration Security Signature Update in the con...

Page 188: ...ely Auto Update Select the check box to configure a schedule for automatic signature updates The Hourly Daily and Weekly fields display when the check box is selected The device then automatically dow...

Page 189: ...guring Please see the device s User s Guide for more information about any of these screens or fields 6 12 Content Filter General Screen Click Device Operation in the menu bar and then click Device Co...

Page 190: ...content filtering configuration Figure 76 Device Operation Device Configuration Security Content Filter General The following table describes the labels in this screen Table 69 Device Operation Device...

Page 191: ...e CONTENT FILTER General screen along with the category of the blocked web page Select Log to record attempts to access prohibited web pages Unrated Web Pages Select Block to prevent users from access...

Page 192: ...ent screen Type your myZyXEL com account password in the Password field and click Submit External Database Service License Status License Status This read only field displays the status of your catego...

Page 193: ...d then click Device Configuration Content Filter Policy in the navigation panel Figure 77 Device Operation Device Configuration Security Content Filter Policy Redirect URL Enter the URL of the web pag...

Page 194: ...y applies You cannot edit this for the default policy External Database Click the external database icon to edit which web features and content categories the content filter policy blocks Customizatio...

Page 195: ...guration Security Content Filter Policy Add General The following table describes the labels in this screen Table 71 Device Operation Device Configuration Security Content Filter Policy Add General LA...

Page 196: ...l and caching service When a proxy server is located on the WAN it is possible for LAN users to circumvent content filtering by pointing to this proxy server Address Setup Address Type Do you want the...

Page 197: ...ice Configuration Security Content Filter Policy External Database LABEL DESCRIPTION Policy Name This is the name of the content filter policy that you are configuring Active Select this option to app...

Page 198: ...s or photo galleries of artistic nature This category also includes nudist or naturist pages that contain pictures of nude individuals Alcohol Tobacco Selecting this category excludes pages that promo...

Page 199: ...gory excludes pages that are designed to appear as a legitimate bank or retailer with the intent to fraudulently capture sensitive data i e credit card numbers pin numbers Arts Entertainment Selecting...

Page 200: ...r how to obtain cheat codes It also includes pages dedicated to selling board games as well as journals and magazines dedicated to game playing It includes pages that support or host online sweepstake...

Page 201: ...r info sites that make extensive use of tracking cookies without a posted privacy statement and sites to which browser hijackers redirect users Usually does not include sites that can be marked as Spy...

Page 202: ...sites like those that specifically match descriptions for Personals Dating sites or Business sites Online Storage Selecting this category excludes pages that provide a secure encrypted off site backu...

Page 203: ...ature nature Pages containing humorous Adult Mature content also have an Adult Mature category rating Software Downloads Selecting this category excludes pages that are dedicated to the electronic dow...

Page 204: ...ses You can also block web sites based on whether the web site s address contains a keyword Use this screen to add or remove specific sites or keywords from the filter list Web Hosting Selecting this...

Page 205: ...on Device Configuration Security Content Filter Object screen see Section 6 14 on page 208 to first configure the master lists of trusted allowed web sites forbidden blocked web sites and keywords Fig...

Page 206: ...ter Object screen where displays the trusted host names you configured Select the ones to which you want to allow access in the Available list and use the arrow select button to move them to the Selec...

Page 207: ...peration Device Configuration Security Content Filter Policy Schedule LABEL DESCRIPTION Policy Name This is the name of the content filter policy that you are configuring Schedule Setup Content filter...

Page 208: ...and then click Device Configuration Security Content Filter Object in the navigation panel Customization Select this option to have content filtering only active during the specified time interval s o...

Page 209: ...s in this screen Table 75 Device Operation Device Configuration Security Content Filter Object LABEL DESCRIPTION Trusted Web Sites These are sites that you want to allow access to regardless of their...

Page 210: ...e Enter host names such as www bad site com into this text field Do not enter the complete URL of the site that is do not include http All subdomains are blocked For example entering bad site com also...

Page 211: ...y vary depending on which model you re configuring Please see the device s User s Guide for more information about any of these screens or fields 6 16 1 Local User Database Use this screen if you want...

Page 212: ...s in this screen 6 16 2 RADIUS Use this screen if you want to use an external server to perform authentication Table 77 Device Operation Device Configuration Security X Auth Local User LABEL DESCRIPTI...

Page 213: ...you disable this feature you can still set the device to perform user authentication using the local user database Server IP Enter the IP address of the external authentication server in dotted decim...

Page 214: ...ey Enter a password up to 31 alphanumeric characters as the key to be shared between the external accounting server and the access points The key is not sent over the network This key must be the same...

Page 215: ...This section shows you how to configure the NAT screens These screens may vary depending on which model you re configuring Please see the device s User s Guide for more information about any of these...

Page 216: ...field displays the highest number of NAT sessions that the device will permit at one time Max Concurrent Sessions Per Host Use this field to set the highest number of NAT sessions that the device will...

Page 217: ...from one WAN port to the other Port Triggering Rules Click Copy to WAN 2 or Copy to WAN 1 to duplicate this WAN port s NAT trigger port rules on the other WAN port Note Using the copy button overwrite...

Page 218: ...ry Active Select this check box to enable the port forwarding entry Clear this check box to disallow forwarding of these ports to an inside server without having to delete the entry Name Type a name t...

Page 219: ...h you want the device to translate the incoming port For a range of ports you only need to enter the first number of the range to which you want the incoming ports translated the device automatically...

Page 220: ...One mode maps one local IP address to one global IP address Note that port numbers do not change for the One to one NAT mapping type 2 Many to One mode maps multiple local IP addresses to one global I...

Page 221: ...de maps multiple local IP addresses to one global IP address This is equivalent to SUA in other words PAT or port address translation ZyXEL s Single User Account feature 3 Many to Many Ov Overload Man...

Page 222: ...apping types Apply Click this to save your changes back to the device Cancel Click this to return to the previous screen Table 82 Device Operation Device Configuration Advanced NAT Address Mapping Edi...

Page 223: ...in a range of port numbers Trigger The trigger port is a port or a range of ports that causes or triggers the device to record the IP address of the LAN computer that sent the traffic to a server on...

Page 224: ...acters are permitted including spaces Incoming Start Port Incoming is a port or a range of ports that a server on the WAN uses when it sends out a particular service The device forwards the traffic wi...

Page 225: ...fies this route To delete a static route erase the name and then click Apply Active This field shows whether this static route is active or not Destination This parameter specifies the IP network addr...

Page 226: ...k address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the...

Page 227: ...vice Configuration Advanced DNS Address Record The following table describes the labels in this screen Private This parameter determines if the device will include this route to a remote node in its R...

Page 228: ...ords move up by one when you take this action Table 87 Device Operation Device Configuration Advanced DNS Address Record continued LABEL DESCRIPTION Table 88 Device Operation Device Configuration Adva...

Page 229: ...l entry Domain Zone A domain zone is a fully qualified domain name without the host For example zyxel com tw is the domain zone for the www zyxel com tw fully qualified domain name From This field dis...

Page 230: ...ced Settings Vantage CNM User s Guide 230 7 9 1 Add Edit a Name Server Record Use this screen to create or edit a name server record Figure 97 Device Operation Device Configuration Advanced DNS Name S...

Page 231: ...ich the ISP does not assign an IP address N A displays for all of the DNS server IP address fields if the device has a fixed WAN IP address Select Public DNS Server if you have the IP address of a DNS...

Page 232: ...up the device s processing of commonly queried domain names and reduces the amount of traffic that the device sends out to the WAN Maximum TTL Type the maximum time to live TTL 60 to 3600 seconds Thi...

Page 233: ...evice Configuration Advanced DNS DDNS LABEL DESCRIPTION Account Setup Active Select this check box to use dynamic DNS User Name Enter your user name You can use up to 31 alphanumeric characters and th...

Page 234: ...tically detect and use the IP address of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the d...

Page 235: ...he labels in this screen Apply Click this to save your changes back to the device Reset Click this to begin configuring this screen afresh Table 92 Device Operation Device Configuration Advanced DNS D...

Page 236: ...hoice to User Defined and enter the same IP address the second User Defined changes to None after you click Apply Select DNS Relay to have the device act as a DNS proxy The device s LAN DMZ or WLAN IP...

Page 237: ...anced Settings Vantage CNM User s Guide 237 Note It is recommended that you disable Telnet and FTP when you configure SSH for secure connections Figure 101 Device Operation Device Configuration Advanc...

Page 238: ...been imported as a trusted CA on the device Server Port The HTTPS proxy server listens on port 443 by default If you change the HTTPS proxy server port to a different number on the device for example...

Page 239: ...using this service Secure Client IP Address A secure client is a trusted computer that is allowed to communicate with the device using this service Select All to allow any computer to access the devic...

Page 240: ...vice if needed however you must use the same port number in order to use that service for remote management Service Access Select the interface s through which a computer may access the device using t...

Page 241: ...cess control and attempted access to blocked web sites or web sites with restricted web features such as cookies active X and so on Some categories such as System Errors consist of both logs and alert...

Page 242: ...Chapter 8 Device Log Vantage CNM User s Guide 242...

Page 243: ...ogging Syslog logging sends a log to Vantage Report or to an external syslog server used to store logs Active Click Active to enable syslog logging Syslog Server IP Address Select an instance of Vanta...

Page 244: ...the Attacks logs may be so numerous that it becomes easy to ignore other important log messages Select this check box to merge logs with identical messages into one log Log Consolidation Period Specif...

Page 245: ...ee Table 8 on page 38 for the device model and the corresponding firmware version CNM supports Note The examples in this section use one of the most comprehensive examples of each screen not every var...

Page 246: ...246...

Page 247: ...of Ethernet interfaces To open this screen click Device Operation in the menu bar and then click Device Configuration Network Interface Ethernet Figure 103 Device Operation Device Configuration Netwo...

Page 248: ...ddress is a static IP address STATIC or dynamically assigned DHCP IP addresses are always static in virtual interfaces Mask This field displays the interface s subnet mask in dot decimal notation Modi...

Page 249: ...ork Settings Vantage CNM User s Guide 249 The screen for each interface may vary depending on your device model and the interface s role Figure 104 Device Operation Device Configuration Network Interf...

Page 250: ...Chapter 9 Device Network Settings Vantage CNM User s Guide 250 Figure 105 Device Operation Device Configuration Network Interface Ethernet Edit non WAN...

Page 251: ...s from a DHCP server You should not select this if the interface is assigned to a VRRP group See Chapter 36 on page 595 Use Fixed IP Address Select this if you want to specify the IP address subnet ma...

Page 252: ...ending RIP packets Choices are 1 2 and 1 and 2 Receive Version This field is effective when RIP is enabled Select the RIP version s used for receiving RIP packets Choices are 1 2 and 1 and 2 V2 Broadc...

Page 253: ...t is still available Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to make sure it is still available Check Period Enter the number of seconds between co...

Page 254: ...ddress network address last address broadcast address and the interface s IP address First DNS Server Optional Second DNS Server Optional Third DNS Server Optional Specify the IP addresses up to three...

Page 255: ...bridge interface in the respective interface summary screen Figure 106 Device Operation Device Configuration Network Interface Ethernet Add Figure 107 Device Operation Device Configuration Network Int...

Page 256: ...models Enter the IP address of the gateway The ZyWALL sends packets to the gateway when it does not know how to route the packet to its destination The gateway should be on the same network as the in...

Page 257: ...99 Device Operation Device Configuration Network Interface WLAN General LABEL DESCRIPTION WLAN Device Settings Extension Slot Select the location where the IEEE 802 11b g is located Note The number o...

Page 258: ...ackets larger than the number of bytes that you enter here Set the RTS CTS equal to or higher than the fragmentation threshold to turn RTS CTS off Fragmentation Threshold This is the threshold number...

Page 259: ...e icon next to it Make sure you click Apply to save and apply the change To edit an interface click the Edit icon next to it The edit screen appears To remove an interface click the Remove icon next t...

Page 260: ...s to figure out the original information pretty quickly Click the Add or Edit icon next to a wireless interface in the Device Operation Device Configuration Network Interface WLAN General to open the...

Page 261: ...Set IDentity The SSID identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same SSID Enter a descriptive name up t...

Page 262: ...all computers in the network Interface Parameters Upstream Bandwidth Enter the maximum amount of traffic in kilobits per second the ZyWALL can send through the interface to the network Allowed values...

Page 263: ...terface s IP address First DNS Server Second DNS Server Third DNS Server Specify the IP addresses of a maximum of three DNS servers that the network can use The ZyWALL provides these IP addresses to D...

Page 264: ...ce can not be the DR or BDR Link Cost Enter the cost between 1 and 65 535 to route packets through this interface Passive Interface Select this to stop forwarding OSPF routing information from the sel...

Page 265: ...all the wireless devices in your network support For example use WPA PSK or WPA2 PSK or WPA or WPA2 if your wireless devices support it If your wireless devices support nothing stronger than WEP use...

Page 266: ...l Add WPA PSK WPA2 PSK Security Table 102 Device Operation Device Configuration Network Interface WLAN General Add WEP Security LABEL DESCRIPTION WEP Encryption WEP Wired Equivalent Privacy provides d...

Page 267: ...y difference between the two is that WPA PSK uses a simple common password instead of user specific credentials Type a pre shared key from 8 to 63 case sensitive ASCII characters including spaces and...

Page 268: ...ed The authentication method can have the ZyWALL check a user s user name and password against the ZyWALL s local database a remote LDAP RADIUS a Active Directory server or more than one of these See...

Page 269: ...Enter the RADIUS server s listening port number the default is 1812 Radius Server Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication s...

Page 270: ...on for the list of MAC addresses in the MAC address filter table Select Deny to block access to the router MAC addresses not listed will be allowed to access the router Select Allow to permit access t...

Page 271: ...isconnect all connected wireless clients To change your ZyWALL s MAC filter settings click Device Operation Device Configuration Network Interface WLAN MAC Filter Add or Edit The screen appears as sho...

Page 272: ...s field displays the name of the interface Port VID For VLAN interfaces this field displays the Ethernet interface on which the VLAN interface is created the VLAN ID For virtual interfaces this field...

Page 273: ...CNM User s Guide 273 Edit icon next to a VLAN interface in the Device Operation Device Configuration Network Interface VLAN screen The following screen appears Figure 116 Device Operation Device Conf...

Page 274: ...interface Enter the number of the VLAN interface You can use a number from 0 4094 Port Select the Ethernet interface on which the VLAN interface runs Virtual LAN Tag Enter the VLAN ID This 12 bit numb...

Page 275: ...ownstream Bandwidth This is reserved for future use Enter the maximum amount of traffic in kilobits per second the ZyWALL can receive from the network through the interface Allowed values are 0 104857...

Page 276: ...ing ways to specify these IP addresses Custom Defined enter a static IP address From ISP select the DNS server that another interface received from its DHCP server ZyWALL the DHCP clients use the IP a...

Page 277: ...the number of seconds between connection check attempts Check Timeout Enter the number of seconds to wait for a response before the attempt is a failure Check Fail Tolerance Enter the number of consec...

Page 278: ...STATIC or dynamically assigned DHCP IP addresses are always static in virtual interfaces Member This field displays the Ethernet interfaces and VLAN interfaces in the bridge interface It is blank for...

Page 279: ...gs Vantage CNM User s Guide 279 Edit icon in the Device Operation Device Configuration Network Interface Bridge screen The following screen appears Figure 120 Device Operation Device Configuration Net...

Page 280: ...are part of the bridge interface Select one and click the deselect arrow to remove it from the bridge interface IP Address Assignment Get Automatically Select this if this interface is a DHCP client...

Page 281: ...the ZyWALL is a DHCP Relay Relay Server 1 Enter the IP address of a DHCP server for the network Relay Server 2 This field is optional Enter the IP address of another DHCP server for the network These...

Page 282: ...ce can regularly check the connection to the gateway you specified to make sure it is still available You specify how often the interface checks the connection how long to wait for a response before t...

Page 283: ...PPPoE PPTP Figure 122 Device Operation Device Configuration Network Interface PPPoE PPTP Each field is described in the table below Apply Click Apply to save your changes back to the ZyWALL Cancel Cl...

Page 284: ...gure just the key settings Base Interface This field displays the interface on the top of which the PPPoE PPTP interface is Account Profile This field is not available for all ZLD based ZyWALL This fi...

Page 285: ...Device Network Settings Vantage CNM User s Guide 285 Note Fields may vary in this screen depending on different ZyWALL models Figure 123 Device Operation Device Configuration Network Interface PPPoE...

Page 286: ...wing table Table 112 Device Operation Device Configuration Network Interface PPP Edit Configuration LABEL DESCRIPTION PPP Interface Properties Enable Select this to enable this interface Clear this to...

Page 287: ...screen Protocol This field is read only It displays the protocol specified in the ISP account User Name This field is read only It displays the user name for the ISP account Service Name This field is...

Page 288: ...Enter the maximum amount of traffic in kilobits per second the ZyWALL can send through the interface to the network Allowed values are 0 1048576 Downstream Bandwidth This is reserved for future use E...

Page 289: ...ALL stops routing through the gateway Ping Default Gateway Select this to use the default gateway for the connectivity check Ping this address Select this to specify a domain name or IP address for th...

Page 290: ...Interface Auxiliary LABEL DESCRIPTION Auxiliary Interface Properties Enable Select this to turn on the auxiliary dial up interface The interface does not dial out however unless it is part of a trunk...

Page 291: ...hentication protocol to use for outgoing calls Choices are Chap PAP The ZyWALL accepts either CHAP Challenge Handshake Authentication Protocol or PAP Password Authentication Protocol as requested by t...

Page 292: ...vice Configuration Network Interface Trunk to open the Trunk screen This screen lists the configured trunks and the load balancing algorithm that each is configured to use Figure 126 Device Operation...

Page 293: ...s subsequent sessions came from a different WAN IP address the file server would deny the request This setting applies when you use load balancing and have multiple WAN interfaces set to active mode T...

Page 294: ...icon to open the following screen Use this screen to configure load balancing settings for each interface Figure 128 Device Operation Device Configuration Network Interface Trunk Edit Least Load First...

Page 295: ...ace has more traffic than it can handle Select Least Load First to send new session traffic through the least utilized trunk member Select Spillover to send network traffic through the first interface...

Page 296: ...isplays the maximum number of kilobits of data the ZyWALL is to send out through the interface per second Spillover This field displays with the spillover load balancing algorithm Specify the maximum...

Page 297: ...unk Edit Add LABEL DESCRIPTION Available This field displays Ethernet interfaces and VLAN interfaces that can become part of the bridge interface An interface is not available in the following situati...

Page 298: ...Summary Screen This screen lists all of the selected ZyWALL s interfaces and gives packet statistics for them Click Device Operation Device Configuration Network Interface Summary to access this scree...

Page 299: ...t speed and duplex setting Full or Half Port Group Inactive The Ethernet interface does not have any physical ports associated with it Port Group Up The Ethernet interface is part of a port group and...

Page 300: ...ht now For example this might happen if the interface is down n a Device HA is not active on the interface Zone This field displays the zone to which the interface is assigned IP Address Netmask This...

Page 301: ...this screen Table 118 Device Operation Device Configuration Network Routing Policy Route LABEL DESCRIPTION Enable BWM This is a global setting for enabling or disabling bandwidth management on the Zy...

Page 302: ...ed to the policy 0 means there is no bandwidth limitation for this route Add icon Click the Add icon in the heading row to add a new first entry Click the Edit icon to go to the screen where you can e...

Page 303: ...open the Policy Route Edit screen Use this screen to configure or edit a policy route Figure 134 Device Operation Device Configuration Network Routing Policy Route Add Edit The following table descri...

Page 304: ...faces in the trunk group based on the load balancing algorithm Select Interface to route the matched packets through the specified outgoing interface to a gateway which is connected to the interface G...

Page 305: ...he incoming service should have the same service or protocol type as what you configured in the Service field Trigger Service Select a service that a remote server sends It causes triggers the ZyWALL...

Page 306: ...s bandwidth unbudgeted and do not enable Maximize Bandwidth Usage Bandwidth Priority Enter a number between 1 and 7 to set the priority for traffic The smaller the number the higher the priority If yo...

Page 307: ...e destination IP address Subnet Mask This is the IP subnet mask Next Hop This is the IP address of the next hop gateway or the interface through which the traffic is routed The gateway is a router or...

Page 308: ...parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in th...

Page 309: ...uses an MD5 password and authentication ID most secure Text Authentication Key This field is available if the Authentication is Text Type the password for text authentication The key can consist of al...

Page 310: ...138 Device Operation Device Configuration Network Routing OSPF Metric Type the cost for routes provided by the indicated source The metric represents the cost of transmission for routing purposes RIP...

Page 311: ...ng information from the indicated source Choices are Type 1 and Type 2 Type 1 cost OSPF AS cost external cost Metric Type 2 cost external cost Metric the OSPF AS cost is ignored Metric Type the extern...

Page 312: ...ion Network Routing Protocol OSPF continued LABEL DESCRIPTION Table 124 Device Operation Device Configuration Network Routing OSPF Add Edit LABEL DESCRIPTION Area ID Type the unique 32 bit identifier...

Page 313: ...you want to connect a different area that does not have a direct connection to the backbone to the backbone You should set up the virtual link on the ABR that is connected to the other area and on the...

Page 314: ...d remove virtual links To add a virtual link click the Add icon at the top of the column A new record appears in the virtual link list To delete a virtual link click on the Remove icon next to the vir...

Page 315: ...or fields 10 1 The Firewall Screen Click Device Operation Device Cofniguration Firewall to open the Firewall screen Use this screen to enable or disable the firewall and asymmetrical routes set a maxi...

Page 316: ...ne the packets come and to which zone they go Firewall rules are grouped based on the direction of travel of packets to which they apply For example from LAN1 to LAN1 means packets traveling from a co...

Page 317: ...deny discards packets and sends a TCP reset packet to the sender reject or permits the passage of packets allow Log This field shows you whether a log and alert is created when packets match this rule...

Page 318: ...vice Operation Device Cofniguration Firewall Edit LABEL DESCRIPTION Enable Select this check box to activate the firewall rule From To For through ZyWALL rules select the direction of travel of packet...

Page 319: ...configure a new one Select any if the policy is effective for every source Destination Select a destination address or address group for whom this rule applies Select Create Object to configure a new...

Page 320: ...ient computer can have If only a few clients use peer to peer applications you can raise this number to improve their performance With heavy peer to peer application use lower this number to ensure no...

Page 321: ...ntry Click the Remove icon to delete an existing rule from the ZyWALL A window displays asking you to confirm that you want to delete the rule Note that subsequent rules move up by one when you take t...

Page 322: ...the user logs out Otherwise select any and there is no need for user logging Note If you specified an IP address or address group instead of any in the field below the user s IP address should be wit...

Page 323: ...d VPN gateway s and various settings In addition it also lets you activate deactivate and connect disconnect each VPN connection each IPSec SA Click a column s heading cell to sort the table entries b...

Page 324: ...o not need to configure policy routes for the dynamic IPSec tunnels Only select this if you want to use policy routes to manually specify the destination addresses of dynamic IPSec rules You must conf...

Page 325: ...hm This field displays what encryption and authentication methods respectively the IPSec SA uses Policy This field displays the local policy and the remote policy respectively Add icon This column pro...

Page 326: ...Chapter 11 IPSec VPN Vantage CNM User s Guide 326 Figure 145 Device Operation Device Configuration VPN IPSec VPN VPN Connection Add Edit IKE...

Page 327: ...ause it is not as secure as a regular IPSec SA Phase 2 Settings Encapsulation Mode Select which type of encapsulation the IPSec SA uses Choices are Tunnel this mode encrypts the IP header information...

Page 328: ...contains icons to add and remove proposals To add a proposal click the Add icon at the top of the column To remove a proposal click the Remove icon next to the proposal The Vantage CNM confirms that y...

Page 329: ...S Network Basic Input Output System packets through the IPSec SA NetBIOS packets are TCP or UDP packets that enable a computer to connect to and communicate with a LAN It may sometimes be necessary to...

Page 330: ...e original source address or select Create Object to configure a new one This is the address object for the computer or network outside the local network The size of the original source address range...

Page 331: ...ress object for the mail server Protocol Select the protocol required to use this translation Choices are TCP UDP or All Original Port These fields are available if the protocol is TCP or UDP Enter th...

Page 332: ...IP header information and the data Transport this mode only encrypts the data You should only select this if the IPSec SA is used for communication between the ZyWALL and remote IPSec router If you se...

Page 333: ...S encryption algorithm AES256 a 256 bit key with the AES encryption algorithm The ZyWALL and the remote IPSec router must use the same algorithm and key Longer keys require more processing power resul...

Page 334: ...the algorithm For example if you enter 1234567890XYZ for a DES encryption key the ZyWALL only uses 12345678 The ZyWALL still stores the longer key Authentication Key Enter the authentication key whic...

Page 335: ...Configuration VPN IPSec VPN VPN Gateway Each field is discussed in the following table See Section 11 2 1 on page 336 for more information Table 132 Device Operation Device Configuration VPN IPSec VP...

Page 336: ...d edit and remove VPN gateways To add a VPN gateway click the Add icon at the top of the column The VPN Gateway Add Edit screen appears To edit a VPN gateway click the Edit icon next to the gateway Th...

Page 337: ...Chapter 11 IPSec VPN Vantage CNM User s Guide 337 Figure 148 Device Operation Device Configuration VPN IPSec VPN VPN Gateway Edit...

Page 338: ...ence of proposals should not affect performance significantly Encryption Select which key size and encryption algorithm to use in the IKE SA Choices are DES a 56 bit key with the DES encryption algori...

Page 339: ...rt 500 and UDP 4500 headers unchanged Dead Peer Detection DPD Select this check box if you want the ZyWALL to make sure the remote IPSec router is there before it transmits data through the IKE SA The...

Page 340: ...adecimal type 0x at the beginning of the key For example 0x0123456789ABCDEF is in hexadecimal format in 0123456789ABCDEF is in ASCII format If you use hexadecimal you must enter twice as many characte...

Page 341: ...with dynamic WAN IP addresses In these situations use a different IP address or use a different Local ID Type DNS type the domain name you can use up to 31 ASCII characters including spaces although...

Page 342: ...est of this section If you type 0 0 0 0 the ZyWALL uses the IP address specified in the Secure Gateway Address field This is not recommended in the following situations There is a NAT router between t...

Page 343: ...the policy Client Mode Select this radio button if the ZyWALL provides a username and password to the remote IPSec router for authentication You also have to provide the User Name and the Password Use...

Page 344: ...creen click Device Operation Device Configuration VPN IPSec VPN Concentrator The following screen appears Figure 150 Device Operation Device Configuration VPN IPSec VPN Concentrator Each field is disc...

Page 345: ...u may use 1 31 alphanumeric characters underscores _ or dashes but the first character cannot be a number This value is case sensitive Available IPSec VPN connection policies that do not belong to a V...

Page 346: ...Chapter 11 IPSec VPN Vantage CNM User s Guide 346...

Page 347: ...Figure 152 Device Operation Device Configuration VPN SSL VPN Access Privilege The following table describes the labels in this screen Table 136 Device Operation Device Configuration VPN SSL VPN Access...

Page 348: ...to add edit and remove policies To add a new policy click the Add icon at the top of the column To edit a policy click the Edit icon next to the policy To delete a policy click the Remove icon next to...

Page 349: ...9 12 2 1 The SSL Access Policy Add Edit Screen To create a new or edit an existing SSL access policy click the Add or Edit icon in the Access Privilege screen Figure 153 Device Operation Device Config...

Page 350: ...o the Member list You can select more than one application To remove an SSL application select the name s in the Member list and click the deselect arrow Network Extension Optional Enable Network Exte...

Page 351: ...nges and return to the main Access Privilege screen Cancel Click Cancel to discard all changes and return to the main Access Privilege screen Table 137 Device Operation Device Configuration VPN SSL VP...

Page 352: ...connection is terminated successfully You can enter up to 60 characters a z A Z 0 9 with spaces allowed Apply Click Apply to save the changes and or start the logo file upload process Reset Click Rese...

Page 353: ...ing systems to securely connect to the network behind the ZyWALL The remote users do not need their own IPSec gateways or VPN client software Figure 155 L2TP VPN Overview 13 2 L2TP VPN Screen Click De...

Page 354: ...ect the pool of IP addresses that the ZyWALL uses to assign to the L2TP VPN clients Select Create Object to configure a new pool of IP addresses Authentication Method Select how the ZyWALL authenticat...

Page 355: ...P server First WINS Server Optional Second WINS Server Optional The WINS Windows Internet Naming Service server keeps a mapping table of the computer names on your network and the IP addresses that th...

Page 356: ...Chapter 13 L2TP VPN Vantage CNM User s Guide 356...

Page 357: ...nto the Web Configurator and click Device Operation Device Configuration Object User Group Figure 157 Device Operation Device Configuration Object User Group The following table describes the labels i...

Page 358: ...settings used for BOB not bob User names have to be different than user group names Here are the reserved user names Add icon This column provides icons to add edit and remove users To add a user cli...

Page 359: ...and change the configuration of the ZyWALL Limited Admin this user can look at the configuration of the ZyWALL but not to change it User this user has access to the ZyWALL s services but cannot look a...

Page 360: ...session every time the main screen refreshes in the Web Configurator Access users can renew the session by clicking the Renew button on their screen If you allow access users to renew time automatical...

Page 361: ...to display on each page This field is a sequential value and it is not associated with a specific user group Group Name This field displays the name of each user group Description This field displays...

Page 362: ...cannot be a number This value is case sensitive User group names have to be different than user names Description Enter the description of the user group if any You can use up to 60 characters punctua...

Page 363: ...NM User s Guide 363 To access this screen login to the Web Configurator and click Device Operation Device Configuration Object Object User Group Setting Figure 161 Device Operation Device Configuratio...

Page 364: ...sion before the user is logged out Admin users renew the session every time the main screen refreshes in the web configurator Access users can renew the session by clicking the Renew button on their s...

Page 365: ...Select this check box to set a limit on the number of times each user can login unsuccessfully for example wrong password before the IP address is locked out for a specified amount of time Maximum ret...

Page 366: ...splays whether users must log in force or whether users do not have to log in skip when this condition is checked and satisfied Add icon This column provides icons to add edit move and remove conditio...

Page 367: ...cannot look at the configuration Ext User this user account is maintained in a remote server such as RADIUS or LDAP Lease Time Enter the number of minutes this type of user account has to renew the cu...

Page 368: ...60 printable ASCII characters long Authentication Select whether users must log in force or whether users do not have to log in skip when this condition is checked and satisfied Source Address Select...

Page 369: ...dress Address Click a column s heading cell to sort the table entries by that column s criteria Click the heading cell again to reverse the sort order Figure 164 Device Operation Device Configuration...

Page 370: ...re based on one of the ZyWALL s interfaces the name of the interface displays first followed by the object s current address settings Add icon This column provides icons to add edit and remove address...

Page 371: ...This field is only available if the Address Type is HOST This field cannot be blank Enter the IP address that this address object represents Starting IP Address This field is only available if the Add...

Page 372: ...tries you want to display on each page This field is a sequential value and it is not associated with a specific address group Name This field displays the name of each address group Description This...

Page 373: ...erscores _ or dashes but the first character cannot be a number This value is case sensitive Description This field displays the description of each address group if any You can use up to 60 character...

Page 374: ...o sort the table entries by that column s criteria Click the heading cell again to reverse the sort order Figure 168 Device Operation Device Configuration Object Service Service The following table de...

Page 375: ...it icon next to the service The Service Add Edit screen appears To delete a service click the Remove icon next to the service The Web Configurator confirms that you want to delete the service before d...

Page 376: ...col Select the protocol the service uses Choices are TCP UDP ICMP and User Defined Starting Port Ending Port This field appears if the IP Protocol is TCP or UDP Specify the port number s used by this...

Page 377: ...e and it is not associated with a specific service group Name This field displays the name of each service group By default the ZyWALL uses services starting with Default_Allow_ in the firewall rules...

Page 378: ...phanumeric characters underscores _ or dashes but the first character cannot be a number This value is case sensitive Description Enter a description of the service group if any You can use up to 60 p...

Page 379: ...d stops at 2009 7 20 23 30 This field is a sequential value and it is not associated with a specific schedule Name This field displays the name of the schedule which is used to refer to the schedule S...

Page 380: ...specific schedule Name This field displays the name of the schedule which is used to refer to the schedule Start Time This field displays the time at which the schedule begins Stop Time This field di...

Page 381: ...numeric characters underscores _ or dashes but the first character cannot be a number This value is case sensitive Day Time Start Type the year month day hour and minute when the schedule begins Year...

Page 382: ...in this screen Table 157 Device Operation Device Configuration Object Schedule Edit Recurring LABEL DESCRIPTION Configuration Name Type the name used to refer to the recurring schedule You may use 1...

Page 383: ...oth required To set all day 24 hours configure the stop hour to 23 and minute to 59 Weekly Week Days Select each day of the week the recurring schedule is effective Apply Click Apply to save your chan...

Page 384: ...Chapter 14 Vantage CNM User s Guide 384...

Page 385: ...figuration Object AAA Server Active Directory or LDAP Default The following table describes the labels in this screen Table 158 Device Operation Device Configuration Object AAA Server Active Directory...

Page 386: ...p to 15 alphanumerical characters for the ZyWALL to bind or log in to the AD or LDAP server Base DN Specify the directory up to 127 alphanumerical characters For example o ZyXEL c US CN Identifier Spe...

Page 387: ...labels in this screen Table 159 Device Operation Device Configuration Object AAA Server Active Directory or LDAP Group LABEL DESCRIPTION Page Size Select how many entries you want to display on each...

Page 388: ...Group Add The following table describes the labels in this screen Table 160 Device Operation Device Configuration Object AAA Server Active Directory or LDAP Group Add LABEL DESCRIPTION Configuration A...

Page 389: ...is not in the AD or LDAP server s or the AD or LDAP server s is down Use SSL Select Use SSL to establish a secure connection to the AD or LDAP server s Host Members The ordering of the LDAP servers i...

Page 390: ...RADIUS server Authentication Port The default port of the RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so with additio...

Page 391: ...Operation Device Configuration Object AAA Server RADIUS Group The following table describes the labels in this screen Table 162 Device Operation Device Configuration Object AAA Server RADIUS Group LA...

Page 392: ...ields below Name Enter a descriptive name up to 63 alphanumeric characters for identification purposes Key Enter a password up to 15 alphanumeric characters as the key to be shared between the externa...

Page 393: ...network administrator instructs you to do so with additional information Add icon Click Add to add a new RADIUS server You can add up to four RADIUS member servers Click Delete to remove a RADIUS ser...

Page 394: ...o the table The ordering of the Method List column is important The ZyWALL authenticates the users using the databases in the local user database or the external authentication server in the order the...

Page 395: ...a server object from the drop down list box You can create a server object in the Device Operation Device Configuration Object AAA Server group screens The ZyWALL authenticates the users using the dat...

Page 396: ...e Size Select how many entries you want to display on each page This field displays the certificate index number The certificates are listed in alphabetical order Name This field displays the name use...

Page 397: ...organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable...

Page 398: ...Account Add Edit Add icon This column provides icons to add edit and remove ISP accounts To add information about a new ISP account click the Add icon at the top of the column To edit information abo...

Page 399: ...Your ZyWALL accepts MSCHAP V2 only Encryption Method This field is available if this ISP account uses the PPTP protocol Use the drop down list box to select the type of Microsoft Point to Point Encry...

Page 400: ...TP server This value must be an integer between 0 and 360 If this value is zero this timeout is disabled Apply Click Apply to save your changes back to the ZyWALL If there are no errors the program re...

Page 401: ...whether the object is a file sharing web server Outlook Web Access Virtual Network Computing or Remote Desktop Protocol SSL application Add icon This column provides icons to add edit and remove SSL...

Page 402: ...ote users can only access files in the remote directory If a link contains a file that is not within this domain then remote users cannot access it Entry Point This field displays if the Server Type i...

Page 403: ...file server Figure 188 Device Operation Device Configuration Object SSL Application Add Edit File Sharing The following table describes the labels in this screen Apply Click Apply to save the changes...

Page 404: ...are name computer name share name For example if you enter my server Tmp this allows remote users to access all files and or folders in the Tmp share on the my server computer Apply Click Apply to sav...

Page 405: ...evice s User s Guide for more information about any of these screens or fields 16 1 Edit Remote Server Log Settings The Log Settings Edit screen controls the detailed settings for each log in the remo...

Page 406: ...server Please see the documentation for your syslog program for more information Active Log Log Category This field displays each category of messages It is the same value used in the Display and Cate...

Page 407: ...omprehensive examples of each screen not every variation for each device type and firmware version If you are unable to find a specific screen or field in this User s Guide please see the User s Guide...

Page 408: ...408...

Page 409: ...ture profiles and manage building blocks 17 1 Synchronization Device Data inconsistencies may occur if device configurations are made directly to the device instead of in Vantage CNM Use this screen t...

Page 410: ...the device s web configurator and compare the settings in the web configurator to the settings in Vantage CNM before you use this function Figure 190 Device Operation Configuration Management Synchro...

Page 411: ...age CNM pull all current device configurations into Vantage CNM The current device configuration overwrites Vantage CNM configurations Vantage CNM Overwrites Device Select this radio button to have Va...

Page 412: ...new configuration does not prevent you from managing the device remotely unless that is desired Make sure you restore a configuration file to an appropriate model Otherwise you may damage the device o...

Page 413: ...guration File List Page Size Select how many records you want to see in each page This is the number of an individual entry File Name This displays the name of the configuration file The name with in...

Page 414: ...ion Management Configuration File Management Backup Device The following table describes the fields in this screen Remove Click this to remove an existing configuration file from the Vantage CNM serve...

Page 415: ...Now Select this radio box to perform the backup after you click Backup Scheduled Time Select this radio box to define a time or a periodical time Vantage CNM server automatically perform backup for t...

Page 416: ...displays the name of the set of configuration files Description This field displays the description of the set of configuration files Admin This field displays the administrator who performed the back...

Page 417: ...File Management Backup Folder TYPE DESCRIPTION Group Backup Group File Name Enter the name of the set of configuration files The name must be 1 20 characters long and you cannot use spaces or the cha...

Page 418: ...r Monthly to specify how often you want the backup schedule is applied periodically Select the calendar to specify a date for the backup schedule Select a time from O clock to specify a time for the b...

Page 419: ...nt Restore Folder TYPE DESCRIPTION Group Restore This is the number of an individual entry Device Name This displays the name of the device that was backed up Device Type This displays the type of the...

Page 420: ...ent Configuration File Management Schedule List Device TYPE DESCRIPTION Schedule List This is the number of an individual entry File Name This displays the name of the configuration file Device Name T...

Page 421: ...you want to see in each page Schedule List This is the number of an individual entry Group File Name This displays the name of the set of configuration files Backup Time This displays the schedule wh...

Page 422: ...n Management Configuration File Management Schedule List Folder TYPE DESCRIPTION Scheduled Backup Group File Name Enter the name of the set of configuration files The name must be 1 20 characters long...

Page 423: ...u want this backup schedule is applied one time or select Weekly or Monthly to specify how often you want the backup schedule is applied periodically Select the calendar to specify a date for the back...

Page 424: ...3 Device Operation Configuration Management Signature Profile Management Backup Restore TYPE DESCRIPTION Device Name This is the name of the selected device you configured when the device was added in...

Page 425: ...the version of signature Description This displays a description that was entered at the time of backup Admin This field displays the administrator who performed the backup Backup Click this to displa...

Page 426: ...ollowing table describes the fields in this screen Table 184 Device Operation Configuration Management Signature Profile Management Backup Restore Folder TYPE DESCRIPTION Platform Select the ZyWALL pl...

Page 427: ...ce Name This is the name of the a device from which the signature profile was backed up Device Type This is the model name of the device Description This displays a description that was entered at the...

Page 428: ...185 Device Operation Configuration Management Signature Profile Management Backup Restore Restore Folder TYPE DESCRIPTION This is the number of an individual entry Device Name This field is available...

Page 429: ...umber of records on the current page of the device list Restore Select the check box next to one or more devices and click this to restore the specified configuration file and signatures to them Cance...

Page 430: ...of records on the current page of the device list Back Click this to discard the changes and back to the previous screen Apply Select one or multiple device s and click this to perform signature prof...

Page 431: ...the time of writing this screen is not available for ZLD based ZyWALL Figure 210 Device Operation Configuration Management Signature Profile Management Reset to Factory The following table describes t...

Page 432: ...ration BB Device Type This displays the type of the device that the building block was associated to and entered when it is created Firmware Version This displays the firmware version of the device th...

Page 433: ...it or Save as in the Device Operation Configuration Management Building Block Configuration BB screen Figure 212 Device Operation Configuration Management Building Block Configuration BB Add Figure 21...

Page 434: ...Building Block Configuration BB Add Edit Save As TYPE DESCRIPTION Name Enter a unique name for the building block The name must be 1 32 alphanumeric characters dashes or underscores _ It cannot inclu...

Page 435: ...e Operation Device Configuration Security Signature Update see Section 6 10 on page 186 if you select Signature Update Refer to Device Operation Device Configuration Security Content Filter see Sectio...

Page 436: ...vailable when you add or copy a configuration BB using save as Click this to create the building block if necessary and edit the detailed configuration for the selected device type firmware version an...

Page 437: ...schedule For example a schedule starts at 23 00 and stops at 23 30 on Mondays Day Time Start Type the year month day hour and minute when the schedule begins Year 1900 2999 Month 1 12 Day 1 31 it is n...

Page 438: ...change it User this user has access to the ZyWALL s services but cannot look at the configuration Guest this user has access to the ZyWALL s services but cannot look at the configuration Ext User thi...

Page 439: ...refreshes in the Web Configurator Access users can renew the session by clicking the Renew button on their screen If you allow access users to renew time automatically see Section 14 3 on page 362 the...

Page 440: ...field is only available if the Address Type is HOST This field cannot be blank Enter the IP address that this address object represents Starting IP Address This field is only available if the Address...

Page 441: ...guration BB Add Edit ZLD Service Create TYPE DESCRIPTION IP Protocol Select the protocol the service uses Choices are TCP UDP ICMP and User Defined Starting Port Ending Port This field appears if the...

Page 442: ...ock Component BB TYPE DESCRIPTION Page Size Select how many records you want to see in each page This is the number of an individual entry Name This displays the name of the BB Type This displays the...

Page 443: ...item to list all configured firewall rule s that have applied to one or multiple ZLD based ZyWALLs To open this menu item select the device click Table 196 Device Operation Configuration Management Bu...

Page 444: ...multiple ZLD based ZyWALL s To open this menu item click Add or Edit in the Table 197 Device Operation Configuration Management ZLD Firewall Rule Group Configuration TYPE DESCRIPTION Page Size Select...

Page 445: ...anagement Vantage CNM User s Guide 445 Device Operation Configuration Management ZLD Firewall Rule Group Configuration screen Figure 222 Device Operation Configuration Management ZLD Firewall Rule Gro...

Page 446: ...chedule BB If you want to use a user object that has been configured on the ZyWALL select Use Schedule object in device and type the object s name If you want to use a schedule BB configured on Vantag...

Page 447: ...ox If you want to use a service object hat has been configured on the ZyWALL select Use Service object in device to and type the object s name case insensitive If you want to use a service BB configur...

Page 448: ...ule applies for the selected device Select Keep Destination Address in firewall rule to use the destination address setting configured in the Firewall Rule section above Select Replace Destination Add...

Page 449: ...ection 18 3 on page 451 Click Device Operation in the menu bar and then click Firmware Management Firmware List to display the next screen Figure 223 Device Operation Firmware Management Firmware List...

Page 450: ...figurated properly in the CNM System Setting Configuration Servers Configuration See Section 30 1 on page 561 Figure 224 Device Operation Firmware Management Firmware List Add Type the file name and p...

Page 451: ...ler List TYPE DESCRIPTION Page Size Select how many records you want to see in each page This is the number of an individual entry FW Alias This is a descriptive name for the firmware This is specifie...

Page 452: ...after firmware upload You should also notify device owners before you begin the upload See the CNM System Setting Configuration Notification screen 18 3 1 Firmware Upgrade Folder Use this screen to se...

Page 453: ...RIPTION This field displays the device number FW Alias This is a descriptive name for the firmware This is specified when the firmware is uploaded See Section 18 1 1 on page 450 Device Type This field...

Page 454: ...y detect firmware for the device selected Uploading incorrect firmware may damage the device Current FW Version This field displays the firmware version the ZyXEL device is using It is blank if the de...

Page 455: ...hedule Select a time from O clock to specify a time for the upgrade schedule After clicking Apply you can see the scheduled firmware upgrade status in the Device Operation Firmware Management Schedule...

Page 456: ...Chapter 18 Firmware Management Vantage CNM User s Guide 456...

Page 457: ...This menu item is available if you click a device 19 1 1 Registration Use this screen to register the selected device on www myzyxel com and to activate free trials for subscription services such as...

Page 458: ...en click License Management Service Activation Registration in the navigation panel Figure 229 Device Operation License Management Service Activation Registration ZyNOS ZyWALL Figure 230 Device Operat...

Page 459: ...If you already have an account at myZyXEL com select this option and enter your user name and password in the fields below to register your device User Name Enter a user name for your myZyXEL com acco...

Page 460: ...r http myupdate zywall zyxel com IDP AppPatrol Signature Service The IDP and application patrol features use the IDP AppPatrol signature files on the Vantage CNM IDP detects malicious or suspicious pa...

Page 461: ...ment Service Activation Service ZLD ZyWALL The following table describes the labels in this screen Table 204 Device Operation License Management Service Activation Service LABEL DESCRIPTION Service Ma...

Page 462: ...irus after the registration expires you just won t receive updated signatures Count This field is only available for a ZLD based ZyWALL This field displays how many VPN tunnels you can use with your c...

Page 463: ...agement License Status ZLD ZyWALL The following table describes the labels in this screen Table 205 Device Operation License Management License Status LABEL DESCRIPTION Page Size Select how many recor...

Page 464: ...ys the type of anti virus engine Expiration Date This field displays the date the subscription is scheduled to expire or already expired on the device In addition for a ZLD based ZyWALL you can contin...

Page 465: ...e for the device Select this and click Apply to activate a trial version of the service for the device In addition for a ZLD based ZyWALL you have to select whether using ZyXEL s anti virus engine or...

Page 466: ...for subscription service s on ZyWALLs under a folder that you selected You can also search specific license information based on your input criteria To open this screen click a folder and then click...

Page 467: ...or already expired on the device You can also click the calender icon to specify a date Search Click this to perform the search Page Size Select how many records you want to see in each page Device Na...

Page 468: ...ZyWALL you can continue to use IDP AppPatrol or Anti Virus after the registration expires you just won t receive updated signatures Count This field is only available for a ZLD based ZyWALL This fiel...

Page 469: ...ent Signature Status Figure 240 Device Operation License Management Signature Status ZyNOS ZyWALL Figure 241 Device Operation License Management Signature Status ZLD ZyWALL The following table describ...

Page 470: ...ecurity zyxel com mysecurity jsp download download jsp You can also subscribe to receive signature update e mail notifications there This number is defined by the ZyXEL Security Response Team ZSRT who...

Page 471: ...Signature Status Figure 242 Device Operation License Management Signature Status Folder ZLD Series Figure 243 Device Operation License Management Signature Status Folder ZyNOS Series The following tab...

Page 472: ...security zyxel com mysecurity jsp download download jsp You can also subscribe to receive signature update e mail notifications there This number is defined by the ZyXEL Security Response Team ZSRT wh...

Page 473: ...nsive examples of each screen not every variation for each device type and firmware version If you are unable to find a specific screen or field in this User s Guide please see the User s Guide for th...

Page 474: ...474...

Page 475: ...FIELD DESCRIPTION Show Community By Type Select this from the list box to display which VPN community type you want to see in this screen Page Size Select how many records you want to see in each pag...

Page 476: ...We know almost all VPN parameter values should be the same in peer VPN gateways This screen helps you to easily configure VPN settings in one screen Remove Click this to delete a VPN community settin...

Page 477: ...PN Community Vantage CNM User s Guide 477 and applies it to devices in one time To open this menu item click Add or Edit in the VPN Management VPN Community screen Figure 245 VPN Management VPN Commun...

Page 478: ...from the list box and click Apply Or click Cancel to close the screen without applying any setting Click the Save as a BB icon to save the current phase 1 or phase 2 setting as a building block The fo...

Page 479: ...y Community Type Select a VPN community type such as Full Mesh Hub Spoke or Remote Access Nail Up Select this check box to turn on the nailed up feature for this VPN community Allow NetBIOS Traffic Th...

Page 480: ...gateway in this community Total Records This entry displays the total number of records on the current page of the list Phase 1 Pre Shared Key Select Auto generate the Vantage CNM generates a pre shar...

Page 481: ...sed for an SA Both AH and ESP increase processing requirements and communications latency delay Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA Choices are DES...

Page 482: ...duplicate packets to protect against replay attacks Enable replay detection by selecting this check box Enable Multiple Proposals Select this to allow the Vantage CNM to use any of its phase 2 encrypt...

Page 483: ...Report FIELD DESCRIPTION Page Size Select how many records you want to see in each page This is the number of an individual entry Community Name This displays a name of the VPN community Community Ty...

Page 484: ...this screen Click Refresh Now to update the information right away Community Name This field displays the name of the VPN community Page Size Select how many records you want to see in each page This...

Page 485: ...om a communities list by community or from a devices list by device 22 1 Monitor VPN by Community Use this menu item to monitor all VPN community status To open this screen click a device or a folder...

Page 486: ...many tunnels in each community type such as Full Mesh Hub Spoke Remote Access Page Size Select how many records you want to see in each page This is the number of an individual entry Community Name T...

Page 487: ...records you want to see in each page This is the number of an individual entry Local Gateway This field displays the local gateway name and IP address of this tunnel Remote Gateway This field display...

Page 488: ...Message Select this to hide the IKE cookie logs Device Name This field displays the device name for the following logs section Time This field displays the time the log was recorded Message This field...

Page 489: ...he current page of the list Back Click this to return to the previous screen Export Logs Click this to export the current logs shown in this screen to a TriggerLogsStore csv file Close Click this to c...

Page 490: ...l Tunnels This displays how many tunnels in total are configured in this VPN community Show Detail Click this to display a screen where you can view detailed VPN settings among the devices See Section...

Page 491: ...way IP address of this tunnel Remote Gateway This displays the remote VPN gateway IP address of this tunnel Tunnel Status This displays the current status of this tunnel Total Records This entry displ...

Page 492: ...il Click this to see the detailed VPN settings of the device See Section 22 1 1 on page 486 Total Records This entry displays the total number of records on the current page of the list Table 219 VPN...

Page 493: ...493 PART VI Monitor Device Status Monitor 495 3G Monitor 497 Device HA Status 527 Device Alarm 529...

Page 494: ...494...

Page 495: ...cal information from Vantage CNM and its managed devices 23 1 Device Status This report shows a summary of the status of Vantage CNM and it s managed devices Click Monitor Device Status The following...

Page 496: ...Firmware Version This displays the firmware version number of the device Status This displays an icon indicating the current status of the device Refer to Section 2 3 1 2 on page 31 to see what the ic...

Page 497: ...information about 3G wireless technology in Section 5 3 3 on page 87 To look at reports for all devices in one screen select root in the device window before accessing the Monitor menu as shown in the...

Page 498: ...d Traffic Report also appears Figure 260 Viewing reports for a single device Single device 24 1 Summary Use this screen to look at a summary of devices managed by Vantage CNM that support 3G monitorin...

Page 499: ...erted in the device with no errors This is represented by a bar graph in ascending height order Depending on how many bars are lit green the 3G connection can be No signal All bars are grayed out Very...

Page 500: ...1 1 1 3G connection is down Budget Control is enabled The 3G connection is down and you enabled budget control in the Device Configuration Network WAN 3G WAN 2 screen see Section 5 3 3 on page 87 The...

Page 501: ...rd Click Dial to dial up the 3G WAN connection IP Netmask This shows the port s IP address and subnet mask IP Assignment For the WAN if the selected device gets its IP address automatically from an IS...

Page 502: ...entify a mobile device 3G Card IMSI This field is available only when you insert a GSM or UMTS 3G card This displays the International Mobile Subscriber Identity IMSI stored in the SIM Subscriber Iden...

Page 503: ...down and you did not enable budget control in the Device Configuration Network WAN 3G WAN 2 screen see Section 5 3 3 on page 87 The Show Detail screen displays as follows Figure 263 Monitor 3G Monito...

Page 504: ...ble 222 on page 501 for descriptions of the other fields in this screen Table 223 Monitor 3G Monitor Show Details 3G up Budget Control enabled LABEL DESCRIPTION Data Budget Remaining Max This shows th...

Page 505: ...The Show Detail screen displays as follows Figure 265 Monitor 3G Monitor Show Details 3G up Budget Control not enabled Refer to Table 222 on page 501 for descriptions of the other fields in this scree...

Page 506: ...page 87 The Show Detail screen displays as follows Figure 267 Monitor 3G Monitor Show Details 3G disabled Click Back to return to the previous screen 24 1 1 7 3G PIN code error There is a 3G card inse...

Page 507: ...thrice The following table describes the labels in this screen Table 224 Monitor 3G Monitor Show Details Wrong PIN entered thrice LABEL DESCRIPTION PUK Code Enter the PUK code to unlock the 3G card N...

Page 508: ...PUK code accepted LABEL DESCRIPTION Restart budget calculation using inserted 3G card Click this if you want to set the data and time budget back to the full allocated value Resume budget calculation...

Page 509: ...MA card modem is locked The Show Detail screen displays as follows Figure 272 Monitor 3G Monitor Show Details CDMA card modem is locked Enter the correct code to unlock the CDMA modem and click Apply...

Page 510: ...der list LABEL DESCRIPTION Period Select reports from Today Yesterday or the Last 7 Days Page Size Select how many records you want to see in each page Device Name This is the name of the device where...

Page 511: ...card is installed Availability Statistics This shows a table of uptime percentages of the 3G connection for a span of time ranging from one day to one month Options This column shows the day Today Yes...

Page 512: ...number of the entry Connection This is the date and time when the 3G connection is started The date is in Year Month Day format The time is in XXhr s YYmin s ZZsec s format Disconnection This is the...

Page 513: ...link in the Options column The following screen displays Figure 275 Monitor 3G Monitor Availability Report Single device 30 Days Refer to Figure 227 on page 511 to read the descriptions of the labels...

Page 514: ...24 3G Monitor Vantage CNM User s Guide 514 Click Monitor 3G Monitor Radio Report When viewing the records for all devices the following screen displays Figure 276 Monitor 3G Monitor Radio Report Fold...

Page 515: ...be No signal All bars are grayed out Very weak The smallest bar in the left is lit green Weak The two bars in the left are lit green Medium Three bars from the left are lit green Strong Four bars from...

Page 516: ...quality you want to view Choose between Last 7 Days or Last 30 Days graph The graph displays the report information visually It shows the signal quality of the 3G connection in a bar graph indicated...

Page 517: ...s installed Period Select the time period of the device s record of 3G connection signal strength and quality you want to view Choose between Last 1 Hr or Last 24 Hrs Next Refresh Time This shows the...

Page 518: ...tor Traffic Report The following screen displays Figure 279 Monitor 3G Monitor Traffic Report The following table describes the labels in this screen Table 231 Monitor 3G Monitor Traffic Report LABEL...

Page 519: ...ph s time coverage can span one day or seven days depending on the day range you choose Traffic History This is the index number of the entry Time This is the time when the entry is recorded by the Va...

Page 520: ...indicates how many alerts under the 3G category a device has generated View Click the Show Detail icon to view information related to 3G alert Refer to Figure 281 on page 521 to view the details of t...

Page 521: ...e name of the device where the 3G card is installed Time Period All Click this to see all the recorded events in the device Last 1 Hr Click this to see recorded events in the last hour in the device L...

Page 522: ...30 days long Click the date button to confirm your selection or click Clear to close this screen without any changes Retrieve Click this to generate the list of alerts for the time range you selected...

Page 523: ...at events you are notified of and what the e mail message contains You can also set the time interval when your Vantage CNM monitors the managed devices 24 6 1 Notification Setting Use this screen to...

Page 524: ...minutes When over value of time budget or value of data budget Primary Backup WAN Fail over 3G Card is not installed while 3G is enabled Note that you can customize the value for signal strength Spec...

Page 525: ...fication Setting The following screen displays Figure 283 Monitor 3G Monitor Notification Notification Refer to Table 253 on page 567 for the descriptions of the fields in this screen Go to Section 30...

Page 526: ...tor 3G Monitor Monitor Setting Monitor Interval The following table describes the labels in this screen Table 235 Monitor 3G Monitor Monitor Setting Monitor Interval LABEL DESCRIPTION Monitor Interval...

Page 527: ...bar and then click Device HA Status in the navigation panel Note You can see HA status in this screen only if you allow the Vantage CNM able to monitor the device HA status for the device Refer to Fi...

Page 528: ...device are inactive If the device is a backup device the possible status are Active All VRRP interfaces status on the device are active Stand By All VRRP interfaces status on the device are Stand By F...

Page 529: ...alarm severities and they are in an order For example a fatal alarm is severer than an major alarm 26 1 2 Unresolved Alarms View recent alarms and who has taken care of or is taking care of them in t...

Page 530: ...latform This is available if you select a folder Select the platform you wish to view Category Select the type of alarm you wish to view Severity Select the severity of alarm you wish to view See Sect...

Page 531: ...his to take responsibility for finding the cause of this alarm and move this record from this screen to the Device Alarm Responded Alarm screen Clear Click this to remove the alarm from the monitor Se...

Page 532: ...vailable if you select a folder Select the platform you wish to view Category Select the type of alarm you wish to view Severity Select the severity of alarm you wish to view Time Period Select the ti...

Page 533: ...displays the administrator who responded to the alarm Response Time This field displays the time the alarm occurred Clear Click this to remove the alarm from the monitor See Section 26 1 3 on page 53...

Page 534: ...Chapter 26 Device Alarm Vantage CNM User s Guide 534...

Page 535: ...535 PART VII Log Report Device Operation Report 537 CNM Logs 553 VRPT 555...

Page 536: ...536...

Page 537: ...that Vantage CNM signals the device to request a firmware FTP upload from Vantage CNM This report shows a summary of firmware upgrades See Section 18 3 on page 451 To open this screen click Log Report...

Page 538: ...erformed Device Name This is available if you select showing by device This displays the device name Device Type This displays the device type Upgrade To This is the firmware version which the upgrade...

Page 539: ...pgrade To This displays the firmware version the device was upgraded to Page Size Select how many records you want to see in each page This field shows the index number of the entry Device Name This f...

Page 540: ...ort Operation Report Configuration Report Group The following table describes the labels in this screen Table 242 Log Report Operation Report Configuration Report LABEL DESCRIPTION Show by Select this...

Page 541: ...the operation Result Successful Total This is available if you select showing by group This is the result that displays how many operation were requested in total and how many operation in them were...

Page 542: ...ails The following table describes the labels in this screen Table 243 Log Report Operation Report Configuration Report Show Details LABEL DESCRIPTION Device Name This field displays the device name o...

Page 543: ...the device GET display means this operation was requested by Vantage CNM to get the information from the device Status This field displays the status of the operation on the device such as Succeed Fa...

Page 544: ...tion Report Configuration File Backup Restore Report Backup Report in the navigation panel Figure 294 Log Report Operation Report Configuration File Backup Restore Report Backup Report Device Figure 2...

Page 545: ...n file backup File Name This is available if you select showing by device This displays the backup file name Group File Name This is available if you select showing by group This displays the group ba...

Page 546: ...ON Group File Name This displays the group configuration backup file name for this report Page Size Select how many records you want to see in each page This is the number of an individual entry Devic...

Page 547: ...ckup Restore Report Backup Report LABEL DESCRIPTION Show by Select this to display the configuration operation list shown by devices or by groups Page Size Select how many records you want to see in e...

Page 548: ...ou select showing by device This displays the result the operation is performing Doing or was performed Successful or Failed Result Successful Total This is available if you select showing by group Th...

Page 549: ...sted You can click the label to sort by this column Device Name This displays the device name for the signature profile backup You can click the label to sort by this column Profile Name This displays...

Page 550: ...want to see in each page This is the number of an individual entry Action Time This field displays the date and time the operation was requested You can click the label to sort by this column Device...

Page 551: ...displays the name of the administrator who performed the operation Toal Records This entry displays the total number of records on the current page of the list Table 248 Log Report Operation Report Si...

Page 552: ...Chapter 27 Device Operation Report Vantage CNM User s Guide 552...

Page 553: ...to view and configure Vantage CNM system log preferences 28 1 1 CNM Logs You can view system logs for previous day the last two days or up to one week here To open this screen click Log Report in the...

Page 554: ...a keyword of the message you want to view Vantage CNM logs Retrieve Click Retrieve for Vantage CNM to pull the logs from the selected device Page Size Select how many records you want to see in each...

Page 555: ...manage monitor and gather statistics on devices located worldwide With Vantage Report you can monitor network access enhance security and anticipate future bandwidth needs A typical application is ill...

Page 556: ...NM to configure Vantage Report and to look at reports This is illustrated below Figure 303 Vantage Report and Vantage CNM Architecture The Vantage Report server can be installed on the same machine as...

Page 557: ...to the specified Vantage Report instance It does not change any settings for log categories or traffic statistics 3 Click CNM System Setting Configuration Log Setting for each device Make sure the de...

Page 558: ...evice is not managed by any Vantage Report instance yet the Vantage Report window does not open an error message appears to say this device is not associated with the Vantage Report Note Refer to Vant...

Page 559: ...559 PART VIII CNM System Setting CNM System Setting 561 Maintenance 581 Device Owner 585 Vantage CNM Software Upgrade 587 License 589 About CNM 591...

Page 560: ...560...

Page 561: ...ss FTP server for firmware upload and mail server for Vantage CNM notifications and reports in this screen These IP addresses will be the same as the Vantage CNM server computer if they are all on the...

Page 562: ...e IP address which the Vantage CNM server currently uses from the list See the procedure to change this IP address in the Section 30 1 1 on page 563 Note Make sure you configure a proper IP address in...

Page 563: ...see 4a and 4b to reset the communication between Vantage CNM and devices Wait about 5 minutes until the device is ready and registers with Vantage CNM You don t have to restart the computer on which...

Page 564: ...new device can ping the Vantage CNM server the new Vantage CNM Public IP address and then set the device s Manager IP address correspondingly 30 2 Servers Status Use this screen to view the current Va...

Page 565: ...computer You can change this value in CNM System Setting Configuration Servers Configuration See Section 30 1 on page 561 Mail Server This field displays the IP address of the Mail Server You can cha...

Page 566: ...maximum number of administrators allowed to log into Vantage CNM at any one time Idle Timeout Select the check box next to this to activate the timeout and type the length of time an Administrator can...

Page 567: ...Notification in the navigation panel Figure 308 CNM System Setting Configuration Notification The following table describes the fields in this screen Table 253 CNM System Setting Configuration Notifi...

Page 568: ...es the labels in this screen Apply Click this to save your settings in Vantage CNM Reset Click this to begin configuring the screen afresh Table 253 CNM System Setting Configuration Notification conti...

Page 569: ...h events the Vantage CNM records logs for To open this screen click variable legend This is a list of the variables used in the e mail message Apply Click this to save your settings Cancel Click this...

Page 570: ...30 CNM System Setting Vantage CNM User s Guide 570 CNM System Setting in the menu bar and then click Configuration Log Setting in the navigation panel Figure 310 CNM System Setting Configuration Log...

Page 571: ...L DESCRIPTION Log Report Stores Enter the maximum days the Vantage CNM stores device logs CNM system logs CNM reports After the logs or reports expire Vantage CNM removes them from the system Alarm In...

Page 572: ...e Compatible This field indicates if the connected device is compatible with Vantage CNM Status This field displays the status of the Vantage Report instance The bulb lights on when the Vantage CNM is...

Page 573: ...Vantage Report instance in Vantage CNM You must use 3 28 alphanumeric characters underscores _ dashes or periods Syslog Server Address Enter the IP address of the Vantage Report server This should be...

Page 574: ...encrypted with one key can only be decrypted using the other 2 Tim keeps the private key and makes the public key openly available 3 Tim uses his private key to encrypt the message and sends it to Je...

Page 575: ...icates A certification path is the hierarchy of certification authority certificates that validate a certificate The device does not trust a certificate if any certificate on its path has expired or b...

Page 576: ...fication request to a certification authority which then issues a certificate Use the My Certificate Import screen to import the certificate and replace the request SELF represents a self signed certi...

Page 577: ...an Expiring or Expired message if the certificate is about to expire or has already expired KeyStore Type This field specifies the format of the certificate Possible formats include PKCS 12 pkcs12 and...

Page 578: ...anumeric characters underscores _ or dashes State Name Type the state or province where the organization or company is located You can use 1 32 alphanumeric characters underscores _ or dashes Country...

Page 579: ...NM System Setting Configuration Certificate Management Import Certificate LABEL DESCRIPTION Input Certificate Input Your Certificate Path Type in the location of the certificate you want to upload in...

Page 580: ...Chapter 30 CNM System Setting Vantage CNM User s Guide 580...

Page 581: ...system backups Figure 316 CNM System Setting Maintenance System The following table describes the fields in this screen Table 261 CNM System Setting Maintenance System LABEL DESCRIPTION This is the nu...

Page 582: ...kup before you upgrade Vantage CNM software Note System kicks out all on line users after you confirm a system backup Choose a proper time and inform users the schedule before a system backup Figure 3...

Page 583: ...tem Backup LABEL DESCRIPTION File Name Type up to 35 alphanumberic charactors for this backup file name Space is not allowed Description Type up to 255 charactors for the file backup description Backu...

Page 584: ...it the device list file remove the duplicated device information and import again Figure 319 CNM System Setting Maintenance Device List Import Conflict If you receive the following successful message...

Page 585: ...menu bar and then click Device Owner in the navigation panel to display the next screen Figure 321 CNM System Setting Device Owner The following table describes the labels in this screen Table 264 CN...

Page 586: ...information about the person Address Line1 Type up to 64 charactors of a mailing address for this person Address Line2 Type the additional address information if the Address Line1 field is not long en...

Page 587: ...NM software upgrade To open this screen click CNM System Setting in the menu bar and then click Upgrade in the navigation panel Figure 323 CNM System Setting Upgrade The following table describes the...

Page 588: ...Chapter 33 Vantage CNM Software Upgrade Vantage CNM User s Guide 588...

Page 589: ...is in the trial period Trial or in the licensed period Standard Account on myZyXEL com This is the account you used to register the Vantage CNM Authenitcation Code AC This is an automatically generat...

Page 590: ...the maximum device number the Vantage CNM is allowed to manage Click Upgrade in the CNM System Setting License screen to display this screen Figure 325 CNM System Setting License Upgrade The followin...

Page 591: ...in the navigation panel Figure 326 CNM System Setting About The following table describes the labels in this screen Table 269 CNM System Setting About LABEL DESCRIPTION Software Version This is the Va...

Page 592: ...Chapter 35 About CNM Vantage CNM User s Guide 592...

Page 593: ...593 PART IX Account Management User Group 595 Account 599...

Page 594: ...594...

Page 595: ...of administrator permissions Super pre defined permissions are not editable Custom administrators have no predefined permissions To open this screen click Account Management in the menu bar and then...

Page 596: ...8 Account Management Group Add The following table describes the fields in this screen Edit Click this to modify an existing group Remove Click this to delete a group Note You cannot remove the Super...

Page 597: ...tor to access the functions associated to the Monitor menu in the menu bar Log Report Select this to allow the administrator to access the functions associated to the Log Report menu in the menu bar C...

Page 598: ...Chapter 36 User Group Vantage CNM User s Guide 598...

Page 599: ...stem Setting User Access screen 37 1 Root Administrator The default system name and password when you first log in is root This is a default system Administrator account which cannot be deleted by any...

Page 600: ...owing table describes the fields in this screen Table 272 Account Management Account LABEL DESCRIPTION This is the number of an individual entry Username This is the administrator name for identificat...

Page 601: ...the password that you log into Vantage CNM with The username cannot be changed after an Administrator account is created but her name can be Password Type a password associated with the Username abov...

Page 602: ...ete telephone number including area codes for this Administrator Description Type some extra information about the Administrator Apply Click this to save your settings in Vantage CNM Cancel Click this...

Page 603: ...603 PART X Troubleshooting Troubleshooting 605...

Page 604: ...604...

Page 605: ...e the Quick Start Guide for additional suggestions I cannot see or access the Login screen in the web configurator 1 Make sure your Internet browser does not block pop up windows and has Java Scripts...

Page 606: ...device window to get the latest device status Make sure the connection between the device and the Vantage CNM is ok 2 Make sure the Vantage CNM s public IP address is properly configured For example y...

Page 607: ...ust added the device wait for at least 5 minutes for information to appear in each report 2 Click CNM System Setting Configuration VRPT Management Make sure the Vangtage Report server s status is on a...

Page 608: ...vices in the CNM System Setting Configuration VRPT Management Edit screen See Section 30 6 1 on page 573 3 Make sure there are log entries or traffic statistics for the report dates you selected For e...

Page 609: ...up Your Computer s IP Address 617 Pop up Windows Java Scripts and Java Permissions 635 IP Addresses and Subnetting 643 IP Address Assignment Conflicts 653 Common Services 657 Importing Certificates 6...

Page 610: ...610...

Page 611: ...ion Manual or XML file Building Blocks BB Reusable configurations BB repository Domain Administration One domain per administrator Multiple administrators per domain Different privileges for each admi...

Page 612: ...onding Firmware Version Vantage CNM Supports ZYXEL DEVICE FIRMWARE VERSION ZyNOS ZyWALL ZyNOS ZyXEL Networking Operation System is a ZyXEL proprietary system ZyWALL 2 3 62 ZyWALL 5 35 70 2 Plus 4 00 o...

Page 613: ...83 entrustsslca Jan 9 2003 DF F2 80 73 CC F1 E6 61 73 FC F5 42 E9 C5 7C EE thawtepersonalfreemailca Feb 13 1999 1E 74 C3 86 3C 0C 35 C5 3E C2 7F EF 3C AA 3C D9 verisignclass3ca Oct 27 2003 10 FC 63 5...

Page 614: ...balebusinessca1 Jul 19 2003 8F 5D 77 06 27 C4 98 3C 5B 93 78 E7 D7 7D 9B CC equifaxsecureebusinessca2 Jul 19 2003 AA BF BF 64 97 DA 98 1D 6F C6 08 3A 95 70 33 CA verisignclass2ca Oct 27 2003 B3 9C 25...

Page 615: ...the Table at the Bottom of Each Statistical Report 10 Log Consolidation Frequency 4 minutes Table 281 Default Access Administrator s username root Administrator s password root Configurator Access htt...

Page 616: ...Appendix A Product Specifications Vantage CNM User s Guide 616...

Page 617: ...P IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later op...

Page 618: ...Installing Components The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adap...

Page 619: ...Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Configuring 1 In the Network window Configuration tab selec...

Page 620: ...If you do not know your gateway s IP address remove previously installed gateways If you have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP I...

Page 621: ...following example figures use the default Windows XP GUI theme 1 Click start Start in Windows 2000 NT Settings Control Panel Figure 334 Windows XP Start Menu 2 In the Control Panel double click Networ...

Page 622: ...hen click Properties Figure 336 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties Figure 337 Windows X...

Page 623: ...e or more of the following if you want to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Sub...

Page 624: ...rties 7 In the Internet Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your...

Page 625: ...Click Close OK in Windows 2000 NT to close the Local Area Connection Properties window 10 Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your device...

Page 626: ...ting up Your Computer s IP Address Vantage CNM User s Guide 626 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 341 Macintosh OS 8...

Page 627: ...ly assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your device...

Page 628: ...tem Preferences window Figure 343 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab 3 F...

Page 629: ...s Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may vary dep...

Page 630: ...in IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fi...

Page 631: ...en Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the i...

Page 632: ...le in the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 351 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configura...

Page 633: ...s root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 10 1 19 129 Bcast 10 1 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 e...

Page 634: ...Appendix B Setting up Your Computer s IP Address Vantage CNM User s Guide 634...

Page 635: ...et Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Servi...

Page 636: ...in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 355 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers wit...

Page 637: ...ntage CNM User s Guide 637 2 Select Settings to open the Pop up Blocker Settings screen Figure 356 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to ha...

Page 638: ...dd to move the IP address to the list of Allowed sites Figure 357 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting Java Scripts If pages of the...

Page 639: ...orer click Tools Internet Options and then the Security tab Figure 358 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enab...

Page 640: ...k OK to close the window Figure 359 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3...

Page 641: ...sions Vantage CNM User s Guide 641 5 Click OK to close the window Figure 360 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure...

Page 642: ...Appendix C Pop up Windows Java Scripts and Java Permissions Vantage CNM User s Guide 642 3 Click OK to close the window Figure 361 Java Sun...

Page 643: ...r and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house nu...

Page 644: ...gical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If...

Page 645: ...umber bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address wi...

Page 646: ...You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the co...

Page 647: ...tting Figure 363 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255...

Page 648: ...255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and t...

Page 649: ...inary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID...

Page 650: ...t Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254...

Page 651: ...le Network Address Translation NAT on the device Once you have decided on the network number pick an IP address for your device that is easy to remember for instance 192 168 1 1 but make sure that no...

Page 652: ...68 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through a...

Page 653: ...addresses The following figure shows an example where the device is using a WAN IP address that is the same as the IP address of a computer on the LAN Figure 365 IP Address Conflicts Case A You must...

Page 654: ...LAN IP address is not in the DHCP IP address pool Case C The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP ad...

Page 655: ...e situations where two or more subscribers are using the same private IP address This may happen when a subscriber is configured to use a static or fixed IP address that is the same as the IP address...

Page 656: ...Appendix E IP Address Assignment Conflicts Vantage CNM User s Guide 656...

Page 657: ...r information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of the...

Page 658: ...ternet Group Multicast Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 6667 T...

Page 659: ...the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for u...

Page 660: ...ansfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing so...

Page 661: ...Navigator you can permanently trust the Vantage CNM s server certificate by importing it into your operating system as a trusted certification authority Select Accept This Certificate Permanently in...

Page 662: ...m as a trusted certification authority The following example procedure shows how to import the Vantage CNM s self signed server certificate into your operating system as a trusted certification author...

Page 663: ...Vantage CNM User s Guide 663 3 Click Next to begin the Install Certificate wizard Figure 372 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next Figu...

Page 664: ...Appendix G Importing Certificates Vantage CNM User s Guide 664 5 Click Finish to complete the Import Certificate wizard Figure 374 Certificate Import Wizard 3...

Page 665: ...G Importing Certificates Vantage CNM User s Guide 665 6 Click Yes to add the Vantage CNM certificate to the root store Figure 375 Root Certificate Store Figure 376 Certificate General Information afte...

Page 666: ...Appendix G Importing Certificates Vantage CNM User s Guide 666...

Page 667: ...Redistributions must also contain a copy of this document 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documen...

Page 668: ...ll mean the terms and conditions for use reproduction and distribution as defined by Sections 1 through 9 of this document Licensor shall mean the copyright owner or entity authorized by the copyright...

Page 669: ...cussing and improving the Work but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as Not a Contribution Contributor shall mean Licensor...

Page 670: ...tents of the NOTICE file are for informational purposes only and do not modify the License You may add Your own attribution notices within Derivative Works that You distribute alongside or as an adden...

Page 671: ...ative Works thereof You may choose to offer and charge a fee for acceptance of support warranty indemnity or other liability obligations and or rights consistent with this License However in accepting...

Page 672: ...THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE...

Page 673: ...trictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it For example if you distribute copies of the library whether gratis or for a fee you...

Page 674: ...the widest possible use of a certain library so that it becomes a de facto standard To achieve this non free programs must be allowed to use the library A more frequent case is that a free library doe...

Page 675: ...Whether that is true depends on what the Library does and what the program that uses the Library does 1 You may copy and distribute verbatim copies of the Library s complete source code as you receiv...

Page 676: ...they refer to the ordinary GNU General Public License version 2 instead of to this License If a newer version than version 2 of the ordinary GNU General Public License has appeared then you can speci...

Page 677: ...is License If the work during execution displays copyright notices you must include the copyright notice for the Library among them as well as a reference directing the user to the copy of this Licens...

Page 678: ...n the Library and explaining where to find the accompanying uncombined form of the same work 8 You may not copy modify sublicense link with or distribute the Library except as expressly provided under...

Page 679: ...nded to make thoroughly clear what is believed to be a consequence of the rest of this License 12 If the distribution and or use of the Library is restricted in certain countries either by patents or...

Page 680: ...ARY INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE EVEN IF SUCH...

Page 681: ...o know that what they have is not the original so that any problems introduced by others will not reflect on the original authors reputations Finally any free program is threatened constantly by softw...

Page 682: ...yright notice and a notice that there is no warranty or else saying that you provide a warranty and that users may redistribute the program under these conditions and telling the user how to view a co...

Page 683: ...less that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated place then offering equivalent access to copy th...

Page 684: ...ftware through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License 8 If the dis...

Page 685: ...INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLD...

Page 686: ...LOGY LICENSE FROM SUN MICROSYSTEMS INC TO DOUG LEA Whereas Doug Lea desires to utilize certain Java Software technologies in the util concurrent technology and Whereas Sun Microsystems Inc Sun desires...

Page 687: ...DITION VERSION 1 4 1_X SUPPLEMENTAL LICENSE TERMS These supplemental license terms Supplemental Terms add to or modify the terms of the Binary Code License Agreement collectively the Agreement Capital...

Page 688: ...s contained in or on the Redistributables iv you only distribute the Redistributables pursuant to a license agreement that protects Sun s interests consistent with the terms contained in the Agreement...

Page 689: ...ms i You may not distribute the Software on a stand alone basis it must be distributed with your Publication s ii You are responsible for downloading the Software from the applicable Sun web site iii...

Page 690: ...disclaimer 9 10 2 Redistributions in binary form must reproduce the above copyright 11 notice this list of conditions and the following disclaimer in the 12 documentation and or other materials provi...

Page 691: ...N THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT PLEASE READ THE TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE...

Page 692: ...ssemble the Software or any part thereof nor shall you attempt to create the source code from the object code for the Software You may not market co brand private label or otherwise permit third parti...

Page 693: ...Y CLAIM BY ANY OTHER PARTY EVEN IF ZyXEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES ZyXEL S AGGREGATE LIABILITY WITH RESPECT TO ITS OBLIGATIONS UNDER THIS AGREEMENT OR OTHERWISE WITH RESPECT...

Page 694: ...termination of this Software License Agreement 12 General This License Agreement shall be construed interpreted and governed by the laws of Republic of China without regard to conflicts of laws provi...

Page 695: ...ges in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communicatio...

Page 696: ...chaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held...

Page 697: ...389 address groups and firewall 319 447 and force user authentication policies 368 address objects and firewall 319 447 and force user authentication policies 368 and NAT 305 and policy routes 304 368...

Page 698: ...ad Peer Detection see DPD delete a device group 30 Denial of Service Dos attacks 329 device owners alarms 566 567 notifications 566 567 storing in address book 585 device search 36 device window 26 27...

Page 699: ...configuration 540 543 546 H h_CNMSystem_DevOwner 585 Hub Spoke 479 hub and spoke VPN see VPN concentrator I IANA 652 icons devices 31 folders 29 views 28 idle timeout 26 565 IE 7 0 security risk mess...

Page 700: ...menu bar 25 Microsoft Challenge Handshake Authentication Protocol MSCHAP 291 399 Challenge Handshake Authentication Protocol Version 2 MSCHAP V2 291 399 Point to Point Encryption MPPE 399 MPPE Microso...

Page 701: ...tection 329 report window 26 restoring CNM configuration 581 RFC 1058 RIP 308 1389 RIP 308 2402 AH 327 2406 ESP 327 RIP 308 and OSPF 308 and static routes 308 authentication 308 redistribute 308 rom f...

Page 702: ...27 create a group folder 30 delete a groupl 30 remove a group folder 31 trademarks 695 transport encapsulation 327 triangle routes allowing through the firewall 316 trunks and policy routes 304 membe...

Page 703: ...ranty 695 note 696 web configurator 25 device window 27 devices 31 function window 37 icons 26 27 timeout 26 title bar 26 27 web based SSL application create 401 WEP encryption 119 121 Windows Interne...

Reviews:

No comments

Related manuals for VANTAGE CNM

H3C MSR 20-20 Supplementary Manual preview
MSR 20-20
Brand: H3C Pages: 6
3Com OfficeConnect 3CP4144 How To Set Up preview
OfficeConnect 3CP4144
Brand: 3Com Pages: 4
3Com OfficeConnect 3CP4144 Release Note preview
OfficeConnect 3CP4144
Brand: 3Com Pages: 2
H3C MSR 20-20 User Manual preview
MSR 20-20
Brand: H3C Pages: 60
H3C MSR 20 Series Manual preview
MSR 20 Series
Brand: H3C Pages: 149
3Com 3C13636 Installation Manual preview
3C13636
Brand: 3Com Pages: 27
Datasat AP20 Installation And Operating Manual preview
AP20
Brand: Datasat Pages: 32
Campbell NL115 Instruction Manual preview
NL115
Brand: Campbell Pages: 42
QNAP QMiroPlus-201W Quick Installation Manual preview
QMiroPlus-201W
Brand: QNAP Pages: 20
YASKAWA SI-EP3/V Installation Manual preview
SI-EP3/V
Brand: YASKAWA Pages: 68
Accuphase AD-60 Instruction Manual preview
AD-60
Brand: Accuphase Pages: 2
ADTRAN ATLAS 550 Manual preview
ATLAS 550
Brand: ADTRAN Pages: 2
Acrosser Technology AMB-VDX3H1 Series Quick Start Manual preview
AMB-VDX3H1 Series
Brand: Acrosser Technology Pages: 4
Lorex LNR100 SERIES Instruction Manual preview
LNR100 SERIES
Brand: Lorex Pages: 186
Endace DAG 7.1S User Manual preview
DAG 7.1S
Brand: Endace Pages: 51
Barco Encore VPx Installation Manual preview
Encore VPx
Brand: Barco Pages: 30
ZALMAN CNPS7700 LED User Manual preview
CNPS7700 LED
Brand: ZALMAN Pages: 9
Cypress Semiconductor CY7C68033 Specification Sheet preview
CY7C68033
Brand: Cypress Semiconductor Pages: 33

Brands by name

Popular brands

Load more brands