manualshive.com logo in svg

ZyXEL Communications ZyWALL 10, User Manual

Share
Download
ZyXEL Communications ZyWALL 10 User Manual Download Page 166

ZyWALL 10 Internet Security Gateway

Introducing the ZyWALL Firewall

14-5

Table 14-4 View Firewall Log

Field

Description

#

This is the index number of the firewall log. 128 entries are available numbered from 0 to
127. Once they are all used, the log will wrap around and the old logs will be lost.

mm:dd:yy

e.g., Jan 1 70

Time

This is the time the log was recorded in this format.
You must configure Menu 24.10 for real time;
otherwise the clock started at Jan 1 70, 00:00:00 the
last time the ZyWALL 10 was reset.

hh:mm:ss

e.g., 00:00:00

From and To IP addresses

Packet
Information

This field lists packet information such as protocol and
src/dest port numbers (TCP, UDP), OR protocol, type
and code (ICMP).

protocol and port numbers.

not match

<1,01> dest IP

This means this packet does not match the
destination IP address in set 1, rule 1.
Other reasons (instead of 

dest IP)

 are 

src

IP

dest port

src port

 and 

protocol

.

Reason

This field states the reason for the log;
i.e., was the rule matched, not matched,
or was there an attack. The set and rule
coordinates (<X, Y> where X=1,2;
Y=00~10) follow with a simple
explanation. There are two policy sets;
set 1 (X = 1) is for LAN to WAN rules and
set 2 (X = 2) for WAN to LAN rules. Y
represents the rule in the set. You can
configure up to 10 rules in any set (Y = 01
to 10). Rule number 00 is the default rule.

attack

land

This is a log for a DoS attack - in this case
a land attack. Other attack types are 

ip

spoofing

icmp echo

icmp

 

vulnerability

,

NetBIOS

smtp

 

illegal command

,

traceroute

teardrop

, or 

syn flood.

Action

This field displays whether the packet was blocked, forwarded or neither (

block

,

forward

 or 

none

). 

None

 means that no action is dictated by this rule.

14.2  The Big Picture - Filtering, Firewall and NAT

The following diagram illustrates the path a packet takes as it passes through the filtering, firewall and NAT
process. NAT has been discussed in full in Chapter 6 of this manual. What follows is a brief comparison of
the firewall and filtering.

Summary of Contents for ZyWALL 10

Page 1: ...ZyWALL 10 Internet Security Gateway User s Guide Version 3 20 November 2000...

Page 2: ...r written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application...

Page 3: ...ance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the...

Page 4: ...ance with the above conditions may not prevent degradation of service in some situations Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the...

Page 5: ...ystem caused by household appliances and similar electrical equipment Harmonics 1995 EN 61000 3 3 Disturbance in supply system caused by household appliances and similar electrical equipment Voltage f...

Page 6: ...ZyWALL 10 Internet Security Gateway vi CE Doc...

Page 7: ...haser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held l...

Page 8: ...nce Based Industrial Park HsinChu Taiwan support zyxel com 1 714 632 0882 800 255 4101 www zyxel com North America sales zyxel com 1 714 632 0858 ftp zyxel com ZyXEL Communications Inc 1650 Miraloma A...

Page 9: ...1 3 Chapter 2 Hardware Installation Initial Setup 2 1 2 1 Front Panel LEDs and Back Panel Ports 2 1 2 1 1 Front Panel LEDs 2 1 2 2 ZyWALL 10 Rear Panel and Connections 2 2 2 3 Additional Installation...

Page 10: ...on 3 10 3 4 Basic Setup Complete 3 12 Advanced Applications II Chapter 4 Remote Node Setup 4 1 4 1 Remote Node Profile 4 1 4 1 1 Ethernet Encapsulation 4 1 4 1 2 PPPoE Encapsulation 4 3 4 1 3 PPTP Enc...

Page 11: ...6 4 4 Example 4 NAT Unfriendly Application Programs 6 20 Advanced Management III Chapter 7 Filter Configuration 7 1 7 1 About Filtering 7 1 7 1 1 The Filter Structure of the ZyWALL 7 2 7 2 Configurin...

Page 12: ...oad Firmware 10 3 10 4 1 Uploading the Router Firmware 10 3 10 4 2 Uploading Router Configuration File 10 4 10 5 TFTP File Transfer 10 5 10 5 1 Example TFTP Command 10 6 10 6 FTP File Transfer 10 7 10...

Page 13: ...4 13 4 Stateful Inspection 13 6 13 4 1 Stateful Inspection Process 13 7 13 4 2 Stateful Inspection the ZyWALL 13 8 13 4 3 TCP Security 13 8 13 4 4 UDP ICMP Security 13 9 13 4 5 Upper Layer Protocols 1...

Page 14: ...WAN Rules 16 3 16 3 2 WAN to LAN Rules 16 3 16 4 Services Supported 16 4 16 5 Rule Summary 16 6 16 5 1 Creating Editing Firewall Rules 16 8 16 5 2 Source Destination Addresses 16 10 16 6 Timeout 16 1...

Page 15: ...es Glossary and Index V Chapter 21 Troubleshooting 21 1 21 1 Problems Starting Up the ZyWALL 21 1 21 2 Problems with the LAN Interface 21 2 21 3 Problems with the WAN interface 21 2 21 4 Problems with...

Page 16: ...re 2 10 Menu 3 LAN Setup 2 12 Figure 2 11 Menu 3 1 LAN Port Filter Setup 2 12 Figure 3 1 Physical Network 3 4 Figure 3 2 Partitioned Logical Networks 3 4 Figure 3 3 Menu 3 LAN Setup 10 100 Mbps Ethern...

Page 17: ...to the Remote Node 6 6 Figure 6 5 Menu 15 NAT Setup 6 7 Figure 6 6 Menu 15 1 Address Mapping Sets 6 7 Figure 6 7 SUA Address Mapping Rules 6 8 Figure 6 8 First Set in Menu 15 1 1 6 10 Figure 6 9 Edit...

Page 18: ...21 4 1 1 Generic Filter Rule 7 12 Figure 7 12 Telnet Filter Example 7 14 Figure 7 13 Example Filter Menu 21 1 1 1 7 15 Figure 7 14 Example Filter Rules Summary Menu 21 1 3 7 16 Figure 7 15 Protocol an...

Page 19: ...elnet into Menu 24 7 1 10 7 Figure 10 7 Telnet into Menu 24 7 2 System Maintenance 10 8 Figure 10 8 FTP Session Example 10 9 Figure 11 1 Command Mode in Menu 24 11 1 Figure 11 2 Valid Commands 11 1 Fi...

Page 20: ...Traffic 16 4 Figure 16 3 Firewall Rules Summary First Screen 16 6 Figure 16 4 Creating Editing A Firewall Rule 16 9 Figure 16 5 Adding Editing Source Destination Addresses 16 11 Figure 16 6 Timeout S...

Page 21: ...2 Local Network Rule Summary 19 10 Figure 19 10 Example 2 Internet to Local Network Rule Summary 19 11 Figure 19 11 Custom Port for Syslog 19 12 Figure 19 12 Syslog Rule Configuration 19 13 Figure 19...

Page 22: ......

Page 23: ...en 3 10 Table 3 6 New Fields in Menu 4 PPPoE screen 3 12 Table 4 1 Fields in Menu 11 1 4 2 Table 4 2 Fields in Menu 11 1 PPPoE Encapsulation Specific 4 4 Table 4 3 Fields in Menu 11 1 PPTP Encapsulati...

Page 24: ...2 Third Party TFTP Clients General fields 10 6 Table 10 3 Third Party FTP Clients General fields 10 9 Table 11 1 Budget Management 11 3 Table 11 2 Call History Fields 11 4 Table 11 3 Time and Date Se...

Page 25: ...e 17 2 Creating Editing A Custom Port 17 4 Table 18 1 Log Screen 18 2 Table 20 1 Content Filtering Fields 20 3 Table 21 1 Troubleshooting the Start Up of your ZyWALL 21 1 Table 21 2 Troubleshooting th...

Page 26: ......

Page 27: ...can configure all features of the ZyWALL 10 via SMT but we recommend you configure the firewall using the ZyWALL Web Configurator About This User s Manual This manual is designed to guide you through...

Page 28: ...fault settings handy checklists information on setting up your PC and information on configuring your ZyWALL for Internet access Packing List Card Finally you should have a Packing List Card which lis...

Page 29: ...Getting Started I Part I Getting Started Chapters 1 3 are structured as a step by step guide to help you connect install and setup your ZyWALL to operate on your network and access the Internet...

Page 30: ......

Page 31: ...ll incoming traffic from the WAN to the LAN is blocked The ZyWALL firewall supports TCP UDP inspection DoS Denial of Services detection and prevention real time alerts reports and logs Note You can co...

Page 32: ...e Your ZyWALL supports SNMP agent functionality which allows a manager station to manage and monitor the ZyWALL through the network The ZyWALL supports SNMP version one SNMPv1 Auto negotiating 10 100M...

Page 33: ...pgrade ZyWALL Firmware via LAN The firmware of the ZyWALL 10 can be upgraded via the LAN Embedded FTP and TFTP Servers The ZyWALL s embedded FTP and TFTP Servers enable fast firmware upgrade as well a...

Page 34: ...Internet Security Gateway 1 4 Getting to Know Your ZyWALL Figure 1 2 Secure Internet Access via DSL You can also use your xDSL modem in the bridge mode for always on Internet access and high speed dat...

Page 35: ...g table describes the LED functions Table 2 1 LED functions LEDs Function Indicator Status Active Description PWR Power Green On The power adapter is connected to the ZyWALL Off The system is not read...

Page 36: ...wing figure shows the rear panel of your ZyWALL 10 and the connection diagram Figure 2 2 ZyWALL 10 Rear Panel and Connections This section outlines how to connect your ZyWALL 10 to the LAN and the WAN...

Page 37: ...em using the cable that came with your xDSL modem Step 3 Connecting the ZyWALL to the LAN For a single computer connect the 10 100M LAN port on the ZyWALL to the Network Adapter on the computer using...

Page 38: ...ED comes on if connections have been made to the LAN and WAN ports Initial Screen When you power on your ZyWALL it performs several internal tests as well as line initialization After the tests the Zy...

Page 39: ...Up Down arrow keys Within a menu press ENTER to move to the next field You can also use the Up Down arrow keys to move to the previous and the next field respectively Enter information Fill in or Pre...

Page 40: ...Firewall Setup Use this menu to set up filters as well as activate deactivate the firewall 22 SNMP Configuration Use this menu to set up SNMP related parameters 23 System Password Use this menu to set...

Page 41: ...that you had before and the speed of the console port will be reset to the default of 9600bps with 8 data bit no parity and 1 stop bit 8n1 The password will be reset to the default of 1234 also Turn o...

Page 42: ...a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a DNS name To use this service you must register with the Dy...

Page 43: ...by your router If you want to clear this field just press the SPACE BAR The domain name entered by you is given priority over the ISP assigned domain name zyxel com tw Edit Dynamic DNS Press the SPACE...

Page 44: ...ed to you Enable Wildcard Your ZyWALL supports DYNDNS Wildcard Press SPACE BAR to toggle between Yes or No This field is N A when you choose DDNS client as your service provider Yes The IP address wil...

Page 45: ...Examples MAC Address Assigned By Press the SPACEBAR to choose either of the two methods of assigning a MAC Address Choose Factory Default to select the factory assigned default MAC Address Choose IP A...

Page 46: ...ver the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 2 11 Menu 3 1 LAN Port Filter Setup Menu 3 2 is discussed in the next chapter Please read...

Page 47: ...also Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in sele...

Page 48: ...ays follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space...

Page 49: ...an ISP to tell a customer the DNS server addresses usually in the form of an information sheet when you sign up If your ISP does give you the DNS server addresses enter them in the DNS Server fields...

Page 50: ...on IP Multicasting can be enabled disabled on the ZyWALL LAN and or WAN interfaces using menus 3 2 LAN and 11 3 WAN Select None to disable IP Multicasting on these interfaces 3 1 7 IP Alias IP Alias a...

Page 51: ...Enter Menu Selection Number Menu 3 2 TCP IP and DHCP Ethernet Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary DNS Server 0 0 0 0 Secondary...

Page 52: ...P clients along with the IP address and the subnet mask Leave these entries at 0 0 0 0 if they are provided by a WAN DHCP server Follow the instructions in the following table to configure TCP IP para...

Page 53: ...P Alias Setup as shown next Figure 3 5 Menu 3 2 1 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters Table 3 3 IP Alias Setup Menu Fields Field Description...

Page 54: ...ur configuration or press Esc at any time to cancel 3 3 Internet Access Setup You will see three different Menu 4 screens depending on whether you chose Ethernet PPTP or PPPoE Encapsulation 3 3 1 Ethe...

Page 55: ...nd the RoadRunner Server IP if this field is left blank If it does not then you must enter the authentication server IP address IP Address Assignment If your ISP did not assign you a fixed IP address...

Page 56: ...creen Field Description Examples Encapsulation Press the SPACE BAR and then press ENTER to choose PPTP The encapsulation method influences your choices for IP Address PPTP Idle Timeout This value spec...

Page 57: ...nally PPPoE saves significant effort for both the end user and ISP carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the Zy...

Page 58: ...ALL automatically disconnects from the PPPoE server 100 default 3 4 Basic Setup Complete Well Done You have successfully connected installed and set up your ZyWALL to operate on your network as well a...

Page 59: ...d Applications II Part II Advanced Applications Advanced Applications Chapters 4 6 describes the advanced applications of your ZyWALL Applications discussed include Remote Node Setup IP Static routes...

Page 60: ...Remote Node Profile From the Main Menu select menu option 11 to open Menu 11 1 Remote Node Profile There are two variations of this menu depending on whether you choose Ethernet Encapsulation or PPPo...

Page 61: ...My Login This field is applicable for PPPoE encapsulation only Enter the login name assigned by your ISP when the ZyWALL calls this remote node Some ISPs append this field to the Service Name field ab...

Page 62: ...that you specify the correct authentication protocol when connecting to such an implementation Nailed Up Connection A nailed up connection is a dial up line where the connection is always up regardles...

Page 63: ...ld be reset For example if we are allowed to call this remote node for a maximum of 10 minutes every hour then the Allocated Budget is 10 minutes and the Period hr is 1 hour 1 Nailed Up Connection Thi...

Page 64: ...nnection name in the ANT It must follow the c id and n name format This field is optional and depends on the requirements of your xDSL Modem N My ISP Schedules You can apply up to four schedule sets h...

Page 65: ...SP IP Subnet Mask If you have a Static IP Assignment enter the subnet mask assigned to you Gateway IP Addr If you have a Static IP Assignment enter the gateway IP address assigned to you Network Addre...

Page 66: ...his setting None Version Press the SPACE BAR to select the RIP version from RIP 1 RIP 2B RIP 2M and None Multicast IGMP Internet Group Multicast Protocol is a session layer protocol used to establish...

Page 67: ...e LAN and each end must have a unique address within the WAN network number If this is the case enter the IP address assigned to the WAN port of your ZyWALL Note that this is the address assigned to y...

Page 68: ...Options Menu press Enter to return to Menu 11 Press Enter at the message Press ENTER to Confirm to save your configuration or press Esc at any time to cancel 4 2 2 Editing TCP IP Options with PPPoE E...

Page 69: ...ote Node Filter Input Filter Sets protocol filters 3 device filters Output Filter Sets protocol filters 1 device filters Enter here to CONFIRM or ESC to CANCEL Menu 11 5 Remote Node Filter Input Filte...

Page 70: ...e node specifies only the network to which the gateway is directly connected and the ZyWALL has no knowledge of the networks beyond For instance the ZyWALL knows about network N2 in the following diag...

Page 71: ...umber of one of the static routes you want to configure Figure 5 3 Menu 12 1 Edit IP Static Route The following table describes the IP Static Route Menu fields Menu 12 IP Static Route Setup 1 ________...

Page 72: ...immediate neighbor of your ZyWALL that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyWALL over the WAN the gateway must be the IP ad...

Page 73: ......

Page 74: ...n a packet when the packet is still in the local network while an inside global address IGA is the IP address of the same inside host when the packet is on the WAN side The following table summarizes...

Page 75: ...LAN and the IGA Inside Global Address is the source address on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the destination address on the WAN NAT maps pr...

Page 76: ...ide world Port numbers do not change for One to One and Many to Many No Overload NAT mapping types The following table summarizes these types Table 6 2 NAT Mapping Types Type IP Mapping SMT abbreviati...

Page 77: ...onfigured read only Many to 1 port mapping set sufficient for most purposes see section 6 4 for some examples and helpful to people already familiar with SUA in previous ZyNOS versions 6 1 6 NAT Appli...

Page 78: ...oggle the default No to Yes then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Figure 6 4 Applying NAT to the Remote Node Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsu...

Page 79: ...pes described in Table 6 2 None NAT is disabled when you select this option Network Address Translation SUA Only When you select this option the SMT will use Address Mapping Set 255 Menu 15 1 see sect...

Page 80: ...u select Full Feature in menu 4 or 11 3 the SMT will use Set 1 which supports all mapping types as outlined in Table 6 2 When you select SUA Only the SMT will use the pre configured Set 255 read only...

Page 81: ...ble explains the fields in this screen Please note that the fields in this menu are read only The Type Local and Global Start End IPs are normally not for this read only menu configured in Menu 15 1 1...

Page 82: ...enter 0 0 0 0 as the Global Start IP 0 0 0 0 Global End IP This is the ending global IP address IGA N A Type These are the mapping types discussed above see Table 6 2 Type Server allows us to specify...

Page 83: ...rule 7 not 9 Now if you delete rule 4 rules 5 to 7 will be pushed up by 1 rule so as old rule 5 becomes rule 4 old rule 6 becomes rule 5 and old rule 7 becomes rule 6 The description of the other fiel...

Page 84: ...ordering your rules as each rule is executed in turn beginning from rule 1 Selecting Edit in the Action field and then selecting a rule brings up the following menu Menu 15 1 1 1 Address Mapping Rule...

Page 85: ...ou cannot have an End IP address beginning before the Start IP address 6 3 NAT Server Sets A NAT server set is a list of inside servers behind NAT on the LAN that you can make visible to the outside w...

Page 86: ...address of the server in the IP Address field Step 4 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel Not...

Page 87: ...to Point Tunneling Protocol 1723 6 4 Examples 6 4 1 Internet Access Only In our Internet access example we only need one rule where all our ILAs Inside Local addresses map to one dynamic IGA Inside Gl...

Page 88: ...ion 6 1 4 The SUA Only read only option from the Network Address Translation field in Menus 4 and 11 3 is specifically pre configured to handle this case Menu 4 Internet Access Setup ISP s Name Change...

Page 89: ...re 6 15 Specifying an Inside Sever 6 4 3 Example 3 General Case In this example we have 3 IGAs from our ISP We have many departments but two have their own FTP server All departments share the same ro...

Page 90: ...and global IP addresses Rule 3 We map our other outgoing LAN traffic to IGA3 Many 1 mapping Rule 4 We also map our third IGA to our web server and mail server on the LAN Type Server allows us to speci...

Page 91: ...ok like as shown in Figure 6 19 Figure 6 17 Example 3 Menu 11 3 The following figure shows how to configure the first rule Figure 6 18 Example 3 Menu 15 1 1 1 Menu 11 3 Remote Node Network Layer Optio...

Page 92: ...2 Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0 0 0 255 255...

Page 93: ...s do not change for Many to Many No Overload and One to One NAT mapping types The following figure illustrates this Figure 6 21 NAT Example 4 Other applications e g gaming programs are NAT unfriendly...

Page 94: ...ddress Mapping Rule Type Many to Many No Overload Local IP Start 192 168 1 10 End 192 168 1 12 Global IP Start 10 132 50 1 End 10 132 50 3 Press ENTER to Confirm or ESC to Cancel Menu 15 1 1 Address M...

Page 95: ...nced Management III Part III Advanced Management Chapters 7 12 provides information on ZyWALL Filtering SNMP Configuration System Information and Diagnosis Transferring Files System Maintenance and Te...

Page 96: ......

Page 97: ...all filtering is used to determine if a packet should be allowed to trigger a call Remote node call filtering is only applicable when using PPPoE encapsulation Outgoing packets must undergo data filte...

Page 98: ...les and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can have...

Page 99: ...tch Next Filter Set Next Filter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet into filter Filter Set Forward Drop No Check Next Rule Figure 7 2 Filter Rule Process You can apply up...

Page 100: ...press Enter Step 4 Enter a descriptive name or comment in the Edit Comments field and press Enter Step 5 Press Enter at the message Press ENTER to confirm to open Menu 21 1 1 Filter Rules Summary Menu...

Page 101: ...0 0 0 DP 137 N D N 5 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 6 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D F Enter Filter Rule Number 1 6 to Configure Press ENTER to Confirm or ESC to Cancel Men...

Page 102: ...y matched if ALL rules in it are matched Y means an action can not yet be taken as there are more rules to check which are concatenated with the present rule to form a rule chain When the rule chain i...

Page 103: ...configure a filter rule type its number in Menu 21 1 Filter Rules Summary and press Enter to open Menu 21 1 1 for the rule To speed up filtering all rules in a filter set must be of the same class i...

Page 104: ...ve source route Yes No Destination IP Address Enter the destination IP Address of the packet you wish to filter This field is a don t care if it is 0 0 0 0 IP address Destination IP Mask Enter the IP...

Page 105: ...None Less Greater Equal Not Equal TCP Estab This field is applicable only when IP Protocol field is 6 TCP If yes the rule matches only established TCP connections else the rule matches all TCP packet...

Page 106: ...completed filling in Menu 21 1 1 1 TCP IP Filter Rule press Enter at the message Press Enter to Confirm to save your configuration or press Esc to cancel This data will now be displayed on Menu 21 1...

Page 107: ...e Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched Check...

Page 108: ...comparing the result against the Value to determine a match The Mask and Value are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4...

Page 109: ...ish to compare The range for this field is 0 to 8 Default 0 Mask Enter the mask in Hexadecimal to apply to the data portion before comparison Value Enter the value in Hexadecimal to compare with the d...

Page 110: ...filters This filter is designed to block outside users telnetting into the ZyWALL Figure 7 12 Telnet Filter Example Step 1 Enter 21 from the Main Menu to open Menu 21 1 Filter Set Configuration Step 2...

Page 111: ...tched Drop Action Not Matched Forward Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Press the SPACEBAR to choose this filter rule type The first filter rule type determines all sub...

Page 112: ...filter rules are discussed in more detail in the next section When NAT Network Address Translation is enabled the inside IP address and port number are replaced on a connection by connection basis whi...

Page 113: ...ign it them Sets of factory default filter rules have been configured in Menu 21 to prevent NetBIOS traffic from triggering calls and block incoming telnet FTP and HTTP connections If you do not activ...

Page 114: ...ts protocol filters when using Ethernet encapsulation Filter set 3 TEL_FTP_WEB_WAN blocks telnet FTP and web connections from the WAN Port to help prevent security breaches Apply them as shown in the...

Page 115: ...work Keep in mind that SNMP is only available if TCP IP is configured on your ZyWALL 8 2 Configuring SNMP To configure SNMP enter 22 from the Main Menu to open Menu 22 SNMP Configuration as shown in t...

Page 116: ...anagement station public Trusted Host If you enter a trusted host your ZyWALL will only respond to SNMP messages from this address If you leave the field blank default your ZyWALL will respond to all...

Page 117: ...ties and upgrades for the system software This chapter describes how to use these tools in detail Select menu 24 in the main menu to open Menu 24 System Maintenance as shown below Figure 9 1 Menu 24 S...

Page 118: ...ts the counters and Esc takes you back to the previous screen The table below describes the fields present in Menu 24 1 System Maintenance Status It should be noted that these fields are READ ONLY and...

Page 119: ...ls The number of collisions on this port Tx B s Shows the transmission speed in Bytes per second on this port Rx B s Shows the reception speed in Bytes per second on this port Up Time Total amount of...

Page 120: ...9 3 Menu 24 2 System Information and Console Port Speed 9 2 1 System Information System Information gives you information about your system as shown below More specifically it gives you information on...

Page 121: ...is shows the IP mask of the ZyWALL DHCP This field shows the DHCP setting of the ZyWALL 9 2 2 Console Port Speed You can change the speed of the console port through Menu 24 2 2 Console Port Speed You...

Page 122: ...es of Error and Information Messages Examples of typical error and information messages are presented in the figure below Figure 9 7 Examples of Error and Information Messages 9 3 2 UNIX Syslog The Zy...

Page 123: ...Types CDR Call Detail Record CDR logs all data phone line activity if set to Yes Packet triggered The first 48 bytes or octets and protocol type of the triggering packet is sent to the UNIX syslog se...

Page 124: ...ggered Packet triggered Message Format sdcmdSyslogSend SYSLOG_PKTTRI SYSLOG_NOTICE String String Packet trigger Protocol xx Data xxxxxxxxxx x Protocol 1 IP 2 IPX 3 IPXHC 4 BPDU 5 ATALK 6 IPNG Data We...

Page 125: ...oto Closing ppp Proto Shutdown Proto LCP ATCP BACP BCP CBCP CCP CHAP PAP IPCP IPXCP Jul 19 11 42 44 192 168 102 2 ZyXEL ppp LCP Closing Jul 19 11 42 49 192 168 102 2 ZyXEL ppp IPCP Closing Jul 19 11 4...

Page 126: ...s shown next IP Frame ENET0 RECV Size 44 44 Time 17 02 44 262 Frame Type IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragme...

Page 127: ...shown in Figure 9 11 LAN DHCP has already been discussed previously The ZyWALL can act either as a WAN DHCP client IP Address Assignment field in Menu 4 or Menu 11 3 is Dynamic and the Encapsulation...

Page 128: ...he Host IP Address field below 2 WAN DHCP Release Enter 2 to release your WAN DHCP settings 3 WAN DHCP Renewal Enter 3 to renew your WAN DHCP settings 4 Internet Setup Test Enter 4 to test the Interne...

Page 129: ...ce With many ftp and tftp clients they are as well as seen next ftp put zywall bin ras This is a sample ftp session showing the transfer of the PC file zywall bin to the ZyWALL ftp get rom 0 zywall cf...

Page 130: ...he problem still exists e mail or call tech support 10 2 Backup Configuration Option 5 from Menu 24 System Maintenance allows you to backup the current ZyWALL configuration to your workstation Backup...

Page 131: ...ration file via the console port There are two components in the system the router firmware and the configuration file as shown below Figure 10 3 Menu 24 7 System Maintenance Upload Firmware 10 4 1 Up...

Page 132: ...ity and 1 stop bit 8n1 You will need to change your serial communications software to the default before you can connect to the ZyWALL again The password will be reset to the default of 1234 also Foll...

Page 133: ...fault when the file transfer is complete Step 4 Launch the TFTP client on your workstation and connect to the ZyWALL Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP c...

Page 134: ...may see in third party TFTP clients Table 10 2 Third Party TFTP Clients General fields Host Enter the IP address of the ZyWALL 192 168 1 1 is the ZyWALL default IP address when shipped Send Fetch Pres...

Page 135: ...24 7 1 System Maintenance Upload Router Firmware To upload the router firmware follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router The...

Page 136: ...r zywall rom to the ZyWALL and renames it rom 0 See section 10 1 for more information on filename conventions Step 7 Type quit to exit the ftp prompt Menu 24 7 2 System Maintenance Upload Router Confi...

Page 137: ...ectory Specify the default remote directory path Initial Local Directory Specify the default local directory path FTP over WAN will not work if 1 You have disabled Telnet service in Menu 24 11 2 You h...

Page 138: ......

Page 139: ...rial connection See our supplied disk or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing hel...

Page 140: ...s will be blocked Call history chronicles preceding incoming and outgoing calls To access the call control menu select option 9 Call Control in Menu 24 to go to Menu 24 9 System Maintenance Call Contr...

Page 141: ...index number of the remote node you want to reset just one in this case 1 Connection Time Total Budget This is the total connection time that has gone by within the allocated budget that you set in Me...

Page 142: ...Chip RTC chip in the ZyWALL so we have a software mechanism to get the current time and date from an external server when you power up your ZyWALL Menu 24 10 does just that it allows you to update th...

Page 143: ...ISP network administrator or use trial and error to find a protocol that works If you select None this is the default value you can enter the time manually but each time the system is booted the time...

Page 144: ...one in Menu 24 11 Remote Management Control Enter 11 from Menu 24 to bring up this menu All Telnet and FTP activity both LAN and WAN may be disabled by selecting No press the SPACE BAR to toggle Yes t...

Page 145: ...re given a choice to go into debug mode by pressing a key at the prompt shown in the following screen In debug mode you have access to a series of boot module commands for example ATUR for uploading f...

Page 146: ...M test level w from address x to y z iterations ATWEa b c d write MAC addr Country code EngDbgFlag FeatureBit to flash ROM ATCUx write Country code to flash ROM ATCB copy from FLASH ROM to working buf...

Page 147: ...r is specified telnet connections from the outside will be forwarded to the inside server So to configure the ZyWALL via telnet from the outside you must first telnet to the inside server and then tel...

Page 148: ...he LAN To enable Telnet over the WAN you must turn the firewall off Menu 21 2 or create a firewall rule to allow Telnet from the WAN Telnet will also not work when 1 You have disabled Telnet service i...

Page 149: ...he ZyWALL Firewall and ZyWALL Web Configurator describes how to create Custom Rules and to configure customized ports explains Logs and provides Example Firewall Rules Chapter 20 explains Content Filt...

Page 150: ...ewalls 1 Packet Filtering Firewalls 2 Application level Firewalls 3 Stateful Inspection firewalls 13 1 1 Packet Filtering Firewalls Packet Filtering Firewalls restrict access based on the source desti...

Page 151: ...firewall and is designed to protect against Denial of Service attacks when activated in SMT Menu 21 2 or in the ZyWALL Web Configurator The ZyWALL s purpose is to allow a private Local Area Network L...

Page 152: ...application protocols that perform specific functions These protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc are identified by an extension number called the TCP port or UDP port...

Page 153: ...he IP specification The oversize packet is then sent to an unsuspecting system Systems may crash hang or reboot 1 b Teardrop attack exploits weaknesses in the reassembly of IP packet fragments As data...

Page 154: ...e the targeted system waits for the ACK that follows the SYN ACK it queues up all outstanding SYN ACK responses on what is known as a backlog queue SYN ACKs are moved off the queue only when an ACK co...

Page 155: ...hacker s identity or to magnify the effect of the DoS attack IP Spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into thinking that the communica...

Page 156: ...from the firewall s LAN to the WAN 2 The packet is evaluated against the interface s existing outbound access list and the packet is permitted a denied packet would simply be dropped at this point 3...

Page 157: ...pes of traffic from the Internet to specific hosts on the LAN iii Allow access to a Web server to everyone but competitors iv Restrict use of certain protocols such as Telnet to authorized users on th...

Page 158: ...o replies outgoing address mask requests will allow incoming address mask replies and outgoing timestamp requests will allow incoming timestamp replies No other ICMP packets are allowed in through the...

Page 159: ...n to develop a comprehensive security plan Good network administration takes into account what hackers can do and prepares against attacks The best defense against hackers and crackers is information...

Page 160: ...rity deficiencies When you upgrade to the latest versions you get the latest patches and fixes 10 If you use chat rooms or IRC sessions be careful with any information you reveal to strangers 11 If yo...

Page 161: ......

Page 162: ...g screen Press the SPACE BAR to toggle No to Yes in the Active field to activate the firewall The firewall must be active to protect against Denial of Service DoS attacks Additional rules may be confi...

Page 163: ...Spoofing may be used to break into systems to hide the hacker s identity or to magnify the effect of the DoS attack IP Spoofing is a technique used to gain unauthorized access to computers by trickin...

Page 164: ...e resulting ICMP traffic will not only clog up the intermediary network but will also congest the network of the spoofed source IP address known as the victim network This flood of broadcast traffic c...

Page 165: ...uses the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows the SYN ACK it queues up all outstanding SYN ACK responses on what is known as a backlog q...

Page 166: ...src port and protocol Reason This field states the reason for the log i e was the rule matched not matched or was there an attack The set and rule coordinates X Y where X 1 2 Y 00 10 follow with a sim...

Page 167: ...he ZyWALL s filtering and firewall functions 14 3 1 Packet Filtering The router filters packets as they pass through the router s interface according to the filter rules you designed Packet filtering...

Page 168: ...with the outbound request for that packet and allowed in Conversely an incoming packet masquerading as a response to a nonexistent outbound request can be blocked The firewall uses session filtering...

Page 169: ......

Page 170: ...is not 3 The Password is case sensitive 4 The Web Configurator times out after 5 minutes of inactivity The time out is not configurable 5 Please make sure that your web browser is Java and JavaScript...

Page 171: ...nfigurator After a successful login you will see the Welcome screen shown next Figure 15 2 ZyWALL Web Configurator Welcome Screen 15 2 Enabling the Firewall Click Firewall then Configuration then the...

Page 172: ...out right away You can choose to generate an alert when an attack is detected in the Attack Alert screen Figure 15 6 check the Generate an alert when attack detected checkbox or when a rule is matched...

Page 173: ...atch a rule don t match a rule or both when you are creating editing a firewall rule see Figure 16 4 You can also choose not to create a log for a rule in this screen An attack automatically generates...

Page 174: ...ZyWALL as the sender of the e mail messages i e a return to sender address for backup purposes Alert Timer Alert Schedule This pop up menu is used to configure the frequency of log messages being sen...

Page 175: ...es E mail error messages appear as SMTP action request failed ret where is described in the following table Table 15 2 SMTP Error Messages 1 means ZyWALL out of socket 2 means tcp SYN fail 3 means smt...

Page 176: ...8 1 4 To 192 168 1 255 match forward 10 04 29 UDP src port 00137 dest port 00137 1 02 122 Apr 7 00 From 192 168 1 4 To 192 168 1 255 match forward 10 04 30 UDP src port 00137 dest port 00137 1 02 123...

Page 177: ...means that the firewall has detected no return traffic The ZyWALL measures both the total number of existing half open sessions and the rate of session establishment attempts Both TCP and UDP half ope...

Page 178: ...t is greater than 0 The ZyWALL blocks all new connection requests to the host giving the server time to handle the present connections The ZyWALL continues to block all new connection requests until t...

Page 179: ...nnection attempts rises above this number the ZyWALL deletes half open sessions as required to accommodate new connection attempts 100 half open sessions per minute The above numbers cause the ZyWALL...

Page 180: ...Enter a number between 1 and 250 As a general rule you should choose a smaller number for a smaller network a slower system or limited bandwidth 10 existing half open TCP sessions Blocking Time When...

Page 181: ......

Page 182: ...AN to the Internet Allow certain types of traffic such as Lotus Notes database synchronization from specific hosts on the Internet to specific hosts on the LAN Allow access to a Web server to everyone...

Page 183: ...net users access to resources on the LAN create a security vulnerability For example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to PCs with r...

Page 184: ...AN to WAN traffic is that all users on the LAN are allowed non restricted access to the WAN When you configure Policy LAN to WAN Rules you in essence want to limit some or all users from accessing cer...

Page 185: ...on discussed later Next to the name of the protocol two fields appear in brackets The first field indicates the IP port number that defines the service TCP Port UDP Port or ICMP Type The second field...

Page 186: ...ce RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login RTELNET...

Page 187: ...ussion below refers to both Click on Firewall then Local Network to bring up the following screen This screen is a summary of the existing rules Note the order in which the rules are listed Special No...

Page 188: ...rewall rule number The ordering of your rules is important as rules are applied in turn The Move field below allows you to reorder your rules Source IP This is the source address of the packet Destina...

Page 189: ...You may reorder your rules using this function Select by clicking in the Firewall Rule Summary box on the rule you want to move The ordering of your rules is important as rules are applied in turn To...

Page 190: ...ne or SrcDelete to delete one Please see the next section for more information on adding and editing source addresses SrcAdd SrcEdit SrcDelete Destination Address Press DestAdd to add a new address De...

Page 191: ...This field determines if a log is created for packets that match the rule don t match the rule both or no log is created Match Not Match Both None Alert Check the Alert checkbox to determine that this...

Page 192: ...to apply to packets with a particular single IP a range of IP addresses e g 192 168 1 10 to 192 169 1 50 a subnet or any IP address Select an option from the drop down list box Single Address Range A...

Page 193: ...n this screen 16 6 Timeout The fields in the Timeout screens are the same for Local and Internet networks so the discussion below refers to both 16 6 1 Factors Influencing Choices for Timeout Values T...

Page 194: ...s a FIN exchange indicating the end of the TCP session 60 seconds Idle Timeout This is the length of time of inactivity a TCP connection remains open before the ZyWALL considers the connection closed...

Page 195: ......

Page 196: ...ZyWALL see Figure 16 4 For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website For further information on these services please read section 16...

Page 197: ...defines your customized port Add a New Entry Click this button to create a new service custom port Edit Click this button to edit an existing service custom port Delete Click a custom port in the cust...

Page 198: ...ZyWALL 10 Internet Security Gateway Custom Ports 17 3 Figure 17 2 Creating Editing A Custom Port The next table describes the fields in this screen...

Page 199: ...ox TCP UDP Both Port Configuration Type Click the Single radio button to specify one port only or Range radio button to specify a span of ports that define your customized service Single Range Port Nu...

Page 200: ...n the Logs to bring up the next screen Firewall logs may also be viewed in SMT Menu 21 3 see section 14 1 1 or via syslog SMT Menu 24 3 2 System Maintenance UNIX Syslog Syslog is an industry standard...

Page 201: ...t and rule coordinates X Y where X 1 2 Y 00 10 follow with a simple explanation There are two policy sets set 1 X 1 is for LAN to WAN rules and set 2 X 2 for WAN to LAN rules Y represents the rule in...

Page 202: ...ZyWALL 10 Internet Security Gateway Logs 18 3 Field Description When you have finished viewing this screen click another link to exit...

Page 203: ......

Page 204: ...et and mail services The only traffic allowed from the Internet is web service You want to be able to forward all traffic initiated from the local network You want to know who accesses your server and...

Page 205: ...Example Firewall Rules Figure 19 1 Activate The Firewall Step 2 Configure your E mail screen as follows Click the E Mail tab to bring up the next screen Check here to activate the firewall You may als...

Page 206: ...ernet Configure this screen as shown in Figure 19 3 Step 4 Click DestAdd to configure the destination address as the IP of our server on the LAN See Figure 19 4 Step 5 When you have finished configuri...

Page 207: ...the LAN See the next screen This is an Internet to Local Network rule Select this service web service from the Available Services list box and click Forward the packet when it matches this rule rememb...

Page 208: ...Rules 19 5 Figure 19 4 Example 1 Destination Address for Traffic Originating From The Internet 10 100 1 2 is the IP of our server on the LAN supporting FTP HTTP Telnet and mail services to which we w...

Page 209: ...92 168 10 5 You want i To send alerts when there is an attack ii To only allow access to the Internet from the HTTP proxy server and our mail server iii To only allow FTP server One to be accessible f...

Page 210: ...want to restrict access to the Internet except for the HTTP proxy server and your mail server First you need to create a custom port for POP3 POP Post Office Protocol is an Internet mail server protoc...

Page 211: ...roxy server and our mail server Click Internet to see the Rule Summary screen Now click an available No rule number radio button then click Edit to bring up the next screen Step 5 Click SrcAdd under t...

Page 212: ...HTTP proxy server Step 7 The Rule Summary screen should look like Figure 19 9 Don t forget to click Apply when you have finished configuring your rule s to save your settings back to the ZyWALL This...

Page 213: ...screen Now click on the DestAdd button under the Destination Address box and enter the IP of FTP server One 192 168 10 3 Follow the same procedure as shown in Figure 19 3 and Figure 19 4 Step 9 On com...

Page 214: ...ing are some Internet firewall rules examples to 1 Allow DHCP negotiation between the ISP and the ZyWALL 10 2 Allow a syslog connection from the Internet Step 1 Follow the procedure shown next to firs...

Page 215: ...Follow the procedures outlined in the previous examples to configure all your rules When finished your rule summary screen should look like the following Custom ports show up with an before their nam...

Page 216: ...LL 10 Internet Security Gateway Example Firewall Rules 19 13 Figure 19 12 Syslog Rule Configuration This is our Syslog custom port This is the address range of the syslog servers Click Apply when fini...

Page 217: ...way 19 14 Example Firewall Rules Figure 19 13 Example 3 Rule Summary Rule 1 Allow DHCP negotiation between the ISP and the ZyWALL 10 Rule 2 Allow a syslog connection from the WAN Click Apply to save y...

Page 218: ...1 2 Java Java is a programming language and development environment created by Sun Microsystems for building downloadable Web components or even a sophisticated environment for building Internet and i...

Page 219: ...hen that user requests a Web page their Web browser formats the request for the proxy server hiding it from the content filter As a result the user is able to access unfiltered content on the Internet...

Page 220: ...age will appear blank or grayed out Block Web URLs Enter a domain name as discussed above then press Add Domain Name The page reloads and the new domain name appears in the Block Web URLs box When you...

Page 221: ...ing Appendices Glossary and Index V Part V Troubleshooting Appendices Glossary and Index Chapter 21 provides information about solving common problems followed by some Appendices a Glossary of Terms a...

Page 222: ......

Page 223: ...on None of the LEDs are on when you power on the ZyWALL Check the connection between the AC adapter and the ZyWALL If the error persists you may have a hardware problem In this case you should contact...

Page 224: ...ind out the verification method used by your ISP If the ISP checks the LAN MAC Address tell the ISP the WAN MAC address of the ZyWALL The WAN MAC can be obtained from Menu 24 1 In case the ISP does no...

Page 225: ...nu 3 2 and Menu 4 21 5 Problems with the Firewall Problem Corrective Action You can ONLY configure the firewall via ZyWALL Web Configurator or CI command You will not be able to access the ZyWALL Web...

Page 226: ......

Page 227: ...vices using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the carriers of provisioning vi...

Page 228: ...the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the AC as...

Page 229: ...s deployed in such a setup it appears as a PC to the ANT ADSL Network Termination In Windows VPN or PPTP Pass Through feature the PPTP tunneling is created from Windows 95 98 and NT clients to an NT s...

Page 230: ...ndows OS In Microsoft s implementation the PC and hence the ZyWALL is the PNS that requests the PAC the ANT to place an outgoing call over AAL5 to an RFC 2364 server Control PPP connections Each PPTP...

Page 231: ...0Mbit Half Duplex Ethernet Specification for LAN 10 100 Mbit Half Full Auto negotiation Console Port RS 232 Pin 1 NON Pin 2 DTE RXD Pin 3 DTE TXD Pin 4 DTE DTR Pin 5 GND Pin 6 DTE DSR Pin 7 DTE RTS Pi...

Page 232: ...ANSI NFPA 70 8 Do not allow anything to rest on the power cord of the AC adapter and do not locate the product where anyone can walk on the power cord 9 Do not service the product by yourself Opening...

Page 233: ...ay firewall Displays the all the firewall settings including e mail attack and sets rules config display firewall set set Displays current entries of a set configuration including timeout values name...

Page 234: ...es A At tt ta ac ck k config edit firewall attack send alert yes no Activates or deactivates the firewall DOS attack notification e mails config edit firewall attack block yes no Yes to block the traf...

Page 235: ...idle TCP session before it is terminated config edit firewall set set log yes no Switches on off the logs for matching default permit R Ru ul le es s config edit firewall set set rule rule permit for...

Page 236: ...s and edits a destination address range of traffic which comply to this rule config edit firewall set set rule rule TCP destport single port Selects and edits the destination port of the traffic which...

Page 237: ...ail Removes all the settings for e mail alert config delete firewall attack Resets all the settings for attack to default setting config delete firewall set set Removes the specified set from the fire...

Page 238: ...mption 9 W Plug North American standards Safety standards UL CUL UL1950 CSA C22 2 NO 234 M90 European Union AC Power Adapter model AD 1201200DV Input power AC230Volts 50Hz Output power DC12Volts 1 2A...

Page 239: ...lts 50 60Hz 27VA Output power DC12Volts 1 2A Power consumption 9 W Plug Japan standards Safety standards T Mark Australia and New Zealand AC Power Adapter model AD 1201200DS Input power AC240Volts 50H...

Page 240: ...access to a system Bandwidth This is the capacity on a link usually measured in bits per second bps Bit Binary Digit A single digit number in base 2 in other words either a 1 or a zero The smallest un...

Page 241: ...ervice units are actually two separate devices but they are used in conjunction and often combined into the same box The devices are part of the hardware you need to connect computer equipment to digi...

Page 242: ...raffic flows at the same speed in both directions or asymmetrical the downstream capacity is higher than the upstream capacity DSL connections are point to point dedicated circuits meaning that they a...

Page 243: ...way A gateway is a computer system or other device that acts as a translator between two systems that do not use the same communication protocols data formatting structures languages and or architectu...

Page 244: ...am services IRC Internet Relay Chat IRC was developed in the late 1980s as a way for multiple users on a system to chat over the network Today IRC is a very popular way to talk in real time with other...

Page 245: ...ility Packet Filter A filter that scans packets and decides whether to let them through PAP Password Authentication Protocol PAP is a security protocol that requires users to enter a password before a...

Page 246: ...t is part of a URL appearing after a colon right after the domain name Every service on an Internet server listens on a particular port number on that server Most services have standard port numbers e...

Page 247: ...as a path through the network It does not need to be set up or torn down for each session Reconnaissance The finding and observation of potential targets for a cracker to attack RFC An RFC Request for...

Page 248: ...pair cable consists of copper core wires surrounded by an insulator Two wires are twisted together to form a pair and the pair form a balanced circuit The twisting prevents interference problems STP...

Page 249: ...r The URL is basically a pointer to the location of an object VPN Virtual Private Network These networks use public connections such as the Internet to transfer information That information is usually...

Page 250: ...CDR 9 7 CHAP 4 4 CLI Commands G COM Component Object Model 20 1 Command Interpreter Mode 11 1 Configuring A POP Custom Port 19 8 Configuring A Rule 19 5 console port 2 3 Console Port 2 3 9 4 9 5 E Co...

Page 251: ...14 2 SMT Menus 14 1 Types 13 1 Vs Filters 14 6 Web Configurator 15 1 When To Use 14 7 Flow Control 2 4 Front Panel LEDs 2 1 FTP File Transfer 10 7 FTP Server 1 3 6 18 G General Setup 2 7 H Half Open...

Page 252: ...What NAT does 6 1 NetBIOS commands 14 3 Network Address Translation NAT 1 2 6 1 12 1 O One Minute High 15 10 One Minute Low 15 10 one minute high 15 8 P Packet Filtering Firewalls 13 1 Packet Informat...

Page 253: ...3 16 11 Support Disk xxviii SYN Flood 13 4 13 5 14 4 SYN ACK 13 5 14 4 Syslog 19 11 Syslog IP Address 9 7 System Information 9 1 9 4 System Maintenance 2 6 9 1 9 2 9 3 9 4 9 5 9 6 9 7 9 11 9 12 10 1 1...

Page 254: ...See ZyWALL 10 Web Configurator Web Proxy 20 2 Welcome screen 15 2 X xDSL modem 1 3 1 4 2 3 2 4 4 3 21 2 21 3 XMODEM protocol 10 2 Z ZyNOS 2 11 6 4 6 6 9 3 9 5 10 1 10 2 ZyNOS F W Version 9 3 9 5 10 1...

Reviews:

No comments

Brands by name

Popular brands

Load more brands