ZyXEL Communications ZyWALL 10 Скачать руководство пользователя страница 204 | Manualshive

Страница: 204 / 254

background image

ZyWALL 10 Internet Security Gateway

Example Firewall Rules

19-1

Chapter 19

Example Firewall Rules

19.1 Examples

Please note that whenever you open a hole in the firewall to forward a service from the Internet to the local
network, and NAT is also enabled, you may have to also configure a server behind NAT using SMT menu
15.2. Please see the chapter on NAT for more detailed information on NAT and also

see Figure 14-5

for a

view of how Filtering, the Firewall and NAT interact.

19.1.1 Example 1 - Firewall Rule To Allow Web Service From The Internet

Let’s say you have one server on the local network, with an IP of 10.100.1.2, supporting FTP, HTTP,
Telnet and mail services. The only traffic allowed from the Internet is web service. You want to be able to
forward all traffic initiated from the local network. You want to know who accesses your server and send e-
mail alerts when this happens. Assume, for example, your mail account is

[email protected]

. Another

network administrator has an e-mail address of

[email protected]

. Follow the steps below.

Step 1.

Activate the firewall. You may activate the firewall by ZyWALL Web Configurator shown next
(click

Configuration

, the

Config

tab, then check the

Firewall Enabled

box) or in SMT Menu

21.2. You can only configure the firewall using the ZyWALL Web Configurator or CI
commands (

see the Appendix

). When the firewall is active, the default rules allow all traffic

from the local network to the WAN (Internet) and block all traffic from the Internet to the local
network.

«
...
202
203
204
205
206
...
»

Содержание ZyWALL 10

Страница 1: ...ZyWALL 10 Internet Security Gateway User s Guide Version 3 20 November 2000...

Страница 2: ...r written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application...

Страница 3: ...ance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the...

Страница 4: ...ance with the above conditions may not prevent degradation of service in some situations Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the...

Страница 5: ...ystem caused by household appliances and similar electrical equipment Harmonics 1995 EN 61000 3 3 Disturbance in supply system caused by household appliances and similar electrical equipment Voltage f...

Страница 6: ...ZyWALL 10 Internet Security Gateway vi CE Doc...

Страница 7: ...haser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held l...

Страница 8: ...nce Based Industrial Park HsinChu Taiwan support zyxel com 1 714 632 0882 800 255 4101 www zyxel com North America sales zyxel com 1 714 632 0858 ftp zyxel com ZyXEL Communications Inc 1650 Miraloma A...

Страница 9: ...1 3 Chapter 2 Hardware Installation Initial Setup 2 1 2 1 Front Panel LEDs and Back Panel Ports 2 1 2 1 1 Front Panel LEDs 2 1 2 2 ZyWALL 10 Rear Panel and Connections 2 2 2 3 Additional Installation...

Страница 10: ...on 3 10 3 4 Basic Setup Complete 3 12 Advanced Applications II Chapter 4 Remote Node Setup 4 1 4 1 Remote Node Profile 4 1 4 1 1 Ethernet Encapsulation 4 1 4 1 2 PPPoE Encapsulation 4 3 4 1 3 PPTP Enc...

Страница 11: ...6 4 4 Example 4 NAT Unfriendly Application Programs 6 20 Advanced Management III Chapter 7 Filter Configuration 7 1 7 1 About Filtering 7 1 7 1 1 The Filter Structure of the ZyWALL 7 2 7 2 Configurin...

Страница 12: ...oad Firmware 10 3 10 4 1 Uploading the Router Firmware 10 3 10 4 2 Uploading Router Configuration File 10 4 10 5 TFTP File Transfer 10 5 10 5 1 Example TFTP Command 10 6 10 6 FTP File Transfer 10 7 10...

Страница 13: ...4 13 4 Stateful Inspection 13 6 13 4 1 Stateful Inspection Process 13 7 13 4 2 Stateful Inspection the ZyWALL 13 8 13 4 3 TCP Security 13 8 13 4 4 UDP ICMP Security 13 9 13 4 5 Upper Layer Protocols 1...

Страница 14: ...WAN Rules 16 3 16 3 2 WAN to LAN Rules 16 3 16 4 Services Supported 16 4 16 5 Rule Summary 16 6 16 5 1 Creating Editing Firewall Rules 16 8 16 5 2 Source Destination Addresses 16 10 16 6 Timeout 16 1...

Страница 15: ...es Glossary and Index V Chapter 21 Troubleshooting 21 1 21 1 Problems Starting Up the ZyWALL 21 1 21 2 Problems with the LAN Interface 21 2 21 3 Problems with the WAN interface 21 2 21 4 Problems with...

Страница 16: ...re 2 10 Menu 3 LAN Setup 2 12 Figure 2 11 Menu 3 1 LAN Port Filter Setup 2 12 Figure 3 1 Physical Network 3 4 Figure 3 2 Partitioned Logical Networks 3 4 Figure 3 3 Menu 3 LAN Setup 10 100 Mbps Ethern...

Страница 17: ...to the Remote Node 6 6 Figure 6 5 Menu 15 NAT Setup 6 7 Figure 6 6 Menu 15 1 Address Mapping Sets 6 7 Figure 6 7 SUA Address Mapping Rules 6 8 Figure 6 8 First Set in Menu 15 1 1 6 10 Figure 6 9 Edit...

Страница 18: ...21 4 1 1 Generic Filter Rule 7 12 Figure 7 12 Telnet Filter Example 7 14 Figure 7 13 Example Filter Menu 21 1 1 1 7 15 Figure 7 14 Example Filter Rules Summary Menu 21 1 3 7 16 Figure 7 15 Protocol an...

Страница 19: ...elnet into Menu 24 7 1 10 7 Figure 10 7 Telnet into Menu 24 7 2 System Maintenance 10 8 Figure 10 8 FTP Session Example 10 9 Figure 11 1 Command Mode in Menu 24 11 1 Figure 11 2 Valid Commands 11 1 Fi...

Страница 20: ...Traffic 16 4 Figure 16 3 Firewall Rules Summary First Screen 16 6 Figure 16 4 Creating Editing A Firewall Rule 16 9 Figure 16 5 Adding Editing Source Destination Addresses 16 11 Figure 16 6 Timeout S...

Страница 21: ...2 Local Network Rule Summary 19 10 Figure 19 10 Example 2 Internet to Local Network Rule Summary 19 11 Figure 19 11 Custom Port for Syslog 19 12 Figure 19 12 Syslog Rule Configuration 19 13 Figure 19...

Страница 22: ......

Страница 23: ...en 3 10 Table 3 6 New Fields in Menu 4 PPPoE screen 3 12 Table 4 1 Fields in Menu 11 1 4 2 Table 4 2 Fields in Menu 11 1 PPPoE Encapsulation Specific 4 4 Table 4 3 Fields in Menu 11 1 PPTP Encapsulati...

Страница 24: ...2 Third Party TFTP Clients General fields 10 6 Table 10 3 Third Party FTP Clients General fields 10 9 Table 11 1 Budget Management 11 3 Table 11 2 Call History Fields 11 4 Table 11 3 Time and Date Se...

Страница 25: ...e 17 2 Creating Editing A Custom Port 17 4 Table 18 1 Log Screen 18 2 Table 20 1 Content Filtering Fields 20 3 Table 21 1 Troubleshooting the Start Up of your ZyWALL 21 1 Table 21 2 Troubleshooting th...

Страница 26: ......

Страница 27: ...can configure all features of the ZyWALL 10 via SMT but we recommend you configure the firewall using the ZyWALL Web Configurator About This User s Manual This manual is designed to guide you through...

Страница 28: ...fault settings handy checklists information on setting up your PC and information on configuring your ZyWALL for Internet access Packing List Card Finally you should have a Packing List Card which lis...

Страница 29: ...Getting Started I Part I Getting Started Chapters 1 3 are structured as a step by step guide to help you connect install and setup your ZyWALL to operate on your network and access the Internet...

Страница 30: ......

Страница 31: ...ll incoming traffic from the WAN to the LAN is blocked The ZyWALL firewall supports TCP UDP inspection DoS Denial of Services detection and prevention real time alerts reports and logs Note You can co...

Страница 32: ...e Your ZyWALL supports SNMP agent functionality which allows a manager station to manage and monitor the ZyWALL through the network The ZyWALL supports SNMP version one SNMPv1 Auto negotiating 10 100M...

Страница 33: ...pgrade ZyWALL Firmware via LAN The firmware of the ZyWALL 10 can be upgraded via the LAN Embedded FTP and TFTP Servers The ZyWALL s embedded FTP and TFTP Servers enable fast firmware upgrade as well a...

Страница 34: ...Internet Security Gateway 1 4 Getting to Know Your ZyWALL Figure 1 2 Secure Internet Access via DSL You can also use your xDSL modem in the bridge mode for always on Internet access and high speed dat...

Страница 35: ...g table describes the LED functions Table 2 1 LED functions LEDs Function Indicator Status Active Description PWR Power Green On The power adapter is connected to the ZyWALL Off The system is not read...

Страница 36: ...wing figure shows the rear panel of your ZyWALL 10 and the connection diagram Figure 2 2 ZyWALL 10 Rear Panel and Connections This section outlines how to connect your ZyWALL 10 to the LAN and the WAN...

Страница 37: ...em using the cable that came with your xDSL modem Step 3 Connecting the ZyWALL to the LAN For a single computer connect the 10 100M LAN port on the ZyWALL to the Network Adapter on the computer using...

Страница 38: ...ED comes on if connections have been made to the LAN and WAN ports Initial Screen When you power on your ZyWALL it performs several internal tests as well as line initialization After the tests the Zy...

Страница 39: ...Up Down arrow keys Within a menu press ENTER to move to the next field You can also use the Up Down arrow keys to move to the previous and the next field respectively Enter information Fill in or Pre...

Страница 40: ...Firewall Setup Use this menu to set up filters as well as activate deactivate the firewall 22 SNMP Configuration Use this menu to set up SNMP related parameters 23 System Password Use this menu to set...

Страница 41: ...that you had before and the speed of the console port will be reset to the default of 9600bps with 8 data bit no parity and 1 stop bit 8n1 The password will be reset to the default of 1234 also Turn o...

Страница 42: ...a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a DNS name To use this service you must register with the Dy...

Страница 43: ...by your router If you want to clear this field just press the SPACE BAR The domain name entered by you is given priority over the ISP assigned domain name zyxel com tw Edit Dynamic DNS Press the SPACE...

Страница 44: ...ed to you Enable Wildcard Your ZyWALL supports DYNDNS Wildcard Press SPACE BAR to toggle between Yes or No This field is N A when you choose DDNS client as your service provider Yes The IP address wil...

Страница 45: ...Examples MAC Address Assigned By Press the SPACEBAR to choose either of the two methods of assigning a MAC Address Choose Factory Default to select the factory assigned default MAC Address Choose IP A...

Страница 46: ...ver the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 2 11 Menu 3 1 LAN Port Filter Setup Menu 3 2 is discussed in the next chapter Please read...

Страница 47: ...also Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in sele...

Страница 48: ...ays follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space...

Страница 49: ...an ISP to tell a customer the DNS server addresses usually in the form of an information sheet when you sign up If your ISP does give you the DNS server addresses enter them in the DNS Server fields...

Страница 50: ...on IP Multicasting can be enabled disabled on the ZyWALL LAN and or WAN interfaces using menus 3 2 LAN and 11 3 WAN Select None to disable IP Multicasting on these interfaces 3 1 7 IP Alias IP Alias a...

Страница 51: ...Enter Menu Selection Number Menu 3 2 TCP IP and DHCP Ethernet Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary DNS Server 0 0 0 0 Secondary...

Страница 52: ...P clients along with the IP address and the subnet mask Leave these entries at 0 0 0 0 if they are provided by a WAN DHCP server Follow the instructions in the following table to configure TCP IP para...

Страница 53: ...P Alias Setup as shown next Figure 3 5 Menu 3 2 1 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters Table 3 3 IP Alias Setup Menu Fields Field Description...

Страница 54: ...ur configuration or press Esc at any time to cancel 3 3 Internet Access Setup You will see three different Menu 4 screens depending on whether you chose Ethernet PPTP or PPPoE Encapsulation 3 3 1 Ethe...

Страница 55: ...nd the RoadRunner Server IP if this field is left blank If it does not then you must enter the authentication server IP address IP Address Assignment If your ISP did not assign you a fixed IP address...

Страница 56: ...creen Field Description Examples Encapsulation Press the SPACE BAR and then press ENTER to choose PPTP The encapsulation method influences your choices for IP Address PPTP Idle Timeout This value spec...

Страница 57: ...nally PPPoE saves significant effort for both the end user and ISP carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the Zy...

Страница 58: ...ALL automatically disconnects from the PPPoE server 100 default 3 4 Basic Setup Complete Well Done You have successfully connected installed and set up your ZyWALL to operate on your network as well a...

Страница 59: ...d Applications II Part II Advanced Applications Advanced Applications Chapters 4 6 describes the advanced applications of your ZyWALL Applications discussed include Remote Node Setup IP Static routes...

Страница 60: ...Remote Node Profile From the Main Menu select menu option 11 to open Menu 11 1 Remote Node Profile There are two variations of this menu depending on whether you choose Ethernet Encapsulation or PPPo...

Страница 61: ...My Login This field is applicable for PPPoE encapsulation only Enter the login name assigned by your ISP when the ZyWALL calls this remote node Some ISPs append this field to the Service Name field ab...

Страница 62: ...that you specify the correct authentication protocol when connecting to such an implementation Nailed Up Connection A nailed up connection is a dial up line where the connection is always up regardles...

Страница 63: ...ld be reset For example if we are allowed to call this remote node for a maximum of 10 minutes every hour then the Allocated Budget is 10 minutes and the Period hr is 1 hour 1 Nailed Up Connection Thi...

Страница 64: ...nnection name in the ANT It must follow the c id and n name format This field is optional and depends on the requirements of your xDSL Modem N My ISP Schedules You can apply up to four schedule sets h...

Страница 65: ...SP IP Subnet Mask If you have a Static IP Assignment enter the subnet mask assigned to you Gateway IP Addr If you have a Static IP Assignment enter the gateway IP address assigned to you Network Addre...

Страница 66: ...his setting None Version Press the SPACE BAR to select the RIP version from RIP 1 RIP 2B RIP 2M and None Multicast IGMP Internet Group Multicast Protocol is a session layer protocol used to establish...

Страница 67: ...e LAN and each end must have a unique address within the WAN network number If this is the case enter the IP address assigned to the WAN port of your ZyWALL Note that this is the address assigned to y...

Страница 68: ...Options Menu press Enter to return to Menu 11 Press Enter at the message Press ENTER to Confirm to save your configuration or press Esc at any time to cancel 4 2 2 Editing TCP IP Options with PPPoE E...

Страница 69: ...ote Node Filter Input Filter Sets protocol filters 3 device filters Output Filter Sets protocol filters 1 device filters Enter here to CONFIRM or ESC to CANCEL Menu 11 5 Remote Node Filter Input Filte...

Страница 70: ...e node specifies only the network to which the gateway is directly connected and the ZyWALL has no knowledge of the networks beyond For instance the ZyWALL knows about network N2 in the following diag...

Страница 71: ...umber of one of the static routes you want to configure Figure 5 3 Menu 12 1 Edit IP Static Route The following table describes the IP Static Route Menu fields Menu 12 IP Static Route Setup 1 ________...

Страница 72: ...immediate neighbor of your ZyWALL that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyWALL over the WAN the gateway must be the IP ad...

Страница 73: ......

Страница 74: ...n a packet when the packet is still in the local network while an inside global address IGA is the IP address of the same inside host when the packet is on the WAN side The following table summarizes...

Страница 75: ...LAN and the IGA Inside Global Address is the source address on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the destination address on the WAN NAT maps pr...

Страница 76: ...ide world Port numbers do not change for One to One and Many to Many No Overload NAT mapping types The following table summarizes these types Table 6 2 NAT Mapping Types Type IP Mapping SMT abbreviati...

Страница 77: ...onfigured read only Many to 1 port mapping set sufficient for most purposes see section 6 4 for some examples and helpful to people already familiar with SUA in previous ZyNOS versions 6 1 6 NAT Appli...

Страница 78: ...oggle the default No to Yes then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Figure 6 4 Applying NAT to the Remote Node Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsu...

Страница 79: ...pes described in Table 6 2 None NAT is disabled when you select this option Network Address Translation SUA Only When you select this option the SMT will use Address Mapping Set 255 Menu 15 1 see sect...

Страница 80: ...u select Full Feature in menu 4 or 11 3 the SMT will use Set 1 which supports all mapping types as outlined in Table 6 2 When you select SUA Only the SMT will use the pre configured Set 255 read only...

Страница 81: ...ble explains the fields in this screen Please note that the fields in this menu are read only The Type Local and Global Start End IPs are normally not for this read only menu configured in Menu 15 1 1...

Страница 82: ...enter 0 0 0 0 as the Global Start IP 0 0 0 0 Global End IP This is the ending global IP address IGA N A Type These are the mapping types discussed above see Table 6 2 Type Server allows us to specify...

Страница 83: ...rule 7 not 9 Now if you delete rule 4 rules 5 to 7 will be pushed up by 1 rule so as old rule 5 becomes rule 4 old rule 6 becomes rule 5 and old rule 7 becomes rule 6 The description of the other fiel...

Страница 84: ...ordering your rules as each rule is executed in turn beginning from rule 1 Selecting Edit in the Action field and then selecting a rule brings up the following menu Menu 15 1 1 1 Address Mapping Rule...

Страница 85: ...ou cannot have an End IP address beginning before the Start IP address 6 3 NAT Server Sets A NAT server set is a list of inside servers behind NAT on the LAN that you can make visible to the outside w...

Страница 86: ...address of the server in the IP Address field Step 4 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel Not...

Страница 87: ...to Point Tunneling Protocol 1723 6 4 Examples 6 4 1 Internet Access Only In our Internet access example we only need one rule where all our ILAs Inside Local addresses map to one dynamic IGA Inside Gl...

Страница 88: ...ion 6 1 4 The SUA Only read only option from the Network Address Translation field in Menus 4 and 11 3 is specifically pre configured to handle this case Menu 4 Internet Access Setup ISP s Name Change...

Страница 89: ...re 6 15 Specifying an Inside Sever 6 4 3 Example 3 General Case In this example we have 3 IGAs from our ISP We have many departments but two have their own FTP server All departments share the same ro...

Страница 90: ...and global IP addresses Rule 3 We map our other outgoing LAN traffic to IGA3 Many 1 mapping Rule 4 We also map our third IGA to our web server and mail server on the LAN Type Server allows us to speci...

Страница 91: ...ok like as shown in Figure 6 19 Figure 6 17 Example 3 Menu 11 3 The following figure shows how to configure the first rule Figure 6 18 Example 3 Menu 15 1 1 1 Menu 11 3 Remote Node Network Layer Optio...

Страница 92: ...2 Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0 0 0 255 255...

Страница 93: ...s do not change for Many to Many No Overload and One to One NAT mapping types The following figure illustrates this Figure 6 21 NAT Example 4 Other applications e g gaming programs are NAT unfriendly...

Страница 94: ...ddress Mapping Rule Type Many to Many No Overload Local IP Start 192 168 1 10 End 192 168 1 12 Global IP Start 10 132 50 1 End 10 132 50 3 Press ENTER to Confirm or ESC to Cancel Menu 15 1 1 Address M...

Страница 95: ...nced Management III Part III Advanced Management Chapters 7 12 provides information on ZyWALL Filtering SNMP Configuration System Information and Diagnosis Transferring Files System Maintenance and Te...

Страница 96: ......

Страница 97: ...all filtering is used to determine if a packet should be allowed to trigger a call Remote node call filtering is only applicable when using PPPoE encapsulation Outgoing packets must undergo data filte...

Страница 98: ...les and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can have...

Страница 99: ...tch Next Filter Set Next Filter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet into filter Filter Set Forward Drop No Check Next Rule Figure 7 2 Filter Rule Process You can apply up...

Страница 100: ...press Enter Step 4 Enter a descriptive name or comment in the Edit Comments field and press Enter Step 5 Press Enter at the message Press ENTER to confirm to open Menu 21 1 1 Filter Rules Summary Menu...

Страница 101: ...0 0 0 DP 137 N D N 5 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 6 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D F Enter Filter Rule Number 1 6 to Configure Press ENTER to Confirm or ESC to Cancel Men...

Страница 102: ...y matched if ALL rules in it are matched Y means an action can not yet be taken as there are more rules to check which are concatenated with the present rule to form a rule chain When the rule chain i...

Страница 103: ...configure a filter rule type its number in Menu 21 1 Filter Rules Summary and press Enter to open Menu 21 1 1 for the rule To speed up filtering all rules in a filter set must be of the same class i...

Страница 104: ...ve source route Yes No Destination IP Address Enter the destination IP Address of the packet you wish to filter This field is a don t care if it is 0 0 0 0 IP address Destination IP Mask Enter the IP...

Страница 105: ...None Less Greater Equal Not Equal TCP Estab This field is applicable only when IP Protocol field is 6 TCP If yes the rule matches only established TCP connections else the rule matches all TCP packet...

Страница 106: ...completed filling in Menu 21 1 1 1 TCP IP Filter Rule press Enter at the message Press Enter to Confirm to save your configuration or press Esc to cancel This data will now be displayed on Menu 21 1...

Страница 107: ...e Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched Check...

Страница 108: ...comparing the result against the Value to determine a match The Mask and Value are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4...

Страница 109: ...ish to compare The range for this field is 0 to 8 Default 0 Mask Enter the mask in Hexadecimal to apply to the data portion before comparison Value Enter the value in Hexadecimal to compare with the d...

Страница 110: ...filters This filter is designed to block outside users telnetting into the ZyWALL Figure 7 12 Telnet Filter Example Step 1 Enter 21 from the Main Menu to open Menu 21 1 Filter Set Configuration Step 2...

Страница 111: ...tched Drop Action Not Matched Forward Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Press the SPACEBAR to choose this filter rule type The first filter rule type determines all sub...

Страница 112: ...filter rules are discussed in more detail in the next section When NAT Network Address Translation is enabled the inside IP address and port number are replaced on a connection by connection basis whi...

Страница 113: ...ign it them Sets of factory default filter rules have been configured in Menu 21 to prevent NetBIOS traffic from triggering calls and block incoming telnet FTP and HTTP connections If you do not activ...

Страница 114: ...ts protocol filters when using Ethernet encapsulation Filter set 3 TEL_FTP_WEB_WAN blocks telnet FTP and web connections from the WAN Port to help prevent security breaches Apply them as shown in the...

Страница 115: ...work Keep in mind that SNMP is only available if TCP IP is configured on your ZyWALL 8 2 Configuring SNMP To configure SNMP enter 22 from the Main Menu to open Menu 22 SNMP Configuration as shown in t...

Страница 116: ...anagement station public Trusted Host If you enter a trusted host your ZyWALL will only respond to SNMP messages from this address If you leave the field blank default your ZyWALL will respond to all...

Страница 117: ...ties and upgrades for the system software This chapter describes how to use these tools in detail Select menu 24 in the main menu to open Menu 24 System Maintenance as shown below Figure 9 1 Menu 24 S...

Страница 118: ...ts the counters and Esc takes you back to the previous screen The table below describes the fields present in Menu 24 1 System Maintenance Status It should be noted that these fields are READ ONLY and...

Страница 119: ...ls The number of collisions on this port Tx B s Shows the transmission speed in Bytes per second on this port Rx B s Shows the reception speed in Bytes per second on this port Up Time Total amount of...

Страница 120: ...9 3 Menu 24 2 System Information and Console Port Speed 9 2 1 System Information System Information gives you information about your system as shown below More specifically it gives you information on...

Страница 121: ...is shows the IP mask of the ZyWALL DHCP This field shows the DHCP setting of the ZyWALL 9 2 2 Console Port Speed You can change the speed of the console port through Menu 24 2 2 Console Port Speed You...

Страница 122: ...es of Error and Information Messages Examples of typical error and information messages are presented in the figure below Figure 9 7 Examples of Error and Information Messages 9 3 2 UNIX Syslog The Zy...

Страница 123: ...Types CDR Call Detail Record CDR logs all data phone line activity if set to Yes Packet triggered The first 48 bytes or octets and protocol type of the triggering packet is sent to the UNIX syslog se...

Страница 124: ...ggered Packet triggered Message Format sdcmdSyslogSend SYSLOG_PKTTRI SYSLOG_NOTICE String String Packet trigger Protocol xx Data xxxxxxxxxx x Protocol 1 IP 2 IPX 3 IPXHC 4 BPDU 5 ATALK 6 IPNG Data We...

Страница 125: ...oto Closing ppp Proto Shutdown Proto LCP ATCP BACP BCP CBCP CCP CHAP PAP IPCP IPXCP Jul 19 11 42 44 192 168 102 2 ZyXEL ppp LCP Closing Jul 19 11 42 49 192 168 102 2 ZyXEL ppp IPCP Closing Jul 19 11 4...

Страница 126: ...s shown next IP Frame ENET0 RECV Size 44 44 Time 17 02 44 262 Frame Type IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragme...

Страница 127: ...shown in Figure 9 11 LAN DHCP has already been discussed previously The ZyWALL can act either as a WAN DHCP client IP Address Assignment field in Menu 4 or Menu 11 3 is Dynamic and the Encapsulation...

Страница 128: ...he Host IP Address field below 2 WAN DHCP Release Enter 2 to release your WAN DHCP settings 3 WAN DHCP Renewal Enter 3 to renew your WAN DHCP settings 4 Internet Setup Test Enter 4 to test the Interne...

Страница 129: ...ce With many ftp and tftp clients they are as well as seen next ftp put zywall bin ras This is a sample ftp session showing the transfer of the PC file zywall bin to the ZyWALL ftp get rom 0 zywall cf...

Страница 130: ...he problem still exists e mail or call tech support 10 2 Backup Configuration Option 5 from Menu 24 System Maintenance allows you to backup the current ZyWALL configuration to your workstation Backup...

Страница 131: ...ration file via the console port There are two components in the system the router firmware and the configuration file as shown below Figure 10 3 Menu 24 7 System Maintenance Upload Firmware 10 4 1 Up...

Страница 132: ...ity and 1 stop bit 8n1 You will need to change your serial communications software to the default before you can connect to the ZyWALL again The password will be reset to the default of 1234 also Foll...

Страница 133: ...fault when the file transfer is complete Step 4 Launch the TFTP client on your workstation and connect to the ZyWALL Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP c...

Страница 134: ...may see in third party TFTP clients Table 10 2 Third Party TFTP Clients General fields Host Enter the IP address of the ZyWALL 192 168 1 1 is the ZyWALL default IP address when shipped Send Fetch Pres...

Страница 135: ...24 7 1 System Maintenance Upload Router Firmware To upload the router firmware follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router The...

Страница 136: ...r zywall rom to the ZyWALL and renames it rom 0 See section 10 1 for more information on filename conventions Step 7 Type quit to exit the ftp prompt Menu 24 7 2 System Maintenance Upload Router Confi...

Страница 137: ...ectory Specify the default remote directory path Initial Local Directory Specify the default local directory path FTP over WAN will not work if 1 You have disabled Telnet service in Menu 24 11 2 You h...

Страница 138: ......

Страница 139: ...rial connection See our supplied disk or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing hel...

Страница 140: ...s will be blocked Call history chronicles preceding incoming and outgoing calls To access the call control menu select option 9 Call Control in Menu 24 to go to Menu 24 9 System Maintenance Call Contr...

Страница 141: ...index number of the remote node you want to reset just one in this case 1 Connection Time Total Budget This is the total connection time that has gone by within the allocated budget that you set in Me...

Страница 142: ...Chip RTC chip in the ZyWALL so we have a software mechanism to get the current time and date from an external server when you power up your ZyWALL Menu 24 10 does just that it allows you to update th...

Страница 143: ...ISP network administrator or use trial and error to find a protocol that works If you select None this is the default value you can enter the time manually but each time the system is booted the time...

Страница 144: ...one in Menu 24 11 Remote Management Control Enter 11 from Menu 24 to bring up this menu All Telnet and FTP activity both LAN and WAN may be disabled by selecting No press the SPACE BAR to toggle Yes t...

Страница 145: ...re given a choice to go into debug mode by pressing a key at the prompt shown in the following screen In debug mode you have access to a series of boot module commands for example ATUR for uploading f...

Страница 146: ...M test level w from address x to y z iterations ATWEa b c d write MAC addr Country code EngDbgFlag FeatureBit to flash ROM ATCUx write Country code to flash ROM ATCB copy from FLASH ROM to working buf...

Страница 147: ...r is specified telnet connections from the outside will be forwarded to the inside server So to configure the ZyWALL via telnet from the outside you must first telnet to the inside server and then tel...

Страница 148: ...he LAN To enable Telnet over the WAN you must turn the firewall off Menu 21 2 or create a firewall rule to allow Telnet from the WAN Telnet will also not work when 1 You have disabled Telnet service i...

Страница 149: ...he ZyWALL Firewall and ZyWALL Web Configurator describes how to create Custom Rules and to configure customized ports explains Logs and provides Example Firewall Rules Chapter 20 explains Content Filt...

Страница 150: ...ewalls 1 Packet Filtering Firewalls 2 Application level Firewalls 3 Stateful Inspection firewalls 13 1 1 Packet Filtering Firewalls Packet Filtering Firewalls restrict access based on the source desti...

Страница 151: ...firewall and is designed to protect against Denial of Service attacks when activated in SMT Menu 21 2 or in the ZyWALL Web Configurator The ZyWALL s purpose is to allow a private Local Area Network L...

Страница 152: ...application protocols that perform specific functions These protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc are identified by an extension number called the TCP port or UDP port...

Страница 153: ...he IP specification The oversize packet is then sent to an unsuspecting system Systems may crash hang or reboot 1 b Teardrop attack exploits weaknesses in the reassembly of IP packet fragments As data...

Страница 154: ...e the targeted system waits for the ACK that follows the SYN ACK it queues up all outstanding SYN ACK responses on what is known as a backlog queue SYN ACKs are moved off the queue only when an ACK co...

Страница 155: ...hacker s identity or to magnify the effect of the DoS attack IP Spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into thinking that the communica...

Страница 156: ...from the firewall s LAN to the WAN 2 The packet is evaluated against the interface s existing outbound access list and the packet is permitted a denied packet would simply be dropped at this point 3...

Страница 157: ...pes of traffic from the Internet to specific hosts on the LAN iii Allow access to a Web server to everyone but competitors iv Restrict use of certain protocols such as Telnet to authorized users on th...

Страница 158: ...o replies outgoing address mask requests will allow incoming address mask replies and outgoing timestamp requests will allow incoming timestamp replies No other ICMP packets are allowed in through the...

Страница 159: ...n to develop a comprehensive security plan Good network administration takes into account what hackers can do and prepares against attacks The best defense against hackers and crackers is information...

Страница 160: ...rity deficiencies When you upgrade to the latest versions you get the latest patches and fixes 10 If you use chat rooms or IRC sessions be careful with any information you reveal to strangers 11 If yo...

Страница 161: ......

Страница 162: ...g screen Press the SPACE BAR to toggle No to Yes in the Active field to activate the firewall The firewall must be active to protect against Denial of Service DoS attacks Additional rules may be confi...

Страница 163: ...Spoofing may be used to break into systems to hide the hacker s identity or to magnify the effect of the DoS attack IP Spoofing is a technique used to gain unauthorized access to computers by trickin...

Страница 164: ...e resulting ICMP traffic will not only clog up the intermediary network but will also congest the network of the spoofed source IP address known as the victim network This flood of broadcast traffic c...

Страница 165: ...uses the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows the SYN ACK it queues up all outstanding SYN ACK responses on what is known as a backlog q...

Страница 166: ...src port and protocol Reason This field states the reason for the log i e was the rule matched not matched or was there an attack The set and rule coordinates X Y where X 1 2 Y 00 10 follow with a sim...

Страница 167: ...he ZyWALL s filtering and firewall functions 14 3 1 Packet Filtering The router filters packets as they pass through the router s interface according to the filter rules you designed Packet filtering...

Страница 168: ...with the outbound request for that packet and allowed in Conversely an incoming packet masquerading as a response to a nonexistent outbound request can be blocked The firewall uses session filtering...

Страница 169: ......

Страница 170: ...is not 3 The Password is case sensitive 4 The Web Configurator times out after 5 minutes of inactivity The time out is not configurable 5 Please make sure that your web browser is Java and JavaScript...

Страница 171: ...nfigurator After a successful login you will see the Welcome screen shown next Figure 15 2 ZyWALL Web Configurator Welcome Screen 15 2 Enabling the Firewall Click Firewall then Configuration then the...

Страница 172: ...out right away You can choose to generate an alert when an attack is detected in the Attack Alert screen Figure 15 6 check the Generate an alert when attack detected checkbox or when a rule is matched...

Страница 173: ...atch a rule don t match a rule or both when you are creating editing a firewall rule see Figure 16 4 You can also choose not to create a log for a rule in this screen An attack automatically generates...

Страница 174: ...ZyWALL as the sender of the e mail messages i e a return to sender address for backup purposes Alert Timer Alert Schedule This pop up menu is used to configure the frequency of log messages being sen...

Страница 175: ...es E mail error messages appear as SMTP action request failed ret where is described in the following table Table 15 2 SMTP Error Messages 1 means ZyWALL out of socket 2 means tcp SYN fail 3 means smt...

Страница 176: ...8 1 4 To 192 168 1 255 match forward 10 04 29 UDP src port 00137 dest port 00137 1 02 122 Apr 7 00 From 192 168 1 4 To 192 168 1 255 match forward 10 04 30 UDP src port 00137 dest port 00137 1 02 123...

Страница 177: ...means that the firewall has detected no return traffic The ZyWALL measures both the total number of existing half open sessions and the rate of session establishment attempts Both TCP and UDP half ope...

Страница 178: ...t is greater than 0 The ZyWALL blocks all new connection requests to the host giving the server time to handle the present connections The ZyWALL continues to block all new connection requests until t...

Страница 179: ...nnection attempts rises above this number the ZyWALL deletes half open sessions as required to accommodate new connection attempts 100 half open sessions per minute The above numbers cause the ZyWALL...

Страница 180: ...Enter a number between 1 and 250 As a general rule you should choose a smaller number for a smaller network a slower system or limited bandwidth 10 existing half open TCP sessions Blocking Time When...

Страница 181: ......

Страница 182: ...AN to the Internet Allow certain types of traffic such as Lotus Notes database synchronization from specific hosts on the Internet to specific hosts on the LAN Allow access to a Web server to everyone...

Страница 183: ...net users access to resources on the LAN create a security vulnerability For example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to PCs with r...

Страница 184: ...AN to WAN traffic is that all users on the LAN are allowed non restricted access to the WAN When you configure Policy LAN to WAN Rules you in essence want to limit some or all users from accessing cer...

Страница 185: ...on discussed later Next to the name of the protocol two fields appear in brackets The first field indicates the IP port number that defines the service TCP Port UDP Port or ICMP Type The second field...

Страница 186: ...ce RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login RTELNET...

Страница 187: ...ussion below refers to both Click on Firewall then Local Network to bring up the following screen This screen is a summary of the existing rules Note the order in which the rules are listed Special No...

Страница 188: ...rewall rule number The ordering of your rules is important as rules are applied in turn The Move field below allows you to reorder your rules Source IP This is the source address of the packet Destina...

Страница 189: ...You may reorder your rules using this function Select by clicking in the Firewall Rule Summary box on the rule you want to move The ordering of your rules is important as rules are applied in turn To...

Страница 190: ...ne or SrcDelete to delete one Please see the next section for more information on adding and editing source addresses SrcAdd SrcEdit SrcDelete Destination Address Press DestAdd to add a new address De...

Страница 191: ...This field determines if a log is created for packets that match the rule don t match the rule both or no log is created Match Not Match Both None Alert Check the Alert checkbox to determine that this...

Страница 192: ...to apply to packets with a particular single IP a range of IP addresses e g 192 168 1 10 to 192 169 1 50 a subnet or any IP address Select an option from the drop down list box Single Address Range A...

Страница 193: ...n this screen 16 6 Timeout The fields in the Timeout screens are the same for Local and Internet networks so the discussion below refers to both 16 6 1 Factors Influencing Choices for Timeout Values T...

Страница 194: ...s a FIN exchange indicating the end of the TCP session 60 seconds Idle Timeout This is the length of time of inactivity a TCP connection remains open before the ZyWALL considers the connection closed...

Страница 195: ......

Страница 196: ...ZyWALL see Figure 16 4 For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website For further information on these services please read section 16...

Страница 197: ...defines your customized port Add a New Entry Click this button to create a new service custom port Edit Click this button to edit an existing service custom port Delete Click a custom port in the cust...

Страница 198: ...ZyWALL 10 Internet Security Gateway Custom Ports 17 3 Figure 17 2 Creating Editing A Custom Port The next table describes the fields in this screen...

Страница 199: ...ox TCP UDP Both Port Configuration Type Click the Single radio button to specify one port only or Range radio button to specify a span of ports that define your customized service Single Range Port Nu...

Страница 200: ...n the Logs to bring up the next screen Firewall logs may also be viewed in SMT Menu 21 3 see section 14 1 1 or via syslog SMT Menu 24 3 2 System Maintenance UNIX Syslog Syslog is an industry standard...

Страница 201: ...t and rule coordinates X Y where X 1 2 Y 00 10 follow with a simple explanation There are two policy sets set 1 X 1 is for LAN to WAN rules and set 2 X 2 for WAN to LAN rules Y represents the rule in...

Страница 202: ...ZyWALL 10 Internet Security Gateway Logs 18 3 Field Description When you have finished viewing this screen click another link to exit...

Страница 203: ......

Страница 204: ...et and mail services The only traffic allowed from the Internet is web service You want to be able to forward all traffic initiated from the local network You want to know who accesses your server and...

Страница 205: ...Example Firewall Rules Figure 19 1 Activate The Firewall Step 2 Configure your E mail screen as follows Click the E Mail tab to bring up the next screen Check here to activate the firewall You may als...

Страница 206: ...ernet Configure this screen as shown in Figure 19 3 Step 4 Click DestAdd to configure the destination address as the IP of our server on the LAN See Figure 19 4 Step 5 When you have finished configuri...

Страница 207: ...the LAN See the next screen This is an Internet to Local Network rule Select this service web service from the Available Services list box and click Forward the packet when it matches this rule rememb...

Страница 208: ...Rules 19 5 Figure 19 4 Example 1 Destination Address for Traffic Originating From The Internet 10 100 1 2 is the IP of our server on the LAN supporting FTP HTTP Telnet and mail services to which we w...

Страница 209: ...92 168 10 5 You want i To send alerts when there is an attack ii To only allow access to the Internet from the HTTP proxy server and our mail server iii To only allow FTP server One to be accessible f...

Страница 210: ...want to restrict access to the Internet except for the HTTP proxy server and your mail server First you need to create a custom port for POP3 POP Post Office Protocol is an Internet mail server protoc...

Страница 211: ...roxy server and our mail server Click Internet to see the Rule Summary screen Now click an available No rule number radio button then click Edit to bring up the next screen Step 5 Click SrcAdd under t...

Страница 212: ...HTTP proxy server Step 7 The Rule Summary screen should look like Figure 19 9 Don t forget to click Apply when you have finished configuring your rule s to save your settings back to the ZyWALL This...

Страница 213: ...screen Now click on the DestAdd button under the Destination Address box and enter the IP of FTP server One 192 168 10 3 Follow the same procedure as shown in Figure 19 3 and Figure 19 4 Step 9 On com...

Страница 214: ...ing are some Internet firewall rules examples to 1 Allow DHCP negotiation between the ISP and the ZyWALL 10 2 Allow a syslog connection from the Internet Step 1 Follow the procedure shown next to firs...

Страница 215: ...Follow the procedures outlined in the previous examples to configure all your rules When finished your rule summary screen should look like the following Custom ports show up with an before their nam...

Страница 216: ...LL 10 Internet Security Gateway Example Firewall Rules 19 13 Figure 19 12 Syslog Rule Configuration This is our Syslog custom port This is the address range of the syslog servers Click Apply when fini...

Страница 217: ...way 19 14 Example Firewall Rules Figure 19 13 Example 3 Rule Summary Rule 1 Allow DHCP negotiation between the ISP and the ZyWALL 10 Rule 2 Allow a syslog connection from the WAN Click Apply to save y...

Страница 218: ...1 2 Java Java is a programming language and development environment created by Sun Microsystems for building downloadable Web components or even a sophisticated environment for building Internet and i...

Страница 219: ...hen that user requests a Web page their Web browser formats the request for the proxy server hiding it from the content filter As a result the user is able to access unfiltered content on the Internet...

Страница 220: ...age will appear blank or grayed out Block Web URLs Enter a domain name as discussed above then press Add Domain Name The page reloads and the new domain name appears in the Block Web URLs box When you...

Страница 221: ...ing Appendices Glossary and Index V Part V Troubleshooting Appendices Glossary and Index Chapter 21 provides information about solving common problems followed by some Appendices a Glossary of Terms a...

Страница 222: ......

Страница 223: ...on None of the LEDs are on when you power on the ZyWALL Check the connection between the AC adapter and the ZyWALL If the error persists you may have a hardware problem In this case you should contact...

Страница 224: ...ind out the verification method used by your ISP If the ISP checks the LAN MAC Address tell the ISP the WAN MAC address of the ZyWALL The WAN MAC can be obtained from Menu 24 1 In case the ISP does no...

Страница 225: ...nu 3 2 and Menu 4 21 5 Problems with the Firewall Problem Corrective Action You can ONLY configure the firewall via ZyWALL Web Configurator or CI command You will not be able to access the ZyWALL Web...

Страница 226: ......

Страница 227: ...vices using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the carriers of provisioning vi...

Страница 228: ...the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the AC as...

Страница 229: ...s deployed in such a setup it appears as a PC to the ANT ADSL Network Termination In Windows VPN or PPTP Pass Through feature the PPTP tunneling is created from Windows 95 98 and NT clients to an NT s...

Страница 230: ...ndows OS In Microsoft s implementation the PC and hence the ZyWALL is the PNS that requests the PAC the ANT to place an outgoing call over AAL5 to an RFC 2364 server Control PPP connections Each PPTP...

Страница 231: ...0Mbit Half Duplex Ethernet Specification for LAN 10 100 Mbit Half Full Auto negotiation Console Port RS 232 Pin 1 NON Pin 2 DTE RXD Pin 3 DTE TXD Pin 4 DTE DTR Pin 5 GND Pin 6 DTE DSR Pin 7 DTE RTS Pi...

Страница 232: ...ANSI NFPA 70 8 Do not allow anything to rest on the power cord of the AC adapter and do not locate the product where anyone can walk on the power cord 9 Do not service the product by yourself Opening...

Страница 233: ...ay firewall Displays the all the firewall settings including e mail attack and sets rules config display firewall set set Displays current entries of a set configuration including timeout values name...

Страница 234: ...es A At tt ta ac ck k config edit firewall attack send alert yes no Activates or deactivates the firewall DOS attack notification e mails config edit firewall attack block yes no Yes to block the traf...

Страница 235: ...idle TCP session before it is terminated config edit firewall set set log yes no Switches on off the logs for matching default permit R Ru ul le es s config edit firewall set set rule rule permit for...

Страница 236: ...s and edits a destination address range of traffic which comply to this rule config edit firewall set set rule rule TCP destport single port Selects and edits the destination port of the traffic which...

Страница 237: ...ail Removes all the settings for e mail alert config delete firewall attack Resets all the settings for attack to default setting config delete firewall set set Removes the specified set from the fire...

Страница 238: ...mption 9 W Plug North American standards Safety standards UL CUL UL1950 CSA C22 2 NO 234 M90 European Union AC Power Adapter model AD 1201200DV Input power AC230Volts 50Hz Output power DC12Volts 1 2A...

Страница 239: ...lts 50 60Hz 27VA Output power DC12Volts 1 2A Power consumption 9 W Plug Japan standards Safety standards T Mark Australia and New Zealand AC Power Adapter model AD 1201200DS Input power AC240Volts 50H...

Страница 240: ...access to a system Bandwidth This is the capacity on a link usually measured in bits per second bps Bit Binary Digit A single digit number in base 2 in other words either a 1 or a zero The smallest un...

Страница 241: ...ervice units are actually two separate devices but they are used in conjunction and often combined into the same box The devices are part of the hardware you need to connect computer equipment to digi...

Страница 242: ...raffic flows at the same speed in both directions or asymmetrical the downstream capacity is higher than the upstream capacity DSL connections are point to point dedicated circuits meaning that they a...

Страница 243: ...way A gateway is a computer system or other device that acts as a translator between two systems that do not use the same communication protocols data formatting structures languages and or architectu...

Страница 244: ...am services IRC Internet Relay Chat IRC was developed in the late 1980s as a way for multiple users on a system to chat over the network Today IRC is a very popular way to talk in real time with other...

Страница 245: ...ility Packet Filter A filter that scans packets and decides whether to let them through PAP Password Authentication Protocol PAP is a security protocol that requires users to enter a password before a...

Страница 246: ...t is part of a URL appearing after a colon right after the domain name Every service on an Internet server listens on a particular port number on that server Most services have standard port numbers e...

Страница 247: ...as a path through the network It does not need to be set up or torn down for each session Reconnaissance The finding and observation of potential targets for a cracker to attack RFC An RFC Request for...

Страница 248: ...pair cable consists of copper core wires surrounded by an insulator Two wires are twisted together to form a pair and the pair form a balanced circuit The twisting prevents interference problems STP...

Страница 249: ...r The URL is basically a pointer to the location of an object VPN Virtual Private Network These networks use public connections such as the Internet to transfer information That information is usually...

Страница 250: ...CDR 9 7 CHAP 4 4 CLI Commands G COM Component Object Model 20 1 Command Interpreter Mode 11 1 Configuring A POP Custom Port 19 8 Configuring A Rule 19 5 console port 2 3 Console Port 2 3 9 4 9 5 E Co...

Страница 251: ...14 2 SMT Menus 14 1 Types 13 1 Vs Filters 14 6 Web Configurator 15 1 When To Use 14 7 Flow Control 2 4 Front Panel LEDs 2 1 FTP File Transfer 10 7 FTP Server 1 3 6 18 G General Setup 2 7 H Half Open...

Страница 252: ...What NAT does 6 1 NetBIOS commands 14 3 Network Address Translation NAT 1 2 6 1 12 1 O One Minute High 15 10 One Minute Low 15 10 one minute high 15 8 P Packet Filtering Firewalls 13 1 Packet Informat...

Страница 253: ...3 16 11 Support Disk xxviii SYN Flood 13 4 13 5 14 4 SYN ACK 13 5 14 4 Syslog 19 11 Syslog IP Address 9 7 System Information 9 1 9 4 System Maintenance 2 6 9 1 9 2 9 3 9 4 9 5 9 6 9 7 9 11 9 12 10 1 1...

Страница 254: ...See ZyWALL 10 Web Configurator Web Proxy 20 2 Welcome screen 15 2 X xDSL modem 1 3 1 4 2 3 2 4 4 3 21 2 21 3 XMODEM protocol 10 2 Z ZyNOS 2 11 6 4 6 6 9 3 9 5 10 1 10 2 ZyNOS F W Version 9 3 9 5 10 1...

Отзывы:

Нет отзывов

Похожие инструкции для ZyWALL 10

Бренд: Vanguard Страницы: 74

Бренд: NeoGate Страницы: 37

Бренд: ZIEHL-ABEGG Страницы: 23

Бренд: FOR-A Страницы: 36

Бренд: Billion Страницы: 38

Бренд: Sollae Страницы: 38

Бренд: SenseNet Страницы: 11

access 1000 series

Бренд: MICROTRONIX Страницы: 93

AS Series ASM200

Бренд: Quintum Страницы: 3

DX Series DX2008

Бренд: Quintum Страницы: 15

Бренд: ICP DAS USA Страницы: 48

Бренд: Packet Media Страницы: 7

Бренд: Cradlepoint Страницы: 148

Бренд: Bryan Boilers Страницы: 56

Бренд: Milesight Страницы: 23

Бренд: Arris Страницы: 228

Бренд: purexx Страницы: 50

Бренд: i-tec Страницы: 14

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды