ZyXEL Vantage CNM User Guide
ZyXEL Vantage CNM Manual
 |
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL Vantage CNM manual content summary:
- ZyXEL Vantage CNM | User Guide - Page 1
Vantage CNM Centralized Network Management Default Login Details IP Address https://localhost or https://{Vantage CNM Server's IP address} User Name root Password root www.zyxel.com Software Version 3.2 Edition 1, 7/2009 www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation - ZyXEL Vantage CNM | User Guide - Page 2
- ZyXEL Vantage CNM | User Guide - Page 3
the web configurator to configure the Vantage CNM. • Device User's Guide The User's Guide for each device provides more information about the device, its features, and its configuration. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications - ZyXEL Vantage CNM | User Guide - Page 4
ZyXEL products. • Forum This contains discussions on ZyXEL products. Learn from others who use ZyXEL products and share your experiences as well. Customer Support Should problems received your device. • Brief description of the problem and the steps you took to solve it. 4 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 5
. Syntax Conventions • Vantage CNM may be referred to as "Vantage CNM" or the "product" in this User's Guide. • Vantage Report may be referred to as "Vantage Report" or "VRPT" in this User's Guide. • A device that is managed by Vantage CNM may be referred to as the "ZyXEL device," "device - ZyXEL Vantage CNM | User Guide - Page 6
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. Device icons are not an exact representations of your devices. Device (example) Computer Notebook computer Server DSLAM Telephone Switch Router 6 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 7
Contents Overview Contents Overview Introducing Vantage CNM ...21 Introduction ...23 GUI Introduction ...25 Device Configuration (ZyNOS and Prestige 45 Load or Installation Report ...483 VPN Monitor ...485 Monitor ...493 Device Status Monitor ...495 3G Monitor ...497 Vantage CNM User's Guide 7 - ZyXEL Vantage CNM | User Guide - Page 8
...559 CNM System Setting ...561 Maintenance ...581 Device Owner ...585 Vantage CNM Software Upgrade 587 License ...589 About CNM ...591 Account Management ...593 User Group ...595 Account ...599 Troubleshooting ...603 Troubleshooting ...605 Appendices and Index ...609 8 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 9
Contents Overview ...7 Chapter 1 Introducing Vantage CNM ...21 1.1 Overview ...21 1.2 Ways to Manage Vantage CNM 22 1.3 Suggestions for Using Vantage CNM 22 Part I: Introduction 23 Chapter 2 GUI Introduction...25 2.1 Menu Bar ...26 2.2 Title Bar ...27 2.3 Device Window ...27 2.3.1 Topology ...27 - ZyXEL Vantage CNM | User Guide - Page 10
...121 Chapter 6 Device Security Settings ...123 6.1 Firewall ...123 6.1.1 Default Rule ...123 6.1.2 Rule Summary ...126 6.1.3 Add/Edit a Rule ...128 6.1.4 Anti-Probing ...131 6.1.5 Threshold ...132 6.1.6 Service ...135 6.1.7 Add/Edit Service ...135 6.2 VPN ...137 6.3 IPSec High Availability ...137 - ZyXEL Vantage CNM | User Guide - Page 11
7.1 NAT ...215 7.2 Port Forwarding ...218 7.3 Address Mapping ...219 7.3.1 Edit an Address Mapping Rule 221 7.4 Trigger Port ...222 7.4.1 Edit DNS ...227 7.8 Address Record ...227 7.8.1 Add/Edit an Address Record 228 7.9 Name Server Record ...229 7.9.1 Add/Edit a Name Server Record 230 7.10 Cache - ZyXEL Vantage CNM | User Guide - Page 12
...241 Part III: Device Configuration (ZLD 245 Chapter 9 Device Network Settings ...247 9.1 Ethernet (ZLD ZyWALL 247 9.1.1 Ethernet Edit ...248 9.1.2 Adding Virtual Interfaces 255 9.2 WLAN General ...256 9.2.1 WLAN Add/ Add/Edit Screen 312 Chapter 10 Firewall...315 12 New Template User's Guide - ZyXEL Vantage CNM | User Guide - Page 13
(Manual Address Summary Screen 369 14.4.1 Address Add/Edit Screen 370 14.4.2 Address Group Summary Screen 371 14.4.3 Address Group Add/Edit Screen 373 14.5 The Service Summary Screen 374 14.5.1 The Service Add/Edit Screen 375 14.6 The Service Group Summary Screen 376 New Template User's Guide - ZyXEL Vantage CNM | User Guide - Page 14
Service Group Add/Edit Screen 378 14.7 The Schedule Summary Screen 379 14.7.1 The One-Time Schedule Add/Edit Screen 380 14.7.2 The Recurring Schedule Add/Edit Screen 381 ...383 Chapter 15 AAA ...385 15.1 Configuring Active Directory or LDAP Default Server ) ...420 14 New Template User's Guide - ZyXEL Vantage CNM | User Guide - Page 15
Address Configuration BB (ZLD 439 17.8.4 Create a Service Service ...460 19.2 License Status ...462 19.2.1 Activate/Upgrade License 465 19.3 License Status (Folder) ...466 19.4 Signature Status (Device 469 19.5 Signature Status (Folder 471 Part V: VPN Management 473 New Template User's Guide - ZyXEL Vantage CNM | User Guide - Page 16
.6 Monitor Setting ...523 24.6.1 Notification Setting 523 24.6.2 Notification ...524 24.6.3 Monitor Interval ...526 Chapter 25 Device HA Status Monitor ...527 16 New Template User's Guide - ZyXEL Vantage CNM | User Guide - Page 17
Vantage Report Overview 555 29.2 Vantage Report in Vantage CNM 556 29.3 Setting Up Vantage Report in Vantage CNM 556 29.4 Opening Vantage Report in Vantage CNM 557 Part VIII: CNM System Setting 559 Chapter 30 CNM System Setting...561 30.1 Servers Configuration ...561 New Template User's Guide - ZyXEL Vantage CNM | User Guide - Page 18
30.1.1 Vantage CNM Server Public IP Address 563 30.2 Servers Status ...564 30.3 User Access ...565 30.4 Notifications ...566 30.4.1 Notifications Settings 567 30.5 Log Setting ...569 30.6 VRPT Management ...571 30.6.1 Add/Edit VRPT - ZyXEL Vantage CNM | User Guide - Page 19
38 Troubleshooting...605 38.1 Vantage CNM Access and Login 605 38.2 Device Management ...606 38.3 Device Firmware Management 606 38.4 Vantage Report ...607 Part XI: Appendices and Index 609 Appendix A Product Specifications 611 Appendix B Setting up Your Computer's IP Address 617 Appendix - ZyXEL Vantage CNM | User Guide - Page 20
20 New Template User's Guide - ZyXEL Vantage CNM | User Guide - Page 21
manage a distributed network of ZyXEL network devices. A typical application is shown in the following example. Figure 1 Vantage CNM Application C A B In this example, you use the Vantage CNM web configurator (A) to access the Vantage CNM server (B). The Vantage CNM server is connected to the - ZyXEL Vantage CNM | User Guide - Page 22
611 for a complete list of features and supported devices. 1.2 Ways to Manage Vantage CNM Use the web configurator to access and manage Vantage CNM. See the Quick Start Guide for instructions to access the web configurator and this User's Guide for more information about the screens. 1.3 Suggestions - ZyXEL Vantage CNM | User Guide - Page 23
PART I Introduction Introducing Vantage CNM (21) GUI Introduction (25) 23 - ZyXEL Vantage CNM | User Guide - Page 24
24 - ZyXEL Vantage CNM | User Guide - Page 25
See the Quick Start Guide for instructions about installing, setting up, and accessing Vantage CNM. This chapter introduces the Vantage CNM main screen. Figure 2 (4) or to manage the Vantage CNM 2 Title bar: Displays login user name, dashboard and message center buttons. Vantage CNM User's Guide 25 - ZyXEL Vantage CNM | User Guide - Page 26
you to check device status, ZLD ZyWALL Device HA status and device alarm. Click this icon to display the navigation links to screens that allow you to view device operation reports, CNM logs and device associated Vantage reports on Vantage Report server. Click this icon to display the navigation - ZyXEL Vantage CNM | User Guide - Page 27
This icon displays with a hi to the current login user. Click this icon to display the dashboard in the configuration window. Click this icon to open a window to display real-time Vantage CNM system logs. 2.3 Device Window Use the device window to view the logical network topology, search for - ZyXEL Vantage CNM | User Guide - Page 28
to look for device(s). There are a couple icons in the device window that perform additional functions related to views. Table 4 Device Window: Icons Icon Description Click this icon to set how often the OTV tree refreshes. Click this icon to refresh the OTV tree. 28 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 29
Introduction 2.3.1.1 Folders Folders are represented by the following icons in the device window. Table 5 Device Window: Folder Icons Icon Status Description On-Closed On-Open Off-Closed Off have every menu item. Click Settings to configure the Adobe flash player Vantage CNM User's Guide 29 - ZyXEL Vantage CNM | User Guide - Page 30
Name field) and/or a description for the folder. Click Apply. Figure 6 Device Window: Topology: Add Folder 4 A new folder icon displays. 2.3.1.1.2 Delete a Folder Deleting a folder also deletes all the associated device(s). Follow the steps below to delete a group. 30 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 31
) and mapped to a folder (Section 2.3.1.2.3 on page 35) in the Vantage CNM. Devices are represented by the following icons in the device window. Table 6 Device Window: Device Icons Icon Description On This is a device turned on. Off This is a device turned off. Vantage CNM User's Guide 31 - ZyXEL Vantage CNM | User Guide - Page 32
steps show you how to create a device in the Topology screen. 1 In the device window, click Topology. 2 Right-click on a folder and click Add Device or right-click on a device and click Edit Device. Figure 10 Device Window: Topology: Right Click to Add/Edit a Device or 32 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 33
Chapter 2 GUI Introduction 3 The screen displays in the configuration window as shown. Figure 11 Device Window: Topology: Add/Edit Device (ZyNOS) Figure 12 Device Window: Topology: Add/Edit Device (ZLD) Vantage CNM User's Guide 33 - ZyXEL Vantage CNM | User Guide - Page 34
's firmware version or you cannot find your device's current firmware version from the list. Synchroniz e Type Note: Not all ZyXEL devices can work with Vantage CNM. See Quick Start Guide for the supported device models and firmware versions. Select Get configuration from the device if you want - ZyXEL Vantage CNM | User Guide - Page 35
only available for a ZLD device. Type the administrator's login password of the device in this field. Device HA This field is only available for a ZLD device. Select this if you want to monitor the device's device HA status from the Vantage CNM. After you select this, the Device Role field appears - ZyXEL Vantage CNM | User Guide - Page 36
Device Warning 3 The device's web configurator appears via a HTTP or HTTPS connection. You can change the device login setting by editing a device. Refer to Figure 11 on page 33. 2.3.2 Device Search Use the Search function in the device window to look for device(s). 36 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 37
Vantage CNM displays the device(s) that match any of the search criteria. 2.4 Navigation Panel and Configuration Window available in the navigation panel vary depending your login account type, whether you have selected a Guide for the detail configuration description. Vantage CNM User's Guide 37 - ZyXEL Vantage CNM | User Guide - Page 38
VPN SSL VPN L2TP VPN Object User/Group Address Service Schedule AAA Server Auth.method Certificate SSL Application Maintenance Log Setting Management Firewall List Schedule List Firmware Upgrade License Management Service Activation License Status Signature Status 38 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 39
Backup & Restore Report CNM Logs VRPT Device Alarm Unresolved Alarm Responded Alarm CNM SYSTEM SETTING Configuration ACCOUNT MANAGEMENT Group Servers User Access Notification Log files, upgrade firmware for a on-line device or set a device firmware upgrade schedule. Vantage CNM User's Guide 39 - ZyXEL Vantage CNM | User Guide - Page 40
account and activate UTM services to myZyXEL.com for the selected device. You also can manage UTM services license and monitor signature status an associated VRPT server. CNM System Setting Configuration This link takes you to a screen where you can configure Vantage CNM settings. Maintenance - ZyXEL Vantage CNM | User Guide - Page 41
configuring. • If the login user does not have permission to use a menu item, it is not displayed. • The operation on Vantage CNM is: If you select in the configuration window. 2.5 Security Risk Pop-up Messages in Internet Explorer 7.0 The default certificate in Vantage CNM is self-signed, - ZyXEL Vantage CNM | User Guide - Page 42
the IP address of the Vantage CNM server in the Common Name field. This is the IP address you use to log in (http://your IP address:8080/vantage). The value authority). Figure 18 CNM System Setting > Configuration > Certificate Management > Create CSR > CSR Key 42 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 43
certificate file path and click Apply. 9 Restart the Vantage CNM server. 10 Use the IP address and log into the Vantage CNM server. 11 In Internet Explorer 7.0, click View Certificates when the following screen appears. Figure 20 Pop-up Message in Internet Explorer 7.0 Vantage CNM User's Guide 43 - ZyXEL Vantage CNM | User Guide - Page 44
Chapter 2 GUI Introduction 12 Certificate screen appears. Click Install Certificate and follow instruction to install the new certificate. 44 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 45
on page 38 for the device model and the corresponding firmware version CNM supports. Note: The examples in this section use one of the most unable to find a specific screen or field in this User's Guide, please see the User's Guide for the device for more information. Load or Save Building Blocks - ZyXEL Vantage CNM | User Guide - Page 46
46 - ZyXEL Vantage CNM | User Guide - Page 47
or Save Building Blocks (BB) A BB is a building block used to build a device configuration using Vantage CNM. A device BB is a combination of configuration BBs, which vary by model. A device can have if a device is selected. To open this menu item, select the device, Vantage CNM User's Guide 47 - ZyXEL Vantage CNM | User Guide - Page 48
device as a building block. The following pop-up screen appears. Figure 23 Device Operation > Device Configuration > Load or Save BB > Save as a BB or 48 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 49
Select a BB field appears. You can replace an existing BB with the current configuration by selecting it from the Select a BB field and click Apply. Vantage CNM User's Guide 49 - ZyXEL Vantage CNM | User Guide - Page 50
Chapter 3 Load or Save Building Blocks (BB) 50 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 51
4.1 System Use this screen to set the password, system name, domain name, idle timeout, and DNS servers for the device. Please see the device's User's Guide for more information about any of these screens name obtained by the device via DHCP from the ISP is used. Vantage CNM User's Guide 51 - ZyXEL Vantage CNM | User Guide - Page 52
on the device. To open this screen, click Device Operation > Device Configuration > General > Time Setting. Figure 25 Device Operation > Device Configuration > General > Time Setting 52 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 53
at 0:0:0. The default, NTP (RFC-1305), is similar to Time (RFC 868). Time Server Address Time Zone Daylight Savings Select None to enter the time and date manually. Enter the IP address or domain name of Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Vantage CNM User's Guide 53 - ZyXEL Vantage CNM | User Guide - Page 54
ahead of GMT or UTC (GMT+1). Click this to save your changes back to the device. Click this to begin configuring this screen afresh. 54 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 55
the LAN, WLAN, and DMZ screens. Use this screen to configure the DHCP settings, TCP/IP settings, and NetBIOS settings for the LAN on a ZyNOS ZyWALL. To open this screen, click Device Vantage CNM User's Guide 55 - ZyXEL Vantage CNM | User Guide - Page 56
Chapter 5 Device Network Settings Operation in the menu bar, and click Device Configuration > Network > LAN > LAN in the navigation panel. Figure 26 Device Operation > Device Configuration > Network > LAN > LAN (ZyNOS ZyWALL) 56 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 57
/or paste the IP address. DHCP WINS Server 1, 2 Type the IP address of the WINS (Windows Internet Naming Service) server that you want to send to the DHCP clients. The WINS server keeps a mapping table of and ignores any RIP packets received. Both is the default. Vantage CNM User's Guide 57 - ZyXEL Vantage CNM | User Guide - Page 58
default policy set to block WAN port 1 to LAN traffic, you also need to enable the default WAN port 1 to LAN firewall rule that forwards NetBIOS traffic. Clear this check box to block all NetBIOS packets going from the LAN to WAN port 1 and from WAN port 1 to the LAN. 58 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 59
ZyWALL) LABEL DESCRIPTION Allow between LAN and WAN2 Select this check box to forward NetBIOS packets from the LAN to WAN port 2 and from WAN port 2 to the LAN. If your firewall is enabled with the default on a device. To open this screen, click Device Operation Vantage CNM User's Guide 59 - ZyXEL Vantage CNM | User Guide - Page 60
Chapter 5 Device Network Settings in the menu bar, and click Device Configuration > Network > LAN > LAN in the navigation panel. Figure 27 Device Operation > Device Configuration > Network > LAN > LAN (Prestige) 60 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 61
here) to the DHCP clients. Type your First DNS Server IP and Second DNS Server IP addresses in these fields. TCP/IP IP Address Type the IP address of the device in dotted decimal notation. IP Subnet packets and ignores any RIP packets received. Both is the default. Vantage CNM User's Guide 61 - ZyXEL Vantage CNM | User Guide - Page 62
). RIP-1 is universally supported but RIP-2 carries more network must use multicasting, also. By default, RIP direction is set to Both addresses to specific individual computers on the LAN based on their MAC addresses. To open this screen, click Device Operation in the 62 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 63
IP table entry (row). MAC Address This is the MAC address of a computer on the device's LAN. IP Address This is the IP address to be assigned to the device with the MAC address above. Apply Click this to rules to control access between the logical networks. To Vantage CNM User's Guide 63 - ZyXEL Vantage CNM | User Guide - Page 64
IP Alias 1,2 Select the check box to configure another network for the device. IP Address Enter the IP address of the device in dotted decimal notation. IP Subnet Mask The device automatically calculates the any RIP packets and ignores any RIP packets received. 64 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 65
supported address . By default, RIP ZyWALL) This section gives configuration information on the fields displayed in this screen. To open this screen, click Device Operation in the menu bar, and click Device Configuration > Network > WAN > General in the navigation panel. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 66
as an incorrect configuration could result in the device being inaccessible from Vantage CNM (or by the web configurator from the WAN) and may necessitate a site visit to correct. Figure 30 Device Operation > Device Configuration > Network > WAN > General (ZyNOS ZyWALL) 66 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 67
between checks to see if it can connect to the WAN IP address (Check WAN IP Address field) or default gateway. Allow more time if your destination IP address handles lots of traffic. Timeout (sec) Type the number of seconds to the WLAN port and from WLAN port to WAN1. Vantage CNM User's Guide 67 - ZyXEL Vantage CNM | User Guide - Page 68
Device Configuration > Network > WAN > General (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION Allow between WAN2 and LAN firewall is enabled with the default policy set to block WAN port 2 to LAN traffic, you also need to enable the default WAN2 to LAN firewall rule 68 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 69
Device Operation > Device Configuration > Network > WAN > WAN1 (ZyNOS ZyWALL with one WAN port) 5.3.1.1 Ethernet Encapsulation The following table describes the labels method) or Telia Login. WAN:IP The following fields do not appear with the Standard service type. Vantage CNM User's Guide 69 - ZyXEL Vantage CNM | User Guide - Page 70
ZyWALL (one WAN port) (continued) LABEL DESCRIPTION WAN IP Address Select Get automatically from ISP If your ISP did not assign you a Assignment fixed IP address. This is the default selection. My WAN IP Address Reset RIP-1 is universally supported; but RIP-2 carries Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 71
procedures for Windows users. One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to , with NAT, all of the LANs' computers will have access. Vantage CNM User's Guide 71 - ZyXEL Vantage CNM | User Guide - Page 72
the Encapsulation field. A warning message appears. Click OK. Figure 32 Warning Message When Select PPPoE Figure 33 Device Operation > Device Configuration > Network > WAN > WAN1PPPoE (ZyNOS ZyWALL with one WAN port) 72 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 73
remote node. CHAP - Your Vantage CNM accepts CHAP only. PAP - Your Vantage CNM accepts PAP only. WAN:IP WAN IP Address Assignment Select Get automatically from ISP If your ISP did not assign you a fixed IP address. This is the default selection. Select Use fixed IP address If the ISP assigned - ZyXEL Vantage CNM | User Guide - Page 74
ZyNOS ZyWALL RIP Version By default, RIP Direction multicast address and so server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. 74 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 75
Encapsulation field. A warning message appears. Click OK. Figure 34 Warning Message When Select PPTP Figure 35 Device Operation > Device Configuration > Network > WAN > WAN1 PPTP (ZyNOS ZyWALL with one WAN port) Vantage CNM User's Guide 75 - ZyXEL Vantage CNM | User Guide - Page 76
automatically from ISP If your ISP did not assign you a fixed IP address. This is the default selection. Select Use fixed IP address If the ISP assigned a fixed IP address. My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address. 76 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 77
ISP (PPTP) - ZyNOS ZyWALL (one WAN port) ( RIP packets received. RIP Version By default, RIP Direction is set to Both. Multicast Apply Reset RIP-1 is universally supported; but RIP-2 carries more information listen to the RIP multicast address and so will not receive the Vantage CNM User's Guide 77 - ZyXEL Vantage CNM | User Guide - Page 78
. Table 21 Device Operation > Device Configuration > Network > WAN > WAN1/2 (ZyNOS ZyWALL with two WAN ports) LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. 78 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 79
(ZyNOS ZyWALL with two WAN ports) (continued) LABEL DESCRIPTION Service Type Login only) The Telia server logs the Vantage CNM out if the Vantage CNM does not log in periodically. Type the number of minutes from 1 to 59 (30 default) for the Vantage CNM to wait between logins. WAN IP Address - ZyXEL Vantage CNM | User Guide - Page 80
Vantage CNM sends (it recognizes both formats when receiving). Choose RIP-1, RIP-2B or RIP-2M. Multicast Version Apply Reset RIP-1 is universally supported the RIP multicast address and so will default, the RIP Version field is set to RIP-1. Choose None (default . For the service provider, PPPoE - ZyXEL Vantage CNM | User Guide - Page 81
Chapter 5 Device Network Settings does that part of the task. Furthermore, with NAT, all of the LANs' computers will have access. Figure 37 Device Operation > Device Configuration > Network > WAN > WAN1/2 PPPoE (ZyNOS ZyWALL with two WAN ports) Vantage CNM User's Guide 81 - ZyXEL Vantage CNM | User Guide - Page 82
remote node. CHAP - Your Vantage CNM accepts CHAP only. PAP - Your Vantage CNM accepts PAP only. WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address. This is the default selection. Use Fixed IP Address Select this option If - ZyXEL Vantage CNM | User Guide - Page 83
By default, RIP Direction is set to Both. The RIP Version field controls the format and the broadcasting method of the RIP packets that the Vantage CNM sends (it recognizes both formats when receiving). Choose RIP-1, RIP-2B or RIP-2M. Multicast Apply Reset RIP-1 is universally supported; but - ZyXEL Vantage CNM | User Guide - Page 84
Chapter 5 Device Network Settings PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. Figure 38 Device Operation > Device Configuration > Network > WAN > WAN1/2 PPTP (ZyNOS ZyWALL with two WAN ports) 84 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 85
option If your ISP did not assign you a fixed IP address. This is the default selection. Use fixed IP address Select this option If the ISP assigned a fixed IP address. My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address. Vantage CNM User's Guide 85 - ZyXEL Vantage CNM | User Guide - Page 86
/2 PPTP (ZyNOS ZyWALL with two WAN received. RIP Version By default, RIP Direction is set to Reset RIP-1 is universally supported; but RIP-2 carries more to the RIP multicast address and so will not Vantage CNM. Click this to begin configuring this screen afresh. 86 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 87
Chapter 5 Device Network Settings 5.3.3 WAN2 (ZyNOS ZyWALL with 3G WAN) 3G (Third Generation) is a digital, packet-switched wireless technology. varies depending on the 3G card you use, the signal strength of the service provider's base station, your service plan, etc. Vantage CNM User's Guide 87 - ZyXEL Vantage CNM | User Guide - Page 88
also known as TIA-EIA-95. 2.5G 2.75G Packetswitched Packetswitched GPRS (General Packet Radio Services), High-Speed CircuitSwitched Data (HSCSD), etc. Enhanced Data rates for GSM Evolution (EDGE), Enhanced sector coordinate global telecom networks and services. 88 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 89
in a device, the 3G connection becomes WAN 2. Refer to the device's User's Guide for the type of 3G cards that you can use in the device along with the corresponding supported features. Note: You must install a 3G card in the selected device before using this WAN 2. Vantage CNM User's Guide 89 - ZyXEL Vantage CNM | User Guide - Page 90
Chapter 5 Device Network Settings Note: The WAN 1 and WAN 2 IP addresses of the device with multiple WAN interfaces must be on different subnets. 90 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 91
Chapter 5 Device Network Settings Figure 39 Device Configuration > Network > WAN > 3G(WAN 2) Vantage CNM User's Guide 91 - ZyXEL Vantage CNM | User Guide - Page 92
to have the selected device use the default settings on the 3G card and connect to your service provider's base station. This shows Automatically only by default. Click Scan to have the selected device This field is available only when you insert a GSM 3G card. 92 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 93
selected device supports PAP (Password Authentication address. This is the default selection. Use Fixed IP Address Select this option if the ISP assigned a fixed IP address. My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 94
address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address data. Choose None (default), IGMP-V1 or IGMP within one month. Select Download to set a limit on Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 95
periodically. Specify how often (from 1 to 65535 minutes) to send the log (and alert if selected). Click this to save your changes back to the Vantage CNM. Click this to begin configuring this screen afresh. Vantage CNM User's Guide 95 - ZyXEL Vantage CNM | User Guide - Page 96
> Network > WAN > Dial Backup (ZyNOS ZyWALL) LABEL DESCRIPTION Enable Dial Backup Select this check box Password Type the password assigned by your ISP. Retype to confirm Password Type your password again to make sure that you have entered it correctly. 96 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 97
Configuration > Network > WAN > Dial Backup (ZyNOS ZyWALL) (continued) LABEL DESCRIPTION Authentication Type Use the drop- Type the AT command string to initialize the WAN device. Consult the manual of your WAN device connected to your Dial Backup port for specific AT Vantage CNM User's Guide 97 - ZyXEL Vantage CNM | User Guide - Page 98
Chapter 5 Device Network Settings 5.3.5 Advanced Modem Setup (ZyNOS ZyWALL) 5.3.5.1 AT Command Strings For regular telephone lines, the default Dial string tells the modem that the line uses tone dialing. ATDT screen to display the Dial Backup Advanced screen shown next. 98 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 99
the manual of your WAN device connected to your dial backup port for specific AT commands. Figure 41 Device Operation > Device Configuration > Network > WAN > Dial Backup > Advanced (ZyNOS ZyWALL) Type the keyword preceding the connection speed. CONNECT Call Control Vantage CNM User's Guide 99 - ZyXEL Vantage CNM | User Guide - Page 100
to the device. 5.3.6 Edit Dial Backup (ZyNOS ZyWALL) Click Edit in the TCP/IP Options field in the screen shown in Figure 40 on page 96 to display the next screen.4 Figure 42 Device Operation > Device Configuration > Network > WAN > Dial Backup > Edit (ZyNOS ZyWALL) 100 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 101
> Edit - ZyNOS ZyWALL LABEL DESCRIPTION Get IP Address Automatically from Remote Server Type the login name assigned by your NAT that supports two types of mapping: Many-to-One and Server. When you select this option the device will use Address Mapping Set default. Vantage CNM User's Guide 101 - ZyXEL Vantage CNM | User Guide - Page 102
Backup > Edit - ZyNOS ZyWALL (continued) LABEL DESCRIPTION RIP receiving). RIP-1 is universally supported but RIP-2 carries more information to the RIP multicast address and so will not your network must use multicasting, also. By default, RIP direction is set to Both and Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 103
Network > WAN > Setup (Prestige) LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, for example, MyISP. This information is for identification purposes only. Mode Select Routing the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. Vantage CNM User's Guide 103 - ZyXEL Vantage CNM | User Guide - Page 104
PCR. Note that system default is 0 cells/sec Login Information (PPPoA and PPPoE encapsulation only) Service public WAN IP address. PPPoE pass service name, then enter both components exactly as given. Password Enter the password associated with the user name above. 104 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 105
Idle Timeout field when you select Connect on Demand. The default setting is 0, which means the Internet session will not timeout address of the gateway provided by your ISP. Apply Click this to save the changes. Reset Click this to begin configuring this screen afresh. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 106
menu bar and then click Device Configuration > Network > WAN > Backup in the navigation panel. Figure 44 Device Operation > Device Configuration > Network > WAN > Backup (Prestige) 106 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 107
the IP address of a reliable nearby computer (for example, your ISP's DNS server address). If you activate either traffic redirect or dial backup, you must configure at least one IP address here. " means the link is down. The smaller the number, the lower the "cost". Vantage CNM User's Guide 107 - ZyXEL Vantage CNM | User Guide - Page 108
activate dial backup, you must configure at least one Check WAN IP Address. This field sets this route's priority among the three routes the device 57600, 115200 or 230400 bps. Type the login name assigned by your ISP. Type the password assigned by your ISP. Type the first ( Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 109
- Your device accepts either CHAP or PAP when requested by this remote node. CHAP - Your device accepts CHAP only. PAP - Your device accept PAP only. Vantage CNM User's Guide 109 - ZyXEL Vantage CNM | User Guide - Page 110
AT command string to initialize the WAN device. Consult the manual of your WAN device connected to your dial backup port for of NAT that supports two types of mapping: Many-to-One and Server. When you select this option the device will use Address Mapping Set 255 in 110 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 111
an idle time-out in the Max Idle Timeout field when you select Connect on Demand. The default setting is 0, which means the Internet session will not timeout. Budget The configuration in the field. See Section 5.3.5 on page 98 for the configuration of this screen. Vantage CNM User's Guide 111 - ZyXEL Vantage CNM | User Guide - Page 112
Service Set IDentification) is a unique name to identify the device in the wireless LAN. Wireless stations associating to the device must have the same ESSID. Enter a descriptive name of up to 32 printable characters (including spaces; alphabetic characters are case-sensitive). 112 Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 113
than the fragmentation threshold to turn RTS/CTS off. Select Enable RTS/CTS to change the default value and enter a new value between 0 and 2432. Enable Select this check box to the check box to change the default value and enter a value between 256 and 2432. Vantage CNM User's Guide 113 - ZyXEL Vantage CNM | User Guide - Page 114
. Apply Reset Please see the product specifications appendix for a table of compatible ZyXEL wireless cards and the wireless security features each card supports. Click this to save your changes back to the device. Click this to begin configuring this screen afresh. 114 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 115
from the Security field in the Device Operation > Device Configuration > Network > Wireless Card > Wireless Card screen. Figure 47 Device Operation > Device Configuration > Network > Wireless Card > Vantage CNM User's Guide 115 - ZyXEL Vantage CNM | User Guide - Page 116
Chapter 5 Device Network Settings Wireless Card (Advanced Wireless Security Settings) 116 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 117
wireless stations have to resend user names and passwords in order to stay connected. Enter a time interval between 10 and 65535 seconds. If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. Vantage CNM User's Guide 117 - ZyXEL Vantage CNM | User Guide - Page 118
is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. The Vantage CNM automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use - ZyXEL Vantage CNM | User Guide - Page 119
server, the reauthentication timer on the RADIUS server has priority. The Vantage CNM automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password and password; other clients may use saved login - ZyXEL Vantage CNM | User Guide - Page 120
wireless clients may prompt users for a username and password; other clients may use saved login credentials. In either case, there is usually passwords. Click RADIUS to go to the RADIUS screen where you can configure the Vantage CNM to check an external RADIUS server. 120 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 121
:00:02. You need to know the MAC addresses of the devices to configure this screen. To change your device's MAC filter settings, select a device and then click Device Operation > Device Configuration > Network > Wireless Card > MAC Filter. The screen appears as shown. Vantage CNM User's Guide 121 - ZyXEL Vantage CNM | User Guide - Page 122
character pairs, for example, 12:34:56:78:9a:bc of the wireless stations that are allowed or denied access to the device in these address fields. Apply Click this to save your changes back to the device. Reset Click this to begin configuring this screen afresh. 122 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 123
about any of these screens or fields. 6.1.1 Default Rule Use this screen to configure global settings for the firewall and to set the default rules for packets in each direction. You can also configure the default rules in the Rule Summary screen for each direction. Vantage CNM User's Guide 123 - ZyXEL Vantage CNM | User Guide - Page 124
Denial of Service (DoS) attacks when the firewall is activated. Allow Asymmetrical Route Select this check box to have the device firewall ignore the use of triangle route topology on the network. See the device's User's Guide for more on triangle route topology. 124 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 125
VPN. This is also the case if you allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the device. one of the gateways (VPN pass-through traffic). Here are the default actions from which you can select. Select Drop to silently discard the Vantage CNM User's Guide 125 - ZyXEL Vantage CNM | User Guide - Page 126
Settings Table 42 Device Operation > Device Configuration > Security > Firewall > Default Rule (continued) LABEL DESCRIPTION Apply Click this to save your changes back to panel. Figure 50 Device Operation > Device Configuration > Security > Firewall > Rule Summary 126 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 127
list box to see all destination address configured for the firewall rule. This field displays the services to which this firewall rule applies. Click the list box to see all service type configured for the firewall rule. See Figure 51 on page 129 for more information. Vantage CNM User's Guide 127 - ZyXEL Vantage CNM | User Guide - Page 128
up by one when you take this action. 6.1.3 Add/Edit a Rule Each device has a different number of rules and custom ports; see the device User Guide for more details. 128 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 129
Chapter 6 Device Security Settings In Figure 50 on page 126, click Edit to modify an existing firewall rule or click Insert to create a new firewall rule. Figure 51 Device Operation > Device Configuration > Security > Firewall > Rule Summary > Edit Vantage CNM User's Guide 129 - ZyXEL Vantage CNM | User Guide - Page 130
or destination address from the Source or Destination Address(es) box above and click Delete to remove it. Edit Service Available/ Selected Services Highlight a service from the Available Services box on Hour format to apply the rule. Format) Actions When Matched 130 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 131
the passage of the packets. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) if you want to allow computers on the WAN to access devices on the LAN. Apply You can specify which of the device's interfaces will respond to Vantage CNM User's Guide 131 - ZyXEL Vantage CNM | User Guide - Page 132
you want the device to reply to incoming Ping requests. Do not respond to requests for unauthorized services. Select this option to prevent hackers from finding the device by probing for unused ports. If you > Threshold in the navigation panel to bring up the next 132 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 133
VPN tunnels) for which you want the device Attack Protection to not use the Denial of Service protection thresholds. This disables on DoS protection on the selected interface (or all VPN tunnels). until the rate of new connection attempts drops below this number. Vantage CNM User's Guide 133 - ZyXEL Vantage CNM | User Guide - Page 134
maximum incomplete low. An unusually high number of half-open sessions with the same destination host address could indicate that a DoS attack is being launched against the host. Blocking Time Specify the device. Click this to begin configuring this screen afresh. 134 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 135
is not in the predefined list of services. Click the delete icon to remove an existing service. 6.1.7 Add/Edit Service Click Add or Edit on an existing service record in the Device Operation > Device Configuration > Security > Firewall > Service screen to open the Vantage CNM User's Guide 135 - ZyXEL Vantage CNM | User Guide - Page 136
UDP in the IP Protocol field. Enter the port number (from 1 to 255) that defines the customized service To specify one port only, enter the port number in the From field and enter it again in the To and exit this screen. Click this to exit this screen without saving. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 137
by a domain name or dynamic domain name (it must otherwise have My Address set to 0.0.0.0) • Should use a WAN connectivity check to this device's WAN IP address If the remote IPSec router is not a device, you may also want to avoid setting the IPSec rule to nailed up. Vantage CNM User's Guide 137 - ZyXEL Vantage CNM | User Guide - Page 138
name for this VPN policy. Local IP Address This field displays the IP address(es) of the network behind the device. Remote IP Address This field displays the IP address(es) of the network behind the it to the recycle bin. Remove Click this to delete a VPN rule. 138 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 139
the column or click Edit from a existing gateway policy to display the Gateway Policy screen. Figure 58 Device Operation > Device Configuration > Security > VPN > VPN Rules Vantage CNM User's Guide 139 - ZyXEL Vantage CNM | User Guide - Page 140
Chapter 6 Device Security Settings (IKE) > Gateway Policy Add/Edit 140 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 141
manual address when using traffic redirect. See the chapter on WAN for details on dial backup and traffic redirect. My ZyWALL Domain Name This field is enabled if My ZyWALL Address Type is IP Address. Enter the domain name associated with the device in the VPN tunnel. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 142
Gateway Policy Add/Edit LABEL DESCRIPTION My DDNS Domain Name This field is enabled if My ZyWALL Address Type is IP Address. Select the DDNS domain name associated with the device in the VPN tunnel. Use the as the check interval and network policy SA life time. 142 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 143
name or e-mail address by which to identify this device in the local Content field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. Vantage CNM User's Guide 143 - ZyXEL Vantage CNM | User Guide - Page 144
uses for this VPN connection. • Select E-mail to identify the remote IPSec router by the e-mail address in the subject alternative name field of the certificate it uses for this VPN connection. • Select Subject to have the device not check the remote IPSec router's ID. 144 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 145
of how you configure the ID Type and Content fields, two active SAs cannot have both the local and remote IP address ranges overlap between rules. Extended Authentication Enable Extended Authentication Select this check box to activate extended authentication. Vantage CNM User's Guide 145 - ZyXEL Vantage CNM | User Guide - Page 146
must also configure the extended authentication clients' usernames and passwords in the authentication server's local user database or a RADIUS server. Click Local User to go to the Local User Database . Select MD5 for minimal security and SHA-1 for maximum security. 146 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 147
configured below when negotiating an IPSec SA. Click this to save your changes back to the device. Click this to exit this screen without saving. Vantage CNM User's Guide 147 - ZyXEL Vantage CNM | User Guide - Page 148
existing network policy to display the Network Policy screen. Figure 59 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit 148 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 149
. Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol. Select this check box to turn on the nailed up feature for Address Mapping Rule Virtual address mapping over VPN is available with the routing and zero configuration modes. Vantage CNM User's Guide 149 - ZyXEL Vantage CNM | User Guide - Page 150
forwarding rules to allow incoming traffic from the remote network. When you select Many One-to-One in the Type field, enter the beginning IP address of a range of translated IP addresses. 150 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 151
drop-down list box to choose Single Address, Range Address, or Subnet Address. Select Single Address with a single IP address. Select Range Address for a specific range of IP addresses. Select Subnet Address to specify IP addresses on a network by their subnet mask. Vantage CNM User's Guide 151 - ZyXEL Vantage CNM | User Guide - Page 152
remote IPSec router. When the Address Type field is configured to Subnet Address, enter a subnet mask on the network behind the remote IPSec router. Remote Port 0 is the default and signifies any port. Type accessing remote resources are temporarily disconnected. 152 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 153
DH key group. As a VPN setup is processing intensive, the system is vulnerable to Denial of Service (DOS) attacks. The IPSec receiver can detect and reject old or duplicate packets to protect against Click this to discard all changes and return to the main VPN screen. Vantage CNM User's Guide 153 - ZyXEL Vantage CNM | User Guide - Page 154
to save the changes. Click this to discard all changes and return to the main VPN screen. 6.3.5 VPN Rules (Manual) Select a device, click Device Operation in the menu bar and then click Device Configuration > Security > VPN > VPN Rules (Manual) tab to open the VPN 154 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 155
Network Address Type field in the VPN - Manual Key - Edit screen is configured to Range Address. A (static) IP address and a subnet mask are displayed when the Local Network Address Type field in the VPN - Manual Key - Edit screen is configured to Subnet Address. Vantage CNM User's Guide 155 - ZyXEL Vantage CNM | User Guide - Page 156
VPN policy. Click this to modify an existing VPN policy. Select a policy and click Remove to delete the VPN policy. A window displays asking you to confirm that you want to delete the VPN rule. When a VPN policy is deleted, subsequent policies move up in the page list. 156 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 157
(Manual) > Add/Edit The following table describes the labels in this screen. Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Vantage CNM User's Guide 157 - ZyXEL Vantage CNM | User Guide - Page 158
blank to have the device automatically use the address in the Secure Gateway field. Manual Proposal SPI Type a number (base 10) from 1 to 999999 for the Security Parameter Index. Encapsulation Mode Select Tunnel mode or Transport mode from the drop-down list box. 158 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 159
Manual) > Add/Edit (continued) LABEL DESCRIPTION Active Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services . Click this to begin configuring this screen afresh. Vantage CNM User's Guide 159 - ZyXEL Vantage CNM | User Guide - Page 160
30 and 3600 seconds) to wait before the device checks all of the VPN connections to remote IPSec routers. Enter 0 to disable this feature. 160 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 161
updates the domain name and IP address mapping through a DNS server. The device rebuilds the VPN tunnel if it finds that causes fragmentation issues that are affecting your throughput performance, you can manually set a smaller MSS for the TCP packets that are to Vantage CNM User's Guide 161 - ZyXEL Vantage CNM | User Guide - Page 162
display the configuration screen shown next. Note: Before you use the anti-virus feature, you must register for the service (refer to the chapter on registration for more information). Figure 64 Device Operation > Device Configuration > Security > Anti-Virus > General 162 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 163
. Available Service Service This field displays the service names and standard port numbers that identify them. Select a service to display and configure anti-virus settings for it. Active Select Active to enable the anti-virus scanner for the selected service. Vantage CNM User's Guide 163 - ZyXEL Vantage CNM | User Guide - Page 164
use a service (like Guide for more information about any of these screens or fields. 6.5.1 Anti-Spam General Screen Click Device Operation in the menu bar and then click Device Configuration > Security > Anti-Spam > General in the navigation panel to open the Anti- 164 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 165
DESCRIPTION General Setup Enable Anti-Spam Select this check box to check traffic for spam SMTP (TCP port 25 and POP3 (TCP port 110) e-mail. Vantage CNM User's Guide 165 - ZyXEL Vantage CNM | User Guide - Page 166
is the hub in a huband-spoke VPN. This is also the case if you allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the device. The device checks the traffic after decrypting it the mail is classified as spam and the spam score is 25. 166 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 167
Block to have the device drop mail connections to stop the excess e-mail sessions. The e-mail client or server will have to attempt to send or receive e-mail later when the number of e-mail sessions is under the the spam threshold and what to do when no valid spam Vantage CNM User's Guide 167 - ZyXEL Vantage CNM | User Guide - Page 168
Chapter 6 Device Security Settings score is received. You must register for this service before you can use it (see the chapter on registration for details). Figure 66 Device Operation > of classifying legitimate email as spam, but may allow more spam to get through. 168 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 169
registered the device and activated the anti-spam external database service. Trial Active and the trial subscription expiration date display if you have successfully registered the device and activated the anti-spam external database service trial subscription. Vantage CNM User's Guide 169 - ZyXEL Vantage CNM | User Guide - Page 170
spam e-mail. You can create whitelist or blacklist entries based on the sender's IP address or e-mail address. You can also create entries that check for particular MIME headers, MIME header values that individual e-mail. # This field shows the index number of the entry. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 171
is based on the e-mail's source IP address, source e-mail address, an MIME header or the e-mail's subject. This field displays the source IP address, source e-mail address, MIME header or subject content for which to identify spam e-mail. You can create entries based on Vantage CNM User's Guide 171 - ZyXEL Vantage CNM | User Guide - Page 172
. Select IP to have the device check e-mail for a specific source IP address. You can create whitelist IP address entries for e-mail servers on your LAN or DMZ to speed up the device's processing of your outgoing check e-mail for specific content in the subject line. 172 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 173
"def.com". You can also use a wildcard (*). For example, if you configure *def.com, any e-mail address that ends in def.com matches. So "mail.def.com" matches. The wildcard can be anywhere in the text "X-MSMail-Priority: Normal", enter "Normal" here as the MIME value. Vantage CNM User's Guide 173 - ZyXEL Vantage CNM | User Guide - Page 174
see the device's User's Guide for more information about any of these screens or fields. 6.8 General Setup Use this screen to enable IDP on the device and choose what interface(s) you want to protect from intrusions. To open this screen, click a device, click Device 174 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 175
a device's Turbo Card is installed. Note: You cannot configure and save the IDP or Anti-Virus screens if the device's Turbo Card is not installed. Vantage CNM User's Guide 175 - ZyXEL Vantage CNM | User Guide - Page 176
-andspoke VPN. This is also the case if you allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the device. The device all intrusion types supported by the device. Other covers all intrusion types not covered by other types listed. 176 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 177
> Signature > Attack Types TYPE DESCRIPTION DDoS The goal of Denial of Service (DoS) attacks is not to steal information, but to disable a client and the server. In the device, P2P refers to peer-to-peer applications such as eMule, eDonkey, BitTorrent, iMesh etc. Vantage CNM User's Guide 177 - ZyXEL Vantage CNM | User Guide - Page 178
the associated URL does not. Web attack signatures refer to attacks on web servers such as IIS (Internet Information Services). Spam is unsolicited "junk" e-mail sent to large numbers of people traffic meets a signature criteria. You can also change the default action 178 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 179
to go to the "query view" screen. You can take actions on these signatures as described in Section 6.9.3 on page 178. To revert to the default actions or to save sets of actions, go to the Device Vantage CNM User's Guide 179 - ZyXEL Vantage CNM | User Guide - Page 180
intrusion severity. This field displays the computer or network device operating system that the intrusion targets or is vulnerable to the intrusion. These icons represent a Windows operating system, a UNIX-based operating system and a network device, respectively. 180 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 181
to switch between the settings (last partial edited, all selected and all cleared). You can change the default signature action here. See Table 64 on page 179 for more details on actions. Click this button to Switch to query view link to go to this 'query view" screen. Vantage CNM User's Guide 181 - ZyXEL Vantage CNM | User Guide - Page 182
] key if you want to make multiple selections from a list of attributes. Search for signatures by severity level(s) (see Table 63 on page 178). 182 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 183
system that the intrusion targets or is vulnerable to the intrusion. These icons represent a Windows operating system, a UNIX-based operating system and a network device, respectively. Active Select the settings (last partial edited, all selected and all cleared). Vantage CNM User's Guide 183 - ZyXEL Vantage CNM | User Guide - Page 184
to switch between the settings (last partial edited, all selected and all cleared). You can change the default signature action here. See Table 64 on page 179 for more details on actions. Click this button to anomaly rules may be updated when you upload new firmware. 184 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 185
head of the Active column to activate all rules for an anomaly detection method, or select Active for an individual rule to make it active. Vantage CNM User's Guide 185 - ZyXEL Vantage CNM | User Guide - Page 186
downloads. Note: You should have already registered the device at myZyXEL.com (http:// www.myzyxel.com/myzyxel/) and also have either activated the trial license or standard license (iCard). If your license has expired, you will have to renew it before updates are allowed. 186 Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 187
signatures. When you download new signatures using the anti-virus Update screen, IDP signatures are also downloaded. The version number changes zyxel.com/ mysecurity/ to see what the latest version number is. You can also subscribe to signature update e-mail notifications. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 188
, choose Wednesday and 15 from the respective list boxes to have the device check the update server for new signatures at 3PM every Wednesday. Click this button to save your changes back to the device. Click this button to close this screen without saving any changes. 188 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 189
These screens may vary depending on which model you're configuring. Please see the device's User's Guide for more information about any of these screens or fields. 6.12 Content Filter General Screen Click such as Cookies, and/or block access to specific websites. Vantage CNM User's Guide 189 - ZyXEL Vantage CNM | User Guide - Page 190
this check box to enable the content filter. Content filtering works on HTTP traffic that is using TCP ports 80, 119, 3128 or 8080. 190 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 191
pass-through traffic). The external database content filtering service has the Vantage CNM check an external database to find to which category the category of the blocked web page. When Content Filter Server Is Unavailable Select Log to record attempts to access web Vantage CNM User's Guide 191 - ZyXEL Vantage CNM | User Guide - Page 192
Click Content Filter in the Service Name field to open the Blue Coat login screen. 3. Enter your Vantage CNM's MAC address (in lower case) in the Name field. You can find this MAC address in the Service Management screen. Type your myZyXEL.com account password in the Password field and click Submit - ZyXEL Vantage CNM | User Guide - Page 193
the menu bar and then click Device Configuration > Content Filter > Policy in the navigation panel. Figure 77 Device Operation > Device Configuration > Security > Content Filter > Policy Vantage CNM User's Guide 193 - ZyXEL Vantage CNM | User Guide - Page 194
address contains a keyword. Schedule Click the schedule icon to set for which days and times the policy applies. Click the delete icon to remove the content filter policy. You cannot delete the default policy. A window > Content Filter > Policy screen. Use this 194 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 195
Device Security Settings screen to restrict web features and edit the source (user) addresses or ranges of addresses to which the content filter policy applies. Figure 78 Device Operation > Device . Active Select this option to turn on the content filter policy. Vantage CNM User's Guide 195 - ZyXEL Vantage CNM | User Guide - Page 196
the box and click Modify. Highlight an existing source or destination address from the Apply Cancel Configured Address box and click Delete to remove it. Click this to save your customized settings and exit this screen. Click this to exit this screen without saving. 196 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 197
one) only. Select this check box to restrict access to all site categories listed below. Select this check box to clear the selected categories below. Vantage CNM User's Guide 197 - ZyXEL Vantage CNM | User Guide - Page 198
this category excludes pages that advocate or give advice on performing illegal acts such as service theft, evading law enforcement, fraud, burglary techniques and plagiarism. It also includes pages (as long as those pages do not meet one of the above requirements). 198 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 199
weapons, or groups that either support or oppose weapons use. Abortion Selecting companies that sell travel services). Alternative Spirituality/ Occult Selecting sites that endorse or offer methods, means of instruction, or other resources to affect or influence Vantage CNM User's Guide 199 - ZyXEL Vantage CNM | User Guide - Page 200
offer market information, brokerage or trading services. Brokerage/Trading Selecting this category excludes pages that provide information and support game playing or downloading, video games, computer games, support searching the Internet, indices, and directories. 200 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 201
reported is "personal" if it contains uniquely identifying data, such as email addresses, name, social security number, IP address, etc. A site is not classified as spyware if the user is pages that provide chat or instant messaging capabilities or client downloads. Vantage CNM User's Guide 201 - ZyXEL Vantage CNM | User Guide - Page 202
pages that provide or advertise the means to obtain goods or services. It does not include pages that can be classified in other weapons). Auctions Selecting this category excludes pages that support the offering and purchasing of goods between individuals. category. 202 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 203
services. For Kids Selecting this category excludes pages designed specifically for children. Web Advertisements Selecting this category excludes pages that provide online advertisements or banners. This does not include advertising servers that serve adult-oriented advertisements. Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 204
or hosting services. Apply Click addresses for this policy and bad (blocked) web site addresses. You can also block web sites based on whether the web site's address contains a keyword. Use this screen to add or remove specific sites or keywords from the filter list. 204 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 205
the master lists of trusted (allowed) web sites,forbidden (blocked) web sites, and keywords. Figure 80 Device Operation > Device Configuration > Security > Content Filter > Policy > Customizationl Vantage CNM User's Guide 205 - ZyXEL Vantage CNM | User Guide - Page 206
screen where allows you to block websites with URLs that contain certain keywords in the domain name or IP address. Apply Cancel Select the ones to which you want this policy to block in the Available list and screen. Click this to exit this screen without saving. 206 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 207
Setup Content filtering scheduling applies to the filter list, customized sites and keywords. Restricted web server data, such as ActiveX, Java, Cookies and Web Proxy are not affected. Always (s), in 24-hour format, during which content filtering will be enforced. Vantage CNM User's Guide 207 - ZyXEL Vantage CNM | User Guide - Page 208
site addresses, or block web sites based on whether the web site's address contains a keyword.. To open this screen, click a device, click Device Operation in the menu bar and then click Device Configuration > Security > Content Filter > Object in the navigation panel. 208 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 209
URL of the site - that is, do not include "http://". All subdomains are allowed. For example, entering "zyxel.com" also allows "www.zyxel.com", "partner.zyxel.com", "press.zyxel.com", etc. Trusted Web Sites This list displays the trusted web sites already added. Vantage CNM User's Guide 209 - ZyXEL Vantage CNM | User Guide - Page 210
in the cache as well as view those web site addresses to which access has been allowed or blocked based on the responses from the external content filtering server. The device only queries the external content filtering database for sites not found in the cache. 210 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 211
local user database to perform user authentication. By storing user profiles locally, your device is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way. Vantage CNM User's Guide 211 - ZyXEL Vantage CNM | User Guide - Page 212
a password up to 31 characters long for this user profile. Apply Click this to save your changes back to the device. Reset Click this to begin configuring this screen afresh. 6.16.2 RADIUS Use this screen if you want to use an external server to perform authentication. 212 Vantage CNM User - ZyXEL Vantage CNM | User Guide - Page 213
sent over the network. This key must be the same on the external authentication server and device. Enable this feature to do user accounting through an external authentication server. Enter the IP address of the external accounting server in dotted decimal notation. Vantage CNM User's Guide 213 - ZyXEL Vantage CNM | User Guide - Page 214
accounting server and the access points. Apply Reset The key is not sent over the network. This key must be the same on the external accounting server and device. Click this to save your changes back to the device. Click this to begin configuring this screen afresh. 214 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 215
. Please see the device's User's Guide for more information about any of these screens or fields. 7.1 NAT Use this screen to specify what type of NAT the device should use and to configure any global NAT settings. To open this screen, click a device, click Device Vantage CNM User's Guide 215 - ZyXEL Vantage CNM | User Guide - Page 216
NAT on the device. SUA Only Select SUA Only to apply many-to-one mapping only (sufficient if the device has only one public IP address). Full Feature Select Full Feature to avail of multiple mapping types. 216 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 217
copy them from one WAN port to the other. Click this to advance to the selected feature. Click this to begin configuring this screen afresh. Vantage CNM User's Guide 217 - ZyXEL Vantage CNM | User Guide - Page 218
Default Server All Ports In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a default server IP address be forwarded in the second field. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 219
of the translated port range. Server IP Address Type the IP address of the inside server. Apply Click this to save Address Mapping LABEL DESCRIPTION WAN Interface Select the WAN port to use the address mapping rules. # This is the number of an individual entry. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 220
services behind the NAT to be accessible to the outside world. Click this to add or modify an address-mapping rule. Click this to delete the address-mapping rule. Click this to save your changes back to the device. Click this to close this screen without applying any changes. 220 Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 221
Local Start IP address and 255.255.255.255 as the Local End IP address. Global Start IP This field is N/A for One-to-One and Server mapping types. This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. Vantage CNM User's Guide 221 - ZyXEL Vantage CNM | User Guide - Page 222
IP Address (IGA). This field is N/A for One-to-One, Many-to-One and Server mapping server on the WAN uses when it sends out a particular service. The device forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 223
range of ports) that causes (or triggers) the device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Start Port This field displays a port number or the starting > Device Configuration > Advanced > NAT > Trigger Port > Edit Vantage CNM User's Guide 223 - ZyXEL Vantage CNM | User Guide - Page 224
see the device's User's Guide for more information about any of these screens or fields. 7.6 Static Route Use this screen to tell the device about networks that are not directly connected to the device. To open this screen, click a device, click Device Operation in the 224 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 225
. On the LAN, the gateway must be a router on the same segment as the device; over the WAN, the gateway must be the IP address of one of the remote nodes. Edit Click this to set up a static route on the device. Remove Click this to delete a static route. Vantage CNM User's Guide 225 - ZyXEL Vantage CNM | User Guide - Page 226
a router on the same segment as the device; over the WAN, the gateway must be the IP address of one of the Remote Nodes. Metric Metric represents the cost of transmission for routing purposes. IP routing between 1 and 15. In practice, 2 or 3 is usually a good number. 226 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 227
Record The following table describes the labels in this screen. Table 87 Device Operation > Device Configuration > Advanced > DNS > Address Record LABEL DESCRIPTION # This is the number of an individual entry. FQDN This is a host's fully qualified domain name. Vantage CNM User's Guide 227 - ZyXEL Vantage CNM | User Guide - Page 228
of the WAN ports, select Custom and enter the IP address of the host in dotted decimal notation. Enable Wildcard Select the check box to enable DNS wildcard. Apply Click this to save your changes back to the device. Cancel Click this to exit this screen without saving. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 229
which you want to insert a new entry. Click Add to create the entry. Remove Click this to delete an existing record. A window display asking you to confirm that you want to delete the record. Note that subsequent records move up by one when you take this action. Vantage CNM User's Guide 229 - ZyXEL Vantage CNM | User Guide - Page 230
Chapter 7 Device Advanced Settings 7.9.1 Add/Edit a Name Server Record Use this screen to create or edit a name server record. Figure 97 Device Operation > Device Configuration > Advanced > DNS > Name Server Record > Add/Edit 230 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 231
IP address and the IP address of the DNS server as a remote IP address. Apply Cancel Private DNS Server entries with the IP address set to 0.0.0.0 are not allowed. Click this to save your changes back to the device. Click this to exit this screen without saving. Vantage CNM User's Guide 231 - ZyXEL Vantage CNM | User Guide - Page 232
cache before discarding it. Apply Click this to save your changes back to the device. Reset Click this to begin configuring this screen afresh. 232 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 233
). Spaces are not allowed. Token If you have selected WWW.REGFISH.COM as your DNS service provider, you can use a token instead of a user name and password. This token is provided automatically for a domain when activating DynDNS with RegFish. My Domain Names Vantage CNM User's Guide 233 - ZyXEL Vantage CNM | User Guide - Page 234
Type field. Check with your Dynamic DNS service provider to have traffic redirected to a URL address. Note: If you enable high availability, DDNS can also function when the device uses the dial backup port. DDNS does not function when the device uses traffic redirect. 234 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 235
IP address Assigned by DHCP to the DHCP clients. Server Selected Interface Select an interface from the drop-down list box to configure the DNS servers for the specified interface. # This is the number of an individual entry. DNS These read-only labels represent the DNS servers. Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 236
your LAN, or else the computers must have their DNS server addresses manually configured. If you do not configure a DNS server, you must know the IP address of a computer in order to access it. Click Configuration > Advanced > Remote Management in the navigation panel. 236 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 237
Chapter 7 Device Advanced Settings Note: It is recommended that you disable Telnet and FTP when you configure SSH for secure connections. Figure 101 Device Operation > Device Configuration > Advanced > Remote Management Vantage CNM User's Guide 237 - ZyXEL Vantage CNM | User Guide - Page 238
that is allowed to communicate with the device using this service. Select All to allow any computer to access the device using this service. HTTP Choose Selected to just allow the computer with the IP address that you specify to access the device using this service. 238 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 239
using this service. You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Select the interface(s) through which a computer may access the device using this service. Vantage CNM User's Guide 239 - ZyXEL Vantage CNM | User Guide - Page 240
community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. Trap Destination Type the IP address of the station to send your SNMP traps to. SNMP Service Port You may change the server port number for a service if needed, however you - ZyXEL Vantage CNM | User Guide - Page 241
This screen may vary depending on which model you're configuring. Please see the device's User's Guide for more information about any of these screens or fields. 8.1 Device Log Use the Logging Options . Figure 102 Device Operation > Device Configuration > Device Log Vantage CNM User's Guide 241 - ZyXEL Vantage CNM | User Guide - Page 242
Chapter 8 Device Log 242 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 243
enable syslog logging. Syslog Server IP Address Select an instance of Vantage Report (see Section 30.6 on page 571) or select User Define and enter the server IP address of the syslog server that will log the (for example 23:00 equals 11:00 pm) to send the logs. Vantage CNM User's Guide 243 - ZyXEL Vantage CNM | User Guide - Page 244
server to another. User Name Password Log password associated with the user name above. Select the categories of logs that you want to record. Logs include alerts. Select the categories of alerts for which you want the device to instantly e-mail alerts to the e-mail address Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 245
on page 38 for the device model and the corresponding firmware version CNM supports. Note: The examples in this section use one of the most unable to find a specific screen or field in this User's Guide, please see the User's Guide for the device for more information. Device Network Settings (247) - ZyXEL Vantage CNM | User Guide - Page 246
246 - ZyXEL Vantage CNM | User Guide - Page 247
in this screen. Table 96 Device Operation > Device Configuration > Network > Interface > Ethernet (ZLD ZyWALL) LABEL DESCRIPTION # This field is a sequential value, and it is not associated with any interface. Name This field displays the name of the interface. Vantage CNM User's Guide 247 - ZyXEL Vantage CNM | User Guide - Page 248
address assignment, interface parameters, RIP settings, OSPF settings, DHCP settings, and connectivity check settings. To access this screen, click an Edit icon next to an interface in the Device Operation > Device Configuration > Network > Interface > Ethernet screen. 248 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 249
Chapter 9 Device Network Settings The screen for each interface may vary depending on your device model and the interface's role. Figure 104 Device Operation > Device Configuration > Network > Interface > Ethernet > Edit (WAN) Vantage CNM User's Guide 249 - ZyXEL Vantage CNM | User Guide - Page 250
Chapter 9 Device Network Settings Figure 105 Device Operation > Device Configuration > Network > Interface > Ethernet > Edit (non-WAN) 250 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 251
have the same priority, the ZyWALL uses the one that was configured first. Interface Parameters Upstream Bandwidth Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576. Vantage CNM User's Guide 251 - ZyXEL Vantage CNM | User Guide - Page 252
data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments. Allowed values are 576 - 1500. Usually, this value is 1500. RIP . As a result, this interface only receives routing information. 252 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 253
The DHCP server(s) may be on another network. DHCP Server - the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to the network. The ZyWALL is the DHCP server for the network. These fields appear if the ZyWALL is a DHCP Relay. Vantage CNM User's Guide 253 - ZyXEL Vantage CNM | User Guide - Page 254
- select this to enter how long IP addresses are valid. Click this to configure static IP addresses for the ZyWALL to assign to computers connected to this interface. Click this to save your changes back to the device. Click this to exit this screen without saving. 254 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 255
Device Network Settings 9.1.2 Adding Virtual Interfaces This screen lets you configure IP address assignment and interface parameters for virtual interfaces. To access this screen, this to enable this virtual interface. Clear this to disable this virtual interface. Vantage CNM User's Guide 255 - ZyXEL Vantage CNM | User Guide - Page 256
to the ZyWALL. Cancel Click Cancel to exit this screen without saving. 9.2 WLAN General Use this screen to configure basic settings for a wireless network. To open this screen, click Device Operation > Device Configuration > Network > Interface > WLAN > General. 256 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 257
Chapter 9 Device Network Settings Note: This screen is only available on ZyWALLs that support WLAN. Figure 108 Device Operation > Device Configuration > Network > Interface > WLAN > General The settings before you use this option to turn on a wireless LAN card. Vantage CNM User's Guide 257 - ZyXEL Vantage CNM | User Guide - Page 258
IP address is a static IP address (STATIC) or dynamically assigned (DHCP). IP addresses are always static in virtual interfaces. This field displays the interface's subnet mask in dot decimal notation. This field displays what type of security the WLAN interface uses. 258 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 259
the ZyWALL's local user database to use WPA or WPA2 without using an external RADIUS server. With WPA or WPA2, users have to log into the wireless network before using it. This is called user authentication. WPA and WPA2 are also called the enterprise version of WPA). Vantage CNM User's Guide 259 - ZyXEL Vantage CNM | User Guide - Page 260
as shown next when you set the Security Type to none. Figure 109 Device Operation > Device Configuration > Network > Interface > WLAN > General > Add (No Security) 260 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 261
. Maximum Associations Specify the highest number of wireless clients that are allowed to connect to the wireless interface at the same time. WLAN Security Settings Vantage CNM User's Guide 261 - ZyXEL Vantage CNM | User Guide - Page 262
The DHCP server(s) may be on another network. DHCP Server - the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to the network. The ZyWALL is the DHCP server for the network. These fields appear if the ZyWALL is a DHCP Relay. 262 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 263
RIP days, hours, and minutes - select this to enter how long IP addresses are valid. Click Edit static DHCP table this to configure static IP addresses for the ZyWALL to assign to computers connected to this interface. Select this to enable RIP in this interface. Vantage CNM User's Guide 263 - ZyXEL Vantage CNM | User Guide - Page 264
RIP-2 packets using subnet broadcasting; otherwise, the ZyWALL uses multicasting. OSPF Setting Area Select the area in password for MD5 authentication. The password can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long. 264 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 265
DESCRIPTION OK Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. or WPA or WPA2 if your wireless devices support it. If your wireless devices support nothing stronger than WEP, use the highest (WEP Security) Vantage CNM User's Guide 265 - ZyXEL Vantage CNM | User Guide - Page 266
WPA2-PSK Security WPA-PSK or WPA2-PSK security has all of the WLAN interface's users share the same password (pre-shared key). To configure and enable WPA-PSK or WPA2-PSK security, click the Add (or Network > Interface > WLAN > General > Add (WPA-PSK/WPA2-PSK Security) 266 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 267
to authenticate the user names and passwords. To configure and enable WPA or WPA2 security, click the Add (or Edit) icon next to a wireless interface in the Device Operation > Device Configuration > Network > Interface > WLAN > General to open the WLAN Edit screen. Vantage CNM User's Guide 267 - ZyXEL Vantage CNM | User Guide - Page 268
user. The ZyWALL's default configuration also includes an authentication method object named "default" that you can use. You can configure the "default" authentication method object, but it's default configuration uses the ZyWALL's local database for authentication. 268 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 269
supported in WPA-PSK mode. 9.2.5 WLAN Interface MAC Filter The MAC filter allows you to give specific wireless clients exclusive access to the ZyWALL (allow association) or block specific devices from accessing the ZyWALL (deny association) based on the devices' MAC addresses. Vantage CNM User - ZyXEL Vantage CNM | User Guide - Page 270
icon next to it. The edit screen appears. Apply Reset To remove an entry, click the Remove icon next to it. The ZyWALL confirms you want to remove it before doing so. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 271
XX:XX format) of the wireless station that is to be allowed or denied access to the ZyWALL. Description Enter a descriptive name for the MAC address entry. OK Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. Vantage CNM User's Guide 271 - ZyXEL Vantage CNM | User Guide - Page 272
before doing so. 9.3.1 VLAN Add/Edit This screen lets you configure IP address assignment, interface bandwidth parameters, DHCP settings, and connectivity check for each VLAN interface. To access this screen, click the Add icon at the top of the Add column or click an 272 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 273
in the Device Operation > Device Configuration > Network > Interface > VLAN screen. The following screen appears. Figure 116 Device Operation > Device Configuration > Network > Interface > VLAN > Add/Edit Vantage CNM User's Guide 273 - ZyXEL Vantage CNM | User Guide - Page 274
, the DHCP server configures the IP address, subnet mask, and gateway automatically. Use Fixed IP Address You should not select this if the interface is assigned to a VRRP group. Select this if you want to specify the IP address, subnet mask, and gateway manually. 274 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 275
. The ZyWALL is the DHCP server for the network. These fields appear if the ZyWALL is a DHCP Relay. Relay Server 1 Enter the IP address of a DHCP server for the network. Relay Server 2 This field is optional. Enter the IP address of another DHCP server for the network. Vantage CNM User's Guide 275 - ZyXEL Vantage CNM | User Guide - Page 276
that another interface received from its DHCP server. ZyWALL - the DHCP clients use the IP address of this interface and the ZyWALL works as a DNS relay. First WINS Server, Second WINS Server Type the IP address of the WINS (Windows Internet Naming Service) server that you want to send to the - ZyXEL Vantage CNM | User Guide - Page 277
ZyWALL stops routing through the gateway. Ping Default Gateway Select this to use the default gateway for the connectivity check. Ping this address Select this to specify a domain name or IP address interface. Name This field displays the name of the interface. Vantage CNM User's Guide 277 - ZyXEL Vantage CNM | User Guide - Page 278
doing so. 9.4.1 Bridge Add/Edit This screen lets you configure IP address assignment, interface bandwidth parameters, DHCP settings, and connectivity check for each bridge interface. To access this screen, click the Add icon at the top of the Add column or click an 278 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 279
Chapter 9 Device Network Settings Edit icon in the Device Operation > Device Configuration > Network > Interface > Bridge screen. The following screen appears. Figure 120 Device Operation > Device Configuration > Network > Interface > Bridge > Add/Edit Vantage CNM User's Guide 279 - ZyXEL Vantage CNM | User Guide - Page 280
gateway (the ISP) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first. Interface Parameters 280 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 281
, the IP Pool Start Address must also be blank. In this case, the ZyWALL can assign every IP address allowed by the interface's IP address and subnet mask, except for the first address (network address), last address (broadcast address) and the interface's IP address. Vantage CNM User's Guide 281 - ZyXEL Vantage CNM | User Guide - Page 282
the gateway. Ping Default Gateway Select this to use the default gateway for the connectivity check. Ping this address Select this to specify a domain name or IP address for the connectivity check. Enter that domain name or IP address in the field next to it. 282 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 283
Add/Edit (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. 9.5 PPPoE/PPTP Interface Summary Note: any interface. Name This field displays the name of the interface. Vantage CNM User's Guide 283 - ZyXEL Vantage CNM | User Guide - Page 284
ZyWALL. This field displays the ISP account used by this PPPoE/PPTP interface. Add Click this to create a new PPPoE/PPTP interface. Edit Click the Edit icon next to an interface to edit it. Remove Click this next to an interface to remove it. The Vantage CNM . 284 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 285
Chapter 9 Device Network Settings Note: Fields may vary in this screen depending on different ZyWALL models. Figure 123 Device Operation > Device Configuration > Network > Interface > PPPoE/PPTP > Edit Vantage CNM User's Guide 285 - ZyXEL Vantage CNM | User Guide - Page 286
read-only and displays the name of the PPP interface. The format is the name of the physical port followed by "ppp". For example, "wan1_pppoe". Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 287
Select this to have the ZyWALL establish the PPPoE/PPTP connection password. Then re- to make sure that you have entered is correctly. This field is optional. It displays the PPPoE service name specified in the ISP account. This field is blank if the ISP account uses PPTP. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 288
method that the gateway allows. Select icmp to have the ZyWALL regularly ping the gateway you specify to make sure it is still available. Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to make sure it is still available. 288 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 289
this address Select this to specify a domain name or IP address for the connectivity check. Enter that domain name or IP address in the field next to it. Apply Click Apply to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 290
and it can be up to 60 characters long. Port Speed Select the speed of the connection between the ZyWALL and external computer. Dialing Type Tone - select this if the telephone uses tone-based dialing. Pulse - select this if the telephone uses pulse-based dialing. 290 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 291
manual ZyWALL should wait for traffic before it automatically disconnects the connection. Set this field to zero to disable the idle timeout. Allowed values are 0 - 360. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 292
that each is configured to use. Figure 126 Device Operation > Device Configuration > Network > Interface > Trunk Figure 127 Device Operation > Device Configuration > Network > Interface > Trunk 292 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 293
address, the file server would deny the request. Timeout Apply Reset Name Algorithm Add Edit Remove This setting applies when you use load balancing and have multiple WAN interfaces set to active mode. Specify for how long the ZyWALL icon next to a trunk to remove it. Vantage CNM User's Guide 293 - ZyXEL Vantage CNM | User Guide - Page 294
Load First Figure 129 Device Operation > Device Configuration > Network > Interface > Trunk > Edit - Weighted Round Robin Figure 130 Device Operation > Device Configuration > Network > Interface > Trunk 294 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 295
group member. If you select an interface that is part of another Ethernet interface, the ZyWALL does not send traffic through the interface as part of the trunk. For example, if as a member here, the ZyWALL will not send traffic through port 5 as part of the trunk. Vantage CNM User's Guide 295 - ZyXEL Vantage CNM | User Guide - Page 296
. In the field that appears, specify the number to which you want to move the interface. Click Apply to save your changes back to the ZyWALL. Click Cancel to exit this screen without saving. 296 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 297
bridge interface. Select one, and click the deselect arrow to remove it from the bridge interface. Click Apply to save your changes back to the ZyWALL. Click Cancel to exit this screen without saving. Vantage CNM User's Guide 297 - ZyXEL Vantage CNM | User Guide - Page 298
lists all of the selected ZyWALL's interfaces and gives packet statistics for them. Click Device Operation > Device Configuration > Network > Interface > Summary to access this screen. Figure 132 Device Operation > Device Configuration > Network > Interface > Summary 298 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 299
interface is disabled, it does not appear in the list. For WLAN interfaces: Up - The WLAN interface is enabled. Down - The WLAN interface is disabled. Vantage CNM User's Guide 299 - ZyXEL Vantage CNM | User Guide - Page 300
can include the user name, source address and incoming interface, destination address, schedule, IP protocol (ICMP, UDP, TCP, etc.) and port. The actions that can be taken include: • Routing the packet to a different gateway, outgoing interface, VPN tunnel, or trunk. 300 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 301
Enable BWM This is a global setting for enabling or disabling bandwidth management on the ZyWALL. You must enable this setting to have individual policy routes or application patrol policies apply object from which the packets are sent. any means all users. Vantage CNM User's Guide 301 - ZyXEL Vantage CNM | User Guide - Page 302
are applied in order of their numbering. This field displays the total number of policy routes. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. 302 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 303
labels in this screen. Table 119 Device Operation > Device Configuration > Network > Routing > Policy Route > Edit LABEL DESCRIPTION Configuration Enable Select this to activate the policy. Vantage CNM User's Guide 303 - ZyXEL Vantage CNM | User Guide - Page 304
Type field. Select an interface to have the ZyWALL send traffic that matches the policy route through the specified interface. Use this section to configure NAT for the policy route. This section does not apply to policy routes that use a VPN tunnel as the next hop. 304 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 305
defined address (group) to use as the source IP address(es server. The incoming service should have the same service or protocol type as what you configured in the Service field. Trigger Service Select a service that a remote server sends. It causes (triggers) the ZyWALL Vantage CNM User's Guide 305 - ZyXEL Vantage CNM | User Guide - Page 306
priority, then bandwidth is divided equally amongst those routes. Select this check box to have the ZyWALL divide up all of the interface's unallocated and/or unused bandwidth among the policy routes that > Device Configuration > Network > Routing > Static Route 306 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 307
is the destination IP address. Subnet Mask This is the IP subnet mask. Next-Hop This is the IP address of the next-hop route on the ZyWALL. Total Records Click the Remove icon to delete an existing static route from the ZyWALL. A window displays asking you > Add Vantage CNM User's Guide 307 - ZyXEL Vantage CNM | User Guide - Page 308
IP network address of ZyWALL can also redistribute routing information from non-RIP networks, specifically OSPF networks and static routes, to the RIP network. Costs might be calculated differently, however, so you use the Metric field to specify the cost in RIP terms. 308 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 309
Key This field is available if the Authentication is MD5. Type the password for MD5 authentication. The password can consist of alphanumeric characters and the underscore, and it can be sources of routing information that the ZyWALL can advertise in the RIP network. Vantage CNM User's Guide 309 - ZyXEL Vantage CNM | User Guide - Page 310
settings. 9.13 The OSPF Screen Use the first OSPF screen to specify the OSPF router the ZyWALL uses in the OSPF AS and maintain the policies for redistribution. In addition, it provides a . Figure 138 Device Operation > Device Configuration > Network > Routing > OSPF 310 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 311
-bit ID the ZyWALL uses in the OSPF AS. Default - the highest available IP address assigned to the interfaces is the ZyWALL's ID. Redistribute Active User Define - enter the ID (in IP address format) in the confirms that you want to delete the area before doing so. Vantage CNM User's Guide 311 - ZyXEL Vantage CNM | User Guide - Page 312
button to save your changes to the ZyWALL. Reset Click this button to return 32-bit identifier for the area in IP address format. Type Select the type of area. networks outside the OSPF AS. It depends on a default route to send information outside the OSPF AS. NSSA Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 313
the password for text authentication. The key can consist of alphanumeric characters and the underscore, and it can be up to 8 characters long. This field is available if the Authentication is MD5. Type the default ID for MD5 authentication in the area. The ID can be between 1 and 255. Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 314
is available if the Authentication is MD5. Type the default password for MD5 authentication in the area. The password can consist of alphanumeric characters and the underscore, and save your changes back to the ZyWALL. Click Cancel to exit this screen without saving. 314 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 315
screens may vary depending on which model you're configuring. Please see the device's User's Guide for more information about any of these screens or fields. 10.1 The Firewall Screen Click Device direction. Figure 140 Device Operation > Device Cofniguration > Firewall Vantage CNM User's Guide 315 - ZyXEL Vantage CNM | User Guide - Page 316
that does not match any other traffic direction. Only the access right and log alert are configurable for the default firewall rule. To apply other behavior, configure a firewall rule that traffic will match so the ZyWALL will not have to use its default behavior. 316 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 317
address object to which this firewall rule applies. Service This displays the service Remove icon to delete an existing rule from the ZyWALL. A window displays asking you to confirm that you want to delete ZyWALL. Click Reset to begin configuring this screen afresh. Vantage CNM User's Guide 317 - ZyXEL Vantage CNM | User Guide - Page 318
ZyWALL itself. Enter a descriptive name of up to 60 printable ASCII characters for the firewall rule. Spaces are allowed. Select a schedule that defines when the rule applies or select Create Object to configure a new one. Otherwise, select none and the rule is always effective. 318 Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 319
Service Access Log OK Cancel Note: If you specified a source IP address (group) instead of any in the field below, the user's IP address should be within the IP address range. Select a source address or address whether to have the ZyWALL generate a log ( default limit Vantage CNM User's Guide 319 - ZyXEL Vantage CNM | User Guide - Page 320
concurrent sessions hosts limit can have. Default Session Use this field to set address object to which this session limit rule applies. This is the descriptive information for this rule. This is how many concurrent sessions this user or address is allowed to have. 320 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 321
current entry. Click the Remove icon to delete an existing rule from the ZyWALL. A window displays asking you to confirm that you want to delete the rule. Note users or addresses. Figure 143 Device Operation > Device Cofniguration > Firewall > Session Limit > Edit Vantage CNM User's Guide 321 - ZyXEL Vantage CNM | User Guide - Page 322
can have. For this rule's users and addresses, this setting overrides the Default Session per Host setting in the general Firewall Session Limit screen. Click OK to save your customized settings and exit this screen. Click Cancel to exit this screen without saving. 322 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 323
connection requires a corresponding policy route. Dynamic IPSec VPN rules only require a corresponding policy route if you select Use Policy Route to control dynamic IPSec rules. Vantage CNM User's Guide 323 - ZyXEL Vantage CNM | User Guide - Page 324
this if you want to use policy routes to manually specify the destination addresses of dynamic IPSec rules. You must configure a fragment" bit in the header turned on. When you clear this the ZyWALL drops packets larger than the MTU that have the "don't" fragment" bit . 324 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 325
the associated VPN gateway(s). If there is no VPN gateway, this field displays "manual key". Encapsulation This field displays what encapsulation the IPSec SA uses. Algorithm This specific VPN gateway in the VPN Gateway field before the following screen appears. Vantage CNM User's Guide 325 - ZyXEL Vantage CNM | User Guide - Page 326
Chapter 11 IPSec VPN Figure 145 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (IKE) 326 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 327
and latency (delay). Proposal # The ZyWALL and remote IPSec router must use the same active protocol. This field is a sequential value, and it is not associated with a specific proposal. The sequence of proposals should not affect performance significantly. Vantage CNM User's Guide 327 - ZyXEL Vantage CNM | User Guide - Page 328
-bit key with the AES encryption algorithm AES256 - a 256-bit key with the AES encryption algorithm The ZyWALL and the remote IPSec router must both have at least one proposal that uses use the same encryption and the . Both routers must use the same DH key group. 328 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 329
Denial-of-Service attacks. Enable NetBIOS broadcast over IPSec Select this check box if you the ZyWALL to send NetBIOS Port Check Period Select tcp to have the ZyWALL regularly perform a TCP handshake with the address you specify to make sure traffic can still Vantage CNM User's Guide 329 - ZyXEL Vantage CNM | User Guide - Page 330
IP address. Log Select this to have the ZyWALL generate address range (SNAT). Destination Select the address object that represents the original destination address (or select Create Object to configure a new one). This is the address object for the local network. 330 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 331
changes and return to the main VPN screen. 11.1.2 IPSec VPN Connection Add/Edit (Manual Key) If you want to use a manual key instead of an IKE key, select manual key in the VPN Connection Add/Edit screen. This is useful if you have problems with IKE key management. Vantage CNM User's Guide 331 - ZyXEL Vantage CNM | User Guide - Page 332
Add/Edit (Manual Key) LABEL DESCRIPTION Manual Key SPI services offered by AH, but its authentication is weaker. If you select ESP, you must select an Encryption Algorithm and Authentication Algorithm. The ZyWALL and remote IPSec router must use the same protocol. 332 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 333
> Device Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (Manual Key) (continued) LABEL DESCRIPTION Encryption Algorithm This field is applicable when the Active , but it is also slower. The ZyWALL and remote IPSec router must use the same algorithm. Vantage CNM User's Guide 333 - ZyXEL Vantage CNM | User Guide - Page 334
/Edit (Manual Key) ZyWALL ignores any characters above the minimum number of characters required by the algorithm. For example, if you enter 12345678901234567890 for a MD5 authentication key, the ZyWALL only uses 1234567890123456. The ZyWALL still stores the longer key. 334 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 335
My address This field displays the interface or a domain name the ZyWALL uses for the VPN gateway. Secure Gateway This field displays the IP address(es) of the remote IPSec routers. VPN Connection This field displays VPN connections that use this VPN gateway. Vantage CNM User's Guide 335 - ZyXEL Vantage CNM | User Guide - Page 336
screen, go to the VPN Gateway summary screen (see Section 11.2 on page 335), and click either the Add icon or an Edit icon. 336 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 337
Chapter 11 IPSec VPN Figure 148 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway > Edit Vantage CNM User's Guide 337 - ZyXEL Vantage CNM | User Guide - Page 338
to use to negotiate the IKE SA. Choices are Main - this encrypts the ZyWALL's and remote IPSec router's identities but takes more time to establish the IKE Remove icon next to the proposal. The Vantage CNM confirms that you want to delete the proposal before doing so. 338 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 339
IKE SA is the IP address of the interface. If you select Domain Name, enter the domain name or the IP address of the ZyWALL. The IP address of the ZyWALL in the IKE SA is the specified IP address or the IP address corresponding to the domain name. 0.0.0.0 is invalid. Vantage CNM User's Guide 339 - ZyXEL Vantage CNM | User Guide - Page 340
trust each other's certificates. The ZyWALL uses one of its Trusted Certificates to authenticate the remote IPSec router's certificate. The trusted certificate can be a self-signed certificate or that of a trusted CA that signed the remote IPSec router's certificate. 340 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 341
by an e-mail address Any - the ZyWALL does not check the identity of the remote IPSec router If the ZyWALL and remote IPSec router use certificates, there is one more choice. Subject Name - the remote IPSec router is identified by the subject name in the certificate Vantage CNM User's Guide 341 - ZyXEL Vantage CNM | User Guide - Page 342
the ZyWALL is identified by an e-mail address; you server. Select this if the ZyWALL authenticates the user name and password from the remote IPSec router. You also have to select the authentication method, which specifies how the ZyWALL authenticates this information. 342 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 343
Gateway > Edit (continued) LABEL DESCRIPTION Client Mode Select this radio button if the ZyWALL provides a username and password to the remote IPSec router for authentication. You also have to provide the User Name . You might also be able to consolidate the policy Vantage CNM User's Guide 343 - ZyXEL Vantage CNM | User Guide - Page 344
Chapter 11 IPSec VPN routes in each spoke router, depending on the IP addresses and subnets of each spoke. However a VPN concentrator is not for every situation. The hub router the concentrator. The Web Configurator confirms that you want to delete the VPN concentrator. 344 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 345
that you want to remove from the VPN concentrator, and click the deselect arrow to remove them. Click Apply to save your changes in the ZyWALL. Click Cancel to exit this screen without saving. Vantage CNM User's Guide 345 - ZyXEL Vantage CNM | User Guide - Page 346
Chapter 11 IPSec VPN 346 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 347
SSL VPN 12.1 Overview Use SSL VPN to allow users to use a web browser for secure remote user login (the remote users do not need a VPN router or VPN client software. 12.2 The SSL Access associated to an SSL access policy. This field displays up to three names. Vantage CNM User's Guide 347 - ZyXEL Vantage CNM | User Guide - Page 348
a policy, click the Remove icon next to the policy. To rearrange a policy in the list, click the Move to N icon next to the policy. 348 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 349
policy, click the Add or Edit icon in the Access Privilege screen. Figure 153 Device Operation > Device Configuration > VPN > SSL VPN > Access Privilege > Add/Edit Vantage CNM User's Guide 349 - ZyXEL Vantage CNM | User Guide - Page 350
. Define a separate pool of IP addresses to assign to the SSL users. Select it here. DNS/WINS Server 1..2 Network List The SSL VPN IP pool cannot overlap with IP addresses on the ZyWALL's local networks (LAN and DMZ for in the Member list and click the deselect arrow. 350 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 351
default settings unless it conflicts with another interface. Message Login Message Specify a message to display on the screen when a user logs in and an SSL VPN connection is established successfully. You can enter up to 60 characters ("a-z", A-Z", "0-9") with spaces allowed. Vantage CNM User - ZyXEL Vantage CNM | User Guide - Page 352
. Apply Click Apply to save the changes and/or start the logo file upload process. Reset Click Reset to start configuring this screen again. 352 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 353
included with their computers' operating systems to securely connect to the network behind the ZyWALL. The remote users do not need their own IPSec gateways or VPN client software Use this screen to configure the selected ZyWALL's L2TP VPN settings on the Vantage CNM. Vantage CNM User's Guide 353 - ZyXEL Vantage CNM | User Guide - Page 354
, select any to allow any user with a valid account and password on the ZyWALL to log in. The ZyWALL sends a Hello message after waiting this long without receiving any traffic from the remote user. The ZyWALL disconnects the VPN tunnel if the remote user does not respond. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 355
IP addresses that they are currently using. Type the IP addresses of up to two WINS servers to assign to the remote users. You can specify these IP addresses two ways. Click Apply to save your changes in the ZyWALL. Click Cancel to start configuring this screen afresh. Vantage CNM User's Guide 355 - ZyXEL Vantage CNM | User Guide - Page 356
Chapter 13 L2TP VPN 356 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 357
CHAPTER 14 Object The screens explained settings about user/group, address, service, schedule, AAA server, authentication method, certificate and SSL application objects. The menus and each user. Description This field displays the description for each user. Vantage CNM User's Guide 357 - ZyXEL Vantage CNM | User Guide - Page 358
contain the following characters: • Alphanumeric A-z 0-9 (there is no unicode support) • _ [underscores] • - [dashes] The first character must be ftp • lp • mail • radius-users • root • uucp • zyxel • bin • games • news • shutdown • daemon • halt • nobody • sshd 358 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 359
user, if any. You can use up to 60 printable ASCII characters. Default descriptions are provided. If you want to set authentication timeout to a value other than the default settings, select Use Manual Settings then fill your preferred values in the fields that follow. Vantage CNM User's Guide 359 - ZyXEL Vantage CNM | User Guide - Page 360
this user can be logged into the ZyWALL in one session before the user has login to the Web Configurator, and click Device Operation > Device Configuration > Object > User/Group > Group. Figure 159 Device Operation > Device Configuration > Object > User/Group > Group 360 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 361
14.2 on page 360), and click either the Add icon or an Edit icon. Figure 160 Device Operation > Device Configuration > Object > User/Group > Group > Add Vantage CNM User's Guide 361 - ZyXEL Vantage CNM | User Guide - Page 362
your changes. 14.3 Setting Screen The Setting screen controls default settings, login settings, lockout settings, and other user settings for the ZyWALL. You can also use this screen to specify when users must log in to the ZyWALL before it routes traffic for them. 362 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 363
Chapter 14 Object To access this screen, login to the Web Configurator, and click Device Operation > Device Configuration > Object > Object > User/Group > Setting. Figure 161 Device Operation > Device Configuration > Object > User/Group > Setting Vantage CNM User's Guide 363 - ZyXEL Vantage CNM | User Guide - Page 364
users. Select this check box if you want the ZyWALL to monitor how long each access user is logged in and idle (in other words, there is no traffic for this access user). The ZyWALL automatically logs out the access user once the User idle timeout has been reached. 364 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 365
default, LAN users do not have to log into the ZyWALL. Click a column's heading cell to sort the table entries by that column's criteria. Click the heading cell again to reverse the sort order. # This field is a sequential value, and it is not associated with a specific condition. Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 366
for the selected type of user account. These default authentication timeout settings also control the settings for any existing user accounts that are set to use the default settings. You can still manually configure any user account's authentication timeout settings. 366 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 367
- this user has access to the ZyWALL's services but cannot look at the configuration • Ext-User - this user account is maintained in a remote server, such as RADIUS or LDAP. Enter changes back to the ZyWALL. Click Cancel to exit this screen without saving your changes. Vantage CNM User's Guide 367 - ZyXEL Vantage CNM | User Guide - Page 368
not have to log in to the ZyWALL before their HTTP traffic can pass through the ZyWALL. Figure 163 Device Operation > Device Configuration any if this condition applies to traffic from all destination addresses. Select the schedule object that specifies when this condition Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 369
, and it is not associated with a specific address. Name This field displays the configured name of each address object. Type This field displays the type of each address object. "INTERFACE" means the object uses the settings of one of the ZyWALL's interfaces. Vantage CNM User's Guide 369 - ZyXEL Vantage CNM | User Guide - Page 370
to create a new address or edit an existing one. To access this screen, go to the Address screen (see Section 14.4 on page 369), and click either the Add icon or an Edit icon. Figure 165 Device Operation > Device Configuration > Object > Address > Address > Add/Edit 370 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 371
back to the ZyWALL. Click Cancel to exit this screen without saving your changes. 14.4.2 Address Group Summary Screen The Address Group screen provides a summary of all address groups. To access this screen, click Device Operation > Device Configuration > Object > Vantage CNM User's Guide 371 - ZyXEL Vantage CNM | User Guide - Page 372
Edit icon next to the address group. Total Records To delete an address group, click on the Remove icon next to the address group. The Web Configurator confirms that you want to delete the address group. This field displays the total number of address group entries. 372 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 373
objects that have been added to the address group. The order of members is not important. To remove members, select them and click the deselect arrow. Click Apply to save your changes back to the ZyWALL. Click Cancel to exit this screen without saving your changes. Vantage CNM User's Guide 373 - ZyXEL Vantage CNM | User Guide - Page 374
Size Select the number of services you want to appear per page here. # This field is a sequential value, and it is not associated with a specific service. Name This field displays the name of each service. Content This field displays a description of each service. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 375
to create a new service or edit an existing one. To access this screen, go to the Service screen (see Section 14.5 on page 374), and click either the Add icon or an Edit icon. Figure 169 Device Operation > Device Configuration > Object > Service > Service > Add/Edit Vantage CNM User's Guide 375 - ZyXEL Vantage CNM | User Guide - Page 376
to the ZyWALL. Click Cancel to exit this screen without saving your changes. 14.6 The Service Group Summary Screen The Service Group summary screen provides a summary of all service groups. In addition, this screen allows you to add, edit, and remove service groups. 376 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 377
Edit icon next to the service group. Total Records To delete a service group, click on the Remove icon next to the service group. The Web Configurator confirms that you want to delete the service group. This field displays the total number of service group entries. Vantage CNM User's Guide 377 - ZyXEL Vantage CNM | User Guide - Page 378
group objects that have been added to the service group. The order of members is not important. To remove members, select them and click the left arrow. Click Apply to save your changes back to the ZyWALL. Click Cancel to exit this screen without saving your changes. 378 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 379
The Schedule Summary Screen The Schedule summary screen provides a summary of all schedules in the ZyWALL. To access this screen, click Device Operation > Device Configuration > Object > Schedule. Figure This field displays the total number of one time schedule entries. Vantage CNM User's Guide 379 - ZyXEL Vantage CNM | User Guide - Page 380
the Add icon or an Edit icon in the One Time section. Figure 173 Device Operation > Device Configuration > Object > Schedule > Add/ Edit (One Time) 380 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 381
ZyWALL. Click Cancel to exit this screen without saving your changes. 14.7.2 The Recurring Schedule Add/Edit Screen The Recurring Schedule Add/Edit screen allows you to define a recurring schedule or edit an existing one. To access this screen, go to the Schedule screen Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 382
Minute - 0 - 59 The Hour and Minute fields are both required. To set all day (24 hours), configure the start hour and minute both to 0. 382 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 383
23 and minute to 59. Select each day of the week the recurring schedule is effective. Click Apply to save your changes back to the ZyWALL. Click Cancel to exit this screen without saving your changes. Vantage CNM User's Guide 383 - ZyXEL Vantage CNM | User Guide - Page 384
Chapter 14 384 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 385
> AAA Server > Active Directory (or LDAP) > Default LABEL DESCRIPTION Host Enter the IP address (in server. Port Specify the port number on the AD or LDAP server to which the ZyWALL sends authentication requests. Enter a number between 1 and 65535. The default is 389. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 386
server or more than one LDAP server for user authentication in a network. You can create up to 16 AD server groups with up to four members in each group on the ZyWALL. You can also create up to 16 LDAP server groups with up to four members in each group on the ZyWALL. 386 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 387
describes the labels in this screen. Table 159 Device Operation > Device Configuration > Object > AAA Server > Active Directory (or LDAP) > Group LABEL DESCRIPTION Page Size Select how many entries you want . This field displays the total number of group entries. Vantage CNM User's Guide 387 - ZyXEL Vantage CNM | User Guide - Page 388
characters). for identification purposes. Port Specify the port number on the AD or LDAP server(s) to which the ZyWALL sends authentication requests. Enter a number between 1 and 65535. This port number should be the same on all AD or LDAP server(s) in this group. 388 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 389
LDAP server. You can add up to four AD or LDAP member servers. Total Records Apply Cancel Click Remove to remove an AD or LDAP server. This field displays the total number of host member entries. Click Apply to save the changes. Click Cancel to discard the changes. Vantage CNM User's Guide 389 - ZyXEL Vantage CNM | User Guide - Page 390
RADIUS server. In this case, user authentication fails. Apply Reset Search timeout occurs when either the user information is not in the RADIUS server or the RADIUS server is down. Click Apply to save the changes. Click Reset to start configuring this screen again. 390 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 391
describes the labels in this screen. Table 162 Device Operation > Device Configuration > Object > AAA Server > RADIUS > Group LABEL DESCRIPTION Page Size Select how many entries you want to display on This field displays the total number of RADIUS group entries. Vantage CNM User's Guide 391 - ZyXEL Vantage CNM | User Guide - Page 392
the user information is not in the RADIUS server or the RADIUS server is down. The ordering of the RADIUS servers is important as the ZyWALL uses the RADIUS servers for user authentication in the order they appear in this table. This field displays the index number. 392 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 393
Enter the IP address (in dotted decimal notation) or the domain name (up to 63 alphanumeric characters) of a RADIUS server. Authentication Port The default port of the RADIUS server for authentication is 1812. You need not change this value unless your network administrator instructs you to do - ZyXEL Vantage CNM | User Guide - Page 394
servers you specify, the ZyWALL does not continue the search on the second authentication server when you enter the username and password that doesn't match the one on the first authentication server. Note: You can NOT select two server objects of the same type. 394 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 395
server. Click Add to add a new entry. Click Edit to edit the settings of an entry. Total Records Apply Cancel Click Remove to delete an entry. This field displays the total number of address group entries. Click Apply to save the changes. Click Cancel to discard the changes. Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 396
Certificate > My Certificates to open the My Certificates screen. This is the ZyWALL's summary list of certificates and certification requests. Figure 183 Device Operation > Device self-signed certificate. CERT represents a certificate issued by a certification authority. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 397
entries. 15.7 ISP Account Summary This screen provides a summary of ISP accounts in the selected ZyWALL. To access this screen, click Device Operation > Device Configuration > Object > ISP Account. Figure Name This field displays the user name of the ISP account. Vantage CNM User's Guide 397 - ZyXEL Vantage CNM | User Guide - Page 398
existing accounts. To open this window, open the ISP Account screen. (See Section 15.7 on page 397.) Then, click on an Add icon or Edit icon to open the ISP Account Edit screen below. Figure 185 Device Operation > Device Configuration > Object > ISP Account > Add/ Edit 398 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 399
blank. If this ISP account uses the PPPoE protocol, type the PPPoE service name to access. PPPoE uses the specified service name to identify and reach the PPPoE server. This field can be blank. If this ISP account uses the PPTP protocol, this field is not displayed. Vantage CNM User's Guide 399 - ZyXEL Vantage CNM | User Guide - Page 400
that must elapse without outbound traffic before the ZyWALL automatically disconnects from the PPPoE/PPTP server. This value must be an integer between 0 object. Address This field displays the IP address/URL of the application server or the location of a file share. 400 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 401
LABEL DESCRIPTION Type This field shows whether the object is a file-sharing, web-server, Outlook Web Access, Virtual Network Computing, or Remote Desktop Protocol SSL application. Add Type Select Web Application from the drop-down list box. Web Application Vantage CNM User's Guide 401 - ZyXEL Vantage CNM | User Guide - Page 402
managed. Program Path This field displays if the Server Type is set to RDP. Web Page Encryption You can specify an application to open when a remote user logs into the remote desktop application. Select this option to prevent users from saving the web content. 402 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 403
Sharing SSL Application Object You can specify the name of a folder on a file server (Linux or Windows) which remote users can access. Remote users can access files using a standard web up to 31 characters ("0-9", "a-z", "A-Z", "-" and "_"). Spaces are not allowed. Vantage CNM User's Guide 403 - ZyXEL Vantage CNM | User Guide - Page 404
all files and/or folders in the "\Tmp" share on the "my-server" computer. Click Apply to save the changes and return to the main SSL Application Configuration screen. Click Cancel to discard the changes and return to the main SSL Application Configuration screen. 404 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 405
controls the detailed settings for each log in the remote server (syslog). Click Device Operation > Device Configuration > Maintenance > Log Setting to open the screen as shown next. Figure 189 Device Operation > Device Configuration > Maintenance > Log > Log Setting Vantage CNM User's Guide 405 - ZyXEL Vantage CNM | User Guide - Page 406
is read-only. Server Address Log Facility Active Log Log Category Selection ZyXEL VRPT - ZyXEL's Vantage Report, syslog-compatible format. Type the server name or the IP address of the syslog server to which to to the previous screen without saving your changes. 406 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 407
screen, not every variation for each device type and firmware version. If you are unable to find a specific screen or field in this User's Guide, please see the User's Guide for the device for more information. Configuration Management (409) Firmware Management (449) License Management (457) 407 - ZyXEL Vantage CNM | User Guide - Page 408
408 - ZyXEL Vantage CNM | User Guide - Page 409
of in Vantage CNM. Use this screen to resolve any data inconsistencies between the selected device and Vantage CNM. To use this screen, select a device, click Device Operation in the menu bar and click Configuration Management > Synchronize in the navigation panel. Vantage CNM User's Guide 409 - ZyXEL Vantage CNM | User Guide - Page 410
you use this function. Figure 190 Device Operation > Configuration Management > Synchronization Figure 191 Device Operation > Configuration Management > Synchronization (ZLD ZyWALL) Figure 192 Device Operation > Configuration Management > Synchronization (Customize) 410 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 411
button to have Vantage CNM pull all current device configurations into Vantage CNM. The current device configuration "overwrites" Vantage CNM configurations. Vantage CNM Overwrites Device Select this radio button to have Vantage CNM push all current configurations from Vantage CNM to the device - ZyXEL Vantage CNM | User Guide - Page 412
can back up configuration files to Vantage CNM or to your computer. If you back up a configuration file to Vantage CNM, you can only restore that yourself out. You can create your own configuration file alias in Vantage CNM. This may make it easier to distinguish between configuration files. - ZyXEL Vantage CNM | User Guide - Page 413
a specific device. The configuration files may be stored in the Vantage CNM server or on the computer from which you access Vantage CNM. To open this screen, select a device, click Device Operation Click Restore to restore an existing configuration file to the device. Vantage CNM User's Guide 413 - ZyXEL Vantage CNM | User Guide - Page 414
Remove Click this to remove an existing configuration file from the Vantage CNM server. Total Records This entry displays the total number of records on or the characters. Vantage CNM automatically appends a string of numbers followed by ".rom" to this name. 414 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 415
click Backup. Scheduled Time Select this radio box to define a time or a periodical time Vantage CNM server automatically perform backup for this device. Select One Time from the list box if you want this in each page. # This is the number of an individual entry. Vantage CNM User's Guide 415 - ZyXEL Vantage CNM | User Guide - Page 416
a configuration file to device(s). Remove Click this to remove the selected set(s) from the Vantage CNM server. Total Records This entry displays the total number of records on the current page of the the Status field before you can backup any configuration files. 416 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 417
also used in the name of each configuration file in the set, if you look at the configuration files for a specific device in the folder. Vantage CNM automatically appends a string of numbers followed by ".rom" to this name. Type a description of the file backup. Select this radio box to perform the - ZyXEL Vantage CNM | User Guide - Page 418
devices in the specified folder. The configuration files must be available in the Vantage CNM server. To open this screen, select an existing configuration file and click Restore Operation > Configuration Management > Configuration File Management > Restore (Folder) 418 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 419
in menu bar and then click Configuration Management > Configuration File Management > Schedule List. Figure 199 Device Operation > Configuration Management > Configuration File Management > Schedule List (Device) Vantage CNM User's Guide 419 - ZyXEL Vantage CNM | User Guide - Page 420
the backup schedule. Remove Click this to remove a scheduled backup from the Vantage CNM server. Total Records This entry displays the total number of records on the current page > Configuration Management > Configuration File Management > Schedule List (Folder) 420 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 421
to modify an existing backup schedule. Remove Click this to remove a scheduled backup from the Vantage CNM server. Total Records This entry displays the total number of records on the current page of the files. To open this screen, select an active folder, click Vantage CNM User's Guide 421 - ZyXEL Vantage CNM | User Guide - Page 422
also used in the name of each configuration file in the set, if you look at the configuration files for a specific device in the folder. Vantage CNM automatically appends a string of numbers followed by ".rom" to this name. Type a descriptive note of the group file backup. 422 - ZyXEL Vantage CNM | User Guide - Page 423
a time or a periodical time Vantage CNM server automatically perform backup for the device(s). this menu item to reset the service configuration to its factory default settings. The menu item displays or IDP configurations and signatures uploaded to Vantage CNM for the selected device. To open this - ZyXEL Vantage CNM | User Guide - Page 424
ZyWALL) Figure 203 Device Operation > Configuration Management > Signature Profile Management > Backup & Restore (ZLD ZyWALL was added into Vantage CNM. Device Type This is the model type of the device. IDP Anti-Virus Select the service whose configuration and signatures Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 425
from the Vantage CNM server. This entry displays the total number of records on the current page of the list. 17.6.2 Signature Profile Backup & Restore (Folder) Use this screen to search signature profile(s) by the platform of ZyWALL devices where the profiles are stored and by the service type of - ZyXEL Vantage CNM | User Guide - Page 426
Restore (Folder) TYPE DESCRIPTION Platform Select the ZyWALL platform of signature profiles you want to manage. Feature Select the service type of signature profiles you want to manage. the signature profile. Signature Version This is the version of signature. 426 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 427
from the Vantage CNM server. 17.6.3 Vantage CNM to one or more devices in the selected folder. You can track the status and look at the results of this operation in the Operation Report. See Section 27.6 on page 549. To open this screen, select an existing profile click Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 428
the device. You can only restore the configuration file of a device that is Ready. This field is available when you select a signature profile on a ZLDbased ZyWALL. This field displays the name of the profile you created. 428 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 429
DESCRIPTION Base Profile This field is available when you select a signature profile on a ZLDbased ZyWALL. Total Records Restore Cancel Back Next This field displays the base profile from which the profile restore the configuration file of a device that is Ready. Vantage CNM User's Guide 429 - ZyXEL Vantage CNM | User Guide - Page 430
for a specific device. The configuration may be stored in the Vantage CNM server or on the computer from which you access Vantage CNM. To open this screen, click Backup in the Device Operation > Click this to return to the previous screen without applying any changes. 430 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 431
for ZLD-based ZyWALL. Figure 210 Device service configuration to factory default. 17.7 Configuration Building Block Use this menu item to manage building blocks to the selected device. To open this menu item, select the device, click the Device Operation in the menu bar and Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 432
to copy a configuration BB to another one. Total Records This entry displays the total number of records on the current page of the list. 432 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 433
Figure 213 Device Operation > Configuration Management > Building Block > Configuration BB > Edit example Figure 214 Device Operation > Configuration Management > Building Block > Configuration BB > Save as example Vantage CNM User's Guide 433 - ZyXEL Vantage CNM | User Guide - Page 434
-sensitive. Device Type Select the type of device the building block is for. Firmware Version Select the firmware version the building block is for. 434 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 435
ZLD Address. Description Refer to Device Operation > Device Configuration > Object > Service > Add (see Section 17.8.4 on page 440) if you select ZLD Service. Enter a description of the building block. You can enter up to 256 printable ASCII characters and spaces. Vantage CNM User's Guide 435 - ZyXEL Vantage CNM | User Guide - Page 436
any changes. 17.8.1 Create a Schedule Configuration BB (ZLD) If you select a ZLD ZyWALL model and ZLD Schedule in the Device Operation > Configuration Management > Building Block > Configuration > Building Block > Configuration BB > Add/Edit (ZLD Schedule) > Create 436 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 437
the previous screen. Click this to exit this screen without saving your changes. 17.8.2 Create a User Configuration BB (ZLD) If you select a ZLD ZyWALL model and ZLD User in the Device Operation > Configuration Management > Building Block > Configuration BB > Add or Vantage CNM User's Guide 437 - ZyXEL Vantage CNM | User Guide - Page 438
user, if any. You can use up to 60 printable ASCII characters. Default descriptions are provided. If you want to set authentication timeout to a value other than the default settings, select Use Manual Settings then fill your preferred values in the fields that follow. 438 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 439
the number of minutes this user can be logged into the ZyWALL in one session before the user has to log in again address configuration building block. Figure 217 Device Operation > Configuration Management > Building Block > Configuration BB > Add/Edit (ZLD Address) > Create Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 440
subnet mask of the network that this address object represents. Use dotted decimal format. Service Configuration BB (ZLD) If you select a ZLD ZyWALL model and ZLD Service in the Device Operation > Configuration Management > Building Block > Configuration BB > Add or 440 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 441
if the IP Protocol is ICMP Type. Select the ICMP message used by this service. This field displays the message text, not the message number. IP Protocol Number a myZyXEL.com account, an IP address, an IKE phase 1 or phase2 setting. To open this menu item, select the Vantage CNM User's Guide 441 - ZyXEL Vantage CNM | User Guide - Page 442
this to copy a BB to another one. Total Records This entry displays the total number of records on the current page of the list. 442 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 443
.11 ZLD Firewall Rule Group Configuration Use this menu item to list all configured firewall rule(s) that have applied to one or multiple ZLD-based ZyWALLs. To open this menu item, select the device, click Vantage CNM User's Guide 443 - ZyXEL Vantage CNM | User Guide - Page 444
Add/Edit a Firewall Rule Group Use this menu item to add or edit a firewall rule and then apply it to one or multiple ZLD-based ZyWALL(s). To open this menu item, click Add or Edit in the 444 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 445
Chapter 17 Configuration Management Device Operation > Configuration Management > ZLD Firewall Rule Group Configuration screen. Figure 222 Device Operation > Configuration Management > ZLD Firewall Rule Group Configuration > Add/Edit Vantage CNM User's Guide 445 - ZyXEL Vantage CNM | User Guide - Page 446
Select this check box to activate this firewall rule. From To For through-ZyWALL rules, type a zone's name in the From field and another zone's source IP address (group) instead of any in the field below, the user's IP address should be within the IP address range. 446 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 447
ZyWALL, select Use Address object in device to and type the object's name (case insensitive). If you want to use an address BB configured on Vantage CNM, select Use Address BB in CNM and select the BB. Select Create Object to configure a new one. Service Otherwise, Select Use Address Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 448
Device Name This field displays the name of ZLD-based ZyWALL(s) to which this rule applies. Source Address Use this field to select a source address setting to which the rule applies for the selected device. the device. Click this to exit this screen without saving. 448 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 449
List Use this screen to upload device firmware to Vantage CNM. It is recommended administrators subscribe to a ZyXEL mailing list to be regularly informed of new firmware versions. All firmware files are downloaded to one repository within Vantage CNM. All firmware files are available to every - ZyXEL Vantage CNM | User Guide - Page 450
Only this firmware file is actually downloaded to the device. • The device default configuration file (config file extension). • Device firmware release notes (doc file extension) highlighting. • Boot module with bm file extension. • A file with XML file extension. Vantage CNM uses the XML file to - ZyXEL Vantage CNM | User Guide - Page 451
this to modify a schedule. Delete Click to cancel or delete the selected upgrade(s) from Vantage CNM. 18.3 Firmware Upgrade Use this menu item to upload ZyXEL device firmware from Vantage CNM to one or more devices. You have to use the Device Operation > Firmware Vantage CNM User's Guide 451 - ZyXEL Vantage CNM | User Guide - Page 452
Chapter 18 Firmware Management Management > Firmware List menu item to upload firmware files from the ZyXEL FTP site (or other source) to Vantage CNM first. See Section 18.1 on page 449. Consider the following when you decide to upgrade firmware. • It is advisable to upgrade firmware during periods - ZyXEL Vantage CNM | User Guide - Page 453
device window, click ZyXEL device firmware version. It is blank if the device has not been registered. FW Release Time This field displays the date the firmware was created. Admin This field displays the administrator who downloaded this firmware file to Vantage CNM Vantage CNM User's Guide 453 - ZyXEL Vantage CNM | User Guide - Page 454
correct model. Vantage CNM should automatically detect firmware for the device selected. Uploading incorrect firmware may damage the device. Current FW Version This field displays the firmware version the ZyXEL device is number of records on the current page of the list. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 455
perform the firmware upgrade right away. Schedule Time Select this radio box to define a time Vantage CNM server automatically perform upgrade for the device(s). Select the calendar to specify a date for the this to close this screen without applying any changes. Vantage CNM User's Guide 455 - ZyXEL Vantage CNM | User Guide - Page 456
Chapter 18 Firmware Management 456 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 457
device on www.myzyxel.com and to activate free trials for subscription services, such as IDP and content filtering. The Vantage CNM server must be connected to the Internet and have access to www.myzyxel.com. To open this screen, click Device Operation in the menu bar Vantage CNM User's Guide 457 - ZyXEL Vantage CNM | User Guide - Page 458
Management > Service Activation > Registration in the navigation panel. Figure 229 Device Operation > License Management > Service Activation > Registration (ZyNOS ZyWALL) Figure 230 Device Operation > License Management > Service Activation > Registration (ZLD ZyWALL) 458 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 459
and enter the license key in the Device Operation > License Management > Service Activation > Service screen to extend the service. Content Filtering 1- Select the check box to activate a trial. The trial period starts the month Trial day you activate the trial. Vantage CNM User's Guide 459 - ZyXEL Vantage CNM | User Guide - Page 460
the use of various applications on the network. After the service is activated, the Vantage CNM can download the up-to-date signature files from the update server (http://myupdate.zywall.zyxel.com). Content Filter Category Service Apply Reset You will get automatic e-mail notification of new - ZyXEL Vantage CNM | User Guide - Page 461
service name available on the device. Status This field displays whether a service is activated (Active) or not (Inactive) for a ZyNOS ZyWALL. This field displays whether a service is activated (Licensed) or not (Not Licensed) or expired (Expired) for a ZLD-based ZyWALL. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 462
In addition for a ZLD-based ZyWALL, this field is blank when a service is not activated. For an anti-virus service subscription this field also displays for subscription services, such as IDP and content filtering. To open this screen, click a device, click Device 462 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 463
see in each page. Device Name This field displays the name (and location in Vantage CNM) of the device. Device Owner This field displays owner's name of the device. Refresh License Click this to update the license status of the selected service(s) for the device. Vantage CNM User's Guide 463 - ZyXEL Vantage CNM | User Guide - Page 464
ZLD-based ZyWALL. This field displays how service to the device. This entry displays the total number of records on the current page of the device list. Click this to export the license status to a DeviceLicense.csv file. Click this to update the information in this screen. 464 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 465
the service for the device. In addition for a ZLD-based ZyWALL, you have to select whether using ZyXEL's service. Click this to activate the trial version or apply the specified license to the device. Click this to return to the previous screen without making any changes. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 466
Status (Folder) Use this screen to look at the license status for subscription service(s) on ZyWALLs under a folder that you selected. You can also search specific license information based Device Operation > License Management > License Status (Folder) > ZLD Series 466 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 467
displays the current status of the license is available (Active) or not (Inactive) for this service on this device (for a ZyNOS ZyWALL). This field displays whether a service is activated (Licensed) or not (Not Licensed) or expired (Expired) for a ZLD-based ZyWALL. Vantage CNM User's Guide 467 - ZyXEL Vantage CNM | User Guide - Page 468
ZLD-based ZyWALL. This field displays how service to the device. This entry displays the total number of records on the current page of the device list. Click this to export the license status to a DeviceLicense.csv file. Click this to update the information in this screen. 468 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 469
License Management > Signature Status (ZyNOS ZyWALL) Figure 241 Device Operation > License Management > Signature Status (ZLD ZyWALL) The following table describes the labels the name of the device. Service This field displays the name of the selected service(s). Vantage CNM User's Guide 469 - ZyXEL Vantage CNM | User Guide - Page 470
Inactive if the service is not available on the device or has expired. Click this to begin downloading signatures immediately. This entry displays the total number of records on the current page of the device list. Click this to update the information in this screen. 470 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 471
) Use this screen to look at the current status of signatures for subscription services on ZyWALLs under a folder that you selected. To open this screen, click on a field displays the name of the device. Service This field displays the name of the selected service(s). Vantage CNM User's Guide 471 - ZyXEL Vantage CNM | User Guide - Page 472
Inactive if the service is not available on the device or has expired. Click this to begin downloading signatures immediately. This entry displays the total number of records on the current page of the device list. Click this to update the information in this screen. 472 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 473
each screen, not every variation for each device type and firmware version. If you are unable to find a specific screen or field in this User's Guide, please see the User's Guide for the device for more information. VPN Community (475) Installation Report (483) VPN Monitor (485) 473 - ZyXEL Vantage CNM | User Guide - Page 474
474 - ZyXEL Vantage CNM | User Guide - Page 475
Community Use this menu item to manage VPN configuration between or among ZyXEL devices. To open this menu item, select the device, click VPN where you can easily configure VPN settings among ZyXEL devices. Edit Click this to modify an existing VPN community setting. Vantage CNM User's Guide 475 - ZyXEL Vantage CNM | User Guide - Page 476
list. 20.1.1 Add/Edit a VPN Community Use this scree to configure VPN configuration between or among ZyXEL devices. We know almost all VPN parameter values should be the same in peer VPN gateways. This screen helps you to easily configure VPN settings in one screen 476 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 477
Chapter 20 VPN Community and applies it to devices in one time. To open this menu item, click Add or Edit in the VPN Management > VPN Community screen. Figure 245 VPN Management > VPN Community > Add/Edit Vantage CNM User's Guide 477 - ZyXEL Vantage CNM | User Guide - Page 478
new building block, and click Apply. The name must be 132 alphanumeric characters or underscores (_). It cannot include spaces. The name is case-sensitive. 478 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 479
devices. Member Gateways This is avaialble if you select the Full Mesh.community type. You have to select at least two device in this section. Vantage CNM User's Guide 479 - ZyXEL Vantage CNM | User Guide - Page 480
Device Name This field displays the device name. My IP/Domain This field identifies the WAN IP address or domain name of the member gateway. Local Network Add Edit Total Records Phase 1 Pre-Shared is generally considered stronger than MD5, but it is also slower. 480 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 481
ones you configure for the VPN rule. Phase 2 Active Protocol Clear this to have the Vantage CNM use only the configured phase 1 key groups and encryption and authentication algorithms when negotiating an users accessing remote resources are temporarily disconnected. Vantage CNM User's Guide 481 - ZyXEL Vantage CNM | User Guide - Page 482
Service (DOS) attacks. The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks. Enable replay detection by selecting this check box. Select this to allow the Vantage CNM , the Vantage CNM allows the this to have the Vantage CNM use only the configured - ZyXEL Vantage CNM | User Guide - Page 483
can view detailed VPN settings among the devices. Total Records This entry displays the total number of records on the current page of the list. Vantage CNM User's Guide 483 - ZyXEL Vantage CNM | User Guide - Page 484
Gateway This displays the local VPN gateway name and IP address of this tunnel. Remote Gateway This displays the remote VPN gateway name and IP address of this tunnel. Installation Time This displays the date and Back Click this to return to the previous screen. 484 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 485
click VPN Management from the menu bar and click VPN Monitor > By Community in the navigation panel. Figure 251 VPN Management > VPN Monitor > By Community Vantage CNM User's Guide 485 - ZyXEL Vantage CNM | User Guide - Page 486
screen, click Show Detail in the VPN Management > VPN Monitor > By Community screen. Figure 252 VPN Management > VPN Monitor > By Community > Show Detail 486 example Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 487
This field displays the local gateway name and IP address of this tunnel. Remote Gateway This field displays the remote gateway name and IP address of this tunnel. Status This field displays the VPN . A Logs screen displays then. Following is an example. Vantage CNM User's Guide 487 - ZyXEL Vantage CNM | User Guide - Page 488
ZW35-TW's VPN is triggered manually. Then you can see both address and the port number of the incoming packet. Destination This field lists the destination IP address and the port number of the incoming packet. Category This displays the category type of the logs. 488 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 489
display a screen where you can query and search # This is the number of an individual entry. Community Name This displays a name of the VPN community. Vantage CNM User's Guide 489 - ZyXEL Vantage CNM | User Guide - Page 490
query device(s) or tunnel(s) according to the device name and tunnel name you input. Clicking this with both fields empty queries all configured VPN tunnels. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 491
. Local Gateway This displays the local VPN gateway IP address of this tunnel. Remote Gateway This displays the remote VPN gateway IP address of this tunnel. Tunnel Status This displays the current Update Time This displays when the information was last updated. Vantage CNM User's Guide 491 - ZyXEL Vantage CNM | User Guide - Page 492
device. See Section 22.1.1 on page 486. Total Records This entry displays the total number of records on the current page of the list. 492 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 493
PART VI Monitor Device Status Monitor (495) 3G Monitor (497) Device HA Status (527) Device Alarm (529) 493 - ZyXEL Vantage CNM | User Guide - Page 494
494 - ZyXEL Vantage CNM | User Guide - Page 495
Status This report shows a summary of the status of Vantage CNM and it's managed devices. Click Monitor > Device Status. The following screen displays. Note: Right click on the screen and click Refresh to get latest device status. Figure 258 Monitor > Device Status Vantage CNM User's Guide 495 - ZyXEL Vantage CNM | User Guide - Page 496
how long the device has registered and connected to the Vantage CNM server since last booted up. Up Time This displays how long the device has been on since last booted up. Extension Card If the device does not support 3G Monitor, but supports other 3G Status features and has a 3G card inserted - ZyXEL Vantage CNM | User Guide - Page 497
next figure. Figure 259 Viewing reports for all devices (Folder list) 2 1 To look at reports for a single device, select a particular device's name from the device window before accessing the Monitor menu as shown in the next figure. Vantage CNM User's Guide 497 - ZyXEL Vantage CNM | User Guide - Page 498
. Figure 260 Viewing reports for a single device (Single device) 2 1 24.1 Summary Use this screen to look at a summary of devices managed by Vantage CNM that support 3G monitoring. Click Monitor > 3G Monitor > Summary to open the screen as shown next. Figure 261 Monitor > 3G Monitor > Summary 498 - ZyXEL Vantage CNM | User Guide - Page 499
card inserted. This shows the total outgoing traffic bytes of the 3G connection. This value is cumulative from the day the device is registered to Vantage CNM. This shows the total incoming traffic bytes of the 3G connection. This value is cumulative from the day the device is registered to - ZyXEL Vantage CNM | User Guide - Page 500
in Monitor > 3G Monitor > Summary. The resulting screen varies depending on how you configured your Vantage CNM, the condition of the 3G card and other factors stated below. 24.1.1.1 3G connection is Monitor > 3G Monitor > Show Details (3G down, Budget Control enabled) 500 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 501
your access. This field is available only when you insert a 3G card that supports the roaming feature. Last Connection Up Time This displays whether the card is able to connect to other ISPs' base stations. This displays how long the 3G connection has been up. Vantage CNM User's Guide 501 - ZyXEL Vantage CNM | User Guide - Page 502
of a CDMA 3G card and is similar to the IMEI on a GSM or UMTS 3G card. Click this to return to the previous screen. 502 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 503
Monitor > Show Details (3G down, Budget Control not enabled) Refer to Table 222 on page 501 for descriptions of the other fields in this screen. Vantage CNM User's Guide 503 - ZyXEL Vantage CNM | User Guide - Page 504
Click this to return to the previous screen. Refer to Table 222 on page 501 for descriptions of the other fields in this screen. 504 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 505
Show Detail screen displays as follows. Figure 266 Monitor > 3G Monitor > Show Details (3G card without SIM) Click Back to return to the previous screen. Vantage CNM User's Guide 505 - ZyXEL Vantage CNM | User Guide - Page 506
> Show Details (Wrong PIN) Enter the correct PIN code in the space provided and click Apply. Click Back to return to the previous screen. 506 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 507
you have typed the correct number. Apply Click this to apply the changes you have made. Back Click this to return to the previous screen. Vantage CNM User's Guide 507 - ZyXEL Vantage CNM | User Guide - Page 508
data and time budget calculation. Apply Click this to apply the changes you have made. Back Click this to return to the previous screen. 508 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 509
and click Apply. Click Back to return to the previous screen. 24.2 Availability Report Use this screen to look at the 3G connection history of a Vantage CNM-managed device. You can see the uptime percentage of a device's 3G connection from the current date, going as far back as the previous month - ZyXEL Vantage CNM | User Guide - Page 510
on page 511 or Figure 275 on page 513 to see this screen. Total Records This shows how many records there are in all. 510 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 511
contents of the graph in the Availability State Diagram. Click the link of the day range for which you need to see the graph. Uptime (%) Vantage CNM stores two months of data. This column shows the 3G connection uptime percentage for a particular day or day range - ZyXEL Vantage CNM | User Guide - Page 512
> Availability Report LABEL DESCRIPTION Availability State Diagram This bar graph shows either the Last 7 Days (default view) or Last 30 Days of 3G connection uptime diagram. Choose what day range you want in the list. This shows how many records there are in all. 512 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 513
read the descriptions of the labels in this screen. 24.3 Radio Report Use this screen to view the 3G connection signal strength and quality of a Vantage CNM-managed device. Vantage CNM User's Guide 513 - ZyXEL Vantage CNM | User Guide - Page 514
Chapter 24 3G Monitor Click Monitor > 3G Monitor > Radio Report. When viewing the records for all devices, the following screen displays. Figure 276 Monitor > 3G Monitor > Radio Report (Folder list) 514 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 515
strength report. Total Records Refer to Section Figure 278 on page 517 to view the diagram. This shows how many records there are in all. Vantage CNM User's Guide 515 - ZyXEL Vantage CNM | User Guide - Page 516
coverage can span seven days or thirty days, depending on the day range you choose. Click this to go back to the previous screen. 516 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 517
measurement used is dBm (Decibels per milliwatt). The graph's time coverage can span one hour or one day, depending on the time range you choose. Vantage CNM User's Guide 517 - ZyXEL Vantage CNM | User Guide - Page 518
incoming or outgoing traffic for a Vantage CNM-managed device. Note: This does not show up in the 3G Monitor navigation panel when you are in the root profile in the device window. It is only available when you data. This is in XXhr(s) YYmin(s) ZZsec(s) format. 518 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 519
Select the time period of the device's record of 3G traffic you want to view. Choose between All, last 1 Hr, Last 8 Hr, Last 24 Hr (default), Last 48 Hr or Last 72 Hr. Page Size Select how many records you want to see in each page. Vantage CNM User's Guide 519 - ZyXEL Vantage CNM | User Guide - Page 520
Records Refer to Figure 281 on page 521 to view the details of this screen. This shows how many records there are in all. 520 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 521
-eight hours in the device. Last 72 Hr - Click this to see all the recorded events during the last seventy-two hours in the device. Vantage CNM User's Guide 521 - ZyXEL Vantage CNM | User Guide - Page 522
the index number of the entry. This is the time when the event is recorded by the Vantage CNM. This is the IP address of the device where the request is coming. This is the IP address of the device where the request is directed. This is the message describing the event in the - ZyXEL Vantage CNM | User Guide - Page 523
the managed devices and the Vantage CNM. You can customize who receives the e-mail messages, what events you are notified of, and what the email message contains. You can also set the time interval when your Vantage CNM when the Vantage CNM detects certain conditions - ZyXEL Vantage CNM | User Guide - Page 524
content Apply Reset You can also specify the time budget and data budget ratio. The default value for both is 50. Click this link to customize the notification message that you want to receive from Vantage CNM. Click this to save your settings. Click this to change the settings in this screen - ZyXEL Vantage CNM | User Guide - Page 525
on page 567 for the descriptions of the fields in this screen. Go to Section 30.4 on page 566 for more details on Notifications in Vantage CNM, including customizing e-mail notification recipients and message details. Vantage CNM User's Guide 525 - ZyXEL Vantage CNM | User Guide - Page 526
Interval Use this screen to specify the time interval that the Vantage CNM accounts before updating its reports. Click Monitor > 3G Monitor > Monitor Interval LABEL DESCRIPTION Monitor Interval Specify the time interval when the Vantage CNM checks for conditions. You can enter 0 if you want to - ZyXEL Vantage CNM | User Guide - Page 527
ZyWALL USG series. 25.1 Device HA Status This report shows a summary of device status. To open this screen, select a ZLD device, click Monitor in the menu bar and then click Device HA Status in the navigation panel. Note: You can see HA status in this screen only if you allow the Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 528
status on the device are Stand-By. • Fault: Other cases except the previous two. Click this to get the latest device HA status on the Vantage CNM. Click this to display the screen where you can see detailed HA information for all HA interfaces on the device. 528 - ZyXEL Vantage CNM | User Guide - Page 529
administrators automatically e-mailed when an alarm occurs in the CNM System Setting > Configuration > Notification screen. See Section recoverable hardware error. Warning This is an alarm such as an illegal Vantage CNM login attempt. 26.1.2 Unresolved Alarms View recent alarms and who has taken - ZyXEL Vantage CNM | User Guide - Page 530
individual entry. Device Name This field displays the name of the device that generated the alarm. Category This field displays the type of alarm. 530 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 531
occurred. Source This field lists the source IP address and the port number of the incoming packet. Destination This field lists the destination IP address and the port number of the incoming packet. the current information in this screen to an AlarmStore.csv file. Vantage CNM User's Guide 531 - ZyXEL Vantage CNM | User Guide - Page 532
each page. # This is the number of an individual entry. Category This field displays the type of alarm. Severity This field displays the alarm severity. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 533
. Source This field lists the source IP address and the port number of the incoming packet. Destination This field lists the destination IP address and the port number of the incoming packet export the current information in this screen to an AlarmStore.csv file. Vantage CNM User's Guide 533 - ZyXEL Vantage CNM | User Guide - Page 534
Chapter 26 Device Alarm 534 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 535
PART VII Log & Report Device Operation Report (537) CNM Logs (553) VRPT (555) 535 - ZyXEL Vantage CNM | User Guide - Page 536
536 - ZyXEL Vantage CNM | User Guide - Page 537
Report in the navigation panel. Figure 288 Log & Report > Operation Report > Firmware Upgrade Report (Device) Figure 289 Log & Report > Operation Report > Firmware Upgrade Report (Group) Vantage CNM User's Guide 537 - ZyXEL Vantage CNM | User Guide - Page 538
This report shows more information for each device firmware upgrade result performed in a group firmware upgrade. See Section 18.3 on page 451. To open 538 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 539
This entry displays the total number of records on the current page of the file list. Back Click this to return to the previous screen. Vantage CNM User's Guide 539 - ZyXEL Vantage CNM | User Guide - Page 540
Name This is available if you select showing by device. This displays the device name. You can click the label to sort by this column. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 541
this to open a screen where you can see detailed information. This entry displays the total number of records on the current page of the list. Vantage CNM User's Guide 541 - ZyXEL Vantage CNM | User Guide - Page 542
this column. Feature This field displays the settings that are affected by the operation. You can click the label to sort by this column. 542 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 543
display means this operation was performed from Vantage CNM to the device. Status Admin Total Records Back GET display means this operation was requested by Vantage CNM to get the information from the device .3.1 on page 413. To open this screen, click Log & Report in Vantage CNM User's Guide 543 - ZyXEL Vantage CNM | User Guide - Page 544
> Operation Report > Configuration File Backup & Restore Report > Backup Report (Device) Figure 295 Log & Report > Operation Report > Configuration File Backup & Restore Report > Backup Report (Group) 544 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 545
this screen to look at the detailed status of an configuration operation. To open this screen, click Show Detail on a group backup record, click Log & Vantage CNM User's Guide 545 - ZyXEL Vantage CNM | User Guide - Page 546
at configuration file restore records for a device or groups. Refer to Section 17.3.1 on page 413. To open this screen, click Log & Report in 546 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 547
. This displays the restore file name. Group File Name This is available if you select showing by group. This displays the group restore file name. Vantage CNM User's Guide 547 - ZyXEL Vantage CNM | User Guide - Page 548
> Signature Profile Backup & Restore Report > Backup Report in the navigation panel. Figure 299 Log & Report > Operation Report > Signature Profile Backup & Restore Report > Backup Report 548 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 549
at the restore records of device signature profile. Refer to Section 17.6.3 on page 427. To open this screen, click Log & Report in the menu Vantage CNM User's Guide 549 - ZyXEL Vantage CNM | User Guide - Page 550
. You can click the label to sort by this column. Description This is addional note for this operation entered when this operation was created. 550 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 551
name of the administrator who performed the operation. Toal Records This entry displays the total number of records on the current page of the list. Vantage CNM User's Guide 551 - ZyXEL Vantage CNM | User Guide - Page 552
Chapter 27 Device Operation Report 552 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 553
CNM system log preferences. 28.1.1 CNM Logs You can view system logs for previous day, the last two days or up to one week here. To open this screen, click Log & Report in the menu bar and then click CNM Logs in the navigation panel. Figure 301 Log & Report > CNM Logs Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 554
how many records you want to see in each page Time This field displays the date ane time the Vantage CNM log event occurred. Severity The log severity level from high to low are Error > Warning > Info. Use >=, information in this screen to a CnmLogStore.csv file. 554 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 555
Server. The Vantage Report server collects this information. Then, you can • Monitor the whole network • Look at historical reports about network performance and events • Examine device logs The Vantage Report server can also send statistical reports to you by e-mail. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 556
list of customized services in Vantage CNM. 29.3 Setting Up Vantage Report in Vantage CNM Follow these steps to set up each instance of Vantage Report and the devices that use it. 1 Install the Vantage Report server on a Windows or Linux system. The Vantage Report software for Vantage CNM is in the - ZyXEL Vantage CNM | User Guide - Page 557
are selected and that traffic statistics are sent to the Vantage Report server. Refer to Vantage Report 3.1 User's Guide for more information. 29.4 Opening Vantage Report in Vantage CNM After you set up a Vantage Report in Vantage CNM (see Section 29.3 on page 556), select a device that is - ZyXEL Vantage CNM | User Guide - Page 558
If the device is not managed by any Vantage Report instance yet, the Vantage Report window does not open, an error message appears to say this device is not associated with the Vantage Report. Note: Refer to Vantage Report User's Guide for more detailed information. 558 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 559
PART VIII CNM System Setting CNM System Setting (561) Maintenance (581) Device Owner (585) Vantage CNM Software Upgrade (587) License (589) About CNM (591) 559 - ZyXEL Vantage CNM | User Guide - Page 560
560 - ZyXEL Vantage CNM | User Guide - Page 561
be the same as the Vantage CNM server computer if they are all on the same computer. The FTP server is used for file transfers, such as firmware upgrade. The SMTP server is used for e-mail notifications. You should know each server's IP address, username and password. File transfers (FTP) and e-mail - ZyXEL Vantage CNM | User Guide - Page 562
. FTP Server The FTP server is used for file uploads to and from Vantage CNM. IP or Domain Name Type the IP address or domain name of the FTP server. This should be a public IP address for managed devices to download firmware files remotely through the Internet. 562 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 563
this mail server. Password Type the mail server password associated with the login name. Apply Click this to save your settings in Vantage CNM. Reset Click this to begin configuring the screen afresh. 30.1.1 Vantage CNM Server Public IP Address If you change the Vantage CNM server public IP - ZyXEL Vantage CNM | User Guide - Page 564
. When you register new devices with Vantage CNM, make sure the new device can ping the Vantage CNM server (the new Vantage CNM Public IP address) and then set the device's Manager IP address correspondingly. 30.2 Servers Status Use this screen to view the current Vantage CNM system status. This is - ZyXEL Vantage CNM | User Guide - Page 565
LABEL DESCRIPTION Vantage CNM Server public IP This field displays the IP address of the communications server. If the COM server is on the same computer as Vantage CNM, then this address is the same IP address as that of the Vantage CNM server computer. You can change this value in CNM System - ZyXEL Vantage CNM | User Guide - Page 566
Vantage CNM login passwords. If an Administrator does not change her password within this time, then the old password expires. Apply Click this to save your settings in Vantage CNM to the e-mail address of the device owner (configured in the Device Owner screen). 566 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 567
Owner Select to have an e-mail automatically sent to the selected device owner e-mail address (configured in Device Owner). E-mail Customization (Address/ Subject/ Content) Click the edit icon to configure the mail settings such as address, subject and content. Vantage CNM User's Guide 567 - ZyXEL Vantage CNM | User Guide - Page 568
Carbon Copy. Enter additional e-mail address that you want to receive the e-mail notification. Subject Enter the subject line in the e-mail message Vantage CNM sends. Message Enter the text you want to appear in the main body of the e-mail message Vantage CNM sends. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 569
System Setting Table 254 CNM System Setting > Configuration > Notification > Email Customization LABEL this screen to set how long the Vantage CNM server stores logs and reports and which events the Vantage CNM records logs for. To open this screen, click Vantage CNM User's Guide 569 - ZyXEL Vantage CNM | User Guide - Page 570
Chapter 30 CNM System Setting CNM System Setting in the menu bar and then click Configuration > Log Setting in the navigation panel. Figure 310 CNM System Setting > Configuration > Log Setting 570 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 571
them from the system. Alarm Indication Threshold Select a device alarm severity to define the threshold the Vantage CNM displays alarm status on a device in the device window if the device has an alarm and its severity is over it. See Section 26.1.1 on page 529 for more information. Device - ZyXEL Vantage CNM | User Guide - Page 572
entry. Name This field displays the name of the Vantage Report instance in Vantage CNM. Click the name to test whether the connection is ok. Syslog Server Address This field displays the IP address of the Vantage Report instance. Version This field displays the software version number - ZyXEL Vantage CNM | User Guide - Page 573
in the same private network, select this and type the IP address or domain name of the Vantage Report server used in the private network. Description Type a description, if desired, for the Vantage Report instance. You can use up to 255 printable ASCII characters. Vantage CNM User's Guide 573 - ZyXEL Vantage CNM | User Guide - Page 574
these manually. See VRPT User's Guide for more information. Apply Cancel To unassociate a device to the VRPT server, click the icon and unselect the associated device from the list. Then click Add. When you click Apply, Vantage CNM automatically resets the syslog settings to their default - ZyXEL Vantage CNM | User Guide - Page 575
any certificate on its path has expired or been revoked. Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been public keys and you never need to transmit private keys. Vantage CNM User's Guide 575 - ZyXEL Vantage CNM | User Guide - Page 576
and replace the request. SELF represents a self-signed certificate. *SELF represents the default self-signed certificate, which the device uses to sign imported trusted remote host certificates. certificates, this is the same information as in the Subject field. 576 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 577
a name to identify the certificate. You can use 1-32 alphanumeric characters, underscores (_), or dashes (-). Common Name Type the IP address or domain name used to identify the certificate's owner. You can use 1-32 printable ASCII characters. Spaces are not allowed. Vantage CNM User's Guide 577 - ZyXEL Vantage CNM | User Guide - Page 578
Java clients using SSL communication or WebLogic Server. Apply Click this to save these changes downloaded to your computer. Select Apply to complete the certificate import. Figure 315 CNM System Setting > Configuration > Certificate Management > Import Certificate 578 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 579
System Setting The following table describes the labels in this screen. Table 260 CNM System Setting > Configuration > Certificate Management > Import Certificate LABEL DESCRIPTION Input return to the previous screen. Apply Click this to save these changes. Vantage CNM User's Guide 579 - ZyXEL Vantage CNM | User Guide - Page 580
Chapter 30 CNM System Setting 580 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 581
to the Vantage CNM server. You can back up or restore to your computer or Vantage CNM. You can You can click a file name to download the file from the Vantage CNM to your computer. Backup Time This created. Version This field displays the Vantage CNM software version number when the system - ZyXEL Vantage CNM | User Guide - Page 582
Vantage CNM manually. Click this to delete a backup file from the Vantage CNM. Click this to upload a Vantage CNM system backup file from your computer to the Vantage CNM. 31.1.1 Backup Use this screen to save your current Vantage CNM system to the Vantage CNM server Vantage CNM server Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 583
screen to export or import a device list file from/to the Vantage CNM. It's convenient for you to rebuild the managed device information quickly at one time if device list to your computer. Click Export and download a DeviceList.xml file to your computer. Vantage CNM User's Guide 583 - ZyXEL Vantage CNM | User Guide - Page 584
successful message, click Back to go to the previous screen. You have to refresh the navigation panel to view the latest device list. Figure 320 CNM System Setting > Maintenance > Device List Import Successful 584 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 585
e-mail address. Description This field displays some extra information about the person. Add Click this to create a new device owner. Edit Click this to modify a device owner's information. Remove Click this to remove a device owner from the Vantage CNM server. Vantage CNM User's Guide 585 - ZyXEL Vantage CNM | User Guide - Page 586
this person is located. Telephone Number Type the complete telephone number including area codes for this person. E-mail Type the person's e-mail address. Apply Click this to create a new address book record. Cancel Click this to return to the previous screen. 586 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 587
computer or click Browse... to locate a software file. Click Upgrade to perform Vantage CNM software upgrade. To open this screen, click CNM System Setting in the menu bar and then click Upgrade in the navigation or leave this screen until the upgrade is complete. Vantage CNM User's Guide 587 - ZyXEL Vantage CNM | User Guide - Page 588
Chapter 33 Vantage CNM Software Upgrade 588 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 589
Managed/Maximum devices This field displays the number of device the Vantage CNM currently manages and the maximum device number the Vantage CNM is allowed to manage. Refresh Upgrade Note: To increase the license status. Click Upgrade to proceed to the next screen. Vantage CNM User's Guide 589 - ZyXEL Vantage CNM | User Guide - Page 590
following table describes the labels in this screen. Table 268 CNM System Setting > License > Upgrade LABEL DESCRIPTION License key Type the licence key. Apply Click this to create a new address book record. Back Click this to return to the previous screen. 590 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 591
Version This is the Vantage CNM's software version,. Release Date This is the release date of the said software version. Copyright This shows copyright information such as the year when the software was released and the name of the company that released it. Vantage CNM User's Guide 591 - ZyXEL Vantage CNM | User Guide - Page 592
Chapter 35 About CNM 592 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 593
PART IX Account Management User Group (595) Account (599) 593 - ZyXEL Vantage CNM | User Guide - Page 594
594 - ZyXEL Vantage CNM | User Guide - Page 595
in Vantage CNM. Note: The user is an administrator who uses one user account to login the Vantage CNM and perform tasks in Vantage CNM. navigation panel. Note: Administrators should periodically change their passwords. Figure 327 Account Management > Group The following Vantage CNM User's Guide 595 - ZyXEL Vantage CNM | User Guide - Page 596
271 Account Management > Group > Add LABEL DESCRIPTION Basic Information Group Name Type a group name for this temperlate. Description Type the description for the group. 596 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 597
Management Monitor Log & Report CNM System Setting To unassociate a device to the VRPT server, click the icon and unselect Vantage CNM alerts. Only Super can do this option. Click this to save your settings in Vantage CNM. Click this to begin configuring the screen afresh. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 598
Chapter 36 User Group 598 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 599
managing the Vantage CNM system. Custom administrators have no predefined permissions. Administrators should periodically change their passwords. The "root" Administrator can also enforce periodic Administrator password changes in the Users Change Password Period field in the CNM System Setting - ZyXEL Vantage CNM | User Guide - Page 600
this to modify an existing Administrator. Kick out Click this to disconnect an on-line user. Remove Click this to erase that Administrator account from Vantage CNM. You cannot delete an Administrator who is logged in or who has "child" Administrators. 600 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 601
the fields in this screen. Table 273 Account Management > Account > Add/Edit LABEL DESCRIPTION Username Type the administrator login name associated with the password that you log into Vantage CNM with. The username cannot be changed after an Administrator account is created but her name can be - ZyXEL Vantage CNM | User Guide - Page 602
telephone number including area codes for this Administrator. Description Type some extra information about the Administrator. Apply Click this to save your settings in Vantage CNM. Cancel Click this to go back to the previous screen without saving any changes. 602 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 603
PART X Troubleshooting Troubleshooting (605) 603 - ZyXEL Vantage CNM | User Guide - Page 604
604 - ZyXEL Vantage CNM | User Guide - Page 605
you are using the correct IP address. 3 If the problem continues, contact your local vendor. I forgot the root password. The default password is root. If you have changed it, contact your local vendor. I can see the Login screen, but I cannot log in to the Vantage CNM. Vantage CNM User's Guide 605 - ZyXEL Vantage CNM | User Guide - Page 606
the managed devices or Vantage CNM server to reset the connections. See the procedure to change this IP address in the Section 30.1.1 on page 563. 3 Device firmware backup/restore or configuration file backup/restore on the Vantage CNM has upload/download files on the FTP server. Make sure the FTP - ZyXEL Vantage CNM | User Guide - Page 607
and Vantage Report server. 6 If the problem continues, contact your local vendor. There is information in some reports, but there is no information in others. 1 Make sure your devices support these reports. Check the release notes for the current firmware version. Vantage CNM User's Guide 607 - ZyXEL Vantage CNM | User Guide - Page 608
Chapter 38 Troubleshooting 2 Make sure you have selected the associated devices in the Associated Devices in the CNM System Setting > Configuration > VRPT Management > Edit screen. 's attack report is empty. 4 If the problem continues, contact your local vendor. 608 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 609
Index Product Specifications (611) Setting up Your Computer's IP Address (617) Pop-up Windows, Java Scripts and Java Permissions (635) IP Addresses and Subnetting (643) IP Address Assignment Conflicts (653) Common Services (657) Importing Certificates (661) Open Software Announcements (667) Legal - ZyXEL Vantage CNM | User Guide - Page 610
610 - ZyXEL Vantage CNM | User Guide - Page 611
This section summarizes Vantage CNM's specifications. Table 274 Firmware Specifications FEATURE DESCRIPTION Default User Name root Default Password root Object Tree View Three defined views: Account, Type, and Main Device Registration Building Blocks (BB) Status icons Manual or XML file - ZyXEL Vantage CNM | User Guide - Page 612
Vantage CNM configuration Vantage CNM server IP address FTP server Mail server Idle timeout Brute-force password protection Notification recipients Administrator privileges Table 275 Feature Specifications FEATURE DESCRIPTION Number of Vantage CNM 1,000,000 Log Entries Table 276 ZyXEL - ZyXEL Vantage CNM | User Guide - Page 613
: 8B:40:AD:A1:FC:FC entrustclientca Jan 9, 2003 0C:41:2F:13:5B:A0:54:F5:96:66: 2D:7E:CD:0E:03:F4 Vantage CNM User's Guide 613 - ZyXEL Vantage CNM | User Guide - Page 614
space required to run Vantage Report 600 MB Warning: Minimum amount of free disk space required to run Vantage per Low Free Disk Report Mark Table 280 Feature Specifications FEATURE Number of supported devices Number of scheduled reports SPECIFICATION Up to 25 500 614 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 615
of Entries in the Table at the Bottom of Each Statistical Report Log Consolidation Frequency SPECIFICATION 10 4 minutes Table 281 Default Access Administrator's username Administrator's password Configurator Access root root https:// {VRPT_public_IP}:8088/vrpt Vantage CNM User's Guide 615 - ZyXEL Vantage CNM | User Guide - Page 616
Appendix A Product Specifications 616 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 617
TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the device's LAN port. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 618
you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add. 2 Select Protocol and then click Add. 618 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 619
• If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 332 Windows 95/98/Me: TCP/IP Properties: IP Address Vantage CNM User's Guide 619 - ZyXEL Vantage CNM | User Guide - Page 620
computer when prompted. Verifying Settings 1 Click Start and then Run. 2 In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. 620 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 621
the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 334 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dialup Connections in Windows 2000/NT). Figure 335 Windows XP: Control Panel Vantage CNM User - ZyXEL Vantage CNM | User Guide - Page 622
Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 337 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). 622 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 623
IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 624
in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. 624 Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 625
Settings 1 Click Start, All Programs, Accessories and then Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Vantage CNM User's Guide 625 - ZyXEL Vantage CNM | User Guide - Page 626
Appendix B Setting up Your Computer's IP Address Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 341 Macintosh OS 8/9: Apple Menu 626 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 627
the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window. Vantage CNM User's Guide 627 - ZyXEL Vantage CNM | User Guide - Page 628
Appendix B Setting up Your Computer's IP Address Macintosh OS X 1 Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 343 Macintosh OS X: Apple Menu 2 Click OS X: Network 4 For statically assigned settings, do the following: 628 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 629
K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 345 Red Hat 9.0: KDE: Network Configuration: Devices Vantage CNM User's Guide 629 - ZyXEL Vantage CNM | User Guide - Page 630
Device General screen. 4 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 347 Red Hat 9.0: KDE: Network Configuration: DNS 5 Click the Devices tab. 630 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 631
text editor. • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 349 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet Vantage CNM User's Guide 631 - ZyXEL Vantage CNM | User Guide - Page 632
255.255.255.0 USERCTL=no PEERDNS=yes TYPE=Ethernet 2 If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf file in the /etc directory. The following figure shows interface: Bringing up interface eth0: [OK] [OK] [OK] [OK] [OK] 632 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 633
Appendix B Setting up Your Computer's IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# Vantage CNM User's Guide 633 - ZyXEL Vantage CNM | User Guide - Page 634
Appendix B Setting up Your Computer's IP Address 634 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 635
device's IP address. Disable pop-up Blockers 1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 354 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. Vantage CNM User's Guide 635 - ZyXEL Vantage CNM | User Guide - Page 636
: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 636 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 637
Java Permissions 2 Select Settings...to open the Pop-up Blocker Settings screen. Figure 356 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix "http://". For example, http://192.168.167.1. Vantage CNM User's Guide 637 - ZyXEL Vantage CNM | User Guide - Page 638
Appendix C Pop-up Windows, Java Scripts and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 357 Pop-up Blocker Settings 5 Click Close to do not display properly in Internet Explorer, check that Java Scripts are allowed. 638 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 639
tab. Figure 358 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). Vantage CNM User's Guide 639 - ZyXEL Vantage CNM | User Guide - Page 640
, Java Scripts and Java Permissions 6 Click OK to close the window. Figure 359 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 640 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 641
, Java Scripts and Java Permissions 5 Click OK to close the window. Figure 360 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for under Java (Sun) is selected. Vantage CNM User's Guide 641 - ZyXEL Vantage CNM | User Guide - Page 642
Appendix C Pop-up Windows, Java Scripts and Java Permissions 3 Click OK to close the window. Figure 361 Java (Sun) 642 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 643
IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. Vantage CNM User's Guide 643 - ZyXEL Vantage CNM | User Guide - Page 644
and Host ID Example 1ST OCTET: 2ND OCTET: 3RD OCTET: 4TH OCTET IP Address (Binary) Subnet Mask (Binary) Network Number Host ID (192) (168) (1) (2) 11000000 10101000 00000001 00000010 11111111 11111111 11111111 00000000 11000000 10101000 00000001 00000010 644 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 645
the remaining 24 bits are zeroes. Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit 2 216 - 2 28 - 2 23 - 2 MAXIMUM NUMBER OF HOSTS 16777214 65534 254 6 Vantage CNM User's Guide 645 - ZyXEL Vantage CNM | User Guide - Page 646
the company network for security reasons. In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 - 2 or 254 possible hosts. 646 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 647
Appendix D IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 363 Subnetting Example: Before Subnetting You can host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. Vantage CNM User's Guide 647 - ZyXEL Vantage CNM | User Guide - Page 648
24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to "borrow" two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. 648 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 649
Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. Lowest Host ID: 192.168.1.193 Highest Host ID: 192.168.1.254 LAST OCTET BIT VALUE 192 11000000 11000000 Vantage CNM User's Guide 649 - ZyXEL Vantage CNM | User Guide - Page 650
table shows IP address last octet values for each subnet. Table 290 Eight Subnets SUBNET SUBNET ADDRESS 1 0 2 32 3 64 4 96 5 128 6 160 7 192 8 224 FIRST ADDRESS LAST ADDRESS 1 30 33 128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 650 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 651
mask specifies the network number portion of an IP address. Your device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the device unless you are instructed to do otherwise. Vantage CNM User's Guide 651 - ZyXEL Vantage CNM | User Guide - Page 652
particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 652 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 653
to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the device. For example, you set the WAN IP address to 192.59.1.1 and the LAN IP address to 10.59.1.1. Otherwise, It is recommended the device use a public WAN IP address. Vantage CNM User's Guide 653 - ZyXEL Vantage CNM | User Guide - Page 654
to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the device. For example, you set the WAN IP address to 192.59.1.1 and the LAN IP address to 10.59.1.1. Otherwise, It is recommended the device uses a public WAN IP address. 654 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 655
server assigns to another subscriber acting as a DHCP client. In this case, the subscribers are not able to access the Internet. Figure 368 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 656
Appendix E IP Address Assignment Conflicts 656 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 657
68 DHCP Client. BOOTP_SERVER UDP 67 DHCP Server. CU-SEEME TCP UDP 7648 24032 A popular videoconferencing solution from White Pines Software. DNS TCP/UDP 53 Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. Vantage CNM User's Guide 657 - ZyXEL Vantage CNM | User Guide - Page 658
another popular Internet chat program. MSN Messenger TCP 1863 Microsoft Networks' messenger service uses this protocol. NEW-ICQ TCP 5190 An Internet chat program. client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). 658 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 659
Service. REAL_AUDIO TCP 7070 A streaming audio service e-mail server to login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 660
Table 293 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TFTP UDP 69 Trivial File Transfer Protocol is an Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE TCP 7000 Another videoconferencing solution. 660 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 661
and Internet Explorer 5. This appendix uses the ZyWALL 70 as an example. Other models should be similar. Import Vantage CNM's Certificates into Netscape Navigator In Netscape Navigator, you can permanently trust the Vantage CNM's server certificate by importing it into your operating system - ZyXEL Vantage CNM | User Guide - Page 662
example procedure shows how to import the Vantage CNM's (selfsigned) server certificate into your operating system as a trusted certification authority. 1 In Internet Explorer, double click the lock shown in the following screen. Figure 370 Login Screen 2 Click Install Certificate to open the - ZyXEL Vantage CNM | User Guide - Page 663
Appendix G Importing Certificates 3 Click Next to begin the Install Certificate wizard. Figure 372 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next. Figure 373 Certificate Import Wizard 2 Vantage CNM User's Guide 663 - ZyXEL Vantage CNM | User Guide - Page 664
Appendix G Importing Certificates 5 Click Finish to complete the Import Certificate wizard. Figure 374 Certificate Import Wizard 3 664 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 665
Appendix G Importing Certificates 6 Click Yes to add the Vantage CNM certificate to the root store. Figure 375 Root Certificate Store Figure 376 Certificate General Information after Import Vantage CNM User's Guide 665 - ZyXEL Vantage CNM | User Guide - Page 666
Appendix G Importing Certificates 666 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 667
, electronic or mechanical, for any purpose, except the express written permission of ZyXEL Communications Corporation. This Product includes Castor under below license Copyright (C) 1999-2001 OF ERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. Vantage CNM User's Guide 667 - ZyXEL Vantage CNM | User Guide - Page 668
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY code, generated documentation, and conversions to other media types. 668 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 669
patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. Vantage CNM User's Guide 669 - ZyXEL Vantage CNM | User Guide - Page 670
. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use writing, Licensor provides the Work (and each Contributor provides its 670 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 671
Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However software itself, if and wherever such thirdparty acknowledgments normally appear. Vantage CNM User's Guide 671 - ZyXEL Vantage CNM | User Guide - Page 672
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY Public License, version 2, hence the version number 2.1.] Preamble 672 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 673
are referring to freedom of use, not price. Our General Public Licenses are designed to free software (and charge for this service if you wish); that you receive original author's reputation will not be affected by problems that might be introduced by others. Finally, Vantage CNM User's Guide 673 - ZyXEL Vantage CNM | User Guide - Page 674
License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it 674 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 675
the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so example, a function in a library to compute square roots has a purpose that is Vantage CNM User's Guide 675 - ZyXEL Vantage CNM | User Guide - Page 676
that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore 676 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 677
of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" Vantage CNM User's Guide 677 - ZyXEL Vantage CNM | User Guide - Page 678
, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on 678 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 679
version, but may differ in detail to address new problems or concerns. Each version is given a guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 680
OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING License instead.) You can apply it to your programs, too. 680 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 681
price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service is not the original, so that any problems introduced by others will not reflect on Each licensee is addressed as "you". Vantage CNM User's Guide 681 - ZyXEL Vantage CNM | User Guide - Page 682
, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: 682 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 683
any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. Vantage CNM User's Guide 683 - ZyXEL Vantage CNM | User Guide - Page 684
version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. 684 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 685
THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN derived from this software without specific prior written permission. Vantage CNM User's Guide 685 - ZyXEL Vantage CNM | User Guide - Page 686
without specific prior written permission; and -Redistributions of source or binary code must contain the above copyright notice, this notice and the following disclaimers: 686 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 687
applets and applications intended to run on Java-enabled general purpose desktop computers and servers ("Programs"). 2. License to Distribute Software. Subject to the terms and conditions , limited license without fees to reproduce and distribute the Software, provided Vantage CNM User's Guide 687 - ZyXEL Vantage CNM | User Guide - Page 688
Software Updates will be considered part of the Software and subject to the terms and conditions of the Agreement. 6. Notice of Automatic Downloads. You acknowledge that, by your use of the Software and/or by requesting services that require use of the Software, the 688 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 689
distributed with your Publication(s); (ii) You are responsible for downloading the Software from the applicable Sun web site; (iii) SOLARIS, JAVA, JINI, FORTE, and iPLANET-related trademarks, service marks, logos and other brand designations ("Sun Marks"), and year ago) Vantage CNM User's Guide 689 - ZyXEL Vantage CNM | User Guide - Page 690
" AND 19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 690 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 691
and Castor License. To obtain the source code covered under those Licenses, please contact ZyXEL Communications Corporation at ZyXEL Technical Support. End-User License Agreement for Vantage CNM 2.3 WARNING: ZyXEL Communications Corp. IS WILLING TO LICENSE THE ENCLOSED SOFTWARE TO YOU ONLY UPON THE - ZyXEL Vantage CNM | User Guide - Page 692
thereof, in the operation of a service bureau or for the benefit of any ZyXEL DISCLAIMS ALL WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ZyXEL DOES NOT 692 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 693
ARISE OUT OF ANY BREACH OF THIS SECTION 8. 9. Audit Rights ZyXEL SHALL HAVE THE RIGHT, AT ITS OWN EXPENSE, UPON REASONABLE PRIOR NOTICE, TO PERIODICALLY INSPECT AND AUDIT YOUR RECORDS TO ENSURE YOUR COMPLIANCE WITH THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT. Vantage CNM User's Guide 693 - ZyXEL Vantage CNM | User Guide - Page 694
hereunder, the Software and Documentation shall not be assigned by you without the prior written consent of ZyXEL. Any waiver or modification of this License Agreement shall only be effective if it is in writing so as to reasonably effect the intention of the parties. 694 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 695
photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does Any replacement will consist of a new or re-manufactured functionally Vantage CNM User's Guide 695 - ZyXEL Vantage CNM | User Guide - Page 696
. You may also refer to the warranty policy for the region in which you bought the device at http:// www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. 696 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 697
393 access users idle timeout 364 multiple logins 365 AD 386, 389 CN identifier 386, 389 default server settings 385 Distinguished Name, see DN group 386 group members 389 host 385, 388 password 386, 389 port 385, 388 search time limit 386, 389 SSL 386, 389 address groups and firewall 319, 447 and - ZyXEL Vantage CNM | User Guide - Page 698
IPSec VPN rules 323 E e-mail SMTP server 561 encapsulation IPSec 327 encryption IPSec 328 WEP 117, 266 encryption method 399 enforcing policies in IPSec 329 ESP 327 ESSID 261 Extended Service Set IDentification. See ESSID. F file sharing SSL application create 403 698 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 699
authentication policies 365 and address groups 368 and address objects 368 and schedules 368 fragmenting IPSec packets 324 FTP server 561 Full Mesh 479 full tunnel mode 350 function window 37 G global SSL setting 327 tunnel encapsulation 327 ISP account CHAP 399 Vantage CNM User's Guide 699 - ZyXEL Vantage CNM | User Guide - Page 700
Server, see NBNS network list, see SSL 350 notifications 566, 567 SMTP server 561 O object pane devices 31 OSPF redistribute type (cost) 311 P PAP (Password Authentication Protocol) 291, 399 Password Authentication Protocol (PAP) 291, 399 Perfect Forward Secrecy (PFS) 328 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 701
routes actions 300 and address objects 304, 368 and interfaces 304 and IPSec 323 and schedules 304 and service groups 304 and services 304 and trunks 304 window 26 restoring (CNM configuration) 581 RFC 1058 (RIP) 308 1389 (RIP) 308 2402 (AH) 327 2406 (ESP) 327 RIP 308 Vantage CNM User's Guide - ZyXEL Vantage CNM | User Guide - Page 702
subnet mask 644 subnetting 646 subscription services activating 465 AppPatrol 460 content default lease time 364, 367 default reauthentication time 364, 367 lease time 360, 439 lockout 365 reauthentication time 360, 439 user names 358 V Vantage Report 571 in Vantage CNM 556 opening in Vantage CNM - ZyXEL Vantage CNM | User Guide - Page 703
WEP encryption 119, 121 Windows Internet Naming Service, see WINS Windows Internet Naming Service. See WINS. WINS 254, 263, 276, 282, 350 in L2TP VPN 355 WINS server 254, 263, 355 wireless MAC filter 269 wireless technologies comparison 88 Z zones and firewall 316 Vantage CNM User's Guide Index 703
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
-
625
-
626
-
627
-
628
-
629
-
630
-
631
-
632
-
633
-
634
-
635
-
636
-
637
-
638
-
639
-
640
-
641
-
642
-
643
-
644
-
645
-
646
-
647
-
648
-
649
-
650
-
651
-
652
-
653
-
654
-
655
-
656
-
657
-
658
-
659
-
660
-
661
-
662
-
663
-
664
-
665
-
666
-
667
-
668
-
669
-
670
-
671
-
672
-
673
-
674
-
675
-
676
-
677
-
678
-
679
-
680
-
681
-
682
-
683
-
684
-
685
-
686
-
687
-
688
-
689
-
690
-
691
-
692
-
693
-
694
-
695
-
696
-
697
-
698
-
699
-
700
-
701
-
702
-
703
 |
 |
www.zyxel.com
www.zyxel.com
Vantage CNM
Centralized Network Management
Copyright © 2009
ZyXEL Communications Corporation
Software Version 3.2
Edition 1, 7/2009
Default Login Details
IP Address
https://localhost
or
https://{Vantage
CNM Server’s IP
address}
User Name
root
Password
root