Home » ZyXEL Manuals » Networking » ZyXEL Vantage CNM » Manual Viewer

ZyXEL Vantage CNM User Guide - Page 159

Table 54

Get ZyXEL Vantage CNM PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 159 highlights

Chapter 6 Device Security Settings Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit (continued) LABEL DESCRIPTION Active Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields. Encryption Algorithm Select AH if you want to use AH (Authentication Header Protocol). The AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not for confidentiality, for which the ESP was designed. If you select AH here, you must select options from the Authentication Algorithm field. Select DES, 3DES or NULL from the drop-down list box. Authentication Algorithm Encryption Key Authentication Key Apply Cancel When you use DES or 3DES, both sender and receiver must know the Encryption Key, which can be used to encrypt and decrypt the messages. The DES encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It also requires more processing power, resulting in increased latency and decreased throughput. Select NULL to set up a tunnel without encryption. When you select NULL, you do not enter an encryption key. When you use SHA1 or MD5, both sender and receiver must know the Authentication Key, which can be used to generate and verify a message authentication code. Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. This field only applies when you select ESP. With DES, type a unique key 8 ASCII characters long. With 3DES, type a unique key 24 ASCII characters long. Any characters may be used, including spaces, but trailing spaces are truncated. Type a unique authentication key to be used by IPSec if applicable. Enter 16 characters for MD5 authentication or 20 characters for SHA-1 authentication. Any characters may be used, including spaces, but trailing spaces are truncated. Click this to save your changes back to the device. Click this to begin configuring this screen afresh. Vantage CNM User's Guide 159

Section	Page
Vantage CNM	1
About This User's Guide	3
Document Conventions	5
Contents Overview	7
Introducing Vantage CNM	21
1.1 Overview	21
1.2 Ways to Manage Vantage CNM	22
1.3 Suggestions for Using Vantage CNM	22
Introduction	23
GUI Introduction	25
2.1 Menu Bar	26
2.2 Title Bar	27
2.3 Device Window	27
2.3.1 Topology	27
2.3.2 Device Search	36
2.4 Navigation Panel and Configuration Window	37
2.5 Security Risk Pop-up Messages in Internet Explorer 7.0	41
Device Configuration (ZyNOS and Prestige)	45
Load or Save Building Blocks (BB)	47
3.1 Load or Save BB	47
Device General Settings	51
4.1 System	51
4.2 Time Setting	52
Device Network Settings	55
5.1 LAN (ZyNOS ZyWALL)	55
5.2 LAN (Prestige)	59
5.2.1 Static DHCP	62
5.2.2 IP Alias	63
5.3 WAN General (ZyNOS ZyWALL)	65
5.3.1 WAN1 (ZyNOS ZyWALL with one WAN port)	69
5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports)	78
5.3.3 WAN2 (ZyNOS ZyWALL with 3G WAN)	87
5.3.4 Dial Backup (ZyNOS ZyWALL)	96
5.3.5 Advanced Modem Setup (ZyNOS ZyWALL)	98
5.3.6 Edit Dial Backup (ZyNOS ZyWALL)	100
5.3.7 WAN Setup (Prestige)	102
5.3.8 WAN Backup (Prestige)	106
5.3.9 Advanced WAN Backup (Prestige)	109
5.3.10 Advanced Modem Setup (Prestige)	111
5.4 Wireless Card	112
5.4.1 Wireless and Wireless Security Settings	112
5.4.2 Advanced Wireless Security Settings	115
5.4.3 MAC Filter	121
Device Security Settings	123
6.1 Firewall	123
6.1.1 Default Rule	123
6.1.2 Rule Summary	126
6.1.3 Add/Edit a Rule	128
6.1.4 Anti-Probing	131
6.1.5 Threshold	132
6.1.6 Service	135
6.1.7 Add/Edit Service	135
6.2 VPN	137
6.3 IPSec High Availability	137
6.3.1 VPN Rules (IKE)	138
6.3.2 Add/Edit an IKE Gateway Policy	139
6.3.3 Add/Edit an IKE Network Policy	148
6.3.4 Move an IKE Network Policy	154
6.3.5 VPN Rules (Manual)	154
6.3.6 Add/Edit an Manual VPN Rule	157
6.3.7 VPN Global Setting	160
6.4 Anti-Virus	162
6.4.1 General Anti-Virus Setup	162
6.5 Anti-Spam	164
6.5.1 Anti-Spam General Screen	164
6.5.2 Anti-Spam External DB Screen	167
6.6 Anti-Spam Lists Screen	170
6.6.1 Anti-Spam Lists Edit Screen	171
6.7 IDP	174
6.8 General Setup	174
6.9 IDP Signatures	176
6.9.1 Attack Types	176
6.9.2 Intrusion Severity	178
6.9.3 Signature Actions	178
6.9.4 Configuring IDP Signatures	179
6.9.5 Query View	181
6.9.6 Protocol Anomaly	184
6.10 Signature Update	186
6.11 Content Filter	189
6.12 Content Filter General Screen	189
6.13 Content Filter Policy	193
6.13.1 Content Filter Policy: General	194
6.13.2 Content Filter Policy: External Database	197
6.13.3 Content Filter Policy: Customization	204
6.13.4 Content Filter Policy: Schedule	207
6.14 Content Filter Objects	208
6.15 Content Filtering Cache	210
6.16 X Auth	211
6.16.1 Local User Database	211
6.16.2 RADIUS	212
Device Advanced Settings	215
7.0.1 NAT	215
7.1 NAT	215
7.2 Port Forwarding	218
7.3 Address Mapping	219
7.3.1 Edit an Address Mapping Rule	221
7.4 Trigger Port	222
7.4.1 Edit a Trigger Port Rule	223
7.5 Static Route	224
7.6 Static Route	224
7.6.1 Edit a Static Route	226
7.7 DNS	227
7.8 Address Record	227
7.8.1 Add/Edit an Address Record	228
7.9 Name Server Record	229
7.9.1 Add/Edit a Name Server Record	230
7.10 Cache	232
7.11 DDNS	233
7.12 DHCP	235
7.13 Remote MGMT	236
7.14 Remote MGMT	236
Device Log	241
8.1 Device Log	241
Device Configuration (ZLD)	245
Device Network Settings	247
9.1 Ethernet (ZLD ZyWALL)	247
9.1.1 Ethernet Edit	248
9.1.2 Adding Virtual Interfaces	255
9.2 WLAN General	256
9.2.1 WLAN Add/Edit Screen	259
9.2.2 WLAN Add/Edit: WEP Security	265
9.2.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security	266
9.2.4 WLAN Add/Edit: WPA/WPA2 Security	267
9.2.5 WLAN Interface MAC Filter	269
9.2.6 MAC Filter Add/Edit Screen	271
9.3 VLAN Summary Screen	272
9.3.1 VLAN Add/Edit	272
9.4 Bridge Summary	277
9.4.1 Bridge Add/Edit	278
9.5 PPPoE/PPTP Interface Summary	283
9.5.1 PPPoE/PPTP Interface Edit	284
9.6 Auxiliary Interface	290
9.7 The Trunk Summary Screen	292
9.8 Configuring a Trunk	294
9.8.1 The Trunk Member List Screen	297
9.9 Interface Summary Screen	298
9.10 Policy Route Screen	300
9.10.1 Policy Route Edit Screen	303
9.11 IP Static Route Screen	306
9.11.1 Static Route Add/Edit Screen	307
9.12 The RIP Screen	308
9.13 The OSPF Screen	310
9.13.1 The OSPF Area Add/Edit Screen	312
Firewall	315
10.1 The Firewall Screen	315
10.1.1 The Firewall Edit Screen	318
10.2 The Session Limit Screen	319
10.2.1 The Session Limit Add/Edit Screen	321
IPSec VPN	323
11.1 The IPSec VPN Connection Screen	323
11.1.1 The IPSec VPN Connection Add/Edit Screen	325
11.1.2 IPSec VPN Connection Add/Edit (Manual Key)	331
11.2 The VPN Gateway Screen	335
11.2.1 The VPN Gateway Add/Edit Screen	336
11.3 The VPN Concentrator Screen	343
11.3.1 The VPN Concentrator Add/Edit Screen	345
SSL VPN	347
12.1 Overview	347
12.2 The SSL Access Privilege Screen	347
12.2.1 The SSL Access Policy Add/Edit Screen	349
12.3 The SSL Global Setting Screen	351
L2TP VPN	353
13.1 Overview	353
13.2 L2TP VPN Screen	353
Object	357
14.1 User Summary Screen	357
14.1.1 User Add/Edit Screen	358
14.2 User Group Summary Screen	360
14.2.1 Group Add/Edit Screen	361
14.3 Setting Screen	362
14.3.1 Default User Authentication Timeout Settings Edit Screens	366
14.3.2 Force User Authentication Policy Add/Edit Screen	368
14.4 Address Summary Screen	369
14.4.1 Address Add/Edit Screen	370
14.4.2 Address Group Summary Screen	371
14.4.3 Address Group Add/Edit Screen	373
14.5 The Service Summary Screen	374
14.5.1 The Service Add/Edit Screen	375
14.6 The Service Group Summary Screen	376
14.6.1 The Service Group Add/Edit Screen	378
14.7 The Schedule Summary Screen	379
14.7.1 The One-Time Schedule Add/Edit Screen	380
14.7.2 The Recurring Schedule Add/Edit Screen	381
AAA	385
15.1 Configuring Active Directory or LDAP Default Server Settings	385
15.2 Active Directory or LDAP Group Summary Screen	386
15.2.1 Creating an Active Directory or LDAP Group	388
15.3 Configuring a Default RADIUS Server	390
15.3.1 Configuring a Group of RADIUS Servers	391
15.3.2 Adding a RADIUS Server Member	392
15.4 Viewing Authentication Method Objects	393
15.5 Creating an Authentication Method Object	394
15.6 The My Certificates Screen	396
15.7 ISP Account Summary	397
15.7.1 ISP Account Edit	398
15.8 The SSL Application Screen	400
15.8.1 Creating/Editing a Web-based SSL Application Object	401
15.8.2 Creating/Editing a File Sharing SSL Application Object	403
Maintenance	405
16.1 Edit Remote Server Log Settings	405
Configuration, Firmware and Licence Management	407
Configuration Management	409
17.1 Synchronization (Device)	409
17.2 Synchronization (Folder)	411
17.3 Configuration File Management	412
17.3.1 Backup & Restore (Device)	413
17.3.2 Backup a Device	414
17.3.3 Backup & Restore (Folder)	415
17.3.4 Group Backup (Folder)	416
17.3.5 Group Restore (Folder)	418
17.4 Schedule List (Device)	419
17.5 Schedule List (Folder)	420
17.5.1 Add/Edit Schedule List (Folder)	421
17.6 Signature Profile Management	423
17.6.1 Signature Profile Backup & Restore (Device)	423
17.6.2 Signature Profile Backup & Restore (Folder)	425
17.6.3 Signature Profile Restore (Folder)	427
17.6.4 Restore to Device	429
17.6.5 Signature Profile Backup (Device)	430
17.6.6 Reset to Factory	431
17.7 Configuration Building Block	431
17.8 Add/Edit a Configuration BB	433
17.8.1 Create a Schedule Configuration BB (ZLD)	436
17.8.2 Create a User Configuration BB (ZLD)	437
17.8.3 Create an Address Configuration BB (ZLD)	439
17.8.4 Create a Service Configuration BB (ZLD)	440
17.9 Component BB	441
17.10 Add/Edit/Save as a Component BB	443
17.11 ZLD Firewall Rule Group Configuration	443
17.12 Add/Edit a Firewall Rule Group	444
Firmware Management	449
18.1 Firmware List	449
18.1.1 Add Firmware	450
18.2 Scheduler List	451
18.3 Firmware Upgrade	451
18.3.1 Firmware Upgrade (Folder)	452
18.3.2 Firmware Upgrade (Device)	453
18.3.3 Firmware Upgrade (Device) > Upgrade	453
License Management	457
19.1 Service Activation	457
19.1.1 Registration	457
19.1.2 Service	460
19.2 License Status	462
19.2.1 Activate/Upgrade License	465
19.3 License Status (Folder)	466
19.4 Signature Status (Device)	469
19.5 Signature Status (Folder)	471
VPN Management	473
VPN Community	475
20.1 VPN Community	475
20.1.1 Add/Edit a VPN Community	476
Installation Report	483
21.1 Installation Report	483
21.1.1 Show Detailed Installation Reportl	484
VPN Monitor	485
22.1 Monitor VPN by Community	485
22.1.1 Show Detailed VPN Community	486
22.1.2 VPN Tunnel Diagnostics	487
22.2 Monitor VPN by Device	489
22.2.1 VPN Tunnel Status	489
22.2.2 Search VPN Tunnels	490
22.2.3 SA Monitor	491
Monitor	493
Device Status Monitor	495
23.1 Device Status	495
3G Monitor	497
24.1 Summary	498
24.1.1 Show Detail	500
24.2 Availability Report	509
24.3 Radio Report	513
24.4 Traffic Report	518
24.5 Alert Report	519
24.6 Monitor Setting	523
24.6.1 Notification Setting	523
24.6.2 Notification	524
24.6.3 Monitor Interval	526
Device HA Status Monitor	527
25.1 Device HA Status	527
Device Alarm	529
26.1 Device Alarm Introduction	529
26.1.1 Alarm Severity	529
26.1.2 Unresolved Alarms	529
26.1.3 Responded Alarm	532
Log & Report	535
Device Operation Report	537
27.1 Firmware Upgrade Report	537
27.1.1 Firmware Report Details	538
27.2 Configuration Report	540
27.2.1 Configuration Report Details	542
27.3 Configuration File Backup Report	543
27.3.1 Configuration File Backup Report Details	545
27.4 Configuration File Restore Report	546
27.5 Signature Profile Backup Report	548
27.6 Signature Profile Restore Report	549
CNM Logs	553
28.1 Vantage CNM Logs	553
28.1.1 CNM Logs	553
VRPT	555
29.1 Vantage Report Overview	555
29.2 Vantage Report in Vantage CNM	556
29.3 Setting Up Vantage Report in Vantage CNM	556
29.4 Opening Vantage Report in Vantage CNM	557
CNM System Setting	559
CNM System Setting	561
30.1 Servers Configuration	561
30.1.1 Vantage CNM Server Public IP Address	563
30.2 Servers Status	564
30.3 User Access	565
30.4 Notifications	566
30.4.1 Notifications Settings	567
30.5 Log Setting	569
30.6 VRPT Management	571
30.6.1 Add/Edit VRPT Management	573
30.7 Certificate Management Overview	574
30.7.1 Advantages of Certificates	575
30.7.2 Current Certificate Information	576
30.7.3 Create CSR	577
30.7.4 Import Certificate	578
Maintenance	581
31.1 System Maintenance	581
31.1.1 Backup	582
31.2 Device Maintenance	583
Device Owner	585
32.1 Device Owner	585
32.1.1 Add/Edit a Device Owner	586
Vantage CNM Software Upgrade	587
33.1 CNM Software Upgrade	587
License	589
34.1 CNM Licence	589
34.1.1 License Upgrade	590
About CNM	591
35.1 About CNM	591
Account Management	593
User Group	595
36.1 Group	595
36.1.1 Add User Group	596
Account	599
37.1 “Root” Administrator	599
37.2 “Super” Administrators	599
37.3 Account	600
37.3.1 Add/Edit an Administrator Account	601
Troubleshooting	603
Troubleshooting	605
38.1 Vantage CNM Access and Login	605
38.2 Device Management	606
38.3 Device Firmware Management	606
38.4 Vantage Report	607
Appendices and Index	609
Product Specifications	611
Setting up Your Computer’s IP Address	617
Pop-up Windows, Java Scripts and Java Permissions	635
IP Addresses and Subnetting	643
IP Address Assignment Conflicts	653
Common Services	657
Importing Certificates	661
Open Software Announcements	667
Legal Information	695

Match case Limit results 1 per page

Chapter 6 Device Security Settings

Vantage CNM User’s Guide

159

Active Protocol

Select

ESP

if you want to use ESP (Encapsulation Security

Payload). The ESP protocol (RFC 2406) provides encryption

as well as some of the services offered by AH. If you select

ESP

here, you must select options from the

Encryption

Algorithm

and

Authentication Algorithm

fields.

Select

if you want to use AH (Authentication Header

Protocol). The AH protocol (RFC 2402) was designed for

integrity, authentication, sequence integrity (replay

resistance), and non-repudiation but not for confidentiality,

for which the ESP was designed. If you select

here, you

must select options from the

Authentication Algorithm

field.

Encryption Algorithm

Select

DES

3DES

NULL

from the drop-down list box.

When you use

DES

3DES

, both sender and receiver must

know the

Encryption Key

, which can be used to encrypt and

decrypt the messages. The DES encryption algorithm uses a

56-bit key. Triple DES (

3DES

) is a variation on DES that uses

a 168-bit key. As a result,

3DES

is more secure than

DES

. It

also requires more processing power, resulting in increased

latency and decreased throughput. Select

NULL

to set up a

tunnel without encryption. When you select

NULL

, you do not

enter an encryption key.

Authentication Algorithm

When you use

SHA1

MD5

, both sender and receiver must

know the

Authentication Key

, which can be used to

generate and verify a message authentication code. Select

SHA1

MD5

from the drop-down list box.

MD5

(Message

Digest 5) and

SHA1

(Secure Hash Algorithm) are hash

algorithms used to authenticate packet data. The

SHA1

algorithm is generally considered stronger than

MD5

, but is

slower. Select

MD5

for minimal security and

SHA-1

for

maximum security.

Encryption Key

This field only applies when you select

ESP

. With

DES

, type a

unique key 8 ASCII characters long. With

3DES

, type a

unique key 24 ASCII characters long. Any characters may be

used, including spaces, but trailing spaces are truncated.

Authentication Key

Type a unique authentication key to be used by IPSec if

applicable. Enter 16 characters for

MD5

authentication or 20

characters for

SHA-1

authentication. Any characters may be

used, including spaces, but trailing spaces are truncated.

Apply

Click this to save your changes back to the device.

Cancel

Click this to begin configuring this screen afresh.

Table 54

Device Operation > Device Configuration > Security > VPN > VPN Rules

(Manual) > Add/Edit (continued)

LABEL

DESCRIPTION