Section |
Page |
ZyWALL USG 300 |
1 |
About This User's Guide |
3 |
Document Conventions |
6 |
Safety Warnings |
8 |
Contents Overview |
9 |
Table of Contents |
11 |
User’s Guide |
31 |
Introducing the ZyWALL |
33 |
1.1 Overview and Key Default Settings |
33 |
1.2 Rack-mounted Installation |
33 |
1.2.1 Rack-Mounted Installation Procedure |
34 |
1.3 Front Panel |
35 |
1.3.1 Front Panel LEDs |
35 |
1.4 Management Overview |
35 |
1.5 Starting and Stopping the ZyWALL |
37 |
Features and Applications |
39 |
2.1 Features |
39 |
2.2 Applications |
41 |
2.2.1 VPN Connectivity |
42 |
2.2.2 SSL VPN Network Access |
42 |
2.2.3 User-Aware Access Control |
44 |
2.2.4 Multiple WAN Interfaces |
44 |
2.2.5 Device HA |
45 |
Web Configurator |
47 |
3.1 Web Configurator Requirements |
47 |
3.2 Web Configurator Access |
47 |
3.3 Web Configurator Screens Overview |
49 |
3.3.1 Title Bar |
50 |
3.3.2 Navigation Panel |
51 |
3.3.3 Main Window |
57 |
3.3.4 Tables and Lists |
59 |
Installation Setup Wizard |
65 |
4.1 Installation Setup Wizard Screens |
65 |
4.1.1 Internet Access Setup - WAN Interface |
66 |
4.1.2 Internet Access: Ethernet |
66 |
4.1.3 Internet Access: PPPoE |
68 |
4.1.4 Internet Access: PPTP |
69 |
4.1.5 ISP Parameters |
69 |
4.1.6 Internet Access Setup - Second WAN Interface |
71 |
4.1.7 Internet Access - Finish |
71 |
4.2 Device Registration |
72 |
Quick Setup |
75 |
5.1 Quick Setup Overview |
75 |
5.2 WAN Interface Quick Setup |
76 |
5.2.1 Choose an Ethernet Interface |
76 |
5.2.2 Select WAN Type |
76 |
5.2.3 Configure WAN Settings |
77 |
5.2.4 WAN and ISP Connection Settings |
78 |
5.2.5 Quick Setup Interface Wizard: Summary |
80 |
5.3 VPN Quick Setup |
81 |
5.4 VPN Setup Wizard: Wizard Type |
82 |
5.5 VPN Express Wizard - Scenario |
83 |
5.5.1 VPN Express Wizard - Configuration |
84 |
5.5.2 VPN Express Wizard - Summary |
85 |
5.5.3 VPN Express Wizard - Finish |
86 |
5.5.4 VPN Advanced Wizard - Scenario |
87 |
5.5.5 VPN Advanced Wizard - Phase 1 Settings |
88 |
5.5.6 VPN Advanced Wizard - Phase 2 |
90 |
5.5.7 VPN Advanced Wizard - Summary |
91 |
5.5.8 VPN Advanced Wizard - Finish |
92 |
Configuration Basics |
93 |
6.1 Object-based Configuration |
93 |
6.2 Zones, Interfaces, and Physical Ports |
94 |
6.2.1 Interface Types |
95 |
6.2.2 Default Interface and Zone Configuration |
96 |
6.3 Terminology in the ZyWALL |
97 |
6.4 Packet Flow |
98 |
6.4.1 ZLD 2.20 Packet Flow Enhancements |
98 |
6.4.2 Routing Table Checking Flow Enhancements |
99 |
6.4.3 NAT Table Checking Flow |
100 |
6.5 Feature Configuration Overview |
101 |
6.5.1 Feature |
102 |
6.5.2 Licensing Registration |
102 |
6.5.3 Licensing Update |
102 |
6.5.4 Interface |
103 |
6.5.5 Trunks |
103 |
6.5.6 Policy Routes |
103 |
6.5.7 Static Routes |
105 |
6.5.8 Zones |
105 |
6.5.9 DDNS |
105 |
6.5.10 NAT |
105 |
6.5.11 HTTP Redirect |
106 |
6.5.12 ALG |
107 |
6.5.13 Auth. Policy |
107 |
6.5.14 Firewall |
107 |
6.5.15 IPSec VPN |
108 |
6.5.16 SSL VPN |
108 |
6.5.17 L2TP VPN |
109 |
6.5.18 Application Patrol |
109 |
6.5.19 Anti-Virus |
110 |
6.5.20 IDP |
110 |
6.5.21 ADP |
110 |
6.5.22 Content Filter |
110 |
6.5.23 Anti-Spam |
111 |
6.5.24 Device HA |
111 |
6.6 Objects |
112 |
6.6.1 User/Group |
112 |
6.7 System |
113 |
6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM |
113 |
6.7.2 Logs and Reports |
114 |
6.7.3 File Manager |
114 |
6.7.4 Diagnostics |
114 |
6.7.5 Shutdown |
114 |
Tutorials |
117 |
7.1 How to Configure Interfaces, Port Grouping, and Zones |
117 |
7.1.1 Configure a WAN Ethernet Interface |
118 |
7.1.2 Configure Zones |
118 |
7.1.3 Configure Port Grouping |
119 |
7.2 How to Configure a Cellular Interface |
120 |
7.3 How to Configure Load Balancing |
122 |
7.3.1 Set Up Available Bandwidth on Ethernet Interfaces |
123 |
7.3.2 Configure the WAN Trunk |
124 |
7.4 How to Set Up a Wireless LAN |
125 |
7.4.1 Set Up User Accounts |
125 |
7.4.2 Create the WLAN Interface |
126 |
7.4.3 Set Up the Wireless Clients to Use the WLAN Interface |
129 |
7.5 How to Set Up an IPSec VPN Tunnel |
141 |
7.5.1 Set Up the VPN Gateway |
142 |
7.5.2 Set Up the VPN Connection |
142 |
7.5.3 Configure Security Policies for the VPN Tunnel |
144 |
7.6 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator |
144 |
7.7 How to Configure User-aware Access Control |
146 |
7.7.1 Set Up User Accounts |
147 |
7.7.2 Set Up User Groups |
148 |
7.7.3 Set Up User Authentication Using the RADIUS Server |
148 |
7.7.4 Web Surfing Policies With Bandwidth Restrictions |
150 |
7.7.5 Set Up MSN Policies |
153 |
7.7.6 Set Up Firewall Rules |
154 |
7.8 How to Use a RADIUS Server to Authenticate User Accounts based on Groups |
155 |
7.9 How to Use Endpoint Security and Authentication Policies |
157 |
7.9.1 Configure the Endpoint Security Objects |
157 |
7.9.2 Configure the Authentication Policy |
159 |
7.10 How to Configure Service Control |
160 |
7.10.1 Allow HTTPS Administrator Access Only From the LAN |
161 |
7.11 How to Allow Incoming H.323 Peer-to-peer Calls |
163 |
7.11.1 Turn On the ALG |
164 |
7.11.2 Set Up a NAT Policy For H.323 |
164 |
7.11.3 Set Up a Firewall Rule For H.323 |
166 |
7.12 How to Allow Public Access to a Web Server |
167 |
7.12.1 Create the Address Objects |
168 |
7.12.2 Configure NAT |
168 |
7.12.3 Set Up a Firewall Rule |
169 |
7.13 How to Use an IPPBX on the DMZ |
170 |
7.13.1 Turn On the ALG |
172 |
7.13.2 Create the Address Objects |
172 |
7.13.3 Setup a NAT Policy for the IPPBX |
173 |
7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP |
174 |
7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP |
175 |
7.14 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic |
176 |
7.14.1 Create the Public IP Address Range Object |
176 |
7.14.2 Configure the Policy Route |
177 |
7.15 How to Use Active-Passive Device HA |
177 |
7.15.1 Before You Start |
178 |
7.15.2 Configure Device HA on the Master ZyWALL |
179 |
7.15.3 Configure the Backup ZyWALL |
181 |
7.15.4 Deploy the Backup ZyWALL |
183 |
7.15.5 Check Your Device HA Setup |
183 |
L2TP VPN Example |
185 |
8.1 L2TP VPN Example |
185 |
8.2 Configuring the Default L2TP VPN Gateway Example |
185 |
8.3 Configuring the Default L2TP VPN Connection Example |
187 |
8.4 Configuring the L2TP VPN Settings Example |
188 |
8.5 Configuring L2TP VPN in Windows Vista, XP, or 2000 |
189 |
8.5.1 Configuring L2TP in Windows Vista |
189 |
8.5.2 Configuring L2TP in Windows XP |
199 |
8.5.3 Configuring L2TP in Windows 2000 |
205 |
Technical Reference |
223 |
Dashboard |
225 |
9.1 Overview |
225 |
9.1.1 What You Can Do in this Chapter |
225 |
9.2 The Dashboard Screen |
225 |
9.2.1 The CPU Usage Screen |
232 |
9.2.2 The Memory Usage Screen |
233 |
9.2.3 The Session Usage Screen |
234 |
9.2.4 The VPN Status Screen |
235 |
9.2.5 The DHCP Table Screen |
235 |
9.2.6 The Number of Login Users Screen |
236 |
Monitor |
239 |
10.1 Overview |
239 |
10.1.1 What You Can Do in this Chapter |
239 |
10.2 The Port Statistics Screen |
240 |
10.2.1 The Port Statistics Graph Screen |
242 |
10.3 Interface Status Screen |
243 |
10.4 The Traffic Statistics Screen |
247 |
10.5 The Session Monitor Screen |
250 |
10.6 The DDNS Status Screen |
252 |
10.7 IP/MAC Binding Monitor |
253 |
10.8 The Login Users Screen |
254 |
10.9 WLAN Interface Station Monitor Screen |
255 |
10.10 Cellular Status Screen |
256 |
10.11 USB Storage Screen |
258 |
10.12 Application Patrol Statistics |
259 |
10.12.1 Application Patrol Statistics: General Setup |
259 |
10.12.2 Application Patrol Statistics: Bandwidth Statistics |
260 |
10.12.3 Application Patrol Statistics: Protocol Statistics |
261 |
10.12.4 Application Patrol Statistics: Individual Protocol Statistics by Rule |
262 |
10.13 The IPSec Monitor Screen |
263 |
10.13.1 Regular Expressions in Searching IPSec SAs |
265 |
10.14 The SSL Connection Monitor Screen |
266 |
10.15 L2TP over IPSec Session Monitor Screen |
267 |
10.16 The Anti-Virus Statistics Screen |
268 |
10.17 The IDP Statistics Screen |
270 |
10.18 The Content Filter Statistics Screen |
272 |
10.19 Content Filter Cache Screen |
273 |
10.20 The Anti-Spam Statistics Screen |
276 |
10.21 The Anti-Spam Status Screen |
278 |
10.22 Log Screen |
279 |
Registration |
283 |
11.1 Overview |
283 |
11.1.1 What You Can Do in this Chapter |
283 |
11.1.2 What you Need to Know |
283 |
11.2 The Registration Screen |
285 |
11.3 The Service Screen |
287 |
Signature Update |
289 |
12.1 Overview |
289 |
12.1.1 What You Can Do in this Chapter |
289 |
12.1.2 What you Need to Know |
289 |
12.2 The Antivirus Update Screen |
290 |
12.3 The IDP/AppPatrol Update Screen |
291 |
12.4 The System Protect Update Screen |
293 |
Interfaces |
295 |
13.1 Interface Overview |
295 |
13.1.1 What You Can Do in this Chapter |
295 |
13.1.2 What You Need to Know |
296 |
13.2 Port Grouping |
299 |
13.2.1 Port Grouping Overview |
299 |
13.2.2 Port Grouping Screen |
299 |
13.3 Ethernet Summary Screen |
300 |
13.3.1 Ethernet Edit |
302 |
13.3.2 Object References |
309 |
13.4 PPP Interfaces |
310 |
13.4.1 PPP Interface Summary |
311 |
13.4.2 PPP Interface Add or Edit |
313 |
13.5 Cellular Configuration Screen (3G) |
317 |
13.5.1 Cellular Add/Edit Screen |
319 |
13.6 WLAN Interface General Screen |
326 |
13.6.1 WLAN Add/Edit Screen |
329 |
13.6.2 WLAN Add/Edit: WEP Security |
335 |
13.6.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security |
336 |
13.6.4 WLAN Add/Edit: WPA/WPA2 Security |
337 |
13.7 WLAN Interface MAC Filter |
339 |
13.8 VLAN Interfaces |
341 |
13.8.1 VLAN Summary Screen |
343 |
13.8.2 VLAN Add/Edit |
344 |
13.9 Bridge Interfaces |
351 |
13.9.1 Bridge Summary |
353 |
13.9.2 Bridge Add/Edit |
354 |
13.10 Auxiliary Interface |
360 |
13.10.1 Auxiliary Interface Overview |
360 |
13.10.2 Auxiliary |
360 |
13.11 Virtual Interfaces |
362 |
13.11.1 Virtual Interfaces Add/Edit |
363 |
13.12 Interface Technical Reference |
364 |
Trunks |
369 |
14.1 Overview |
369 |
14.1.1 What You Can Do in this Chapter |
369 |
14.1.2 What You Need to Know |
370 |
14.2 The Trunk Summary Screen |
374 |
14.3 Configuring a Trunk |
375 |
14.4 Trunk Technical Reference |
377 |
Policy and Static Routes |
379 |
15.1 Policy and Static Routes Overview |
379 |
15.1.1 What You Can Do in this Chapter |
379 |
15.1.2 What You Need to Know |
380 |
15.2 Policy Route Screen |
382 |
15.2.1 Policy Route Edit Screen |
385 |
15.3 IP Static Route Screen |
389 |
15.3.1 Static Route Add/Edit Screen |
390 |
15.4 Policy Routing Technical Reference |
391 |
Routing Protocols |
395 |
16.1 Routing Protocols Overview |
395 |
16.1.1 What You Can Do in this Chapter |
395 |
16.1.2 What You Need to Know |
395 |
16.2 The RIP Screen |
396 |
16.3 The OSPF Screen |
397 |
16.3.1 Configuring the OSPF Screen |
401 |
16.3.2 OSPF Area Add/Edit Screen |
404 |
16.3.3 Virtual Link Add/Edit Screen |
405 |
16.4 Routing Protocol Technical Reference |
406 |
Zones |
409 |
17.1 Zones Overview |
409 |
17.1.1 What You Can Do in this Chapter |
409 |
17.1.2 What You Need to Know |
410 |
17.2 The Zone Screen |
411 |
17.3 Zone Edit |
412 |
DDNS |
413 |
18.1 DDNS Overview |
413 |
18.1.1 What You Can Do in this Chapter |
413 |
18.1.2 What You Need to Know |
413 |
18.2 The DDNS Screen |
414 |
18.2.1 The Dynamic DNS Add/Edit Screen |
416 |
NAT |
419 |
19.1 NAT Overview |
419 |
19.1.1 What You Can Do in this Chapter |
419 |
19.1.2 What You Need to Know |
420 |
19.2 The NAT Screen |
420 |
19.2.1 The NAT Add/Edit Screen |
422 |
19.3 NAT Technical Reference |
425 |
HTTP Redirect |
429 |
20.1 Overview |
429 |
20.1.1 What You Can Do in this Chapter |
429 |
20.1.2 What You Need to Know |
430 |
20.2 The HTTP Redirect Screen |
431 |
20.2.1 The HTTP Redirect Edit Screen |
432 |
ALG |
435 |
21.1 ALG Overview |
435 |
21.1.1 What You Can Do in this Chapter |
435 |
21.1.2 What You Need to Know |
436 |
21.1.3 Before You Begin |
439 |
21.2 The ALG Screen |
439 |
21.3 ALG Technical Reference |
441 |
IP/MAC Binding |
443 |
22.1 IP/MAC Binding Overview |
443 |
22.1.1 What You Can Do in this Chapter |
443 |
22.1.2 What You Need to Know |
444 |
22.2 IP/MAC Binding Summary |
444 |
22.2.1 IP/MAC Binding Edit |
445 |
22.2.2 Static DHCP Edit |
446 |
22.3 IP/MAC Binding Exempt List |
447 |
Authentication Policy |
449 |
23.1 Overview |
449 |
23.1.1 What You Can Do in this Chapter |
449 |
23.1.2 What You Need to Know |
450 |
23.2 Authentication Policy Screen |
450 |
23.2.1 Adding Exceptional Services |
452 |
23.2.2 Creating/Editing an Authentication Policy |
453 |
Firewall |
457 |
24.1 Overview |
457 |
24.1.1 What You Can Do in this Chapter |
457 |
24.1.2 What You Need to Know |
458 |
24.1.3 Firewall Rule Example Applications |
460 |
24.1.4 Firewall Rule Configuration Example |
463 |
24.2 The Firewall Screen |
465 |
24.2.1 Configuring the Firewall Screen |
466 |
24.2.2 The Firewall Add/Edit Screen |
469 |
24.3 The Session Limit Screen |
470 |
24.3.1 The Session Limit Add/Edit Screen |
472 |
IPSec VPN |
475 |
25.1 IPSec VPN Overview |
475 |
25.1.1 What You Can Do in this Chapter |
475 |
25.1.2 What You Need to Know |
476 |
25.1.3 Before You Begin |
478 |
25.2 The VPN Connection Screen |
478 |
25.2.1 The VPN Connection Add/Edit (IKE) Screen |
480 |
25.2.2 The VPN Connection Add/Edit Manual Key Screen |
487 |
25.3 The VPN Gateway Screen |
490 |
25.3.1 The VPN Gateway Add/Edit Screen |
491 |
25.4 VPN Concentrator |
499 |
25.4.1 IPSec VPN Concentrator Example |
499 |
25.4.2 VPN Concentrator Screen |
502 |
25.4.3 The VPN Concentrator Add/Edit Screen |
502 |
25.5 IPSec VPN Background Information |
503 |
SSL VPN |
517 |
26.1 Overview |
517 |
26.1.1 What You Can Do in this Chapter |
517 |
26.1.2 What You Need to Know |
517 |
26.2 The SSL Access Privilege Screen |
520 |
26.2.1 The SSL Access Policy Add/Edit Screen |
522 |
26.3 The SSL Global Setting Screen |
524 |
26.3.1 How to Upload a Custom Logo |
526 |
26.4 Establishing an SSL VPN Connection |
527 |
SSL User Screens |
531 |
27.1 Overview |
531 |
27.1.1 What You Need to Know |
531 |
27.2 Remote User Login |
532 |
27.3 The SSL VPN User Screens |
537 |
27.4 Bookmarking the ZyWALL |
538 |
27.5 Logging Out of the SSL VPN User Screens |
538 |
SSL User Application Screens |
541 |
28.1 SSL User Application Screens Overview |
541 |
28.2 The Application Screen |
541 |
SSL User File Sharing |
543 |
29.1 Overview |
543 |
29.1.1 What You Need to Know |
543 |
29.2 The Main File Sharing Screen |
544 |
29.3 Opening a File or Folder |
544 |
29.3.1 Downloading a File |
546 |
29.3.2 Saving a File |
547 |
29.4 Creating a New Folder |
547 |
29.5 Renaming a File or Folder |
548 |
29.6 Deleting a File or Folder |
548 |
29.7 Uploading a File |
549 |
ZyWALL SecuExtender |
551 |
30.1 The ZyWALL SecuExtender Icon |
551 |
30.2 Statistics |
552 |
30.3 View Log |
553 |
30.4 Suspend and Resume the Connection |
553 |
30.5 Stop the Connection |
554 |
30.6 Uninstalling the ZyWALL SecuExtender |
554 |
L2TP VPN |
555 |
31.1 Overview |
555 |
31.1.1 What You Can Do in this Chapter |
555 |
31.1.2 What You Need to Know |
555 |
31.2 L2TP VPN Screen |
557 |
Application Patrol |
559 |
32.1 Overview |
559 |
32.1.1 What You Can Do in this Chapter |
559 |
32.1.2 What You Need to Know |
560 |
32.1.3 Application Patrol Bandwidth Management Examples |
565 |
32.2 Application Patrol General Screen |
569 |
32.3 Application Patrol Applications |
570 |
32.3.1 The Application Patrol Edit Screen |
571 |
32.3.2 The Application Patrol Policy Edit Screen |
575 |
32.4 The Other Applications Screen |
578 |
32.4.1 The Other Applications Add/Edit Screen |
581 |
Anti-Virus |
585 |
33.1 Overview |
585 |
33.1.1 What You Can Do in this Chapter |
585 |
33.1.2 What You Need to Know |
586 |
33.1.3 Before You Begin |
588 |
33.2 Anti-Virus Summary Screen |
588 |
33.2.1 Anti-Virus Policy Add or Edit Screen |
591 |
33.3 Anti-Virus Black List |
593 |
33.4 Anti-Virus Black List or White List Add/Edit |
594 |
33.5 Anti-Virus White List |
595 |
33.6 Signature Searching |
596 |
33.7 Anti-Virus Technical Reference |
599 |
IDP |
601 |
34.1 Overview |
601 |
34.1.1 What You Can Do in this Chapter |
601 |
34.1.2 What You Need To Know |
601 |
34.1.3 Before You Begin |
602 |
34.2 The IDP General Screen |
603 |
34.3 Introducing IDP Profiles |
605 |
34.3.1 Base Profiles |
606 |
34.4 The Profile Summary Screen |
607 |
34.5 Creating New Profiles |
608 |
34.5.1 Procedure To Create a New Profile |
608 |
34.6 Profiles: Packet Inspection |
609 |
34.6.1 Profile > Group View Screen |
609 |
34.6.2 Policy Types |
612 |
34.6.3 IDP Service Groups |
613 |
34.6.4 Profile > Query View Screen |
614 |
34.6.5 Query Example |
617 |
34.7 Introducing IDP Custom Signatures |
619 |
34.7.1 IP Packet Header |
619 |
34.8 Configuring Custom Signatures |
620 |
34.8.1 Creating or Editing a Custom Signature |
622 |
34.8.2 Custom Signature Example |
628 |
34.8.3 Applying Custom Signatures |
630 |
34.8.4 Verifying Custom Signatures |
631 |
34.9 IDP Technical Reference |
632 |
ADP |
637 |
35.1 Overview |
637 |
35.1.1 ADP and IDP Comparison |
637 |
35.1.2 What You Can Do in this Chapter |
637 |
35.1.3 What You Need To Know |
637 |
35.1.4 Before You Begin |
638 |
35.2 The ADP General Screen |
639 |
35.3 The Profile Summary Screen |
640 |
35.3.1 Base Profiles |
641 |
35.3.2 Configuring The ADP Profile Summary Screen |
641 |
35.3.3 Creating New ADP Profiles |
642 |
35.3.4 Traffic Anomaly Profiles |
642 |
35.3.5 Protocol Anomaly Profiles |
645 |
35.3.6 Protocol Anomaly Configuration |
645 |
35.4 ADP Technical Reference |
649 |
Content Filtering |
659 |
36.1 Overview |
659 |
36.1.1 What You Can Do in this Chapter |
659 |
36.1.2 What You Need to Know |
659 |
36.1.3 Before You Begin |
661 |
36.2 Content Filter General Screen |
661 |
36.3 Content Filter Policy Add or Edit Screen |
664 |
36.4 Content Filter Profile Screen |
666 |
36.5 Content Filter Categories Screen |
666 |
36.5.1 Content Filter Blocked and Warning Messages |
678 |
36.6 Content Filter Customization Screen |
679 |
36.7 Content Filter Technical Reference |
681 |
Content Filter Reports |
683 |
37.1 Overview |
683 |
37.2 Viewing Content Filter Reports |
683 |
Anti-Spam |
691 |
38.1 Overview |
691 |
38.1.1 What You Can Do in this Chapter |
691 |
38.1.2 What You Need to Know |
691 |
38.2 Before You Begin |
693 |
38.3 The Anti-Spam General Screen |
693 |
38.3.1 The Anti-Spam Policy Add or Edit Screen |
695 |
38.4 The Anti-Spam Black List Screen |
697 |
38.4.1 The Anti-Spam Black or White List Add/Edit Screen |
699 |
38.4.2 Regular Expressions in Black or White List Entries |
700 |
38.5 The Anti-Spam White List Screen |
701 |
38.6 The DNSBL Screen |
702 |
38.7 Anti-Spam Technical Reference |
704 |
Device HA |
709 |
39.1 Overview |
709 |
39.1.1 What You Can Do in this Chapter |
709 |
39.1.2 What You Need to Know |
709 |
39.1.3 Before You Begin |
710 |
39.2 Device HA General |
711 |
39.3 The Active-Passive Mode Screen |
712 |
39.3.1 Configuring Active-Passive Mode Device HA |
714 |
39.4 Configuring an Active-Passive Mode Monitored Interface |
717 |
39.5 The Legacy Mode Screen |
719 |
39.6 Configuring the Legacy Mode Screen |
720 |
39.7 Device HA Technical Reference |
724 |
User/Group |
731 |
40.1 Overview |
731 |
40.1.1 What You Can Do in this Chapter |
731 |
40.1.2 What You Need To Know |
731 |
40.2 User Summary Screen |
734 |
40.2.1 User Add/Edit Screen |
734 |
40.3 User Group Summary Screen |
737 |
40.3.1 Group Add/Edit Screen |
738 |
40.4 Setting Screen |
739 |
40.4.1 Default User Authentication Timeout Settings Edit Screens |
742 |
40.4.2 User Aware Login Example |
744 |
40.5 User /Group Technical Reference |
745 |
Addresses |
747 |
41.1 Overview |
747 |
41.1.1 What You Can Do in this Chapter |
747 |
41.1.2 What You Need To Know |
747 |
41.2 Address Summary Screen |
747 |
41.2.1 Address Add/Edit Screen |
749 |
41.3 Address Group Summary Screen |
750 |
41.3.1 Address Group Add/Edit Screen |
751 |
Services |
753 |
42.1 Overview |
753 |
42.1.1 What You Can Do in this Chapter |
753 |
42.1.2 What You Need to Know |
753 |
42.2 The Service Summary Screen |
754 |
42.2.1 The Service Add/Edit Screen |
756 |
42.3 The Service Group Summary Screen |
756 |
42.3.1 The Service Group Add/Edit Screen |
758 |
Schedules |
759 |
43.1 Overview |
759 |
43.1.1 What You Can Do in this Chapter |
759 |
43.1.2 What You Need to Know |
759 |
43.2 The Schedule Summary Screen |
760 |
43.2.1 The One-Time Schedule Add/Edit Screen |
761 |
43.2.2 The Recurring Schedule Add/Edit Screen |
762 |
AAA Server |
765 |
44.1 Overview |
765 |
44.1.1 Directory Service (AD/LDAP) |
765 |
44.1.2 RADIUS Server |
766 |
44.1.3 ASAS |
766 |
44.1.4 What You Can Do in this Chapter |
766 |
44.1.5 What You Need To Know |
767 |
44.2 Active Directory or LDAP Server Summary |
769 |
44.2.1 Adding an Active Directory or LDAP Server |
769 |
44.3 RADIUS Server Summary |
771 |
44.3.1 Adding a RADIUS Server |
773 |
Authentication Method |
775 |
45.1 Overview |
775 |
45.1.1 What You Can Do in this Chapter |
775 |
45.1.2 Before You Begin |
775 |
45.1.3 Example: Selecting a VPN Authentication Method |
775 |
45.2 Authentication Method Objects |
776 |
45.2.1 Creating an Authentication Method Object |
777 |
Certificates |
781 |
46.1 Overview |
781 |
46.1.1 What You Can Do in this Chapter |
781 |
46.1.2 What You Need to Know |
781 |
46.1.3 Verifying a Certificate |
783 |
46.2 The My Certificates Screen |
785 |
46.2.1 The My Certificates Add Screen |
786 |
46.2.2 The My Certificates Edit Screen |
791 |
46.2.3 The My Certificates Import Screen |
794 |
46.3 The Trusted Certificates Screen |
795 |
46.3.1 The Trusted Certificates Edit Screen |
796 |
46.3.2 The Trusted Certificates Import Screen |
800 |
46.4 Certificates Technical Reference |
801 |
ISP Accounts |
803 |
47.1 Overview |
803 |
47.1.1 What You Can Do in this Chapter |
803 |
47.2 ISP Account Summary |
803 |
47.2.1 ISP Account Edit |
804 |
SSL Application |
807 |
48.1 Overview |
807 |
48.1.1 What You Can Do in this Chapter |
807 |
48.1.2 What You Need to Know |
807 |
48.1.3 Example: Specifying a Web Site for Access |
808 |
48.2 The SSL Application Screen |
809 |
48.2.1 Creating/Editing a Web-based SSL Application Object |
810 |
48.2.2 Creating/Editing a File Sharing SSL Application Object |
812 |
Endpoint Security |
815 |
49.1 Overview |
815 |
49.1.1 What You Can Do in this Chapter |
816 |
49.1.2 What You Need to Know |
816 |
49.2 Endpoint Security Screen |
817 |
49.3 Endpoint Security Add/Edit |
819 |
System |
825 |
50.1 Overview |
825 |
50.1.1 What You Can Do in this Chapter |
825 |
50.2 Host Name |
826 |
50.3 USB Storage |
827 |
50.4 Date and Time |
828 |
50.4.1 Pre-defined NTP Time Servers List |
830 |
50.4.2 Time Server Synchronization |
831 |
50.5 Console Port Speed |
832 |
50.6 DNS Overview |
832 |
50.6.1 DNS Server Address Assignment |
833 |
50.6.2 Configuring the DNS Screen |
833 |
50.6.3 Address Record |
836 |
50.6.4 PTR Record |
836 |
50.6.5 Adding an Address/PTR Record |
836 |
50.6.6 Domain Zone Forwarder |
837 |
50.6.7 Adding a Domain Zone Forwarder |
837 |
50.6.8 MX Record |
838 |
50.6.9 Adding a MX Record |
839 |
50.6.10 Adding a DNS Service Control Rule |
839 |
50.7 WWW Overview |
840 |
50.7.1 Service Access Limitations |
841 |
50.7.2 System Timeout |
841 |
50.7.3 HTTPS |
841 |
50.7.4 Configuring WWW Service Control |
842 |
50.7.5 Service Control Rules |
846 |
50.7.6 Customizing the WWW Login Page |
846 |
50.7.7 HTTPS Example |
850 |
50.8 SSH |
857 |
50.8.1 How SSH Works |
858 |
50.8.2 SSH Implementation on the ZyWALL |
859 |
50.8.3 Requirements for Using SSH |
859 |
50.8.4 Configuring SSH |
859 |
50.8.5 Secure Telnet Using SSH Examples |
861 |
50.9 Telnet |
862 |
50.9.1 Configuring Telnet |
863 |
50.10 FTP |
864 |
50.10.1 Configuring FTP |
864 |
50.11 SNMP |
866 |
50.11.1 Supported MIBs |
868 |
50.11.2 SNMP Traps |
868 |
50.11.3 Configuring SNMP |
868 |
50.12 Dial-in Management |
870 |
50.12.1 Configuring Dial-in Mgmt |
871 |
50.13 Vantage CNM |
872 |
50.13.1 Configuring Vantage CNM |
873 |
50.14 Language Screen |
875 |
Log and Report |
877 |
51.1 Overview |
877 |
51.1.1 What You Can Do In this Chapter |
877 |
51.2 Email Daily Report |
877 |
51.3 Log Setting Screens |
879 |
51.3.1 Log Setting Summary |
880 |
51.3.2 Edit System Log Settings |
881 |
51.3.3 Edit Log on USB Storage Setting |
886 |
51.3.4 Edit Remote Server Log Settings |
888 |
51.3.5 Active Log Summary Screen |
890 |
File Manager |
893 |
52.1 Overview |
893 |
52.1.1 What You Can Do in this Chapter |
893 |
52.1.2 What you Need to Know |
893 |
52.2 The Configuration File Screen |
896 |
52.3 The Firmware Package Screen |
900 |
52.4 The Shell Script Screen |
902 |
Diagnostics |
905 |
53.1 Overview |
905 |
53.1.1 What You Can Do in this Chapter |
905 |
53.2 The Diagnostic Screen |
905 |
53.2.1 The Diagnostics Files Screen |
906 |
53.3 The Packet Capture Screen |
907 |
53.3.1 The Packet Capture Files Screen |
910 |
53.3.2 Example of Viewing a Packet Capture File |
911 |
53.4 Core Dump Screen |
912 |
53.4.1 Core Dump Files Screen |
912 |
53.5 The System Log Screen |
913 |
Reboot |
915 |
54.1 Overview |
915 |
54.1.1 What You Need To Know |
915 |
54.2 The Reboot Screen |
915 |
Shutdown |
917 |
55.1 Overview |
917 |
55.1.1 What You Need To Know |
917 |
55.2 The Shutdown Screen |
917 |
Troubleshooting |
919 |
56.1 Resetting the ZyWALL |
936 |
56.2 Getting More Troubleshooting Help |
937 |
Product Specifications |
939 |
57.1 3G PCMCIA Card Installation |
945 |
Log Descriptions |
947 |
Common Services |
1009 |
Displaying Anti-Virus Alert Messages in Windows |
1013 |
Importing Certificates |
1019 |
Wireless LANs |
1045 |
Open Software Announcements |
1061 |
Legal Information |
1119 |