Go to page of
Similar user manuals
-
Network Router
ZyXEL Communications Broadband Security Gateway P-312
254 pages 1.93 mb -
Network Router
ZyXEL Communications 964
53 pages 0.86 mb -
Network Router
ZyXEL Communications 128IMH
191 pages 0.6 mb -
Network Router
ZyXEL Communications VSG-1200
280 pages 11.26 mb -
Network Router
ZyXEL Communications NSA-220
192 pages 4.44 mb -
Network Router
ZyXEL Communications Omni TA128
2 pages 0.21 mb -
Network Router
ZyXEL Communications ZyAIR G-4100
26 pages 1.07 mb -
Network Router
ZyXEL Communications GS-1524
170 pages 3.44 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of ZyXEL Communications 10~100 Series, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of ZyXEL Communications 10~100 Series one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of ZyXEL Communications 10~100 Series. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of ZyXEL Communications 10~100 Series should contain:
- informations concerning technical data of ZyXEL Communications 10~100 Series
- name of the manufacturer and a year of construction of the ZyXEL Communications 10~100 Series item
- rules of operation, control and maintenance of the ZyXEL Communications 10~100 Series item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of ZyXEL Communications 10~100 Series alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of ZyXEL Communications 10~100 Series, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the ZyXEL Communications service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of ZyXEL Communications 10~100 Series.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the ZyXEL Communications 10~100 Series item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
ZyW ALL 10~100 Series Internet Security Gateway Reference Guide Versions 3.52, 3.60 and 3.61 March 2003[...]
-
Page 2
ZyWALL 10~100 Series Internet Security Gateway ii Copyright Copyright Copyright © 2003 by Zy XEL Communications Corporation. The contents of this publi cation may not be reproduced i n any part or a s a whole, transcribed, st ored in a retrieval system, translated into any langu age, or tr ansmitted in any form or by any means, electronic, mechani[...]
-
Page 3
ZyWALL 10~100 Series Internet Security Gateway FCC iii Federal Communications Commission (FCC) Interference S tatement This device complies with Part 15 of FCC rules. Operation is subject to the following two cond itions: This device m ay not cause harm ful interference. This device must accept any interference received, including interference that[...]
-
Page 4
ZyWALL 10~100 Series Internet Security Gateway iv Information for Canadian Users Information for Canadian Users The Industry Canada label identifies certified equipmen t. This certification means that the equipment meets certain telecommunications network pr otective, op eration, and safety requ irements. The Industry Canada does not guarantee that[...]
-
Page 5
ZyWALL 10~100 Series Internet Security Gateway Warranty v ZyXEL Limited W arranty ZyXEL warrants to the original end us er (purchaser) that this product is free from any defects in materials or workmanshi p for a peri od of up t o two years from the date of purchase . During the warrant y period, a nd upon proof of purchase, should the prod uct hav[...]
-
Page 6
ZyWALL 10~100 Series Internet Security Gateway vi Customer Support Customer Support When you contact your cu stomer support r epresenta tive please have t he followi ng inform ation ready: Please have th e following i nformation re a dy when you cont act customer support. • Product model and serial num ber. • Information in Menu 24.2.1 – Syst[...]
-
Page 7
ZyWALL 10~100 Series Internet Security Gateway Table of Contents vii T able of Content s Copyright...................................................................................................................... ................................ii Federal Communications Commission (FCC) Interfer en ce S tatemen t................................[...]
-
Page 8
ZyWALL 10~100 Series Internet Security Gateway viii Table of Contents Index ............................................................................................................................................................ A[...]
-
Page 9
ZyWALL 10~100 Series Internet Security Gateway List of Diagrams ix List of Diagrams Diagram 2-1 Id eal Se tup ........................................................................................................ ........................ 2-1 Diagram 2-2 “T riangl e Route” Pr oblem ..............................................................[...]
-
Page 10
ZyWALL 10~100 Series Internet Security Gateway x List of Charts List of Chart s Chart 8-1 Classes of IP Addresses .............................................................................................. .................... 8-1 Chart 8-2 Allowed IP Ad dress Range By Class .......................................................................[...]
-
Page 11
ZyWALL 10~100 Series Internet Security Gateway List of Charts xi Chart 13-1 1 Sample IPSec Logs Du ring Packet T ransmission .................................................................. 13-15 Chart 13-12 RFC-2408 IS AKMP Payload T ypes ...................................................................................... .1 3 - 1 6 Chart 13-1[...]
-
Page 12
ZyWALL 10~100 Series Internet Security Gateway xii Preface Preface About Y our ZyW A LL Congratulations on your pur chase of the ZyWALL Security Gateway. About This User's Manual This manual i s designed to provide background inf ormation on some of the Zy WALL’s features. It also includes commands for use with the co mmand interpreter. This[...]
-
Page 13
ZyWALL 10~100 Series Internet Security Gateway Preface xiii Synt ax Conventions • “Enter” means for you t o type one or more charact ers and press the carriage return. “Select” or “Choose” means for you t o use one of the predefined c hoices. • The SMT menu titles and labels are in Bold Times New Roman font. • The choices of a m e[...]
-
Page 14
[...]
-
Page 15
General Information I Part I: General Information This part prov ides background information abo ut setting up your computer ’s IP address, triangle route, how functions are related, wireless LAN, 802. 1x, PPPoE, PPTP and IP subnetting.[...]
-
Page 16
[...]
-
Page 17
ZyWALL 10~100 Series Internet Security Gateway Setting Up Y our Computer ’s IP Address 1-1 Chapter 1 Setting up Your Computer’s IP Address All computers must have a 1 0M or 100M Et he rnet adapter card and TCP/IP installed. Windows 95/ 98/Me/NT/2 000/XP, Maci ntosh OS 7 a nd later operating sy stems and all versio ns of UNIX/LINU X include the [...]
-
Page 18
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-2 The Network window Configuration ta b displays a list of i nstalled com ponents. You need a network adapter, the T CP/IP prot ocol and C lient for Microsoft Networks. If yo u need th e adap ter: a. In the Network window, click Add . b. Select Ad a p t e r and[...]
-
Page 19
ZyWALL 10~100 Series Internet Security Gateway Setting Up Y our Computer ’s IP Address 1-3 1. Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically . -If you have a static IP address, select Specify an IP address and type your informatio n into the IP Address and Subne t Mask fields. 2. Click the DNS [...]
-
Page 20
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-4 3. Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gate ways. -If you have a gateway IP address, type it in the Ne w ga te way fie ld and click Add . 4. Click OK to save and close the TCP/IP Properties wind [...]
-
Page 21
ZyWALL 10~100 Series Internet Security Gateway Setting Up Y our Computer ’s IP Address 1-5 1. For Windows XP, click start , Control Panel . In Windows 2000/NT, click Start , Settings , Control Panel . 2. For Windows XP, click Network Connections . For Windows 2000/NT, click Network and Dial-up Connections . 3. Right-click Local Are a Connection a[...]
-
Page 22
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-6 4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties . 5. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically .[...]
-
Page 23
ZyWALL 10~100 Series Internet Security Gateway Setting Up Y our Computer ’s IP Address 1-7 6. -If you do not know your gateway's IP address, remove any previously installed gate ways in the IP Settin gs tab and click OK . Do one or more of the following if you want to configure additional IP addres ses: -In the IP Settings tab, in IP address[...]
-
Page 24
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-8 7. In the Internet Protocol TCP/IP Properties window (the Gene ral t ab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the follow ing DNS[...]
-
Page 25
ZyWALL 10~100 Series Internet Security Gateway Setting Up Y our Computer ’s IP Address 1-9 1. Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel . 2. Select Ethernet built-in from the Connect v ia list. 3. For dynamically assigned settings, sel ect Using DHCP Server from the Configure: list.[...]
-
Page 26
ZyWALL 10~100 Series Internet Security Gateway Setting Up Your Computer’s IP Address 1-10 4. For statically assigned settings, do the follo wing: -From the Configure box, select Manually . -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your ZyWALL in the Router address box. 5. C[...]
-
Page 27
ZyWALL 10~100 Series Internet Security Gateway Setting Up Y our Computer ’s IP Address 1-1 1 2. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. 3. For dynamically assigned settings, sel ect Using DHCP from the Configure list. 4. For statically assigne[...]
-
Page 28
[...]
-
Page 29
ZyWALL 10~100 Series Internet Security Gateway T riangle Route 2-1 Chapter 2 Triangle Route The Ideal Setup When the firewall is on, your ZyWALL acts as a secure gateway between your LAN and the Intern et. In an ideal network top ology, all i ncoming and outgoing net work traffic pas ses through t he ZyWALL to protect your LAN against attacks. Diag[...]
-
Page 30
ZyWALL 10~100 Series Internet Security Gateway Triangle Route 2-2 Diagram 2-2 “Triangle Route” Problem The “T riangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logi cal sections over the same Ethernet interface. Your ZyWALL sup[...]
-
Page 31
ZyWALL 10~100 Series Internet Security Gateway T riangle Route 2-3 Gateways on the W AN Side A second sol ution to the “triangle r oute” proble m is to put all of your network g ateways on t he WAN si de as the following fig ure shows. This en sures that all incoming netwo rk traffic p asses through your ZyWALL to your LAN. Therefo re your LAN [...]
-
Page 32
[...]
-
Page 33
ZyWALL 10~100 Series Internet Security Gateway The Big Picture 3-1 Chapter 3 The Big Picture The following figure giv es an overview of ho w filtering, the firewall, VPN and NAT are related. Diagram 3-1 Big Picture— Filtering, Firewall, VPN and NAT[...]
-
Page 34
ZyWALL 10~100 Series Internet Security Gateway The Big Picture 3-2[...]
-
Page 35
ZyWALL 10~100 Series Internet Security Gateway Wireless LAN and IEEE 802.1 1 4-1 Chapter 4 Wireless LAN and IEEE 802.11 A wireless LAN (WLA N) provides a flexi ble data commun ications system that y ou can use to access various services (navigating the Internet, em ail, prin ter services, etc.) without the use of a ca bled connection. In effect a w[...]
-
Page 36
ZyWALL 10~100 Series Internet Security Gateway The Big Picture 4-2 The IEEE 802.11 specifies three di ffere nt transmission me thods for th e PHY, the layer responsible for transferring dat a between nodes. T wo of the m ethods use s pread spectrum RF signals, Dir ect Sequence Spread Spectrum (DSSS) an d Fre quency-Hopping Spread Spectrum (FHSS), i[...]
-
Page 37
ZyWALL 10~100 Series Internet Security Gateway Wireless LAN and IEEE 802.1 1 4-3 Diagram 4-1 Peer-to-Peer Communication in an Ad -hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs, m ultiple Access Points (APs) link the WLAN to the wired network and al low users to efficiently share network resources. The A ccess Points[...]
-
Page 38
ZyWALL 10~100 Series Internet Security Gateway The Big Picture 4-4 could be any type of net work, it is almost invari ably an Ethernet LAN. Mo bile nodes ca n roam betwee n Access Points and seam less campus-wide coverage is possible. Diagram 4-2 ESS Provides Campus-Wide Coverage[...]
-
Page 39
ZyWALL 10~100 Series Internet Security Gateway Wireless LAN with IEEE 802.1x 5-1 Chapter 5 Wireless LAN With IEEE 802.1x As wireless networks becom e popular for both portable com puting and c o rporate networ ks, security i s now a priority. Security Flaws wi th IEEE 802.1 1 Wireless networks based on the o riginal IEEE 802 .11 have a poor reputat[...]
-
Page 40
ZyWALL 10~100 Series Internet Security Gateway Wireless LAN with IEEE 802.1x 5-2 • Support for RADIUS (Rem o te Au thentication Dial In User Service, RFC 2138, 2139) for centralized use r profile a nd accountin g managem ent on a ne twork RADI US server. • Support for EAP (Extensi ble Authentication Prot ocol, RFC 2486) that al lows additional [...]
-
Page 41
ZyWALL 10~100 Series Internet Security Gateway PPPoE 6-1 Chapter 6 PPPoE PPPoE in Action An ADSL m odem bridges a PPP session over Ethernet (PPP ove r Ethernet, R FC 2516) f rom your PC to an ATM PVC (Pe rmanent Virt ual Circuit ), which connect s to a DSL Ac cess Concentrat or where the PPP session terminates (see the next figure). One PVC can sup[...]
-
Page 42
ZyWALL 10~100 Series Internet Security Gateway 6-2 PPPoE How PPPoE W orks The PPPoE driver m akes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Et hernet frames to the Access Concen trator (AC). Bet ween the AC and an ISP, the AC is acting as a L2TP (Layer 2 T unneling Protocol) LAC (L2T P A[...]
-
Page 43
ZyWALL 10~100 Series Internet Security Gateway PPTP 7-1 Chapter 7 PPTP What is PPTP? PPTP (Point -to-Point T unneling Prot ocol) is a Microsoft proprietary protocol (R FC 2637 f or PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband modem over Ethernet? A solution is to build PPTP into the ANT [...]
-
Page 44
ZyWALL 10~100 Series Internet Security Gateway 7-2 PPTP PPTP Protocol Overview PPTP is very si milar to L2TP, since L2T P is based on both PPTP a nd L2F (C isco’s Layer 2 Forwardin g). Conceptually, there are three parties in PPTP, name ly the PNS (PPTP Network Serve r), the PAC (PPTP Access Concentrator) and the PPTP user. The PNS is the box tha[...]
-
Page 45
ZyWALL 10~100 Series Internet Security Gateway PPTP 7-3 Diagram 7-3 Example Message Exchange bet w een PC and an ANT PPP Data Connection The PPP frames are tunneled betwee n the PNS and PAC over GRE (General Ro uting Encapsulation, RFC 1701, 1702). The indiv idual calls within a tunnel are distingu ished using the Call ID field in the GRE header.[...]
-
Page 46
[...]
-
Page 47
ZyWALL 10~100 Series Internet Security Gateway IP Subnetting 8-1 Chapter 8 IP Subnetting IP Addressing Routers “route” base d on the network num ber. The rout er that delivers the data packet to the correct destination hos t uses the host ID. IP Classes An IP address is made up of four octets (ei ght bits), written in dotted deci mal notation, [...]
-
Page 48
ZyWALL 10~100 Series Internet Security Gateway 8-2 IP Subnetting A class “B” address (1 6 host bit s) can have 2 16 –2 or 65534 hosts. A class “A” address (24 host bits) can have 2 24 –2 hosts (app roxima tely 16 m illion hosts ). Since the first octet of a class “A” IP addre ss must c ontain a “0”, the first octet of a clas[...]
-
Page 49
ZyWALL 10~100 Series Internet Security Gateway IP Subnetting 8-3 With subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of ho st ID. With subnetting, some of the ho st ID bits are converted into netwo rk number bits. By convention, subn et masks a[...]
-
Page 50
ZyWALL 10~100 Series Internet Security Gateway 8-4 IP Subnetting The first three octets of the a ddress make up the networ k number (cl ass “C”). You wa nt to have two separat e networks. Divide the network 19 2.168.1.0 i nto two se parate subnet s by con verting one o f the host ID bits of the IP address to a networ k number bit. The “bor ro[...]
-
Page 51
ZyWALL 10~100 Series Internet Security Gateway IP Subnetting 8-5 192.168.1.0 with mask 255.255.255 .128 is the subnet its elf, and 192.168.1.1 27 with mask 255.255.255.12 8 is the directed broadcast addre ss for the first subnet. Theref ore, the lowest IP address t hat can be assigned to an actual host for the first subn et is 192.168.1.1 and the h[...]
-
Page 52
ZyWALL 10~100 Series Internet Security Gateway 8-6 IP Subnetting Subnet Address: 192. 168.1.128 Lo west Ho st ID: 192.168.1.129 Broadcast Address: 192.168. 1.191 Hig hest Host ID: 192.168.1.190 Chart 8-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VA L UE IP Address 192.168.1. 192 IP Address (Binary) 11000000.10101000.0 0000001. 11 0 00000 Subnet Mask [...]
-
Page 53
ZyWALL 10~100 Series Internet Security Gateway IP Subnetting 8-7 Chart 8-12 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.128 (/25) 2 126 2 255.255.255.192 (/26) 4 62 3 255.255.255.224 (/27) 8 30 4 255.255.255.240 (/28) 16 14 5 255.255.255.248 (/29) 32 6 6 255.255.255.252 (/30) 64 2 [...]
-
Page 54
ZyWALL 10~100 Series Internet Security Gateway 8-8 IP Subnetting Chart 8-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 9 255.255.255.128 (/25) 512 126 10 255.255.255.192 (/26) 1024 62 11 255.255.255.224 (/27) 2048 30 12 255.255.255.240 (/28) 4096 14 13 255.255.255.248 (/29) 8192 6 14 255.255.25[...]
-
Page 55
Command and Log Information II Part II: Command and Log Information This part prov ides information on the command interp reter interface, firewall and NetBIOS commands and logs and password prot ection.[...]
-
Page 56
[...]
-
Page 57
ZyWALL 10~100 Series Internet Security Gateway Command Interpreter 9-1 Chapter 9 Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system m a intenance m enu. Enter 8 to go t o Menu 24.8 - Comm and Interpreter Mode . See the included disk or zyxel.c o m for m ore detaile d info[...]
-
Page 58
[...]
-
Page 59
ZyWALL 10~100 Series Internet Security Gateway Firewall Commands 10-1 Chapter 10 Firewall Commands The following descri bes the firewall comm ands. See the Command Interpreter appendix fo r information on the command structure. Chart 10-1 Fire w all Commands FUNCTION COMMAND DESCRIPTION F F i i r r e e w w a a l l l l S S e e t t - - U U p p config[...]
-
Page 60
ZyWALL 10~100 Series Internet Security Gateway 10-2 Firewall Commands Chart 10-1 Fire w all Commands FUNCTION COMMAND DESCRIPTION config display firewall attack This command sho ws all of the attack response settings. config display firewall e-mail This command sho ws all of the e-mail settings. config display firewall ? This command shows all of t[...]
-
Page 61
ZyWALL 10~100 Series Internet Security Gateway Firewall Commands 10-3 Chart 10-1 Fire w all Commands FUNCTION COMMAND DESCRIPTION config edit firewall e-mail hour <0-23> This command sets the hour when the firewall log is sent through e- mail if the ZyWALL is set to send it on an hourly, daily or weekly basis. config edit firewall e-mail minu[...]
-
Page 62
ZyWALL 10~100 Series Internet Security Gateway 10-4 Firewall Commands Chart 10-1 Fire w all Commands FUNCTION COMMAND DESCRIPTION config edit firewall attack minute-low <0-255> This command sets the threshold of half-op en sessions where the ZyWALL stops del eting half-opened sessions. config edit firewall attack max-incomplete-high <0-255[...]
-
Page 63
ZyWALL 10~100 Series Internet Security Gateway Firewall Commands 10-5 Chart 10-1 Fire w all Commands FUNCTION COMMAND DESCRIPTION Config edit firewall set <set #> connection-timeout <seconds> This command sets how long Z yWALL waits for a TCP session to be established befor e dropping the session. Config edit firewall set <set #> [...]
-
Page 64
ZyWALL 10~100 Series Internet Security Gateway 10-6 Firewall Commands Chart 10-1 Fire w all Commands FUNCTION COMMAND DESCRIPTION Config edit firewall set <set #> rule <rule #> alert <yes | no> This command sets whether or not the ZyWALL sends an alert e-mail when a DOS attack or a violation of a particular rule occurs. config edi[...]
-
Page 65
ZyWALL 10~100 Series Internet Security Gateway Firewall Commands 10-7 Chart 10-1 Fire w all Commands FUNCTION COMMAND DESCRIPTION config edit firewall set <set #> rule <rule #> TCP destport- single <port #> This command sets a rule to have the ZyWALL check for TCP traffic with this destination address. You may repeat this command [...]
-
Page 66
ZyWALL 10~100 Series Internet Security Gateway 10-8 Firewall Commands Chart 10-1 Fire w all Commands FUNCTION COMMAND DESCRIPTION config delete firewall set <set #> rule <rule #> This command removes the specified rul e in a firewall configuration set.[...]
-
Page 67
ZyWALL 10~100 Series Internet Security Gateway NetBIOS Filter Commands 11-1 Chapter 11 NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. See the Command Interpreter appendix for information on the comm and structure. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP b roadcast pa c k ets that[...]
-
Page 68
ZyWALL 10~100 Series Internet Security Gateway 11-2 NetBIOS Filter Commands This command gives a read-only list of the current NetBIOS filter modes for a ZyWALL that does not have DMZ. Diagram 11-1 NetBIOS Display Filter Settings Command Without DM Z Example Syntax: sys filter netbios disp This command gives a read-only list of the current NetBIOS [...]
-
Page 69
ZyWALL 10~100 Series Internet Security Gateway NetBIOS Filter Commands 11-3 Chart 11-1 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE WAN to DMZ This field displays whether NetBIOS packets are blocked o r forwarded from the WAN to the DMZ. Forward DMZ to LAN This field displays whether NetBIOS packets are blocked or forwarded from the DMZ[...]
-
Page 70
ZyWALL 10~100 Series Internet Security Gateway 11-4 NetBIOS Filter Commands <on|off> = For types 0 and 1 , use on to enable the filter and block NetBIOS packets. Use off to disable the filter and forward NetBIOS packets. For type 6 , use on to bloc k NetBIOS packets from being sent t hrough a V PN connection. Use off to allow NetBIOS packets [...]
-
Page 71
ZyWALL 10~100 Series Internet Security Gateway Boot Commands 12-1 Chapter 12 Boot Commands The BootMod ule AT comm an ds execute from within the router’s bootu p software, whe n debug mode i s selected before the m ain router firm ware (ZyNOS) is started. When you st art up your ZyWA LL, you are given a choi ce to go into debug m ode by pressi ng[...]
-
Page 72
ZyWALL 10~100 Series Internet Security Gateway 12-2 Boot Commands Diagram 12-2 Boot Module Comm ands AT just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show cu[...]
-
Page 73
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-1 Chapter 13 Log Descriptions Chart 13-1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be crea ted per host. Chart 13-2 System Maintena[...]
-
Page 74
ZyWALL 10~100 Series Internet Security Gateway 13-2 Log Descriptions Chart 13-2 System Maintenanc e Logs TELNET Login Fail Someone has failed to log on to the router via telnet. FTP Login Successfully Someone has logged on to the router via ftp. FTP Login Fail Someone has failed to log on to the router via ftp. NAT Session Table is Full! The maximu[...]
-
Page 75
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-3 Chart 13-5 Attack Log s LOG MESSAGE DESCRIPTION attack IGMP The firewall detected an IGMP attack. attack ESP The firewall detected an ESP attack. attack GRE The firewall detected a GRE attack. attack OSPF The firewall detected an OSPF attack. attack ICMP (type:%d, code:%d) The fir[...]
-
Page 76
ZyWALL 10~100 Series Internet Security Gateway 13-4 Log Descriptions Chart 13-5 Attack Log s LOG MESSAGE DESCRIPTION syn flood TCP The firewall detected a TCP syn flood attack. ports scan TCP The firewall detected a TCP port scan attack. teardrop TCP The firewall detected a TCP teardrop attack. teardrop UDP The firewall detected an UDP teardrop att[...]
-
Page 77
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-5 Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall default policy: TCP (set:%d) TCP access matched the default po licy of the listed ACL set and the ZyWALL blocked or for warded it according to the ACL set’s configuration. Firewall default policy: UDP (set:%d) UDP access ma[...]
-
Page 78
ZyWALL 10~100 Series Internet Security Gateway 13-6 Log Descriptions Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule match: IGMP (set:%d, rule:%d) IGMP access matched the listed firewall rule and the ZyWALL blocked or forwarded it according to the rule’s configuration. Firewall rule match: ESP (set:%d, rule:%d) ESP access matched the[...]
-
Page 79
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-7 Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall rule NOT match: OSPF (set:%d, rule:%d) OSPF access did not match the listed firewall rule and the Z yWALL logged it. Firewall rule NOT match: (set:%d, rule:%d) Access did not match the listed firewall rule and the Z yWALL log[...]
-
Page 80
ZyWALL 10~100 Series Internet Security Gateway 13-8 Log Descriptions Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Filter match DROP <set %d/rule %d> ICMP access matched the listed filter rule and the Z yWALL dropped the packet to block access. Filter match DROP <set %d/rule %d> Access matched the listed filter rule an d the ZyWALL dro[...]
-
Page 81
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-9 Chart 13-6 Access Logs LOG MESSAGE DESCRIPTION Firewall sent TCP reset packets The firewall sent out TCP reset packets. Packet without a NAT table entry blocked The router blocked a packet that did not h ave a corresponding NAT table entry. Out of order TCP handshake packet blocke[...]
-
Page 82
ZyWALL 10~100 Series Internet Security Gateway 13-10 Log Descriptions Chart 13-7 ACL Setting Notes ACL SET NUMBER DIRECTION DESCRIPTION 9 DMZ to DMZ/ZyWALL ACL set 9 for packets traveling from the DMZ to the DM or the ZyWALL. Chart 13-8 ICMP Notes TYPE CODE DESCRIPTION 0 Echo Reply 0 Echo reply message 3 Destination Unreachabl e 0 Net unreachable 1[...]
-
Page 83
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-11 Chart 13-8 ICMP Notes TYPE CODE DESCRIPTION 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply mess[...]
-
Page 84
ZyWALL 10~100 Series Internet Security Gateway 13-12 Log Descriptions Diagram 13-1 Example VPN Initiator IPSec Log VPN Responder IPSec Log The following f igure shows a typ ical log from the VPN connect ion pee r. Diagram 13-2 Example VPN Responder IPSec Log This menu is useful f or troubleshoot ing. A lo g index num ber, the date and tim e the log[...]
-
Page 85
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-13 The following table sh ows sample log messages during IKE key exchange. Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION Send <Symbol> Mode request to <IP> Send <Symbol> Mode request to <IP> The ZyWALL has started negotiation with the peer.[...]
-
Page 86
ZyWALL 10~100 Series Internet Security Gateway 13-14 Log Descriptions Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Remote IP <IP start> / <IP end> conflicts If the security gateway is “0.0.0.0”, the ZyWALL will use the peer’s “Local Addr” as its “Remote Addr”. If a peer’s “Local Addr” range con[...]
-
Page 87
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-15 Chart 13-10 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION vs. My Local <IP address> The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the loc al router. The log displays this router’s configu[...]
-
Page 88
ZyWALL 10~100 Series Internet Security Gateway 13-16 Log Descriptions The following table shows RFC-2408 I SAKMP payload types that the log displays. Please r efer to the RFC for detailed information on each type. Chart 13-12 RFC-2408 ISAKMP Pay load T ypes LOG DISPLAY P AYLOAD TYPE SA Security Association PROP Proposal TRANS Transform KE Key Excha[...]
-
Page 89
ZyWALL 10~100 Series Internet Security Gateway Log Descriptions 13-17 Log Commands Go to the command interpreter interface (the Comman d Interpret er Appendix explains how to access a nd use the commands). Configuring What You Want the ZyWALL to Log Use the sys logs load command to load the log setting buffer that allows you to configure which logs[...]
-
Page 90
ZyWALL 10~100 Series Internet Security Gateway 13-2 Log Descriptions Use the sys logs display [log category] comm and to show the logs in an individual ZyWALL log category. Use the sys logs clear command to erase all of the Zy W ALL’s logs. Log Command Example This example shows how to s et the ZyWALL to record the access logs and alerts and t he[...]
-
Page 91
ZyWALL 10~100 Series Internet Security Gateway Brute-Force Password Gu essing Protection 14-1 Chapter 14 Brute-Force Password Guessing Protection The followin g describes t he commands for enabling, disabli ng and con figuring the brute-force password guessing pr otection m echanism for the password . See the Command Inte rpreter appendix for infor[...]
-
Page 92
[...]
-
Page 93
Index III Part III: Index This part prov ides an Index of key terms.[...]
-
Page 94
[...]
-
Page 95
ZyWALL 10~100 Series Internet Security Gateway Index A Index A Ad-hoc Configuration ...................................... 4-2 Alternative Subnet Mask Notation ................... 8-3 B Basic Service Set.............................................. 4-2 Big Picture ....................................................... 3-1 Bold Times font ........[...]
-
Page 96
ZyWALL 10~100 Series Internet Security Gateway B Index Infrastructure Configuration ............................ 4-3 IP Addressing .................................................. 8-1 IP Classes ......................................................... 8-1 L Log Descriptions............................................ 13-1 N Network To pology Wit[...]