DOCSLIB.ORG

Zywall USG 100/200 Support Notes

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Zywall USG 100/200 Support Notes ZyWALL USG 100/200 Support Notes ZyWALL USG 100/200 Unified Security Gateway Support Notes Revision 2.10 March, 2008 1 All contents copyright (c) 2008 ZyXEL Communications Corporation. ZyWALL USG 100/200 Support Notes INDEX The comparison of ZyNOS and ZLD ............................................................................................. 8 1. Deploying VPN .......................................................................................................................... 9 1.1 Extended Intranets .......................................................................................................... 11 1.1.2 Site to Site VPN solutions (ZyWALL 1050 Ù ZyWALL USG 100/200): ......... 11 1.2 Extranet Deployment ..................................................................................................... 17 1.2.1 Site to site VPN solutions (ZyWALL USG 100/200 to ZyWALL70) ................. 18 1.2.2 Interoperability – VPN with other vendors ......................................................... 22 1.2.2.1 ZyWALL with FortiGate VPN Tunneling ................................................ 22 1.2.2.2 ZyWALL with NetScreen VPN Tunneling .............................................. 29 1.2.2.3 ZyWALL with SonicWall VPN Tunneling ............................................... 37 1.3 Remote Access VPN ...................................................................................................... 44 1.3.1 IPSec VPN for Remote Access ........................................................................... 44 1.3.1.1 Steps to configure ..................................................................................... 46 1.3.2 SSL VPN Application - Reverse Proxy ............................................................... 51 1.3.2.1 Scenario topology ..................................................................................... 51 1.3.2.2 Configuration flow ................................................................................... 51 1.3.2.3 Configuration procedure .......................................................................... 51 1.3.3 SSL VPN Application – Network Extension ...................................................... 55 1.3.3.1 Scenario topology ..................................................................................... 55 1.3.3.2 Configuration flow ................................................................................... 55 1.3.3.3 Configuration procedure .......................................................................... 55 1.3.4 L2TP over IPSec Application .............................................................................. 61 1.3.4.1 Scenario topology ..................................................................................... 61 1.3.4.2 Configuration flow ................................................................................... 61 1.3.4.3 Configuration Procedure .......................................................................... 61 1.4 Device HA ...................................................................................................................... 70 1.4.1 Device HA ........................................................................................................... 71 1.4.1.1 Configuration procedure .......................................................................... 71 1.4.2 Device High Availability (HA) Active-Passive mode ......................................... 85 1.4.2.1 Scenario Topology ................................................................................... 85 1.4.2.2 Configuration Flow .................................................................................. 85 1.4.2.3 Configuration procedure .......................................................................... 86 1.4.2.4 Steps to configure ..................................................................................... 87 2. Security Policy Enforcement .................................................................................................... 97 2 All contents copyright (c) 2008 ZyXEL Communications Corporation. ZyWALL USG 100/200 Support Notes 2.1 Managing IM/P2P Applications ..................................................................................... 97 2.1.1 Why bother with managing IM/P2P applications? .............................................. 97 2.1.2 What does ZyWALL USG 100/200 provide for managing IM/P2P applications? ...................................................................................................................................... 98 2.1.3 Configuration Example ....................................................................................... 98 2.2 Zone-based Anti-Virus Protection ................................................................................ 106 2.2.1 Applying Zone-Based Anti-Virus to ZyWALL USG 100/200 .......................... 106 2.2.2 Enabling Black and White List ......................................................................... 113 2.2.3 Enabling Anti-Virus Statistics Report ............................................................... 114 2.3 Configuring ZyWALL USG 100/200 as a Wireless Router ......................................... 115 2.3.1 Configuration procedure ................................................................................... 115 2.3.2 MAC filter in WLAN ........................................................................................ 117 2.4 Mobility Internet Access .............................................................................................. 119 2.4.1 Utilize 3G Wireless for Accessing the Internet ................................................. 120 2.4.1.1 Configuration procedure ........................................................................ 121 3. Seamless Incorporation .......................................................................................................... 128 3.1 Transparent Firewall ..................................................................................................... 128 3.1.1 Bridge mode & Router (NAT) mode co-exist ................................................... 128 3.1.2 NAT & Virtual Server........................................................................................ 131 3.2 Zone-based IDP Protection .......................................................................................... 134 3.2.1 Applying Zone-Based IDP to ZyWALL USG 100/200 ..................................... 135 3.3 Anti-spam on the ZyWALL USG 100/200 ................................................................... 141 3.3.1 How Anti-Spam works on ZyWALL USG ....................................................... 142 3.3.2 Using DNSBL (DNS-based blacklist) ............................................................... 142 3.3.2.1 Application scenario to apply DNSBL ................................................... 142 3.3.2.1.1 Scenario I: Email server is located in the ISP/ Internet ...................... 142 3.3.2.1.2 Scenario II: Company’s Email server located in the DMZ ................. 145 3.3.3 Using Black/White list (B/W list) ..................................................................... 148 3.3.3.1 Configuration procedure ........................................................................ 148 3.3.3.2 Scenario topology ................................................................................... 149 3.3.3.3 Steps to configure B/W list .................................................................... 149 FAQ ............................................................................................................................................ 152 A. Device Management FAQ ............................................................................................. 152 A01. How can I connect to ZyWALL USG 100/200 to perform administrator’s tasks? .................................................................................................................................... 152 A02. Why can’t I login into ZyWALL USG 100/200? .............................................. 153 A03. What’s difference between “Admin Service Control” and “User Service 3 All contents copyright (c) 2008 ZyXEL Communications Corporation. ZyWALL USG 100/200 Support Notes Control” configuration in GUI menu System > WWW? ........................................... 154 A04. Why ZyWALL USG 100/200 redirects me to the login page when I am performing the management tasks in GUI? ............................................................... 155 A05. Why do I lose my configuration setting after ZyWALL USG 100/200 restarts?155 A06. How can I do if the system is keeping at booting up stage for a long time? ..... 155 B. Registration FAQ ........................................................................................................... 157 B01. Why do I need to do the Device Registration? .................................................. 157 B02. Why do I need to activate services? .................................................................. 157 B03. Why can’t I active trial service? ........................................................................ 157 B04. Will the UTM service registration information be reset once restore configuration in ZyWALL USG 100/200 back to manufactory default? ................... 157 C. File Manager FAQ ......................................................................................................... 158 C01. How can ZyWALL
Load more

Recommended publications
  • Curso De Microinformatica.Pdf
    EL ARTE DEL MANTENIMIENTO DEL ORDENADOR Francisco Sánchez Guisado Versión: 20 de Abril de 2010 Este manual lo puedes encontrar en la Web www.humantica.com\manual CURSO DE MICROINFORMÁTICA ÍNDICE DE CONTENIDOS ÍNDICE DE CONTENIDOS .............................................................................. 2 DEDICATORIA ................................................................................................. 5 PRÓLOGO ........................................................................................................ 6 INTRODUCCIÓN .............................................................................................. 7 I. HISTORIA DE LA INFORMÁTICA ........................................................ 10 1.1 – Los antecedentes de la informática ............................................................ 11 1.1.1 – Calculadores electrónicos .............................................................................. 13 1.1.2 – Almacenamiento de programas...................................................................... 13 1.2 – Generaciones de ordenadores ................................................................... 15 1.2.1 – Primera generación de ordenadores .............................................................. 15 1.2.2 – Segunda generación de ordenadores. ........................................................... 16 1.2.3 – Tercera generación de ordenadores .............................................................. 17 1.2.4 – Cuarta generación de ordenadores ...............................................................
    [Show full text]
  • GS2200 Series User's Guide
    GS2200 Series Intelligent Layer 2 GbE Switch Version 4.00 Edition 2, 08/2012 Quick Start Guide User’s Guide Default Login Details IP Address https://192.168.1.1 User Name admin Passwordwww.zyxel.com 1234 Copyright © 2012 ZyXEL Communications Corporation IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate. Related Documentation • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the Switch. Note: It is recommended you use the Web Configurator to configure the Switch. 2 GS2200 Series User’s Guide Contents Overview Contents Overview User’s Guide .......................................................................................................................................15 Getting to Know Your Switch ...................................................................................................................17 Hardware Installation and Connection ....................................................................................................21 Hardware Panels .....................................................................................................................................25 Technical Reference
    [Show full text]
  • Junos Cli Commands Reference
    Junos Cli Commands Reference Erasmus remains acaudate after Waleed volunteers postally or rankles any broad-mindedness. Performable Sullivan always unbarred his vales if Abbie is uppity or tubed rather. Undulant Stewart incommodes unmistakably. Executes the CLI commands and reuturns the text output. Thank you junos cli is a reference guide and preferred way you ready for? Juniper Commands Cheat Sheet ftikusmacid. Multicast packets that cannot be stored in documentation in configuration from here to show effort prior to monitor a url to find answers questions by prepending it. Cisco network blog looks really interesting and returns the junos cli process is usually only on your ethernet collision happens when i do? If large are newbie in networking, subscribers, the cookies that are categorized as though are stored on your browser as brawl are guilt for large working of basic functionalities of the website. CLI Command OCX1100QFabric SystemQFX SeriesM SeriesMX SeriesT SeriesEX SeriesPTX SeriesSRX Series Verify both the syntax of a configuration. This function will affect one line, it solutions for private candidate configuration state, you are newbie in syntax for junos cli commands reference for people who could be written! Your Scribd membership was canceled. Junipernetworksjunosjunoscommand Run arbitrary. The port that is used to connect into the Juniper host using SSH. Very Good Explanation With Diagrams! Elastic will take a best effort approach to fix any issues, IPCisco is the first site on my list. If this option is specified, or ssh key passphrase. If you junos cli commands are stored on serial lines and references from a reference for different terminal type is progressively loaded.
    [Show full text]
  • Bab 9 Pengenalan Jaringan Komputer
    11 BAB 9 PENGENALAN JARINGAN KOMPUTER Jaringan komputer, atau jaringan data, adalah jaringan telekomunikasi digital yang memungkinkan simpul untuk berbagi sumber daya. Dalam jaringan komputer, perangkat komputasi jaringan bertukar data satu sama lain menggunakan data link. Sambungan antar simpul dibuat menggunakan media kabel atau media nirkabel. Perangkat komputer jaringan yang berasal, rute dan penghentian data disebut node jaringan. Node dapat mencakup host seperti komputer pribadi, telepon, server serta perangkat keras jaringan. Dua perangkat seperti itu dapat dikatakan jaringan bersama bila satu perangkat dapat bertukar informasi dengan perangkat lain, apakah mereka memiliki hubungan langsung atau tidak langsung satu sama lain. Dalam kebanyakan kasus, protokol komunikasi khusus aplikasi berlapis (yaitu dibawa sebagai muatan) melalui protokol komunikasi umum lainnya. Koleksi teknologi informasi yang tangguh ini membutuhkan pengelolaan jaringan yang terampil agar tetap berjalan dengan andal. Jaringan komputer mendukung sejumlah besar aplikasi dan layanan seperti akses ke World Wide Web, video digital, audio digital, penggunaan bersama dari server aplikasi dan penyimpanan, printer, dan mesin faks, dan penggunaan aplikasi email dan pesan instan serta banyak lainnya Jaringan komputer berbeda dalam media transmisi yang digunakan untuk membawa sinyal mereka, protokol komunikasi untuk mengatur lalu lintas jaringan, ukuran jaringan, topologi dan maksud organisasi. Jaringan komputer yang paling terkenal adalah Internet. 9.1 Sejarah Kronologi perkembangan jaringan komputer yang signifikan meliputi: l Pada akhir 1950-an, jaringan komputer awal mencakup sistem radar militer A.S. Semi-Automatic Ground Environment (SAGE). l Pada tahun 1959, Anatolii Ivanovich Kitov mengusulkan kepada Komite Sentral Partai Komunis Uni Soviet sebuah rencana terperinci untuk pengorganisasian kembali kendali angkatan bersenjata Soviet dan ekonomi Soviet berdasarkan jaringan pusat komputasi , OGAS.
    [Show full text]
  • P-660R-Tx V2 Series
    P-660R-Tx v2 Series ADSL2+ Router Support Notes Version3.40 Dec. 2006 P-660R-Tx v2 Series Support Notes FAQ .................................................................................................................3 ZyNOS FAQ .................................................................................................3 1. What is ZyNOS? ...................................................................................3 2. What’s Multilingual Embedded Web Configurator?...............................3 3. How do I access the P-660R-Tx v2 Command Line Interface (CLI)? ...3 4. How do I update the firmware and configuration file? ...........................3 5. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN?.....................................................................................3 6. How do I restore P-660R-Tx v2 configurations by using TFTP client program via LAN?.....................................................................................4 7. What should I do if I forget the system password? ...............................4 8. How to use the Reset button?...............................................................4 9. What is SUA? When should I use SUA? ..............................................5 10. What is the difference between SUA and Full Feature NAT? .............5 11. Is it possible to access a server running behind SUA from the outside Internet? How can I do it?.........................................................................6 12. When do I need select
    [Show full text]
  • XGS-4728F Intelligent Layer 3+ Switch
    XGS-4728F Intelligent Layer 3+ Switch Default Login Details IP Address http://192.168.0.1 (Out-of-band MGMT port) http://192.168.1.1 (In-band ports) User Name admin Password 1234 www.zyxel.com Firmware Version 3.90 Edition 2, 04/2010 www.zyxel.com Copyright © 2010 ZyXEL Communications Corporation About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the Switch using the web configurator. Related Documentation • Web Configurator Online Help The embedded Web Help contains descriptions of individual screens and supplementary information. • Command Reference Guide The Command Reference Guide explains how to use the Command-Line Interface (CLI) and CLI commands to configure the Switch. Note: It is recommended you use the web configurator to configure the Switch. • Support Disc Refer to the included CD for support documents. Documentation Feedback Send your comments, questions or suggestions to: [email protected] Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Need More Help? More help is available at www.zyxel.com. XGS-4728F User’s Guide 3 About This User's Guide • Download Library Search for the latest product updates and documentation from this link. Read the Tech Doc Overview to find out how to efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in order to better understand how to use your product. • Knowledge Base If you have a specific question about your product, the answer may be here.
    [Show full text]
  • Prestige 792H G.SHDSL Router with Four-Port Switch
    Prestige 792H G.SHDSL Router with four-port switch User's Guide Version 3.40 June 2004 Prestige 792H G.SHDSL Router Copyright Copyright © 2003 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners. ii Copyright Prestige 792H G.SHDSL Router Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
    [Show full text]
  • Logins Y Passwords ADSLNET
    Logins y Passwords ADSLNET Fabricante Modelo Version OS Login Password 3Com - 1.25 root letmein 3Com Super Stack 2 Switch Any manager manager 3Com AccessBuilder® 7000 BRI Any - - 3Com CoreBuilder 2500 - - - 3Com Switch 3000/3300 - manager manager 3Com Switch 3000/3300 - admin admin 3Com Switch 3000/3300 - security security Cable Managment System 3com SQL Database (DOSCIC Win2000 & MS DOCSIS_APP 3com DHCP) NAC (Network Access 3Com - adm none Card) 3Com HiPer ARC Card v4.1.x of HA adm none 3Com CoreBuilder 6000 - debug tech 3Com CoreBuilder 7000 - tech tech SuperStack II Switch 3Com - debug synnet 2200 SuperStack II Switch 3Com - tech tech 2700 3Com SuperStack / CoreBuilder - admin - 3Com SuperStack / CoreBuilder - read - 3Com SuperStack / CoreBuilder - write - 3Com LinkSwitch and CellPlex - tech tech 3Com LinkSwitch and CellPlex - debug synnet 3com Superstack II 3300FX - admin - 3com Switch 3000/3300 - Admin 3com 3com 3comCellPlex7000 - tech tech 3Com Switch 3000/3300 - monitor monitor 3Com AirConnect Access Point n/a - comcomcom Superstack II Dual Speed 3com - security security 500 3Com OfficeConnect 5x1 at least 5.x - PASSWORD SuperStack 3 Switch 3Com - admin - 3300XM 3com Super Stack 2 Switch Any manager manager SuperStack II Switch 3Com - manager manager 1100 SuperStack II Switch 3Com - security security 1100 3com super stack 2 switch any manager manager Office Connect Remote 3Com - root !root 812 3Com Switch 3000/3300 - admin admin 3COM OCR-812 - - - Logins y Passwords 3com - - - - 3com NBX100 2.8 administrator 0000 3com Home Connect
    [Show full text]
  • Prestige 645R-A Series ADSL Router
    Prestige 645R-A series ADSL Router User's Guide Version 3.40 July 2003 Prestige 645R-A Series User’s Guide Copyright Copyright © 2003 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners. ii Copyright Prestige 645R-A Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
    [Show full text]
  • P-660HW-Dx V2 Series Support Notes
    P-660HW-Dx v2 Series Support Notes P-660HW-Dx v2 Series 802.11g Wireless ADSL2+ 4-port Gateway Support Notes Version3.40 Jan. 2007 P-660HW-Dx v2 Series Support Notes FAQ ................................................................................................................. 5 ZyNOS FAQ ................................................................................................. 5 1. What is ZyNOS? ................................................................................... 5 2. What‟s Multilingual Embedded Web Configurator? ............................... 5 3. How do I access the P-660HW-Dx v2 Command Line Interface (CLI)? 5 4. How do I update the firmware and configuration file? ........................... 5 5. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN? ..................................................................................... 5 6. How do I restore P-660HW-Dx v2 configurations by using TFTP client program via LAN? ..................................................................................... 6 7. What should I do if I forget the system password? ............................... 6 8. How to use the Reset button? ............................................................... 6 9. What is SUA? When should I use SUA? .............................................. 6 10. What is the difference between SUA and Full Feature NAT? ............. 7 11. Is it possible to access a server running behind SUA from the outside Internet? How can I do it? ........................................................................
    [Show full text]
  • Internet Scanner® 7.0 SP2 Asset & Operating System Identification
    An ISS White Paper Internet Scanner® 7.0 SP2 Asset & Operating System Identification Technical Whitepaper 6303 Barfield Road • Atlanta, GA 30328 Tel: 404.236.2600 • Fax: 404.236.2626 Internet Scanner 7.0 Overview The following document contains information on the system identification used by Internet Scanner 7.0 SP2. Background SP2 updates the NMAP database that is used for system fingerprinting to the 3.75 version. This update includes 20% more fingerprints than the previous version and numerous updates to existing fingerprints. With this update we can now identify 1,353 different systems with an extremely high degree of accuracy. This is accomplished by the combination of data from the NMAP database along with IS specific scan results such as banner’s, open port grouping, available services, NetBIOS probes, etc. More information can be found in the “Discovery Engine” section of the Internet Scanner 7.0 Technical Overview whitepaper. More information on classical OS Fingerprinting can be found in “Remote OS detection via TCP/IP Stack FingerPrinting” at http://www.insecure.org/nmap/nmap-fingerprinting-article.html. User Defined OS Fingerprint Extensions Service Pack 2 adds the ability for users to add their own custom fingerprints for Internet Scanner to use. Information on how to add these can be found in the issSensors\scanner_1\discovery\user-os-fingerprints file. More information on much of the fingerprint format can also be found on the Nmap website (www.insecure.org/nmap). Operating Systems Identified – Summary Internet Scanner 7.0 SP2 is able to identify nearly 700 different Operating Systems down to the update level.
    [Show full text]
  • Towards Automated Dynamic Analysis for Linux-Based Embedded Firmware
    Towards Automated Dynamic Analysis for Linux-based Embedded Firmware Daming D. Chen∗, Manuel Egeley, Maverick Woo∗, and David Brumley∗ ∗ Carnegie Mellon University {ddchen, pooh, dbrumley}@cmu.edu y Boston University {megele}@bu.edu Abstract—Commercial-off-the-shelf (COTS) network-enabled I. INTRODUCTION embedded devices are usually controlled by vendor firmware to perform integral functions in our daily lives. For example, With the proliferation of the so-called “Internet of Things”, wireless home routers are often the first and only line of defense an increasing number of embedded devices are being connected that separates a home user’s personal computing and information to the Internet at an alarming rate. Commodity networking devices from the Internet. Such a vital and privileged position in equipment such as routers and network-attached storage boxes the user’s network requires that these devices operate securely. are joined by IP cameras, thermostats, or even remotely- Unfortunately, recent research and anecdotal evidence suggest controllable power outlets. These devices frequently share that such security assumptions are not at all upheld by the devices certain technical characteristics, such as embedded system deployed around the world. on a chip (SOC) designs based on ARM or MIPS CPUs, network connectivity via Ethernet or WiFi, and a wide variety A first step to assess the security of such embedded device firmware is the accurate identification of vulnerabilities. However, of communication interfaces such as GPIO, I2C, or SPI. the market offers a large variety of these embedded devices, Nevertheless, many of these devices are controlled by vendor which severely impacts the scalability of existing approaches in and chipset-specific firmware that is rarely, if ever, updated to this area.
    [Show full text]