Inhaltszusammenfassung zur Seite Nr. 1 
                    
                         
 
 
 
 
ZyWALL 2WG 
Security Appliance 
 
 
 
 
Support Notes 
Version 4.03 
Sep. 2007 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                  
                    
                    Inhaltszusammenfassung zur Seite Nr. 2 
                    
                          ZyWALL 2WG Support Notes    INDEX  Application Notes......................................................................................................9  Mobility Internet Access........................................................................................9  Utilize 3G and Wireless for the Internet Access ......................................10  Seamless Incorporation into your network ..........................................................18  Using Transparent (Bridge Mode) F
                    
                    Inhaltszusammenfassung zur Seite Nr. 3 
                    
                          ZyWALL 2WG Support Notes    To filter non-work related and unproductive web surfing to mitigate  spyware and phishing threats .................................................................209  Centralized Management ...................................................................................216  Using Vantage CNM for Management...................................................216  FAQ ...................................................................................................
                    
                    Inhaltszusammenfassung zur Seite Nr. 4 
                    
                          ZyWALL 2WG Support Notes    gateway behind ZyWALL? .....................................................................226  A28. How do I setup my ZyWALL for routing IPSec packets over  NAT? .........................................................................................................227  A29. What is STP (Spanning Tree Protocol) /RSTP (Rapid STP)?.....227  A30. What is the flow ZyWALL handles inbound and outgoing  traffic?...........................................................
                    
                    Inhaltszusammenfassung zur Seite Nr. 5 
                    
                          ZyWALL 2WG Support Notes    D02. In addition to registration, what can I do with myZyXEL.com?235  D03. Is there anything changed on myZyXEL.com because of the  launch of ZyNOS v4.00? Which ZyWALL models can be registered  via myZyXEL.com? .................................................................................236  D04. What’s the difference between new registration flow and  previous registration? What’s the advantage of new registration flow  over the previous registration flow?.....
                    
                    Inhaltszusammenfassung zur Seite Nr. 6 
                    
                          ZyWALL 2WG Support Notes    E15. How many URL keywords does ZyWALL support?....................240  E16. How do I keep database of Content Filtering service updated? .241  E17. What is BlueCoat Filter list? ..........................................................241  E18. How many ratings does the BlueCoat database contain?............241  E19. How often does BlueCoat update the database? ..........................241  E20. How do I locate sites to block? ....................................
                    
                    Inhaltszusammenfassung zur Seite Nr. 7 
                    
                          ZyWALL 2WG Support Notes    What do I need to know?.........................................................................250  F18. Does ZyWALL support dynamic secure gateway IP?..................251  F19. What VPN gateway that has been tested with ZyWALL  successfully?..............................................................................................251  F20. What VPN software that has been tested with ZyWALL  successfully?.........................................................
                    
                    Inhaltszusammenfassung zur Seite Nr. 8 
                    
                          ZyWALL 2WG Support Notes    G16. Will Self-signed certificate be erased if I reset to default  configuration file? ....................................................................................259  G17. Will certificates stored in ZyXEL appliance be erased if I reset to  default configuration file? .......................................................................259  G18. What can I do prior to reset appliance's configuration?.............259  G19. If I export My Certificates from 
                    
                    Inhaltszusammenfassung zur Seite Nr. 9 
                    
                          ZyWALL 2WG Support Notes    Application Notes  Mobility Internet Access    You may have the experienced a need of Internet access in a location where wired connection is difficult  to deploy, e.g. in countryside or mountain. Or you are just in a public environment without Internet access,  like in a park, on a bus, in a train or metropolitan subway, etc… Or you may temporarily need Internet  access when you are in your exhibition booth and need Internet access for some demonstration. ZyWALL  2
                    
                    Inhaltszusammenfassung zur Seite Nr. 10 
                    
                          ZyWALL 2WG Support Notes    Utilize 3G and Wireless for the Internet Access  Following we will show you how to configure it step-by-step.  Utilize 3G card to get Internet access  1). Plug the 3G card to ZyWALL 2WG's card slot before powering on the ZyWALL 2WG device.  2). Login the GUI. After the system boots up, you can see the 3G card information on the home page. Make  sure there is no "Error" message in "3G Card IMEI" and "SIM Card IMSI" fields. Otherwise, you need to  re-install the 3G ca
                    
                    Inhaltszusammenfassung zur Seite Nr. 11 
                    
                          ZyWALL 2WG Support Notes      3). Then the 3G wireless card will be dialed up automatically when WAN1 is not available. If you check the  "Nailed-up" option as shown in the figure above, the system will automatically dial up the 3G Internet access  even if WAN1 is available. Then you will see the process in logs as following.  11   All contents copyright (c) 2006 ZyXEL Communications Corporation.                                                                                                   
                    
                    Inhaltszusammenfassung zur Seite Nr. 12 
                    
                          ZyWALL 2WG Support Notes      4) If dialed up successfully, you can see the GUI home page as shown below. You will get the "WAN2  connection is up" and "3G card's signal strength" messages in the latest alerts.    12   All contents copyright (c) 2006 ZyXEL Communications Corporation.                                                                                                                                                                                                                      
                    
                    Inhaltszusammenfassung zur Seite Nr. 13 
                    
                          ZyWALL 2WG Support Notes    Utilize the embedded wireless card to provide LAN users access  1). Go to GUI menu Network > WIRELESS CARD, enable it and configure the other parameters like 802.11  mode (four modes available: 802.11b only, 802.11g only, 802.11b+g, 802.11a only), channel ID, super mode,  RTS/CTS, fragmentation, output power(four options: 100%, 50%, 25%, 12.5%) and roaming.  ZyWALL 2WG allows you to configure up to 8 SSID profiles. Choose the SSID profile you want to use and  click 
                    
                    Inhaltszusammenfassung zur Seite Nr. 14 
                    
                          ZyWALL 2WG Support Notes      To configure the security and the MAC filter, go to Wireless Card > Security or Wireless Card > MAC Filter to  further configure it.  For example, we would like to provide the wireless access clients with preset MAC address filtering list.  Furthermore, these clients will also have to pass the security control described below.  a. Wireless security level to "WPA-PSK"with key "12345678".  b. Only allow the PC's with MAC of "00:A0:C5:11:22:33", "00:A0:C5:11:22:44", 
                    
                    Inhaltszusammenfassung zur Seite Nr. 15 
                    
                          ZyWALL 2WG Support Notes    15   All contents copyright (c) 2006 ZyXEL Communications Corporation.                                                                                                                                                                                                                                                                                                                                                                                                                
                    
                    Inhaltszusammenfassung zur Seite Nr. 16 
                    
                          ZyWALL 2WG Support Notes      16   All contents copyright (c) 2006 ZyXEL Communications Corporation.                                                                                                                                                                                                                                                                                                                                                                                                              
                    
                    Inhaltszusammenfassung zur Seite Nr. 17 
                    
                          ZyWALL 2WG Support Notes    After you have configured the Security and MAC filter profiles, you can choose them in the main page  of wireless card setting as shown    17   All contents copyright (c) 2006 ZyXEL Communications Corporation.                                                                                                                                                                                                                                                                     
                    
                    Inhaltszusammenfassung zur Seite Nr. 18 
                    
                          ZyWALL 2WG Support Notes    Seamless Incorporation into your network    Using Transparent (Bridge Mode) Firewall   If user wants to insert a firewall into current network, IP setting of hosts and servers may need to change.  Following example illustrates an example of current deployment: servers and other hosts sit in the same IP  segment.      If a router mode firewall is inserted into existing network, user may need to reassign the IP of all servers  and hosts and related setting of applicat
                    
                    Inhaltszusammenfassung zur Seite Nr. 19 
                    
                          ZyWALL 2WG Support Notes        Deploying a transparent mode firewall doesn’t require any changes of settings on the original network  topology. It works as bridge/switch; therefore, all the hosts can communicate with each other as without  firewall in between. At the same time, the transparent firewall can check the packets passing through it  and block attacks and limit unauthorized access through access control right.     In the following section, we will explain how to configure ZyWALL as 
                    
                    Inhaltszusammenfassung zur Seite Nr. 20 
                    
                          ZyWALL 2WG Support Notes    User can configure ZyWALL to act as a router mode firewall or bridge (transparent) firewall. The default  is router mode firewall.    Step1.  Before changing ZyWALL to bridge mode, if admin wants to make the ZyWALL’s LAN PC be  able to get DHCP IP address assignment from the DHCP server or the gateway upper than the ZyWALL,  there is one firewall rule needs to be activated.    Go to Firewall >> Rule Summary; choose ‘WAN to LAN’ from ‘Packet Direction’. You will see