|
•
|
Ports are the physical ports to which you connect cables.
|
|
•
|
Interfaces are used within the system operationally. You use them in configuring various features. An interface also describes a network that is directly connected to the ZyWALL. For example, You connect the LAN network to the LAN interface.
|
|
•
|
Zones are groups of interfaces used to ease security policy configuration.
|
|
•
|
(For USG 300/1000/2000 only) Use the Port Grouping screen (Port Role) to create port groups and to assign physical ports and port groups to Ethernet interfaces.
|
|
•
|
(For USG 20/20W/50/100/200 only) Use the Port Role screen (Port Role) to create port groups and to assign physical ports and port groups to Ethernet interfaces.
|
|
•
|
Use the Ethernet screens (Ethernet Summary) to configure the Ethernet interfaces. Ethernet interfaces are the foundation for defining other interfaces and network policies. RIP and OSPF are also configured in these interfaces.
|
|
•
|
|
•
|
Use the Cellular screens (Cellular Configuration (3G)) to configure settings for interfaces for Internet connections through an installed 3G card.
|
|
•
|
(For USG 20W only) Use the WLAN screens (WLAN Interface General) to configure settings for interfaces on the embedded wireless LAN card.
|
|
•
|
(For USG 100/200/300 only) Use the WLAN screens (WLAN Interface General) to configure settings for interfaces on an installed wireless LAN card.
|
|
•
|
Use the Tunnel screens (Tunnel Interfaces) to configure tunnel interfaces to be used in Generic Routing Encapsulation (GRE), IPv6 in IPv4, and 6to4 tunnels.
|
|
•
|
Use the VLAN screens (VLAN Interfaces) to divide the physical network into multiple logical networks. VLAN interfaces receive and send tagged frames. The ZyWALL automatically adds or removes the tags as needed. Each VLAN can only be associated with one Ethernet interface.
|
|
•
|
Use the Bridge screens (Bridge Interfaces) to combine two or more network segments into a single network.
|
|
•
|
Use the Auxiliary screens (Auxiliary Interface) to configure the ZyWALL’s auxiliary interface to use an external modem.
|
|
•
|
Use the Virtual Interface screen (Virtual Interfaces Add/Edit) to create virtual interfaces on top of Ethernet interfaces to tell the ZyWALL where to route packets. You can create virtual Ethernet interfaces, virtual VLAN interfaces, and virtual bridge interfaces.
|
|
•
|
Setting interfaces to the same port role forms a port group. Port groups create a hardware connection between physical ports at the layer-2 (data link, MAC address) level. Port groups are created when you use the Interface > Port Roles or Interface > Port Groups screen to set multiple physical ports to be part of the same interface.
|
|
•
|
Ethernet interfaces are the foundation for defining other interfaces and network policies. RIP and OSPF are also configured in these interfaces.
|
|
•
|
Tunnel interfaces send IPv4 or IPv6 packets from one network to a specific network through the Internet or a public network.
|
|
•
|
VLAN interfaces receive and send tagged frames. The ZyWALL automatically adds or removes the tags as needed. Each VLAN can only be associated with one Ethernet interface.
|
|
•
|
Bridge interfaces create a software connection between Ethernet or VLAN interfaces at the layer-2 (data link, MAC address) level. Unlike port groups, bridge interfaces can take advantage of some security features in the ZyWALL. You can also assign an IP address and subnet mask to the bridge.
|
|
•
|
PPP interfaces support Point-to-Point Protocols (PPP). ISP accounts are required for PPPoE/PPTP interfaces.
|
|
•
|
Cellular interfaces are for 3G WAN connections via a connected 3G device.
|
|
•
|
WLAN interfaces are for wireless LAN (IEEE 802.11b/g/n) connections via the embedded wireless LAN card (for USG 20W only).
|
|
•
|
WLAN interfaces are for wireless LAN (IEEE 802.11b/g) connections via an installed wireless LAN card (for USG 100/200/300 only).
|
|
•
|
Virtual interfaces provide additional routing information in the ZyWALL. There are three types: virtual Ethernet interfaces, virtual VLAN interfaces, and virtual bridge interfaces.
|
|
•
|
The auxiliary interface, along with an external modem, provides an interface the ZyWALL can use to dial out. This interface can be used as a backup WAN interface, for example. The auxiliary interface controls the AUX port.
|
|
•
|
Trunk interfaces manage load balancing between interfaces.
|
|
lan1, lan2, dmz
|
pppx
|
vlanx
|
brx
|
||||
|
Bandwidth restrictions
|
|||||||
|
WAN1, WAN2, OPT*
|
|
|
•
|
Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0.
|
|
•
|
Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015, 2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
|
|
•
|
See How to Configure Interfaces, Port Roles, and Zones for an example of configuring Ethernet interfaces, port role/grouping, and zones.
|
|
•
|
See How to Configure a Cellular Interface for an example of configuring a cellular (3G) interface.
|
|
•
|
See How to Set Up a Wireless LAN for an example of setting up a wireless LAN.
|
|
•
|
There is a layer-2 Ethernet switch between physical ports in the port group. This provides wire-speed throughput but no security.
|
|
•
|
A port's IP address varies as its role changes, make sure your computer's IP address is in the same subnet as the ZyWALL's lan1, lan2, ext-wlan or dmz IP address.
|
|
•
|
|
•
|
There is a layer-2 Ethernet switch between physical ports in the port group. This provides wire-speed throughput but no security.
|
|
Configuration / IPv6 Configuration
|
Use the Configuration section for IPv4 network settings. Use the IPv6 Configuration section for IPv6 network settings if you connect your ZyWALL to an IPv6 network. Both sections have similar fields as described below.
|
|
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
|
|
|
To remove a virtual interface, select it and click Remove. The ZyWALL confirms you want to remove it before doing so.
|
|
|
To turn off an interface, select it and click Inactivate.
|
|
|
Create Virtual Interface
|
To open the screen where you can create a virtual Ethernet interface, select an Ethernet interface and click Create Virtual Interface.
|
|
Select an entry and click Object Reference to open a screen that shows which settings use the entry.
|
|
|
This field displays the current IP address of the interface. If the IP address is 0.0.0.0 (in the IPv4 network) or :: (in the IPv6 network), the interface does not have an IP address yet.
In the IPv4 network, this screen also shows whether the IP address is a static IP address (STATIC) or dynamically assigned (DHCP). IP addresses are always static in virtual interfaces.
In the IPv6 network, this screen also shows whether the IP address is a static IP address (STATIC), link-local IP address (LINK LOCAL), dynamically assigned (DHCP), or an IPv6 StateLess Address AutoConfiguration IP address (SLAAC).
|
|
|
Click Apply to save your changes back to the ZyWALL.
|
|
|
Click Reset to return the screen to its last-saved settings.
|
|
Note:
|
If you create IP address objects based on an interface’s IP address, subnet, or gateway, the ZyWALL automatically updates every rule or setting that uses the object whenever the interface’s IP address settings change. For example, if you change the LAN’s IP address, the ZyWALL automatically updates the corresponding interface-based, LAN subnet address object.
|
|
•
|
Select which direction(s) routing information is exchanged - The ZyWALL can receive routing information, send routing information, or do both.
|
|
•
|
|
•
|
Select the broadcasting method used by RIP-2 packets - The ZyWALL can use subnet broadcasting or multicasting.
|
|
•
|
Select in which direction(s) routing information is exchanged - The ZyWALL can receive routing information, send routing information, or do both.
|
|
IPv4/IPv6 View / IPv4 View / IPv6 View
|
Use this button to display both IPv4 and IPv6, IPv4-only, or IPv6-only configuration fields.
|
||||
|
Show Advance Settings / Hide Advance Settings
|
|||||
|
Click this button to create a DHCPv6 lease or DHCPv6 request object that you may use for the DHCPv6 settings in this screen.
|
|||||
|
General IPv6 Setting
|
|||||
|
This is field is configurable for the OPT interface only. Select to which type of network you will connect this interface. When you select internal or external the rest of the screen’s options automatically adjust to correspond. The ZyWALL automatically adds default route and SNAT settings for traffic it routes from internal interfaces to external interfaces; for example LAN to WAN traffic.
internal is for connecting to a local network. Other corresponding configuration options: DHCP server and DHCP relay. The ZyWALL automatically adds default SNAT settings for traffic flowing from this interface to an external interface.
external is for connecting to an external network (like the Internet). The ZyWALL automatically adds this interface to the default WAN trunk.
For general, the rest of the screen’s options do not automatically adjust and you must manually configure a policy route to add routing and SNAT settings for the interface.
|
|||||
|
Specify a name for the interface. It can use alphanumeric characters, hyphens, and underscores, and it can be up to 11 characters long.
|
|||||
|
Select the zone to which this interface is to belong. You use zones to apply security settings such as firewall, IDP, remote management, anti-virus, and application patrol.
|
|||||
|
Enter a description of this interface. It is not used elsewhere. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|||||
|
IP Address Assignment
|
These IP address fields configure an IPv4 IP address on the interface itself. If you change this IP address on the interface, you may also need to change a related address object for the network connected to the interface. For example, if you use this screen to change the IP address of your LAN interface, you should also change the corresponding LAN subnet address object.
|
||||
|
Get Automatically
|
This option appears when Interface Type is external or general. Select this to make the interface a DHCP client and automatically get the IP address, subnet mask, and gateway address from a DHCP server.
|
||||
|
Use Fixed IP Address
|
This option appears when Interface Type is external or general. Select this if you want to specify the IP address, subnet mask, and gateway manually.
|
||||
|
Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network.
|
|||||
|
This option appears when Interface Type is external or general. Enter the IP address of the gateway. The ZyWALL sends packets to the gateway when it does not know how to route the packet to its destination. The gateway should be on the same network as the interface.
|
|||||
|
This option appears when Interface Type is external or general. Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|||||
|
IPv6 Address Assignment
|
|||||
|
Enable Stateless Address Auto-configuration (SLAAC)
|
Select this to enable IPv6 stateless auto-configuration on this interface. The interface will generate an IPv6 IP address itself from a prefix obtained from an IPv6 router in the network.
|
||||
|
Link-Local address
|
This displays the IPv6 link-local address and the network prefix that the ZyWALL generates itself for the interface.
|
||||
|
IPv6 Address/Prefix Length
|
Enter the IPv6 address and the prefix length for this interface if you want to use a static IP address. This field is optional.
The prefix length indicates what the left-most part of the IP address is the same for all computers in the network, that is, the network address.
|
||||
|
Enter the IPv6 address of the default outgoing gateway using colon (:) hexadecimal notation.
|
|||||
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|||||
|
Address from DHCPv6 Prefix Delegation
|
Use this table to have the ZyWALL obtain an IPv6 prefix from the ISP or a connected uplink router for an internal network, such as the LAN or DMZ. You have to also enter a suffix address which is appended to the delegated prefix to form an address for this interface.
|
||||
|
Enter the ending part of the IPv6 address, a slash (/), and the prefix length. The ZyWALL will append it to the delegated prefix.
For example, you got a delegated prefix of 2003:1234:5678/48. You want to configure an IP address of 2003:1234:5678:1111::1/128 for this interface, then enter ::1111:0:0:0:1/128 in this field.
|
|||||
|
|||||
|
This field displays the DHCP Unique IDentifier (DUID) of the interface, which is unique and used for identification purposes when the interface is exchanging DHCPv6 messages with others.
|
|||||
|
Customized DUID
|
|||||
|
Enable Rapid Commit
|
Select this to shorten the DHCPv6 message exchange process from four to two steps. This function helps reduce heavy network traffic load.
|
||||
|
Information Refresh Time
|
Enter the number of seconds a DHCPv6 client should wait before refreshing information retrieved from DHCPv6.
|
||||
|
This field is available if you set this interface to DHCPv6 Client. Select this to get an IPv6 IP address for this interface from the DHCP server. Clear this to not get any IP address information through DHCPv6.
|
|||||
|
DHCPv6 Request Options /
DHCPv6 Lease Options
|
If this interface is a DHCPv6 client, use this section to configure DHCPv6 request settings that determine what additional information to get from the DHCPv6 server. If the interface is a DHCPv6 server, use this section to configure DHCPv6 lease settings that determine what additional information to offer to the DHCPv6 clients.
|
||||
|
Click this to create an entry in this table. See Add/Edit DHCPv6 Request/Release Options for more information.
|
|||||
|
Select an entry and click Object Reference to open a screen that shows which settings use the entry.
|
|||||
|
This field displays the IPv6 prefix that the ZyWALL obtained from an uplink router (Server is selected) or will advertise to its clients (Client is selected).
|
|||||
|
When Relay is selected, select this check box and an interface from the drop-down list if you want to use it as the relay server.
|
|||||
|
When Relay is selected, select this check box and enter the IP address of a DHCPv6 server as the relay server.
|
|||||
|
IPv6 Router Advertisement Setting
|
|||||
|
Enable Router Advertisement
|
|||||
|
Advertised Hosts Get Network Configuration From DHCPv6
|
Select this to have the ZyWALL indicate to hosts to obtain network settings (such as prefix and DNS settings) through DHCPv6.
Clear this to have the ZyWALL indicate to hosts that DHCPv6 is not available and they should use the prefix in the router advertisement message.
|
||||
|
Advertised Hosts Get Other Configuration From DHCPv6
|
Clear this to have the ZyWALL indicate to hosts that DNS information is not available in this network.
|
||||
|
Router Preference
|
Select the router preference (Low, Medium or High) for the interface. The interface sends this preference in the router advertisements to tell hosts what preference they should use for the ZyWALL. This helps hosts to choose their default router especially when there are multiple IPv6 router in the network.
|
||||
|
The Maximum Transmission Unit. Type the maximum size of each IPv6 data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL discards the packet and sends an error message to the sender to inform this.
|
|||||
|
Enter the maximum number of network segments that a packet can cross before reaching the destination. When forwarding an IPv6 packet, IPv6 routers are required to decrease the Hop Limit by 1 and to discard the IPv6 packet when the Hop Limit is 0.
|
|||||
|
Advertised Prefix Table
|
|||||
|
The prefix length indicates what the left-most part of the IP address is the same for all computers in the network, that is, the network address.
|
|||||
|
Advertised Prefix from DHCPv6 Prefix Delegation
|
This table is available when the Interface Type is internal. Use this table to configure the network prefix if you want to use a delegated prefix as the beginning part of the network prefix.
|
||||
|
Enter the ending part of the IPv6 network address plus a slash (/) and the prefix length. The ZyWALL will append it to the selected delegated prefix. The combined address is the network prefix for the network.
For example, you got a delegated prefix of 2003:1234:5678/48. You want to divide it into 2003:1234:5678:1111/64 for this interface and 2003:1234:5678:2222/64 for another interface. You can use ::1111/64 and ::2222/64 for the suffix address respectively. But if you do not want to divide the delegated prefix into subnetworks, enter ::0/48 here, which keeps the same prefix length (/48) as the delegated prefix.
|
|||||
|
|||||
|
Interface Parameters
|
|||||
|
Egress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576.
|
||||
|
Ingress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. Allowed values are 0 - 1048576.
|
||||
|
Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments. Allowed values are 576 - 1500. Usually, this value is 1500.
|
|||||
|
The interface can regularly check the connection to the gateway you specified to make sure it is still available. You specify how often the interface checks the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the ZyWALL stops routing to the gateway. The ZyWALL resumes routing to the gateway the first time the gateway passes the connectivity check.
|
|||||
|
Enable Connectivity Check
|
|||||
|
Select icmp to have the ZyWALL regularly ping the gateway you specify to make sure it is still available.
Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to make sure it is still available.
|
|||||
|
Check Fail Tolerance
|
Enter the number of consecutive failures before the ZyWALL stops routing through the gateway.
|
||||
|
Check Default Gateway
|
|||||
|
Check this address
|
Select this to specify a domain name or IP address for the connectivity check. Enter that domain name or IP address in the field next to it.
|
||||
|
This field only displays when you set the Check Method to tcp. Specify the port number to use for a TCP connectivity check.
|
|||||
|
None - the ZyWALL does not provide any DHCP services. There is already a DHCP server on the network.
DHCP Relay - the ZyWALL routes DHCP requests to one or more DHCP servers you specify. The DHCP server(s) may be on another network.
DHCP Server - the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to the network. The ZyWALL is the DHCP server for the network.
|
|||||
|
These fields appear if the ZyWALL is a DHCP Relay.
|
|||||
|
These fields appear if the ZyWALL is a DHCP Server.
|
|||||
|
IP Pool Start Address
|
Enter the IP address from which the ZyWALL begins allocating IP addresses. If you want to assign a static IP address to a specific computer, use the Static DHCP Table.
If this field is blank, the Pool Size must also be blank. In this case, the ZyWALL can assign every IP address allowed by the interface’s IP address and subnet mask, except for the first address (network address), last address (broadcast address) and the interface’s IP address.
|
||||
|
Enter the number of IP addresses to allocate. This number must be at least one and is limited by the interface’s Subnet Mask. For example, if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is 10.10.10.10, the ZyWALL can allocate 10.10.10.10 to 10.10.10.254, or 245 IP addresses.
If this field is blank, the IP Pool Start Address must also be blank. In this case, the ZyWALL can assign every IP address allowed by the interface’s IP address and subnet mask, except for the first address (network address), last address (broadcast address) and the interface’s IP address.
|
|||||
|
First DNS Server, Second DNS Server, Third DNS Server
|
Specify the IP addresses up to three DNS servers for the DHCP clients to use. Use one of the following ways to specify these IP addresses.
Custom Defined - enter a static IP address.
From ISP - select the DNS server that another interface received from its DHCP server.
ZyWALL - the DHCP clients use the IP address of this interface and the ZyWALL works as a DNS relay.
|
||||
|
First WINS Server, Second WINS Server
|
Type the IP address of the WINS (Windows Internet Naming Service) server that you want to send to the DHCP clients. The WINS server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using.
|
||||
|
If you set this interface to DHCP Server, you can select to use either the interface’s IP address or another IP address as the default router. This default router will become the DHCP clients’ default gateway.
To use another IP address as the default router, select Custom Defined and enter the IP address.
|
|||||
|
Specify how long each computer can use the information (especially the IP address) before it has to request the information again. Choices are:
infinite - select this if IP addresses never expire.
days, hours, and minutes - select this to enter how long IP addresses are valid.
|
|||||
|
Extended Options
|
This table is available if you selected DHCP server.
Configure this table if you want to send more information to DHCP clients through DHCP packets.
|
||||
|
Enable IP/MAC Binding
|
Select this option to have this interface enforce links between specific IP addresses and specific MAC addresses. This stops anyone else from manually using a bound IP address on another device connected to this interface. Use this to make use only the intended users get to use specific IP addresses.
|
||||
|
Enable Logs for IP/MAC Binding Violation
|
Select this option to have the ZyWALL generate a log if a device connected to this interface attempts to use an IP address that is bound to another device’s MAC address.
|
||||
|
Static DHCP Table
|
Configure a list of static IP addresses the ZyWALL assigns to computers connected to the interface. Otherwise, the ZyWALL assigns an IP address dynamically using the interface’s IP Pool Start Address and Pool Size.
|
||||
|
Enter a description to help identify this static DHCP entry. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|||||
|
This field is effective when RIP is enabled. Select the RIP direction from the drop-down list box.
BiDir - This interface sends and receives routing information.
In-Only - This interface receives routing information.
Out-Only - This interface sends routing information.
|
|||||
|
This field is effective when RIP is enabled. Select the RIP version(s) used for sending RIP packets. Choices are 1, 2, and 1 and 2.
|
|||||
|
This field is effective when RIP is enabled. Select the RIP version(s) used for receiving RIP packets. Choices are 1, 2, and 1 and 2.
|
|||||
|
This field is effective when RIP is enabled. Select this to send RIP-2 packets using subnet broadcasting; otherwise, the ZyWALL uses multicasting.
|
|||||
|
Select the area in which this interface belongs. Select None to disable OSPF in this interface.
|
|||||
|
Enter the priority (between 0 and 255) of this interface when the area is looking for a Designated Router (DR) or Backup Designated Router (BDR). The highest-priority interface identifies the DR, and the second-highest-priority interface identifies the BDR. Set the priority to zero if the interface can not be the DR or BDR.
|
|||||
|
Passive Interface
|
Select this to stop forwarding OSPF routing information from the selected interface. As a result, this interface only receives routing information.
|
||||
|
Select an authentication method, or disable authentication. To exchange OSPF routing information with peer border routers, you must use the same authentication method that they use. Choices are:
Same-as-Area - use the default authentication method in the area
None - disable authentication
Text - authenticate OSPF routing information using a plain-text password
MD5 - authenticate OSPF routing information using MD5 encryption
|
|||||
|
Text Authentication Key
|
This field is available if the Authentication is Text. Type the password for text authentication. The key can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
|
||||
|
MD5 Authentication ID
|
This field is available if the Authentication is MD5. Type the ID for MD5 authentication. The ID can be between 1 and 255.
|
||||
|
MD5 Authentication Key
|
This field is available if the Authentication is MD5. Type the password for MD5 authentication. The password can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
|
||||
|
MAC Address Setting
|
This section appears when Interface Properties is External or General. Have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of another device or computer.
|
||||
|
Use Default MAC Address
|
Select this option to have the interface use the factory assigned default MAC address. By default, the ZyWALL uses the factory assigned MAC address to identify itself.
|
||||
|
Overwrite Default MAC Address
|
Select this option to have the interface use a different MAC address. Either enter the MAC address in the fields or click Clone by host and enter the IP address of the device or computer whose MAC you are cloning. Once it is successfully configured, the address will be copied to the configuration file. It will not change unless you change the setting or upload a different configuration file.
|
||||
|
Configure PPPoE/PPTP
|
Click PPPoE/PPTP if this interface’s Internet connection uses PPPoE or PPTP.
|
||||
|
Click VLAN if you want to configure a VLAN interface for this Ethernet interface.
|
|||||
|
Configure WAN TRUNK
|
Click WAN TRUNK to go to a screen where you can set this interface to be part of a WAN trunk for load balancing.
|
||||
|
Configure Policy Route
|
Click Policy Route to go to the policy route summary screen where you can manually associate traffic with this interface.
You must manually configure a policy route to add routing and SNAT settings for an interface with the Interface Type set to general. You can also configure a policy route to override the default routing and SNAT behavior for an interface with an Interface Type of internal or external.
|
||||
|
Click OK to save your changes back to the ZyWALL.
|
|||||
|
Click Cancel to exit this screen without saving.
|
|
This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window.
|
|
|
This is the type of setting that references the selected object. Click a service’s name to display the service’s configuration screen in the main window.
|
|
|
If it is applicable, this field lists the referencing configuration item’s position in its list, otherwise N/A displays.
|
|
|
Click Cancel to close the screen.
|
|
Select which DHCP option that you want to add in the DHCP packets sent through the interface. Select User Defined to specify another DHCP option. See Table DHCP Extended Options.
|
|
|
This field displays the name of the selected DHCP option. If you selected User Defined in the Option field, enter a descriptive name to identify the DHCP option. You can enter up to 16 characters (“a-z”, “A-Z, “0-9”, “-”, and “_”) with no spaces allowed. The first character must be alphabetical (a-z, A-Z).
|
|
|
This field displays the code number of the selected DHCP option. If you selected User Defined in the Option field, enter a number for the option. This field is mandatory.
|
|
|
This is the type of the selected DHCP option. If you selected User Defined in the Option field, select an appropriate type for the value that you will enter in the next field.
|
|
|
Enter the value for the selected DHCP option. For example, if you selected TFTP Server Name (66) and the type is TEXT, enter the DNS domain name of a TFTP server here. This field is mandatory.
|
|
|
First IP Address, Second IP Address, Third IP Address
|
If you selected Time Server (4), NTP Server (41), SIP Server (120), CAPWAP AC (138), or TFTP Server (150), you have to enter at least one IP address of the corresponding servers in these fields. The servers should be listed in order of your preference.
|
|
First Enterprise ID, Second Enterprise ID
|
If you selected VIVC (124) or VIVS (125), you have to enter at least one vendor’s 32-bit enterprise number in these fields. An enterprise number is a unique number that identifies a company.
|
|
First Class, Second Class
|
If you selected VIVC (124), enter the details of the hardware configuration of the host on which the client is running, or of industry consortium compliance.
|
|
First Information, Second Information
|
If you selected VIVS (125), enter additional information for the corresponding enterprise number in these fields.
|
|
Click Cancel to close the screen.
|
|
This option specifies the offset of the client's subnet in seconds from Coordinated Universal Time (UTC).
|
||
|
This option is used to identify a TFTP server when the “sname” field in the DHCP header has been used for DHCP options. The minimum length of the value is 1.
|
||
|
This option is used to identify a bootfile when the “file” field in the DHCP header has been used for DHCP options. The minimum length of the value is 1.
|
||
|
This option carries either an IPv4 address or a DNS domain name to be used by the SIP client to locate a SIP server.
|
||
|
A DHCP client may use this option to unambiguously identify the vendor that manufactured the hardware on which the client is running, the software in use, or an industry consortium to which the vendor belongs.
|
||
|
DHCP clients and servers may use this option to exchange vendor-specific information.
|
||
|
The Control And Provisioning of Wireless Access Points Protocol allows a Wireless Termination Point (WTP) to use DHCP to discover the Access Controllers to which it is to connect. This option carries a list of IPv4 addresses indicating one or more CAPWAP ACs available to the WTP.
|
||
|
The option contains one or more IPv4 addresses that the client may use. The current use of this option is for downloading configuration from a VoIP server via TFTP; however, the option may be used for purposes other than contacting a VoIP configuration server.
|
|
User Configuration / System Default
|
The ZyWALL comes with the (non-removable) System Default PPP interfaces pre-configured. You can create (and delete) User Configuration PPP interfaces.
|
|
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
|
|
|
To remove a user-configured PPP interface, select it and click Remove. The ZyWALL confirms you want to remove it before doing so.
|
|
|
To turn on an entry, select it and click Activate.
|
|
|
To turn off an entry, select it and click Inactivate.
|
|
|
To connect an interface, select it and click Connect. You might use this in testing the interface or to manually establish the connection for a Dial-on-Demand PPPoE/PPTP interface.
|
|
|
To disconnect an interface, select it and click Disconnect. You might use this in testing the interface.
|
|
|
Select an entry and click Object Reference to open a screen that shows which settings use the entry.
|
|
|
The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is inactive.
|
|
|
Click Apply to save your changes back to the ZyWALL.
|
|
|
Click Reset to return the screen to its last-saved settings.
|
|
IPv4/IPv6 View / IPv4 View / IPv6 View
|
Use this button to display both IPv4 and IPv6, IPv4-only, or IPv6-only configuration fields.
|
||||
|
Show Advance Settings / Hide Advance Settings
|
|||||
|
Click this button to create an ISP Account or a DHCPv6 request object that you may use for the ISP or DHCPv6 settings in this screen.
|
|||||
|
General IPv6 Setting
|
|||||
|
Specify a name for the interface. It can use alphanumeric characters, hyphens, and underscores, and it can be up to 11 characters long.
|
|||||
|
Select the zone to which this PPP interface belongs. The zone determines the security settings the ZyWALL uses for the interface.
|
|||||
|
Enter a description of this interface. It is not used elsewhere. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|||||
|
Select this if the PPPoE/PPTP connection should always be up. Clear this to have the ZyWALL establish the PPPoE/PPTP connection only when there is traffic. You might use this option if a lot of traffic needs to go through the interface or it does not cost extra to keep the connection up all the time.
|
|||||
|
Select this to have the ZyWALL establish the PPPoE/PPTP connection only when there is traffic. You might use this option if there is little traffic through the interface or if it costs money to keep the connection available.
|
|||||
|
Select the ISP account that this PPPoE/PPTP interface uses. The drop-down box lists ISP accounts by name. Use Create new Object if you need to configure a new ISP account.
|
|||||
|
This field is read-only. It displays the PPPoE service name specified in the ISP account. This field is blank if the ISP account uses PPTP.
|
|||||
|
IP Address Assignment
|
Click Show Advanced Settings to display more settings. Click Hide Advanced Settings to display fewer settings.
|
||||
|
Get Automatically
|
Select this if this interface is a DHCP client. In this case, the DHCP server configures the IP address automatically. The subnet mask and gateway are always defined automatically in PPPoE/PPTP interfaces.
|
||||
|
Use Fixed IP Address
|
|||||
|
This field is enabled if you select Use Fixed IP Address.
|
|||||
|
Enter the priority of the gateway (the ISP) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|||||
|
IPv6 Address Assignment
|
|||||
|
Enable Stateless Address Auto-configuration (SLAAC)
|
Select this to enable IPv6 stateless auto-configuration on this interface. The interface will generate an IPv6 IP address itself from a prefix obtained from an IPv6 router in the network.
|
||||
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|||||
|
Address from DHCPv6 Prefix Delegation
|
Use this table to have the ZyWALL obtain an IPv6 prefix from the ISP or a connected uplink router for an internal network, such as the LAN or DMZ. You have to also enter a suffix address which is appended to the delegated prefix to form an address for this interface.
|
||||
|
Enter the ending part of the IPv6 address, a slash (/), and the prefix length. The ZyWALL will append it to the delegated prefix.
For example, you got a delegated prefix of 2003:1234:5678/48. You want to configure an IP address of 2003:1234:5678:1111::1/128 for this interface, then enter ::1111:0:0:0:1/128 in this field.
|
|||||
|
|||||
|
Select Client to obtain an IP address and DNS information from the service provider for the interface. Otherwise, select N/A to diable the function.
|
|||||
|
This field displays the DHCP Unique IDentifier (DUID) of the interface, which is unique and used for identification purposes when the interface is exchanging DHCPv6 messages with others.
|
|||||
|
Customized DUID
|
|||||
|
Enable Rapid Commit
|
Select this to shorten the DHCPv6 message exchange process from four to two steps. This function helps reduce heavy network traffic load.
|
||||
|
Select this to get an IPv6 IP address for this interface from the DHCP server. Clear this to not get any IP address information through DHCPv6.
|
|||||
|
DHCPv6 Request Options
|
Use this section to configure DHCPv6 request settings that determine what additional information to get from the DHCPv6 server.
|
||||
|
Select an entry and click Object Reference to open a screen that shows which settings use the entry.
|
|||||
|
Interface Parameters
|
|||||
|
Egress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576.
|
||||
|
Ingress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. Allowed values are 0 - 1048576.
|
||||
|
Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments. Allowed values are 576 - 1492. Usually, this value is 1492.
|
|||||
|
The interface can regularly check the connection to the gateway you specified to make sure it is still available. You specify how often the interface checks the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the ZyWALL stops routing to the gateway. The ZyWALL resumes routing to the gateway the first time the gateway passes the connectivity check.
|
|||||
|
Enable Connectivity Check
|
|||||
|
Select icmp to have the ZyWALL regularly ping the gateway you specify to make sure it is still available.
Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to make sure it is still available.
|
|||||
|
Check Fail Tolerance
|
Enter the number of consecutive failures before the ZyWALL stops routing through the gateway.
|
||||
|
Check Default Gateway
|
|||||
|
Check this address
|
Select this to specify a domain name or IP address for the connectivity check. Enter that domain name or IP address in the field next to it.
|
||||
|
This field only displays when you set the Check Method to tcp. Specify the port number to use for a TCP connectivity check.
|
|||||
|
Configure WAN TRUNK
|
Click WAN TRUNK to go to a screen where you can configure the interface as part of a WAN trunk for load balancing.
|
||||
|
Click Policy Route to go to the screen where you can manually configure a policy route to associate traffic with this interface.
|
|||||
|
Click OK to save your changes back to the ZyWALL.
|
|||||
|
Click Cancel to exit this screen without saving.
|
|
Note:
|
The actual data rate you obtain varies depending on the 3G card you use, the signal strength to the service provider’s base station, and so on.
|
|
•
|
You can set the 3G device to connect only to the home network, which is the network to which you are originally subscribed.
|
|
•
|
You can set the 3G device to connect to other networks if the signal strength of the home network is too low or it is unavailable.
|
|
Note:
|
The WAN IP addresses of a ZyWALL with multiple WAN interfaces must be on different subnets.
|
|
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
|
|
|
To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it before doing so.
|
|
|
To turn on an entry, select it and click Activate.
|
|
|
To turn off an entry, select it and click Inactivate.
|
|
|
To connect an interface, select it and click Connect. You might use this in testing the interface or to manually establish the connection.
|
|
|
To disconnect an interface, select it and click Disconnect. You might use this in testing the interface.
|
|
|
Object References
|
Select an entry and click Object Reference to open a screen that shows which settings use the entry.
|
|
Connected Device
|
|
|
Click Apply to save your changes back to the ZyWALL.
|
|
|
Click Reset to return the screen to its last-saved settings.
|
|
Show Advance Settings / Hide Advance Settings
|
|
|
Select the zone to which you want the cellular interface to belong. The zone determines the security settings the ZyWALL uses for the interface.
|
|
|
Connected Device
|
This displays the manufacturer and model name of your 3G card if you inserted one in the ZyWALL. Otherwise, it displays none.
|
|
Enter a description of this interface. It is not used elsewhere. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|
|
Select this if the connection should always be up. Clear this to have the ZyWALL to establish the connection only when there is traffic. You might not nail up the connection if there is little traffic through the interface or if it costs money to keep the connection available.
|
|
|
This value specifies the time in seconds (0~360) that elapses before the ZyWALL automatically disconnects from the ISP’s server. Zero disables the idle timeout.
|
|
|
Select Device to use one of the 3G device’s profiles of device settings. Then select the profile (use Profile 1 unless your ISP instructed you to do otherwise).
Select Custom to configure your device settings yourself.
|
|
|
This field is read-only if you selected Device in the profile selection. Select Custom in the profile selection to be able to manually input the APN (Access Point Name) provided by your service provider. This field applies with a GSM or HSDPA 3G card. Enter the APN from your service provider. Connections with different APNs may provide different services (such as Internet access or MMS (Multi-Media Messaging Service)) and charge method.
|
|
|
Enter the dial string if your ISP provides a string, which would include the APN, to initialize the 3G card.
|
|
|
Authentication Type
|
The ZyWALL supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). CHAP is more secure than PAP; however, PAP is readily available on more platforms.
Use the drop-down list box to select an authentication protocol for outgoing calls. Options are:
None: No authentication for outgoing calls.
CHAP - Your ZyWALL accepts CHAP requests only.
PAP - Your ZyWALL accepts PAP requests only.
|
|
This field displays when you select an authentication type other than None. This field is read-only if you selected Device in the profile selection. If this field is configurable, enter the user name for this 3G card exactly as the service provider gave it to you.
You can use 1 ~ 64 alphanumeric and #:%-_@$./ characters. The first character must be alphanumeric or -_@$./. Spaces are not allowed.
|
|
|
This field displays when you select an authentication type other than None. This field is read-only if you selected Device in the profile selection and the password is included in the 3G card’s profile. If this field is configurable, enter the password for this SIM card exactly as the service provider gave it to you.
You can use 0 ~ 63 alphanumeric and `~!@#$%^&*()_-+={}|;:'<,>./ characters. Spaces are not allowed.
|
|
|
Retype to Confirm
|
This field displays when you select an authentication type other than None. This field is read-only if you selected Device in the profile selection and the password is included in the 3G card’s profile. If this field is configurable, re-enter the password for this SIM card exactly as the service provider gave it to you.
|
|
This field displays with a GSM or HSDPA 3G card. A PIN (Personal Identification Number) code is a key to a 3G card. Without the PIN code, you cannot use the 3G card.
Enter the 4-digit PIN code (0000 for example) provided by your ISP. If you enter the PIN code incorrectly, the 3G card may be blocked by your ISP and you cannot use the account to access the Internet.
|
|
|
Retype to Confirm
|
|
|
Interface Parameters
|
|
|
Egress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576. This setting is used in WAN load balancing and bandwidth management.
|
|
Ingress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. Allowed values are 0 - 1048576.
|
|
Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments. Allowed values are 576 - 1492. Usually, this value is 1492.
|
|
|
The interface can regularly check the connection to the gateway you specified to make sure it is still available. You specify how often the interface checks the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the ZyWALL stops routing to the gateway. The ZyWALL resumes routing to the gateway the first time the gateway passes the connectivity check.
|
|
|
Enable Connectivity Check
|
|
|
Select icmp to have the ZyWALL regularly ping the gateway you specify to make sure it is still available.
Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to make sure it is still available.
|
|
|
Check Fail Tolerance
|
Enter the number of consecutive failures before the ZyWALL stops routing through the gateway.
|
|
Check Default Gateway
|
|
|
Check this address
|
Select this to specify a domain name or IP address for the connectivity check. Enter that domain name or IP address in the field next to it.
|
|
This field only displays when you set the Check Method to tcp. Specify the port number to use for a TCP connectivity check.
|
|
|
Configure WAN TRUNK
|
Click WAN TRUNK to go to a screen where you can configure the interface as part of a WAN trunk for load balancing.
|
|
Configure Policy Route
|
Click Policy Route to go to the policy route summary screen where you can configure a policy route to override the default routing and SNAT behavior for the interface.
|
|
IP Address Assignment
|
|
|
Get Automatically
|
|
|
Use Fixed IP Address
|
|
|
IP Address Assignment
|
|
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|
|
This field appears if you selected a 3G device that allows you to select the type of network to use. Select the type of 3G service for your 3G connection. If you are unsure what to select, check with your 3G service provider to find the 3G service available to you in your region.
Select auto to have the card connect to an available network. Choose this option if you do not know what networks are available.
You may want to manually specify the type of network to use if you are charged differently for different types of network or you only have one type of network available to you.
Select GPRS / EDGE (GSM) only to have this interface only use a 2.5G or 2.75G network (respectively). If you only have a GSM network available to you, you may want to select this so the ZyWALL does not spend time looking for a WCDMA network.
Select UMTS / HSDPA (WCDMA) only to have this interface only use a 3G or 3.5G network (respectively). You may want to do this if you want to make sure the interface does not use the GSM network.
|
|
|
Network Selection
|
Select Home to have the 3G device connect only to the home network. If the home network is down, the ZyWALL’s 3G Internet connection is also unavailable.
Select Auto (Default) to allow the 3G device to connect to a network to which you are not subscribed when necessary, for example when the home network is down or another 3G base station's signal is stronger. This is recommended if you need continuous Internet connectivity. If you select this, you may be charged using the rate of a different network.
|
|
Enable Budget Control
|
Select this to set a monthly limit for the user account of the installed 3G card. You can set a limit on the total traffic and/or call time. The ZyWALL takes the actions you specified when a limit is exceeded during the month.
|
|
Select this and specify the amount of time (in hours) that the 3G connection can be used within one month. If you change the value after you configure and enable budget control, the ZyWALL resets the statistics.
|
|
|
Select this and specify how much downstream and/or upstream data (in Mega bytes) can be transmitted via the 3G connection within one month.
Select Download to set a limit on the downstream traffic (from the ISP to the ZyWALL).
Select Upload to set a limit on the upstream traffic (from the ZyWALL to the ISP).
Select Download/Upload to set a limit on the total traffic in both directions.
If you change the value after you configure and enable budget control, the ZyWALL resets the statistics.
|
|
|
Reset time and data budget counters on
|
Select the date on which the ZyWALL resets the budget every month. If the date you selected is not available in a month, such as 30th or 31st, the ZyWALL resets the budget on the last day of the month.
|
|
Reset time and data budget counters
|
Click this button to reset the time and data budgets immediately. The count starts over with the 3G connection’s full configured monthly time and data budgets. This does not affect the normal monthly budget restart; so if you configured the time and data budget counters to reset on the second day of the month and you use this button on the first, the time and data budget counters will still reset on the second.
|
|
Actions when over budget
|
|
|
Select None to not create a log, Log to create a log, or Log-alert to create an alert log. If you select Log or Log-alert you can also select recurring every to have the ZyWALL send a log or alert for this event periodically. Specify how often (from 1 to 65535 minutes) to send the log or alert.
|
|
|
New 3G connection
|
|
|
Current 3G connection
|
Select Keep to maintain an existing 3G connection or Drop to disconnect it. You cannot set New 3G connection to Allow and Current 3G connection to Drop at the same time.
If you set New 3G connection to Disallow and Current 3G connection to Keep, the ZyWALL allows you to transmit data using the current connection, but you cannot build a new connection if the existing connection is disconnected.
|
|
Actions when over % of time budget or % of data budget
|
Specify the actions the ZyWALL takes when the specified percentage of time budget or data limit is exceeded. Enter a number from 1 to 99 in the percentage fields. If you change the value after you configure and enable budget control, the ZyWALL resets the statistics.
Select None to not create a log when the ZyWALL takes this action, Log to create a log, or Log-alert to create an alert log. If you select Log or Log-alert you can also select recurring every to have the ZyWALL send a log or alert for this event periodically. Specify how often (from 1 to 65535 minutes) to send the log or alert.
|
|
Click OK to save your changes back to the ZyWALL.
|
|
|
Click Cancel to exit this screen without saving.
|
|
Show Advance Settings / Hide Advance Settings
|
|||||
|
Enable WLAN Device
|
Select this to turn on the wireless LAN card. It is recommended that you configure the wireless security settings before you use this option to turn on a wireless LAN card.
|
||||
|
Select whether you will let wireless clients connect to the ZyWALL using IEEE 802.11b, IEEE 802.11g, or both.
Select b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyWALL.
Select g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyWALL.
Select b+g to allow both IEEE 802.11b and IEEE 802.11g compliant WLAN devices to associate with the ZyWALL. The transmission rate of your ZyWALL might be reduced.
Select b+g+n to allow IEEE 802.11b, IEEE 802.11g and IEEE 802.11n compliant WLAN devices to associate with the ZyWALL. The transmission rate of your ZyWALL might be reduced.
Select g+n to allow both IEEE 802.11g and IEEE 802.11n compliant WLAN devices to associate with the ZyWALL. The transmission rate of your ZyWALL might be reduced.
|
|||||
|
This allows you to set the operating channel depending on your particular region. Select a channel from the drop-down list box.
|
|||||
|
|||||
|
CTS/RTS Threshold
|
Use CTS/RTS to reduce data collisions on the wireless network if you have wireless clients that are associated with the same AP but out of range of one another. When enabled, a wireless client sends an RTS (Request To Send) and then waits for a CTS (Clear To Send) before it transmits. This stops wireless clients from transmitting packets at the same time (and causing data collisions).
A wireless client sends an RTS for all packets larger than the number (of bytes) that you enter here. Set the RTS/CTS equal to or higher than the fragmentation threshold to turn RTS/CTS off.
|
||||
|
Fragmentation Threshold
|
This is the threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent.
When you set the 802.11 Band to include IEEE 802.11n you cannot configure this option and the interface automatically uses the default fragmentation threshold of 2346 bytes.
|
||||
|
Select the percentage of output power that this WLAN card is to use. If there is a high density of APs in the area, decrease the output power of the ZyWALL to reduce interference with other APs.
|
|||||
|
|||||
|
Aggregation MSDU(A-MSDU)
|
Check this to allow the grouping of several A-MSDUs (Aggregate MAC Service Data Units) into one large A-MPDU (Aggregate MAC Protocol Data Unit). This function allows faster data transfer rates.
|
||||
|
Check this to add the block ACK (BA) mechanism, in which multiple frames can be streamed out and acknowledged by a single frame. This function allows cutting the wait time between frames and increasing the data throughput.
|
|||||
|
Select Short to increase data throughput. However, this may make data transfer more prone to errors.
Select Long to prioritize data integrity. This may be because your wireless network is busy and congested.
The guard interval is the gap introduced between data transmission from users in order to reduce interference. Reducing the GI increases data transfer rates but also increases interference. Increasing the GI reduces data transfer rates but also reduces interference.
|
|||||
|
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
|
|||||
|
To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it before doing so.
|
|||||
|
To turn on an entry, select it and click Activate.
|
|||||
|
To turn off an entry, select it and click Inactivate.
|
|||||
|
Object References
|
Select an entry and click Object Reference to open a screen that shows which settings use the entry. See Object References for an example.
|
||||
|
This field displays the current IP address of the WLAN interface. If the IP address is 0.0.0.0, the interface does not have an IP address yet.
This screen also shows whether the IP address is a static IP address (STATIC) or dynamically assigned (DHCP). IP addresses are always static in virtual interfaces.
|
|||||
|
Click Apply to save your changes back to the ZyWALL.
|
|||||
|
Click Reset to return the screen to its last-saved settings.
|
|||||
|
•
|
You can use the ZyWALL’s local user database to use WPA or WPA2 without using an external RADIUS server. With WPA or WPA2, users have to log into the wireless network before using it. This is called user authentication. WPA and WPA2 are also called the enterprise version of WPA).
|
|
•
|
|
•
|
WEP is better than no security, but it is still possible for unauthorized devices to figure out the original information pretty quickly.
|
|
Show Advance Settings / Hide Advance Settings
|
|
|
Enter a description of this interface. It is not used elsewhere. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|
|
Virtual Access Point Settings
|
|
|
(Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. To make your wireless network more secure, change the default SSID to something that is difficult to guess.
|
|
|
Hide SSID Broadcast
|
Select to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning.
|
|
Block Intra BSS Traffic
|
|
|
Maximum Associations
|
Specify the highest number of wireless clients that are allowed to connect to the wireless interface at the same time.
|
|
WLAN Security Settings
|
|
|
Use this field to select the type of security to use for this wireless LAN interface. Select none to not use any security. See the following sections for details on the other security types.
|
|
|
Authentication server (IEEE 802.1x) settings are available when you use no security or WEP security and click Advanced.
Select the check box to enable wireless user authentication through an external authentication server.
|
|
|
Radius Server IP Address
|
|
|
Radius Server Port
|
|
|
Radius Server Secret
|
Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the ZyWALL. The key is not sent over the network. This key must be the same on the external authentication server and ZyWALL.
|
|
IP Address Assignment
|
|
|
Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network.
|
|
|
Interface Parameters
|
|
|
Egress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576. This setting is used in WAN load balancing and bandwidth management.
|
|
Ingress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. Allowed values are 0 - 1048576.
|
|
Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments. Allowed values are 576 - 1500. Usually, this value is 1500.
|
|
|
None - the ZyWALL does not provide any DHCP services. There is already a DHCP server on the network.
DHCP Relay - the ZyWALL routes DHCP requests to one or more DHCP servers you specify. The DHCP server(s) may be on another network.
DHCP Server - the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to the network. The ZyWALL is the DHCP server for the network.
|
|
|
These fields appear if the ZyWALL is a DHCP Relay.
|
|
|
These fields appear if the ZyWALL is a DHCP Server.
|
|
|
IP Pool Start Address
|
If this field is blank, the ZyWALL assigns every IP address allowed by the interface’s IP address, subnet mask, and pool size; except for the first address (network address), last address (broadcast address) and the interface’s IP address.
|
|
Enter the number of IP addresses to allocate. This number must be at least one and is limited by the interface’s Subnet Mask. For example, if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is 10.10.10.10, the ZyWALL can allocate 10.10.10.10 to 10.10.10.254, or 245 IP addresses.
If this field is blank, the ZyWALL can assign every IP address allowed by the interface’s IP address, subnet mask, and IP Pool Start Address; except for the first address (network address), last address (broadcast address) and the interface’s IP address.
|
|
|
First DNS Server
Second DNS Server
Third DNS Server
|
Specify the IP addresses of a maximum of three DNS servers that the network can use. The ZyWALL provides these IP addresses to DHCP clients. Use one of the following ways to specify these IP addresses.
Custom Defined - enter a static IP address.
From ISP - select the DNS server that another interface received from its DHCP server.
ZyWALL - the ZyWALL uses the IP address of this interface and works as a DNS relay.
|
|
First WINS Server, Second WINS Server
|
Type the IP address of the WINS (Windows Internet Naming Service) server that you want to send to the DHCP clients. The WINS server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using.
|
|
If you set this interface to DHCP Server, you can select to use either the interface’s IP address or another IP address as the default router. This default router will become the DHCP clients’ default gateway.
To use another IP address as the default router, select Custom Defined and enter the IP address.
|
|
|
Specify how long each computer can use the information (especially the IP address) before it has to request the information again. Choices are:
infinite - select this if IP addresses never expire.
days, hours, and minutes - select this to enter how long IP addresses are valid.
|
|
|
Extended Options
|
This table is available if you selected DHCP server.
Configure this table if you want to send more information to DHCP clients through DHCP packets.
|
|
Static DHCP Table
|
Configure a list of static IP addresses the ZyWALL assigns to computers connected to the interface. Otherwise, the ZyWALL assigns an IP address dynamically using the interface’s IP Pool Start Address and Pool Size.
|
|
Enter a description to help identify this static DHCP entry. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|
|
See The RIP Screen for more information about RIP.
|
|
|
This field is effective when RIP is enabled. Select the RIP direction from the drop-down list box.
BiDir - This interface sends and receives routing information.
In-Only - This interface receives routing information.
Out-Only - This interface sends routing information.
|
|
|
This field is effective when RIP is enabled. Select the RIP version(s) used for sending RIP packets. Choices are 1, 2, and 1 and 2.
|
|
|
This field is effective when RIP is enabled. Select the RIP version(s) used for receiving RIP packets. Choices are 1, 2, and 1 and 2.
|
|
|
This field is effective when RIP is enabled. Select this to send RIP-2 packets using subnet broadcasting; otherwise, the ZyWALL uses multicasting.
|
|
|
See The OSPF Screen for more information about OSPF.
|
|
|
Select the area in which this interface belongs. Select None to disable OSPF in this interface.
|
|
|
Enter the priority (between 0 and 255) of this interface when the area is looking for a Designated Router (DR) or Backup Designated Router (BDR). The highest-priority interface identifies the DR, and the second-highest-priority interface identifies the BDR. Set the priority to zero if the interface can not be the DR or BDR.
|
|
|
Passive Interface
|
Select this to stop forwarding OSPF routing information from the selected interface. As a result, this interface only receives routing information.
|
|
Select an authentication method, or disable authentication. To exchange OSPF routing information with peer border routers, you must use the same authentication method that they use. Choices are:
Same-as-Area - use the default authentication method in the area
None - disable authentication
Text - authenticate OSPF routing information using a plain-text password
MD5 - authenticate OSPF routing information using MD5 encryption
|
|
|
Text Authentication Key
|
This field is available if the Authentication is Text. Type the password for text authentication. The key can consist of alphanumeric characters and the underscore, and it can be up to eight characters long.
|
|
MD5 Authentication ID
|
This field is available if the Authentication is MD5. Type the ID for MD5 authentication. The ID can be between 1 and 255.
|
|
MD5 Authentication Key
|
This field is available if the Authentication is MD5. Type the password for MD5 authentication. The password can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
|
|
Click OK to save your changes back to the ZyWALL.
|
|
|
Click Cancel to exit this screen without saving.
|
|
Note:
|
WEP is extremely insecure. Its encryption can be broken by an attacker, using widely-available software. It is strongly recommended that you use a more effective security mechanism. Use the strongest security mechanism that all the wireless devices in your network support. For example, use WPA-PSK or WPA2-PSK or WPA or WPA2 if your wireless devices support it. If your wireless devices support nothing stronger than WEP, use the highest encryption level available.
|
|
WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized wireless stations from accessing data transmitted over the wireless network.
Select 64-bit WEP or 128-bit WEP to enable data encryption. |
|
|
If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 characters (ASCII string) or 5 pairs of hexadecimal characters ("0-9", "A-F") preceded by 0x for each key.
If you chose 128-bit WEP in the WEP Encryption field, then enter 13 characters (ASCII string) or 13 pairs of hexadecimal characters ("0-9", "A-F") preceded by 0x for each key. There are four data encryption keys to secure your data from eavesdropping by unauthorized wireless users. The values for the keys must be set up exactly the same on the access points as they are on the wireless stations.
|
|
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.
Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).
|
|||
|
ReAuthentication Timer
|
Specify how often wireless stations have to resend usernames and passwords in order to stay connected.
|
||
|
The ZyWALL automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.
|
|||
|
Group Key Update Timer
|
The Group Key Update Timer is the rate at which the AP sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the group key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK mode.
|
|
Authentication Type
|
Select Auth Method to be able to specify an authentication method object that you have already configured. The authentication method can have the ZyWALL check a user’s user name and password against the ZyWALL’s local database, a remote LDAP, RADIUS, a Active Directory server, or more than one of these.
Select Auth Server to be able to manually specify a RADIUS server’s settings in this screen instead of using an authentication method object.
|
||
|
Authentication Method
|
Select an authentication method object that defines how the ZyWALL authenticates a wireless user. The ZyWALL’s default configuration also includes an authentication method object named “default” that you can use. You can configure the “default” authentication method object, but it’s default configuration uses the ZyWALL’s local database for authentication.
|
||
|
This field displays if you select Authentication Method. Select the certificate the ZyWALL uses to authenticate itself to the wireless clients. The certificates you can select from are the ones already configured in the My Certificates screen.
EAP-TTLS (Tunneled Transport Layer Service) is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection.
The wireless clients must use TTLS authentication protocol and PAP inside the TTLS secure tunnel.
|
|||
|
Radius Server IP Address
|
|||
|
Radius Server Secret
|
Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the ZyWALL. The key is not sent over the network. This key must be the same on the external authentication server and ZyWALL.
|
||
|
ReAuthentication Timer
|
Specify how often wireless stations have to resend user names and passwords in order to stay connected.
|
||
|
The ZyWALL automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the user name and password again before access to the wired network is allowed.
|
|||
|
Group Key Update Timer
|
The Group Key Update Timer is the rate at which the AP sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the group key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK mode.
|
|
Enable MAC Filter
|
Enable MAC address filtering to have the router allow or deny access to wireless stations based on MAC addresses. Disable MAC address filtering to have the router not perform MAC filtering on the wireless stations.
|
|
Select Deny to block access to the router, MAC addresses not listed will be allowed to access the router. Select Allow to permit access to the router, MAC addresses not listed will be denied access to the router.
|
|
|
Double-click an entry or select it and click Edit to be able to modify the entry’s settings.
|
|
|
To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it before doing so.
|
|
|
This displays the MAC address (in XX:XX:XX:XX:XX:XX format) of the wireless station that is allowed or denied access to the ZyWALL. Enter the MAC address (in XX:XX:XX:XX:XX:XX or XX-XX-XX-XX-XX-XX format) of the wireless station that is to be allowed or denied access to the ZyWALL. Note that if you enter the MAC address using hyphens for the separators, the ZyWALL automatically converts them to colons.
|
|
|
This field displays a descriptive name for the MAC address entry. Enter a descriptive name for the MAC address entry.
|
|
|
Click Apply to save your changes back to the ZyWALL.
|
|
|
Click Reset to return the screen to its last-saved settings.
|
|
•
|
|
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
|
|
|
To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it before doing so.
|
|
|
To turn on an entry, select it and click Activate.
|
|
|
To turn off an entry, select it and click Inactivate.
|
|
|
Select an entry and click Object Reference to open a screen that shows which settings use the entry.
|
|
|
The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is inactive.
|
|
|
This is the IP address of the interface. If the interface is active (and connected), the ZyWALL tunnels local traffic sent to this IP address to the Remote Gateway Address.
|
|
|
This is the tunnel mode of the interface (GRE, IPv6-in-IPv4 or 6to4). This field also displays the interface’s IPv4 IP address and subnet mask if it is a GRE tunnel. Otherwise, it displays the interface’s IPv6 IP address and prefix length.
|
|
|
This is the interface or IP address uses to identify itself to the remote gateway. The ZyWALL uses this as the source for the packets it tunnels to the remote gateway.
|
|
|
Remote Gateway Address
|
This is the IP address or domain name of the remote gateway to which this interface tunnels traffic.
|
|
Click Apply to save your changes back to the ZyWALL.
|
|
|
Click Reset to begin configuring this screen afresh.
|
|
Show Advance Settings / Hide Advance Settings
|
|
|
This field is read-only if you are editing an existing tunnel interface. Enter the name of the tunnel interface. The format is tunnelx, where x is 0 - 3. For example, tunnel0.
|
|
|
Use this field to select the zone to which this interface belongs. This controls what security settings the ZyWALL applies to this interface.
|
|
|
IP Address Assignment
|
|
|
Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network.
|
|
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|
|
IPv6 Address Assignment
|
|
|
IPv6 Address/Prefix Length
|
Enter the IPv6 address and the prefix length for this interface if you want to use a static IP address. This field is optional.
The prefix length indicates what the left-most part of the IP address is the same for all computers in the network, that is, the network address.
|
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|
|
6to4 Tunnel Parameter
|
This section is available if you are configuring a 6to4 tunnel which encapsulates IPv6 to IPv4 packets.
|
|
Enter the IPv6 prefix of a destination network. The ZyWALL forwards IPv6 packets to the hosts in the matched network.
If you enter a prefix starting with 2002, the ZyWALL will forward the matched packets to the IPv4 IP address converted from the packets’ destination address. The IPv4 IP address can be converted from the next 32 bits after the prefix you specified in this field. The ZyWALL forwards the unmatched packets to the specified Relay Router.
|
|
|
Enter the IPv4 address of a 6to4 relay router which helps forward packets between 6to4 networks and native IPv6 networks.
|
|
|
Remote Gateway Prefix
|
Enter the IPv4 network address and network bits of a remote 6to4 gateway, for example, 14.15.0.0/16.
This field works if you enter a 6to4 Prefix not starting with 2002 (2003 for example). The ZyWALL forwards the matched packets to a remote gateway with the network address you specify here, and the bits converted after the 6to4 Prefix in the packets.
For example, you configure the 6to4 prefix to 2003:A0B::/32 and the remote gateway prefix to 14.15.0.0/16. If a packet’s destination is 2003:A0B:1011:5::8, the ZyWALL forwards the packet to 14.15.16.17, where the network address is 14.15.0.0 and the host address is the remain bits converted from 1011 after the packet’s 6to4 prefix (2003:A0B).
|
|
Specify the interface or IP address to use as the source address for the packets this interface tunnels to the remote gateway. The remote gateway sends traffic to this interface or IP address.
|
|
|
Remote Gateway Address
|
Enter the IP address or domain name of the remote gateway to which this interface tunnels traffic.
Automatic displays in this field if you are configuring a 6to4 tunnel. It means the 6to4 tunnel will help forward packets to the corresponding remote gateway automatically by looking at the packet’s destination address.
|
|
Interface Parameters
|
|
|
Egress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576. This setting is used in WAN load balancing and bandwidth management.
|
|
Ingress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. Allowed values are 0 - 1048576.
|
|
Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments. Allowed values are 576 - 1500. Usually, this value is 1500.
|
|
|
The interface can regularly check the connection to the gateway you specified to make sure it is still available. You specify how often the interface checks the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the ZyWALL stops routing to the gateway. The ZyWALL resumes routing to the gateway the first time the gateway passes the connectivity check.
|
|
|
Enable Connectivity Check
|
|
|
Select icmp to have the ZyWALL regularly ping the gateway you specify to make sure it is still available.
Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to make sure it is still available.
|
|
|
Check Fail Tolerance
|
Enter the number of consecutive failures before the ZyWALL stops routing through the gateway.
|
|
Check Default Gateway
|
|
|
Check this address
|
Select this to specify a domain name or IP address for the connectivity check. Enter that domain name or IP address in the field next to it.
|
|
This field displays when you set the Check Method to tcp. Specify the port number to use for a TCP connectivity check.
|
|
|
Click this link to go to the screen where you can manually configure a policy route to associate traffic with this interface.
|
|
|
Click OK to save your changes back to the ZyWALL.
|
|
|
Click Cancel to exit this screen without saving.
|
|
•
|
Traffic inside each VLAN is layer-2 communication (data link layer, MAC addresses). It is handled by the switches. As a result, the new switch is required to handle traffic inside VLAN 2. Traffic is only broadcast inside each VLAN, not each physical network.
|
|
•
|
Traffic between VLANs (or between a VLAN and another type of network) is layer-3 communication (network layer, IP addresses). It is handled by the router.
|
|
•
|
Increased performance - In VLAN 2, the extra switch should route traffic inside the sales department faster than the router does. In addition, broadcasts are limited to smaller, more logical groups of users.
|
|
•
|
Higher security - If each computer has a separate physical connection to the switch, then broadcast traffic in each VLAN is never sent to computers in another VLAN.
|
|
•
|
Better manageability - You can align network policies more appropriately for users. For example, you can create different content filtering rules for each VLAN (each department in the example above), and you can set different bandwidth limits for each VLAN. These rules are also independent of the physical network, so you can change the physical network without changing policies.
|
|
Configuration / IPv6 Configuration
|
Use the Configuration section for IPv4 network settings. Use the IPv6 Configuration section for IPv6 network settings if you connect your ZyWALL to an IPv6 network. Both sections have similar fields as described below.
|
|
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
|
|
|
To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it before doing so.
|
|
|
To turn on an entry, select it and click Activate.
|
|
|
To turn off an entry, select it and click Inactivate.
|
|
|
Create Virtual Interface
|
To open the screen where you can create a virtual interface, select an interface and click Create Virtual Interface.
|
|
Object References
|
Select an entry and click Object Reference to open a screen that shows which settings use the entry.
|
|
This field displays the current IP address of the interface. If the IP address is 0.0.0.0, the interface does not have an IP address yet.
This screen also shows whether the IP address is a static IP address (STATIC) or dynamically assigned (DHCP). IP addresses are always static in virtual interfaces.
|
|
|
Click Apply to save your changes back to the ZyWALL.
|
|
|
Click Reset to return the screen to its last-saved settings.
|
|
IPv4/IPv6 View / IPv4 View / IPv6 View
|
Use this button to display both IPv4 and IPv6, IPv4-only, or IPv6-only configuration fields.
|
||||
|
Show Advance Settings / Hide Advance Settings
|
|||||
|
Click this button to create a DHCPv6 lease or DHCPv6 request object that you may use for the DHCPv6 settings in this screen.
|
|||||
|
General IPv6 Setting
|
|||||
|
Select one of the following option depending on the type of network to which the ZyWALL is connected or if you want to additionally manually configure some related settings.
internal is for connecting to a local network. Other corresponding configuration options: DHCP server and DHCP relay. The ZyWALL automatically adds default SNAT settings for traffic flowing from this interface to an external interface.
external is for connecting to an external network (like the Internet). The ZyWALL automatically adds this interface to the default WAN trunk.
For general, the rest of the screen’s options do not automatically adjust and you must manually configure a policy route to add routing and SNAT settings for the interface.
|
|||||
|
This field is read-only if you are editing an existing VLAN interface. Enter the number of the VLAN interface. You can use a number from 0~4094.
|
|||||
|
Enter the VLAN ID. This 12-bit number uniquely identifies each VLAN. Allowed values are 1 - 4094. (0 and 4095 are reserved.)
|
|||||
|
Enter a description of this interface. It is not used elsewhere. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|||||
|
IP Address Assignment
|
|||||
|
Get Automatically
|
Select this if this interface is a DHCP client. In this case, the DHCP server configures the IP address, subnet mask, and gateway automatically.
|
||||
|
Use Fixed IP Address
|
|||||
|
This field is enabled if you select Use Fixed IP Address.
|
|||||
|
This field is enabled if you select Use Fixed IP Address.
Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network.
|
|||||
|
This field is enabled if you select Use Fixed IP Address.
Enter the IP address of the gateway. The ZyWALL sends packets to the gateway when it does not know how to route the packet to its destination. The gateway should be on the same network as the interface.
|
|||||
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|||||
|
IPv6 Address Assignment
|
|||||
|
Enable Stateless Address Auto-configuration (SLAAC)
|
Select this to enable IPv6 stateless auto-configuration on this interface. The interface will generate an IPv6 IP address itself from a prefix obtained from an IPv6 router in the network.
|
||||
|
Link-Local address
|
This displays the IPv6 link-local address and the network prefix that the ZyWALL generates itself for the interface.
|
||||
|
IPv6 Address/Prefix Length
|
Enter the IPv6 address and the prefix length for this interface if you want to configure a static IP address for this interface. This field is optional.
The prefix length indicates what the left-most part of the IP address is the same for all computers in the network, that is, the network address.
|
||||
|
Enter the IPv6 address of the default outgoing gateway using colon (:) hexadecimal notation.
|
|||||
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|||||
|
Address from DHCPv6 Prefix Delegation
|
Use this table to have the ZyWALL obtain an IPv6 prefix from the ISP or a connected uplink router for an internal network, such as the LAN or DMZ. You have to also enter a suffix address which is appended to the delegated prefix to form an address for this interface.
|
||||
|
Enter the ending part of the IPv6 address, a slash (/), and the prefix length. The ZyWALL will append it to the delegated prefix.
For example, you got a delegated prefix of 2003:1234:5678/48. You want to configure an IP address of 2003:1234:5678:1111::1/128 for this interface, then enter ::1111:0:0:0:1/128 in this field.
|
|||||
|
|||||
|
This field displays the DHCP Unique IDentifier (DUID) of the interface, which is unique and used for identification purposes when the interface is exchanging DHCPv6 messages with others.
|
|||||
|
Customized DUID
|
|||||
|
Enable Rapid Commit
|
Select this to shorten the DHCPv6 message exchange process from four to two steps. This function helps reduce heavy network traffic load.
|
||||
|
Information Refresh Time
|
Enter the number of seconds a DHCPv6 client should wait before refreshing information retrieved from DHCPv6.
|
||||
|
This field is available if you set this interface to DHCPv6 Client. Select this to get an IPv6 IP address for this interface from the DHCP server. Clear this to not get any IP address information through DHCPv6.
|
|||||
|
DHCPv6 Request Options /
DHCPv6 Lease Options
|
If this interface is a DHCPv6 client, use this section to configure DHCPv6 request settings that determine what additional information to get from the DHCPv6 server.
If this interface is a DHCPv6 server, use this section to configure DHCPv6 lease settings that determine what to offer to the DHCPv6 clients.
|
||||
|
Click this to create an entry in this table. See Add/Edit DHCPv6 Request/Release Options for more information.
|
|||||
|
This field displays the IPv6 prefix that the ZyWALL obtained from an uplink router (Server is selected) or will advertise to its clients (Client is selected).
|
|||||
|
When Relay is selected, select this check box and an interface from the drop-down list if you want to use it as the relay server.
|
|||||
|
When Relay is selected, select this check box and enter the IP address of a DHCPv6 server as the relay server.
|
|||||
|
IPv6 Router Advertisement Setting
|
|||||
|
Enable Router Advertisement
|
|||||
|
Advertised Hosts Get Network Configuration From DHCPv6
|
Select this to have the ZyWALL indicate to hosts to obtain network settings (such as prefix and DNS settings) through DHCPv6.
Clear this to have the ZyWALL indicate to hosts that DHCPv6 is not available and they should use the prefix in the router advertisement message.
|
||||
|
Advertised Hosts Get Other Configuration From DHCPv6
|
Clear this to have the ZyWALL indicate to hosts that DNS information is not available in this network.
|
||||
|
Router Preference
|
Select the router preference (Low, Medium or High) for the interface. The interface sends this preference in the router advertisements to tell hosts what preference they should use for the ZyWALL. This helps hosts to choose their default router especially when there are multiple IPv6 router in the network.
|
||||
|
The Maximum Transmission Unit. Type the maximum size of each IPv6 data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments.
|
|||||
|
Enter the maximum number of network segments that a packet can cross before reaching the destination. When forwarding an IPv6 packet, IPv6 routers are required to decrease the Hop Limit by 1 and to discard the IPv6 packet when the Hop Limit is 0.
|
|||||
|
Advertised Prefix Table
|
|||||
|
The prefix length indicates what the left-most part of the IP address is the same for all computers in the network, that is, the network address.
|
|||||
|
Advertised Prefix from DHCPv6 Prefix Delegation
|
Use this table to configure the network prefix if you want to use a delegated prefix as the beginning part of the network prefix.
|
||||
|
Enter the ending part of the IPv6 network address plus a slash (/) and the prefix length. The ZyWALL will append it to the selected delegated prefix. The combined address is the network prefix for the network.
For example, you got a delegated prefix of 2003:1234:5678/48. You want to divide it into 2003:1234:5678:1111/64 for this interface and 2003:1234:5678:2222/64 for another interface. You can use ::1111/64 and ::2222/64 for the suffix address respectively. But if you do not want to divide the delegated prefix into subnetworks, enter ::0/48 here, which keeps the same prefix length (/48) as the delegated prefix.
|
|||||
|
|||||
|
Interface Parameters
|
|||||
|
Egress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576.
|
||||
|
Ingress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. Allowed values are 0 - 1048576.
|
||||
|
Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments. Allowed values are 576 - 1500. Usually, this value is 1500.
|
|||||
|
The ZyWALL can regularly check the connection to the gateway you specified to make sure it is still available. You specify how often to check the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the ZyWALL stops routing to the gateway. The ZyWALL resumes routing to the gateway the first time the gateway passes the connectivity check.
|
|||||
|
Enable Connectivity Check
|
|||||
|
Select icmp to have the ZyWALL regularly ping the gateway you specify to make sure it is still available.
Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to make sure it is still available.
|
|||||
|
Check Fail Tolerance
|
Enter the number of consecutive failures before the ZyWALL stops routing through the gateway.
|
||||
|
Check Default Gateway
|
|||||
|
Check this address
|
Select this to specify a domain name or IP address for the connectivity check. Enter that domain name or IP address in the field next to it.
|
||||
|
This field only displays when you set the Check Method to tcp. Specify the port number to use for a TCP connectivity check.
|
|||||
|
None - the ZyWALL does not provide any DHCP services. There is already a DHCP server on the network.
DHCP Relay - the ZyWALL routes DHCP requests to one or more DHCP servers you specify. The DHCP server(s) may be on another network.
DHCP Server - the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to the network. The ZyWALL is the DHCP server for the network.
|
|||||
|
These fields appear if the ZyWALL is a DHCP Relay.
|
|||||
|
These fields appear if the ZyWALL is a DHCP Server.
|
|||||
|
IP Pool Start Address
|
Enter the IP address from which the ZyWALL begins allocating IP addresses. If you want to assign a static IP address to a specific computer, click Add Static DHCP.
If this field is blank, the Pool Size must also be blank. In this case, the ZyWALL can assign every IP address allowed by the interface’s IP address and subnet mask, except for the first address (network address), last address (broadcast address) and the interface’s IP address.
|
||||
|
Enter the number of IP addresses to allocate. This number must be at least one and is limited by the interface’s Subnet Mask. For example, if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is 10.10.10.10, the ZyWALL can allocate 10.10.10.10 to 10.10.10.254, or 245 IP addresses.
If this field is blank, the IP Pool Start Address must also be blank. In this case, the ZyWALL can assign every IP address allowed by the interface’s IP address and subnet mask, except for the first address (network address), last address (broadcast address) and the interface’s IP address.
|
|||||
|
Second DNS Server
Third DNS Server
|
Specify the IP addresses up to three DNS servers for the DHCP clients to use. Use one of the following ways to specify these IP addresses.
Custom Defined - enter a static IP address.
From ISP - select the DNS server that another interface received from its DHCP server.
ZyWALL - the DHCP clients use the IP address of this interface and the ZyWALL works as a DNS relay.
|
||||
|
First WINS Server, Second WINS Server
|
Type the IP address of the WINS (Windows Internet Naming Service) server that you want to send to the DHCP clients. The WINS server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using.
|
||||
|
If you set this interface to DHCP Server, you can select to use either the interface’s IP address or another IP address as the default router. This default router will become the DHCP clients’ default gateway.
To use another IP address as the default router, select Custom Defined and enter the IP address.
|
|||||
|
Specify how long each computer can use the information (especially the IP address) before it has to request the information again. Choices are:
infinite - select this if IP addresses never expire
days, hours, and minutes - select this to enter how long IP addresses are valid.
|
|||||
|
Extended Options
|
This table is available if you selected DHCP server.
Configure this table if you want to send more information to DHCP clients through DHCP packets.
|
||||
|
Enable IP/MAC Binding
|
Select this option to have the ZyWALL enforce links between specific IP addresses and specific MAC addresses for this VLAN. This stops anyone else from manually using a bound IP address on another device connected to this interface. Use this to make use only the intended users get to use specific IP addresses.
|
||||
|
Enable Logs for IP/MAC Binding Violation
|
Select this option to have the ZyWALL generate a log if a device connected to this VLAN attempts to use an IP address that is bound to another device’s MAC address.
|
||||
|
Static DHCP Table
|
Configure a list of static IP addresses the ZyWALL assigns to computers connected to the interface. Otherwise, the ZyWALL assigns an IP address dynamically using the interface’s IP Pool Start Address and Pool Size.
|
||||
|
Enter a description to help identify this static DHCP entry. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|||||
|
This field is effective when RIP is enabled. Select the RIP direction from the drop-down list box.
BiDir - This interface sends and receives routing information.
In-Only - This interface receives routing information.
Out-Only - This interface sends routing information.
|
|||||
|
This field is effective when RIP is enabled. Select the RIP version(s) used for sending RIP packets. Choices are 1, 2, and 1 and 2.
|
|||||
|
This field is effective when RIP is enabled. Select the RIP version(s) used for receiving RIP packets. Choices are 1, 2, and 1 and 2.
|
|||||
|
This field is effective when RIP is enabled. Select this to send RIP-2 packets using subnet broadcasting; otherwise, the ZyWALL uses multicasting.
|
|||||
|
Select the area in which this interface belongs. Select None to disable OSPF in this interface.
|
|||||
|
Enter the priority (between 0 and 255) of this interface when the area is looking for a Designated Router (DR) or Backup Designated Router (BDR). The highest-priority interface identifies the DR, and the second-highest-priority interface identifies the BDR. Set the priority to zero if the interface can not be the DR or BDR.
|
|||||
|
Passive Interface
|
Select this to stop forwarding OSPF routing information from the selected interface. As a result, this interface only receives routing information.
|
||||
|
Select an authentication method, or disable authentication. To exchange OSPF routing information with peer border routers, you must use the same authentication method that they use. Choices are:
Same-as-Area - use the default authentication method in the area
None - disable authentication
Text - authenticate OSPF routing information using a plain-text password
MD5 - authenticate OSPF routing information using MD5 encryption
|
|||||
|
Text Authentication Key
|
This field is available if the Authentication is Text. Type the password for text authentication. The key can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
|
||||
|
MD5 Authentication ID
|
This field is available if the Authentication is MD5. Type the ID for MD5 authentication. The ID can be between 1 and 255.
|
||||
|
MD5 Authentication Key
|
This field is available if the Authentication is MD5. Type the password for MD5 authentication. The password can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
|
||||
|
Configure WAN TRUNK
|
Click WAN TRUNK to go to a screen where you can set this VLAN to be part of a WAN trunk for load balancing.
|
||||
|
Configure Policy Route
|
Click Policy Route to go to the screen where you can manually configure a policy route to associate traffic with this VLAN.
|
||||
|
Click OK to save your changes back to the ZyWALL.
|
|||||
|
Click Cancel to exit this screen without saving.
|
|
Configuration / IPv6 Configuration
|
Use the Configuration section for IPv4 network settings. Use the IPv6 Configuration section for IPv6 network settings if you connect your ZyWALL to an IPv6 network. Both sections have similar fields as described below.
|
|
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
|
|
|
To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it before doing so.
|
|
|
To turn on an entry, select it and click Activate.
|
|
|
To turn off an entry, select it and click Inactivate.
|
|
|
Create Virtual Interface
|
To open the screen where you can create a virtual interface, select an interface and click Create Virtual Interface.
|
|
Select an entry and click Object Reference to open a screen that shows which settings use the entry.
|
|
|
This field displays the current IP address of the interface. If the IP address is 0.0.0.0, the interface does not have an IP address yet.
This screen also shows whether the IP address is a static IP address (STATIC) or dynamically assigned (DHCP). IP addresses are always static in virtual interfaces.
|
|
|
This field displays the Ethernet interfaces and VLAN interfaces in the bridge interface. It is blank for virtual interfaces.
|
|
|
Click Apply to save your changes back to the ZyWALL.
|
|
|
Click Reset to return the screen to its last-saved settings.
|
|
IPv4/IPv6 View / IPv4 View / IPv6 View
|
Use this button to display both IPv4 and IPv6, IPv4-only, or IPv6-only configuration fields.
|
||||
|
Show Advance Settings / Hide Advance Settings
|
|||||
|
Click this button to create a DHCPv6 lease or DHCPv6 request object that you may use for the DHCPv6 settings in this screen.
|
|||||
|
General IPv6 Setting
|
|||||
|
Select one of the following option depending on the type of network to which the ZyWALL is connected or if you want to additionally manually configure some related settings.
internal is for connecting to a local network. Other corresponding configuration options: DHCP server and DHCP relay. The ZyWALL automatically adds default SNAT settings for traffic flowing from this interface to an external interface.
external is for connecting to an external network (like the Internet). The ZyWALL automatically adds this interface to the default WAN trunk.
For general, the rest of the screen’s options do not automatically adjust and you must manually configure a policy route to add routing and SNAT settings for the interface.
|
|||||
|
This field is read-only if you are editing the interface. Enter the name of the bridge interface. The format is brx, where x is 0 - 11. For example, br0, br3, and so on.
|
|||||
|
Select the zone to which the interface is to belong. You use zones to apply security settings such as firewall, remote management.
|
|||||
|
Enter a description of this interface. It is not used elsewhere. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|||||
|
Member Configuration
|
|||||
|
This field displays Ethernet interfaces and VLAN interfaces that can become part of the bridge interface. An interface is not available in the following situations:
Select one, and click the >> arrow to add it to the bridge interface. Each bridge interface can only have one VLAN interface.
|
|||||
|
This field displays the interfaces that are part of the bridge interface. Select one, and click the << arrow to remove it from the bridge interface.
|
|||||
|
IP Address Assignment
|
|||||
|
Get Automatically
|
Select this if this interface is a DHCP client. In this case, the DHCP server configures the IP address, subnet mask, and gateway automatically.
|
||||
|
Use Fixed IP Address
|
|||||
|
This field is enabled if you select Use Fixed IP Address.
|
|||||
|
This field is enabled if you select Use Fixed IP Address.
Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network.
|
|||||
|
This field is enabled if you select Use Fixed IP Address.
Enter the IP address of the gateway. The ZyWALL sends packets to the gateway when it does not know how to route the packet to its destination. The gateway should be on the same network as the interface.
|
|||||
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|||||
|
IPv6 Address Assignment
|
|||||
|
Enable Stateless Address Auto-configuration (SLAAC)
|
Select this to enable IPv6 stateless auto-configuration on this interface. The interface will generate an IPv6 IP address itself from a prefix obtained from an IPv6 router in the network.
|
||||
|
Link-Local address
|
This displays the IPv6 link-local address and the network prefix that the ZyWALL generates itself for the interface.
|
||||
|
IPv6 Address/Prefix Length
|
Enter the IPv6 address and the prefix length for this interface if you want to use a static IP address. This field is optional.
The prefix length indicates what the left-most part of the IP address is the same for all computers in the network, that is, the network address.
|
||||
|
Enter the IPv6 address of the default outgoing gateway using colon (:) hexadecimal notation.
|
|||||
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|||||
|
Address from DHCPv6 Prefix Delegation
|
Use this table to have the ZyWALL obtain an IPv6 prefix from the ISP or a connected uplink router for an internal network, such as the LAN or DMZ. You have to also enter a suffix address which is appended to the delegated prefix to form an address for this interface.
|
||||
|
Enter the ending part of the IPv6 address, a slash (/), and the prefix length. The ZyWALL will append it to the delegated prefix.
For example, you got a delegated prefix of 2003:1234:5678/48. You want to configure an IP address of 2003:1234:5678:1111::1/128 for this interface, then enter ::1111:0:0:0:1/128 in this field.
|
|||||
|
|||||
|
This field displays the DHCP Unique IDentifier (DUID) of the interface, which is unique and used for identification purposes when the interface is exchanging DHCPv6 messages with others. See DHCPv6 for more information.
|
|||||
|
Customized DUID
|
|||||
|
Enable Rapid Commit
|
Select this to shorten the DHCPv6 message exchange process from four to two steps. This function helps reduce heavy network traffic load.
|
||||
|
Information Refresh Time
|
Enter the number of seconds a DHCPv6 client should wait before refreshing information retrieved from DHCPv6.
|
||||
|
This field is available if you set this interface to DHCPv6 Client. Select this to get an IPv6 IP address for this interface from the DHCP server. Clear this to not get any IP address information through DHCPv6.
|
|||||
|
DHCPv6 Request Options /
DHCPv6 Lease Options
|
If this interface is a DHCPv6 client, use this section to configure DHCPv6 request settings that determine what additional information to get from the DHCPv6 server.
If the interface is a DHCPv6 server, use this section to configure DHCPv6 lease settings that determine what to offer to the DHCPv6 clients.
|
||||
|
Click this to create an entry in this table. See Add/Edit DHCPv6 Request/Release Options for more information.
|
|||||
|
This field displays the IPv6 prefix that the ZyWALL obtained from an uplink router (Server is selected) or will advertise to its clients (Client is selected).
|
|||||
|
When Relay is selected, select this check box and an interface from the drop-down list if you want to use it as the relay server.
|
|||||
|
When Relay is selected, select this check box and enter the IP address of a DHCPv6 server as the relay server.
|
|||||
|
IPv6 Router Advertisement Setting
|
|||||
|
Enable Router Advertisement
|
|||||
|
Advertised Hosts Get Network Configuration From DHCPv6
|
Select this to have the ZyWALL indicate to hosts to obtain network settings (such as prefix and DNS settings) through DHCPv6.
Clear this to have the ZyWALL indicate to hosts that DHCPv6 is not available and they should use the prefix in the router advertisement message.
|
||||
|
Advertised Hosts Get Other Configuration From DHCPv6
|
Clear this to have the ZyWALL indicate to hosts that DNS information is not available in this network.
|
||||
|
Router Preference
|
Select the router preference (Low, Medium or High) for the interface. The interface sends this preference in the router advertisements to tell hosts what preference they should use for the ZyWALL. This helps hosts to choose their default router especially when there are multiple IPv6 router in the network.
|
||||
|
The Maximum Transmission Unit. Type the maximum size of each IPv6 data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments.
|
|||||
|
Enter the maximum number of network segments that a packet can cross before reaching the destination. When forwarding an IPv6 packet, IPv6 routers are required to decrease the Hop Limit by 1 and to discard the IPv6 packet when the Hop Limit is 0.
|
|||||
|
Advertised Prefix Table
|
|||||
|
The prefix length indicates what the left-most part of the IP address is the same for all computers in the network, that is, the network address.
|
|||||
|
Advertised Prefix from DHCPv6 Prefix Delegation
|
Use this table to configure the network prefix if you want to use a delegated prefix as the beginning part of the network prefix.
|
||||
|
Enter the ending part of the IPv6 network address plus a slash (/) and the prefix length. The ZyWALL will append it to the selected delegated prefix. The combined address is the network prefix for the network.
For example, you got a delegated prefix of 2003:1234:5678/48. You want to divide it into 2003:1234:5678:1111/64 for this interface and 2003:1234:5678:2222/64 for another interface. You can use ::1111/64 and ::2222/64 for the suffix address respectively. But if you do not want to divide the delegated prefix into subnetworks, enter ::0/48 here, which keeps the same prefix length (/48) as the delegated prefix.
|
|||||
|
|||||
|
Interface Parameters
|
|||||
|
Egress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576.
|
||||
|
Ingress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. Allowed values are 0 - 1048576.
|
||||
|
Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the ZyWALL divides it into smaller fragments. Allowed values are 576 - 1500. Usually, this value is 1500.
|
|||||
|
None - the ZyWALL does not provide any DHCP services. There is already a DHCP server on the network.
DHCP Relay - the ZyWALL routes DHCP requests to one or more DHCP servers you specify. The DHCP server(s) may be on another network.
DHCP Server - the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to the network. The ZyWALL is the DHCP server for the network.
|
|||||
|
These fields appear if the ZyWALL is a DHCP Relay.
|
|||||
|
These fields appear if the ZyWALL is a DHCP Server.
|
|||||
|
IP Pool Start Address
|
Enter the IP address from which the ZyWALL begins allocating IP addresses. If you want to assign a static IP address to a specific computer, click Add Static DHCP.
If this field is blank, the Pool Size must also be blank. In this case, the ZyWALL can assign every IP address allowed by the interface’s IP address and subnet mask, except for the first address (network address), last address (broadcast address) and the interface’s IP address.
|
||||
|
Enter the number of IP addresses to allocate. This number must be at least one and is limited by the interface’s Subnet Mask. For example, if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is 10.10.10.10, the ZyWALL can allocate 10.10.10.10 to 10.10.10.254, or 245 IP addresses.
If this field is blank, the IP Pool Start Address must also be blank. In this case, the ZyWALL can assign every IP address allowed by the interface’s IP address and subnet mask, except for the first address (network address), last address (broadcast address) and the interface’s IP address.
|
|||||
|
Second DNS Server
Third DNS Server
|
Specify the IP addresses up to three DNS servers for the DHCP clients to use. Use one of the following ways to specify these IP addresses.
Custom Defined - enter a static IP address.
From ISP - select the DNS server that another interface received from its DHCP server.
ZyWALL - the DHCP clients use the IP address of this interface and the ZyWALL works as a DNS relay.
|
||||
|
First WINS Server, Second WINS Server
|
Type the IP address of the WINS (Windows Internet Naming Service) server that you want to send to the DHCP clients. The WINS server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using.
|
||||
|
If you set this interface to DHCP Server, you can select to use either the interface’s IP address or another IP address as the default router. This default router will become the DHCP clients’ default gateway.
To use another IP address as the default router, select Custom Defined and enter the IP address.
|
|||||
|
Specify how long each computer can use the information (especially the IP address) before it has to request the information again. Choices are:
infinite - select this if IP addresses never expire
days, hours, and minutes - select this to enter how long IP addresses are valid.
|
|||||
|
Extended Options
|
This table is available if you selected DHCP server.
Configure this table if you want to send more information to DHCP clients through DHCP packets.
|
||||
|
Enable IP/MAC Binding
|
Select this option to have this interface enforce links between specific IP addresses and specific MAC addresses. This stops anyone else from manually using a bound IP address on another device connected to this interface. Use this to make use only the intended users get to use specific IP addresses.
|
||||
|
Enable Logs for IP/MAC Binding Violation
|
Select this option to have the ZyWALL generate a log if a device connected to this interface attempts to use an IP address that is bound to another device’s MAC address.
|
||||
|
Static DHCP Table
|
Configure a list of static IP addresses the ZyWALL assigns to computers connected to the interface. Otherwise, the ZyWALL assigns an IP address dynamically using the interface’s IP Pool Start Address and Pool Size.
|
||||
|
Enter a description to help identify this static DHCP entry. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|||||
|
The interface can regularly check the connection to the gateway you specified to make sure it is still available. You specify how often the interface checks the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the ZyWALL stops routing to the gateway. The ZyWALL resumes routing to the gateway the first time the gateway passes the connectivity check.
|
|||||
|
Enable Connectivity Check
|
|||||
|
Select icmp to have the ZyWALL regularly ping the gateway you specify to make sure it is still available.
Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to make sure it is still available.
|
|||||
|
Check Fail Tolerance
|
Enter the number of consecutive failures before the ZyWALL stops routing through the gateway.
|
||||
|
Check Default Gateway
|
|||||
|
Check this address
|
Select this to specify a domain name or IP address for the connectivity check. Enter that domain name or IP address in the field next to it.
|
||||
|
This field only displays when you set the Check Method to tcp. Specify the port number to use for a TCP connectivity check.
|
|||||
|
Configure WAN TRUNK
|
Click WAN TRUNK to go to a screen where you can configure the interface as part of a WAN trunk for load balancing.
|
||||
|
Configure Policy Route
|
Click Policy Route to go to the screen where you can manually configure a policy route to associate traffic with this bridge interface.
|
||||
|
Click OK to save your changes back to the ZyWALL.
|
|||||
|
Click Cancel to exit this screen without saving.
|
|
1
|
|
2
|
The load auxiliary interface must connect to satisfy load-balancing requirements. You have to add the auxiliary interface to a trunk first.
|
|
Select this to turn on the auxiliary dial up interface. The interface does not dial out, however, unless it is part of a trunk and load-balancing conditions are satisfied.
|
|
|
Enter a description of this interface. It is not used elsewhere. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|
|
Tone - select this if the telephone uses tone-based dialing.
Pulse - select this if the telephone uses pulse-based dialing.
|
|
|
Enter the AT command string to initialize the external modem. ATZ is the most common string, but you should check the manual for the external modem for additional commands.
|
|
|
Auxiliary Configuration
|
|
|
Enter the phone number to dial here. You can use 1-20 numbers, commas (,), or plus signs (+). Use a comma to pause during dialing. Use a plus sign to tell the external modem to make an international call.
|
|
|
Retype to confirm
|
|
|
Authentication Type
|
CHAP/PAP - Your ZyWALL accepts either CHAP (Challenge Handshake Authentication Protocol) or PAP (Password Authentication Protocol), as requested by the computer you are dialing.
CHAP - Your ZyWALL accepts CHAP only.
PAP - Your ZyWALL accepts PAP only.
MSCHAP - Your ZyWALL accepts MSCHAP only.
MSCHAP-V2 - Your ZyWALL accepts MSCHAP-V2 only.
|
|
Type the number of seconds the ZyWALL tries to set up a connection before it stops. Allowed values are 30 - 120.
|
|
|
Type the number of seconds the ZyWALL should wait for traffic before it automatically disconnects the connection. Set this field to zero to disable the idle timeout. Allowed values are 0 - 360.
|
|
|
Click Apply to save your changes back to the ZyWALL.
|
|
|
Click Reset to return the screen to its last-saved settings.
|
|
This field is read-only. It displays the name of the virtual interface, which is automatically derived from the underlying Ethernet interface, VLAN interface, or bridge interface.
|
|
|
Enter a description of this interface. It is not used elsewhere. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
|
|
|
IP Address Assignment
|
|
|
Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network.
|
|
|
Enter the IP address of the gateway. The ZyWALL sends packets to the gateway when it does not know how to route the packet to its destination. The gateway should be on the same network as the interface.
|
|
|
Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the ZyWALL uses the one that was configured first.
|
|
|
Interface Parameters
|
|
|
Egress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576.
|
|
Ingress Bandwidth
|
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. Allowed values are 0 - 1048576.
|
|
Click OK to save your changes back to the ZyWALL.
|
|
|
Click Cancel to exit this screen without saving.
|