ZyWALL 2

41

5.16.1

HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web

protocol that encrypts and decrypts web sessions. Secure Socket Layer (SSL) is an application-level

protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party

cannot read the transferred data), authentication (one party can identify the other party) and data

integrity (you know if data has been changed).

HTTPS on the ZyWALL relies upon certificates, public keys, and private keys to securely access

the ZyWALL using the web configurator. The SSL protocol specifies that the SSL server (the

ZyWALL) must always authenticate itself to the SSL client (the computer which requests the

HTTPS connection with the ZyWALL), whereas the SSL client only should authenticate itself when

the SSL server requires it to do so (select

Authenticate Client Certificates

in the

Remote Mngt,

WWW

screen).

Authenticate Client Certificates

is optional and if selected means the SSL-client

must send the ZyWALL a certificate. You must apply for a certificate for the browser from a CA

that is a trusted CA on the ZyWALL.

5.16.2

SSH

SSH (Secure Shell) is a secure communication protocol that combines authentication and data

encryption to provide secure encrypted communication between two hosts over an unsecured

network.

5.17 UPnP Overview

Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for

simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a

network, obtain an IP address, convey its capabilities and learn about other devices on the network.

In turn, a device can leave a network smoothly and automatically when it is no longer in use.

All UPnP-enabled devices may communicate freely with each other without additional

configuration. Disable UPnP if this is not your intention.

Windows ME and Windows XP support UPnP. See the Microsoft website for information about

other Microsoft operating systems.

5.18 Configuring UPnP

Click

UPnP

to open the

UPnP

screen.

ZyWALL 2

42

The following table describes the fields in this screen.

LABEL

DESCRIPTION

Device Name

This identifies the device in UPnP applications.

Enable the Universal Plug

and Play (UPnP) feature

Select this checkbox to activate UPnP. Be aware that anyone could use a UPnP

application to open the web configurator's login screen without entering the

ZyWALL's IP address (although you must still enter the password to access the

web configurator).

Allow users to make

configuration changes

through UPnP

Select this check box to allow UPnP-enabled applications to automatically

configure the ZyWALL so that they can communicate through the ZyWALL, for

example by using NAT traversal, UPnP applications automatically reserve a NAT

forwarding port in order to communicate with another UPnP enabled device; this

eliminates the need to manually configure port forwarding for the UPnP enabled

application.

Allow UPnP to pass through

Firewall

Select this check box to allow traffic from UPnP-enabled applications to bypass

the firewall.

Clear this check box to have the firewall block all UPnP application packets (for

example, MSN packets).

ZyWALL 2

43

6 Troubleshooting

For advanced troubleshooting help, see the Logs section in the

User’s Guide

.

PROBLEM

CORRECTIVE ACTION

None of the LEDs turn

on when you turn on

the ZyWALL.

Make sure that you have the correct power adaptor connected to the ZyWALL and

plugged in to an appropriate power source. Check all cable connections.

If the LEDs still do not turn on, you may have a hardware problem. In this case, you

should contact your local vendor.

Cannot access the

ZyWALL from the LAN.

Check the cable connection between the ZyWALL and your computer or hub. Refer

to the

Rear Panel

section for details.

Ping the ZyWALL from a LAN computer. Make sure your computer Ethernet card is

installed and functioning properly.

Cannot ping any

computer on the LAN.

If the 10/100M LAN LEDs are off, check the cable connections between the ZyWALL

and your LAN computers.

Verify that the IP address and subnet mask of the ZyWALL and the LAN computers

are in the same IP address range.

The WAN IP is provided after the ISP verifies the MAC address, host name or user

ID.

Find out the verification method used by your ISP and configure the corresponding

fields.

If the ISP checks the WAN MAC address, you should clone the MAC address from a

LAN computer. Click

WAN

and then the

MAC

tab, select

Spoof this Computer's

MAC address - IP Address

and enter the IP address of the computer on the LAN

whose MAC address you are cloning.

If the ISP checks the host name, enter your computer’s name (refer to the

Wizard

Setup

section in the

User’s Guide

) in the

System Name

field in the first screen of the

WIZARD

.

Cannot get a WAN IP

address from the ISP.

If the ISP checks the user ID, click

WAN

and then the

ISP

tab. Check your service

type, user name, and password.

Check the ZyWALL’s connection to the cable/DSL device.

Check whether your cable/DSL device requires a crossover or straight-through cable.

Click

WAN

to verify your settings.

Cannot access the

Internet.

Check that you entered the password correctly.

Some ISPs may lock you out after

several unsuccessful attempts.