1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 138
Page 686 / 944 Scroll up to view Page 681 - 685
Chapter 45 System
ZyWALL USG 50 User’s Guide
686
The following table describes the labels in this screen.
45.5.6
Domain Zone Forwarder
A domain zone forwarder contains a DNS server’s IP address. The ZyWALL can
query the DNS server to resolve domain zones for features like VPN, DDNS and
the time server. A domain zone is a fully qualified domain name without the host.
For example, zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully
qualified domain name.
45.5.7
Adding a Domain Zone Forwarder
Click the
Add
icon in the
Domain Zone Forwarder
table to add a domain zone
forwarder record.
Figure 388
Configuration > System > DNS > Domain Zone Forwarder Add
Table 214
Configuration > System > DNS > Address/PTR Record Edit
LABEL
DESCRIPTION
FQDN
Type a Fully-Qualified Domain Name (FQDN) of a server. An FQDN starts
with a host name and continues all the way up to the top-level domain
name. For example, www.zyxel.com.tw is a fully qualified domain
name, where “www” is the host, “zyxel” is the third-level domain, “com”
is the second-level domain, and “tw” is the top level domain.
Underscores are not allowed.
Use "*." as a prefix in the FQDN for a wildcard domain name (for
example, *.example.com).
IP Address
Enter the IP address of the host in dotted decimal notation.
OK
Click
OK
to save your customized settings and exit this screen.
Cancel
Click
Cancel
to exit this screen without saving
Page 687 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
687
The following table describes the labels in this screen.
45.5.8
MX Record
A MX (Mail eXchange) record indicates which host is responsible for the mail for a
particular domain, that is, controls where mail is sent for that domain. If you do
not configure proper MX records for your domain or other domain, external e-mail
from other mail servers will not be able to be delivered to your mail server and
vice versa. Each host or domain can have only one MX record, that is, one domain
is mapping to one host.
Table 215
Configuration > System > DNS > Domain Zone Forwarder Add
LABEL
DESCRIPTION
Domain Zone
A domain zone is a fully qualified domain name without the host. For
example, zyxel.com.tw is the domain zone for the www.zyxel.com.tw
fully qualified domain name. For example, whenever the ZyWALL
receives needs to resolve a zyxel.com.tw domain name, it can send a
query to the recorded name server IP address.
Enter * if all domain zones are served by the specified DNS server(s).
DNS Server
Select
DNS Server(s) from ISP
if your ISP dynamically assigns DNS
server information. You also need to select an interface through which
the ISP provides the DNS server IP address(es). The interface should be
activated and set to be a DHCP client. The fields below display the
(read-only) DNS server IP address(es) that the ISP assigns.
N/A
displays for any DNS server IP address fields for which the ISP does not
assign an IP address.
Select
Public DNS Server
if you have the IP address of a DNS server.
Enter the DNS server's IP address in the field to the right. The ZyWALL
must be able to connect to the DNS server without using a VPN tunnel.
The DNS server could be on the Internet or one of the ZyWALL’s local
networks. You cannot use 0.0.0.0. Use the
Query via
field to select the
interface through which the ZyWALL sends DNS queries to a DNS
server.
Select
Private DNS Server
if you have the IP address of a DNS server
to which the ZyWALL connects through a VPN tunnel. Enter the DNS
server's IP address in the field to the right. You cannot use 0.0.0.0.
OK
Click
OK
to save your customized settings and exit this screen.
Cancel
Click
Cancel
to exit this screen without saving
Page 688 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
688
45.5.9
Adding a MX Record
Click the
Add
icon in the
MX Record
table to add a MX record.
Figure 389
Configuration > System > DNS > MX Record Add
The following table describes the labels in this screen.
45.5.10
Adding a DNS Service Control Rule
Click the
Add
icon in the
Service Control
table to add a service control rule.
Figure 390
Configuration > System > DNS > Service Control Rule Add
Table 216
Configuration > System > DNS > MX Record Add
LABEL
DESCRIPTION
Domain Name
Enter the domain name where the mail is destined for.
IP Address/
FQDN
Enter the IP address or Fully-Qualified Domain Name (FQDN) of a mail
server that handles the mail for the domain specified in the field above.
OK
Click
OK
to save your customized settings and exit this screen.
Cancel
Click
Cancel
to exit this screen without saving
Page 689 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
689
The following table describes the labels in this screen.
45.6
WWW Overview
The following figure shows secure and insecure management of the ZyWALL
coming in from the WAN. HTTPS and SSH access are secure. HTTP and Telnet
access are not secure.
See
Section 6.7.1 on page 106
for related information on these screens.
Note: To allow the ZyWALL to be accessed from a specified computer using a service,
make sure you do not have a service control rule or to-ZyWALL firewall rule to
block that traffic.
See
To-ZyWALL Rules on page 358
for more on To-ZyWALL firewall rules.
See
Section 7.8 on page 136
for an example of configuring service control to
block administrator HTTPS access from all zones except the LAN.
To stop a service from accessing the ZyWALL, clear
Enable
in the corresponding
service screen.
45.6.1
Service Access Limitations
A service cannot be used to access the ZyWALL when:
Table 217
Configuration > System > DNS > Service Control Rule Add
LABEL
DESCRIPTION
Create new
Object
Use this to configure any new settings objects that you need to use in
this screen.
Address
Object
Select
ALL
to allow or deny any computer to send DNS queries to the
ZyWALL.
Select a predefined address object to just allow or deny the computer
with the IP address that you specified to send DNS queries to the
ZyWALL.
Zone
Select
ALL
to allow or prevent DNS queries through any zones.
Select a predefined zone on which a DNS query to the ZyWALL is allowed
or denied.
Action
Select
Accept
to have the ZyWALL allow the DNS queries from the
specified computer.
Select
Deny
to have the ZyWALL reject the DNS queries from the
specified computer.
OK
Click
OK
to save your customized settings and exit this screen.
Cancel
Click
Cancel
to exit this screen without saving
Page 690 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
690
1
You have disabled that service in the corresponding screen.
2
The allowed IP address (address object) in the
Service Control
table does not
match the client IP address (the ZyWALL disallows the session).
3
The IP address (address object) in the
Service Control
table is not in the allowed
zone or the action is set to
Deny
.
4
There is a firewall rule that blocks it.
45.6.2
System Timeout
There is a lease timeout for administrators. The ZyWALL automatically logs you
out if the management session remains idle for longer than this timeout period.
The management session does not time out when a statistics screen is polling.
Each user is also forced to log in the ZyWALL for authentication again when the
reauthentication time expires.
You can change the timeout settings in the
User/Group
screens.
45.6.3
HTTPS
You can set the ZyWALL to use HTTP or HTTPS (HTTPS adds security) for Web
Configurator sessions. Specify which zones allow Web Configurator access and
from which IP address the access can come.
HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL)
is a web protocol that encrypts and decrypts web pages. Secure Socket Layer
(SSL) is an application-level protocol that enables secure transactions of data by
ensuring confidentiality (an unauthorized party cannot read the transferred data),
authentication (one party can identify the other party) and data integrity (you
know if data has been changed).
It relies upon certificates, public keys, and private keys (see
Chapter 41 on page
633
for more information).
HTTPS on the ZyWALL is used so that you can securely access the ZyWALL using
the Web Configurator. The SSL protocol specifies that the HTTPS server (the
ZyWALL) must always authenticate itself to the HTTPS client (the computer which
requests the HTTPS connection with the ZyWALL), whereas the HTTPS client only
should authenticate itself when the HTTPS server requires it to do so (select
Authenticate Client Certificates
in the
WWW
screen).
Authenticate Client
Certificates
is optional and if selected means the HTTPS client must send the
ZyWALL a certificate. You must apply for a certificate for the browser from a CA
that is a trusted CA on the ZyWALL.

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top