ZyXEL "ZyWALL-70" release v3.6x/4.00/4.01/4.02/4.03/4.04:

End-of-Sale and End-of-Life Products about:
Anti-Spam iCard/E-iCard (Anti-Spam License)
AV+IDP iCard/E-iCard (Anti-Virus+IDP License)

Information Beschreibung Filename

UserGuide_4.04
CLI-RefGuide_4.04

Firmware for ZyWALL-70 v4.04(WM.4) neu
Firmware for ZyWALL-70 v4.04(WM.3)
Firmware for ZyWALL-70 v4.04(WM.2)
Firmware for ZyWALL-70 v4.04(WM.1)
 

How can send "Syslog" and "SMTP" through VPN ?
Use following CI-Command to can use this:
- ipsec swDevTri on

zyw70_v4.04(WM.4).zip
zyw70_v4.04(WM.3).zip
zyw70_v4.04(WM.2).zip
zyw70_v4.04(WM.1).zip
 
 
 
 

Support-Notes_4.03
CLI-RefGuide_4.03
QuickStartGuide
UserGuide_4.03

Firmware for ZyWALL-70 v4.03(WM.1)
Firmware for ZyWALL-70 v4.03(WM.0)
Entsprechend dazu die ZyNOS-News_4.03

zyw70_v4.03(WM.1).zip
zyw70_v4.03(WM.0).zip

UserGuide_4.02

Firmware for ZyWALL-70 v4.02(WM.2)
Firmware for ZyWALL-70 v4.02(WM.1)
Firmware for ZyWALL-70 v4.02(WM.0)

zyw70_v4.02(WM.2).zip
zyw70_v4.02(WM.1).zip
zyw70_v4.02(WM.0).zip

UserGuide_4.01
Support-Notes_4.01

Firmware for ZyWALL-70 v4.01(WM.4)
Firmware for ZyWALL-70 v4.01(WM.3)
Firmware for ZyWALL-70 v4.01(WM.2)
Firmware for ZyWALL-70 v4.01(WM.1)
Firmware for ZyWALL-70 v4.01(WM.0)

zyw70_v4.01(WM.4).zip
zyw70_v4.01(WM.3).zip
zyw70_v4.01(WM.2).zip
zyw70_v4.01(WM.1).zip
zyw70_v4.01(WM.0).zip

UserGuide_4.00
QuickStartGuide
UTM-Services
PDF-Support-Notes

Firmware for ZyWALL-70 v4.00(WM.12)
Firmware for ZyWALL-70 v4.00(WM.11)
Firmware for ZyWALL-70 v4.00(WM.10)
Firmware for ZyWALL-70 v4.00(WM.9)
Firmware for ZyWALL-70 v4.00(WM.8)
Firmware for ZyWALL-70 v4.00(WM.7)
Firmware for ZyWALL-70 v4.00(WM.6)
Firmware for ZyWALL-70 v4.00(WM.5)
Firmware for ZyWALL-70 v4.00(WM.4)

Zuvor muss die Firmware v3.65 aufgespielt worden sein!

zyw70_v4.00(WM.12)c0.zip
zyw70_v4.00(WM.11)c0.zip
zyw70_v4.00(WM.10)c0.zip
zyw70_v4.00(WM.9)c0.zip
zyw70_v4.00(WM.8)c0.zip
zyw70_v4.00(WM.7)c0.zip
zyw70_v4.00(WM.6)c0.zip
zyw70_v4.00(WM.5)c0.zip
zyw70_v4.00(WM.4)c0.zip
 

Firmware for ZyWALL-70 v3.65(WM.8)
Firmware for ZyWALL-70 v3.65(WM.7)
Firmware for ZyWALL-70 v3.65(WM.6)
Firmware for ZyWALL-70 v3.65(WM.5)
Firmware for ZyWALL-70 v3.65(WM.4)
Firmware for ZyWALL-70 v3.65(WM.0)

zyw70_v3.65(WM.8)c0.zip
zyw70_v3.65(WM.7)c0.zip
zyw70_v3.65(WM.6)c0.zip
zyw70_v3.65(WM.5)c0.zip
zyw70_v3.65(WM.4)c0.zip
zyw70_v3.65(WM.0)c0.zip

UserGuide_3.64
QuickStartGuide

Firmware for ZyWALL-70 v3.64(WM.3)
Firmware for ZyWALL-70 v3.64(WM.2)

zyw70_v3.64(WM.3)c0.zip
zyw70_v3.64(WM.2)c0.zip

UserGuide_3.63

Firmware for ZyWALL-70 v3.63(WM.2)
Firmware for ZyWALL-70 v3.63(WM.0) - DL/Preview

zyw70_v3.63(WM.2)c0.zip
zyw70_v3.63(WM.0)c0.zip

UserGuide_3.62
QuickStartGuide

Firmware for ZyWALL-70 v3.62(WM.6) - DL/Preview

zyw70_v3.62(WM.6)c0.zip

Support-Notes
Konfiguration_FAQ

ZyWALL-70: 1 LAN-Port, 4 DMZ-Ports, 2 WAN-Ports,
Wireless-LAN (Optional), 100 VPN, Firewall.

Datasheet

>>> Flashen eines Prestige-Routers per Seriell <<<

>>>
Beispiel-Darstellung zur Einstellung von Safenet-Softremote/RemoteSecurityClient (RSC) <<<
>>>
Beispiel-Darstellung zur Einstellung von Greenbow/ZyXEL IPSec VPN Client <<<

>>>
Beispiel-Darstellung ICQ Professional hinter NAT <<<

>>>
Beispiel Einrichtung eines ES-2108 für VDSL (T-Home) mit VLAN-ID 7 Tag. <<<

 

Aenderung zum VPN-Verhalten: Multiple  VPN Clients which located behind same NAT Router

[ENHANCEMENT]
Add a CI command, "ipsec initContactMode gateway|tunnel", to support multiple VPN clients which located behind the same NAT router can build VPN tunnel to ZyWALL.

Seit der Firmware 4.00(WM.7) wurde diese Erweiterung entsprechend eingepflegt, was standardmaessig noch auf "gateway" eingestellt ist.
Wenn nun hinter einem NAT-Router 2 oder mehr SoftVPN-Clients zur selben ZyWALL einen Dynamischen Tunnel aufbauen, wird der Traffic des zuletzt aufgebauten Clients funktionieren.
Jener Traffic der zuvor aufgebauten VPN-Client Verbindungen hingegen sind unterbrochen - hierzu muss im SMT-Menu 24.8 der ZyWALL folgendes einmal eingegeben werden:

ras> ipsec initContactMode
USAGE: ipsec initContactMode gateway|tunnel, now is :gateway mode
ras> ipsec initContactMode tunnel
ras> exit | 99
 

[RFC 2407]The INITIAL-CONTACT(IC) status message may be used when one side wishes to inform the other that this is the first SA being established with the remote system.  The receiver of this Notification Message might then elect to delete any existing SA's it has for the sending system under the assumption that the sending system has rebooted and no longer has access to the original SA's and their associated keying material.
 
The ZyWALL has two ways to delete SA when it receives IC, it is switched by a global option 'ipsec initContactMode gateway/tunnel':
 
(1)ipsec initContactMode gateway
    When the ZyWALL receives a IKE packets with IC, it deletes all tunnels with the same secure gateway IP. It is default option because the ZyWALL is site to site VPN device. Take the picture 1 as example, there are three VPN tunnels are created between ZWA and ZWB, but ZWA reboots for some reasons, and after rebooting, the ZWA will send a IKE with IC to the ZWB, then the ZWB will delete all existing tunnels whose security gateway IP is the same as this IKE's one and build a new VPN tunnel for the sender.
 


(2)ipsec initContactMode tunnel
    When the ZyWALL receives a IKE packets with IC, it deletes only one existing tunnel, whose security gateway IP is not only the same as this IKE's one and also its phase 2 ID(network policy) should match. It is suitable when your tunnel is created from a VPN peer to ZyWALL and there are more than two this kind of VPN peers build tunnels behind the same NAT router. Take the picture 2 as example, PC 1, PC2 and PC3 has it's own VPN software to create tunnels with ZW. Suppose that the PC1, PC2 and PC3 separately create different tunnels with ZW for the traffic to PC4, PC5 and PC6, once the PC1 reboots for some reasons, and after rebooting, the PC1 sends a IKE with IC to the ZWB, then the ZWB will only delete the tunnel which is used by PC1 and PC4 and build a new VPN tunnel for it. So other tunnels will not be disconnected.
 


 

Beispiele VPN-Konfiguration ab Firmware v4.xx

All Data Through VPN:
Dynamic VPN SoftVPN-Client:
DNS-to-IP VPN:
DNS-to-DNS VPN:
Zusatzeinstellungen:

 Gateway-Konfiguration
 Gateway-Konfiguration
 Gateway-Konfiguration
 Gateway-Konfiguration
 VPN Global Setting
 Network-Konfiguration
 Network-Konfiguration

 Network-Konfiguration
 Network-Konfiguration
 DNS Setting

 

Aenderung zur VPN-Konfiguration ab Firmware v3.64 gegenueber v3.62/3.63

"Output Idle Timer", "Input Idle Timer" und "Gateway Domain Name Updade Timer" ggf. wie folgt einstellen: VPN-Menu Global Setting.
Sollte in der "autoexec.net" noch der Befehl "ipsec timer update 5" enthalten sein, diesen nun bitte entsprechend entfernen.

Den Ersteintrag einer "VPN Rule" eines Tunnels entsprechend wie im Beispiel einstellen: VPN Gateway Policy.
Bei VPN-Tunnel zwischen ZyWALLs untereinander, sollte hierbei der Punkt "Enable Multiple Proposals" aktiviert sein.
Bei VPN-Tunnel zu Routern der Prestige 600er Serie, laesst man diesen Punkt am besten deaktiviert.

Bei "Gateway Policy Information" sollte der Punkt "MyZyWALL" mit dem eigenen "hostname.dyndns.org" Eintrag versehen sein (nicht 0.0.0.0).

Wenn obige Punkte entsprechend nachbearbeitet wurden, kann man "Nailed-UP" wie im Beispiel VPN Network Policy verwenden.

 

DDNS-Update Problem Firmware v3.63 / Work´a´Round

Derzeit ist es scheinbar so, das nach einer 24-Stunden-Zwangstrennung der DDNS-Update nicht initiiert zu werden scheint.
Dies liegt in der Routine der Zwangstrennung seitens dem Provider und wurde bisher noch nicht so recht behoben.
Es gibt jedoch eine anwendbare Loesung dazu, um wenigstens voruebergehend vernuenftig damit arbeiten zu koennen.
Dazu ist ueber "Telnet" auf den ZyWALL zugegriffen 1 Schedule-Set zu konfigurieren und dieser im RemoteNode einzutragen.
Dadurch greift man einem solchen ProviderDisconnect zu entsprechender Zeit vor und der DDNS-Update selbst funktioniert.
 

                            Menu 26 - Schedule Setup

     Schedule                             Schedule
     Set #          Name                  Set #          Name
     ------  -----------------            ------  -----------------
       1      Discon1                       7      _______________
       2      _______________               8      _______________
       3      _______________               9      _______________
       4      _______________              10      _______________
       5      _______________              11      _______________
       6      _______________              12      _______________



                    Enter Schedule Set Number to Configure= 0

                    Edit Name= N/A

                    Press ENTER to Confirm or ESC to Cancel:
                          Menu 26.1 Schedule Set Setup

          Active= Yes
          How Often= Weekly
          Start Date(yyyy-mm-dd)= 2007 - 01 - 01
          Once:
            Date(yyyy-mm-dd)= N/A
          Weekdays:
            Sunday= Yes
            Monday= Yes
            Tuesday= Yes
            Wednesday= Yes
            Thursday= Yes
            Friday= Yes
            Saturday= Yes
          Start Time(hh:mm)= 04 : 55
          Duration(hh:mm)= 00 : 02
          Action= Forced Down

                    Press ENTER to Confirm or ESC to Cancel:
                         Menu 11.1 - Remote Node Profile

     Rem Node Name= WAN 1                 Route= IP
     Active= Yes

     Encapsulation= PPPoE                 Edit IP= No
     Service Type= Standard               Telco Option:
     Service Name=                          Allocated Budget(min)= 0
     Outgoing:                              Period(hr)= 0
       My Login= 11111111111122222222222#0+ Schedules= 1
       My Password= ********                Nailed-Up Connection= Yes
       Retype to Confirm= ********
       Authen= CHAP/PAP
                                          Session Options:
                                            Edit Filter Sets= No
                                            Idle Timeout(sec)= N/A



                    Press ENTER to Confirm or ESC to Cancel: