WAN

The screen differs by the encapsulation.

Note: The WAN 1 and WAN 2 IP addresses of a ZyWALL with multiple WAN interfaces must be on different subnets.

WAN Ethernet Encapsulation

For ISPs (such as Telstra) that send UDP heartbeat packets to verify that the customer is still online, please create a WAN-to-WAN/ZyWALL firewall rule for those packets. Contact your ISP to find the correct port number.

Label
Description
ISP Parameters for Internet Access
 
Encapsulation
You must choose the Ethernet option when the WAN port is used as a regular Ethernet.
Service Type
Choose from Standard, Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login.
The following fields do not appear with the Standard service type.
User Name
Type the user name given to you by your ISP.
Password
Type the password associated with the user name above.
Retype to Confirm
Type your password again to make sure that you have entered is correctly.
Login Server IP Address
Type the authentication server IP address here if your ISP gave you one.
This field is not available for Telia Login.
Login Server (Telia Login only)
Type the domain name of the Telia login server, for example login1.telia.com.
Relogin Every(min) (Telia Login only)
The Telia server logs the ZyWALL out if the ZyWALL does not log in periodically. Type the number of minutes from 1 to 59 (30 default) for the ZyWALL to wait between logins.
WAN IP Address Assignment
 
Get automatically from ISP
Select this option If your ISP did not assign you a fixed IP address. This is the default selection.
Use Fixed IP Address
Select this option If the ISP assigned a fixed IP address.
My WAN IP Address
Enter your WAN IP address in this field if you selected Use Fixed IP Address.
My WAN IP Subnet Mask
Enter the IP subnet mask (if your ISP gave you one) in this field if you selected Use Fixed IP Address.
Gateway IP Address
Enter the gateway IP address (if your ISP gave you one) in this field if you selected Use Fixed IP Address.
Advanced Setup
 
Enable NAT (Network Address Translation)
Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
Select this check box to enable NAT.
RIP Direction
RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.
Choose Both, None, In Only or Out Only.
When set to Both or Out Only, the ZyWALL will broadcast its routing table periodically.
When set to Both or In Only, the ZyWALL will incorporate RIP information that it receives.
When set to None, the ZyWALL will not send any RIP packets and will ignore any RIP packets received.
By default, RIP Direction is set to Both.
RIP Version
The RIP Version field controls the format and the broadcasting method of the RIP packets that the ZyWALL sends (it recognizes both formats when receiving).
Choose RIP-1, RIP-2B or RIP-2M.
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also. By default, the RIP Version field is set to RIP-1.
Enable Multicast
Select this check box to turn on IGMP (Internet Group Management Protocol). IGMP is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Multicast Version
Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Management Protocol) is a session-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about inter-operability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Spoof WAN MAC Address from LAN
You can configure the WAN port's MAC address by either using the factory assigned default MAC Address or cloning the MAC address of a computer on your LAN. By default, the ZyWALL uses the factory assigned MAC Address to identify itself on the WAN.
Otherwise, select this option and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different ROM file.
Clone the computer's MAC address - IP Address
Enter the IP address of the computer on the LAN whose MAC you are cloning.
If you clone the MAC address of a computer on your LAN, it is recommended that you clone the MAC address prior to hooking up the WAN port.
Apply
Click Apply to save your changes back to the ZyWALL.
Reset
Click Reset to begin configuring this screen afresh.

PPPoE Encapsulation

The ZyWALL supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE.

For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS).

One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals.

Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site.

By implementing PPPoE directly on the ZyWALL (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyWALL does that part of the task. Furthermore, with NAT, all of the LANs' computers will have access.

Label
Description
ISP Parameters for Internet Access
 
Encapsulation
Select PPPoE for a dial-up connection using PPPoE.
Service Name
Type the PPPoE service name provided to you by your ISP. PPPoE uses a service name to identify and reach the PPPoE server.
User Name
Type the user name given to you by your ISP.
Password
Type the password associated with the user name above.
Retype to Confirm
Type your password again to make sure that you have entered is correctly.
Authentication Type
The ZyWALL supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). CHAP is more secure than PAP; however, PAP is readily available on more platforms.
Use the drop-down list box to select an authentication protocol for outgoing calls. Options are:
CHAP/PAP - Your ZyWALL accepts either CHAP or PAP when requested by this remote node.
CHAP - Your ZyWALL accepts CHAP only.
PAP - Your ZyWALL accepts PAP only.
Nailed-Up
Select Nailed-Up if you do not want the connection to time out.
Idle Timeout
This value specifies the time in seconds that elapses before the ZyWALL automatically disconnects from the PPPoE server.
WAN IP Address Assignment
 
Get automatically from ISP
Select this option If your ISP did not assign you a fixed IP address. This is the default selection.
Use Fixed IP Address
Select this option If the ISP assigned a fixed IP address.
My WAN IP Address
Enter your WAN IP address in this field if you selected Use Fixed IP Address.
Advanced Setup
 
Enable NAT (Network Address Translation)
Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
Select this checkbox to enable NAT.
 
RIP Direction
RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.
Choose Both, None, In Only or Out Only.
When set to Both or Out Only, the ZyWALL will broadcast its routing table periodically.
When set to Both or In Only, the ZyWALL will incorporate RIP information that it receives.
When set to None, the ZyWALL will not send any RIP packets and will ignore any RIP packets received.
By default, RIP Direction is set to Both.
RIP Version
The RIP Version field controls the format and the broadcasting method of the RIP packets that the ZyWALL sends (it recognizes both formats when receiving).
Choose RIP-1, RIP-2B or RIP-2M.
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also. By default, the RIP Version field is set to RIP-1.
Enable Multicast
Select this check box to turn on IGMP (Internet Group Management Protocol). IGMP is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Multicast Version
Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Management Protocol) is a session-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about inter-operability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Spoof WAN MAC Address from LAN
You can configure the WAN port's MAC address by either using the factory assigned default MAC Address or cloning the MAC address of a computer on your LAN. By default, the ZyWALL uses the factory assigned MAC Address to identify itself on the WAN.
Otherwise, select this option and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different ROM file.
Clone the computer's MAC address - IP Address
Enter the IP address of the computer on the LAN whose MAC you are cloning.
If you clone the MAC address of a computer on your LAN, it is recommended that you clone the MAC address prior to hooking up the WAN port.
Apply
Click Apply to save your changes back to the ZyWALL.
Reset
Click Reset to begin configuring this screen afresh.

PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.

PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. The screen shown next is for PPTP encapsulation.

Label
Description
ISP Parameters for Internet Access
 
Encapsulation
Set the encapsulation method to PPTP. The ZyWALL supports only one PPTP server connection at any given time. To configure a PPTP client, you must configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
User Name
Type the user name given to you by your ISP.
Password
Type the password associated with the user name above.
Retype to Confirm
Type your password again to make sure that you have entered it correctly.
Authentication Type
The ZyWALL supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). CHAP is more secure than PAP; however, PAP is readily available on more platforms.
Use the drop-down list box to select an authentication protocol for outgoing calls. Options are:
CHAP/PAP - Your ZyWALL accepts either CHAP or PAP when requested by this remote node.
CHAP - Your ZyWALL accepts CHAP only.
PAP - Your ZyWALL accepts PAP only.
Nailed-up
Select Nailed-Up if you do not want the connection to time out.
Idle Timeout
This value specifies the time in seconds that elapses before the ZyWALL automatically disconnects from the PPTP server.
PPTP Configuration
 
My IP Address
Type the (static) IP address assigned to you by your ISP.
My IP Subnet Mask
Your ZyWALL will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the ZyWALL.
Server IP Address
Type the IP address of the PPTP server.
Connection ID/Name
Type your identification name for the PPTP server.
WAN IP Address Assignment
 
Get automatically from ISP
Select this option If your ISP did not assign you a fixed IP address. This is the default selection.
Use Fixed IP Address
Select this option If the ISP assigned a fixed IP address.
My WAN IP Address
Enter your WAN IP address in this field if you selected Use Fixed IP Address.
Advanced Setup
 
Enable NAT (Network Address Translation)
Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
Select this checkbox to enable NAT.
 
RIP Direction
RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.
Choose Both, None, In Only or Out Only.
When set to Both or Out Only, the ZyWALL will broadcast its routing table periodically.
When set to Both or In Only, the ZyWALL will incorporate RIP information that it receives.
When set to None, the ZyWALL will not send any RIP packets and will ignore any RIP packets received.
By default, RIP Direction is set to Both.
RIP Version
The RIP Version field controls the format and the broadcasting method of the RIP packets that the ZyWALL sends (it recognizes both formats when receiving).
Choose RIP-1, RIP-2B or RIP-2M.
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also. By default, the RIP Version field is set to RIP-1.
Enable Multicast
Select this check box to turn on IGMP (Internet Group Management Protocol). IGMP is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Multicast Version
Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Management Protocol) is a session-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about inter-operability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Spoof WAN MAC Address from LAN
You can configure the WAN port's MAC address by either using the factory assigned default MAC Address or cloning the MAC address of a computer on your LAN. By default, the ZyWALL uses the factory assigned MAC Address to identify itself on the WAN.
Otherwise, select this option and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different ROM file.
Clone the computer's MAC address - IP Address
Enter the IP address of the computer on the LAN whose MAC you are cloning.
If you clone the MAC address of a computer on your LAN, it is recommended that you clone the MAC address prior to hooking up the WAN port.
Apply
Click Apply to save your changes back to the ZyWALL.
Reset
Click Reset to begin configuring this screen afresh.