Zyxel USG20-VPN, USG20W-VPN, 310, 1100, 110 User Manual

...
0 (0)
Zyxel USG20-VPN, USG20W-VPN, 310, 1100, 110 User Manual

User’s Guide

ZyWALL USG Series

Default Login Details

 

 

 

 

 

 

Version 4.33 Edition 1, 01/2019

 

 

 

 

 

LAN Port IP Address

 

https://192.168.1.1

 

 

 

 

 

 

User Name

 

 

 

admin

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Password

 

 

 

1234

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Copyright © 2019 Zyxel Communications Corporation

IMPORTANT!

READ CAREFULLY BEFORE USE.

KEEP THIS GUIDE FOR FUTURE REFERENCE.

This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in product features or web configurator brand style. Most screen shots in this guide come from the USG110 and USG60W. Screen shots for other models may vary. Every effort has been made to ensure that the information in this manual is accurate.

Note: The version number on the cover page refers to the latest firmware version supported by the Zyxel Device. This guide applies to versions 4.10, 4.11, 4.13, 4.15, 4.16, 4.20, 4.25, 4.30, 4.31, 4.32 and 4.33 at the time of writing.

Related Documentation

Quick Start Guide

The Quick Start Guide shows how to connect the Zyxel Device and access the Web Configurator wizards. (See the wizard real time help for information on configuring each screen.) It also contains a connection diagram and package contents list.

CLI Reference Guide

The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the Zyxel Device.

Note: It is recommended you use the Web Configurator to configure the Zyxel Device.

Web Configurator Online Help

Click the help icon in any screen for help in configuring that screen and supplementary information.

More Information

Go to https://businessforum.zyxel.com for product discussions.

Go to support.zyxel.com to find other information on Zyxel Device.

ZyWALL USG Series User’s Guide

2

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this guide.

Warnings tell you about things that could harm you or your device.

Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.

Syntax Conventions

All models in this series may be referred to as the “Zyxel Device” in this guide.

Product labels, screen names, field labels and field choices are all in bold font.

A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Configuration > Network > Interface > Ethernet means you first click Configuration in the navigation panel, then Network, then the Interface sub menu and finally the Ethernet tab to get to that screen.

Icons Used in Figures

Figures in this user guide may use the following generic icons. The Zyxel Device icon is not an exact representation of your device.

Zyxel Device

Generic Router

Wireless Router / Access Point

 

 

 

Switch

Firewall

Server

 

 

 

Internet

Network Cloud

Smartphone

 

 

 

USB Dongle

 

 

 

 

 

ZyWALL USG Series User’s Guide

3

Contents Overview

 

Contents Overview

Introduction ...........................................................................................................................................

28

Initial Setup Wizard ...............................................................................................................................

53

Hardware, Interfaces and Zones ........................................................................................................

68

Easy Mode .............................................................................................................................................

82

Quick Setup Wizards ...........................................................................................................................

145

Dashboard ..........................................................................................................................................

176

Monitor .................................................................................................................................................

190

Licensing ..............................................................................................................................................

255

Wireless .................................................................................................................................................

262

Interfaces .............................................................................................................................................

285

Routing .................................................................................................................................................

388

DDNS ...................................................................................................................................................

415

NAT .......................................................................................................................................................

421

Redirect Service ..................................................................................................................................

429

ALG .......................................................................................................................................................

435

UPnP .....................................................................................................................................................

442

IP/MAC Binding ...................................................................................................................................

451

Layer 2 Isolation ..................................................................................................................................

456

DNS Inbound LB ..................................................................................................................................

460

Web Authentication ..........................................................................................................................

466

Hotspot ................................................................................................................................................

498

Printer Manager ..................................................................................................................................

516

Free Time .............................................................................................................................................

528

IPnP .......................................................................................................................................................

533

Walled Garden ...................................................................................................................................

536

Advertisement Screen .......................................................................................................................

542

Security Policy .....................................................................................................................................

545

Cloud CNM ........................................................................................................................................

571

Amazon VPC ......................................................................................................................................

577

IPSec VPN ............................................................................................................................................

579

SSL VPN ................................................................................................................................................

615

SSL User Screens .................................................................................................................................

626

Zyxel Device SecuExtender (Windows) ............................................................................................

639

L2TP VPN ..............................................................................................................................................

643

BWM (Bandwidth Management) ..................................................................................................

648

Application Patrol ...............................................................................................................................

663

Content Filtering .................................................................................................................................

669

IDP ........................................................................................................................................................

688

Anti-Virus ..............................................................................................................................................

713

ZyWALL USG Series User’s Guide

 

4

 

Contents Overview

Anti-Spam ............................................................................................................................................

725

SSL Inspection ......................................................................................................................................

743

Device HA ...........................................................................................................................................

752

Object ..................................................................................................................................................

768

System ..................................................................................................................................................

874

Log and Report ...................................................................................................................................

932

File Manager .......................................................................................................................................

950

Diagnostics .........................................................................................................................................

964

Packet Flow Explore ..........................................................................................................................

982

Shutdown .............................................................................................................................................

990

Troubleshooting ..................................................................................................................................

991

ZyWALL USG Series User’s Guide

5

Table of Contents

 

Table of Contents

Document Conventions ......................................................................................................................

3

Contents Overview .............................................................................................................................

4

Table of Contents .................................................................................................................................

6

Part I: User’s Guide..........................................................................................

27

Chapter 1

 

Introduction ........................................................................................................................................

28

1.1 Overview .........................................................................................................................................

28

1.2 Registration at myZyxel ..................................................................................................................

29

1.2.1 Grace Period .........................................................................................................................

30

1.2.2 Applications ...........................................................................................................................

30

1.3 Management Overview ................................................................................................................

33

1.4 Web Configurator ...........................................................................................................................

34

1.4.1 Web Configurator Access ....................................................................................................

35

1.4.2 Web Configurator Screens Overview .................................................................................

38

1.4.3 Navigation Panel ..................................................................................................................

41

1.4.4 Tables and Lists ......................................................................................................................

50

Chapter 2

 

Initial Setup Wizard.............................................................................................................................

53

2.1 Initial Setup Wizard Screens ..........................................................................................................

53

2.1.1 Internet Access Setup - WAN Interface .............................................................................

54

2.1.2 Internet Access: Ethernet ....................................................................................................

54

2.1.3 Internet Access: PPPoE .........................................................................................................

56

2.1.4 Internet Access: PPTP ...........................................................................................................

57

2.1.5 Internet Access: L2TP ............................................................................................................

58

2.1.6 Internet Access Setup - Second WAN Interface ...............................................................

60

2.1.7 Internet Access: Congratulations .......................................................................................

61

2.1.8 Date and Time Settings ........................................................................................................

61

2.1.9 Register Device .....................................................................................................................

62

2.1.10 Activate Service ..................................................................................................................

63

2.1.11 Wireless Settings: AP Controller .........................................................................................

64

2.1.12 Wireless Settings: SSID & Security ......................................................................................

65

2.1.13 Remote Management ......................................................................................................

66

ZyWALL USG Series User’s Guide

 

6

 

Table of Contents

 

Chapter 3

 

Hardware, Interfaces and Zones ......................................................................................................

68

3.1 Hardware Overview .......................................................................................................................

68

 

3.1.1 Front Panels ............................................................................................................................

68

 

3.1.2 Rear Panels ............................................................................................................................

72

3.2

Mounting .........................................................................................................................................

74

 

3.2.1 Rack-mounting ......................................................................................................................

74

 

3.2.2 USG2200-VPN/USG2200 Rack Mounting ............................................................................

75

 

3.2.3 Wall-mounting .......................................................................................................................

78

3.3

Default Zones, Interfaces, and Ports ............................................................................................

79

3.4

Stopping the Zyxel Device ............................................................................................................

81

Chapter 4

 

Easy Mode ..........................................................................................................................................

82

4.1

Overview ........................................................................................................................................

82

 

4.1.1 Wizards and Links ..................................................................................................................

82

 

4.1.2 Easy Mode Settings ...............................................................................................................

83

 

4.1.3 Easy Mode Dashboard .........................................................................................................

84

4.2

Initial Setup Wizard - Language and Overview ........................................................................

87

 

4.2.1 Initial Setup Wizard - Internet ...........................................................................................

88

 

4.2.2 Initial Setup Wizard - Internet Access Errors .....................................................................

89

 

4.2.3 Initial Setup Wizard - Date and Time ................................................................................

90

 

4.2.4 Initial Setup Wizard - Register Device ..............................................................................

91

 

4.2.5 Initial Setup Wizard - Activate Services ............................................................................

93

 

4.2.6 Initial Setup Wizard - Wi-Fi ..................................................................................................

95

 

4.2.7 Remote Management ........................................................................................................

96

 

4.2.8 Initial Setup Wizard - Congratulations ..............................................................................

97

4.3

Initial Setup Wizard - Security Service .......................................................................................

98

4.4

Initial Setup Wizard - Port Forwarding .......................................................................................

100

4.5

Initial Setup Wizard - Guest LAN ...............................................................................................

101

 

4.5.1 Connecting AP Scenarios ..................................................................................................

102

4.6

Initial Setup Wizard - Remote Management ..........................................................................

103

4.7

Initial Setup Wizard - VPN ...........................................................................................................

104

 

4.7.1 VPN Setup Wizard: Wizard Type ......................................................................................

105

 

4.7.2 VPN Express Wizard - Scenario .........................................................................................

105

 

4.7.3 VPN Express Wizard - Configuration ................................................................................

107

 

4.7.4 VPN Express Wizard - Summary ........................................................................................

108

 

4.7.5 VPN Express Wizard - Finish ...............................................................................................

108

 

4.7.6 VPN Advanced Wizard - Scenario ..................................................................................

109

 

4.7.7 VPN Advanced Wizard - Phase 1 Settings .....................................................................

110

 

4.7.8 VPN Advanced Wizard - Phase 2 ....................................................................................

112

 

4.7.9 VPN Advanced Wizard - Summary .................................................................................

113

 

4.7.10 VPN Advanced Wizard - Finish ......................................................................................

114

 

ZyWALL USG Series User’s Guide

 

7

Table of Contents

 

4.8 VPN Settings for Configuration Provisioning Wizard: Wizard Type .........................................

114

4.8.1 Configuration Provisioning Express Wizard - VPN Settings ............................................

115

4.8.2 Configuration Provisioning VPN Express Wizard - Configuration .................................

116

4.8.3 VPN Settings for Configuration Provisioning Express Wizard - Summary .....................

117

4.8.4 VPN Settings for Configuration Provisioning Express Wizard - Finish ..............................

118

4.8.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ................

119

4.8.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings

.... 120

4.8.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 .................

121

4.8.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ...............

122

4.8.9 VPN Settings for Configuration Provisioning Advanced WizardFinish .......................

124

4.9 VPN Settings for L2TP VPN Settings Wizard ...............................................................................

125

4.9.1 L2TP VPN Settings 1 .............................................................................................................

126

4.9.2 L2TP VPN Settings 2 ............................................................................................................

127

4.9.3 VPN Settings for L2TP VPN Setting Wizard - Summary ...................................................

128

4.9.4 VPN Settings for L2TP VPN Setting Wizard Completed ..................................................

129

4.10 Port Forwarding .........................................................................................................................

130

4.10.1 Port Forwarding > Add Client ........................................................................................

131

4.10.2 Port Forwarding > Add Service ......................................................................................

131

4.10.3 Port Forwarding > UPnP ..................................................................................................

131

4.11 Wi-Fi and Guest Network Wizard ...........................................................................................

133

4.11.1 Guest LAN (Wired Network) ...........................................................................................

134

4.11.2 Connecting AP Scenarios ................................................................................................

135

4.12 Security Service Wizard ..........................................................................................................

136

4.12.1 Security Service Wizard 2 - Content Filter Categories ...............................................

137

4.12.2 Security Service Wizard 3 - Websites ...........................................................................

139

4.12.3 Security Service Wizard 4 - Exemptions ......................................................................

140

4.12.4 Security Service Wizard 5 - IDP/AV ..............................................................................

141

4.13 MyZyxel Portal .........................................................................................................................

142

4.14 One Security Portal .................................................................................................................

143

Chapter 5

 

Quick Setup Wizards........................................................................................................................

145

5.1 Quick Setup Overview .................................................................................................................

145

5.2 WAN Interface Quick Setup ........................................................................................................

146

5.2.1 Choose an Ethernet Interface ...........................................................................................

146

5.2.2 Select WAN Type .................................................................................................................

147

5.2.3 Configure WAN IP Settings .................................................................................................

147

5.2.4 ISP and WAN and ISP Connection Settings ......................................................................

148

5.2.5 Quick Setup Interface Wizard: Summary .........................................................................

151

5.3 VPN Setup Wizard .........................................................................................................................

152

5.3.1 Welcome ..............................................................................................................................

152

5.3.2 VPN Setup Wizard: Wizard Type ........................................................................................

153

5.3.3 VPN Express Wizard - Scenario ..........................................................................................

154

ZyWALL USG Series User’s Guide

 

8

Table of Contents

 

5.3.4 VPN Express Wizard - Configuration .................................................................................

155

5.3.5 VPN Express Wizard - Summary .........................................................................................

156

5.3.6 VPN Express Wizard - Finish ................................................................................................

157

5.3.7 VPN Advanced Wizard - Scenario ...................................................................................

157

5.3.8 VPN Advanced Wizard - Phase 1 Settings ......................................................................

159

5.3.9 VPN Advanced Wizard - Phase 2 .....................................................................................

160

5.3.10 VPN Advanced Wizard - Summary ................................................................................

161

5.3.11 VPN Advanced Wizard - Finish .......................................................................................

161

5.4 VPN Settings for Configuration Provisioning Wizard: Wizard Type ...........................................

162

5.4.1 Configuration Provisioning Express Wizard - VPN Settings .............................................

163

5.4.2 Configuration Provisioning VPN Express Wizard - Configuration ..................................

164

5.4.3 VPN Settings for Configuration Provisioning Express Wizard - Summary ......................

164

5.4.4 VPN Settings for Configuration Provisioning Express Wizard - Finish ..............................

165

5.4.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario .................

166

5.4.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings

.... 167

5.4.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 ..................

168

5.4.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ................

168

5.4.9 VPN Settings for Configuration Provisioning Advanced WizardFinish ........................

170

5.5 VPN Settings for L2TP VPN Settings Wizard .................................................................................

171

5.5.1 L2TP VPN Settings ................................................................................................................

172

5.5.2 L2TP VPN Settings ................................................................................................................

173

5.5.3 VPN Settings for L2TP VPN Setting Wizard - Summary ....................................................

174

5.5.4 VPN Settings for L2TP VPN Setting Wizard Completed ...................................................

175

Chapter 6

 

Dashboard........................................................................................................................................

176

6.1 Overview .......................................................................................................................................

176

6.1.1 What You Can Do in this Chapter .....................................................................................

176

6.2 Main Dashboard Screen ..............................................................................................................

176

6.2.1 Device Information Screen ................................................................................................

178

6.2.2 System Status Screen ..........................................................................................................

179

6.2.3 DHCP Table Screen .............................................................................................................

180

6.2.4 Number of Login Users Screen ...........................................................................................

181

6.2.5 System Resources Screen ...................................................................................................

182

6.2.6 Extension Slot Screen ..........................................................................................................

183

6.2.7 Interface Status Summary Screen .....................................................................................

183

6.2.8 Secured Service Status Screen ..........................................................................................

185

6.2.9 Content Filter Statistics Screen ...........................................................................................

185

6.2.10 Top 5 Viruses Screen .........................................................................................................

186

6.2.11 Top 5 Intrusions Screen .....................................................................................................

187

6.2.12 Top 5 IPv4/IPv6 Security Policy Rules that Blocked Traffic Screen ...............................

187

6.2.13 The Latest Alert Logs Screen ............................................................................................

187

ZyWALL USG Series User’s Guide

 

9

Table of Contents

Part II: Technical Reference.........................................................................

189

Chapter 7

 

 

Monitor..............................................................................................................................................

 

 

190

7.1

Overview .......................................................................................................................................

190

 

7.1.1 What You Can Do in this Chapter .....................................................................................

190

7.2

The Port Statistics Screen ............................................................................................................

192

 

7.2.1 The Port Statistics Graph Screen .......................................................................................

193

7.3

Interface Status Screen ................................................................................................................

194

7.4

The Traffic Statistics Screen ..........................................................................................................

198

7.5

The Session Monitor Screen ........................................................................................................

201

7.6

IGMP Statistics ...............................................................................................................................

203

7.7

The DDNS Status Screen ...............................................................................................................

204

7.8

IP/MAC Binding .............................................................................................................................

204

7.9

The Login Users Screen ................................................................................................................

205

7.10 The Dynamic Guest Screen ......................................................................................................

206

7.11

Cellular Status Screen ................................................................................................................

208

 

7.11.1 More Information ..............................................................................................................

210

7.12

The UPnP Port Status Screen .....................................................................................................

211

7.13

USB Storage Screen ....................................................................................................................

212

7.14

Ethernet Neighbor Screen ........................................................................................................

213

7.15 FQDN Object Screen ................................................................................................................

214

7.16

AP Information: AP List ...............................................................................................................

216

 

7.16.1 AP List: More Information ................................................................................................

218

 

7.16.2 AP List: Config AP .............................................................................................................

221

7.17

AP Information: Radio List ..........................................................................................................

222

 

7.17.1 Radio List: More Information ............................................................................................

224

7.18

AP Information: Top N APs ........................................................................................................

225

7.19

AP Information: Single AP ..........................................................................................................

227

7.20

ZyMesh .........................................................................................................................................

228

7.21

SSID Info .......................................................................................................................................

228

7.22

Station Info: Station List ..............................................................................................................

229

7.23

Station Info: Top N Stations ........................................................................................................

230

7.24

Station Info: Single Station .........................................................................................................

231

7.25 Detected Device .......................................................................................................................

232

7.26

The Printer Status Screen ...........................................................................................................

233

7.27

The IPSec Screen ........................................................................................................................

233

7.28

The SSL Screen .............................................................................................................................

235

7.29

The L2TP over IPSec Screen .......................................................................................................

236

7.30

The App Patrol Screen ...............................................................................................................

236

7.31

The Content Filter Screen ..........................................................................................................

237

7.32

The IDP Screen ............................................................................................................................

239

7.33

The Anti-Virus Screen ..................................................................................................................

241

ZyWALL USG Series User’s Guide

10

Table of Contents

 

7.34 The Anti-Spam Screens ..............................................................................................................

243

7.34.1 Anti-Spam Summary .........................................................................................................

243

7.34.2 The Anti-Spam Status Screen ...........................................................................................

245

7.35 The SSL Inspection Screens ........................................................................................................

247

7.35.1 Certificate Cache List .......................................................................................................

248

7.36 Log Screens .................................................................................................................................

249

7.36.1 View Log ............................................................................................................................

249

7.36.2 View AP Log .......................................................................................................................

251

7.36.3 Dynamic Users Log ............................................................................................................

253

Chapter 8

 

Licensing...........................................................................................................................................

255

8.1 Registration Overview ..................................................................................................................

255

8.1.1 What you Need to Know ....................................................................................................

255

8.1.2 Registration Screen .............................................................................................................

255

8.1.3 Service Screen .....................................................................................................................

256

8.2 Signature Update .........................................................................................................................

258

8.2.1 What you Need to Know ....................................................................................................

258

8.2.2 The Anti-Virus Update Screen ............................................................................................

258

8.2.3 The IDP/AppPatrol Update Screen ...................................................................................

259

Chapter 9

 

Wireless .............................................................................................................................................

262

9.1 Overview .......................................................................................................................................

262

9.1.1 What You Can Do in this Chapter .....................................................................................

262

9.2 Controller Screen .........................................................................................................................

262

9.3 AP Management Screens ...........................................................................................................

263

9.3.1 Mgnt. AP List .......................................................................................................................

263

9.3.2 AP Policy ..............................................................................................................................

267

9.3.3 AP Group .............................................................................................................................

268

9.3.4 Firmware ...............................................................................................................................

275

9.4 MON Mode ...................................................................................................................................

277

9.4.1 Add/Edit Rogue/Friendly List ..............................................................................................

279

9.5 Auto Healing .................................................................................................................................

280

9.6 RTLS Overview ...............................................................................................................................

280

9.6.1 What You Can Do in this Chapter .....................................................................................

281

9.6.2 Before You Begin .................................................................................................................

281

9.6.3 Configuring RTLS ..................................................................................................................

282

9.7 Technical Reference ....................................................................................................................

283

9.7.1 Dynamic Channel Selection ..............................................................................................

283

9.7.2 Load Balancing ...................................................................................................................

284

Chapter 10

 

Interfaces..........................................................................................................................................

285

ZyWALL USG Series User’s Guide

 

11

Table of Contents

 

10.1 Interface Overview ....................................................................................................................

285

10.1.1 What You Can Do in this Chapter ...................................................................................

285

10.1.2 What You Need to Know .................................................................................................

286

10.1.3 What You Need to Do First ...............................................................................................

290

10.2 Port Role .......................................................................................................................................

290

10.3 Port Group ...................................................................................................................................

291

10.4 Ethernet Summary Screen .........................................................................................................

292

10.4.1 Ethernet Edit ......................................................................................................................

293

10.4.2 Proxy ARP ...........................................................................................................................

309

10.4.3 Virtual Interfaces ..............................................................................................................

310

10.4.4 References .........................................................................................................................

312

10.4.5 Add/Edit DHCPv6 Request/Release Options .................................................................

312

10.4.6 Add/Edit DHCP Extended Options .................................................................................

313

10.5 PPP Interfaces .............................................................................................................................

315

10.5.1 PPP Interface Summary ....................................................................................................

315

10.5.2 PPP Interface Add or Edit ................................................................................................

317

10.6 Cellular Configuration Screen ...................................................................................................

321

10.6.1 Cellular Choose Slot .........................................................................................................

324

10.6.2 Add / Edit Cellular Configuration ....................................................................................

324

10.7 Tunnel Interfaces ........................................................................................................................

330

10.7.1 Configuring a Tunnel ........................................................................................................

332

10.7.2 Tunnel Add or Edit Screen ................................................................................................

333

10.8 VLAN Interfaces .........................................................................................................................

336

10.8.1 VLAN Summary Screen .....................................................................................................

338

10.8.2 VLAN Add/Edit .................................................................................................................

339

10.9 Bridge Interfaces ........................................................................................................................

351

10.9.1 Bridge Summary ................................................................................................................

352

10.9.2 Bridge Add/Edit ................................................................................................................

354

10.10 LAG ............................................................................................................................................

363

10.10.1 LAG Summary Screen .....................................................................................................

364

10.10.2 LAG Add/Edit .................................................................................................................

365

10.11 VTI ...............................................................................................................................................

371

10.11.1 Restrictions for IPSec Virtual Tunnel Interface ..............................................................

371

10.11.2 VTI Screen ........................................................................................................................

371

10.11.3 VTI Add/Edit .....................................................................................................................

372

10.12 Trunk Overview .........................................................................................................................

376

10.12.1 What You Need to Know ...............................................................................................

376

10.13 The Trunk Summary Screen ......................................................................................................

379

10.13.1 Configuring a User-Defined Trunk .................................................................................

380

10.13.2 Configuring the System Default Trunk ..........................................................................

382

10.14 Interface Technical Reference ...............................................................................................

383

Chapter 11

 

Routing ..............................................................................................................................................

388

ZyWALL USG Series User’s Guide

 

12

 

Table of Contents

 

11.1

Policy and Static Routes Overview ...........................................................................................

388

11.1.1 What You Can Do in this Chapter ...................................................................................

388

11.1.2 What You Need to Know ................................................................................................

389

11.2

Policy Route Screen ...................................................................................................................

390

11.2.1 Policy Route Edit Screen ..................................................................................................

393

11.3

IP Static Route Screen ................................................................................................................

397

11.3.1 Static Route Add/Edit Screen ..........................................................................................

397

11.4

Policy Routing Technical Reference ........................................................................................

399

11.5

Routing Protocols Overview .....................................................................................................

399

11.5.1 What You Need to Know .................................................................................................

400

11.6

The RIP Screen .............................................................................................................................

400

11.7 The OSPF Screen .........................................................................................................................

402

11.7.1 Configuring the OSPF Screen ..........................................................................................

405

11.7.2 OSPF Area Add/Edit Screen ...........................................................................................

406

11.7.3 Virtual Link Add/Edit Screen ...........................................................................................

408

11.8

BGP (Border Gateway Protocol) ..............................................................................................

409

11.8.1 Allow BGP Packets to Enter the Zyxel Device ................................................................

410

11.8.2 Configuring the BGP Screen ............................................................................................

410

11.8.3 The BGP Neighbors Screen ..............................................................................................

412

11.8.4 Example Scenario .............................................................................................................

413

Chapter 12

 

DDNS ................................................................................................................................................

 

415

12.1 DDNS Overview ...........................................................................................................................

415

12.1.1 What You Can Do in this Chapter ...................................................................................

415

12.1.2 What You Need to Know .................................................................................................

415

12.2 The DDNS Screen ........................................................................................................................

416

12.2.1 The Dynamic DNS Add/Edit Screen ................................................................................

417

Chapter 13

 

NAT ....................................................................................................................................................

 

421

13.1 NAT Overview .............................................................................................................................

421

13.1.1 What You Can Do in this Chapter ...................................................................................

421

13.1.2 What You Need to Know .................................................................................................

421

13.2 The NAT Screen ...........................................................................................................................

422

13.2.1 The NAT Add/Edit Screen .................................................................................................

424

13.3

NAT Technical Reference ..........................................................................................................

427

Chapter 14

 

Redirect Service...............................................................................................................................

429

14.1

Overview .....................................................................................................................................

429

14.1.1 HTTP Redirect .....................................................................................................................

429

14.1.2 SMTP Redirect ....................................................................................................................

429

 

ZyWALL USG Series User’s Guide

 

13

 

Table of Contents

 

14.1.3 What You Can Do in this Chapter ...................................................................................

430

14.1.4 What You Need to Know .................................................................................................

430

14.2

The Redirect Service Screen .....................................................................................................

432

14.2.1 The Redirect Service Edit Screen .....................................................................................

433

Chapter 15

 

ALG....................................................................................................................................................

 

435

15.1 ALG Overview .............................................................................................................................

435

15.1.1 What You Need to Know .................................................................................................

435

15.1.2 Before You Begin ...............................................................................................................

438

15.2 The ALG Screen ..........................................................................................................................

438

15.3

ALG Technical Reference .........................................................................................................

440

Chapter 16

 

UPnP...................................................................................................................................................

 

442

16.1 UPnP and NAT-PMP Overview ...................................................................................................

442

16.2 What You Need to Know ...........................................................................................................

442

16.2.1 NAT Traversal .....................................................................................................................

442

16.2.2 Cautions with UPnP and NAT-PMP ..................................................................................

443

16.3

UPnP Screen ................................................................................................................................

443

16.4

Technical Reference ..................................................................................................................

444

16.4.1 Turning on UPnP in Windows 7 Example .........................................................................

444

16.4.2 Web Configurator Easy Access .......................................................................................

448

Chapter 17

 

IP/MAC Binding................................................................................................................................

451

17.1

IP/MAC Binding Overview .........................................................................................................

451

17.1.1 What You Can Do in this Chapter ...................................................................................

451

17.1.2 What You Need to Know .................................................................................................

451

17.2 IP/MAC Binding Summary .........................................................................................................

452

17.2.1 IP/MAC Binding Edit ..........................................................................................................

452

17.2.2 Static DHCP Edit ................................................................................................................

453

17.3

IP/MAC Binding Exempt List .......................................................................................................

454

Chapter 18

 

Layer 2 Isolation ...............................................................................................................................

456

18.1

Overview .....................................................................................................................................

456

18.1.1 What You Can Do in this Chapter ...................................................................................

456

18.2

Layer-2 Isolation General Screen .............................................................................................

456

18.3

White List Screen .........................................................................................................................

457

18.3.1 Add/Edit White List Rule ...................................................................................................

458

Chapter 19

 

DNS Inbound LB................................................................................................................................

460

 

ZyWALL USG Series User’s Guide

 

14

 

Table of Contents

 

19.1 DNS Inbound Load Balancing Overview .................................................................................

460

19.1.1 What You Can Do in this Chapter ...................................................................................

460

19.2 The DNS Inbound LB Screen ......................................................................................................

461

19.2.1 The DNS Inbound LB Add/Edit Screen ............................................................................

462

19.2.2 The DNS Inbound LB Add/Edit Member Screen ............................................................

464

Chapter 20

 

Web Authentication ........................................................................................................................

466

20.1 Web Auth Overview ...................................................................................................................

466

20.1.1 What You Can Do in this Chapter ...................................................................................

466

20.1.2 What You Need to Know .................................................................................................

467

20.2

Web Authentication General Screen ......................................................................................

467

20.2.1 User-aware Access Control Example .............................................................................

472

20.2.2 Authentication Type Screen ............................................................................................

478

20.2.3 Custom Web Portal / User Agreement File Screen .......................................................

482

20.2.4 Facebook Wi-Fi Screen .....................................................................................................

483

20.3 SSO Overview ..............................................................................................................................

487

20.4

SSO - Zyxel Device Configuration .............................................................................................

488

20.4.1 Configuration Overview ...................................................................................................

489

20.4.2 Configure the Zyxel Device to Communicate with SSO ..............................................

489

20.4.3 Enable Web Authentication ............................................................................................

490

20.4.4 Create a Security Policy ...................................................................................................

491

20.4.5 Configure User Information ..............................................................................................

492

20.4.6 Configure an Authentication Method ...........................................................................

493

20.4.7 Configure Active Directory ..............................................................................................

493

20.5

SSO Agent Configuration ..........................................................................................................

494

Chapter 21

 

Hotspot..............................................................................................................................................

 

498

21.1

Overview .....................................................................................................................................

498

21.2

Billing Overview ...........................................................................................................................

498

21.2.1 What You Need to Know .................................................................................................

498

21.3

The Billing > General Screen ......................................................................................................

499

21.4

The Billing > Billing Profile Screen ...............................................................................................

501

21.4.1 The Account Generator Screen ......................................................................................

502

21.4.2 The Account Redeem Screen .........................................................................................

505

21.4.3 The Billing Profile Add/Edit Screen ...................................................................................

507

21.5

The Billing > Discount Screen .....................................................................................................

508

21.5.1 The Discount Add/Edit Screen .........................................................................................

510

21.6

The Billing > Payment Service Screen .......................................................................................

510

21.6.1 The Payment Service > Desktop / Mobile View Screen ...............................................

512

Chapter 22

 

Printer Manager ...............................................................................................................................

516

 

ZyWALL USG Series User’s Guide

 

15

Table of Contents

 

22.1 Printer Manager Overview ........................................................................................................

516

22.1.1 What You Can Do in this Chapter ...................................................................................

516

22.2 The Printer Manager > General Screen ...................................................................................

516

22.2.1 Add Printer Rule .................................................................................................................

519

22.2.2 Edit Printer Rule ..................................................................................................................

519

22.2.3 Discover Printer .................................................................................................................

520

22.2.4 Edit Printer Manager (Discover Printer) ..........................................................................

522

22.3 The Printout Configuration Screen ............................................................................................

523

22.4 Printer Reports Overview ...........................................................................................................

524

22.4.1 Key Combinations .............................................................................................................

524

22.4.2 Daily Account Summary ..................................................................................................

524

22.4.3 Monthly Account Summary .............................................................................................

525

22.4.4 Account Report Notes .....................................................................................................

525

22.4.5 System Status .....................................................................................................................

526

Chapter 23

 

Free Time...........................................................................................................................................

528

23.1 Free Time Overview ....................................................................................................................

528

23.1.1 What You Can Do in this Chapter ...................................................................................

528

23.2 The Free Time Screen .................................................................................................................

528

Chapter 24

 

IPnP....................................................................................................................................................

533

24.1 IPnP Overview ............................................................................................................................

533

24.1.1 What You Can Do in this Chapter ...................................................................................

534

24.1.2 IPnP Screen ........................................................................................................................

534

Chapter 25

 

Walled Garden.................................................................................................................................

536

25.1 Walled Garden Overview ........................................................................................................

536

25.2 Walled Garden > General Screen ...........................................................................................

536

25.3 Walled Garden > URL Base Screen ..........................................................................................

537

25.3.1 Adding/Editing a Walled Garden URL ...........................................................................

538

25.4 Walled Garden > Domain/IP Base Screen ..............................................................................

539

25.4.1 Adding/Editing a Walled Garden Domain or IP ...........................................................

540

25.4.2 Walled Garden Login Example .......................................................................................

540

Chapter 26

 

Advertisement Screen.....................................................................................................................

542

26.1 Advertisement Overview ...........................................................................................................

542

26.1.1 Adding/Editing an Advertisement URL ..........................................................................

543

Chapter 27

 

Security Policy..................................................................................................................................

545

ZyWALL USG Series User’s Guide

 

16

Table of Contents

 

27.1 Overview .....................................................................................................................................

545

27.2 One Security ................................................................................................................................

546

27.3 What You Can Do in this Chapter ............................................................................................

549

27.3.1 What You Need to Know .................................................................................................

550

27.4 The Security Policy Screen .........................................................................................................

551

27.4.1 Configuring the Security Policy Control Screen ............................................................

552

27.4.2 The Security Policy Control Add/Edit Screen .................................................................

555

27.5 Anomaly Detection and Prevention Overview ......................................................................

557

27.5.1 The Anomaly Detection and Prevention General Screen ...........................................

558

27.5.2 Creating New ADP Profiles ..............................................................................................

559

27.5.3 Traffic Anomaly Profiles ...................................................................................................

560

27.5.4 Protocol Anomaly Profiles ................................................................................................

563

27.6 The Session Control Screen ........................................................................................................

566

27.6.1 The Session Control Add/Edit Screen ..............................................................................

567

27.7 Security Policy Example Applications ......................................................................................

568

Chapter 28

 

Cloud CNM......................................................................................................................................

571

28.1 Cloud CNM Overview ................................................................................................................

571

28.1.1 What You Can Do in this Chapter ...................................................................................

571

28.2 Cloud CNM SecuManager .......................................................................................................

571

28.3 Cloud CNM SecuReporter .........................................................................................................

574

Chapter 29

 

Amazon VPC ...................................................................................................................................

577

29.1 Overview .....................................................................................................................................

577

29.2 Amazon VPC Configuration Process ........................................................................................

577

Chapter 30

 

IPSec VPN .........................................................................................................................................

579

30.1 Virtual Private Networks (VPN) Overview .................................................................................

579

30.1.1 What You Can Do in this Chapter ...................................................................................

581

30.1.2 What You Need to Know .................................................................................................

581

30.1.3 Before You Begin ...............................................................................................................

584

30.2 The VPN Connection Screen .....................................................................................................

584

30.2.1 The VPN Connection Add/Edit Screen ..........................................................................

586

30.3 The VPN Gateway Screen .........................................................................................................

593

30.3.1 The VPN Gateway Add/Edit Screen ...............................................................................

594

30.4 VPN Concentrator .....................................................................................................................

601

30.4.1 VPN Concentrator Requirements and Suggestions ......................................................

601

30.4.2 VPN Concentrator Screen ...............................................................................................

602

30.4.3 The VPN Concentrator Add/Edit Screen ........................................................................

602

30.5 Zyxel Device IPSec VPN Client Configuration Provisioning ....................................................

603

ZyWALL USG Series User’s Guide

 

17

 

Table of Contents

 

30.6

IPSec VPN Background Information .........................................................................................

605

Chapter 31

 

SSL VPN..............................................................................................................................................

 

615

31.1

Overview .....................................................................................................................................

615

31.1.1 What You Can Do in this Chapter ...................................................................................

615

31.1.2 What You Need to Know .................................................................................................

615

31.2

The SSL Access Privilege Screen ................................................................................................

616

31.2.1 The SSL Access Privilege Policy Add/Edit Screen .........................................................

617

31.3

The SSL Global Setting Screen ...................................................................................................

620

31.3.1 How to Upload a Custom Logo ......................................................................................

621

31.4

Zyxel Device SecuExtender .......................................................................................................

622

31.4.1 Example: Configure Zyxel Device for SecuExtender .....................................................

623

Chapter 32

 

SSL User Screens..............................................................................................................................

626

32.1

Overview .....................................................................................................................................

626

32.1.1 What You Need to Know .................................................................................................

626

32.2

Remote SSL User Login ...............................................................................................................

627

32.3

The SSL VPN User Screens ...........................................................................................................

629

32.4

Bookmarking the Zyxel Device ..................................................................................................

629

32.5

Logging Out of the SSL VPN User Screens ................................................................................

630

32.6

SSL User Application Screen ......................................................................................................

630

32.7

SSL User File Sharing ....................................................................................................................

631

32.7.1 The Main File Sharing Screen ...........................................................................................

631

32.7.2 Opening a File or Folder ...................................................................................................

632

32.7.3 Downloading a File ...........................................................................................................

633

32.7.4 Saving a File .......................................................................................................................

633

32.7.5 Creating a New Folder .....................................................................................................

634

32.7.6 Renaming a File or Folder ................................................................................................

634

32.7.7 Deleting a File or Folder ....................................................................................................

635

32.7.8 Uploading a File ................................................................................................................

635

32.8

SecuExtender Screen ................................................................................................................

636

32.8.1 Installing the SecuExtender Client ...................................................................................

636

Chapter 33

 

Zyxel Device SecuExtender (Windows) .........................................................................................

639

33.1

The Zyxel Device SecuExtender Icon .......................................................................................

639

33.2

Status ............................................................................................................................................

639

33.3 View Log ......................................................................................................................................

640

33.4 Suspend and Resume the Connection ...................................................................................

641

33.5

Stop the Connection .................................................................................................................

641

33.6

Uninstalling the Zyxel Device SecuExtender ............................................................................

641

 

ZyWALL USG Series User’s Guide

 

18

 

Table of Contents

 

Chapter 34

 

L2TP VPN............................................................................................................................................

 

643

34.1

Overview .....................................................................................................................................

643

34.1.1 What You Can Do in this Chapter ...................................................................................

643

34.1.2 What You Need to Know .................................................................................................

643

34.2

L2TP VPN Screen .........................................................................................................................

644

34.2.1 Example: L2TP and Zyxel Device Behind a NAT Router ................................................

646

Chapter 35

 

BWM (Bandwidth Management) .................................................................................................

648

35.1

Overview .....................................................................................................................................

648

35.1.1 What You Can Do in this Chapter ...................................................................................

648

35.1.2 What You Need to Know ................................................................................................

648

35.2 The Bandwidth Management Configuration ..........................................................................

652

35.2.1 The Bandwidth Management Add/Edit Screen ............................................................

655

Chapter 36

 

Application Patrol ............................................................................................................................

663

36.1

Overview .....................................................................................................................................

663

36.1.1 What You Can Do in this Chapter ...................................................................................

663

36.1.2 What You Need to Know ................................................................................................

663

36.2

Application Patrol Profile ...........................................................................................................

664

36.2.1 The Application Patrol Profile Add/Edit Screen .............................................................

666

36.2.2 The Application Patrol Profile Rule Add Application Screen .......................................

667

Chapter 37

 

Content Filtering...............................................................................................................................

669

37.1

Overview .....................................................................................................................................

669

37.1.1 What You Can Do in this Chapter ...................................................................................

669

37.1.2 What You Need to Know .................................................................................................

669

37.1.3 Before You Begin ...............................................................................................................

671

37.2

Content Filter Profile Screen ......................................................................................................

671

37.2.1 Content Filter Add Profile Category Service ..................................................................

673

37.2.2 Content Filter Add Filter Profile Custom Service ...........................................................

681

37.3

Content Filter Trusted Web Sites Screen .................................................................................

684

37.4

Content Filter Forbidden Web Sites Screen ............................................................................

685

37.5

Content Filter Technical Reference .........................................................................................

686

Chapter 38

 

IDP .....................................................................................................................................................

 

688

38.1

Overview .....................................................................................................................................

688

38.1.1 What You Can Do in this Chapter ...................................................................................

688

38.1.2 What You Need To Know .................................................................................................

688

 

ZyWALL USG Series User’s Guide

 

19

 

Table of Contents

 

38.1.3 Before You Begin ...............................................................................................................

688

38.2

The IDP Profile Screen .................................................................................................................

689

38.2.1 Base Profiles .......................................................................................................................

690

38.2.2 Adding / Editing Profiles ..................................................................................................

691

38.2.3 Profile > Group View Screen ............................................................................................

692

38.2.4 Add Profile > Query View ................................................................................................

695

38.2.5 Query Example ..................................................................................................................

699

38.3

IDP Custom Signatures ..............................................................................................................

700

38.3.1 Add / Edit Custom Signatures .........................................................................................

703

38.3.2 Custom Signature Example .............................................................................................

707

38.3.3 Applying Custom Signatures ............................................................................................

709

38.3.4 Verifying Custom Signatures ............................................................................................

709

38.4

IDP Technical Reference ...........................................................................................................

710

Chapter 39

 

Anti-Virus...........................................................................................................................................

 

713

39.1

Overview .....................................................................................................................................

713

39.1.1 What You Can Do in this Chapter ...................................................................................

715

39.2

Anti-Virus Profile Screen .............................................................................................................

715

39.2.1 Anti-Virus Profile Add or Edit .............................................................................................

717

39.3

Anti-Virus Black List ......................................................................................................................

719

39.3.1 Anti-Virus Black List or White List Add/Edit ......................................................................

720

39.3.2 Anti-Virus Black/White List .................................................................................................

721

39.4

AV Signature Searching .............................................................................................................

722

39.5

Anti-Virus Technical Reference .................................................................................................

723

Chapter 40

 

Anti-Spam.........................................................................................................................................

 

725

40.1

Overview .....................................................................................................................................

725

40.1.1 What You Can Do in this Chapter ...................................................................................

725

40.1.2 What You Need to Know .................................................................................................

725

40.2

Before You Begin ........................................................................................................................

726

40.3

The Anti-Spam Profile Screen ....................................................................................................

727

40.3.1 The Anti-Spam Profile Add or Edit Screen ......................................................................

728

40.4

The Mail Scan Screen .................................................................................................................

730

40.5

The Anti-Spam Black List Screen ...............................................................................................

732

40.5.1 The Anti-Spam Black or White List Add/Edit Screen ......................................................

734

40.5.2 Regular Expressions in Black or White List Entries ...........................................................

735

40.6

The Anti-Spam White List Screen ...............................................................................................

735

40.7 The DNSBL Screen .......................................................................................................................

737

40.8

Anti-Spam Technical Reference ...............................................................................................

739

Chapter 41

 

SSL Inspection...................................................................................................................................

743

 

ZyWALL USG Series User’s Guide

 

20

 

Table of Contents

 

41.1

Overview .....................................................................................................................................

743

41.1.1 What You Can Do in this Chapter ...................................................................................

743

41.1.2 What You Need To Know .................................................................................................

743

41.1.3 Before You Begin ...............................................................................................................

744

41.2

The SSL Inspection Profile Screen ..............................................................................................

744

41.2.1 Add / Edit SSL Inspection Profiles ....................................................................................

745

41.3

Exclude List Screen ....................................................................................................................

747

41.4

Certificate Update Screen .......................................................................................................

749

41.5

Install a CA Certificate in a Browser .........................................................................................

750

Chapter 42

 

Device HA

.........................................................................................................................................

752

42.1 ..................................................................................................................Device HA Overview

752

42.1.1 ...................................................................Device HA and Device HA Pro Differences

752

42.1.2 ................................................................................What You Can Do in These Screens

753

42.2 ....................................................................................................................Device HA General

753

42.2.1 ...............................................................................................................Before You Begin

754

42.3 ...............................................................................................................The Device HA Screen

756

42.3.1 ....................................................................................................Configuring Device HA

757

42.3.2 ...............................................................................Device HA Edit Monitored Interface

760

42.3.3 .....................................................................................Device HA Technical Reference

762

42.4 ......................................................................................................Device HA > Device HA Pro

765

42.4.1 ................................................................................................Deploying Device HA Pro

765

42.4.2 ..............................................................................................Configuring Device HA Pro

766

Chapter 43

 

Object ...............................................................................................................................................

 

768

43.1 ..........................................................................................................................

Zones Overview

768

43.1.1 .................................................................................................What You Need to Know

768

43.1.2 ................................................................................................................The Zone Screen

769

43.2 ................................................................................................................

User/Group Overview

771

43.2.1 .................................................................................................What You Need To Know

771

43.2.2 ..................................................................................User/Group User Summary Screen

773

43.2.3 ..............................................................................User/Group Group Summary Screen

776

43.2.4 .............................................................................................User/Group Setting Screen

778

43.2.5 ................................................................User/Group MAC Address Summary Screen

783

43.2.6 ..................................................................................User /Group Technical Reference

784

43.3 ....................................................................................................................

AP Profile Overview

785

43.3.1 .....................................................................................................................Radio Screen

786

43.3.2 .......................................................................................................................SSID Screen

792

43.4 ................................................................................................................................

MON Profile

800

43.4.1 ............................................................................................................................Overview

800

43.4.2 .................................................................................................Configuring MON Profile

801

 

ZyWALL USG Series User’s Guide

 

21

Table of Contents

 

43.4.3 Add/Edit MON Profile .......................................................................................................

802

43.4.4 Technical Reference ........................................................................................................

803

43.5 ZyMesh Overview .......................................................................................................................

804

43.5.1 ZyMesh Profile ....................................................................................................................

806

43.5.2 Add/Edit ZyMesh Profile ...................................................................................................

807

43.6 Application ..................................................................................................................................

807

43.6.1 Add Application Rule .......................................................................................................

810

43.6.2 Application Group Screen ..............................................................................................

812

43.7 Address/Geo IP Overview .........................................................................................................

814

43.7.1 What You Need To Know .................................................................................................

814

43.7.2 Address Summary Screen ................................................................................................

814

43.7.3 Address Group Summary Screen ....................................................................................

818

43.7.4 Geo IP Summary Screen ..................................................................................................

820

43.8 Service Overview ........................................................................................................................

823

43.8.1 What You Need to Know .................................................................................................

823

43.8.2 The Service Summary Screen ..........................................................................................

824

43.8.3 The Service Group Summary Screen .............................................................................

825

43.9 Schedule Overview ...................................................................................................................

827

43.9.1 What You Need to Know .................................................................................................

828

43.9.2 The Schedule Screen ........................................................................................................

828

43.9.3 The Schedule Group Screen ............................................................................................

831

43.10 AAA Server Overview ..............................................................................................................

833

43.10.1 Directory Service (AD/LDAP) .........................................................................................

833

43.10.2 RADIUS Server ..................................................................................................................

834

43.10.3 ASAS ..................................................................................................................................

834

43.10.4 What You Need To Know ...............................................................................................

834

43.10.5 Active Directory or LDAP Server Summary ...................................................................

836

43.10.6 RADIUS Server Summary .................................................................................................

839

43.11 Auth. Method Overview .........................................................................................................

841

43.11.1 Before You Begin .............................................................................................................

841

43.11.2 Example: Selecting a VPN Authentication Method ...................................................

841

43.11.3 Authentication Method Objects ...................................................................................

842

43.11.4 Two-Factor Authentication ............................................................................................

844

43.12 Certificate Overview ................................................................................................................

847

43.12.1 What You Need to Know ...............................................................................................

847

43.12.2 Verifying a Certificate ....................................................................................................

849

43.12.3 The My Certificates Screen ............................................................................................

850

43.12.4 The Trusted Certificates Screen ....................................................................................

857

43.12.5 Certificates Technical Reference .................................................................................

862

43.13 ISP Account Overview ............................................................................................................

862

43.13.1 ISP Account Summary ....................................................................................................

862

43.14 SSL Application Overview ........................................................................................................

865

43.14.1 What You Need to Know ...............................................................................................

865

ZyWALL USG Series User’s Guide

 

22

Table of Contents

 

43.14.2 The SSL Application Screen ............................................................................................

867

43.15 DHCPv6 Overview ....................................................................................................................

870

43.15.1 The DHCPv6 Request Screen .........................................................................................

870

43.15.2 The DHCPv6 Lease Screen .............................................................................................

872

Chapter 44

 

System...............................................................................................................................................

874

44.1 Overview .....................................................................................................................................

874

44.1.1 What You Can Do in this Chapter ...................................................................................

874

44.2 Host Name ...................................................................................................................................

875

44.3 USB Storage .................................................................................................................................

875

44.4 Date and Time ............................................................................................................................

876

44.4.1 Pre-defined NTP Time Servers List .....................................................................................

879

44.4.2 Time Server Synchronization ............................................................................................

879

44.5 Console Port Speed ...................................................................................................................

880

44.6 DNS Overview .............................................................................................................................

881

44.6.1 DNS Server Address Assignment ......................................................................................

881

44.6.2 Configuring the DNS Screen ............................................................................................

881

44.6.3 (IPv6) Address Record ......................................................................................................

884

44.6.4 PTR Record .........................................................................................................................

885

44.6.5 Adding an (IPv6) Address/PTR Record ..........................................................................

885

44.6.6 CNAME Record .................................................................................................................

885

44.6.7 Adding a CNAME Record ................................................................................................

886

44.6.8 Domain Zone Forwarder .................................................................................................

886

44.6.9 Adding a Domain Zone Forwarder .................................................................................

886

44.6.10 MX Record ......................................................................................................................

887

44.6.11 Adding a MX Record ......................................................................................................

888

44.6.12 Security Option Control ..................................................................................................

888

44.6.13 Editing a Security Option Control ..................................................................................

888

44.6.14 Adding a DNS Service Control Rule ..............................................................................

889

44.7 WWW Overview ..........................................................................................................................

890

44.7.1 Service Access Limitations ...............................................................................................

890

44.7.2 System Timeout ..................................................................................................................

891

44.7.3 HTTPS ...................................................................................................................................

891

44.7.4 Configuring WWW Service Control .................................................................................

892

44.7.5 Service Control Rules ........................................................................................................

895

44.7.6 Customizing the WWW Login Page ................................................................................

896

44.7.7 HTTPS Example ...................................................................................................................

901

44.8 SSH .............................................................................................................................................

908

44.8.1 How SSH Works ..................................................................................................................

909

44.8.2 SSH Implementation on the Zyxel Device ......................................................................

910

44.8.3 Requirements for Using SSH ..............................................................................................

910

44.8.4 Configuring SSH .................................................................................................................

910

ZyWALL USG Series User’s Guide

 

23

Table of Contents

 

44.8.5 Secure Telnet Using SSH Examples ..................................................................................

911

44.9 Telnet ...........................................................................................................................................

913

44.9.1 Configuring Telnet .............................................................................................................

913

44.10 FTP ..............................................................................................................................................

914

44.10.1 Configuring FTP ................................................................................................................

914

44.11 SNMP .........................................................................................................................................

915

44.11.1 SNMPv3 and Security ......................................................................................................

916

44.11.2 Supported MIBs ...............................................................................................................

917

44.11.3 SNMP Traps .......................................................................................................................

917

44.11.4 Configuring SNMP ...........................................................................................................

917

44.11.5 Add SNMPv3 User ............................................................................................................

919

44.12 Authentication Server ..............................................................................................................

920

44.12.1 Add/Edit Trusted RADIUS Client ....................................................................................

922

44.13 Notification > Mail Server .........................................................................................................

922

44.14 Notification > SMS .....................................................................................................................

924

44.15 Language Screen .....................................................................................................................

925

44.16 IPv6 Screen ................................................................................................................................

925

44.17 Zyxel One Network (ZON) Utility .............................................................................................

926

44.17.1 Requirements ...................................................................................................................

926

44.17.2 Run the ZON Utility ...........................................................................................................

927

44.17.3 Zyxel One Network (ZON) System Screen ....................................................................

930

Chapter 45

 

Log and Report.................................................................................................................................

932

45.1 Overview .....................................................................................................................................

932

45.1.1 What You Can Do In this Chapter ..................................................................................

932

45.2 Email Daily Report .......................................................................................................................

932

45.3 Log Setting Screens ...................................................................................................................

934

45.3.1 Log Setting Summary ........................................................................................................

934

45.3.2 Edit System Log Settings ..................................................................................................

935

45.3.3 Edit Log on USB Storage Setting .....................................................................................

940

45.3.4 Edit Remote Server Log Settings .....................................................................................

942

45.3.5 Log Category Settings Screen .........................................................................................

945

Chapter 46

 

File Manager ....................................................................................................................................

950

46.1 Overview .....................................................................................................................................

950

46.1.1 What You Can Do in this Chapter ...................................................................................

950

46.1.2 What you Need to Know ..................................................................................................

950

46.2 The Configuration File Screen ...................................................................................................

952

46.3 Firmware Management ...........................................................................................................

956

46.3.1 Firmware Upload and Device HA Pro ............................................................................

956

46.3.2 Cloud Helper .....................................................................................................................

957

ZyWALL USG Series User’s Guide

 

24

 

Table of Contents

 

46.3.3 The Firmware Management Screen ...............................................................................

959

46.3.4 Firmware Upgrade via USB Stick ......................................................................................

961

46.4

The Shell Script Screen ..............................................................................................................

961

Chapter 47

 

Diagnostics ......................................................................................................................................

964

47.1

Overview .....................................................................................................................................

964

47.1.1 What You Can Do in this Chapter ...................................................................................

964

47.2

The Diagnostics Screens ............................................................................................................

964

47.2.1 The Diagnostics Collect Screen .......................................................................................

965

47.2.2 The Diagnostics Collect on AP Screen ..........................................................................

966

47.2.3 The Diagnostics Files Screen ............................................................................................

967

47.3

The Packet Capture Screen ......................................................................................................

968

47.3.1 The Packet Capture Files Screen ....................................................................................

970

47.4 The CPU / Memory Status Screen .............................................................................................

971

47.5

The System Log Screen ..............................................................................................................

973

47.6

The Remote Assistance Screen .................................................................................................

974

47.7

The Network Tool Screen ...........................................................................................................

975

47.8

The Routing Traces Screen ........................................................................................................

978

47.9

The Wireless Frame Capture Screen ........................................................................................

979

47.9.1 The Wireless Frame Capture Files Screen ......................................................................

981

Chapter 48

 

Packet Flow Explore .......................................................................................................................

982

48.1

Overview .....................................................................................................................................

982

48.1.1 What You Can Do in this Chapter ...................................................................................

982

48.2

The Routing Status Screen .........................................................................................................

982

48.3

The SNAT Status Screen ..............................................................................................................

987

Chapter 49

 

Shutdown ..........................................................................................................................................

 

990

49.1

Overview .....................................................................................................................................

990

49.1.1 What You Need To Know .................................................................................................

990

49.2 The Shutdown Screen ................................................................................................................

990

Chapter 50

 

Troubleshooting................................................................................................................................

991

50.1

Resetting the Zyxel Device ......................................................................................................

1003

50.2

Getting More Troubleshooting Help .......................................................................................

1003

Appendix A Customer Support ...................................................................................................

1004

Appendix B Product Features ......................................................................................................

1010

 

ZyWALL USG Series User’s Guide

 

25

 

Table of Contents

Appendix C Legal Information

.................................................................................................... 1018

Index ...............................................................................................................................................

1032

ZyWALL USG Series User’s Guide

26

PART I

User’s Guide

27

CHAPTER 1

Introduction

1.1 Overview

Zyxel Device refers to these models as outlined below.

ZyWALL

ZyWALL USG (Unified Security Gateway)

ZyWALL 110

USG40W

USG210

USG2200

ZyWALL 310

USG60

USG310

USG20-VPN

ZyWALL 1100

USG60W

USG1100

USG20W-VPN

USG40

USG110

USG1900

USG2200-VPN

The next table shows the key feature differences between the models besides performance variance:

Table 1 Key Feature Comparison Table

Feature

 

Zywall

 

 

 

 

 

USG

 

 

 

 

 

USG-VPN

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

110

310

1100

40

60

40W

60W

110

210

310

1100

1900

2200

20

 

20W

2200

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Amazon VPC (on

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

YES

 

YES

YES

web config)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Anomaly Detection

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

NO

 

NO

NO

& Prevention

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Anti-Spam

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

 

YES

YES

Anti-Virus

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

NO

 

NO

NO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

AP Contoller

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

NO

 

NO

YES

App Patrol

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

NO

 

NO

NO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Content Filtering

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

 

YES

YES

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Device HA/Pro

YES

YES

YES

NO

NO

NO

NO

YES

YES

YES

YES

YES

YES

NO

 

NO

YES

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Device HA/Pro

YES

YES

NO

n/a

n/a

n/a

n/a

YES

YES

YES

NO

NO

NO

n/a

 

n/a

NO

license-need to buy

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Easy Mode Wizard

NO

NO

NO

YES

YES

YES

YES

NO

NO

NO

NO

NO

NO

YES

 

YES

NO

Hotspot

YES

YES

YES

NO

NO

NO

NO

YES

YES

YES

YES

YES

YES

NO

 

NO

YES

Management

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IDP

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

NO

 

NO

NO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

LAG

NO

YES

YES

NO

NO

NO

NO

NO

NO

YES

YES

YES

NO

NO

 

NO

NO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Port Group

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

YES

NO

 

NO

YES

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Port Role

YES

NO

NO

YES

YES

YES

YES

YES

YES

NO

NO

NO

NO

NO

 

NO

NO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SSL encrypted

YES

YES

YES

NO

NO

NO

NO

YES

YES

YES

YES

YES

YES

NO

 

NO

YES

traffic inspection

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ZyWALL USG Series User’s Guide

28

Chapter 1 Introduction

Table 1 Key Feature Comparison Table (continued)

Feature

 

Zywall

 

 

 

 

 

USG

 

 

 

 

 

USG-VPN

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

110

310

1100

40

60

40W

60W

110

210

310

1100

1900

2200

20

 

20W

2200

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

UTM License-need

YES

YES

YES

afte

afte

afte

afte

afte

afte

afte

afte

afte

afte

afte

 

afte

afte

to buy

r 1yr

r 1yr

r 1yr

r 1yr

r 1yr

r 1yr

r 1yr

r 1yr

r 1yr

r 1yr

r 1yr

 

r 1yr

r 1yr

 

 

 

 

WiFi functionality

NO

NO

NO

NO

NO

YES

YES

NO

NO

NO

NO

NO

NO

NO

 

YES

NO

(built-in)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

UTM (Unified Threat Management) features include the following:

Note: Some models do not support all features listed below (see Table 1 on page 28).

• Application Patrol (AP)

• Intrusion Detection & Prevention (IDP)

• Anomaly Detection & Prevention (ADP)

• Content Filtering (CF)

• Anti-Virus (AV)

• Anti-Spam (AS)

Secure Socket Layer (SSL) encrypted traffic Inspection

The following UTM features work without a UTM license:

Configuration > Content Filter > Trusted Web Sites

Configuration > IDP > Custom Signatures

Configuration > Anti-Virus > Black/White List

Configuration > Anti-Spam > Black/White List

Some interface names vary by model - see Table 16 on page 79 and Table 17 on page 80 for default port / interface name mapping. See Table 18 on page 80 and Table 19 on page 81 for default interface / zone mapping.

See the product’s datasheet for detailed information on a specific model.

1.2 Registration at myZyxel

myZyxel is Zyxel’s online services center where you can register your Zyxel Device and manage subscription services available for your Zyxel Device (see Configuration > Licensing > Registration > Service for services available for your Zyxel Device).

For Zyxel Devices that already have firmware version 4.25 or later, you have to register your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).

For Zyxel Devices upgrading to firmware version 4.25 or later, you may skip registering your Zyxel Device and activating the corresponding service at myZyxel (through your Zyxel Device). However, it is highly recommended to at least register your Zyxel Device. At the time of writing, the Firmware Upgrade license providing Cloud Helper new firmware notifications, is free when you register your Zyxel Device.

ZyWALL USG Series User’s Guide

29

Chapter 1 Introduction

Note: You need to create a myZyxel account at http://portal.myZyxel.com before you can register your device and activate the services at myZyxel.

You may need your Zyxel Device’s serial number and LAN MAC address to register it at myZyxel. See the label at the back of the Zyxel Device’s for details.

Figure 1 myZyxel Login

1.2.1 Grace Period

UTM licenses have a 15-day grace period after a license expires. Services will continue to work in this period during which you will receive notifications to renew your license(s). New license(s) are valid for 1 year from the date of purchase.

1.2.2 Applications

These are some Zyxel Device application scenarios.

Security Router

Security includes a Stateful Packet Inspection (SPI) firewall, and UTM (Unified Threat Management). All models need a license to use UTM (Unified Threat Management) features.

ZyWALL USG Series User’s Guide

30

Loading...
+ 1023 hidden pages